-
Member
Originally Posted by
fredrik1984
Run this command through the terminal after you have opened the game and you have a working lua unlock
Tested on EU servers about 10 minutes ago.
Code:
echo -e "process attach -p `ps ax|grep MacOS/[W]orld|awk '{print $1}'`\nmemory write 0x100A19A93 0xeb\nprocess detach\nquit" > /tmp/luaunlock && lldb -s /tmp/luaunlock
Do you have a way to find new offsets for this once a new patch is released? Also, is it similar to the other script that used to be here?
-
Corporal
Finding the new offsets each patch is quite easy with the JoeVT offset detection script (posted by Charles420 earlier and again at the bottom here for quick reference) that was on TheFrese's original OSX LUA unlock thread which was deleted recently. (P.S. I loved JoeVT's explanations and write ups!)
- You will need the OSX developer tools installed so that the WoW app can be decompiled.
- Create a GetWowPatchAddress.sh script/text file (or you can name it whatever else) with the code listed at the bottom of this post. You may have to give the file execute permissions with chmod -x
- Start up Terminal and drag the script then the World of Warcraft.app into the window. (Dragging and dropping will prevent typos with all the escaped spaces.)
- Hit Enter and let Terminal process the two. It usually takes about 30-45 seconds and will drop about six WoW64* files in the User directory. These can be deleted later or just left since they will get overwritten each time you go through this process.
- When the script finishes, there will be a line like "0000000100a19a9a 7777 ja 0x100a19b13". The first section is the memory address that has the jump that needs to be changed. Trim off the leading zeros with the 0x notation. The resulting 0x100a19a9a is the new LUAOFFSET value to update in TheFrese's unlock script.
- Leave the 0x77 and 0xeb values alone since those reference the types of jumps.
- As of WoD, the LUAOFFSET32 value is depreciated as a whole since WoW no longer ships with both 32bit and 64bit apps. If I remember correctly, there is a command line switch to force the WoW 64bit app into 32bit mode, but no one should really need to do that unless using another utility that has not updated to 64bit.
As always, this is only "safe" as long as the memory address above is not scanned by Warden which could happen at any point in the future.
Code:
#!/bin/bash
# Find the patch address for WoW. This is the address of the first ja instruction in the
# CanPerformFunction procedure which is called by many other Lua functions.
LANG=C
wowapp=$1
wowbin="$(find -f "${wowapp}/Contents/MacOS" \( -type f -not -name ".*" \) | sed -n -e "1 p;q")"
if [ ! -f "$wowbin" ]; then
Echo "# Error: \"$wowbin\" does not exist."
exit 1
fi
# Check for universal binary
lipo -detailed_info "${wowbin}" > /tmp/wowdetailedinfo.lipo
fileoffset=$(sed -n -E "/architecture i386/,/align/ { /i386/,/offset/ { /[ ]*offset[ ]+(.*)/{s//\1/p;q;}; }; }" /tmp/wowdetailedinfo.lipo)
if [ -z $fileoffset ]; then
fileoffset=0
fi
echo "# Getting segmments and sections from \"${wowbin}\"..."
otool -l "${wowbin}" > /tmp/wowheader.otool
is64=0
grep -q LC_SEGMENT_64 /tmp/wowheader.otool && is64=1
if [ $is64 -eq 1 ]; then
name=wow64
else
name=wow32
fi
cat /tmp/wowheader.otool > ${name}header.otool
cat /tmp/wowdetailedinfo.lipo > ${name}detailedinfo.lipo
echo "# Disassembling..."
otool -tvqj "${wowbin}" > ${name}.otool
sectionlist=$(
sed -n -E '
/^Section$/,/^ reserved2/{
/^ sectname/ {s/^[ ]*[a-z0-9]+ (.+)$/\1/;h;}
/^ segname/,/^ offset/ {s/^[ ]*[a-z0-9]+ (.+)$/\1/;H;}
/^ align/{g;y/\n/,/;p;}
}' ${name}header.otool
)
segmentlist=$(
sed -n -E '
/^ cmd LC_SEGMENT/,/^ flags/{
/^ segname/ {s/^[ ]*[a-z0-9]+ (.+)$/\1/;h;}
/^ vmaddr/,/^ filesize/ {s/^[ ]*[a-z0-9]+ (.+)$/\1/;H;}
/^ maxprot/{g;y/\n/,/;p;}
}' ${name}header.otool
)
ExtractSection () { # $1:segment name $2:section name $3:filename $4:type
thesection=$(echo "$sectionlist" | sed -n -E "/^$2,$1,(.*)/{s//\1/p;q;}")
theaddr=$(expr "$thesection" : '\([0-9a-fx]*\)')
thesize=$(expr "$thesection" : '[0-9a-fx]*,\([0-9a-fx]*\)')
offset=$(expr "$thesection" : '[0-9a-fx]*,[0-9a-fx]*,\([0-9]*\)')
offset=$(($offset + $fileoffset))
if [ "$4" == "1" ]; then # convert nulls to newlines (useful for cstring section)
dd if="${wowbin}" bs=1 skip=$offset count=$thesize 2> /dev/null | tr '\0' '\n' > "$3"
elif [ "$4" == "2" ]; then # output as list of hexadecimal integers
if [ $is64 -eq 1 ]; then
dd if="${wowbin}" bs=1 skip=$offset count=$thesize 2> /dev/null | xxd -g 8 -c 8 -p | sed -E "/(..)(..)(..)(..)(..)(..)(..)(..)/s//\8\7\6\5\4\3\2\1/" > "$3"
else
dd if="${wowbin}" bs=1 skip=$offset count=$thesize 2> /dev/null | xxd -g 4 -c 4 -p | sed -E "/(..)(..)(..)(..)/s//\4\3\2\1/" > "$3"
fi
else # output as raw binary
dd if="${wowbin}" of="$3" bs=1 skip=$offset count=$thesize 2> /dev/null
fi
echo $theaddr
}
echo "# Extracting section __TEXT __cstring..."
addrTEXTcstring=$(ExtractSection '__TEXT' '__cstring' ${name}cstring.txt 1)
echo "# Extracting section __DATA __const..."
addrDATAconst=$(ExtractSection '__DATA' '__const' ${name}dataconst.txt 2)
echo "# Extracting section __DATA __data..."
addrDATAdata=$(ExtractSection '__DATA' '__data' ${name}datadata.txt 2)
GetLuaFunction () { # $1:luaFunc $2:sectionfile.txt
addrLuaString=$(printf "%0$((($is64+1)*8))x" $(( $(expr "$(grep -m 1 -o -a -b -E -e "^${1}$" ${name}cstring.txt)" : '\([0-9]*\):') + $addrTEXTcstring )) )
echo $(sed -n -E "/^$addrLuaString$/{n;p;q;}" $2)
}
echo "# Finding LUA Function SpellStopTargeting..."
addrSpellStopTargeting=$(GetLuaFunction "SpellStopTargeting" ${name}dataconst.txt)
if [ -z $addrSpellStopTargeting ]; then
addrSpellStopTargeting=$(GetLuaFunction "SpellStopTargeting" ${name}datadata.txt)
fi
echo "# Finding CanPerformFunction..."
addrCanPerformFunction=$(sed -n -E "/^$addrSpellStopTargeting"$'\t/,/\tcalll\t/{/.*\tcall.\t0x([0-9a-f]+)/'"{s//0000000000000000\1/;s/.*(.{$((($is64+1)*8))})/\1/p;q;};}" ${name}.otool)
echo $addrCanPerformFunction
echo "# Finding patch address..."
patchinstruction=$(sed -n -E "/^$addrCanPerformFunction"$'\t/,/\tret/{/\tja\t/{/\tja\t.*/{p;q;};};}' ${name}.otool)
echo $patchinstruction
echo "# Done"
-
Member
Originally Posted by
Greymalkin
Finding the new offsets each patch is quite easy with the JoeVT offset detection script (posted by Charles420 earlier and again at the bottom here for quick reference) that was on TheFrese's original OSX LUA unlock thread which was deleted recently. (P.S. I loved JoeVT's explanations and write ups!)
- You will need the OSX developer tools installed so that the WoW app can be decompiled.
- Create a GetWowPatchAddress.sh script/text file (or you can name it whatever else) with the code listed at the bottom of this post. You may have to give the file execute permissions with chmod -x
- Start up Terminal and drag the script then the World of Warcraft.app into the window. (Dragging and dropping will prevent typos with all the escaped spaces.)
- Hit Enter and let Terminal process the two. It usually takes about 30-45 seconds and will drop about six WoW64* files in the User directory. These can be deleted later or just left since they will get overwritten each time you go through this process.
- When the script finishes, there will be a line like "0000000100a19a9a 7777 ja 0x100a19b13". The first section is the memory address that has the jump that needs to be changed. Trim off the leading zeros with the 0x notation. The resulting 0x100a19a9a is the new LUAOFFSET value to update in TheFrese's unlock script.
- Leave the 0x77 and 0xeb values alone since those reference the types of jumps.
- As of WoD, the LUAOFFSET32 value is depreciated as a whole since WoW no longer ships with both 32bit and 64bit apps. If I remember correctly, there is a command line switch to force the WoW 64bit app into 32bit mode, but no one should really need to do that unless using another utility that has not updated to 64bit.
As always, this is only "safe" as long as the memory address above is not scanned by Warden which could happen at any point in the future.
Code:
#!/bin/bash
# Find the patch address for WoW. This is the address of the first ja instruction in the
# CanPerformFunction procedure which is called by many other Lua functions.
LANG=C
wowapp=$1
wowbin="$(find -f "${wowapp}/Contents/MacOS" \( -type f -not -name ".*" \) | sed -n -e "1 p;q")"
if [ ! -f "$wowbin" ]; then
Echo "# Error: \"$wowbin\" does not exist."
exit 1
fi
# Check for universal binary
lipo -detailed_info "${wowbin}" > /tmp/wowdetailedinfo.lipo
fileoffset=$(sed -n -E "/architecture i386/,/align/ { /i386/,/offset/ { /[ ]*offset[ ]+(.*)/{s//\1/p;q;}; }; }" /tmp/wowdetailedinfo.lipo)
if [ -z $fileoffset ]; then
fileoffset=0
fi
echo "# Getting segmments and sections from \"${wowbin}\"..."
otool -l "${wowbin}" > /tmp/wowheader.otool
is64=0
grep -q LC_SEGMENT_64 /tmp/wowheader.otool && is64=1
if [ $is64 -eq 1 ]; then
name=wow64
else
name=wow32
fi
cat /tmp/wowheader.otool > ${name}header.otool
cat /tmp/wowdetailedinfo.lipo > ${name}detailedinfo.lipo
echo "# Disassembling..."
otool -tvqj "${wowbin}" > ${name}.otool
sectionlist=$(
sed -n -E '
/^Section$/,/^ reserved2/{
/^ sectname/ {s/^[ ]*[a-z0-9]+ (.+)$/\1/;h;}
/^ segname/,/^ offset/ {s/^[ ]*[a-z0-9]+ (.+)$/\1/;H;}
/^ align/{g;y/\n/,/;p;}
}' ${name}header.otool
)
segmentlist=$(
sed -n -E '
/^ cmd LC_SEGMENT/,/^ flags/{
/^ segname/ {s/^[ ]*[a-z0-9]+ (.+)$/\1/;h;}
/^ vmaddr/,/^ filesize/ {s/^[ ]*[a-z0-9]+ (.+)$/\1/;H;}
/^ maxprot/{g;y/\n/,/;p;}
}' ${name}header.otool
)
ExtractSection () { # $1:segment name $2:section name $3:filename $4:type
thesection=$(echo "$sectionlist" | sed -n -E "/^$2,$1,(.*)/{s//\1/p;q;}")
theaddr=$(expr "$thesection" : '\([0-9a-fx]*\)')
thesize=$(expr "$thesection" : '[0-9a-fx]*,\([0-9a-fx]*\)')
offset=$(expr "$thesection" : '[0-9a-fx]*,[0-9a-fx]*,\([0-9]*\)')
offset=$(($offset + $fileoffset))
if [ "$4" == "1" ]; then # convert nulls to newlines (useful for cstring section)
dd if="${wowbin}" bs=1 skip=$offset count=$thesize 2> /dev/null | tr '\0' '\n' > "$3"
elif [ "$4" == "2" ]; then # output as list of hexadecimal integers
if [ $is64 -eq 1 ]; then
dd if="${wowbin}" bs=1 skip=$offset count=$thesize 2> /dev/null | xxd -g 8 -c 8 -p | sed -E "/(..)(..)(..)(..)(..)(..)(..)(..)/s//\8\7\6\5\4\3\2\1/" > "$3"
else
dd if="${wowbin}" bs=1 skip=$offset count=$thesize 2> /dev/null | xxd -g 4 -c 4 -p | sed -E "/(..)(..)(..)(..)/s//\4\3\2\1/" > "$3"
fi
else # output as raw binary
dd if="${wowbin}" of="$3" bs=1 skip=$offset count=$thesize 2> /dev/null
fi
echo $theaddr
}
echo "# Extracting section __TEXT __cstring..."
addrTEXTcstring=$(ExtractSection '__TEXT' '__cstring' ${name}cstring.txt 1)
echo "# Extracting section __DATA __const..."
addrDATAconst=$(ExtractSection '__DATA' '__const' ${name}dataconst.txt 2)
echo "# Extracting section __DATA __data..."
addrDATAdata=$(ExtractSection '__DATA' '__data' ${name}datadata.txt 2)
GetLuaFunction () { # $1:luaFunc $2:sectionfile.txt
addrLuaString=$(printf "%0$((($is64+1)*8))x" $(( $(expr "$(grep -m 1 -o -a -b -E -e "^${1}$" ${name}cstring.txt)" : '\([0-9]*\):') + $addrTEXTcstring )) )
echo $(sed -n -E "/^$addrLuaString$/{n;p;q;}" $2)
}
echo "# Finding LUA Function SpellStopTargeting..."
addrSpellStopTargeting=$(GetLuaFunction "SpellStopTargeting" ${name}dataconst.txt)
if [ -z $addrSpellStopTargeting ]; then
addrSpellStopTargeting=$(GetLuaFunction "SpellStopTargeting" ${name}datadata.txt)
fi
echo "# Finding CanPerformFunction..."
addrCanPerformFunction=$(sed -n -E "/^$addrSpellStopTargeting"$'\t/,/\tcalll\t/{/.*\tcall.\t0x([0-9a-f]+)/'"{s//0000000000000000\1/;s/.*(.{$((($is64+1)*8))})/\1/p;q;};}" ${name}.otool)
echo $addrCanPerformFunction
echo "# Finding patch address..."
patchinstruction=$(sed -n -E "/^$addrCanPerformFunction"$'\t/,/\tret/{/\tja\t/{/\tja\t.*/{p;q;};};}' ${name}.otool)
echo $patchinstruction
echo "# Done"
When I try this script with chmod -x and xcode installed, it just doesn't do anything. There is no message.
I tried to change "wowapp=$1" into the path of the app and executed the script manually this message appears:
> Echo "# Error: \"$wowbin\" does not exist."
> exit 1
> fi
# Error: "" does not exist.
logout
I cannot see any contents in the wow app, too. In the launcher app are these folders of the script like "contents/macOs".
What do I wrong?
-
Knight-Lieutenant
https://mega.co.nz/#!oAgi2bSR!jKHdof...FyAZTM-UypwGKs
That's the Unlocker and the script to find the offsets.
-
Site Donator
This all sounds really good. Haven't been paying a lot of attention when it comes to Probably Engine, but how's the ban rate?
-
Member
This Unlocker cannot work anymore,how to update?
-
Member
New Offsets with the method Fredrick1984 posted before. Works.
Code:
echo -e "process attach -p `ps ax|grep MacOS/[W]orld|awk '{print $1}'`\nmemory write 0x100a1931a 0xeb\nprocess detach\nquit" > /tmp/luaunlock && lldb -s /tmp/luaunlock
-
Member
Wow crashes after a few seconds if I try to unlock. Does anyone know what to do?
-
Member
I'm trying to get the offset detection script working but even though I have given it execute, read and write permissions, it tells me "permission denied" when I try running it.
I am following this part exactly: "Start up Terminal and drag the script then the World of Warcraft.app into the window. (Dragging and dropping will prevent typos with all the escaped spaces.)" but when I press enter, I get the error message I mentioned above.
Do I need to grant it some other kind of permission?
I've used chmod -rwx so far
Edit:
I found out why it didn't work, seems I've been stupid and misunderstanding how chmod works.
the command that allowed me to use this script is simple: chmod +x
+x adds permissions while -x removes the permission.
So, to get it to work, write this in the terminal window: chmod +x GetWowPatchAddress.sh
Last edited by fredrik1984; 01-14-2015 at 03:45 PM.
Reason: Solved my problem
-
Member
For patch 6.1.19678
echo -e "process attach -p `ps ax|grep MacOS/[W]orld|awk '{print $1}'`\nmemory write 0x100a8062a 0xeb\nprocess detach\nquit" > /tmp/luaunlock && lldb -s /tmp/luaunlock
Tested & works.
-
Banned for scamming
-
Member
When I try running the script I get this:
# Disassembling...
# Extracting section __TEXT __cstring...
tr: Illegal byte sequence
# Extracting section __DATA __const...
# Extracting section __DATA __data...
# Finding LUA Function SpellStopTargeting...
# Finding CanPerformFunction...
# Finding patch address...
# Done
Doesn't find me a patch address. Any suggestions?
-
Member
Found a fix by googling some. A minor fix to the script fixed it. If anyone else finds encounters this just use this code instead:
Code:
#!/bin/bash
# Find the patch address for WoW. This is the address of the first ja instruction in the
# CanPerformFunction procedure which is called by many other Lua functions.
LANG=C
wowapp=$1
wowbin="$(find -f "${wowapp}/Contents/MacOS" \( -type f -not -name ".*" \) | sed -n -e "1 p;q")"
if [ ! -f "$wowbin" ]; then
Echo "# Error: \"$wowbin\" does not exist."
exit 1
fi
# Check for universal binary
lipo -detailed_info "${wowbin}" > /tmp/wowdetailedinfo.lipo
fileoffset=$(sed -n -E "/architecture i386/,/align/ { /i386/,/offset/ { /[ ]*offset[ ]+(.*)/{s//\1/p;q;}; }; }" /tmp/wowdetailedinfo.lipo)
if [ -z $fileoffset ]; then
fileoffset=0
fi
echo "# Getting segmments and sections from \"${wowbin}\"..."
otool -l "${wowbin}" > /tmp/wowheader.otool
is64=0
grep -q LC_SEGMENT_64 /tmp/wowheader.otool && is64=1
if [ $is64 -eq 1 ]; then
name=wow64
else
name=wow32
fi
cat /tmp/wowheader.otool > ${name}header.otool
cat /tmp/wowdetailedinfo.lipo > ${name}detailedinfo.lipo
echo "# Disassembling..."
otool -tvqj "${wowbin}" > ${name}.otool
sectionlist=$(
sed -n -E '
/^Section$/,/^ reserved2/{
/^ sectname/ {s/^[ ]*[a-z0-9]+ (.+)$/\1/;h;}
/^ segname/,/^ offset/ {s/^[ ]*[a-z0-9]+ (.+)$/\1/;H;}
/^ align/{g;y/\n/,/;p;}
}' ${name}header.otool
)
segmentlist=$(
sed -n -E '
/^ cmd LC_SEGMENT/,/^ flags/{
/^ segname/ {s/^[ ]*[a-z0-9]+ (.+)$/\1/;h;}
/^ vmaddr/,/^ filesize/ {s/^[ ]*[a-z0-9]+ (.+)$/\1/;H;}
/^ maxprot/{g;y/\n/,/;p;}
}' ${name}header.otool
)
ExtractSection () { # $1:segment name $2:section name $3:filename $4:type
thesection=$(echo "$sectionlist" | sed -n -E "/^$2,$1,(.*)/{s//\1/p;q;}")
theaddr=$(expr "$thesection" : '\([0-9a-fx]*\)')
thesize=$(expr "$thesection" : '[0-9a-fx]*,\([0-9a-fx]*\)')
offset=$(expr "$thesection" : '[0-9a-fx]*,[0-9a-fx]*,\([0-9]*\)')
offset=$(($offset + $fileoffset))
if [ "$4" == "1" ]; then # convert nulls to newlines (useful for cstring section)
dd if="${wowbin}" bs=1 skip=$offset count=$thesize 2> /dev/null | LC_CTYPE=C tr '\0' '\n' > "$3"
elif [ "$4" == "2" ]; then # output as list of hexadecimal integers
if [ $is64 -eq 1 ]; then
dd if="${wowbin}" bs=1 skip=$offset count=$thesize 2> /dev/null | xxd -g 8 -c 8 -p | sed -E "/(..)(..)(..)(..)(..)(..)(..)(..)/s//\8\7\6\5\4\3\2\1/" > "$3"
else
dd if="${wowbin}" bs=1 skip=$offset count=$thesize 2> /dev/null | xxd -g 4 -c 4 -p | sed -E "/(..)(..)(..)(..)/s//\4\3\2\1/" > "$3"
fi
else # output as raw binary
dd if="${wowbin}" of="$3" bs=1 skip=$offset count=$thesize 2> /dev/null
fi
echo $theaddr
}
echo "# Extracting section __TEXT __cstring..."
addrTEXTcstring=$(ExtractSection '__TEXT' '__cstring' ${name}cstring.txt 1)
echo "# Extracting section __DATA __const..."
addrDATAconst=$(ExtractSection '__DATA' '__const' ${name}dataconst.txt 2)
echo "# Extracting section __DATA __data..."
addrDATAdata=$(ExtractSection '__DATA' '__data' ${name}datadata.txt 2)
GetLuaFunction () { # $1:luaFunc $2:sectionfile.txt
addrLuaString=$(printf "%0$((($is64+1)*8))x" $(( $(expr "$(grep -m 1 -o -a -b -E -e "^${1}$" ${name}cstring.txt)" : '\([0-9]*\):') + $addrTEXTcstring )) )
echo $(sed -n -E "/^$addrLuaString$/{n;p;q;}" $2)
}
echo "# Finding LUA Function SpellStopTargeting..."
addrSpellStopTargeting=$(GetLuaFunction "SpellStopTargeting" ${name}dataconst.txt)
if [ -z $addrSpellStopTargeting ]; then
addrSpellStopTargeting=$(GetLuaFunction "SpellStopTargeting" ${name}datadata.txt)
fi
echo "# Finding CanPerformFunction..."
addrCanPerformFunction=$(sed -n -E "/^$addrSpellStopTargeting"$'\t/,/\tcalll\t/{/.*\tcall.\t0x([0-9a-f]+)/'"{s//0000000000000000\1/;s/.*(.{$((($is64+1)*8))})/\1/p;q;};}" ${name}.otool)
echo $addrCanPerformFunction
echo "# Finding patch address..."
patchinstruction=$(sed -n -E "/^$addrCanPerformFunction"$'\t/,/\tret/{/\tja\t/{/\tja\t.*/{p;q;};};}' ${name}.otool)
echo $patchinstruction
echo "# Done"
-
Post Thanks / Like - 1 Thanks
Doriev (1 members gave Thanks to sbn666 for this useful post)
-
Active Member
hello, how bad is the ban rate at macos version of wow?
-
Member
anyone got something working for legion?