v3.2 - MeNiA

[ivan1987]

can any post 3.2 code or post some hack for 3.2 thx ...

[SirGalahad]

<a href='http://unadvised.net/forum/index.php?showtopic=454' target='_blank'>http://unadvised.net/forum/index.php?showtopic=454</a>

For fuck's sake, use the goddamn search function. Go to that topic, compare a 2.95 unpacked client with a 3.2 unpacked client and make the appropriate modifications.

Sorry for the harshness but Jesus Tapdancing Christ, almost everyone here wants to be baby stepped through this shit. I know absolutely zero about this stuff, but with a bit of intelligence I figured out how to map those hacks to different clients (not all, but most of them). If I can do it, you can do it.

[MeNiA]

This is my code, if you cant understand it then you're an idiot... get olly debugger or ida - THESE ADDRESSES ARE CORRECT TO HB LEGENDS CLIENT.
I quoted it so it could be more readable:

Code: Select all

HBLegends:
Logout:
-----------------------------------------------------------------
00436DDF  |. C74424 20 0100>|MOV DWORD PTR SS:[ESP+20],0B
0049D102   . C74424 2C 0100>MOV DWORD PTR SS:[ESP+2C],0B

00436DDF  |. C74424 20 0100>|MOV DWORD PTR SS:[ESP+20],1
0049D102   . C74424 2C 0100>MOV DWORD PTR SS:[ESP+2C],1



Restart:
-----------------------------------------------------------------
0045A3A3  |. C686 A4DF0600 >MOV BYTE PTR DS:[ESI+6DFA4],5

0045A3A3  |. C686 A4DF0600 >MOV BYTE PTR DS:[ESI+6DFA4],0



Curse:
-----------------------------------------------------------------
0049DE28  |. 0F84 F9020000  JE Copy_of_.0049E127

0049DE28     E9 FA020000    JMP Copy_of_.0049E127
0049DE2D     90             NOP



Multi-Client:
-----------------------------------------------------------------
0049D374  |. 68 7C164C00    PUSH Copy_of_.004C167C                 ; /MutexName = "0543kjg3j31%"

0049D374     68 00000000    PUSH 0                                 ; /MutexName = NULL



No Cast Delay:
-----------------------------------------------------------------
00464DB1  |. 8D5424 3C      LEA EDX,DWORD PTR SS:[ESP+3C]
00464DB5  |. 8D8D E0D30600  LEA ECX,DWORD PTR SS:[EBP+6D3E0]
00464DBB  |. 52             PUSH EDX
00464DBC  |. C74424 40 0000>MOV DWORD PTR SS:[ESP+40],0
00464DC4  |. E8 07BA0300    CALL Copy_of_.004A07D0
00464DC9  |. FF15 64124B00  CALL DWORD PTR DS&#58;&#91;<&winmm.timeGetTime>&#93;;  WINMM.timeGetTime
00464DCF  |. 8985 74D30600  MOV DWORD PTR SS&#58;&#91;EBP+6D374&#93;,EAX

00464DB1     EB 22          JMP SHORT HBLegend.00464DD5
00464DB3     90             NOP
00464DB4     90             NOP



No wait for using scroll after damage&#58;
-----------------------------------------------------------------
00458A9C  |. 75 7A          JNZ SHORT Copy_of_.00458B18

00458A9C     EB 7A          JMP SHORT Copy_of_.00458B18



No drink pot delay&#58;
-----------------------------------------------------------------
0044ECDC  |. 75 0D          JNZ SHORT Copy_of_.0044ECEB
0044EE4A  |. 75 0D          JNZ SHORT Copy_of_.0044EE59
0045819D   . 75 1C          JNZ SHORT Copy_of_.004581BB

0044ECDC   . EB 2A          JMP SHORT Copy_of_.0044ED08
0044EE4A   . EB 2A          JMP SHORT Copy_of_.0044EE76
0045819D   . EB 19          JMP SHORT Copy_of_.004581B8



Use pots while exchanging&#58;
-----------------------------------------------------------------
0044ECF9  |. 75 0D          JNZ SHORT Copy_of_.0044ED08
0044EE67  |. 75 0D          JNZ SHORT Copy_of_.0044EE76

0044ECF9     EB 2A          JMP SHORT Copy_of_.0044ED25
0044EE67     EB 2A          JMP SHORT Copy_of_.0044EE93



Speed Trap&#58;
-----------------------------------------------------------------
00462618     8B8D 98980600  MOV ECX,DWORD PTR SS&#58;&#91;EBP+69898&#93;
	
00462618   . E9 D6280000    JMP HBLegend.00464EF3
0046261D     90             NOP



Speed Limit&#58;
-----------------------------------------------------------------
0046260C   . 81FE 2C010000  CMP ESI,12C

0046260C     81FE 00010000  CMP ESI,100



True Identity&#58;
-----------------------------------------------------------------
0045A97E  |. 72 0B          JB SHORT HBLegend.0045A98B

0045A97E    ^72 D8          JB SHORT HBLegend.0045A95B



F1 Hotkey&#58;
-----------------------------------------------------------------
0044F264     8B85 14DC0600  MOV EAX,DWORD PTR SS&#58;&#91;EBP+6DC14&#93;       ;  Case 70 of switch 0044E6F0
0044F26A     85C0           TEST EAX,EAX
0044F26C     0F85 8D060000  JNZ HBLegend.0044F8FF

0044F264   > 6A 00          PUSH 0                                 ; /Arg1 = 00000000; Case 70 of switch 0044E6F0
0044F266   . 8BCD           MOV ECX,EBP                             ; |
0044F268   . E8 83E40300    CALL HBLegend.0048D6F0                 ; &#092;HBLegend.0048D6F0
0044F26D   . E9 8D060000    JMP HBLegend.0044F8FF



Beholder&#58;
-----------------------------------------------------------------
0041AB7D  |. 8DB5 8DE00600  LEA ESI,DWORD PTR SS&#58;&#91;EBP+6E08D&#93;
0041E385  |. 8DB3 8DE00600  LEA ESI,DWORD PTR DS&#58;&#91;EBX+6E08D&#93;
0041F35A  |. 8DB5 8DE00600  LEA ESI,DWORD PTR SS&#58;&#91;EBP+6E08D&#93;
004254D7  |. 8DB5 8DE00600  LEA ESI,DWORD PTR SS&#58;&#91;EBP+6E08D&#93;
004283FE  |. 8DB5 8DE00600  LEA ESI,DWORD PTR SS&#58;&#91;EBP+6E08D&#93;
0042BF27  |. 8DB5 8DE00600  LEA ESI,DWORD PTR SS&#58;&#91;EBP+6E08D&#93;
00433F50  |. 8DB5 8DE00600  LEA ESI,DWORD PTR SS&#58;&#91;EBP+6E08D&#93;

0041AB7D     EB 0B          JMP SHORT HBLegend.0041AB8A
0041AB7F     90             NOP
0041AB80     90             NOP
0041AB81     90             NOP
0041AB82     90             NOP

0041E385     EB 1B          JMP SHORT HBLegend.0041E3A2
0041E387     90             NOP
0041E388     90             NOP
0041E389     90             NOP
0041E38A     90             NOP

0041F35A   . EB 0B          JMP SHORT HBLegend.0041F367
0041F35C     90             NOP
0041F35D     90             NOP
0041F35E     90             NOP
0041F35F     90             NOP

004283FE     EB 0B          JMP SHORT HBLegend.0042840B
00428400     90             NOP
00428401     90             NOP
00428402     90             NOP
00428403     90             NOP

004254D7   . EB 0B          JMP SHORT HBLegend.004254E4
004254D9     90             NOP
004254DA     90             NOP
004254DB     90             NOP
004254DC     90             NOP

0042BF27     EB 0B          JMP SHORT HBLegend.0042BF34
0042BF29     90             NOP
0042BF2A     90             NOP
0042BF2B     90             NOP
0042BF2C     90             NOP

00433F50     EB 0B          JMP SHORT HBLegend.00433F5D
00433F52     90             NOP
00433F53     90             NOP
00433F54     90             NOP
00433F55     90             NOP



Enemy Indicator&#58;
-----------------------------------------------------------------
00418B94  |. 74 34          JE SHORT HBLegend.00418BCA
0041B42E   . 74 48          JE SHORT HBLegend.0041B478
0041D808  |. 74 35          JE SHORT HBLegend.0041D83F
0041E64C   . 74 35          JE SHORT HBLegend.0041E683
0041FB7B   . 74 34          JE SHORT HBLegend.0041FBB1
00423BD3  |. 74 32          JE SHORT HBLegend.00423C07
00425C7F   . 74 4A          JE SHORT HBLegend.00425CCB
004288EC   . 74 41          JE SHORT HBLegend.0042892F
0042C603   . 74 35          JE SHORT HBLegend.0042C63A
00434398   . 74 44          JE SHORT HBLegend.004343DE

00418B94     90             NOP
00418B95     90             NOP

0041B42E     90             NOP
0041B42F     90             NOP

0041D808     90             NOP
0041D809     90             NOP

0041E64C     90             NOP
0041E64D     90             NOP

0041FB7B     90             NOP
0041FB7C     90             NOP

00423BD3     90             NOP
00423BD4     90             NOP

00425C7F     90             NOP
00425C80     90             NOP

004288EC     90             NOP
004288ED     90             NOP

0042C603     90             NOP
0042C604     90             NOP

00434398     90             NOP
00434399     90             NOP



No Confiuson/Illusion&#58;
-----------------------------------------------------------------
0045A944  |. 39AB 20DD0600  CMP DWORD PTR DS&#58;&#91;EBX+6DD20&#93;,EBP

0045A944     EB 0A          JMP SHORT HBLegend.0045A950
0045A946     90             NOP
0045A947     90             NOP
0045A948     90             NOP
0045A949     90             NOP

00481BD3  |. C786 F4DB0600 >MOV DWORD PTR DS&#58;&#91;ESI+6DBF4&#93;,1
00481C62  |. C786 F8DB0600 >MOV DWORD PTR DS&#58;&#91;ESI+6DBF8&#93;,1

00481BD3     C786 F4DB0600 00000000    MOV DWORD PTR DS&#58;&#91;ESI+6DBF4&#93;,0
00481C62     C786 F8DB0600 00000000    MOV DWORD PTR DS&#58;&#91;ESI+6DBF8&#93;,0



Global Spam&#58;
-----------------------------------------------------------------
0044F057     3C 21          CMP AL,21
0044F083   . 75 03          JNZ SHORT HBLegend.0044F088

0044F057     EB 1E          JMP SHORT HBLegend.0044F077
0044F083     EB 0B          JMP SHORT HBLegend.0044F090



Uninterruptible&#58;
-----------------------------------------------------------------
004847EF  |. 8D4424 24      LEA EAX,DWORD PTR SS&#58;&#91;ESP+24&#93;
004847F3  |. 33FF           XOR EDI,EDI
004847F5  |. 50             PUSH EAX
004847F6  |. 8D8D A8D80600  LEA ECX,DWORD PTR SS&#58;&#91;EBP+6D8A8&#93;
004847FC  |. 897C24 28      MOV DWORD PTR SS&#58;&#91;ESP+28&#93;,EDI
00484800  |. E8 CBBF0100    CALL HBLegend.004A07D0
00484805  |. 8DB5 BCDB0600  LEA ESI,DWORD PTR SS&#58;&#91;EBP+6DBBC&#93;
0048480B  |. C785 ECDC0600 >MOV DWORD PTR SS&#58;&#91;EBP+6DCEC&#93;,-1
00484815  |. 8BCE           MOV ECX,ESI
00484817  |. 66&#58;897D 0C     MOV WORD PTR SS&#58;&#91;EBP+C&#93;,DI
0048481B     E8 D0BF0100    CALL Helbreat.004A07F0

004847EF   . 33FF           XOR EDI,EDI
004847F1   . 8DB5 BCDB0600  LEA ESI,DWORD PTR SS&#58;&#91;EBP+6DBBC&#93;
004847F7   . 8BCE           MOV ECX,ESI
004847F9   . EB 20          JMP SHORT HBLegend.0048481B
NOP between 004847FB - 0048481F &#40;including 0048481F&#41;&#91;/SIZE&#93;

edited by charlie: made it more easy to read
menia: jajaja, edit button fixed , didnt notice that code tag.

[MeNiA]

no edit button :S... i changed the code size now its more messy..

[ivan1987]

thx ...

[charlie]

cant anyone edit there own posts?

[MeNiA]

no1 can :S.. i saw all bunch of ppl saying in their posts that they cant .
maby u need to reconfigure the forum?? :blink:

[m0o]

Can someone send me version 3.2 helgame.exe that already edited with hack code in it? if you do still have with it, send to admin@odasaja.net

thanks

[Down-to-ZeR0]

anyone have the real hack code for 3.2 this not working

[dude]

yeah these codes are good for HBLedgend... and they cannot be applied to other server.


But yet... By hexing the HBLedgend client, and then changing the IP to the server u play, that might work.

[Down-to-ZeR0]

anyone can send me the hb legends helgame, thx

nicolasdif@ciudad.com.ar

[HellCraw]

I also need the HB legends client !
Can any1 plz pots it here ? And maybe with the codes already attached

[kai]

dunno if you guys got this, but when i tried hblegend client on my server, i see myself as traveller. But others see me a citizen.
Thus, i cant go out of town. any idea how to fix it?

thanks

[kakanaator]

well, i can tell you a secret that it is not for a 3.2 exe. maybe only for hb legends, but as you know hblegends isn't 3.2, it is something selfmade

i need to crack this exe
<a href='http://www.hot.ee/hbfiles/HBHyperion.exe' target='_blank'>http://www.hot.ee/hbfiles/HBHyperion.exe</a>
but whenever and whatever i search t he results are wrong.