unknowncheats uc-forum.com ucdownloads ucdownloads.com

Go Back   UC-Tutorials - Multiplayer Game Hacking and Cheat Tutorials > First-Person Shooters > Quake Series > Other Quake Mods
Reload this Page Urban Terror 4.1 CVAR Unlocker PLUS Print to Console
- Sponsored Advertisement -
http://www.myfpscheats.com/


Reply
 
Thread Tools Display Modes
  #1  
Old 02-25-2010, 04:34 AM
disco disco is offline
Administrator
  
Join Date: Feb 2010
Posts: 271
Default Urban Terror 4.1 CVAR Unlocker PLUS Print to Console
Posted by Ksbunker.




I've only recently in the lat few days got my hands on Urban Terror MOD for Q3 (it's good fun, check it out!). Anti-cheats of any variety will detect this almost imemdiately, it's their kind of bread and butter, so be warned.

[CVAR Unlocker]

Anyway, very easy method to enable rudimentary wallhack using "r_shownormals 1", result is viewable at bottom;

Crack open ioUrbanTerror.exe in OllyDbg. Search string references for;

Quote:
"%s is cheat protected.", LF
view line that references the string in dissasembler, scroll up a tad;

Code:
0041F6E8  |> F6C4 02        TEST AH,2
0041F6EB  |. 74 3D          JE SHORT ioUrbanT.0041F72A ; 1st check, jump to Enable CVAR
0041F6ED  |. 8B0D A4C0AF00  MOV ECX,DWORD PTR DS:[AFC0A4]
0041F6F3  |. 8B41 20        MOV EAX,DWORD PTR DS:[ECX+20]
0041F6F6  |. 85C0           TEST EAX,EAX
0041F6F8  |. 75 30          JNZ SHORT ioUrbanT.0041F72A ;2nd check, jump to Enable CVAR
0041F6FA  |. 8B5424 14      MOV EDX,DWORD PTR SS:[ESP+14] ;otherwise...
0041F6FE  |. 52             PUSH EDX
0041F6FF  |. 68 4C5C4D00    PUSH ioUrbanT.004D5C4C                   ;  ASCII "%s is cheat protected.",LF
0041F704  |. E8 87C4FFFF    CALL ioUrbanT.0041BB90
0041F709  |. 83C4 08        ADD ESP,8
0041F70C  |. 5D             POP EBP
0041F70D  |. 5B             POP EBX
0041F70E  |. 8BC7           MOV EAX,EDI
0041F710  |. 5F             POP EDI
0041F711  |. 5E             POP ESI
0041F712  |. C3             RETN
Modify
0041F6EB |. 74 3D JE SHORT ioUrbanT.0041F72A
to
0041F6EB |. 75 3D JNE SHORT ioUrbanT.0041F72A

Wallhack enabled.

[Print to Console]

Points of note. CALL 0041BB90 appears to wsprintf text to the console. Parameter one is the string, parameter one (in this case edx), is a pointer to the typed console command.

Could easily steal for our own string printing (code must reside in target space via code-injection or dll-injection);

Code:
.data
    pszFormat BYTE "The user's name is %s", 0
    pszCheat BYTE "Ksbunker", 0    
.code
start:
    push offset pszCheat
    push offset pszFormat
    call @PrintConsole
    ret
;____________________________________________
;
; result: "The user's name is Ksbunker" duh
;____________________________________________

@PrintConsole:
    push [ebp+0Ch]
    push [ebp+08h]
    call 0041BB90
    add esp, 8
    ret
end start

Reply With Quote
Reply

  • Submit Thread to Digg
  • Submit Thread to del.icio.us
  • Submit Thread to StumbleUpon
  • Submit Thread to Google
  • Submit Thread to Facebook
  • Submit Thread to My Yahoo!
  • Submit Thread to MySpace
  • Submit Thread to Twitter
  • Submit Thread to Reddit

Tags
console, cvar, print, terror, unlocker, urban

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT. The time now is 08:37 PM.

Contact Us - Archive