Explanation of the CP Exploit that once plagued the game.

[rdgs123]

Quote:

Originally Posted by Mega Byte

Some derpas here .. its not a hack or code for a hack its an explanation of the CP exploit that happend back on aeria ts2. would work on others if it has not been patched. it is an easy patch as you can see in my codes .

Didn't I say no requests? I guess asking for help is okay though.

You want to find the GameSendFunction

You need to be able to breakpoint / debug.

Stand somewhere alone in game.
Breakpoint send (its a winsock api call)

Anywho,
Find the game send function, it will be what called send.
(Execute till return then look for top of function)

Find all calls to this or do a conditional hook you want to breakpoint it only when the exchange merit packet goes through which you have to be over level 50 i think. It does time to merit? then merit to cp? i forget though its been forever.

When you identify this function you want to breakpoint game send or the code that calls game send.

Find the buffer its probably EDX pointer.


After packet id (9th? byte) write -500 as a float or was it a signed integer i forget.

Profit.


But if you don't know how to use cheat engine or a debugger your wasting your time go do some tutorials

EDX pointer r the cp and merits that remains when u do the exchange, at least in adresses i was looking (in CE "find what write this adress" and then in assemble).
I could change the amount (in millions) when i made the exchange by modifying EAX and EBP in cp adresses , and ECX in merits adress, i was able to keep the amount by like 15-20 sec n then game crashes; when i log in again cp back to initial value. I guess i didnt get the right function or adress yet....

[SeiD001996]

i make .dll and put this code how to activate cp hack ? pls help no helping peoples..