By viewing Dirty Steve's BYM thread, let me know this forum is not always a leech paradise. So allow me sharing my noob knowledge on this KR cheats, hopefully the leeches will be less arrogant.
Here is to explain how the cheat detection work, the old version Ranged Melee cheat will be used as an example.
The CT script for ranged melee (some irrelevant long text removed):
Code:
<Description>"Ranged attack"</Description>
<Color>80000008</Color>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
//
Aobscan(_ranged,[COLOR="RoyalBlue"]d0 30 24 00 d7 28 d6 28[/COLOR]) // soul magnet
_ranged + 02:
db 26 48
You can check that the AoB pattern in AobScan is actually the function show below by examining the KR SWF in JPEXS De-compiler.
In raw format
Code:
trait method Qname(PackageNamespace(""),"jGy0JTWP") dispid 0
method
name "jGy0JTWP"
flag HAS_PARAM_NAMES
param Qname(PackageNamespace(""),"String")
paramname "ability"
returns Qname(PackageNamespace(""),"Boolean")
body
maxstack 6
localcount 11
initscopedepth 0
maxscopedepth 1
code
; d0
ofs0000:getlocal_0
; 30
ofs0001:pushscope
; 24 00 <= cheat modification here, 26 48 = return true
ofs0002:pushbyte 0
; d7
ofs0004:setlocal_3
; 28
ofs0005:pushnan
; d6
ofs0006:setlocal_2
; 28
ofs0007:pushnan
; 63 04
ofs0008:setlocal 4
; 60 ae 3c
ofs000a:getlex Qname(PrivateNamespace("nGxI.hI3SW:YdLGYWjD7Ni_"),"var_1066")
; 75
A few line in source format:
Code:
public function jGy0JTWP(param1:String) : Boolean {
var _loc3_:* = 0;
var _loc2_:* = NaN;
var _loc4_:* = NaN;
var_1066 = var_1066 + 1;
The cheat modified a few byte in beginning of the function, and the modification make the function always return TRUE without executing any instruction following. It is this TRUE return value allow the melee knight attack from a distance.
NOTE HERE, the
var_1066 = var_1066 + 1; is not executed.
Now, let see where this function jGy0JTWP is used. You can search the function in JPEXS to locate it. Here it is :
Code:
if("melee" !== _loc7_)
{
if("dist" !== _loc7_)
{
if("los" === _loc7_)
{
_loc3_ = jGy_3A(param1);
}
}
else
{
_loc3_ = jGysNal(param1);
}
}
else
{
preMelee();
_loc3_ = jGy0JTWP(param1);
postMelee();
}
}
You can see that there are 2 other functions act like jGy0JTWP. They are for range check for mage and archer if the mob represent param1 is in attack range.
NOTE the 2 function preMelee and postMelee.
These 2 function are the said Cheat Detection the developer made after they analyzed the old CT. They are just located beside the jGy0JTWP function.
These are the content of these 2 function, very short:
Code:
public function preMelee() : void {
var_1067 = var_1066;
}
public function postMelee() : void {
if(var_1067 == var_1066)
{
YdWSL.Cheat("meleeMod");
}
}
public function jGy0JTWP(param1:String) : Boolean {
var _loc3_:* = 0;
var _loc2_:* = NaN;
var _loc4_:* = NaN;
var_1066 = var_1066 + 1;
Here the detail how Cheat Detection work:
The normal execution should be like this:
preMelee / make 1066 = 1067 ->
jGy0JTWP /
var_1066 = var_1066 + 1; , ie 1066 not equal 1067 now ->
postMelee / check if 1066 still equal 1067, if yes, log cheat.
Normal execution won't cause the cheat logged.
Now with the ranged cheat applied:
preMelee / make 1066 = 1067 ->
jGy0JTWP /
cheat make the function return true at once, the following line is not executed
var_1066 = var_1066 + 1; ,
ie 1066 is still equal 1067->
(you can check 1067 has never changed within jGy0JTWP function, actually 1067 got no change after initialized. )
postMelee / Now 1066 is still equal 1067, You are Logged!
Ofc, logged as cheat does not means you got banned at once. The developer is so mercy.
... but you still feel comfortable using these old cheats?
btw, all KR CT post, or so called
released which implied originality, are all old version CT.
If you have the updated version, please keep it for you and your trusted friend, and never encourage the leech post it here again .