[Guide] How to crack the s4 client

[MrSm!th]

Quote:

Originally Posted by nexuspact666

I'm guessing that's because the game runs primarily on p2p (p2s2p really?) so each person is going to have to run a copy of the game, rather than a server shouldering all of that work. I don't see Multiplayer P2p handled very well often, even with Infinity Ward's MW2 which theoretically should have been higher end than S4, but I won't complain about it here. Basically, yes you have access to all the resources IF you know what you're doing, but thankfully most people don't (leechers like me ).

@Alastor : So the inform boxes really are all that need to be gotten around? (I guess I'll just try it anyways, so asking is kind of redundant).

its half-half

p2p + server

[nexuspact666]

According to Smith, we only need to NOP one Inform / messagebox ? Is this true for x86?

[MrSm!th]

Quote:

Originally Posted by nexuspact666

According to Smith, we only need to NOP one Inform / messagebox ? Is this true for x86?

no
neither for x64 nor x86

the client will just close

you have to nop everything after it too (the terminating of the process)

but its much easier:

over every inform, there is a condition jump
just make it to jmp (jump always)

and you just have to patch 1 inform

search for string "Inform) and choose the LAST found string
its the only MessageBox to patch

[nexuspact666]

Wow, thanks alot for the help!


"error file was installed" means I need to get around the last inform right?

[哈哈哈]

there's a command after the jmp that in the guide it says you have to nop. I am just curious does that command have to do with the termination of the client?

[MrSm!th]

which command?

[哈哈哈]

Theres the command that says

Code:

JMP 00417688
MOV EAX,DWORD PTR DS:[0D8972C]

I'm wondering either of those have to do with the termination of the client..
sry i honestly never learned asm XD just picking up bits and pieces while i'm messing around on ollydbg

oh I just realize all of the jumps after the "inform" tell the code to go to

Code:

MOV BYTE PTR SS:[EBP-365],0

maybe THAT is the termination??

[MrSm!th]

no its not the termination

the termination is a jmp after the messagebox (after most of the Informs) to a few other calls and than ExitProcess

but after the real important inform, the hack detection inform, there is no suspect command

its the WM_DESTROY a few lines BEFORE

but a condition jump jumps over it too.
for you again:
nopping is stupid and too much work....make a jump over it ;D

[哈哈哈]

would it be to much to ask what command i use to make jumps?

[MrSm!th]

jmp

i noticed:

This tutorial has a VERY big mistake O.o

You just nop the MessageBox and you say its enough.
Buts it isnt!

After it, there is a jump to ExitProcess, you have to nop (or overjump it) too!




AND

only this inform is important! :

[哈哈哈]

lol i kno jmp is jump i mean how do i force the code to jump

[MrSm!th]

dont know what you mean O.o

ah i think, i know

go to this inform



and double click on the JBE


and replace JBE with jmp (you should have at least a little knowledge with olly )

[哈哈哈]

oh thats what u mean by jumping over it. but for some reason i can't find that code u pointed out in ur first post (the exitprocess reference). I searched my code for that but it's not there oO

[MrSm!th]

search for string "Inform" and go to the LAST found result

[哈哈哈]

i'm talking about "jmp s4client.004157c8" i know my addresses may be different but i dont see any commands remotely similar to that one anywhere near any of the informs > weird...