![[Guide] How to crack the s4 client](https://www.elitepvpers.com/forum/iconimages/s4-league-hacks-bots-cheats-exploits/guide-how-crack-s4-client_ltr.gif){kind=small}
Here a guide how you can crack the client yourself. If it doesn't work , or I made any mistakes , I don't care. Just took a quick look into the client and reversed nearly nothing. I didn't put much effort in creating the guide. Maybe it will help you , maybe not.
Guide :
Hey,
in this guide I will show you how to crack the s4 client , so that you won't get any errors from hackshield and maybe you can hack with your memory hacks like you wish.
I don't know why the e*pvp users in the s4 section make such a secret
Requirements :
-basic asm knowledge
-a debugger like olly[dbg]
-s4 (or at least the client)
-your brain
Let's get started!
At first , fire up olly and open the S4Client.exe (or however you named it [in my case I renamed the S4Client.exe into S4Client_orig.exe])
Picture :
If you land in the ntdll module , you have to choose the right one (in my case its the S4Client_orig.exe)
Picture
Now we are in the right module and ready to give the client some kind of treatment. At first some things we know.
When we are hacking with an unmodificated client , we get an error from hackshield. The caption of the error is something with inform or so (I don't really know , because I don't really care). So we search for the string "inform" in Olly (you an other debugger) . Of course there are other (and in most cases better) ways to find the right virtual adresses where we need to patch , but they would require more asm knowledge.
However rightclick onto the code window and choose "Search for" and then "All referenced text strings".
Picture :
Now rightclick onto the text strings window (wich should have popped up) and choose "Search for text".
Picture :
So far so good. Now uncheck the "Case sensitive" checkbox and make tick the "Entire scope" checkbox. Search for the string "inform".
Picture :
You should find several strings. Just doubleclick on the first and you should land here.
Picture :
Ok , finally we reached the most important part. Here we need to nop some commands , so that they can't get executed (because we noped them , lol).
Here some explanation of what the code does. (I will only explain the code parts we need to change).
Code:
00415363 68 F477C100 PUSH S4Client.00C177F4 ; push the "inform" string to the stack , title of the msgbox 00415377 FF15 3C3AC100 CALL DWORD PTR DS:[<&USER32.MessageBoxA>] ; call the messagebox function (show us the error) 00415392 8B0D 6C48D800 MOV ECX,DWORD PTR DS:[D8486C] ; mov the pointer into ecx
Picture :
Well , there is not only this function , wich calls the messagebox , but several more (although they have the same structure like the first one) and we need to patch them like the first one.
Dunno if this works , I just analyzed the code a bit and did the patches. Didn't tested it further and if the s4 makers patch this I don't care.
You can nop the whole code from 004152FF till the end of the jump and at 00415A73 you could do the same. Maybe this will work.
At least , dunno if you have to patch some more (I don't really think so) but if you have to , find out on your own what you have to do!.
Credits:
I think I should credit MrSm!th , cause he released the first client I could leech and analyze (more or less). Without his client I probably wouldn't figured out what I needed to do (although it's so simple) , because I actually never was interested in this stupid game.
But in my eyes people like MrSm!th are acid for the community , cause they don't want to share.
Some last few words... I won't do something s4 related in the future.
Adroxxx , if you want to kick me from the underground , do so. I have nothing to contribute to the community.
source : Link to the guide (or however you want to call it) :
