UPDATED: Jan. 9th //Change Power Strike Damage - Can change when in game Search for: d030d01006000070ae21a257932c828d01d1a02cc27fa0d2a02cb69301 Replace with: d03025A846480070ae21a257932c828d01d1a02cc27fa0d2a02cb69301 Datatype: hex-values
I have been playing Realm of the Mad God off and on since its debut but never have come across anyone who actually could successfully cheat in the game until a few days ago. I couldn't pass on some hacking Realm of the Mad God fun so I searched the AS3 code with Sothink for anything that would be helpful in doing so. I found a couple locations in the AS3 code or raw data which would handle cheaters in game("handleCheater") with one being the actual function and other calling the function. If you try changing any values in game without first stopping the function the game deletes your character and kicks you.
I chose both the function and function call shown below to NOP(02) using the free hex editor called HxD. You could use Cheat Engine or Memory Hacking Software but I believe this program makes the process simple and quick. I tried the hex editor tool in MHS but it didn't work for me. You do not have to just rely on hex editing/replacing AoB's you find but can change any values you find using CE or MHS as long as you NOP the handleCheater function first. I found that for Google Chrome browser the first process listed is the one you would need and for FireFox browser you need to locate the plugin-container.exe process when using HxD.
I was fooling around with this function I found which obviously involves damage amount and shooting. I replaced the get damage_ property with a different one in the code. I wasn't sure what to expect but I ended up with completely disabling all enemies shooting projectiles.
and chose the getproperty //66940c from GameObject to replace it.
I was using MHS/CE for searching my STR in game using long/4byte and changing the value for doing absurd damage. You would have to find the correct address every time you entered/exited a dungeon using this method so why not find a way to permanently set your attack with a value already used in the game by replacing some AoB's in memory. I did just that and it didn't take very long to do. I found that the game loads all your char attributes through a function after you selected a server and if you search through the code you'll find "HitPoints", "MaxHitPoints" or through the decrypted SWF you'll find "Attack", etc. You will find that "Attack" is associated with "_-Ka" throughout the whole code. I found a beneficial variable used in the same object that we can use instead of the "_-Ka". You'll notice it is used twice from the object below but we'll just replace both.
com>company>assembleegameclient>object>Player :
override public function toString() : String { ........ var _loc_1:* = ...+ "" + _-Ka + "" +...
and we'll replace with : //60 86 0c _as3_getlex _-6E (10000) public static const _-6E:int = 10000;
The AoB's needed for cheating Realm of the Mad God are found below which I'll try and update once the game has been updated or you could find them yourself.
//Disable anti-cheat in game - Must replace at title screen - Need to Update Search for: 661866424626004fd90a0247 Replace with: 020202020202000202020202 Datatype: hex-values
//Disable anti-cheat in game - Must replace when in game - Need to Update Search for: 4fd318002648 Replace with: 020218000202 Datatype: hex-values
//Disable enemy shooting/damage - Must replace at title screen - Build #106 NEW - 10/22/10 Search for: 66d2034fcd0b05d06628 Replace with: 66f9014fcd0b05d06628 Datatype: hex-values
//Change Attack Damage - Must replace at title screen - Need to Update Search for: 123b0000609908244ba3 Replace with: 123b000060860c244ba3 Datatype: hex-values
//Change Attack Damage - Must replace at title screen - Need to Update Search for: 11720000609908a02cab05 Replace with: 1172000060860ca02cab05 Datatype: hex-values
Awhile back I submitted a post talking about the multiplayer card game Ederon and how I discovered a few exploits after playing around with the game but immediately took the post down which had a card/win/exp exploit. I took it down because I was contacted by the developer of Ederon and he wanted to know how he could secure it so I gave him some info and was supposed to get a free deck/upgrade but never did. Well I decided to check the game out again and it seems he decided to fix the simple exploit I found awhile back which I discovered by looking at the AS code and using the FireFox add-on Tamper Data. Using my variable scanner and Flash I was able to reproduce the same exploits by using action script which I load a custom SWF into the game..I guess he did not want to listen to my advice. The new add cards and instant win/exp exploits are even better than before. So I had to update the old exploit program to work with loading the custom SWF into a IE web browser which loads the game.
The Ederon Exploit program can now instantly add two cards of your choice and I added a much needed player ID search feature which is for the quick exp/win exploit. To get the players ID in the game just click their name in-game then click the "Selected Name" button in the program and then click the "Find ID" button. Sometimes it grabs the wrong ID so might have to use the Ederon player database. Once the chosen player ID is found it can be used with the add cards and quick win/exp exploit as well. If you wish to go back to your player account ID then hit the button again. The card IDs can be found at the Ederon card list database just right-click on the card name and copy the URL which holds the card ID. I do not expect these exploits to last for long so enjoy them now.
Check out the video below for a quick demonstration of using the program and the download link. I will included the Visual Basic 6 / AS2 source code with the program in a few days, enjoy.
NOTICE: The game has been upgraded to Action Script 3 and no longer works so download was removed but I fixed and still will have the source available below.
