Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


String searching

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting
View previous topic :: View next topic  
Author Message
Vitality
How do I cheat?
Reputation: 0

Joined: 29 Oct 2014
Posts: 1

PostPosted: Wed Oct 29, 2014 5:02 pm    Post subject: String searching Reply with quote

I need to create a new Value Type for scanning called EncryptedString. Honestly, the function used to encrypt the string is ever so simple, yet it's still not something I can scan because it's randomized. Basically, for every string you're scanning, if it can be decrypted using this function, it'd add it to the bottom address list:

Decrypt=function(hash)
local nums=""
for i=1,(#hash)/2 do
nums = nums..string.sub(hash,i*2,i*2)
end
return tonumber(nums)
end

How would I go about doing this? I don't quite understand how Cheat engine Lua works, only regular Lua & RBX.Lua.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sun Nov 02, 2014 7:29 pm    Post subject: Reply with quote

only integer and float types are supported by custom value types for now
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
panraven
Grandmaster Cheater
Reputation: 55

Joined: 01 Oct 2008
Posts: 941

PostPosted: Sun Nov 09, 2014 8:25 am    Post subject: Re: String searching Reply with quote

Vitality wrote:
I need to create a new Value Type for scanning called EncryptedString. Honestly, the function used to encrypt the string is ever so simple, yet it's still not something I can scan because it's randomized. Basically, for every string you're scanning, if it can be decrypted using this function, it'd add it to the bottom address list:

Decrypt=function(hash)
local nums=""
for i=1,(#hash)/2 do
nums = nums..string.sub(hash,i*2,i*2)
end
return tonumber(nums)
end

How would I go about doing this? I don't quite understand how Cheat engine Lua works, only regular Lua & RBX.Lua.



I've tried to make custom type in auto assembler format, I don't know if it work for lua.
The idea is presented as aa script.

The idea is to search for 1 (true) or 0 (false).

In aa script custom type , it has a prologue of ConvertRoutine:
[32-bit]
push ebp
mov ebp,esp
mov eax,[ebp+8] // value's address ?
mov eax,[eax]
[/32-bit]

after this point, eax hold the original value to be converted , so that the converted value will be test for match after ConvertRoutine returned.

However if [ebp+8] hold the actual address of that value, it can be used as a reference for your hash string.

If I understand right, your hash string is in a format like these:
a1b2c8 , g999a0
that is , if every char of even position of the hash string is a decimal 0-9,
the lua Decrypt will return a number, else a nil.

Normally ConvertRoutine is used to convert the value, eg. the 4byte * 8 + 6
Here you convert the value to 1 or 0 depending on whether the referenced hash string can be convert to a number by the Decrypt.

It should be easy to make a equivalent assembler version of the lua Decrypt.

Then you search 1 for the addresses of the possible hash strings.
But the address list does not show the string at that address, but only the number 1.

UPDATE:
or you can return the NUMBER (need to convert the decimal char to numbers) if convert-able, or -1 if not
In this way, you search for a number range using 'between'.
This can limit the string length to be search. eg. 1000- 9999 to search for all possible hash string of length 8-9. (oops, it will miss those with leading zero decimal char)

UPDATE2:
a problem of this method is, it will repeatedly match different part of the same hash string, eg.
0x10000 : 'a1b2c3d4',0x0 (cstring terminator)
0x10002 : 'b2c3d4',0x0
0x10004 : 'c3d4',0x0
0x10006 : 'd4',0x0


UPDATE3:
lua version, given I understand the problem right.
The hash string is assumed cstring
Code:
--Note: keep the function base name unique.
typename="EncryptedString" --shown as the typename in ce
bytecount=32  --number of bytes of this type
functionbasename="es"

function es_bytestovalue(aa,ab,ac,ad,ae,af,ag,ah,ai,aj,ak,al,am,an,ao,ap,aq,ar,as,at,au,av,aw,ax,ay,az,ba,bb,bc,bd,be,bf) -- 32 patameters
--Add extra byte parameters as required
  local t = {aa,ab,ac,ad,ae,af,ag,ah,ai,aj,ak,al,am,an,ao,ap,aq,ar,as,at,au,av,aw,ax,ay,az,ba,bb,bc,bd,be,bf}
  local v = 0 -- max precision for integer is 48bit, 17 decimal digit, 32 bytes can hold 16 decimal digits
  local valid = false
  for i=1,#t do
    if t[i] == 0 then break end -- cstring terminated
    if bAnd(i,1) == 0 then -- even position
       local b = t[i]
       if b >= 0x30 and b <= 0x39 then
         valid = true
         v = v * 10 + b - 0x30
       else
         valid = false
         break
       end
    end
  end
  return valid and v or -1

end

function es_valuetobytes(i) -- not implement

--return the bytes to write (usually only used when you change the value)
return 0,0,0,0

end
return typename,bytecount,functionbasename
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites