Cheat Engine

[Noobrzor]

Hello

I am puzzled, due to occurence which I've stumbled at, and for the life of me I can't figure out how it might've been done, I hope someone will share some light.

I know this is unrelated, as should be in flash games section, however this occurence definitely does not happen only in this particular example.
/viewtopic.php?t=575432 (after forum.cheatengine.org. Not allowed to post urls yet)

There, an user named panraven posted a cheat table for the flash game "Caravaneer 2". It works as intended.

I viewed the scripts he used, particularly for "human capacity x15", and there is nothing but an aobscan function and a db command to replace 8 with 78 (8 to 120 in decimal, that's 15 multiplier for the carryweight inteded to happen)

My trouble is that the byte 08 is static throughout the whole game. Nothing changes, so no changed/unchanged value pruning. The adress nor the opcoudes writing into correlating adresses weren't pointing to any part of the array of byte string troubling me.

How does one do that? How can I know what aob to look for in order to find inside multipliers or actions when I can't find the direct adress?
Or rather how did or how could he done? I'm a beginner, so even remotely pointing to tutorials guiding how to do those things would be appreciated.

Best regards!

[panraven]

Flash File *.SWF is open source, means one can actually see how the game logic run, with help of a swf de-compiler , for example jpexs .

The source inside the swf file is actually binary number called bytecode, a good swf de-compiler is able to reverse it to original code source in a certain accuracy.

By observing the source, one may know which part of bytecode can be modified to achieve the desired cheat effect. eg, changing a specific bytecode of command substrate to add may make a cheat of gaining money when buying.

The bytecode/source is static, so yes, it is a different way of cheat making from scanning/comparing and then alter the dynamic runtime data.


btw, jpexs has a function to locate swf from the browser process memory, like DB's tutorial.
Menu/Tool/'Search SWF in Memory',
then select process and open the swf on jpexs or save it as file.

[Noobrzor]

Oh, I haven't included having access to the source.
I tried to download it the game, however my downloader didn't notice anything.

So to summarize you downloaded the .swf by jpexs, then extracted the source, then found corresponding things to aobscan them.
That makes sense

So no superpowers in cheating there, you had a way to find the aob strings by means other than memory scanning via CE. Marvellous work on your park nonetheless

Best Regards.