Osem.forumms.net
Selamat datang ke
Osem Forum Komuniti!

Sila klik Login untuk masuk atau
klik Register untuk pendaftaran baru.
Latest topics
» New Release (Daily Update)
Mon Jul 25, 2016 10:46 am by bayu_inzaghi

» Trumbo (2015)
Fri Jul 15, 2016 7:12 am by bayu_inzaghi

» Solace (2015)
Thu Jul 14, 2016 10:36 am by bayu_inzaghi

» Courage (2015)
Tue Jul 12, 2016 7:50 pm by bayu_inzaghi

» Ronaldo (2015)
Mon Jul 11, 2016 7:22 am by bayu_inzaghi

» The Witch (2015)
Sat Jul 09, 2016 10:20 pm by bayu_inzaghi

» Jeruzalem (2015)
Sat Jul 09, 2016 12:37 am by bayu_inzaghi

» Intruders (2015)
Fri Jul 08, 2016 12:40 am by bayu_inzaghi

» Moonwalkers (2015)
Thu Jul 07, 2016 11:03 am by bayu_inzaghi

October 2018
MonTueWedThuFriSatSun
1234567
891011121314
15161718192021
22232425262728
293031    

Calendar Calendar


[GUIDE] NoCooldown by pointer - as of BR Cabal Mercenaries

Go down

[GUIDE] NoCooldown by pointer - as of BR Cabal Mercenaries

Post by mezzo on Tue Jun 05, 2012 1:24 pm

I've playing once more hacking cabal, and the most annoying hack is the noCooldown, which address changes every time you relog your character.
I've found a way to get static addresses. The skills are stored in a pointer-to-a-list, in the order they appear in the skill slots and, thanks to the ability to change the skills order, I could do it easier, with less address searches. Smile.
So, here we go, in detail:

- Part 1: Locate the current skill lock address (changes every reconnect)
1.1. Move "greater cure" skill to the first magic slot (into skills, magic tab)
1.2. Log out and back on, or try to heal you being full health (so no heal is done)
1.3. Search for 0 in float, address range between 10000000 and 1FFFFFFF
1.4. Do something to lose some health (remove and add a equip with HP slot/craft), and cure. Do a sub-search for increased value.
1.5. Hurt yourself again (or add/remove HP title/equip). Cure. Repeat 1.4 and 1.5 steps several times.
1.6. You can again (if still did not find the correct two values) try to heal yourself full health and subsearch 0 float (instead of increased value) again, thus repeating 1.3, 1.4 and 1.5 steps, to narrow even more the search results.
1.7. In the end you must have two addresses with same value. the first one is enough to lock at current value or 0 and have a neat no-cooldown-buggy-thing.
When you have less than 10 addresses, you can watch in the results how they turn into 0 when you try to heal yourself being full health and how they increase as you heal yourself.

- Part 2, descend the pointers to the static address
2.1. Suppose the first addy is 1c805598.
2.2. Do a pointer search to 1c805598 - 20: 1c805578 (the struct pointer is 32 bytes before)
2.3. Normally you will find just one address. Suppose it is 1c62d9e0.
2.4. Do another pointer search, now to 1c62d9e0 - 80 = 1c62d960 (the struc pointer is 128 bytes before)
2.5. I expect you to find just one match for this as well. You will find an address near your found (hopefully) level address. To search it, just search long values of your char current level and logon with different level chars.
2.6. Suppose it is 05a9b95c.

- Part 3: generalization
3.1. If you move cure to the second slot and search again since part 1, every step, on the end of part two you will find the same 05a9b95c.
3.2. Then what matters here is the step between each slot, which is in the depth 1 pointer (the search result in section 2.3)
3.3. The expected result shall you search again with cure on slot #2 is then 1c62da64. Then we have a step of 4 bytes each.
3.4. From this we can infer: n = [ fad + (0x80 + (s * 4)) ] + 0x20 ]
Being 's' the slot number (decremented by 1: first slot is 0!) and 'n' is the resolved slot address. Fad is the address found in 2.1. or 1.7.
3.5. From now on, using this formula, all you have to do, every update, is search for the first no cooldown.
3.6. In MHs, using the sample values found here, we have, for the four first slots:
[[05a9b95c]+(0x80+(0*4))]+0x20
[[05a9b95c]+(0x80+(1*4))]+0x20
[[05a9b95c]+(0x80+(2*4))]+0x20
[[05a9b95c]+(0x80+(3*4))]+0x20
3.7. These formulae are input in the 'normal address' tab into 'Modify Address', 'complex' box, and having marked 'Use complex address (overrides simple)'.

This is working at least since cabal Mercenaries, Cabal Brazil, and for this specific update, this is the actual address for the noCD. Date of update: 2010-12-28.
NOTICE: The reference skill (cure) does not work with no cooldown... it cures in its specific rate...
NOTICE 2: In the current version (mercenaries), upon three overrides of exploitable skills I've got DC'ed, so it seems pretty useless the hack now... Or dangerous. Maybe the hack may be set so the skills are cooled faster instead of instantly.
NOTICE 3: There are rumours that people is being banned on log analysis so, if you spam skills you are likely to be caught and have your account banned. People not using hacks are falling in this, I wonder how people using hack are (I have not been banned until now, and I DCed a lot!).

The addresses for sword skills are before magic, probably all you have to change in the above formula is (by finding the address of the first skill slot) the '0x80' constant value.

Have fun! o/
avatar
mezzo
Limited Osem Member
Limited Osem Member

Posts : 66
Treasure : 102
Reputation : 10
Join date : 03/06/2012
Location : Kyiv, Ukraine

View user profile

Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum