Post

Squally

Posted
By 3lOraculo 5 min read

Squally

Squally its a 2D puzzle RPG game available on steam that teaches game hacking.

Story Mode

The first lesson is how use ‘nop’ for no operation, change the code for nops to make the enemies do nothing, includes a Lexicon manual with

  • Data Operations
  • Binary Operations
  • Control Flow
  • Vectors
  • Floating-point

The most interesting to me was Control Flow, Vectors and Floating-points. Following the story mode guies you to understand and use basic command like ‘mov’, ‘add’, ‘inc’ and ‘dec’ with integers types and float types. And complex instruccions like SHL using a card game inside the game carf and SHR

  • SHL is an operation that shifts all bits in a number to the left (multiplicar por dos)
  • SHR is an operation that shifts all bits in a number to the right (Como dividir entre dos)
  • fadd Adds a fractional ( floating point) number to the number at the top of the FPU stack, Instructions that start with ‘f’ operate on fractional numbers.
  • addss adds two fractional numbers together Destination = Destination + Source
  • idiv and imul for mutlply and divide with fractional
  • ROL the ROL (Rotate Left) instruction is used to perform a leftward rotation of the bits within a binary number or a byte in a register.
  • ROR the ROR (Rotate Right) instruction is used to perform a rightward rotation of the bits within a binary number or a byte in a register.
  • imul instruction (which stands for “integer multiply”) is used in assembly language to perform signed integer multiplications.The IMUL instruction operates on signed integer numbers. It takes into account the sign bit (the most significant bit) of the operands and the result.
  • cmovg instruction is part of the x86 assembly language instruction set and stands for “Conditional Move if Greater.” It is a conditional move instruction that is used to conditionally update the value of a destination operand based on the result of a previous comparison operation involving two values. Specifically
    • It typically follows a comparison instruction like CMP that sets the condition flags in the EFLAGS register based on a comparison between two values.
    • If the greater (signed) condition is met (specifically, if the “greater” flag is set in EFLAGS), the value from the source operand is moved into the destination operand.
    • If the condition is not met, no change occurs, and the value in the destination operand remains unchanged.
  • cmovl It stands for “Conditional Move if Less Than.” CMOVL is used to conditionally update the value of a destination operand based on the result of a previous comparison operation involving two values, specifically when the less than (signed) condition is met.
  • fsub is used to subtract two floating-point numbers on the x86 architecture’s FPU, performs the subtraction operation on the top two values on the FPU stack and stores the result back on the stack. The top of the stack is considered the first operand, and the second value on the stack is considered the second operand.
    • After the subtraction, the FPU stack pointer is decremented, effectively popping the second operand from the stack.
  • lea advanced instruction that work similar to ‘mov’. This instruction is generally used to prepare for pointer acces data

Hacking Tutorials

Introduction

Memory Editing

How operating systems run process (exe)? Take the file on disk and copy to RAM, we hack the RAM, diferente from software cracking. Memory scanning -> memory editing -> see if it worked

Base Systems

The two counting systems

  • Decimal
  • Hexadecimal 4bits - 1 hex, Its for read binary !
  • Binary - on / off

Change Base

Hex Edit Games

Find info in save file that you want to hack -> Hex Edit the file -> See if it worked

Find save file

  1. Just Google it
  2. API Monitoring -> Se where file its save / Process Monitor

Strings

Read ASCII-Tables, What about other Languages ? UTF-16 (Unicode), UTF-8 (Unicode) <– ASCII

characterencodingbits
AASCII01000001
AUTF-801000001
AUTF-1600000000 01000001

Memory Editing

Data types Data types

Teleportation hack, as part of the game Tutorials, last tutorial present you this screem tutorial6, so you need to passthrough the wall an enter de door.

  1. Move the character on X axis, while you search on Cheat Engine for a float value that increase and decrease depends on the directions of you movement.
  2. Reduce to min possibilites x-Coordinates
  3. Take all of that data and freeze ( this give problem doesn´t work)

Virtual Memory

For each process the CPU reserv a Virtual Memory with differente position Main section can be loaded en whatever section on the program memory, allocated objects are random. Search for pointers POINTERS

normaly the notation of pointers are [squally.exe + C], address by reference where you find the address by referencing on static address. ON Cheat Engine use Pointer Scan for this address. To validate pointer, restar the game find the new address make the search pointer and saw what changes.

Compiler

Compiler game to assembly language, an assembly to machine code Compiling

Not all games can be cheat by modifying assembly code, like with C#, or Java.

How to Find Assembly code

How to find the code that hurts a player? On Cheat Engine look for -> Find out what writes to this address.

Registers

Super Fast storage. First memory storage.

  • RAX
  • RBX
  • RCX
  • RDX
  • RDI
  • RSI
  • RBP - not change
  • RSP - not change
  • RIP - not change
  • r8 - r15

x86 Assembly its for 32-bit games and x64 Assembly for 64-bits games.

Game Funning
Cheat Engine Squally Assembler Low Level
This post is licensed under CC BY 4.0 by the author.