[MAC] 1.24.2.6378 Spoof

This is a discussion on [MAC] 1.24.2.6378 Spoof within the Warcraft 3 forum board part of the Hot Games category; The alignment for spoofing your name on b.net games has changed in the latest patch, to 0x3C. In essence, Open ...

Results 1 to 1 of 1
  1. #1
    TkTech is offline Newbie
    Array
    Join Date
    Jan 2010
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0

    Post [MAC] 1.24.2.6378 Spoof

    The alignment for spoofing your name on b.net games has changed in the latest patch, to 0x3C.

    In essence,

    • Open the process for reading/writing by getting a task handle (using task_for_pid())
    • Get a list of valid regions using vm_region() (much faster then going through the entire address space)
    • Align the start of each region to 0x3C by OR'ing it (| in C) with 0x3C
    • read 4 bytes, looking for 3RAW (use vm_read())
    • If found, exit the loop, otherwise, increment the address by 0x100 and try again
    • If found, subtract 0x20 from the address, and this is the offset containing the name.
    • Write the new name using vm_write()


    This was written quickly in XCode. I do not have wc3 installed so I didn't have a chance to test it, so it may or may not work Its just a sloppy example anyways.

    Code:
    /*
     Quick'n'dirty public domain example by TkTech <[email protected]>
     */
    #include <stdio.h>              // printf()
    #include <stdlib.h>             // atoi()
    
    #include <mach/vm_map.h>        // vm_*
    #include <mach/mach_traps.h>    // task_for_pid()
    #include <mach/mach.h>
    
    int main (int argc, const char * argv[]) {
        kern_return_t   err;
        mach_port_t     task;
        vm_address_t    start = 0x3C;
        vm_size_t       size = 4;
        char            ver[5] = {0};
        
        if (argc < 3) {
            printf("%s <pid> <newname>\n",argv[0]);
            exit(1);
        }
        
        err = task_for_pid(mach_task_self(), atoi(argv[1]), &task);
        
        if ((err != KERN_SUCCESS) || !MACH_PORT_VALID(task)) {
            printf("Couldn't open a port for PID {%d} (Invalid PID?)\n",atoi(argv[1]));
            exit(1);
        }
        
        while (strcmp(ver, "3RAW") != 0) {
            err = vm_read_overwrite(task, start, size, (vm_address_t)ver, &size);
            
            if (err != KERN_SUCCESS) {
                printf("Error reading from task (likely a non-existing region [Allocated page])\n");
                /* Normally this would exit(), but because I"m being lazy and not checking regions, we let it pass) */
            }
            
            start += 0x100;
        }
        
        printf("Found the signature {%s} at {0x%X}\n",ver,(unsigned int)start - 0x100);
        
        err = vm_write(task, start - 0x120,(vm_address_t)argv[2], strlen(argv[2]) + 1);
        
        if (err != KERN_SUCCESS) {
            printf("Failed writting new name!\n");
            exit(1);
        }
        
        
        
        return 0;
    }


    Last edited by TkTech; 01-09-2010 at 01:09 AM. Reason: *chance

Similar Threads

  1. Scarred Spoof.
    By Pitbull in forum Entertainment
    Replies: 9
    Last Post: 08-14-2007, 11:22 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •