i remember ther was a site that gave tuts on how to hack runescape, i think one was how to make a reflection bot.
i would like to find a tutorial on BCEL too, since thats wat rsbot is written with. havnt found that hacking site though >.<
Printable View
i remember ther was a site that gave tuts on how to hack runescape, i think one was how to make a reflection bot.
i would like to find a tutorial on BCEL too, since thats wat rsbot is written with. havnt found that hacking site though >.<
Doesn't matter whether you use BCEL or ASM (like RSBot). They both do the same thing, and detectability is based on how they are used.
thanks chicken i think that was it xD
lol. wat u mean by that :P
Who's "Chicken?"
This one too:
http://www.moparisthebest.com/smf/index.php
oh lol. anyway, i cant find the threads on making a bot. anyone here(like trilez) know how to make a bot? or just access methods. i know how with reflection, but im not sure where the methods i will be accessing are, and im pretty sure thats what the 'hooks' are for. so how ddo you automaticly find hooks?
Ask rs-hacking.com or moparisthebest.com or whatever.
The methods you will be accessing are obviously in the client. You need to have knowledge of the construction of the RS2 client so that you can name the accessor method according to its function. You use the accessor methods to return the value of the original client methods to your hook interfaces. You can then use those hooks to read the state and behavior of the client's actions, and be able to create scripts to interact with those actions. After you finish all of that, you still have to create some sort of GUI for the client to load into. Nobody said reverse engineering would be easy :p
I don't believe I said anything about making calls to methods. I said exactly what you said, they return the value of the original method.
Quote:
You use the accessor methods to return the value of the original client methods
By the original methods, I was talking about the obfusicated methods that come with the client :p I did get the bit about fields incorrect though, thanks for the correction.
Do you decompile the client to find hooks or do you get them from the bytecode?
If you decompile it please tell me how.
That's correct, you decompile the class files and look through them for known patterns. I use this:
http://java.decompiler.free.fr/?q=jdgui
After you find what you need in the class files, all of the editing is done through bytecode.
RS is obfusicated, you rely on client patterns and functions to tell you what to do. Here's an example I'm using from the recent reflection update at this thread:
http://villavu.com/forum/showthread....959#post781959
Scroll down and find Class Animable. As you can see, they found that the obfusicated class from the RS client that has Animable functions was "vs.class". So download a fresh copy of the RS client, you can get one here:
http://world169.runescape.com/runescape.jar
Alright, then use WinRar to extract all of the classes to a folder. If you decompile the vs class, it should look something like this:
http://i.imgur.com/Y53Mt.png
From the other thread, you can also see that they found the method "int p" was actually the method "int pixelX". So you write up a hook interface for that method.
Then you write up a BCEL injector to inject the accessor method into vs.class and return the value of the field "p". You also want vs to implement your hook.Code:public interface Animable {
public int pixelX();
}
Code:import org.apache.*;
import org.apache.bcel.*;
import org.apache.bcel.classfile.*;
import org.apache.bcel.generic.*;
import org.apache.bcel.util.*;
import org.apache.bcel.verifier.*;
import org.apache.bcel.verifier.exc.*;
import org.apache.bcel.verifier.statics.*;
import org.apache.bcel.verifier.structurals.*;
import java.io.IOException;
/**
*
* BCEL Injector
* @author: Echo_
*
*/
public class Injector {
private ClassGen cGen;
public Injector() {
loadClass();
modify();
dumpClass();
}
private void loadClass() {
try {
cGen = new ClassGen(new ClassParser("vs.class").parse());
} catch (ClassFormatException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
private void modify() {
cGen.addInterface("Animable");
for(Method m : cGen.getMethods()) {
if(m.getName().equals("p")) {
System.out.println("Method p found!");
break;
}
}
InstructionList methodIList = new InstructionList();
ConstantPoolGen theCPool = cGen.getConstantPool();
MethodGen pixelXMethod = new MethodGen(Constants.ACC_PUBLIC,Type.INT,Type.NO_ARGS,new String[]{},"pixelX",cGen.getClassName(),methodIList,theCPool);
InstructionFactory iFactory = new InstructionFactory(cGen,theCPool);
Instruction pushThis = new ALOAD(0);
Instruction pixelXField = iFactory.createFieldAccess(cGen.getClassName(),"p",Type.INT,Constants.GETSTATIC);
Instruction returnPixelX = InstructionFactory.createReturn(Type.INT);
methodIList.append(pushThis);
methodIList.append(pixelXField);
methodIList.append(returnPixelX);
pixelXMethod.setMaxStack();
pixelXMethod.setMaxLocals();
cGen.addMethod(pixelXMethod.getMethod());
}
public void dumpClass() {
try {
cGen.getJavaClass().dump("vs.class");
}
catch(IOException ex) {
ex.printStackTrace();
}
}
public static void main(String[] args) {
new Injector();
}
}
So with this file, you inject the accessor method into the class and implement your hook interface "Animable". Decompile the vs class and it now looks like this:
http://i.imgur.com/F7GGs.png
And you should see this towards the bottom of the file as well:
http://i.imgur.com/SF0lI.png
And that's how you make bots with the obfusicated client :) This is just a little example, because from there you would have to find out how to use these accessors to return the data you need to automate a task. I think most injectors these days dynamically find the methods in the client and edit them, that way you wouldn't have to edit your injector every time the client updates.
Credits: yakman, the bank
There tutorials are what got me into injection and hacking the RS2 client :)
great post, thanks for that
what other forums did you learn from? or did you read everyhting and igure it all out yourself?
also have you made anything like this?
I learned about all of this from the Moparisthebest forums, the sister forum of this site. They have some really good tutorials on BCEL injection, writing client loaders, hacking the client canvas, etc. Other than that, I just learned from fooling around with the code and seeing what worked for me :) I have worked on a bot before, haven't gotten around to finishing it though.