Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Enhanced bot using memory reads
#71
(02-10-2015, 06:15 PM)Samota Wrote:  Hello,

I am trying to track down the memory values so that I can implement them into the autoit bot. I have found the addresses by using Cheat Engine and unrooted BlueStacks, but I can't seem to find the pointers.

[Image: COC-vs-CheatEngine_zps56a36d4e.png]

When I click the "find out what writes to this address" option, it gives a prompt saying that it will attach the debugger of Cheat Engine to the process. When I click continue, it gives an error saying that it can't do it. I am really new to this whole memory reading thing, so it is completely possible that I am totally going about this the wrong way. Is there a different program that I should be using for this, or am I just doing it wrong?

Any help would be greatly appreciated!

-Sam

Hi Sam,

Are you using Cheat Engine against the BlueStacks PID in Windows, or are you using Cheat Engine Server running on the emulator itself? If the former, you're going to struggle a lot to find pointers in a repeatable way.

My first suggestion would be to set up CEServer and start poking around from there. Regardless of which way you do it however, you will unfortunately not be able to get the "Find out what writes to this address" feature working - that would be a very handy thing to have!

As it is, you'll have to find the pointers to the information you're interested in (which you've been able to do, so far) and then backtrack to find other pointers that reference that pointer, etc. SuperCell seem to love their pointers, most of the values I find are buried 6 or 7 levels deep before I can find a static reference, and there are often numerous paths leading to the same location. I can't imagine how horrible that code would be to work on - it's no surprise at all that updates to Clash are so slow.

Hope that helps Smile
Reply
#72
Thanks for the help Greyman. I have been using just plain cheat engine. The addresses that I got were found by searching Physical Memory. After I posted, I discovered that there is no way to find a pointer for one of those addresses, and for that matter, no way to get a pointer of a memory value from outside of BlueStacks. I haven't ever used CEServer, but I will look into it. It would be awesome if we could figure out a way to get the memory values into the Autoit bot. There are functions for memory reading, but it seems like it will be a pain to get the values out of BlueStacks. If we can though, I think the bot will go from being very good, to being perfect.

-Sam
Reply
#73
Supercell can tell if you are using memory reads. This is of course if you're reported.
Reply
#74
(02-12-2015, 06:02 PM)Droid Wrote:  Supercell can tell if you are using memory reads. This is of course if you're reported.

Hi Droid, that's very interesting. I'm curious though, do you have any evidence to support what you're saying?
Reply
#75
So I got annoyed with the bot not being able to click around the entire base without scrolling, even when fully zoomed out.  Start playing around and came up with this.  Not recommended if you want to avoid a ban, but very useful in wars Tongue

[Image: CoC7.png]
Reply
#76
Intriguing. How did you do that?

-Sam
Reply
#77
[/quote]

Hi Droid, that's very interesting. I'm curious though, do you have any evidence to support what you're saying?
[/quote]

This was said on the LazyPressing Forum by the developers. Also people with xMod are banned quite often. I noticed with xMod it installs plugins into your Clash folder (seen using iFile) it could be quite possible for supercell to see something out of order.

Anyways I prefer what is being done atm with pixel search.
Reply
#78
Droid Wrote:This was said on the LazyPressing Forum by the developers. Also people with xMod are banned quite often. I noticed with xMod it installs plugins into your Clash folder (seen using iFile) it could be quite possible for supercell to see something out of order.

Anyways I prefer what is being done atm with pixel search.

IMHO SuperCell will start detecting if CoC is running on an emulator. If an emulator is detected, CoC will not run.
Reply
#79
(02-13-2015, 03:24 PM)Samota Wrote:  Intriguing. How did you do that?

-Sam

It's your basic zoomhack - I patched the code that checks for max zoom out level, so that you can zoom out infinitely far.
Reply
#80
(02-19-2015, 01:09 AM)Snarg Wrote:  
Droid Wrote:This was said on the LazyPressing Forum by the developers. Also people with xMod are banned quite often. I noticed with xMod it installs plugins into your Clash folder (seen using iFile) it could be quite possible for supercell to see something out of order.

Anyways I prefer what is being done atm with pixel search.

IMHO SuperCell will start detecting if CoC is running on an emulator. If an emulator is detected, CoC will not run.

I concur - given the proliferation of pixel bots that all rely on BlueStacks and/or Genymotion, an emulator check is the obvious first step.

It is technically possible to check for memory reads, particularly on a rooted device, but I haven't seen any evidence of that sort of code in the binary.  I'd be very interested in any sort of proof beyond "a developer of a pixel bot, who is unable to figure out memory reads, says memory reads are bad."

I have no intention of making anything commercial out of my work, and intend to remain a very small target. It's far more likely that SuperCell would target the existing bots before going after a nebulous memory-reading bot that currently has a user base of less than 10 people. I will however, start to take steps to protect my code against the sort of scan that Droid claims to exist.  I have my doubts, but it's never a bad idea to take precautions.

Pixel bots are always going to be safer, there's no question of that. I can very much understand someone preferring to remain as far under the radar as possible. But when you've seen a memory reading bot make intelligent decisions about bases - taking collector levels, walls, traps, clan castle troops, etc into account.... it's very difficult to go back Tongue
Reply
 


Forum Jump:


Users browsing this thread: 3 Guest(s)

About The Bytecode Club

We're a community forum focused on Reverse Engineering, we try to target Java/Android but we also include other langauges/platforms. We pride ourselves in supporting and free and open sourced applications.

Website