Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Enhanced bot using memory reads
#51
Yeah i agree Tongue
Reply
#52
(01-18-2015, 08:17 PM)5pArxz Wrote:  @Greyman do you perhaps have a link where Dark Byte discussed the protocol you are referring to ?

Dark Byte has never discussed the protocol to my knowledge (and this is a good opportunity to mention, DB is a freaking legend).

The source code for ceserver is publicly available on the cheat engine SVN. It's fairly easy to read.
Reply
#53
Reply
#54
(01-18-2015, 07:36 PM)5pArxz Wrote:  @Greyman could you give some direction as to dumping bases ? Smile

Once you've got Cheat Engine up and running, it's very easy to search for known values (e.g. total elixir in one of your storages) and work backwards from there.
Reply
#55
(01-18-2015, 08:26 PM)Greyman Wrote:  
(01-18-2015, 07:36 PM)5pArxz Wrote:  @Greyman could you give some direction as to dumping bases ? Smile

Once you've got Cheat Engine up and running, it's very easy to search for known values (e.g. total elixir in one of your storages) and work backwards from there.

Yeah i got that going, now i need to get this going in c# Tongue
Reply
#56
I tried iModGame on the iOS which I believe uses memory reads. It is not a "bot" but simply cycles through searching for bases using certain thresholds (Gold, Elixir, DE, trophy cups, TH level, player XP level). It is extremely effective, but needs to be updated every time Supercell releases an update. Presumably, this is because the memory addresses change with each update.

So: a memory-read bot will need to be updated with the memory addresses every time Supercell updates the game

The most important aspect of memory-read bot is availability of information. iModGame allows searches based on several perimeters, user-defined in a scripting window. Complicated search criteria can be user-defined, such as:

Code:
G + E > 300000 AND TH_LEVEL < 10
OR
G > 200000 AND XP_LEVEL < 65
OR
DE > 1000 AND CUPS > 30

where iModGame will search for a base that meets the criteria.

I have been messing with the AutoIt code for about a week, changing a few troop deployment settings and base search criteria. I'm trying to get familiar enough with the code to make contributions. It's very straightforward, but it exclusively uses screen observation and comparing the pixels to reference images to obtain information. I can envision using AutoIt to scan the entire screen and obtain more information (number of walls, levels of each wall segment, weapon levels, layout style, etc) but this would be a lot faster/reliable using direct memory reads.

Unfortunately, it appears memory reads must be performed within the Bluestacks Android environment. It is possible to make memory reads outside of Bluestacks, for example, using a Windows program that peeks inside of Bluestacks?
Reply
#57
Very interesting.

Will try to play a little bit with cheat engine when I find the time.

Do you have an idea if fights are resolved locally or server-side ?
Reply
#58
I've lost internet connection before while in the middle of a battle. I can login later and view the replay. The replay shows the battle up the point where I lost connection, but the replay continues until the battle is completed (either the troops are eliminated, the timer runs out, or the base is destroyed). This suggests the battle is resolved on the server, because the replay continues the action after my connection was interrupted.

I am extremely keen to understand the direct-memory-access method for the bot, but I believe the memory accessing must be performed inside of the Android (Bluestacks) environment. I can't make heads or tails trying to look from the outside (i.e. Windows) into Bluestacks trying to find CoC running inside of it. Perhaps the CoC runtime inside of Bluestacks has an easily identifiable marker that can be found from the outside, but that's no guarantee the runtime's executable is organized in memory predictably enough that the desired memory addresses for gold, elixir, etc. could be identified. That is if the memory inside Bluestacks is not encrypted or otherwise encoded.
Reply
#59
Reply
#60
(01-24-2015, 01:38 AM)smoore Wrote:  Unfortunately, it appears memory reads must be performed within the Bluestacks Android environment. It is possible to make memory reads outside of Bluestacks, for example, using a Windows program that peeks inside of Bluestacks?

It's possible, but non-trivial. Because BlueStacks is a fully-fledged VM and therefore manages its own memory, you'd have to walk the virtual memory manager tree and potentially read the Linux swap file directly, in addition to reading the virtual memory of the host process. That's a project in and of itself, regardless of any bot.

I haven't found it particularly inconvenient to run a server within BlueStacks/Andy - in fact I prefer the model, because it eventually will lead to an independent bot that could run on any Android device, without the need for a Windows PC at all.
Reply
 


Forum Jump:


Users browsing this thread: 2 Guest(s)

About The Bytecode Club

We're a community forum focused on Reverse Engineering, we try to target Java/Android but we also include other langauges/platforms. We pride ourselves in supporting and free and open sourced applications.

Website