Guide How to Find Encrypted or Obfuscated Variables in Cheat Engine Guide

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Rake

Cesspool Admin
Administrator
Jan 21, 2014
11,539
78,998
2,312
Game Name
N/A
Anticheat
N/A
Coding Language
N/A
What you need
Self Confidence and strength of will
Just a quick guide on this stuff since it gets asked alot. Please share your resources and knowledge with GH.

Note that there are 4 possible situations that lead you to not being able to change or find a variable:
  • variable is over written by server
  • variable is for the GUI
  • variable is overwritten by some routine
  • variable is encrypted somewhere else

Each situation, you need to reverse engineer it and figure it out, one ASM instruction at a time, one function at a time until you make sense of it.

It's not always as simple as writing to an address. Let's say it's encrypted somewhere, and the results from your scan are just visual or intermediary values for the ammo/health. Let's call it ammoDisplay, and it's 10 cuz you have 10 bullets. Now let's say what you need to really find is ammoREAL, which is 100, because the "obfuscation" method they're using is to store the # of bullets by multiplying it by 10.

So you have a function like this

C++:
int DeobfuscateAmmo(int ammo)
{
    return ammo / 10;
}

int ObfuscateAmmo(int ammo)
{
    return ammo * 10;
}

void DecAmmo()
{
    int ammoTEMP = DeobfuscateAmmo(ammoREAL);
    ammoTemp--;
    ammoDisplay = ammoTemp;
    ammoREAL = ObfuscateAmmo(ammoTemp);
}
In cheat engine if you did "find what accesses/writes" on ammoDisplay you would find DecAmmo(), you'd reverse engineer that function and discover the obfuscation and find the ammoREAL variable. Now at this point you can overwrite ammoREAL, hook that function, NOP some stuff, really anything that gives you unlimited ammo will work. This is just a basic idea so you can understand the process.

Often even if the variable is not obfuscated, there is a function like that one that utilizes multiple addresses, a temporary variable or perhaps the variable is only calculated at certain times, and not stored globabally anywhere. To figure it out, you gotta start with "find what accesses" and trace backwards.

Learn more:
https://guidedhacking.com/threads/reversing-games-with-encrypted-variables.13766/

Here are some guides from @ChrisFayte
 
Last edited:

XdarionX

Dying Light Hacker
Dank Tier VIP
Dank Tier Donator
Mar 30, 2018
813
21,408
111
CE has by default checked fast scan but the thing is that the value may also be shifted/unaligned in memory so when you are trying to find obfuscated value, good idea is to disable the fast scan: (will also give much more results)

1579965323610.png
 

dhanax26

0xF9D8C3F5D6D3
Dank Tier Donator
Nov 16, 2018
24
298
0
You are right on this -> "variable is encrypted somewhere else" some weeks ago i have got stuck on a game that have "encrypted" ammo, yes encrypted into quotes cause its not really an encryption they are multipliying the displayed value of the GUI to "encrypt" the real one, i solved they after other 4 days of reading this guide and now i am here to give my like to your post, Thank you.

PS: Before know the multiply method i have found an solved some encrypted addresses, the most "annoying" thing i have found has been the server overwrite and the multiply, solving encrypted addresses ins't really hard you just need to reverse a bit the correct function and get/make the key to decrypt the value depeding of the encryption type, i have found games using Value to Decimal, Xors and 1 game for now that uses Primitives to encrypt the correct value.
 
Last edited:
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods League of Legends Accounts