Need for Speed Most Wanted(Unlimited Boost)

I wasn’t able to find a working trainer for the new Need for Speed Most Wanted so I decided to create it by myself. On this post I’ll share some information with all of you so other people can develop it better than me 🙂 First of all, this was not an easy challenge for me, it seems that this game is well protected against cheating and it obligated me to spend a bunch of time around this problem!

So, here you have the download link: https://dl.dropbox.com/s/y44c7j1c85sle8q/NFSMW.exe?dl=1

Basically just open the game or the trainer and once it finds the window it will inject code in some addresses. Then boost as much as you want, there is no limit 🙂

How did I do this?

If you have some experience in programming(it you haven’t probably this is not going to be very productive for you) you may know that the first thing you need is cheat engine to analize the addresses of the game. Download it on here: http://cheatengine.org/

Then open the game and attach the NFS proccess to Cheat Engine. In cheat Engine there are two types of addresses: static addresses and dynamic addresses, which are the most common! Static addresses are represented in green color and never change in Cheat Engine and dynamic ones are represented in black and each time you open the game it’s very likely they will change. So, let’s start… Try to get your boost tank full and then pause the game. There is no numeric indicator for the boost but the value is stored as a float and when the tank is full the value is 100. Boost a bit and then in scan type choose Decreased value. Do it as many times as you can so in the end you will only have 10 or 15 addresses.

In my case the address is the last one in the list. As you can see this address is dynamic, so it will be different every time we open the game. Add that address to the addresslist and click on the value. Change it a couple of times just to make sure that you have found the right address! Once you’re sure about that right click on the address and select find out what accesses this address. With this you’ll be able to find the static address that you’ll need to use in order to patch the game. Boost a bit and your image should look a bit like mine.

The movss means move scalar single and is what interest us. It’s represented in the form:

movss xmm1, xmm2

Basically it moves a floating-point value from the second operand(source operand) to the first operand(destination operand).

After this choose some movss instructions and double click on them. It’ll show to you an address. Do a new scan with those addresses and add pointers to them. If you can get the same value it’s because you’re in the right direction. Try to find the green(static) addresses with that. Although I won’t go in a lot of details because I wasn’t able to find it, so I needed to find other way to solve my problem.. Actually it was pretty simple. I just keep examining the “Count” column and check which columns increased when I was boosting… These were the ones that caught my attention.

With this you’re basically ready to code a trainer for the game.. You have the addresses, now just replace them with NOP’s(0x90). Each of the instructions writes 5 0x90.

I’ll give you some pieces of the code 🙂 I would like to see some people interested on this, mainly in findind new addresses that will allow players to use other cheats.

Addresses of the game:

DWORD addresses[] = {

0x00687D9F,

0x00687DB3,

0x00687DC0,

0x00687E75

};

Values to inject(5 NOP’s): (represented in little-endian where the first byte is the least significant, so it’ll start to replace in the last byte)

BYTE values[] = {

0x90,

0x90,

0x90,

0x90,

0x90

};

Function to inject:

void writetomemory(HANDLE handle)

{

for(int i = 0; i < sizeof(addresses)/sizeof(addresses[0]); i++)

{

WriteProcessMemory(handle, (BYTE*)addresses[i], &values, sizeof(values), NULL);

}

}

With this information try to code a DLL 🙂

If you want a permanently hacked exe download it on here: https://dl.dropbox.com/s/1lwrblkkjvx3xi4/NFS132.exe?dl=1

Anúncios

Posted on 21 de Agosto de 2013, in Sem categoria. Bookmark the permalink. Deixe um comentário.

Deixe uma Resposta

Preencha os seus detalhes abaixo ou clique num ícone para iniciar sessão:

Logótipo da WordPress.com

Está a comentar usando a sua conta WordPress.com Terminar Sessão / Alterar )

Imagem do Twitter

Está a comentar usando a sua conta Twitter Terminar Sessão / Alterar )

Facebook photo

Está a comentar usando a sua conta Facebook Terminar Sessão / Alterar )

Google+ photo

Está a comentar usando a sua conta Google+ Terminar Sessão / Alterar )

Connecting to %s

%d bloggers like this: