CS420 - 4 - How to Hex Edit Games - Game Hacking Course

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and welcome back to CS 420 a course on game hacking in this section we'll be learning about hex editing hex editing is mainly used for editing save files however the skills involved in hex editing transfer very well to resource editing memory editing packet editing and those are useful techniques that we'll learn later so there are three main steps in hex editing first you obviously want to find your save file and find the information in the save file that you want to change step 2 use hex editing software to edit to the file and step 3 boot up the game and see if it worked now of course you always want to keep a backup of your save files before beginning this process because it's very easy to make a mistake and corrupt your save file so let's learn how to find save files finding save files may seem like a trivial step but it's actually an important skill we will learn how to locate them quickly and reliably okay first option just google it there's no reason to work super hard and spend all this time and energy if the problems already been solved yeah this will work almost every time but if it doesn't it gets a little more complex so remember that I said you can ask the operating system to do things for you we learned that you can ask the operating system to modify a game and that's how memory editing works well if a program accesses a file on the computer like a game saves the save file it needs to ask the operating system first it turns out that you can intercept these requests so you can use software to monitor the game and see what file it's saved to so normally if you're writing a program or a game and C++ c-sharp Python or something similar there are these functions you can call to read write and create files while these functions eventually go all the way down to the operating system to fulfill that request the OS is responsible for actually making sure those files get created on the hard drive using special software we can intercept these requests and figure out exactly what files the game is accessing this technique is frequently used by security researchers for analyzing malware as you can imagine this is also something that game anti-cheat systems use they can monitor calls to the OS to see if another program is trying to hack the game that they're protecting on windows process monitor is one tool that you can use to do this and it's developed by Microsoft as for other operating systems I'm not sure what the equivalent is you'll have to google around as usual I'll put a link to the tool in the description let's jump into a live demonstration of this tool so here we have squally open in the hexxus store and we have process monitor open now there's all these events about random things going on in the system and we don't really care about these we want to only show stuff that's happening in squally there's a couple ways to do this there's a find utility and you could search quality here or I prefer this little arrow icon here the scope and you can just click on that and drag it onto a window in this case squally and now it's only showing events having to do with squally now there's a lot of events here still and you can see most of them have to do with these mp3 files and that's because the game is streaming from this file so it's constantly reading it so let's exclude read because we only care about what happens when they saved the save file and that's going to be a right not a read so we can right click on this exclude read file and now there's no event school go into the game we want to buy something and now we have some new events and we can see a write file and create file to this C users username F data local squally global dot sqa so there you go we're able to isolate the save file just by buying something in the game and using this tool so we found our save file great but before we get into editing the file we found we need to learn about strings if you've never seen the word string before it's a synonym for text so we're learning about text and how it's stored in a computer let's go back to our current understanding of a computer program in this case it's technically a file and not a program but it turns out there's a lot of similarities between the two everything we learned so far applies to both files and a computer program both are made up of bytes of information we learned how integers are stored but now we need to understand how strings are stored here is the string squally which comes from that giant stretch of green bytes if you look at the bytes you see there's a hex number for every letter in the word squally so in this case 73 represents the letter s 71 represents the letter Q 75 represents the letter U and so on if you remember from before we learned that inserting bytes was not possible in memory so you leave a bunch of zeros at the end these zeros mean nothing they're just extra space if we decide to add more text to our word in programming these zeros have a special name they're called a null terminator they mark the end of a string in a previous lecture I mentioned that programmers have to decide the memory limit of numbers in advance well this is also true a text the programmer has to decide in advanced how many letters a word can have any unused letters are just zeros there of course exceptions to this in hex editing you probably won't see zeros at the end as much as in-memory editing because inserting text is okay when it comes to files you do it all the time when you're editing a file with notepad also modern languages hide this character limit problem from the programmer if you program in Python C++ C sharp or anything modern these languages solve the character limit problem for you so depending on what language the game was programmed in you may or may not see these extra zeros at the end there may only be one zero or none at all so there's one more important example I wanted to go over and so I've added the word new which of this file it's n00b and it's important to know that the letters zero is represented by the byte 30 and hex and this is different than the null terminators at the end the null terminators represent nothing there's space that we can use later but the zeros in the word noob are actually letters that we want to show and therefore they have to be represented by something and that something is the byte 30 and it's a it's important to know this distinction that the letter 0 is different than nothing zero so you may be wondering how did we decide that 30 represents zero when 6e represents a lowercase n it turns out there's no special reason humans just invented a charge to say which byte represents which alphabet character and this chart is known as the ASCII table so if you want to know which byte represents which letter you can find an ASCII table and here i've pulled one up this is ASCII code calm there's a bunch others you can just Google ASCII table and you'll find some I've actually modified this page quite a bit to simplify it because a lot of ASCII tables will show you more information than you need but here you can see that 0 0 and hex which is also 0 in binary and decimal represents that null terminator we were talking about then there's all these fancy ones we don't need to know about these weird and start attacks doesn't matter the important ones are just the ones that come up all the time and files things like punctuation numbers see here we have 30 in hex represents 0 like we learned earlier if we scroll down we can see that 53 in hex represents an uppercase s and it's important to note that lowercase and uppercase are different so 73 in hex represents a lowercase s before is 53 for uppercase and that's all there is to it it's very simple just the hex value and the corresponding letter it represents so some of you may play games in languages other than English so I briefly wanted to address this you're not left confused so there's this thing called Unicode and Unicode is a standard that defines all of the languages that we might want to represent on a computer and there are a few implementations of Unicode the most popular is utf-8 because it builds on top of a ski but utf-16 is also fairly popular there are a few others that I won't bother mentioning because they're rarely used here's a quick example of how these formats work so here in the first row we have the letter A in ASCII which is represented by this byte here now if we take that same letter a and encode it in utf-8 it's exactly the same because the utf-8 is backwards compatible with ASCII now if we take a and encoded in utf-8 now takes two bytes of data and it's different now let's look at this random Japanese character if we encode that in utf-8 it takes up three bytes of information and if we encode it in utf-16 it takes up two bytes of information so that's all you really need to know different encodings stored characters in different ways so in your hex editor you have the option to show the text and different encodings and that's all you really need to know it won't come up very often now that we know how strings work let's move on to a live example of using string searches in squally earlier we found how to find our save files here they are we found this global de s Q a file that was changed when we saved our gold in hexxus so we can take this hit ctrl-c ctrl-v to make a backup and grab this global that s Q a file and drop it into HX D the hex editor first thing to note is we can change how much stuff is shown at the top here using this drop down and we're also going to want to open view toolbars data inspector so first thing to note is we just have a sea of raw bytes and then we also have the hex editor attempting to convert those bytes into ASCII so we're going to want to find the gold and try and change it so the easiest thing to do is go over to this ASCII panel here hit ctrl F and type in gold we have one match here and if we type it again no more matches so we can be pretty sure that this is it so if we highlight the text here we can see the corresponding bytes there are no zeros afterwards because this is a file and not memory so they don't need an old terminators and we know that there's a good chance that the actual amount of gold is stored somewhere nearby so what we can do is assume that it's a four byte integer because that's very common with integer numbers so we can highlight the next four numbers and look over in the data inspector we're gonna want to look under int 32 for the most part and we see that the number is 2 and I'm pretty sure I had way more than 2 gold when I save the game so this number is probably not it so let's check the next one so I highlight the next number and I see a 2 7 4 that sounds about right to me that's about how much gold I had when I save the game so this is probably it to verify I'll change it to 999 hit enter and save this file now one thing to note is if I take these bytes here and copy them and I go into calculus calculator and paste them into the hex the decimal number here is massive and I just wanted to quickly touch on this computers can store bytes in two different formats it's like a left to right and a right to left one is called a little endian and the one that we're used to is called big-endian so big-endian is left to right how we would think it would be stored it turns out in files it's stored in little-endian so it's just useful to know that the bytes here can't be read in this order they're read backwards so if we actually go in here and type in 0 3 which is just 3 e 7 then we'll get 9 9 9 just a quick thing to point out little endian big-endian important to know the distinction [Music] so now that we found our goal to change the value and saved the save file we're free to launch squally and if we hop into the game we can go into mini-games hexxus shop and we have $9.99 gold easy enough it worked the next technique we're going to go over is a value search and we actually know enough that we can just jump into this one so this time we're gonna be hacking hexes again we're gonna be changing our gold but this time we're gonna do it a different way before we got lucky we were able to search for the word gold and we found our gold but that's only because that's how the savefile was set up if I had programmed the game differently then that wouldn't have worked so this time instead we're gonna do something a little more reliable so we have the value 679 it turns out we don't really care about the hex in this case because the hex editor lets us search for decimal numbers so we go into hxd we have the global save file open again and we just hit ctrl F and we go to this integer numbered tab we can go ahead and put in 6 7 9 and we'll leave the defaults for now and if we do this and we hit search we actually just land on the same spot but we found it with a value search and we can highlight this value 6 7 9 right I'll just show this again ctrl F 6 7 9 and remember here I mentioned big and little endian so it's defaulting to little endian which is the backwards format and we hit a match and then we can go ahead and change this to some other number save it out and when we relaunch the game you know exactly what will happen we're going to have more gold so let's just verify that here make sure we change the right thing and voila we have a little bit more gold I didn't really add much but it is more so that's value searching pretty straightforward just search for the value find it but we've been getting pretty lucky our files are small and we're only getting one match what if we wanted to search for something but we get a lot of matches let's jump into what that might look like our goal is simple this time we want to change our health from 8 to 16 using hex editing so I boot it into the first save slots that save game 0 here and I'm going to open that up and if we do what we did before if I search for 8 I'm gonna hit f3 to step through the matches there's too many this is gonna be tedious to try each one and back up the file and try the next one and it's just this annoying trial and error process and we can do better than that so what we do instead is we take this file make a backup where we have 8 health so I'll call this save game 0 8 health now what I do is I go in game heal up and now I have 16 health if I exit the game it should save and what we can do is go into h XD the hex editor go into analysis data comparison compare and now we have the current save file where we have 16 health that we could drag in the old save file where we have 8 health and do a comparison on the two hit ok or we could press f6 to step through the matches so oops make sure they're both set to the start here because it starts from where the cursor isn't both and hit f6 and there's some data at the very beginning that has changed hit f6 again and this looks like the the difference that we're looking for if we go into our calculator here ten in hex is sixteen and eight in hex is eight in decimal so obviously this must be the health and we found that quite easily so now all we have to do is go into savegame zero here and if we want to we could change this to like three or sorry zero three just to confirm that we found it we actually have to restart the game entirely because the game has already loaded this file so we want to make sure that we're booting fresh from the beginning here go into story mode boot up the game and if it's three yep that means we found the right value and so we could change this to 16 or whatever we need to change it to you at any point and we have ourselves a health hack using hex editing for some games none of the methods we just covered will work let's explore why this might happen one possibility is an inconsistent save file when the game is saved it might save information about an enemy and then save information about the player afterwards however the next time the game is saved it might swap the order and this depends on how the game is programmed for most games this sort of thing won't happen but for some games it does if the game does this then the file comparison method that we just learned is useless because the data will be scrambled if the save file is massive then it might be hard to find a value with the value search due to too many matches and if the programmer programmed the game a certain way then string searches might not work at all because they might not store text in the save file this is why hex editing is rarely used it's too reliant on luck you have to hope that the game saves information in a certain way that's easy a hack there are a few things that might also stop someone from hex editing and those are checksums and encrypted files I'm not going to cover these now but when I get to anti-cheating systems I may touch on these that's everything thanks for watching as usual if you have any questions or feedback drop a comment below thank you

Info

Channel: Guided Hacking

Views: 207,726

Rating: undefined out of 5

Keywords: game mods, game modding, squally, anathena, cs420, hex editing, hex edit, hex editor, reverse engineering, memory editing, memory editor, how to hex edit, how to edit memory, guided hacking, how to hack games, game hacking, how to hack, how to use hex editor, hex editor tutorial, hxd hex editor, hxd editor, how to edit game files on pc, edit games, how to edit games, game hacking course, hex editing tutorial, editor hexadecimal, hex game hack, CS420, gh cs420

Id: EpcK8uk7lcY

Channel Id: undefined

Length: 18min 41sec (1121 seconds)

Published: Fri Jan 10 2020