[Release] Skill Hack + Explaination.

[iCraziE]

So there are two parts to skill hacking, one could be easily fixed, the other maybe not so much.

First thing just like the old days modifying the cast time with 3,2,0.
Second is removing cooldown.

Cast time can be modified by editing the .dat file for the specific skill you want to modify.

Cooldown is done with packets. Packet ID - 05150011

However, we will do both of these with some simple cheat engine scripts.

this packet only requires a word value to be sent that specifies the skill that needs to be cooled down.


Skill Cooldown:

 Spoiler

Code:

{ Game   : dekaron.exe
  Version:
  Date   : 2019-12-02
  Author : nvadr

  This script does blah blah blah
}

define(trigger,00451D01)
define(triggerbytes,83 7F 3C 00 0F 85 1A FE FF FF)

[ENABLE]
assert(trigger,triggerbytes)
alloc(trigcode,$1000)
label(trigret)
label(trigorig)
alloc(packet,$1000)

label(cooldownreset)

trigcode:
cmp ebx,BB
je cooldownreset
cmp ebx,BD
je cooldownreset
cmp ebx,30//6E
jb trigorig
cmp ebx,39
jg trigorig

cooldownreset:
push eax
push ecx

mov eax,[skillid2]
mov ecx,10
mul cx
inc eax

MOV WORD PTR DS:[packet+6],14
MOV DWORD PTR DS:[packet+C],05150011
mov word ptr [packet+10],ax//2DD1//0261--sinan//0294--wingo
mov word ptr [packet+12],1000
mov ecx,[016338B4] // <--Need to be updated
PUSH packet
call 004E4430 // <--Need to be updated

pop ecx
pop eax

trigorig:
cmp dword ptr [edi+3C],00
jne 00451B25
jmp trigret

trigger:
jmp trigcode
nop
nop
nop
nop
nop
trigret:

[DISABLE]
trigger:
db triggerbytes

dealloc(packet)
dealloc(trigcode)

{
// ORIGINAL CODE - INJECTION POINT: 004D7FD9

"dekaron.exe"+D7FCC: CC                    -  int 3
"dekaron.exe"+D7FCD: CC                    -  int 3
"dekaron.exe"+D7FCE: CC                    -  int 3
"dekaron.exe"+D7FCF: CC                    -  int 3
"dekaron.exe"+D7FD0: 55                    -  push ebp
"dekaron.exe"+D7FD1: 8B EC                 -  mov ebp,esp
"dekaron.exe"+D7FD3: 56                    -  push esi
"dekaron.exe"+D7FD4: 8B 31                 -  mov esi,[ecx]
"dekaron.exe"+D7FD6: 8B CE                 -  mov ecx,esi
"dekaron.exe"+D7FD8: 57                    -  push edi
// ---------- INJECTING HERE ----------
"dekaron.exe"+D7FD9: 8B 7D 0C              -  mov edi,[ebp+0C]
"dekaron.exe"+D7FDC: 8B 46 04              -  mov eax,[esi+04]
// ---------- DONE INJECTING  ----------
"dekaron.exe"+D7FDF: 80 78 0D 00           -  cmp byte ptr [eax+0D],00
"dekaron.exe"+D7FE3: 75 16                 -  jne dekaron.exe+D7FFB
"dekaron.exe"+D7FE5: 8B 17                 -  mov edx,[edi]
"dekaron.exe"+D7FE7: 39 50 10              -  cmp [eax+10],edx
"dekaron.exe"+D7FEA: 73 05                 -  jae dekaron.exe+D7FF1
"dekaron.exe"+D7FEC: 8B 40 08              -  mov eax,[eax+08]
"dekaron.exe"+D7FEF: EB 04                 -  jmp dekaron.exe+D7FF5
"dekaron.exe"+D7FF1: 8B C8                 -  mov ecx,eax
"dekaron.exe"+D7FF3: 8B 00                 -  mov eax,[eax]
"dekaron.exe"+D7FF5: 80 78 0D 00           -  cmp byte ptr [eax+0D],00
}

Skill Cast Time:

 Spoiler

Code:

{ Game   : dekaron.exe
  Version:
  Date   : 2020-01-12
  Author : nvadr

  This script does blah blah blah
}

define(address,00593BB6)
define(bytes,8B 40 06 66 0F 6E C0)

[ENABLE]

assert(address,bytes)
alloc(newmem,$1000)

label(code)
label(return)

label(casttime)

label(skillid2)
registersymbol(skillid2)

newmem:
push eax
movzx eax, word ptr [esi+10]
mov [skillid2],eax
pop eax
jmp casttime

skillid2:
db 00 00 00 00
db 00 00 00 00

casttime:
pop eax

push ebx
lea ebx,[eax+06]
mov [ebx],3
mov [skillid2+4],ebx
pop ebx
jmp code

code:
  mov eax,[eax+06]
  movd xmm0,eax
  jmp return

address:
  jmp newmem
  nop
  nop
return:

[DISABLE]

address:
  db bytes
  // mov eax,[eax+06]
  // movd xmm0,eax

dealloc(newmem)
unregistersymbol(skillid2)
{
// ORIGINAL CODE - INJECTION POINT: 00580226

"dekaron.exe"+18020A: 8B 52 2C                    -  mov edx,[edx+2C]
"dekaron.exe"+18020D: FF D2                       -  call edx
"dekaron.exe"+18020F: 84 C0                       -  test al,al
"dekaron.exe"+180211: 75 07                       -  jne dekaron.exe+18021A
"dekaron.exe"+180213: B8 E8 03 00 00              -  mov eax,000003E8
"dekaron.exe"+180218: EB 0F                       -  jmp dekaron.exe+180229
"dekaron.exe"+18021A: 8B 0D A8 BB 5F 01           -  mov ecx,[dekaron.exe+11FBBA8]
"dekaron.exe"+180220: 56                          -  push esi
"dekaron.exe"+180221: 8B 01                       -  mov eax,[ecx]
"dekaron.exe"+180223: FF 50 30                    -  call dword ptr [eax+30]
// ---------- INJECTING HERE ----------
"dekaron.exe"+180226: 8B 40 06                    -  mov eax,[eax+06]
"dekaron.exe"+180229: 66 0F 6E C0                 -  movd xmm0,eax
// ---------- DONE INJECTING  ----------
"dekaron.exe"+18022D: F3 0F E6 C0                 -  cvtdq2pd xmm0,xmm0,xmm0
"dekaron.exe"+180231: C1 E8 1F                    -  shr eax,1F
"dekaron.exe"+180234: F2 0F 58 04 C5 50 6F 2C 01  -  addsd xmm0,[eax*8+dekaron.exe+EC6F50]
"dekaron.exe"+18023D: 66 0F 5A C0                 -  cvtpd2ps xmm0,xmm0
"dekaron.exe"+180241: F3 0F 59 44 24 0C           -  mulss xmm0,[esp+0C]
"dekaron.exe"+180247: E8 54 08 A8 00              -  call dekaron.exe+C00AA0
"dekaron.exe"+18024C: 03 C7                       -  add eax,edi
"dekaron.exe"+18024E: 5F                          -  pop edi
"dekaron.exe"+18024F: 5E                          -  pop esi
"dekaron.exe"+180250: C2 04 00                    -  ret 0004
}

Skill Cast Time (whitelist):

 Spoiler

Code:

{ Game   : dekaron.exe
  Version:
  Date   : 2020-01-12
  Author : nvadr

  This script does blah blah blah
}

define(address,00593BB6)
define(bytes,8B 40 06 66 0F 6E C0)

[ENABLE]

assert(address,bytes)
alloc(newmem,$1000)

label(code)
label(return)

label(casttime)

label(skillid2)
registersymbol(skillid2)

newmem:
push eax
movzx eax, word ptr [esi+10]
mov [skillid2],eax
cmp ax,02EB //terrible rain
je casttime
cmp ax,02DF //hellburst
je casttime
cmp ax,02E5 //skin of realm
je casttime
cmp ax,05f6 //skin of realm
je casttime
pop eax
jmp code //casttime

skillid2:
db 00 00 00 00
db 00 00 00 00

casttime:
pop eax

push ebx
lea ebx,[eax+06]
mov [ebx],3
mov [skillid2+4],ebx
pop ebx
jmp code

code:
  mov eax,[eax+06]
  movd xmm0,eax
  jmp return

address:
  jmp newmem
  nop
  nop
return:

[DISABLE]

address:
  db bytes
  // mov eax,[eax+06]
  // movd xmm0,eax

dealloc(newmem)
unregistersymbol(skillid2)
{
// ORIGINAL CODE - INJECTION POINT: 00580226

"dekaron.exe"+18020A: 8B 52 2C                    -  mov edx,[edx+2C]
"dekaron.exe"+18020D: FF D2                       -  call edx
"dekaron.exe"+18020F: 84 C0                       -  test al,al
"dekaron.exe"+180211: 75 07                       -  jne dekaron.exe+18021A
"dekaron.exe"+180213: B8 E8 03 00 00              -  mov eax,000003E8
"dekaron.exe"+180218: EB 0F                       -  jmp dekaron.exe+180229
"dekaron.exe"+18021A: 8B 0D A8 BB 5F 01           -  mov ecx,[dekaron.exe+11FBBA8]
"dekaron.exe"+180220: 56                          -  push esi
"dekaron.exe"+180221: 8B 01                       -  mov eax,[ecx]
"dekaron.exe"+180223: FF 50 30                    -  call dword ptr [eax+30]
// ---------- INJECTING HERE ----------
"dekaron.exe"+180226: 8B 40 06                    -  mov eax,[eax+06]
"dekaron.exe"+180229: 66 0F 6E C0                 -  movd xmm0,eax
// ---------- DONE INJECTING  ----------
"dekaron.exe"+18022D: F3 0F E6 C0                 -  cvtdq2pd xmm0,xmm0,xmm0
"dekaron.exe"+180231: C1 E8 1F                    -  shr eax,1F
"dekaron.exe"+180234: F2 0F 58 04 C5 50 6F 2C 01  -  addsd xmm0,[eax*8+dekaron.exe+EC6F50]
"dekaron.exe"+18023D: 66 0F 5A C0                 -  cvtpd2ps xmm0,xmm0
"dekaron.exe"+180241: F3 0F 59 44 24 0C           -  mulss xmm0,[esp+0C]
"dekaron.exe"+180247: E8 54 08 A8 00              -  call dekaron.exe+C00AA0
"dekaron.exe"+18024C: 03 C7                       -  add eax,edi
"dekaron.exe"+18024E: 5F                          -  pop edi
"dekaron.exe"+18024F: 5E                          -  pop esi
"dekaron.exe"+180250: C2 04 00                    -  ret 0004
}

Be aware that the code here is pretty sloppy, so it may not be super perfect, but it works none the less. Also you should note that not all skills will be able to be skillhacked, since some skills will do no damage when the cast time is modified. Test it out on your own to find which ones work and which ones don't.

Cast Time script will attempt to remove the cast time for every skill. Cast Time (whitelist) will only attempt to remove cast time of the skills listed in the script, and you can add the ones you want.

Cooldown will trigger anytime you press any number key ( 0 to 9 and - and = buttons), you can modify this if you want to be just one number or a different button all together.

USE:

You must enable Cast Time script before enabling the Cooldown script.

Activate scripts, spam the skill you want.
You shouldn't use multiple skills, just spam one.


If you have any issues just post them here. Script probably needs to be updated. Due to the nature of this script, don't expect to much support on this script.

PS. this script can help you update auto loot scripts as well, since they both rely on packets.

[ozdemir50]

when i want to assing to current table cheat table (skill cooldown) i have some errors : in line35 ( mov eax ,[skillid2]):This instruction cant be complied.
and when iwanna execute i have an error in line 13 the bytes are not was expected.
and what is this for : 0261--sinan//0294--wingo
can you be make a tutorial video
I will be very happy
thanks

[cicofolle]

the moment i cast a skill the game DC whats the problem?

[iCraziE]

Quote:

Originally Posted by cicofolle

the moment i cast a skill the game DC whats the problem?

needs to be updated to correct address , etc.

[nemesisysf]

Quote:

Originally Posted by iCraziE

needs to be updated to correct address , etc.

Firstly thanks for scripts. I thought skill hacks are gone 4ever but could give any tips for updating ?

[shinitenshi]

Quote:

Originally Posted by nemesisysf

Firstly thanks for scripts. I thought skill hacks are gone 4ever but could give any tips for updating ?

Unpack and find the skill id (index) and replace it on the code.

[DXtrmeHack]

i have this all error when i try to execute them at auto assemble. can you help me?

[BarbarianK1ng]

Most of the skills only do damage on the first hit, is there any explanation or am I doing someting wrong? thanks btw!

[shinitenshi]

Quote:

Originally Posted by BarbarianK1ng

Most of the skills only do damage on the first hit, is there any explanation or am I doing someting wrong? thanks btw!

Same here

[Naniooooo]

1: i never tested cast time script of icrazie
2: manual way of cast time how to fix skills cut damage
3: if there are values under 800 do not edit it or skill damage will hit less times

[iamlegend93]

aduspacung, you can just press ok or yes to the text box. This doesn't have an influence on the script. The script still works perfectly.

[mz241]

skill cooldown
mov ecx,[01607B0C] // <--Need to be updated
PUSH packet
call 004D40D0 // <--Need to be updated
how to update here

Anyone help me thanks

[cyber-ammo]

Way to go, bro!

Quote:

Originally Posted by shinitenshi

Unpack and find the skill id (index) and replace it on the code.

This isnt the answer for the given question.

[shinitenshi]

Quote:

Originally Posted by Ackerm4n

Way to go, bro!



This isnt the answer for the given question.

You're on the spotlight. enlighten him.

[cyber-ammo]

Quote:

Originally Posted by shinitenshi

You're on the spotlight. enlighten him.

You're ignoring the fact that the guy asked "HOW TO UPDATE THE SCRIPT" not how to change the skill ID that the script use.