*-=|Welcome To Forum
SC4C Komunitas Muda Cyber Indo Hack & Jangan Lupa Selalu Likes Fans Pages Sky Cyber Komunitas Pemuda Indonesia|=-*



Foto

[Release] WPE Tutorial + Working Exploits



  • Por favor, inicie sesión para responder

View previous topic View next topic Go down  Message [Page 1 of 1]

#1
Fuera de línea
Sky Cyber
on Mon 29 Apr - 18:44


avatar

Vip Member
Vip Member
I made this guide because there is still lot of people who dont know how to use or create WPE filters, how to use CE,...
Some parts are hard to explain...so please if its not clear read it again and try to understand...
This tutorial is made for todays emu (yes i know that you could do some amazing things on wowemu/older emus).
Exploits are tested on TrinityCore2 Rev: 5472.
My English is not perfect so if you dont like it shut up and make your own tutorial! (or send me PM and ill try to correct it) [You must be registered and logged in to see this image.]

WPE TUTORIAL

You will need:
[You must be registered and logged in to see this link.] (thx to Devalina)
[You must be registered and logged in to see this link.] allows you to use shortcuts in WPE PRO and some other stuff
[You must be registered and logged in to see this link.] (thx to sd333221)

Some online wow database - i prefer [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
WoW in windowed mode (optional but helps alot)
Slot IDs can help you too [You must be registered and logged in to see this link.] (credits to whoever made this)
Also improved slot ID image made by dreadlox [You must be registered and logged in to see this link.]
edit: All tutorial files (example filters and PDF files) are now available via single download link - check end of this post...

Winsock Packet Editor
First you should know what is WPE and how can it be used. Wpe is packet editor.
It means it can record/modify/block data (packets) sent from/to your wow client.
Image should make it clear:

[You must be registered and logged in to see this image.]

Some info from [You must be registered and logged in to see this link.]:
Winsock Packet Editor (WPE) Pro is a packet sniffing/editing tool which
is generally used to hack multiplayer games. WPE Pro allows modification
of data at TCP level. Using WPE Pro one can select a running process
from the memory and modify the data sent by it before it reaches the
destination. It can record packets from specific processes, then analyze
the information. You can setup filters to modify the packets or even
send them when you want in different intervals. WPE Pro could also be a
useful tool for testing thick client applications or web applications
which use applets to establish socket connections on non http ports.

Cannot download/unpack WPE PRO properly? Official page has answer too:
Many anti-virus programs detect WPE Pro as a Virus or Trojan, however it
is not. Some anti-virus programs will even go so far as deleting the
file from your computer when you extract or, not let you run the
program. To get past this, you'll simply need to disable your anti-virus
program when you plan to use WPE Pro.

Server\Client side
Next you should know what is server/client side and why is it important.
Server side - everything what is managed by server.
Client side - everything what is managed by client.

Server side:
Database - informations about everything ingame (players, items, creatures, objects)
Scripts - quest scripts, boss scripts, other scripts
Other machanics - buying/selling, mailing, auctioning, casting, chatting,... (alot more)
Server side checks - checks actions (requests) made by client

Client side:
Languages
Tracking
Player position, moving, actions... (those requests are sent to server and executed by server)
(probably some other which i cant think of right now)

Explanation:
Client side - some information like chat messages, position of all objects around player,... are sent to your
client without any restrictions. Its your client who checks languages, allows/disallows you to track objects and so on.
You can read/modify memory of you client. You can also modify packets received by your client.
You can use those methods to gain some advantage (with WPE/CE/WEH you can understand any language, track everything ingame,...)
Your client can also send requests and other data to server.
Its your client who tells to server what is position of your character and so on.
(Thats why WEH can teleport you, make you move faster, fly,...)
Serverside - you should understand that server has its database.
This database keeps informations about almost every aspect of the game.
Requests/actions are sent by your client. But you can modify those requests with WPE. Thats why serverside checks exist.
Serverside checks are made to protect server from disallowed (modified) requests. But not everything is checked...

Serverside checks:
Items check - no you cant "transform" one item into another item
(server knows what items do you have in your inventory/bank/whatever - its stored in servers database)
Vendor check - no you cant buy any item from vendor
(server keeps information about items sold by vendor, attemp to buy item which is not sold by vendor = fail)
Trade/Mail/Auction check - you cant send more gold than you have + items check
(server knows exactly how much gold/tokens/whatever do you have)
Spells check - you can cast only learned spells, you can swap already learned spells, you cant learn any spell from trainer
(no you cant swap some spell with hand of dead or other uber spells)
Stats check - no you cant make your stats incredible high
(server knows your stats and any change is only visual)
Amount check - no you cant send/mail/trade more than you have
(server knows exactly amount of items in stack - items check)
There is tons of other checks...

Example (image) of serverside check:
[You must be registered and logged in to see this image.]

Recording
So how to record packets with wpe?
1. Run your WoW client, login
2. Open WPE PRO
3. Target your WoW
4. Press record button
5. Do some action ingame (for example move your Hearthstone)
6. Press stop button
7. Get results
Tip: Its also good idea to disable logging of received packets (WPE
Window->Wiew->Option->Uncheck "recv" and "recv from"). In most
cases you need only sent packets to be logged...
[You must be registered and logged in to see this link.]

If you cant target Wow.exe or there are no results try following:
1. Make sure that you use modified version of WPE PRO (does not reguire permedit)
2. Run both WPE and WoW as admin (right click + run as administrator)
3. Disable windows defender,antivirus,etc...
Also:
1. Dont forget to target Wow.exe
2. Make sure that send/send to option (eventually recvd/recvd from) are enabled for Winsock1.1 (view->options),...

Analyzing
I logged some packets but what do they mean?
There is not simple answer for that. Try to analyze them:
1. Do some action ingame (for example cast spell) and log sent packets
2. Repeat, repeat, ... (not necessary if you are sure you did everything right and logged right packets)
3. Ignore always different offsets (first 6 or 7 offsets) and always different packets
4. Try to find some identical offsets (those are important)
5. Do same action in little different way (cast another spell or change target of your spell) and log sent packets again
6. Repeat if necessary
7. Some of the identical offsets from step 4 should change
8. Congratulations you just got your spell id (in case of different spell) or your targets id (in case of different target)
[You must be registered and logged in to see this link.]
Explanation:
I got spell ID so what?
You need to think "out of box". You can actually swap spells (or something else).
Swap healing spell/buff with damaging spell and you can kill yourself or your own faction.
Swap damaging spell with buff/heal and u can buff/heal your enemy.
Swap "spell with no global cooldown" with "instant cast spell with no
cooldown but with global cooldown" and you can remove global cooldown.
Tips:
Try to find some place where you can be alone and try to make "start
logging"+"do action ingame"+"stop logging" proccess as fast as possible.
It will reduce number of logged packets.
Other possibilities:
Can i get/swap only spell ID?
No you can get/swap tons of other things like target id, item id, slot id, player id,
amount of gold/items/whatever, your ingame coordinates, etc.

Get IDs
Do i have to always log packets to receive ID of spell/item?
No. You can get IDs (not IDs of players) from some online WoW database.
1. Find some spell/item/talent/...
2. Separate number at the end of link
3. Convert that number to HEX and flip pairs (or put that number to wpe pro converter)
4. Profit (use in filter)
[You must be registered and logged in to see this link.]
Tip: You can get spell IDs also directly ingame with macro/punistool. But you/someone has to cast that spell ingame.

Filter(s)
Ok so i got two spell ids and i want to swap them. How can i do it?
Its really simple:
1. Open wpe, target your WoW.exe
2. Doubleclick on "Filter 1"
3. In search in right offset (for spells in WoTLK its 008|009) put id of first ("swap from") spell
4. In modify in same offset put id of second ("swap to") spell
5. Uncheck Recvd/RecvdFrom (you dont need it now)
6. Choose filter name and click Apply button
7. Now check box next filters name
8. Click "ON" button
9. Go ingame and cast first spell
[You must be registered and logged in to see this link.]
Explanation:
Filter will change HEX of first spell to HEX of second spell. So instead of first spell second spell will be casted.

Save Filter(s)
I made some filters but i dont want to loose them...
So go and save them:
1. Make some filter(s)
2. Click "Save As" button
3. Choose destination and name for file
4. Click "Save" button
[You must be registered and logged in to see this link.]

Load Filter(s)
I downloaded some filters but i dont know what to do with it...
Its pretty simple:
1. Open wpe, target your WoW.exe
2. Click "Load a Filter" button
3. Find filter
4. Press "Open" button
5. Your filter is loaded now but you need to select it first so check checkbox next to filters name
6. Click "ON" button
7. Go ingame and profit
[You must be registered and logged in to see this link.]

Now you should be ready to make your own filters.

LIST OF WORKING EXPLOITS

WPE

Good old mage arcane explosion pwn (not tested since WoTLK came out):
1. Get lvl24+ mage
2. Swap Counterspell with Arcane Explosion
3. Spec into Arcane Concentration (Rank 5)
4. Find group of mobs
5. Spam Counterspell and pwn everything with Arcane Explosion
Filter:
(Tested PRE-TBC and TBC) [You must be registered and logged in to see this link.]
(Untested WOTLK) [You must be registered and logged in to see this link.]
Explanation:
Counterspell has no global cooldown. So Counterspell/Arcane Explosion swap removes global cooldown
from Arcane Explosion (or other insta cast like Ice Lance). But arcane explosion can hit multiple targets.
And more targets = bigger chance to proc Arcane Concentration. So your next spell costs no mana.
Usage:
On servers with no antihack and "not flying mobs" you can make (most likely with speedhack and flyhack in instance) or find
some big group of mobs and kill them from air in like 1 second...fast leveling or farming [You must be registered and logged in to see this image.]
Tips:
You need target (yep it has one "not so big" dissadvantage)
Make macro for Counterspell spamming. Something like:
/cast Counterspell
/stopcast
/cast Counterspell
/stopcast
/cast Counterspell
/stopcast
...

Honorless target buff anytime (Tested on TrinityCore2 Rev: 5472):
1. Swap any of your spells to [You must be registered and logged in to see this link.]
2. Cast your swapped spell
Usage:
You can piss off ppl in PVP
Tips:
WoTLK offsets 008|009
TBC offsets 007|008
WPE HEX for Honorless target is AF|09
you can use it with "cast any spell periodically"

Cast any of your spells periodically without autoclicker (Tested on TrinityCore2 Rev: 5472):
1. Get some companion
2. Swap your summon companion spell with any other spell you can cast (for example summon Cockroach [You must be registered and logged in to see this link.] to honorless target [You must be registered and logged in to see this link.]
3. Select and enable filter
4. Select your swapped companion (in my case Cockroach) in your "companions window"
5. Close "companions window" and use this macro:
/run CompanionSummonButton:Click() t=0; q=CreateFrame("Frame", nil,
UIParent);q:SetScript("OnUpdate", function(s, e) t=t+e; if t>30 then
t=0; CompanionSummonButton:Click(); end end)
[You must be registered and logged in to see this link.]
Explanation:
Summon companion spell has no cooldown (but has global cooldown), can be casted in combat, and can be clicked with macro...
Usage:
You can make it buff you automatically
Tips:
You can find list of companions here: [You must be registered and logged in to see this link.]
How to convert/get ID of any spell (works for summon companion too) is already written in tutorial
To stop macro from working use this macro: /run q:SetScript("OnUpdate", nil)
t>30 means anytime its longer than 30 seconds click summon companion
button. So change 30 (seconds) to any other number to fit your buff
duration.

Make your target(s) to attack someone/something else (Tested on TrinityCore2 Rev: 5472):
1. Get lvl 70+ hunter
2. Swap some offensive ability to missdirection (i swap Arcane Shot (Rank 1) to Missdirection)
3. Cast swapped spell (Arcane shot (Rank 1)) on your target
4. Your target is buffed and your Threat is redirected to him
5. Attack some different target
6. Watch them fight and make /laught at them
Filter:
[You must be registered and logged in to see this link.]
Explanation:
Normally you can use Missdirection only on party/raid members. Spell swap allows you to cast it on other targets...
Possible use:
(Untested) Buff boss and attack up to 3 trash mobs. They will go and
fight boss. Can be repeated every 30 seconds (missdirection Cooldown)
(Untested) Go raid enemy city. Buff some enemy player and attack guards.
They should attack him. Hes friendly to them so he cant fight them
back.
(Tested) Make fight two trash mobs and try to guess winner [You must be registered and logged in to see this image.]
Tips:
If you need loot make sure you did like 50% damage...otherwise you cant loot (ninja protection)
You can use multishot to hit and redirect 3 targets at once
I tryed to buff and attack same target. It does nothing so dont waste your time...

Teleport/Desync anyone (Tested on TrinityCore2 Rev: 5472)
This one is fun you can "desync"/teleport anyone:
1: Get your ID
2: Get ID of your victim
3: Make filter and swap those IDs
4: Go to ship and enable filter right before you change maps
5: Move on ship
[You must be registered and logged in to see this link.] (You need to know how to record packets with WPE so learn how first...its somewhere in tutorial)
Explanation:
You change your id right before map change. So when you move "on the
other side" (map) it does not actually move you but your target (you
changed id).
So its like you are still staying on same place on ship and not moving.
But instead of you its your target whos moving on the ship.
This will make everything (NPCs, objects, players,...) around your
target to dissapear (when hes not moving) or
dissapear/appear/dissapear/... (when hes moving)
You can actually teleport your victim. Thats in case hes "out of sync" when you are changing map with ship...
Usage:
(tested) You can teleport your friend (even cross map teleportation)
(tested) You can piss off someone who you hate (im sure this can work even on GM)...
(untested) You can wipe raid (choose tank or healer)
Tips:
Dont do this on your main char...use proxy/vpn make another account with
lvl1 (orc/troll) take hidden path, swim and you are in ratchet in like 4
minutes...
If you teleport your target he will be axactly on same place as you...so get ready for reports [You must be registered and logged in to see this image.]
Possibility:
This is messing with teleportation. So its possible that you or your target can get dc/ban on servers with teleport detection.
This should work for any ship or zeppelin changing maps...

Cheat Engine (CE)
CE allows you to search and modify your WoW memory. In CE you can search
for any value (HP/Mana/gold/...) and also for IDs (not converted for
WPE). In most cases the change is only visual. But there are some
exceptions. One of them is:

"Death bug" (Tested on TrinityCore2 Rev: 5472):
1. Open WoW and login
2. Open CE
3. Select your WoW
4. Go ingame and get full HP
5. Search for your HP value
6. Go ingame and die
7. Perform next search for 0 value (you are dead = 0 HP)
8. Copy results to the adress list
9. Change value to 50000 (any >0 value should work)
10.You are living death but you cant move so perform and cancel logout
11.Now you are dead but you can move and attack (with spells/autoshot/pet/...)
[You must be registered and logged in to see this link.]
Note:
At the end of the search you should get only few (like 3) results
(adresses). So chances for crashing your WoW should be minimal...
This is kinda repost but with little different steps (i hope) [You must be registered and logged in to see this image.]
There is also WPE version of this but imho it does not allow ressurect yourself...
Warning:
Dont freeze found adresses...it can kinda bug your character...
Everyone can see your moving dead body...so you can be reported/banned pretty fast
After some time (6 minutes?) you will be teleported to spirit healer (thats "release spirit" autoaccept)...
Your mana wont regenerate
You cant melee attack
You can hardly kill something (mobs hp regenerate fast)
You have to search for your HP with CE again after relog
Usage:
You can explore/avoid mobs
You can collect quest items,...
You can open chests,...
You can ressurect yourself
You can also PVP but...no melee, no mana ragen,...so most usefull for hunters with pet/autoshot [You must be registered and logged in to see this image.]
You can lvl your alt/friend...all XP go to him

Ressurect yourself (Tested on TrinityCore2 Rev: 5472):
1. Do deathbug
2. Select ressurect spell (make it so you have to choose target)
3. Dont cancel spell, go to CE and change HP value back to 0
4. Go to your WoW and select your dead body as a target of your ressurect spell
5. Accept and get ressurected
Usage:
You can skip trash mobs and ressurect at boss, etc.
(usefull on servers with antihack)

No tool
There are also exploits which reguire no tools. Example:

Hunter - improved aspects bug (Tested on TrinityCore2 Rev: 5472):
1. Get dual talent specialization
2. Spec into improved aspects (Improved Aspect of the Hawk, Improved Aspect of the Monkey, Aspect Mastery)
3. Dont spec into those talents in your second talent spec (use those talent points in different way)
4. Enable spec with improved aspects and cast/get aspect of dragonhawk
5. Enable second talent spec
6. Now you keep improved aspects
Explanation:
Changing talent spec does not remove already used aspect from hunter. So u can keep improved aspect even after relog...
Tip:
Works until you change aspects...even after relog
Note:
Its nothing special but its like 190 free attack power and 6% dodge + you can spend those 9 talents on something else.

MACROS
Even macros can be exploitable...example?

Already mentioned autocast:
1. You can find it somewhere in list of exploits

Show guild setting (normally avalible only to highest guild members - GuildMaster,...)
1. Open your guild tab in social window
2. Use/enter this macro/script:
Code:
/script GuildFrameControlButton:Enable();
3. Click Guild Control button
4. Now you can see guild settings (u cant change them because you dont have the rights)

Show guild bank inventory (must be visited once and does not allow operations with items) and its content
1. visit guild bank and look at all tabs
2. Go anywhere and use/enter this macro/script:
Code:
/script GuildBankFrame:Show();
3. Now you can see guild tabs and its content

Other usefull macros:

Macro for ingame coordinates without addon:
Code:
/script px,py=GetPlayerMapPosition("player")
/script DEFAULT_CHAT_FRAME:AddMessage(format("( %s ) %i,%i",GetZoneText(),px *100,py *100));

Macro for spell IDs ingame:
Code:
/run local f=CreateFrame("Frame","f")
f:RegisterEvent("COMBAT_LOG_EVENT_UNFILTERED") f:SetScript("OnEvent",
function(self, event, ...) local a,b=select(9, ...) if(B) then
c=format("%.4X",a) ChatFrame1:AddMessage(b.."--"..a.."--"..c) end
end)

----------------------------------------------------------------------------
Just to make it clear...those tutorials are completely free and you dont have to pay for it [You must be registered and logged in to see this image.]
So choose regular download
----------------------------------------------------------------------------
You are allowed to share those exploits and tutorials anywhere but use my links please and dont reupload.
Thx for reading till the End [You must be registered and logged in to see this image.] and have fun! [You must be registered and logged in to see this image.]
----------------------------------------------------------------------------
All files are now available in single package:
[You must be registered and logged in to see this link.]


Message [Page 1 of 1]


Similar topics

-

» First Person Mods