[juanmjacobs]

Hi, how are you doing? I've recently started diving into reverse engineering stuff. And with all the fuss around Among Us lately, it seemed like a fun thing to hack.

I've noticed that a lot of basic hacks are based on replacing some method implementation to return a fixed value, or do nothing, or writing to some memory position to change the normal game behavior to your advantage. So maybe something like that could be done for Among us.

First I learnt that it was a Unity il2cpp based game and found Il2CppDumper, a great tool for getting class names and method/field offsets in the game. That was great for understanding what I needed to modify. But then I didn't know how to modify it.

So I read a lot of great tutorials here and there and noticed that there were a lot of beginner hackers (like me) struggling with this part. There is quite a bit of low level programming stuff like assembly for function hooking, pointer arithmetics and that sort of thing.

After kinda figuring it out, I've managed to make a simple mod that allowed you to change the speed of the little guy you control by hooking some functions and changing some fields in the player object.

Then it hit me: the process to write the code to perform that sort of mods in any il2cpp based game would be exactly the same. Get your Il2CppDumper output => hook functions => do your modded stuff. So as a personal fun weekend challenge, I decided to make a tool that would be simple to use and would allow anyone to make basic mods without programming at all. And thus, il2cpp-modder was born.

Given the output from Il2CppDumper and some rules telling il2cpp-modder what you'd like to mod, it will generate C++ code to perform DLL injection in your game and run your mods. There are 4 built in mod types: - Make a function return a fixed value (eg, always return true, false, 0, 1, 99999, etc) - Set an object field to any value you want (eg, keep your player health at 100) - Replace a function call arguments (eg, always call your coins setter with 99999) - Replace a function implementation (eg, just rewrite the whole thing. Programming required!)

Maybe this can encourage less experienced hackers to try and make their first successful mods! I really hope this project can help someone. I had a lot of fun building it and I've learned a lot for doing it.

If you have a chance to try it, let me know if you found it useful! Or if you had any trouble I'll try my best to help you.

[pfisch]

Please stop. Your fun little project is going to be used primarily to ruin other people's fun, and make life hard for game devs.

Do you even think about what you are making and what it will be used for?

[c-c-c-c-c]

Why would it make life hard for game devs. If you buy a game you own it and can do whatever you like. If you create a mmo game then you cant blindly trust client data and no malice is implied in this post. This is really a non issue and a great way for people to get into programming and hacking.

[bartwe]

Devs will get bad reviews, bad press, support requests and demands for anti cheat. While there are designs that are more robust against this, this is adding increased challenges and costs at no true advantage to the dev.

[meheleventyone]

Hi! I'm a game developer that has been making online games for a bit over fifteen years.

This is a touch overwrought. If you make an online game people cheating at it and dealing with them is the cost of doing business. The people that the developers need to worry about aren't some random person learning to reverse their code and messing about but the companies that exist to do this for profit. A casual search shows that Among Us already has a burgeoning sector for this.

Further these public investigations are a great way for developers to see how people can reverse their game and fix the issues.

[pfisch]

A lot of the cheaters I have dealt with just distribute hacked apks for free. They make them with programs like this.

It forces us to make changes to the games that make them less performant, or with a bunch of delays for server checks. That degrades the quality of the game for all the real users.

[meheleventyone]

Yup it’s a pain but dealing with cheaters is the cost of doing business. I’m well aware of the annoyance and additional complexity that removing cheating opportunities takes. Thanks for writing something less inflammatory than the comment you started off with.

[mschuster91]

> While there are designs that are more robust against this, this is adding increased challenges and costs at no true advantage to the dev.

Games where the authority of in-game state rests at the client instead of the server (e.g. ammo count, health) have no right to complain about people abusing this.

The elephant in the room however is "wallhacks" and other mods (e.g. aimbots) that expose or act upon global state that is supposed to be unknown to the player. Essentially, the only way these can be prevented is by running the game in a fully trusted and attested environment - but that is impossible to achieve outside of professional leagues with organizer-provided gaming rigs.

All attempts to come even near to this goal that are available for the consumer market however have big, big issues attached to them - they're often enough slowing down the game, are ripping up security and privacy holes, prevent compatibility with FOSS environments such as WINE, and there are almost routine reports of people getting banhammered without meaningful recourse due to some AI mis-flagging stuff.

[juanmjacobs]

Hi there! That's a great point you are making. Of course I can agree that it sucks if a cheater ruins the fun for anyone else.

I'm really not a gamer myself, I just like messing around with code and learning how it all works. There is really a lot to learn from this kind of projects. The content out there on low level programming tends to be a little daunting, arid and hard to understand. So I thought game modding could be a nice package for people to get interested in that kind of skills. The tool generates legible, explained source code and it helps you with the steps for compiling and what not. I think it could be great to motivate beginners to start getting their hands dirty and grasping some of the concepts out there.

I guess most client side hacks (the ones you can make with this tool) are not so great with any modern multiplayer game anyway, as real core domain logic and syncing is often executed server side. And on top of that there is all the basic extra stuff like validations, kicks, bans, anti cheats, etc. For local or single player games, they could work a little better. But what's the harm in that, right? it's just you in there.

Again, even with all that said, I can really see your point, I totally get it! I hope this reply sheds a more positive light on all of this. Have a great day!

[pfisch]

It really depends on the game and to what degree it is secured.

In a lot of games adding additional server side security checks means slowing the game down and making it a worse experience for the real users.(As in having to put up loading spinners while we spend time validating things on the server for no real reason except because of people trying to ruin the game.) That is a bummer, and when products come out that make it easier for people to make cheats it results in a proliferation of people releasing hacks.

It also takes money and time away from development and towards this kind of nonsense, which also hurts the users in the end.