I am just looking to make a little team hack. Anyone have an ideas if this will be done the same way as the other BF games?

I tried using 1 for US and 2 for the other team, and vice versa. Couldn't seem to find the addy!

Any ideas???

read the mini map tut from this page
http://www.mpcforum.com/showthread.php?t=58051

an its 2 for us ,1 for the other guys

i tried but it seems that some of the values which alternate from 1 to 2 as you cahnge teams cant be changed, as no matter what value you give them they will automatically switch back to their old value and cant be controlled :tired:


looks like BF2 has some kind of protection

Well now when i nop a line it says some invalid team number message then the game crashes

ok the Vaules 1 and 2 are not the right values i tried this 5 times and NO addys work trust us hwen we say 1 and 2 dosent work DAMN !

it cant be the rite 1 your trying to change
i used the tut myself and it sort of worked for me
when i change the value it shows me the enemy both tags and on mini map but doesnt show my own team players which is still gd but getting the rite dma addys is a other matter though
Pic 1 (http://a.domaindlx.com/nobodyknows/screen006.jpg)
Pic 2 (http://a.domaindlx.com/nobodyknows/screen007.jpg)

ok the Vaules 1 and 2 are not the right values i tried this 5 times and NO addys work trust us hwen we say 1 and 2 dosent work DAMN !

The values are still 1 and 2. I have very quickly done the teamhack based on the 1,2. However unlike BFV TeamValue 3 is not supported. We will have to look closer for the spectator value.

Spawn in game on USA, search 2, change to Other Team, search 1.

I also tried 1 and 2 and got nowhere. I couldnt get the tag hack with the old methods either.

actually i just had another shot at it and found that it is possible to switch teams while you are playing on one team and not die (so changing teams while you're alive and kicking), then, kill your team mates and switch back to your original team while the whole time it displays you on the original team to everyone else. :devious:
i tested this out on some servers and didnt get kicked by PB ... it was pretty fun...
the people who i terrorised were running around going "wtf"???
and when they tried to kill me they got a TK penalty :cheeky: it was hilarious...

anywayz...
there are different things u can do but basically thats the only thing ive been able to do so far...
i cant quite find how to view the other teams location on the minimap without changing the team im on so far though... :(

you do realize it only appeared you had changed teams on your computer, in fact according to the server you were tk'ing all your teammates. Probably the more likely reason for the "wtf's".

I guess its like in BFV, you have to be ONLINE for this to work, that might be the prob some ppl have. I have not start looking yet....i know lazy lazy...but i should start this week, at least to have an idea for when the real deal comes the 24th (europe)

well then how come my score increased and i could capture flags for the enemy???

Okay then 3 possibilities:

1. You were doing it in singleplayer.
2. Again it only appeared to you that you were capping the enemies flag, to everyone else you were just standing there.
3. You have found a genuine exploit. Tell us exactly how you did it and i will see if i can reproduce.

Are you shure that your score actualy increased, did ppl complain, this could be couse your comp think you are on the other team, but actualy on the server your not. Like i said have been out of the loop for a bit, but i remeber exactly this phenomenon when we started using DMA in BFV, we thought we realy found a cool exploit ;)
To do a perfect Map Hack I would use SEH anyway as it shows the teams on the map like it should.

Are you shure that your score actualy increased, did ppl complain, this could be couse your comp think you are on the other team, but actualy on the server your not. Like i said have been out of the loop for a bit, but i remeber exactly this phenomenon when we started using DMA in BFV, we thought we realy found a cool exploit ;)
To do a perfect Map Hack I would use SEH anyway as it shows the teams on the map like it should.
congratz on the 1000 :)

ok well after reading what you said i double checked everything and came up with these results:

1.) i capture a flag... it looks captured to me and i run away...

2.) the enemy (a person playing on the server) sees the captured flag and attempts to recapture... this tells me it really did cap the flag

3.) i change team in front of someone and they see my name change to red ... all of a sudden they start shooting and try to kill me...


im 100% certain that i've found a genuine exploit.

although i dont think its very good one because you can only do this when there is a free spot on the opposing team to turn to...
really, you can only keep doing it on servers that dont have the auto team balance turned on otherwise the other servers will stop you from changing teams if there isnt a free place on the opposing team...
anyway i can tell yas how im doing this on MSN...

ok the Vaules 1 and 2 are not the right values i tried this 5 times and NO addys work trust us hwen we say 1 and 2 dosent work DAMN !

You're wrong _talon, values are still 1 and 2 like Kosire sais. The effects are also the exact same as in BF1942.
In singleplayer you acctually change team by modifying the team value, you'll get negative points by shooting the oposit team, however, you won't get shot by your own team even if you arn't on their side... anyways, hacking BF2 offline sucks, since PB isn't active yet, you can acctually use T-search to change the team value online.
The effects of changeing team value online are as follows:
- You'll see the other teams characters/vehicles on the minimap, not your own.
- You'll see the other teams tags but not your own unless you point at them.
- When you die, you need to switch teams again, otherwise you can't select a spawnpoint.

As of now, i havn't found any address to nop... but since both teams are blue on the map, noping the address like in BF1942/BFV wouldn't be the same since everything on the map is blue... unless you could find the address holding the "enemy spoted" operation.

*EDIT*
Just to clear some stuff up Psyklopz, even if your client sais you did a teamkill doesn't mean that the server thinks that aswell... if you change teams online, you don't change team on the server, and the other guys won't see you as red.
And about captring flags, you won't be able to capture your own flags, just by changeing the teamvalue online.

are u all doin the team hack usin DMA or SEH?

not even downloaded the demo yet... just curious. surely a proper old style NOP (SEH) will allow u to se both teams on map unlike DMA where u only see 1.

funny that PB isn't workin, especially after all the talk about it in the demo.

are u all doin the team hack usin DMA or SEH?

not even downloaded the demo yet... just curious. surely a proper old style NOP (SEH) will allow u to se both teams on map unlike DMA where u only see 1.

funny that PB isn't workin, especially after all the talk about it in the demo.

PB is working, its just not fully activein all ways yet . i had reports of ppl getting kicked for packet loss by PB.

PB is like it always is when a new version of a game comes out. They dont know what addresses to watch if they even need to watch them. So they are waitting for a hack to come out, then will activate their scanning.

Anyways scruie, from what I gathered so far from the posts(I been to busy to work on hacking bf2 yet), is that you can find the DMA for it, but so far no one has found an address that they can NOP and see both teams. As faldo said, no matter what your team is, they show blue on the minimap. So NOPing an address might lead to showing the other team but not to be able to tell which team the people are on the minimap, if its your team or the enemy. In 1942/Vietnam, you got blue and red, in bf2 its only blue.

Just to clear some stuff up Psyklopz, even if your client sais you did a teamkill doesn't mean that the server thinks that aswell... if you change teams online, you don't change team on the server, and the other guys won't see you as red.
And about captring flags, you won't be able to capture your own flags, just by changeing the teamvalue online.


The way i have done it is that the server recognises the team change and instead of dying you stay alive thus you stay where you are, looking like the team you were originally on, with your old weapon etc... it does work except you can only do it once before dying. :)


P.S. i will try to write a hack program for this so you can try it out yourself if Kosire hasn't already...

Instead of writing a hack program, tell us how it is done. From what I remember, the server tells the client the die command when you change teams in a sense of the server recognizing it. Plus I dont see how the server would recognize a team change without you dieing.

i tried but it seems that some of the values which alternate from 1 to 2 as you cahnge teams cant be changed, as no matter what value you give them they will automatically switch back to their old value and cant be controlled You have to find out what code is writing that value at that location. Either manipulate that code, or find out where it's getting it's value (stored in the eax register) from.


I guess its like in BFV, you have to be ONLINE for this to work, that might be the prob some ppl have. I have not start looking yet....i know lazy lazy...but i should start this week, at least to have an idea for when the real deal comes the 24th (europe)
BF2 games are always online... even a single player game is "online". you can see that when you are starting a singleplayer game, there is a message that says "starting server" or something. You can see that the game is connecting to YOUR IP address too. This is why you can play coop (sort of), as CaptainCox pointed out (http://mpcforum.com/showthread.php?t=94487). It's like a local, Non-Dedicated server. You may also notice that all the CON files that involve vehicles, weapons, ect are only used by the server (local or other). This should put an end to the myth of accuracy ect, being client side AT ALL. every movement and everything you see is just the server telling your client what to see and where to look.


PB is like it always is when a new version of a game comes out. They dont know what addresses to watch if they even need to watch them. So they are waitting for a hack to come out, then will activate their scanning.
Remember, all Punkbuster needs it the md5 of the .text section of the game's executable file. Sparten is right, it is not fully active yet, but is is definitely working. :laugh:

Regards

I know all they have to do is add md5 to the .text, thats why I said they are waitting for a hack to come out. They dont know what is exactly needed yet, if they even have to do md5s of the whole exe or not. They are waitting to see what kind of hacks are released.

As for the accuracy, you can not judge 1942/vietnam by what is set in bf2. Its hard to tell if accuracy works at all or not in 1942/vietnam. I seen stuff that would leave me believe both sides. I am not quite convinced that it dont work at all, but I am convinced it dont work like everyone thinks it does.

They dont know what is exactly needed yet
1. scan section of .text and calc md5 hash.
2. compare calculated md5 with expected value and kick user if it doesn't match.

What more do they need than this??? :confused:


I am not quite convinced that it dont work at all, but I am convinced it dont work like everyone thinks it does.
I've traced all the routines on the client and server and determined that accuracy is solely server side. If you think that it "SEEMS TO WORK" when you are using it then go ahead and use it, but it is all in your head. :kos:

1. scan section of .text and calc md5 hash.
2. compare calculated md5 with expected value and kick user if it doesn't match.

What more do they need than this??? :confused:

that sure depends on who made the hack ;) but a simpel nop hack with nothing to cover its tracks aint gonna last long.

if what you said about accuracy is right i might aswell post the addy her also. works great for singelplayer...

to lock the crosshair and remove bullets dev.
original:
0059F2D5 D846 08 FADD DWORD PTR DS:[ESI+8]
change to:
FSUB ST,ST
NOP

What I meant goggle, is they are waitting to see if md5 is even needed. With the engine being redone so much they are wondering if memory hacks will even come out. Someone might try releasing dx hacks instead of memory hacks. Why add the md5 scans if no memory hacks even come out, thats my point.

to lock the crosshair and remove bullets dev.
original:
0059F2D5 D846 08 FADD DWORD PTR DS:[ESI+8]
change to:
FSUB ST,ST
NOP

What exactly is that good for? Permanent crosshair? Thx in advance. (I can't speak asm fluently ;) )


.text:0059F2C1 loc_59F2C1: ; CODE XREF: sub_59EF00+3A3
.text:0059F2C1 ; sub_59EF00+3BC
.text:0059F2C1 mov ecx, [esi+40h]
.text:0059F2C4 fld dword ptr [ecx+14h]
.text:0059F2C7 mov eax, [esi-4]
.text:0059F2CA cmp eax, ebx
.text:0059F2CC fadd dword ptr [esi+28h]
.text:0059F2CF fadd dword ptr [esi+24h]
.text:0059F2D2 fadd dword ptr [esi+20h]
.text:0059F2D5 fadd dword ptr [esi+8]
.text:0059F2D8 fmul dword ptr [esi+30h]
.text:0059F2DB fmul dword ptr [esi+2Ch]
.text:0059F2DE fstp dword ptr [esi+4]
.text:0059F2E1 jz short loc_59F30A
.text:0059F2E3 mov edx, [eax+154h]
.text:0059F2E9 lea ecx, [eax+154h]
.text:0059F2EF call dword ptr [edx+64h]
.text:0059F2F2 cmp eax, ebx
.text:0059F2F4 jz short loc_59F30A
.text:0059F2F6 mov edx, [eax]
.text:0059F2F8 mov ecx, eax
.text:0059F2FA call dword ptr [edx+60h]
.text:0059F2FD test al, al
.text:0059F2FF jz short loc_59F30A
.text:0059F301 fld dword ptr [esi+3Ch]
.text:0059F304 fadd dword ptr [esi+4]
.text:0059F307 fstp dword ptr [esi+4]
Have to take a closer look at the whole function...

Regarding to the accuracy: I think, it's a client side decision, because the random values for

recoil.recoilSize
recoil.recoilForceUp
recoil.recoilForce
recoil.recoilSpeedGB
recoil.recoilSpeed
recoil.recoilForceLeftRight
recoil.zoomModifier

have to be computed locally. If they are all zero, there shouldn't be any recoil at all.

What I meant goggle, is they are waitting to see if md5 is even needed. With the engine being redone so much they are wondering if memory hacks will even come out. Someone might try releasing dx hacks instead of memory hacks. Why add the md5 scans if no memory hacks even come out, thats my point.
If the MD5 check comes, then sb has to change the MD5 check, where's the prob? :)

In 1942/Vietnam, they do md5 scans of the .text of the games .exe. That is what we are talking about. SB dont have to change the md5 check. PB is just waitting to see if memory hacks come out to see if they need to add the md5 scanning or not.