[GUIDE] NoCooldown by pointer - as of BR Cabal Mercenaries

Hacking CABAL Online

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

[GUIDE] NoCooldown by pointer - as of BR Cabal Mercenaries

Postby cobr_h » Tue Jan 04, 2011 7:18 am

I've playing once more hacking cabal, and the most annoying hack is the noCooldown, which address changes every time you relog your character.
I've found a way to get static addresses. The skills are stored in a pointer-to-a-list, in the order they appear in the skill slots and, thanks to the ability to change the skills order, I could do it easier, with less address searches. :).
So, here we go, in detail:

- Part 1: Locate the current skill lock address (changes every reconnect)
1.1. Move "greater cure" skill to the first magic slot (into skills, magic tab)
1.2. Log out and back on, or try to heal you being full health (so no heal is done)
1.3. Search for 0 in float, address range between 10000000 and 1FFFFFFF
1.4. Do something to lose some health (remove and add a equip with HP slot/craft), and cure. Do a sub-search for increased value.
1.5. Hurt yourself again (or add/remove HP title/equip). Cure. Repeat 1.4 and 1.5 steps several times.
1.6. You can again (if still did not find the correct two values) try to heal yourself full health and subsearch 0 float (instead of increased value) again, thus repeating 1.3, 1.4 and 1.5 steps, to narrow even more the search results.
1.7. In the end you must have two addresses with same value. the first one is enough to lock at current value or 0 and have a neat no-cooldown-buggy-thing.
When you have less than 10 addresses, you can watch in the results how they turn into 0 when you try to heal yourself being full health and how they increase as you heal yourself.

- Part 2, descend the pointers to the static address
2.1. Suppose the first addy is 1c805598.
2.2. Do a pointer search to 1c805598 - 20: 1c805578 (the struct pointer is 32 bytes before)
2.3. Normally you will find just one address. Suppose it is 1c62d9e0.
2.4. Do another pointer search, now to 1c62d9e0 - 80 = 1c62d960 (the struc pointer is 128 bytes before)
2.5. I expect you to find just one match for this as well. You will find an address near your found (hopefully) level address. To search it, just search long values of your char current level and logon with different level chars.
2.6. Suppose it is 05a9b95c.

- Part 3: generalization
3.1. If you move cure to the second slot and search again since part 1, every step, on the end of part two you will find the same 05a9b95c.
3.2. Then what matters here is the step between each slot, which is in the depth 1 pointer (the search result in section 2.3)
3.3. The expected result shall you search again with cure on slot #2 is then 1c62da64. Then we have a step of 4 bytes each.
3.4. From this we can infer: n = [ fad + (0x80 + (s * 4)) ] + 0x20 ]
Being 's' the slot number (decremented by 1: first slot is 0!) and 'n' is the resolved slot address. Fad is the address found in 2.1. or 1.7.
3.5. From now on, using this formula, all you have to do, every update, is search for the first no cooldown.
3.6. In MHs, using the sample values found here, we have, for the four first slots:
[[05a9b95c]+(0x80+(0*4))]+0x20
[[05a9b95c]+(0x80+(1*4))]+0x20
[[05a9b95c]+(0x80+(2*4))]+0x20
[[05a9b95c]+(0x80+(3*4))]+0x20
3.7. These formulae are input in the 'normal address' tab into 'Modify Address', 'complex' box, and having marked 'Use complex address (overrides simple)'.

This is working at least since cabal Mercenaries, Cabal Brazil, and for this specific update, this is the actual address for the noCD. Date of update: 2010-12-28.
NOTICE: The reference skill (cure) does not work with no cooldown... it cures in its specific rate...
NOTICE 2: In the current version (mercenaries), upon three overrides of exploitable skills I've got DC'ed, so it seems pretty useless the hack now... Or dangerous. Maybe the hack may be set so the skills are cooled faster instead of instantly.
NOTICE 3: There are rumours that people is being banned on log analysis so, if you spam skills you are likely to be caught and have your account banned. People not using hacks are falling in this, I wonder how people using hack are (I have not been banned until now, and I DCed a lot!).

The addresses for sword skills are before magic, probably all you have to change in the above formula is (by finding the address of the first skill slot) the '0x80' constant value.

Have fun! o/

EDIT: I've tested it today. Still works. 2011-06-23. Notice I am using Cabal Online Brazil.
Last edited by cobr_h on Thu Jun 23, 2011 11:13 am, edited 1 time in total.
cobr_h
Acker
 
Posts: 72
Joined: Wed Dec 02, 2009 6:15 am

Re: [GUIDE] NoCooldown by pointer - as of BR Cabal Mercenaries

Postby cobr_h » Tue Jan 04, 2011 9:07 am

Just tested here. For the sword skills you just drop the '0x80' constant from the address. 0x80 means 128 in decimal, each pointes using 4 bytes, it means the skills can max 32 slots. So 33rd 'sword slot' would be the 1st 'magic slot'. Remember the slots I am talking about are these in the skills dialog.

In summary, you will have: [[05a9b95c]+(0*4)]+0x20
As the complex address function in MHS. Have phun! \o/
cobr_h
Acker
 
Posts: 72
Joined: Wed Dec 02, 2009 6:15 am

Re: [GUIDE] NoCooldown by pointer - as of BR Cabal Mercenaries

Postby cobr_h » Tue Jan 04, 2011 10:00 am

Another update: my other guide at http://www.memoryhacking.com/forums/viewtopic.php?f=32&t=8665&sid=a81c7eaff7d88789e57c9d423acbffb3 helps preventing being DC'ed once using this hack by enforcing a time between the skills. :)

Beware it helps preventing DCs, IOW avoids, does not definetly prevent, I am still not able to get to that DC flag for lack of tips... The ones who did it did not want to share much information other than I -need- to atach a damn debugger to cabal process. ;]
cobr_h
Acker
 
Posts: 72
Joined: Wed Dec 02, 2009 6:15 am

Re: [GUIDE] NoCooldown by pointer - as of BR Cabal Mercenaries

Postby madness » Mon Jan 31, 2011 7:34 pm

urmm can u show me in video so i can understand corectly coz im realy confuse rite now... for now i can only do the buff +hp with no cd but its useless because the cd only 2 sec ...can u show me how to do on atack skill with no cooldown pls in video...
madness
I Have A Few Questions
 
Posts: 2
Joined: Mon Jan 31, 2011 7:23 pm

Re: [GUIDE] NoCooldown by pointer - as of BR Cabal Mercenaries

Postby Viktor » Mon Jan 31, 2011 8:29 pm

Zzz
Person below me is a fag.

CPU: AMD Phenom II X4 920 Quad 2.8ghz
VGA: NVIDIA GeForce GTS 450 1GB GDDR5
RAM: 8GB
HD: 1TB
Motherboard: MS-7501

Global Gamers http://www.facebook.com/#!/groups/GlobalGamers/

Laptop: Alienware m15x-216CSB
User avatar
Viktor
NULL
 
Posts: 171
Joined: Thu Dec 30, 2010 5:53 pm
Location: Classified

Re: [GUIDE] NoCooldown by pointer - as of BR Cabal Mercenaries

Postby madness » Mon Jan 31, 2011 10:53 pm

Answer la dont u juz zzzz...
i need help here im newbie here...
madness
I Have A Few Questions
 
Posts: 2
Joined: Mon Jan 31, 2011 7:23 pm

Re: [GUIDE] NoCooldown by pointer - as of BR Cabal Mercenaries

Postby Viktor » Fri Feb 04, 2011 11:33 pm

madness is this the same guy who gave hack to gm? I think not hehe dont mind me.
Person below me is a fag.

CPU: AMD Phenom II X4 920 Quad 2.8ghz
VGA: NVIDIA GeForce GTS 450 1GB GDDR5
RAM: 8GB
HD: 1TB
Motherboard: MS-7501

Global Gamers http://www.facebook.com/#!/groups/GlobalGamers/

Laptop: Alienware m15x-216CSB
User avatar
Viktor
NULL
 
Posts: 171
Joined: Thu Dec 30, 2010 5:53 pm
Location: Classified

Re: [GUIDE] NoCooldown by pointer - as of BR Cabal Mercenaries

Postby th1nk » Tue Mar 08, 2011 11:34 pm

Part 1: Locate the current skill lock address (changes every reconnect)
1.1. Move cure to magic slot 1 (into skills, magic tab)
1.2. Log on, or try to heal you being full health (so no heal is done)
1.3. Search for 0 in float, between 10000000 and 1FFFFFFF
1.4. Do something to lose some health, and cure. Search for increased value.
1.5. Hurt yourself again (or add/remove HP title/equip). Cure. Search for increased some times.
1.6. You can again (if still did not find the correct two values) try to heal yourself full realth and subsearch 0 float (instead of increased value) again to narrow even more the search.
1.7. Then you will have two addresses with same value. the first one is enough to lock at current value or 0.




-------------------------------


i searched a lot addresses, but the addressess doesnt work.

if you know how to search nocd addresses? please mail 2 me thx!!!! mail: flyhackme@gmail.com
th1nk
I Have A Question
 
Posts: 1
Joined: Wed Feb 23, 2011 3:53 pm

Re: [GUIDE] NoCooldown by pointer - as of BR Cabal Mercenaries

Postby cobr_h » Thu Jun 23, 2011 11:04 am

Sorry I am not going to make any video.

If you could successfully change the cooldown of the heal skill, just put another skill on its slot. Each skill has a linear structure pointed by a group of addresses pointed in the way of the part 3. I will try to rephrase some steps to make them clearer...
cobr_h
Acker
 
Posts: 72
Joined: Wed Dec 02, 2009 6:15 am


Return to CABAL Online

Who is online

Users browsing this forum: No registered users and 0 guests

cron