-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathlevel16.ts
More file actions
28 lines (26 loc) · 3.62 KB
/
level16.ts
File metadata and controls
28 lines (26 loc) · 3.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
import { Level } from './types';
export const level16: Level = {
id: 16,
title: "Assembly Patching: The Instruction Rewriter",
description: "License validation routine executing at runtime. Assembly code checks three authentication flags via conditional jumps. Modern game trainers (Cheat Engine, ArtMoney, CoSMOS) patch assembly instructions to bypass protections. DRM systems (Denuvo, VMProtect) detect instruction modifications. Anti-cheat (EasyAntiCheat, BattlEye) scan for patched opcodes. Your scenario: Validation function contains three checks at different addresses: OPCODE_1 (offset 0x600, currently 0x74 = JZ 'jump if zero'), OPCODE_2 (offset 0x604, currently 0x75 = JNZ 'jump if not zero'), OPCODE_3 (offset 0x608, currently 0xEB = JMP 'unconditional jump'). Each jump leads to 'ACCESS_DENIED' handler. To bypass: Replace all three with NOP (0x90 = No Operation), causing CPU to execute through checks without branching. Real-world parallel: Game trainers patch 'JLE health_decrease' to NOP, making player invincible. Crack groups patch 'JE license_check_fail' to NOP, bypassing activation. Speedrunners patch 'JNZ cutscene_trigger' to skip animations. Educational concepts: x86 opcodes, conditional branching, control flow hijacking, byte-level code modification. Current state: All three jumps active (0x74, 0x75, 0xEB). Target state: All NOPs (0x90, 0x90, 0x90). Techniques: Memory Scanner (find opcode bytes), Hex Editor (precise byte replacement at 0x600/0x604/0x608), hybrid approach. This is not theoretical - this is how every game trainer works. You are learning the foundation of runtime code manipulation. Understand opcodes. Patch instructions. Hijack control flow.",
requiredSkill: "Multi-Opcode Patching & Control Flow Hijacking",
objective: (s) => {
const opcode1Patched = s.health === 0x90; // OPCODE_1 should be NOP (0x90)
const opcode2Patched = s.ammo === 0x90; // OPCODE_2 should be NOP (0x90)
const opcode3Patched = s.score === 0x90; // OPCODE_3 should be NOP (0x90)
return opcode1Patched && opcode2Patched && opcode3Patched;
},
hint: "Three jumps. Three opcodes. Three patches. JZ→NOP, JNZ→NOP, JMP→NOP. 0x74→0x90, 0x75→0x90, 0xEB→0x90. Find the bytes. Replace them. All must be 0x90.",
tutorPersona: "The Disassembler: Assembly is machine truth. Each byte is an instruction. Conditional jumps are decisions. JZ: jump if zero flag set. JNZ: jump if zero flag clear. JMP: always jump. These are x86 opcodes, the language of the CPU. The validation routine has three decision points. Each jumps to denial. To bypass, you must neutralize all three. NOP (0x90) is the silence instruction - do nothing, continue. Patch OPCODE_1 at 0x600: change 0x74 (JZ) to 0x90 (NOP). Patch OPCODE_2 at 0x604: change 0x75 (JNZ) to 0x90. Patch OPCODE_3 at 0x608: change 0xEB (JMP) to 0x90. The CPU will execute linearly, never branching to denial handler. This is how trainers work: scan for jump opcodes near health/ammo code, replace with NOPs, invincibility achieved. This is how cracks work: find license check jumps, NOP them, software unlocked. All three opcodes must be 0x90 simultaneously. Atomic patching. Rewrite the machine code.",
memoryLayout: [
{ key: 'health', label: 'OPCODE_1', type: 'int', offset: 0x600 },
{ key: 'ammo', label: 'OPCODE_2', type: 'int', offset: 0x604 },
{ key: 'score', label: 'OPCODE_3', type: 'int', offset: 0x608 }
],
initialState: {
health: 0x74, // JZ opcode (should be 0x90 = NOP)
ammo: 0x75, // JNZ opcode (should be 0x90 = NOP)
score: 0xEB // JMP opcode (should be 0x90 = NOP)
},
platforms: [{ id: 'p1', x: 0, y: 280, width: 800, height: 40, type: 'static' }]
};