Shifu-Hacks Blog


Archive for August, 2007

Simple bot creation (Part 1/3)

Posted by compactwater on August30 2007

Editor’s note: If you’re lazy, skip to paragraph 6.

I’m sure you’ve used a bot before. A nice tool to make things easier. Well, making the bot isn’t too hard. But you should always remember to have a good reason for the bot, instead of hacking the game for the same, or even better effect. To make a simple or ‘basic’ bot, you will use Pixel detection and a method of input through the Keyboard or Mouse.

It’s a bit confusing thinking about it, but when you see the program in action, you’ll understand better. The basic thought behind a bot is, “If foo is bar, do X.”, meaning if a pixel is red, press a key, move the mouse and click, and/or alert the user. A good example of this would be an auto-clicker, it does what the user wants, so the user is happy. Something everyone (should) know, is that RuneScape isn’t generally ‘hackable’, but you can use a botting program, such as an auto-miner. It does what the user wants, and so the user is happy. When making a bot, that is all you need to know to get good reviews. If there is just one flaw, the user will not be happy.

Interviewing, or reading users’ responses will help you improving your bot, making it more advanced, and user-friendly. A user will use another bot over yours if it cannot do everything the other can and better, watch other bots, and their development, and improve and learn from them. Another important method is using BETA testers to see how your bot works, if there are any flaws or errors, what can be changed, and how to make it more user-friendly, so the initial release is not disgraced.

Version information should always be recorded and released publicly, and older versions should always be made available, and open-source. Making your bot open-source will help others learn, and others help you improve on your source. If you don’t like open-source, you can choose a trusted ‘partner’ to give the source to. You should never use malware to create your bot without informing the user of it’s reason, such as using a RootKit to make the bot undetected by Anti-Cheat software, or a dll injection to force accepted input, which could also set off anti-virus.

As anyone should know, using a bot can get you banned. If you aren’t careful, you will be banned, and possibly even permanently banned, which would require the use of a proxy to access the game again. But, some people don’t realize the risks and dangers of using the bot, so you should always use a disclaimer… otherwise some angry guy will say it’s all your fault he/she got banned, or that your bot is a scam, and you stole his account, etc.

Ready to make a bot!? You need to read and understand everything else before you continue, unless you’re an advanced user who can be very flexible. First: The objective of the bot. What will it do, how, when, and where? For my example, it’s a simple auto-clicker. But I will also teach you the use of Pixel detection and keyboard inputs.

  1. Clicking. Is it easy? Yes. Can doing it faster than a speeding bullet crash someone’s computer? Yes. Would that make a good bot? No. With clicking, it can be hard. Some slower computers cannot take input any faster than 20 milliseconds, as others can go faster than 20 nanoseconds, and because of this, you need to make your clicking adjustable by the user, usually by automated detection (advanced) or a simple edit box. In my example I used “mouse_event“, because of it’s option of mouse down and mouse up.
  2. Keyboard input. Yes, it’s easy, if it goes to fast it’ll crash, and not being flexible will make a very bad bot. It’s actually harder to decide which method of input to use when making it. SendInput, SendMessage or PostMessage, keyboard hooks, and etc. The bot should only use one input method, unless for multitasking. Also, some keys should never be used, such as F1 (help), and F12(break), because it can interfere with the bot.
  3. Pixel detection. Its much more simple than many may think. Most commonly used with Print Screen, BitBlt, and GetPixel (not to be confused with SetPixel). Pixel detection has to do with the Blue(GetBValue)-Green(GetGValue)-Red(GetRValue) values of a pixel. If they match, or are close to a certain value, the bot will be active, or alert the user. The pixel’s location should NEVER be hard-coded, it should be configurable by the user through the mouse with GetCursorPos.

Now, clicking. Here’s how it’s done with Mouse_Event:
mouse_event(MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0); //Mouse down (click and hold)
mouse_event(MOUSEEVENTF_LEFTUP, 0, 0, 0, 0); //Mouse up (release)

So now you’re ready to make an auto-clicker! (Happy?)
Get the source: (Unavailable due to the host dying, a fourth time)

Keyboard input and Pixel detection will come later!


Posted in General Programming, Trainers | 13 Comments »


Posted by compactwater on August28 2007

I’ve made a new page called “Linky”. It should help any new visitors with navigation, or help on learning new things about Flash Hacking, Cheat Engine, Variables, Delphi/Pascal, and Visual Basic. It will also include small amounts of PHP, html, and Perl. It will link to tutorials, information, and anything related to hacking. It also links to Cheat Engine Forums, please  remember to read the rules, stickied posts, announcements, and recent posts before asking a question, it may have already been answered, or it is not allowed. If you don’t follow the rules, you will be banned. If you continue to disobey the rules you will be permanently banned, followed by an IP ban, be respectful to other users.

Posted in Uncategorized | Leave a Comment »

User-verification, Scams, Paysites.

Posted by compactwater on August23 2007

Paysites, what are they? A place where ‘professional’ programmers sell cheats for games, usually stolen. The reason sites like those exist is because most people don’t learn. They don’t learn how to do something on their own, and so they look for others to do it for them, with no results. Then they come across a Paysite, and buy something. And what’d’ya know? It works! But the thing is, they didn’t make it, they didn’t learn anything from it, and they wasted money for something that was already fully ‘public’ and possibly even open-source.
Why DO people pay others to do work for them? Because they are lazy.

Something I’ve noticed about some sites which offer bots, hacks, and etc for Neopets is a user-verification system. It is to make sure you’re a member of the site, and with that, they can be sure only users from their site can access the programs. Something I didn’t notice, is they actually force you to put the verification in the program YOU have created, and by doing so, you submit your program to their site, as their property. It means you aren’t the creator anymore. You should never modify your source, just to fit the needs of a community.

A good example of this is Neocodex, which was originally created by raredaredevil. History on it is fuzzy, but the administrators of Neocodex used their programs to attract users and steal accounts, even though the programs are fully functional, so no-one suspected it.

Quote from raredaredevil himself:

I was the creator of Neocodex, hydrogen just had a free promo host with godaddy. We met on a msn group. I needed a host, he needed a programmer.

They started to hack there own members, so I released that info to the public and got banned from a site I made.

Since I released info about them hacking there own members, I have been disliked by many of course they denied the entire thing and said all screenshots made were faked by me. Then about a year later they admitted it, by then no one cared and I kept the label of a bad person who tried to take the site down.

Back then I was like 14-16 years old (not sure exactly) I have no reason to join a forum anymore , I will soon make (need a msql database) and then I will shift every single program full public, full open source. Having to join a forum and release your programs to climb ranks makes no sense, the admin of a site should be glad to have you and your programs not the other way round.

Posted in Uncategorized | Leave a Comment »

Automated Login

Posted by compactwater on August22 2007

Most controls use IE, and the cookies stored with IE, and users will not be logged in through a trainer, because it is reading from IE’s cookies. For short, an automated login logs into the website without you having to do anything. A setback to this is stealing account information. An obvious scam is if the provider asks for a username and password, but has no valid reason, or in return offers money, or items. It’s best to never trust an automated login unless the provider gives the source.

In Delphi, logging in is simple, Neopets uses a login.phtml to login, and when data is ‘posted’ to that, it will check it, and if it matches you will be logged in, this is the same for almost any web-based login. You can also use HTML to login, but it may not be necessary. Everything is sent to 1 url, like this:

(Don’t try anything funny with that account, it’s frozen.) It seems too simple to be true, but it is. You can login to any account by following that url. To make the automated login in Delphi, you will need the TWebBrowser control and 2 Edit boxes, 1 button, and 1 line of code. Confused? See this:
WebBrowser1.Navigate(‘’ + Edit1.Text + ‘&password=’ + Edit2.Text);

You can see there’s no trick to it, visit that url, and you’re logged in.

Now onto Hypertext Markup Language (HTML). HTML is used to design websites, along with PHP, Java, and various other things, even the login for Neopets. Because this isn’t an HTML blog, I’ll shove this at you, and leave the rest to common sense:
<form action=”; method=”POST”>
<input type=”text” name=”username”>
<input type=”password” name=”password”>
<input type=”submit” value=”Login!”>

Posted in Flash Hacking, Neopets | 4 Comments »

Working with INI files in Delphi

Posted by compactwater on August20 2007

Initialization file! To use these functions, you will need to add ‘INIFiles’ to your uses list. I’ve also used IntToStr and StrToInt in this example. Making and reading an INI file is simple, but be sure you only use it when you have to. If you don’t specify a path for your INI, it will be put in the system folder of the current computer (For me, it’s C:\WINNT), if you want the user to be able to change it without opening the application, you should specify a location for it, usually in the same folder as the application.

So, lets make the INI now. Add MyINI: TIniFile; to your var. If you put it in a procedure or function, you’ll have to redeclare it for every procedure or function you use it in, otherwise it will give you an error Undeclaired identifier: ‘MyINI’. WriteString or WriteInteger can keep you from having to use IntToStr/StrToInt, but WriteString is more commonly used. Here’s what it’ll look like:

  1. MyINI := TIniFile.Create(‘MyINI.ini’);
  2. MyINI.WriteInteger(‘info’, ‘anumber1’, StrToInt(LabeledEdit1.Text));
  3. MyINI.WriteInteger(‘info’, ‘anumber2’, StrToInt(LabeledEdit2.Text));
  4. MyINI.WriteString(‘info’, ‘yourname’, LabeledEdit3.Text);
  5. MyINI.Free;

1. Make/edit the INI file.
2. Write anumber1 to the INI as an integer under info.
3. Write anumber2 to the INI as an integer under info.
4. Write yourname to the INI as a string under info.
5. Free the INI (never forget to do this!).

When finished, the INI will look something like this:

  1. [info]
  2. anumber1=5
  3. anumber2=2
  4. yourname=Kent


Now it’s time to load the INI!

  1. MyINI := TIniFile.Create(‘MyINI.ini’);
  2. Labelededit1.Text:=IntToStr(MyINI.ReadInteger(‘info’, ‘anumber1’, 0));
  3. Labelededit2.Text:=IntToStr(MyINI.ReadInteger(‘info’, ‘anumber2’, 0));
  4. Labelededit3.Text:=MyINI.ReadString(‘info’, ‘yourname’, ‘?’);
  5. MyINI.Free;

1. Make/edit the INI.
2. Load anumber1 as an Integer under info, if not found return 0.
3. Load anumber2 as an Integer under info, if not found return 0.
4. Load yourname as a string under info, if not found return ?.
5. Free the INI (never forget to do this!).

Posted in General Programming | 7 Comments »

NCE and NTS – Neopets Trainers

Posted by compactwater on August15 2007

You want to hack Neopets now, don’t you? Well, something you should know before I continue, is that almost every single hack for Neopets is a fake. Why? They ask for your information, usually promising Neopoints or items in return… but, an automated login is not fake. Please keep that in mind before using any ‘hacks’ for Neopets, so you aren’t scammed.

Here’s an example of the ‘code’ used:

  1. LoadGame(552,1,Uber Score)
  2. cheat1var(_root.controller.gGame.mcBigBoss._x,0)
  3. cheat1var2(_root.controller.gGame.mcBigBoss._y,0)

Bold – Function
Orange – Game ID
Red – Number of cheats
Violet – Name of cheat(s)
Green – Variable
Blue – Value to set Variable

Cheats go into ‘.rare’ files in the scripts folder. If you did something wrong, the cheats or game will not load. Also, be very careful to only use what you need, if you get close to the high scores you will be frozen (banned), making other accounts to hold your items and/or Neopoints is not a good idea, you can get chain banned, meaning every account of yours will be frozen. Using a proxy is useless, you can still be chain banned, remember to be careful with these trainers.

raredaredevil: 29 october 07 changed the flash game load code [nts] to work again
NCE by SciExTron:
NTS by raredaredevil:

Posted in Flash Hacking, Neopets, Trainers | 2 Comments »

Flash Katana

Posted by compactwater on August13 2007

Flash Katana, made by AoiMasamune, is a flash hacking trainer. With this, you can save the hassle of making a trainer for each and every game. As of July 31st, 2007 Katana is Version 1.9. Of many flash trainers that have been created, this is truly the best universal trainer.
You will need the latest .NET Runtime files to run the trainer.

More Information (click here).

Posted in Flash Hacking, Trainers | 10 Comments »

More Control!

Posted by compactwater on August12 2007

So, you know how to hack Flash Games now… But, you want more control, don’t you?  You can change almost anything in the game, but by using simple controls, you can make it easier, and more user-friendly. For this example, lets say you’re playing a racing game, and you happen to find a variable”_level10.player1.speed“. With that, you can change the speed, but what if you wanted to go slower, or faster? The user would have to change the Editbox to the speed, which may cost them the race.

You could do this many ways, but in this example, I will use hotkeys (GetAsyncKeyState) and a track-bar. Position your track-bar in a reasonable location on your form, and add a timer. Set the Interval on the timer to 20 milliseconds, the average input speed of a keyboard. Click on the track-bar, goto the ‘events’ tab on the Object Inspector, and make an OnChange event by double-clicking on the OnChange drop-down.  To make the variable change to the track-bar’s position, you need “TrackBar1.Position“, but because this is an integer, you will also need to use “IntToStr”, which will convert the integer to a string.

Now back the the OnChange event, add
to the OnChange event of the track-bar, that will change your speed on the game to the track-bar’s position. You may want to change the maximum and minimum (Labeled Max and Min) of the track-bar higher or lower, depending on the game.

What about the timer? That’s for your hotkeys. To do hotkeys, I will use GetAsyncKeyState, which requires a Virtual Key. Here’s a quick example:
if Odd(GetAsyncKeyState(VK_F2)) then

Don’t understand what’s going on?
if –  if X happens…
Odd – if X is an odd number…
VK_F2 – Is the virtual key for F2, and when pressed, GetAsyncKeyState will return an odd value.
then – then do Y.
TrackBar1.Position:=TrackBar1.Position+10 – Will set the track-bar position to it’s current value +10.

There is something you should know when setting hotkeys, never use Alt+Function keys, F1, F12, and in some cases, F5. The reason is, some hotkeys are already being used, or may be in use on another computer. F1 is the universal key for ‘help’, and F12 is for ‘Debug’ or “Break’, and F5 is ‘refresh’, but it is also commonly used for other things.

Other controls are basically the same, but would work better in different situations. Find the one right for what you’re trying to do, and make your program more user-friendly.

Posted in Flash Hacking | Leave a Comment »

Basic Variable Hacking

Posted by compactwater on August3 2007

This is where Neopets comes in. By modifying ‘variables’ you can change what happens in the game. If you’re used to Borland Delphi (děl’fī’) or Visual Basic, this will be easy for you. Modifying variables can be done a few ways, and one is quite simple. By adding ‘?’ at the end of a swf url, you can change variables.


But the effects would be temporary, if they were re-set during game-play, it would not work. That’s where Delphi (Or VB) comes in. With Delphi, you can use the ActiveX ShockwaveFlash element to modify variables during game-play, and also do some other neat tricks, but for now, keeping it simple.

To install, click ‘Components’ and ‘Import ActiveX Control’. Note: You must have Adobe Shockwave/Flash installed, or it will not be available, and if you install it after running Delphi, you may need to re-start. Now, find Shockwave Flash and Install it.Delphi Shockwave Flash

After installing, you can find it in the ‘ActiveX’ tab. Double-click it to add the control to your project. Note: The graphics will be messed. The Shockwave Flash control’s name will automatically be ‘ShockwaveFlash1’, if you want to change it, just remember what you name it.

In order to load a game, you must know it’s exact url. To find the url, you must look at the page’s source. In Firefox, press Ctrl+U to view the page’s source, then Ctrl+F to search for ‘.swf’. If you don’t find anything, you could be looking at a frame, or the page has loaded through an IFRAME.

When you find the url, goto Delphi and add a button to your project. Double-click on it and type: Shockwaveflash1.LoadMovie(0, ‘‘);

That will load the game into your ShockwaveFlash control. Changing variables can be just as simple, but you may need to decompile the game. For this, I recommend Sothink SWF Decompiler. To download the game from the Internet, you may want to use wget (Requires Perl) FlashGet, or a custom download method.

After downloading the game, open it with Sothink SWF Decompiler. Search in the ‘action-script’ on ‘Main Movie’ and find where it says ‘var’, or anyother obvious things, such as ‘health’ and ‘ammo’. That is where you will find what you need to hack the game. Note: Some games are encrypted, and are harder, but not impossible, to hack.

In order to change a variable, you must know what the variable’s name is (duh). To do so, it’s another simple 1-line command.

ShockwaveFlash1.SetVariable(‘Variable_Name’, ‘Value’);
ShockwaveFlash1.SetVariable(‘health’, ‘1000’);

When setting a variable, everything is considered a string, even if it is an integer. A common compile error is Incompatible types: ‘WideString’ and ‘Integer’. You cannot set a string to an integer, you must use ‘ and ‘ around the number, to make it a string. If you wanted the user to be able to set the variable, make an edit box, and then use:
ShockwaveFlash1.SetVariable(‘health’, Edit1.Text);

That will let the user set the variable to whatever they like.

Posted in Flash Hacking | 1 Comment »