Shifu-Hacks Blog


Archive for the ‘Flash Hacking’ Category

Flash Player

Posted by compactwater on November24 2007

The point in this is to be able to play flash files even if the flash player isn’t installed on a computer (such as school computers). Or if the ability to play flash files has been disabled. Comes with all the basics, frame selection, open file, stop, play, and scalemode.
Original source:

Flash Player

Download it!


Posted in Flash Hacking, General Programming | 1 Comment »

Neopets Flash Information

Posted by compactwater on November16 2007

Any sort of information you may want from a Neopets flash game- now available. This is pretty much useless to anyone, but may help in understanding of Neopets flash. Since the WebBrowser and SockwaveFlash elements are IE based, you’ll have to be logged in through IE to notice any changes.

Neopets Flash Information


Posted in Flash Hacking, Neopets | Leave a Comment »

.SOL Editor

Posted by compactwater on October29 2007

A flash hacking alternative to variable editing and cheat engine, you can change values saved by the game in a “.sol” file. Simple example: saves a .SOL file to remember your volume and mute settings, though editing that is pretty much useless. Download .SOL Editor.

You will find the .SOL files in x:\Documents and Settings\[account-name]\Application Data\Macromedia\Flash Player\#SharedObjects\ followed by the name of the website. If the game was running from your computer, the .SOL will be in the “localhost” folder. Replace ‘x’ with your main drive, the one with your OS, and the account-name with the currently logged in user. Note: This will only edit data saved by the flash! Not everything can be changed.

Once you find your target, open it and search for anything of use (health, ammo, level, etc.) once found, edit it to the desired value and save, you should make a backup of all .SOL files before you edit them, because you may screw something up by doing this- and the flash will never work again until returned to it’s original state. It is also possible that the flash will reject the .SOL if it has been modified.

If you’re more into visual learning, you can see the tutorial on Cheat Engine forums for more information.

Posted in Flash Hacking | 4 Comments »


Posted by compactwater on October10 2007

Marabot is a Marapets bot created by SciExTron of Cheat Engine Forums, also the creator of NCE. If you have any troubles with the bot, or you find a bug, be sure to report it.

Marabot v1.4

You can get it here:

Posted in Flash Hacking, Trainers | 3 Comments »

Neopets SWF Finder & Downloader

Posted by compactwater on October7 2007

Simply enter the Game ID, and this will get the SWF location, and download the game. Good for downloading Neopets games to decompile and hack them. And as always It’s open-source.
Don’t know what a Game ID is? Here:

Neopets GameID

Download it.

Posted in Flash Hacking, Neopets | 8 Comments »

IP Banned? No problem.

Posted by compactwater on October6 2007

You’ve probably been IP banned from a game or two. But you can never play the game again- or so you thought. You can use a proxy to access the site/game once again! The first thing you should know, is that not every proxy will work. They aren’t up 24/7, so if you find one that doesn’t work, go on to another. New to proxies? No worries, you don’t need to learn anything complicated.

Sample Configureation

Install an add-on for configuring a proxy, any one will do. Next, find a proxy. I recommend using this. Test if it works by enabling the proxy, and trying to access, or some other site. If it loads, you should test it by matching it with your current IP. Get your IP at Now access any site you’ve been IP banned from (Neopets, Gaia Online, etc) to see if it works 100%.

Posted in Flash Hacking, Neopets | 5 Comments »

Sold on eBay

Posted by compactwater on October2 2007

Something many people have noticed is that free, and even open-source applications are being sold on eBay without the author’s consent (illegal, of course), but the author cannot do anything about it, because he/she has no proof that they are the creator. That’s why you should always register, or even get a license for all applications you publish to the Internet (unless you don’t care that other’s are making profit from your hard work.)

A good example will be this guy [outdated]. Selling a bot on eBay, that he himself did not create, nor did he keep it within it’s original substance. Where did this really come from? Cheat Engine Forums It’s a Gaia Online Fishing bot, created by a user named “TerryDonahugh“, and is completely open-source. Unfortunately, he doesn’t have a license on his work, so there’s not much he can do about it being sold on eBay. But when making something open-source, always remember to get a license- just a simple warning to you.

Something you may want to try:

Posted in Flash Hacking | 1 Comment »

Just-in-case ASM Knowledge

Posted by compactwater on September16 2007

If you don’t know basic Assembly/Assembler/Whatever you want to call it (ASM), then you should read a tutorial, this is for people who have at least a basic understanding.
Sometimes a game cannot be hacked because it has simple protection, or the value is randomly generated (obfuscated), or encrypted. This is where you must look into the game’s memory to hack it, though some of it may be randomly allocated.

Finding the memory is (usually) simple, using “Find out what accesses/reads/writes to this address” with Cheat Engine on an interesting value. If the game knows when something should not be changed, you can usually ‘nop-out’ the code that detects the odd change, but more advanced detection methods would require actual thought. The general things you need to know,is reversing, changing the value of a register (asm or debug), and nopping.


Reversing & Nop-ing:

Making a code do the opposite. Example:
jne 005B667F
changes to
je 005B667F

jne means “jump if NOT equal”, and je means “jump IF equal”. “jump” means to goto an address, at the current state, usually to check something, and if correct, do something, such as decrement health or ammo. Example:
mov eax,005B667F
add eax,5D
cmp eax,ecx
je take_damage
jne return

mov (move) moves “005B667F”, the location of the address, add loads the pointer, and cmp (compare) compares eax to ecx, which if it is equal, will cause you to take damage, and if not equal, will return. There are many ways you could stop yourself from taking damage, the simplest is to change jne to je, but you can also nop it.

Changing & Setting Debug Registers

Cheat Engine has a built-in ability to set debug registers. You can also choose to use Int3 breakpoints. When setting a debug breakpoint, or editing the memory to change the value of something, always be sure you’re doing it correctly, and that you have enough memory allocated; never be scared to over allocate. For changing a register, you will need to ‘code-cave’, redirected memory that can be changed freely with (almost) no fault. Example:
add eax,ecx
cmp eax,edi
add eax,edx
cmp eax,edi
jne here
je there

Your code-cave:
mov eax,your_value
cmp eax,edi
mov eax,your_value2
cmp eax,edi
jne somewhere
je elsewhere
jmp return

Modified 005B667F:
jmp code-cave

So, the code will goto your code-cave instead of the actual thing, and will do whatever you want. This is best for games that may have simple anti-hacking protection, or computers that have an inability to set a debug register, otherwise you can do that in Cheat Engine, and set the value of a register, or a flag (such as ZF).

Posted in Flash Hacking | Leave a Comment »

Too good?

Posted by compactwater on September12 2007

Some games have the build-in or server-sided ability to detect when a player is just “too good”, and will raise a flag that will result in your ban. On the other side, it may detected the player being too good, and immediately ban them, or boot them from the current game, and set them for review by game masters/administrators. Not all games have this, and it is usually only included in online games, to keep users from using trainers, or bots, to cheat in the game. A problem with most bots, is they do the same exact thing in every case, and it can lead to an obvious hacker, which is why “Human Error” should always be an option on a bot (if the game detects the original pattern). If the bot varies its results, it will become harder for it to be detected as a bot.

The simple point behind it, is to make it as if someone where actually sitting at the computer, monitoring every move to be only as perfect as a human can get. Meaning, instead of getting 5/5 every time, get 4/5, maybe even 2/5, and sometimes 5/5, depending on actual results from a human player. Bots should always be tested for a long period of time to be sure they do not cause (large) damage to the user, and to be sure that there are no errors.

If you move your mouse to X,Y every 10 seconds and click, then move it to X,Y and click after 3 seconds for 5 hours, you’re going to get banned, it’s simple. Now, if you click at X+random,Y+random every 10+random seconds and move to X+random,Y+random and click again every 3+random seconds for maybe 2-3 hours, it’d be harder to find out if that person was cheating, but still possible.

Let’s take Gaia Fishing for example. In Gaia Fishing, there is user-interaction, which could lead to someone figuring out you’re cheating, and reporting you. The reason varies from, “I hate hackers” to “Teach me how to hack”. You can never tell why they do it, but they do, and it’s just another thing you have to look out for. Thus: An auto-chat. A small tool that will respond to common phrases said in the game, out of random parts of a sentence.
I am busy fishing, I’ll talk later.
I’m fishing, I will talk later.
I’m busy!

Bye, Later, Cya, Goodbye, Hello, etc…

That would lower suspicion, but if done wrong (in an obvious way) , it could make you stand out. Human Error can only be created through trial and error… or if you happen to know any sort of detection methods they may use, you can try to reverse it, disable it, or create a bot with Human Error.

Posted in Flash Hacking, Gaia Online, General Programming, Trainers | Leave a Comment »

Online Flash Hacking, what you should know

Posted by compactwater on September9 2007

When hacking an online/web-based flash game, you should always remember you can get banned, and even worse, an IP ban. This list is to help anyone become a “not-so-nooby flash hacker”, and maybe even learn something. (Note: This is mainly based on Neopets.)

  1. Always use a proxy when testing hacks, don’t use the same proxy for more than one account, and don’t communicate between multiple accounts, you may get chain-banned.
  2. Never use ‘tools’ or ‘hacks’ downloaded from the internet that ask for a username, password or other personal information, that includes online forms that ask for information.
  3. Never give out your in-game-name, or anyother information that may lead to your account, game masters do watch sites.
  4. Don’t boast about being a hacker, that’s the quickest way to get banned.
  5. Don’t share your account, no matter who it is or who you ‘think’ you can trust, your account can be banned for being accessed by more than one person.
  6. Never go above or close to high scores, you’ll probably be banned, and there may be a max limit to how much you can earn from the game.
  7. It’s your choice to give the public information or hacks, if someone else does it before you, there’s nothing you can do about it.
  8. If you don’t need an item, sell it for cheap, drop it, or give it away, so there’s room for something you do need.
  9. Neopoint Generators are real, not the kinds you see on forms as scams. There are many ways to do it, but don’t give away your information, you will get scammed, use another account to test if it is real.
  10. Never use the same, or similar information for more than one account, it can be traced, and you can be chain-banned by it- never underestimate the game masters.
  11. If you are banned, or IP banned, get another proxy, and make a new account with new information. (Name, e-mail, birth date, etc.) and write it down somewhere safe.
  12. Using a bot is probably more dangerous than hacking. If you’re online for more than a few hours/days, you have a high chance of being banned, especially since your movements/patters will be the same every time.
  13. If the game includes more than one player (yourself), don’t hack, you will get banned, or hack lightly.
  14. Don’t act ‘l33t’ or better than everyone else, don’t become a top member, etc., or you’ll be targeted quickly, and possibly banned.
  15. Give and take from the hacking community, learn, and don’t become a “leecher“.

Posted in Flash Hacking, Neopets | 1 Comment »