Ok guys. Being on console doesn't make a game IMPOSSIBLE to hack. In fact gameshark is a hack. Anways back to the main point. I ran some simple tests through my import ffxi and the results were interesting.

I ran my first test through a memory searcher. Pretty simple stuff, I prefer using artmoney because of it's simplicity. I didn't expect stuff like stats and money being bale to bbe controlled by the client side, so I skipped those. I started testing out smaller stuff like tricking npcs to sell stuff cheaper and stuff like that. Didn't work, it still checked out with the server.

The second step was to catch a couple samples of packets to see if there are any patterns and to see if any of the packets can be successfully forged. Only problem with this is that the game is in god damn japanese so the ascii is all messed up even though there are a few distinguishable patterns. I ran it through winsock pro which ain't exactly the best packet editor, but I'm used to it. I would prefer winsock, but I have xp. Winsock pro was never completed and couldn't catch some certain packets. I also ran the game through iris. If you were wondering how I could alt tab out of the game, I didn't. They have programs where you can set a hotkey, and when you press it, it'll switch tasks.

The last thing I did was was searching for code caves. Code caves was basically 00 and/or 90 hex bytes located in the memory of the game. These bytes are usefull because we can use these spaces to inject our own code. Thats when I got kinda tired, it was around 1am.

I hope this may serve as the first, or a small step to answering your questions. Basically the jist of what I said was that I didn't find anything I could do YET, but if I did find anything useful, I wouldn't post it here anyways, I'll probably get banned. But if any of you are more experienced with packet editing, I wouldn't midn your help. I can send some of the logs I saved from winsock.

Sorry for the double post, but I must say this. Forging packets ain't as easy as, "lets tell the packets to change 10 gold to 1 billion." In fact, gold is probably the hardest thing to hack in many games. It's obvious to the dev team that players will try to hack gold if they didn't have protection. Even if I did find the right packet that shows the gold I got from enemies, and I set a filter on it so that every enemy that drops gold gives me 1 million gold instead of whatever the original amount was, it still wouldn't work. I'm sure its been tried before and I've tried it on other games. If it doesn't work for other games, don't count on it to work on ffxi. I have to admit they did a good job with the anti cheat stuff, but nothing is impossible to cheat in. And if there was ever a cheat, I'm sure the owner would not release it to the public because he or she would be afraid that square will quickly update the game and eliminate the cheat. An example of that would be the auction house bug like half a year ago.

Another thing about the encryption. Most game devs are lazy as hell. Everything gets delayed several times. Most games, and when I say most, its about 99%, of the games are NOT encyrpted. An example of an encrypted game is Age of Mythology. That game is developed by microsoft, so I expect no less. But the encryption is a simple XOR encryption which was also what I expected. Devs don't make games government top secret. There is basically no need for encryption on games because it might conflict with some of the game function itself, and its almost useless. This is why most games are not encrypted, and the ones that are can be easily decrypted with about an hours time of work. In fact, I can decrypt age of mythology using softice, a memory searcher, and some code injection tools.

I don't know if you're agreeing or disagreeing, but console PSO has been reverse engineered by someone using a computer. Any client can connect to a custom hacked server using a changed DNS server ":3.

That is so true, how can I not think of that! *smash myself really hard so I will remember*

I was agreeing ^^

It'll be awesome to switch the moogle with a darth vader model. Just model it in 3dsmax and repack it with the original models in ffxi.

The Japanese are smarter than we think Square-Enix tooko some of Japan's best hackers and hired them to hack into the game as a test to see easy it would be to hack into FFXi... The best hackers on the Japanese Cyber Task Force couldnt hack into the game with at least 3 to 6 months of work..... well at least thats what EGM said

Part of the information that's being passed along here on how to hack a game. Most of those are true if your character data existed on your computer. FFXI is different it's like trying to hack a MUD, you'd have to actually crack the servers security then in the server find the correct area that holds your information and change it.

FFXI isn't like other online games were the client keeps your characters data and sends to the sever what changes occur to the character. Quite the opposite, since character and just about everything else excluding the maps, character models, displayed text when an event occurs, and stuff like aliases, macros, triggers, scripts are on the server.

So basically all that the server sends the client is updates of what's occuring to their character. So stuff like picking up coins the don't get back code stating the character picked up whatever amount of money, instead it gets a request saying this character is trying to pickup this amount. So then the server checks it against it's data and if that amount exists there then the amount is transfered to their character and the server sends back to the client saying the character got the amount.

It's the way it's designed is different then previous online games. Previous ones would tell the server the got this amount, the server had no controll on if that's true or not. On FFXI it's all requests so your system is asking to pick up that amount or do a certain action. If the amount or action doesn't really exist then the server can see that and responds appropiatly. So most hackers that are focusing on that method to hack FFXI will fail, they have to take the approach as if they are hacking a MUD which is harder to do and much more obvious.

Actually to think I don't recall ever seeing a hacker really succeed in breaking into a MUD and altering their data without being caught just minutes after they did it.

EDIT:

LOL, need to elaborate on my last sentence more. I'm comparing that to all the other online games you see that have hacks you can download to alter your characters data. I've never seen anything like that for MUDs so basically leads to the idea that no has really succeeded in doing that.

If thats the truth FFXI either is very safe for hackers, or they just pretended to hack but really they just found a way to hack in later ^^ or they have the most useless hackers over there.

I vote for the first one.

And I dont think you could change model as darth vader just like that.
It sounds good but prolly theres different filetypes and suchthings which will make it impossible and still you gotta fit in the movement codec or or the game will probably crash when the model tries to do anything but standing still or if youre lucky hes just stuck in one movement. (the last thing I said are just theory though cuz I dont have enough knowledge in the subjct)

If you still can do anything about it other ppl will not see him anyway.

So just think of something else then hacking FFXI eh ^^

Edit: But there are highly believable that they accully did the models in 3d max or any simular program.
Many companies do that.

2:nd Edit: I was answering to HAGAKURE and Bishop. Macht answered while I was typing

You can change images like that. The whole beauty of it though is it's only your client that's ever going to have that change, and that change will most likely get overwritten when there is an update. Since each client has all the graphics stored on their computer if the person makes a change to that graphic only thier system will show the change everyone else will still see his character and all the other stuff the same as it's always been. Only way the graphic can effect everyone is if a hacker breaks into the server and has it send out an update with that graphic change.

Hmm it seems like Macht knows this better then me so I will do as I always do...

Sit back and stfu while reading on...

I've been playing MMORPGs for a couple of years and hacking those type of games not something easy to do.

You can find exploits in the game ( like duping objects, or like the latest in AC2 the Shift-Esc exploit when you die )

Usualy the MMORPG client will only have the graphical information of the game, the UI information, some basic map information.

Location of objects, event and caracter information are all on the server. So when you play the reason you can view all this info is that your client resqueted this information from the server. Only the server can alter this information.

So to actualy hack to game you need to hack the server and I can bet that be really really hard to do, not impossible since Shadowbane didnt get is server hack not to long ago.

So usualy the only thing people may get to do are clients hacks that only impact himself or exploit in the game because of bugs.

ay it is possible to hack into FFXI remember diablo2? those characters were stored on the Bnet servers but people always find a way but do to the security this game has the answer is no ordinary chump will be able to get into the servers but one or two will get in but will probably be vcaught

The file types are simple. I can hack jk2 models easily. All you have to do is just unpack em. It doesn't matter if other see darth vader or not, as long as I see it. Why do you think people hack the character models for the moghouse? Its just for fun so they can take screenys. About the character movment, I don't think thats required either. I mean, if people can change mog into ifrit, I don't expect to see ifrit jump and dance around.

SE should give money to anyone that can cheat on the game. And the people that can find out how to cheat on it could tell SE how they did it then SE can give them a cash prize or something. But I'm sure once it gets to NA and Europe, it will be open to a more wide population therefor, more hackers. I'm sure someone will figure out something. The getting caught part may not be entirely true. Blizzard didn't really catch the creatorsof those hacks.

In reply to Amano's post, having the graphics on client side is very useful since you can create wall hacks, drawn out enemy spawn poin locations, etc. Even though I don't understand why you wuold need a wallhack on ffxi... It's practically impossible to store graphical information on server side in a game such as ffxi. I mean, that would create tremendous lag, and consume large amounts of bandwidth everytime someone started the game. The most they would do is store graphic information on the server and have the client automatically cache it.