Tower EXP ==
Step 1. Scan current money (Double, Exact Value)
Step 2. Place some monkey, Scan current money.
Step 3. 2 Values should appear, Right Click the top one and click Browse Memory Region
Step 4. Right Click, Change Display Type to Double(This is just for ease of viewing)
Step 5. Find your money in the viewing panel.
Step 6. Scroll up by ONE line.
Step 7. You should see 4-5 values constantly changing over and over(they will be flashing red). MAKE SURE THIS IS ABOVE THE VALUE you found in Step 5, NOT BELOW.
Step 8. Alter that value. Turned negative? Alter it again.(What i do is add them all to my address list by Right Clicking>Add this address to the list and freeze them. If it goes down, unfreeze and refreeze til it increases)
That's a quite rudimentary way of tapping into the KonFuze class, but hey, if it works for you...
KonFuze stores all values (int, float, double) as doubles and often times (but not always) the values are re-encrypted even after a read operation, too.
KonFuze manages two seeds and a double[] array.
In the double array only one of the numbers are valid and there are better ways to find the right one.
But, I'd advise against trying to work it out - if you could not figure it out so far, chances are good that you won't in the future, either.
There is a general problem with any of these encrypted values: they seldom support direct operations; that includes basic stuff like addition, subtraction, too.
This means that the value has to be decrypted before any operation and re-encrypted after.
While this is a waste of CPU cycles for the most part, it does hold wannabies in bay.
Unfortunately, NinjaKiwi's KonFuze class does not even achieve that - as you can see, even your rudimentary way of hacking the value works, defeating NinjaKiwi's highly convoluted encryption with ease.
Note to NinjaKiwis: constantly changing values are easier to find than those that are static. By constantly changing them you are making them very easy to find -> you shot yourself in the leg.
True, there is a hack detection built into KonFuze, but I wonder what's point of the encryption then?
They knew their encryption were broken from the start? Just do hack detection and be done with it.
I hacked Bloons Adventure Time TD to smithereens as well, that did a far better job in the encryption department.
Sorry, I can get carried away when I see design nonsense like this.
Back to the issue at hand.
So, when you see an encrypted value, you should not waste much time on trying to understand how it works - unless it's a simple XOR or bit shift, there is no point.
Instead, tap into the functions that do the actual operations - you will always find member functions like 'SetX(...)', 'ResetX(...)', 'AddX(...)', 'RemoveX(...)', 'MultiplyX(...)', 'CompareX(...)', etc.
These member functions either implement the decryption/encryption themselves, or, they call an appropriate function that does that.
For example, let's take the hero class in BTD6:
public class Hero : TowerBehavior
{
...
public void AddXp(float amount);
...
}
If you debug that call, you will find that there's a whole lot of CPU cycles wasted to resolve the current XP.
Then, the 'amount' is added and there's another a whole lot of CPU cycles wasted to update the KonFuze class (random seeds and all doubles).
So, a smart guy ignores the nonsense before and after and sees about changing the amount.
Are you a smart guy?
edit:
removed describtion and (old) tables, didnt like the game and wont do any updates/cheats for this.
decided to share this : viewtopic.php?f=2&t=8426&start=135#p127762
for anybody who has problems with negativ values or wants to change some specific values.
//
if you dont need to change any values, use this:
table from GreenHouse : viewtopic.php?t=11682
Last edited by cfemen on Sun Mar 29, 2020 7:27 pm, edited 12 times in total.
/////
Forgive my ignorance , how to use these codes ?
well, i just made a table with it.
Features:
-Ignore Tower EXP
you can buy every upgrade 4 free ( you need more than 0 EXP for the first uprade, im too lazy for searching this check )
-Instant Win Round
activate script and you will get a message that you won the round, you can select "free play" and execute script again and stack the rewards.
-Player EXP
activate only in Main Menu!
wait a sec and you will see a random number like this:
in my example:
213500 = 580
if you want more just increase the number:
213700 = 780
so yeah you can give yourself every value(you can set a greater value than needed without problems)
to trigger a level up -> start a map and leave it or just play and every round you get a level up ( if EXP > EXP_NEEDED)
note : deactivate script if you have altered the value, my script manipulates parts of the anti-cheat and will cause a crash if its activ while the game loads maps !
thats it, i already uninstalled the game so i wont do any updates / more features ...
i also have coded own scripts for pointers to health and money, but i guess its not necessary to add coz linkff's table already covers health and money
PS : special thanks to KonFuze "anti-cheat" that
showed me all the protected vars (after i force killed all the fakes / randomizing key) its really pleasant to get all important values without scanning/searching xD