WoW protected lua hack

gistfile1.sh

# WoW x64 5.2.0 (16669)
echo "set {char[6]}0x10054cd90={0xb8,0x01,0x00,0x00,0x00,0xc3}" | gdb attach `ps ax|grep Warcraft|grep -v grep|awk '{print $1}'`

# WoW x86 5.2.0 (16669)
echo "set {char[6]}0x580e30={0xb8,0x01,0x00,0x00,0x00,0xc3}" | gdb attach `ps ax|grep Warcraft|grep -v grep|awk '{print $1}'`

# WoW x64 5.1.0 (16357)
echo "set {char[6]}0x1005519E0={0xb8,0x01,0x00,0x00,0x00,0xc3}" | gdb attach `ps ax|grep Warcraft|grep -v grep|awk '{print $1}'`

# WoW x86 5.1.0 (16357)
echo "set {char[6]}0x587dc0={0xb8,0x01,0x00,0x00,0x00,0xc3}" | gdb attach `ps ax|grep Warcraft|grep -v grep|awk '{print $1}'`

# WoW x64 5.1.0 (16309)
echo "set {char[6]}0x1005519D0={0xb8,0x01,0x00,0x00,0x00,0xc3}" | gdb attach `ps ax|grep Warcraft|grep -v grep|awk '{print $1}'`

# WoW x86 5.1.0 (16309)
echo "set {char[6]}0x587EA0={0xb8,0x01,0x00,0x00,0x00,0xc3}" | gdb attach `ps ax|grep Warcraft|grep -v grep|awk '{print $1}'`

# WoW x64 5.0.5 (16135)
echo "set {char[6]}0x1004B9DA0={0xb8,0x01,0x00,0x00,0x00,0xc3}" | gdb attach `ps ax|grep Warcraft|grep -v grep|awk '{print $1}'`

# WoW x86 5.0.5 (16135)
echo "set {char[6]}0x4fc900={0xb8,0x01,0x00,0x00,0x00,0xc3}" | gdb attach `ps ax|grep Warcraft|grep -v grep|awk '{print $1}'`

That's awesome. Ty for sharing. How does it even work?

Thanks a bunch, you’re awesome.

jp-ganis: The same way PG does, it writes 6 bytes to specified address to disable the check. But instead of a GUI program to do that, this approach uses UNIX way.

Very very nice, I'd love to know how to find that offset, would be a handy thing to keep updated.

5.2? How can we do the reverse engineering. Can you post the steps?

I would also appreciate the updated offsets for 5.2

5.2.0.16685 is out and already ruined the offsets. that didn’t last long. :/

... and now 5.2.0.16701 is out. Is this a new thing, Blizzard updating builds every few days to scramble the offsets over and over and over?

... make that 5.2.0.16709 only 9 hours later.

I’ll pay 0.5 BTC (that’s just over $30) for a guide how to find those offsets myself. May offer more. Please post here if interested.

upping the bounty to 1 btc ($93), mavril, if you are out there please let me know how i can contact you.

@peanutbird Did you ever figure out how to get the offsets on osx? Did you ever hear back from @mavril? I'd totally pitch in some $ for a guide or even a consultation.

@haxxxx nope, @mavril disappeared. No more feedback from him. It’s a shame because apparently all we need updated is the memory address. I’m tired of paying for a Pocketgnome subscription (which I never use) just to use PocketGoblin (which I always use).
If the PG devs would offer a Pocketgoblin standalone for a reasonable price (~$1/month) then we wouldn’t need this.

Any luck with this ? i do pay for pocketgnome but they been up and down last day or so and i really need this to work. I dont mind paying but it should work!

@peanutbird any luck ? im willing to pitch it too.

Still no luck?

… nope :(

I've released a free tool that unlocks Lua on OS X. You can find it here: http://goo.gl/oXpnMK

1PHELPSoev2qCD8T6NxddRyHHrYDJ2PrPH is my wallet if you're still feeling generous.

You can hit me up on skype: bphelpsen

Hi benphelps
have you the CGGameUI::CanPerformAction offset for 5.4 (17359)

ProbablyEngine didn't work for me. Running 5.0.5.16135.

I too would love to be able to find the offsets. Last time I tried to learn, it was very daunting because I couldn't understand ASM very well. With some help, I managed to actually create one on Windows but couldn't replicate it after a client update. Would LOVE to have some sort of automated feature that at least HELPS me find the offset.

@peanutbird Should have kept that 1 BTC, and sold it for $20,000