New Operation Update

[diogosilva212]

Hi, guys. With the new operation update (today), the glow doesn't work anymore. We need an update of the glowindex (I guess), as usual. Can someone do it?

[Fricker95]

new m_glowIndex offset: 0xAD48

[useking]

thanks @Fricker95 is there any way to find out the new glowindex offsets after each update? or is it too complicated (just so i can do it myself and tell others)

[Fricker95]

@useking there is two ways of finding the offset. One is reliable but more complicated (IDA Pro), the other is unreliable but simple. A third optional way is to use a program like this one: GO-SX-Internal-Lite

My question to you is do you have a basic understanding of c++ and how this program works?

Imma give you the benefit of the doubt, and ill try to explain the simple way. Depending on the update, this method might not work and/or you might have to change the m_iHeath (0x128) & m_iTeam (0x12C) aka different offsets not just the GlowIndex.

The methodology for this approach is that every update (as of my knowledge) the offset increases/shifts, so what I did was I iterated over the offset up to the size of the glowStruct (0x40) for each glowEntity. Then by slowing down the refresh rate of the hack, you can see which offset turns the glow back on, using printf() all the offsets will be printed to the console. Stop the program when you see it turn on. Also playing around with the usleep() values might make this process easier or harder.

• [1] In the main.cpp file, in the main() function increase the usleep() command to 150000 or smt big to slows down the refresh rate.

• [2] Also the the main.cpp file, in the applyEntityGlow() function, iterate over the glowStruct with m_iGlowIndex++ increments for each glowEntity:

void applyEntityGlow(mach_vm_address_t imgbase, mach_vm_address_t startAddress, int iTeamNum){
    for (int i = 0; i < 60; i++){
        uint64_t memoryAddress = mem->read<uint64_t>(imgbase + playerBase + m_dwEntityStructSize * i);

        if (memoryAddress <= 0x0)
            continue;

        bool dormant = mem->read<int>(memoryAddress + m_bLifeState);
        if (!dormant) {

            for (int j = 0; j < m_dwGlowStructSize; j++) {

                int glowIndex = mem->read<int>(memoryAddress + m_iGlowIndex + j);
                printf("0x%llx\n", m_iGlowIndex + j);

                int health = mem->read<int>(memoryAddress + m_iHealth);
                int playerTeamNum = mem->read<int>(memoryAddress + m_iTeam);

                if (health == 0)
                    health = 100;

                Color color;

                if (playerTeamNum != iTeamNum)
                    color = {
                        float((100 - health)/100.0),
                        float((health)/100.0),
                        0.0f,
                        0.6f
                    };
                else
                    color = {
                        float((100 - health)/100.0),
                        0.0f,
                        float((health)/100.0),
                        0.6f
                    };

                uint64_t glowBase = startAddress + (m_dwGlowStructSize * glowIndex);

                mem->write<bool>(glowBase + m_dwGlowEnable, true);
                mem->write<Color>(glowBase + m_dwGlowColorStruct, color);
                mem->write(memoryAddress + m_dFlashAlpha, 0.0f);

                usleep(1000);
            }
        }
    }
}

here is the reference for the offsets: uint64_t m_iGlowIndex = 0xAD48; //0xAD2C; uint64_t m_iHealth = 0x138; uint64_t m_iTeam = 0x12C; uint64_t m_dwGlowColorStruct = 0x8; uint64_t m_dwGlowEnable = 0x28; uint64_t m_dwGlowStructSize = 0x40; uint64_t m_dwEntityStructSize = 0x20;

• [3] Compile in XCODE

• [4] Start CSGO with -insecure flag

• [5] Start a game with bots and type these commands in console: sv_cheats 1 bot_freeze 1 bot_stop 1 mp_warmuptime 99999999999999999

• [6] Launch the hack with "sudo -s" and try to pin point the new offset.

You can either (/ /) comment out the for loop or just delete it after you found the offset. Also don't forget to change the usleep() function in the main() function back to its original value and remove the -insecure flag.

In this case the Offset was shifted by 0xAD48 - 0xAD2C = 28 (0x1C).

Hope this helps!

[Acew0t]

How about for danger zone?

[inderpartap]

Just to be clear guys, this is the only line I need to update for it to work? I downloaded this today and changed the below line, but nothing works. Can someone please help me out? And is this offset for competitive matches? uint64_t m_iGlowIndex = 0xAD48;

[Fricker95]

@inderpartap

in the main.cpp file:

line 62: int health = mem->read<int>(memoryAddress + 0x138); instead of 0x134. line 63: int playerTeamNum = mem->read<int>(memoryAddress + 0x12C); instead of 0x128. line 145: int i_teamNum = mem->read<int>(playerAddress + 0x12C); instead of 0x128.

and as i posted earlier 0xAD48 is the m_iGLowIndex offset.

it should work after those changes, lmk if its still not working.

[Fricker95]

@Acew0t Sorry I have no idea for danger zone but if you have an older offset you can use the method described earlier to find the new one.

[inderpartap]

@Fricker95

I tried what you mentioned, it's not working.

[Fricker95]

@inderpartap are you running the "sudo -s" command before running the program? Its needed to access other program's memory.

[inderpartap]

@Fricker95 Yes, I am. The steps i followed are -

1. Download the repo.

2. Open the project in Xcode.

3. Change the following lines in main.cpp - line 42: uint64_t m_iGlowIndex = 0xAD48; instead of 0xAC10 line 62: int health = mem->read<int>(memoryAddress + 0x138); instead of 0x134. line 63: int playerTeamNum = mem->read<int>(memoryAddress + 0x12C); instead of 0x128. line 145: int i_teamNum = mem->read<int>(playerAddress + 0x12C); instead of 0x128.

4. Build the project.

5. Open CSGO and start a match with bots.

6. Open terminal. Type sudo -s and give in the password.

7. Drag the build file into the terminal and press enter.

I hope I'm doing it all correct. Even in the game if I press Control+Option+V, i can see toggle on/off logs in the terminal, but the cheat fails to work.

[Fricker95]

@inderpartap everything looks good except maybe step 7. your dragging it into terminal but are you using the "./" (i.e. ./Wall)?

[inderpartap]

@Fricker95 I am not sure what did you mean by the "./" . I am giving the absolute path to the file

[Fricker95]

the "./" is the "." operator which executes the executable (i.e. ./User/username/..../Wall). but your fine since its executing. I tested out all the steps you followed and its working for me.

maybe try to redownload and follow the steps again, also there is a render distance so if the player is dormant they wont show up. Try using bot_stop 1 and go the the enemy spawn

[Greed123]

@inderpartap With Fricker95's instructions it works fine for me.

[amcgregor]

As a note, disabling System Integrity Protection globally is an incredibly, fantastically bad idea. While SIP does result in some… difficult to diagnose complications with software doing what this software does (that is, write to another application's memory), and Apple did a great job ensuring that death due to SIP overwatch is essentially untraceable: killed at a random point in time slightly after the offending operation takes place, without notification or signal, at a different location in the code each time. It's doing what it's supposed to do: protect your information from casual theft by literally any software you run.

The correct solution: grant the application being run the correct permissions under System Preferences → Security & Privacy → Automation. Not Terminal.app and everything ever run within, add just the Wall binary. This particular grant covers the need for one program to read or write to another program's memory. See my previous comment pointing all this out. (Easily found back by searching the issues for "security & privacy".) Also mentioned in other threads. Though I will admit, a depressing number of those threads give up on any from of system security by granting, pretty much, everything and the kitchen sink complete access to the system. (Don't drag in Terminal into that! Only the Wall binary!)

[Fricker95]

@amcgregor +rep