Runescape Cheating - Updaters

Runescape Cheating - Updaters
By Tree / Wehrmacht​

BCEL bots are the current trend when it comes to Runescape 2 cheating. Unfortuanatly, there is a complete lack of resources for newcomers to study if they wish to develop their own bots. I apologize for the severe lack of correct terminology.

We must first take a brief look at the role of an updater when it comes to rs2 cheating. I plan to put everything as simple as possible so that the average reader can understand what i'm trying to present. Jagex like to swap and change things around in the client so it makes it a lot harder for us to do anything with it. We are required to decompile and deobfusicate the client. However, everything comes out a bloody pile of garbage. When the client's version changes, the location of the fields do as well. So that the developer doesn't have to manually find these fields again, an updater is used. We basically go through the client's code until we find the field using a unique pattern. For example, the field for the player's hitpoints might be static and in a class with a specific amount of interfaces. We find fields using a unique set of attributes. It's really that simple. If you wish to find these fields manually, then the updater logs are your number one resources. Once the field has been found, it's common practice to add an interface to it so we can have easy access to it.

I don't plan to write much. So i'm going to list a number of tips to allow you push start what you know. Once again, it's important to note that i keep things very simple. Many things may seem uncorrect to the educated eye. This is because i must simplify things, which leads to a few innaccuracies.

Updater Logs

This is your most valuable asset. Updater logs shows us exactly where certain fields are. Thanks to other hard working individuals, you are not required to search for everything by yourself. I suggest that you avoid these as you learn more and more. Assuming you are using popcorn's deober, replace what is in deob.bat with:

Code:

@echo off
echo Deobfuscating RS2 client...
echo.

if exist runescape.jar goto deob
wget http://world37.runescape.com/runescape.jar

:deob
title Deobfuscating...
java -noverify -cp deobber.jar archive
java -cp deobber.jar deob runescape.jar

title Renaming...
java -cp ZKM/ZKM.jar ZKM ZKM/rs2.txt

title Decompiling...
md ~deob
cd ~deob
jar xf ../deob.jar
if defined DECOMPILER (
	"../jad.exe" -sjava -t *.class
) else (
	java -cp ../jode.jar jode.decompiler.Main --dest . ../deob.jar
)

title Finding LiveConnect class...
echo @echo off>> ~lc.bat
echo set clsname=%%1>> ~lc.bat
echo find "netscape" %%1>> ~lc.bat
echo if errorlevel 1 goto err1>> ~lc.bat
echo echo Found match: %%clsname:~,-6%%>> ~lc.bat
echo del %%clsname:~,-6%%.java>> ~lc.bat
echo goto done>> ~lc.bat
echo :err1>> ~lc.bat
echo del %%1>> ~lc.bat
echo :done>> ~lc.bat
for %%x in (*.class) do call ~lc.bat %%x > nul

title Finishing up...
copy ..\~rsver ~rsver
echo e 100 "set RSVER=" > ~tmpdebug
echo n ~tmp >> ~tmpdebug
echo rcx >> ~tmpdebug
echo a >> ~tmpdebug
echo w >> ~tmpdebug
echo q >> ~tmpdebug
debug < ~tmpdebug > nul
copy ~tmp+~rsver ~rsver.bat > nul
call ~rsver.bat
echo Dumping jar file...
jar cf %RSVER% *.class *.java
copy %RSVER% ..\%RSVER% > nul
cd..
rd ~deob /s /q
del ~rsver deob.jar runescape.jar

echo.
echo done.
pause

Changelogs shouldn't be deleted once that is changed and you can easily use and updater logs and the change logs to find the required fields. Eventually, you will be able to figure out a pattern that works on all the recent versions. Here is a list of updater logs:

- #528: http://www.moparisthebest.com/smf/index.php/topic,339161.0.html
- #527: http://www.moparisthebest.com/smf/index.php/topic,338649.0.html
- #526: http://www.moparisthebest.com/smf/index.php/topic,338583.0.html
- #525: http://www.moparisthebest.com/smf/index.php/topic,331106.0.html
- #524: http://www.moparisthebest.com/smf/index.php/topic,329115.0.html
- #523: http://www.moparisthebest.com/smf/index.php/topic,325711.0.html
- #521: http://www.moparisthebest.com/smf/index.php/topic,319293.0.html
- #519: http://www.moparisthebest.com/smf/index.php/topic,314619.0.html
- #514: http://www.moparisthebest.com/smf/index.php/topic,312636.0.html
- #513: http://www.moparisthebest.com/smf/index.php/topic,310609.0.html
- #512: http://www.moparisthebest.com/smf/index.php/topic,310144.0.html
- #510: http://www.moparisthebest.com/smf/index.php/topic,305774.0.html
- #509: http://www.moparisthebest.com/smf/index.php/topic,301777.0.html
- #508: http://www.moparisthebest.com/smf/index.php/topic,294585.0.html
- #506: http://www.moparisthebest.com/smf/index.php/topic,292632.0.html
- #505: http://www.moparisthebest.com/smf/index.php/topic,290196.0.html
- #504: http://www.moparisthebest.com/smf/index.php/topic,289191.0.html
- #503: http://www.moparisthebest.com/smf/index.php/topic,285279.0.html
- #500: http://www.moparisthebest.com/smf/index.php/topic,277400.0.html
thanks to freddy for collecting all updater logs and formatting them into a list.


Comparing Deobs

There are truckloads of deob's that are renamed a fair bit. This allows you to understand everything a bit more. You then compare all of this and check it against the latest deobs. This is rather simple. It does require you to sit down and concentrate for a while while.

Adding System.out,println()s

I suggest that you add this in certain areas of the client so you can see when certain things are triggered and how things work. It will amaze you how well this does work and how much fun you can have with it. This will really clear things up for you hopefully.

Things to Remember

You can't obfuscate your calls to the Java libraries. This means that the following will stay the same:
There are plenty of published updaters out there. I suggest taking a look at franks. It's one of the best public updaters around lately.
There are many renamed deobs around. I suggest you go look at http://www.moparisthebest.com/smf for them.

I have only touched upon a certain amount fo rs2cheating.
I apologise for the inaccuracies but i think it gets the message across rather well.