CLEO Help Fake Packets / Fake AIM

[dope]

Hi, I'm trying to send fake packets to a server with CLEO (specifically make the server think I am aiming a weapon) or if a simpler alternative to just fake aim is available.

Anyone know or have experience faking packets?

EDIT: found this opcode after about 30 seconds of searching '0BC3: samp send_aim_data 0 @' I was wondering what the structure or any prerequisites for using this opcode, or can I straight up spoof aim data?

 

[springfield]

0B2B: samp 0@ = get_player_id_by_actor_handle $PLAYER_ACTOR
0BBE: samp store_player 0@ aim_data 1@

//1@ = aim packet struct
//edit it then send it

0BC3: samp send_aim_data 1@

 

[dope]

I couldn't get it to work, someone else feel free to get this working

 

[dope]

oh, forgot.

the aim of the cleo is to press a button (or type a command using SAMP FUNCS) then it will spoof aim data so the server believes that you're aiming a gun. I'll reveal the rest in a video once (someone) makes the cleo

 

[springfield]

Well then, you're wrong. Faking aim data won't make the server think you're aiming a gun.

You should spoof keys, anims or the green marker id. It depends on how the server script checks if you're aiming a gun, since there's no such function in samp(afaik).

 

[dope]

Well then, you're wrong. Faking aim data won't make the server think you're aiming a gun.

You should spoof keys, anims or the green marker id. It depends on how the server script checks if you're aiming a gun, since there's no such function in samp(afaik).

It detects if you're holding RMB, so this method would work.

 

[springfield]

sa-mp can't check keys like RMB, only keys functions(those defined in options, like sprint, enter/exit etc.)
The only thing in aim data that could relate to you aiming is the cam mode(GetPlayerCameraMode).

Here's how to fake that.
First, when sending a fake packet be sure to nop that packet function, in order to not send two packets, a legit one and a fake one.

//nop aimData before
0B2B: samp 0@ = get_player_id_by_actor_handle $PLAYER_ACTOR
0BBE: samp store_player 0@ aim_data 1@
0AC8: 1@ = 31 //allocate mem the size of stAimData
0C0D: struct 1@ offset 0 size 1 = 53//camMode
0BC3: samp send_aim_data 1@
0AC9: 1@

aimData struct

Spoiler

struct stAimData //from mod_sa
{
#pragma pack( 1 )
BYTE byteCamMode;
float vecAimf1[3];
float vecAimPos[3];
float fAimZ;
BYTE byteCamExtZoom : 6; // 0-63 normalized
BYTE byteWeaponState : 2; // see eWeaponState
BYTE bUnk;
};

 

[dope]

sa-mp can't check keys like RMB, only keys functions(those defined in options, like sprint, enter/exit etc.)
The only thing in aim data that could relate to you aiming is the cam mode(GetPlayerCameraMode).

Here's how to fake that.
First, when sending a fake packet be sure to nop that packet function, in order to not send two packets, a legit one and a fake one.

//nop aimData before
0B2B: samp 0@ = get_player_id_by_actor_handle $PLAYER_ACTOR
0BBE: samp store_player 0@ aim_data 1@
0AC8: 1@ = 31 //allocate mem the size of stAimData
0C0D: struct 1@ offset 0 size 1 = 53//camMode
0BC3: samp send_aim_data 1@
0AC9: 1@

aimData struct

Spoiler

struct stAimData //from mod_sa
{
#pragma pack( 1 )
BYTE byteCamMode;
float vecAimf1[3];
float vecAimPos[3];
float fAimZ;
BYTE byteCamExtZoom : 6; // 0-63 normalized
BYTE byteWeaponState : 2; // see eWeaponState
BYTE bUnk;
};

reported by the client is KEY_SECONDARY_ATTACK from config, often RMB.

thanks for the code too, m8