 our next speaker is David showing us an introduction to cheat engine. Thanks everyone. So as you said, I'm David. I'm here to talk about hacking video games. I'm a security researcher at ‑‑ thanks. I work at Cinec. I hack programs there and hardware. I love hacking programs and hardware, pining nubes and video games, snowboarding, hiking, that sort of thing. So a little bit of motivation, why would you want to learn cheat engine? So if you have friends who are better at video games than you are and you want to beat them all the time, this is a way to do that. You can modify your video games to have a little more fun with them. And you can also just learn about programs, video games, how they're made and learn how to hack them. So we'll learn a little bit about how to find internal game variables in this talk, how to scan memory, edit memory, and how that all works and then we'll hack Minecraft at the end. In my picture here, you'll notice something kind of funny if you've ever played Pokemon. I have a level 70 Charmander. So it's not photoshopped. And I'll show you guys how to do that. Okay, but first we're going to start a little easy. Okay, so I don't know if you guys have ever seen this. It's kind of an old video game. This is Super Mario 64. Anybody play this? All right, cool. So over here, this is cheat engine. And you'll see down here I've scanned memory. And do you notice anything interesting about this number? It's the number of coins that I have. So with cheat engine it allows us to modify this internal variable. I can make it like 9999. And then it'll update. So it's pretty sweet, right? So now let's hack Pokemon. Okay. So I've got Pokemon up. And we want to get that level 70 Charmander, right? So the way we're going to do this is we're going to get in a fight and then we're going to find the amount of XP that we gain after the battle. And we're going to change it to be some extreme value that's going to let us level up into like a Charizard in like one battle. So notice this last result that I've searched for. Right now it's 0. But then it's going to become the number of experience that I gain after the battle. So you can see Charmander gained 15 experience points. And down here my experience changed this value in memory changed to 15. So we can change that to be like another extreme value. Much more than we would actually gain in a battle. And you'll notice that the 15 isn't going to change. But I'm going to just keep leveling up. So the value of experience internally changed. But what appeared on the screen didn't. See I'm level 9. And it just keeps on going. Just going to open up Minecraft for later. So we saw that memory scanning is super powerful, right? So let's take a look at like how it works internally a little bit before we get into Minecraft. So why would you want to scan memory? Well we can find powerful variables like health, experience, player position, and inventory items. So internally it works pretty simply. There are operating system functions that allow programmers to get a representation of other processes running on the computer. And then read and write to memory. So the arguments that the operating system wants from the user are the address that they'd like to read from, how much they'd like to read, and what they want, what they want to read into, things like that. So now let's apply what we've learned here to Minecraft. So if we wanted infinite items, we should be able to search the number of items in a slot in memory, right? And then we can filter through our search results because we're going to find a lot of other internal game variables that just happen to be the same number, but they don't actually control the number of items that we have. So we're going to be able to filter through that by getting rid of and gaining items and then using that to like filter through our results. Okay, so I'll create a new world. And while we do this, I'll just go ahead and tell Cheat Engine that we want to examine the Minecraft process. Okay, so now we have a few items in our inventory. And I can go over here, I can search the number of items that we have in that piece of inventory. Okay, so we have all these results. And like I said, a lot of these, we have a lot of results. This is like five million, two hundred thousand results. So we need to filter through these and actually find which one it represents, right? So if we go back to the game, if I can remember the key, I should be able to get rid of one of these. I love getting help from the crowd. All right, so I got rid of one item. So now the number of items in that slot is one. So I can filter through these search results. So now I've got a lot less items. You see I got down to fifty three thousand. And we can just, because these, the other internal variables that don't represent the number of items in that slot will change, especially as I move around. So now I accidentally picked one up. It went up to two. So I'll go back over here and search for two. And I can just kind of rinse and repeat this. I'll get rid of it. Go back here and search for one. All right, I've got a bunch of values here. I've really trimmed it down. We're down to eleven. Go back here and search for two. You can see that we actually, these ones don't represent the items because we went up to two. And all of our values are still one. So this demo kind of failed. But if you come and see me after, I'll get it right in front of you. Sorry about that guys. The next ones will be much better, I swear. You can see that I was actually able to do it. I took an item that I only had three of and I changed it to three one three three seven. So the next demo I have for you is achievements. This is pretty cool. This was a lot less complicated than searching through memory. I was actually able to trace the events that the game was making, like writing to and reading from files. And I was able to find which file represented the achievements that I had. And I could change my achievements to open like three thousand chests when I had just started the game. Stuff like that. So that was pretty cool. This is going to be my most exciting demo. This is teleporting. So in Minecraft, I don't know if you guys have ever seen this, but there's a debug screen. If you hit F3, it'll show you all kinds of cool information like your position on the map. You see that over here? My X, Y, Z coordinates on the map. So I thought that was pretty fun and I just started searching for that in memory. The problem with that is if you notice, these are decimal values. They have a decimal point afterwards. So if you search that in memory, you'll, you probably won't find anything. And it's because these are, these are the rounded values of your position on the map. They're, they're not like the full values of your map that, that have a high precision. So how was I supposed to find these like high precision values before they got rounded? Well, I found my save file. And inside my save file, if you open it up with a, with a program that's made to parse these files, also known as a NBT editor, then you're able to find your position on the, on the map. See? So I'll demonstrate that really quick. I've got this really cool program I learned how to use called unmind. And basically it'll open up your save file. So I'm in New World, I think, right? Yeah. So that's my map. And I can just like pick anywhere on my map. How about this beach? That looks nice. I'll go up in the trees. So I can copy that location. I need some place to paste my location. One second. My God, what fail? All right. So that's where we want to teleport. That's the XYZ coordinates of where we want to teleport. All right. So first we need to be able to, first we need to find our XYZ coordinates in memory. So the way we're going to do that is we're going to open up the game save file in our NBT editor. And then we're going to copy those full precision values and search those in memory. And then that will allow us to find the XYZ coordinates. So I need to save the game first so that those values get written to the file. So here's my player information. Sorry, this is pretty small. And then we're looking for our position. So pause. There's pause. And here's our three, our XYZ coordinates. So first we want to find this X coordinate. So I'll load back up my game. New world. And I'll find cheat engine. Well, everybody pray to the demo gods with me. Okay. We got results. So like I said, you want to be able to filter through these values. A lot of values are just going to end up being the same just by chance. So what I'm doing right now is just looking around to increase what's called entropy. To change all these values that don't represent my X position. So you see I got down to 25. So I'll add these to my list. Because those are my X position. And then we'll go back to our NBT editor and we'll move on to the next. So we've got an X, a Y and a Z. I'm going to search for Z next. So we're searching for a Z position now. I'm sorry, this is a little bit tedious. But it'll be really cool once we get to teleport. And if you guys want to see more of these, if you guys want to see this afterwards, how did I just get rid of that? Oh no. If you guys want to see this afterwards, if you want to see like infinite items, I had another demo prepared where I could actually take an item and then convert it into any other item that I wanted. So I could take wood and make it diamonds. All right. So we're getting some entropy again, just like looking around without moving our position on the map. And we're just going to filter down. We're still at like 5,000 values. We don't want to modify this many values because that is going to slow down our process a lot. We want to get down to like less than 100 values. Because often in these video games, there's a lot of copies of things. So it's okay if you just change all of the copies. But you want everything that actually represents the value that you're interested in. All right. We're down to 29 values that represent our Z position in memory. That's good. Okay. The next one's pretty easy. Our Y position. That's just 63. So we'll search for that. And then we're going to filter through them as well. It's because we're at 21,000. We want less than that. Y is actually really easy to change. Yeah, we're down to 193. This is pretty okay. I'm sorry. We're out of time. So come see me afterwards and I'll finish out this demo for you guys if you guys are interested. I'd like to show some resources. The game hacking book. I've got it with me. I can show it to you guys if you want. I learned a lot from it. There's great tutorials on YouTube, forums, Wikipedia's on Minecraft to find all of the IDs for the different items. And then in rapping I'd like to say thank you to Cinec for sponsoring this talk. The dark bite for making cheat engine and for my friends for game hacking with me. Thanks everyone.