Enumerator Posted June 19, 2015 Share Posted June 19, 2015 (edited) PLAYER::GET_PLAYER_PED Hashes: 0x43A66C31C68491C0 0x6E31E993 -------------------------------------------------------------------------------------------------------------------------- Ped GET_PLAYER_PED(Player player) // 0x43A66C31C68491C0 0x6E31E993 -------------------------------------------------------------------------------------------------------------------------- jet fuel can't melt steel beams. 9/11? Lol... Edited June 19, 2015 by Enumerator Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067627411 Share on other sites More sharing options...
Neutrinobeam Posted June 19, 2015 Share Posted June 19, 2015 I don't know who if anyone out there is working on brute forcing natives, but I've been looking at the Jenkin's one-at-a-time (supposedly the innards of GET_HASH_KEY). I noticed some stuff that might make the brute force faster. The hash function parts are reversible, the problem is not knowing the input string, so you don't know what character value to subtract from the hash. uint_32 hash = 0for char in input hash += char hash += hash << 10 hash ^= hash >> 6hash += hash << 3hash ^= hash >> 11hash += hash << 15 The set of uint_32 can be considered an abelian group (Z_2^32) under addition and multiplication mod 2^(32). So the += (<<) lines can be replaced with *= 0x401, 0x9, or 0x8001. Because they are all of the form 2^(n)+1, they are relatively prime to 2^(32) and have multiplicative inverses in Z_2^(32) easily computable with the Extended Euclidian Algorithm. 1/1025 = 0x3FFF801, 1/9 = 0x38E38E39, and 1/32739 = 1/0x8001 = 0xC00FFC01 So hash = prehash + prehash << 10 (= prehash * 0x401) can be inverted with prehash = hash * 0x3FFF801 (or the appropriate += <<.) And the others similarly. The ^= >> leave a window that can be exploited from the top down to undo the operation. f undoXor(hash, shift) if shift < 1 || shift > 31 return 0 prehash = window = 0 for i = 0, i <= 31/shift, ++i window ^= hash >> (32 - shift*i) prehash += window << (32 - shift * i) return prehash From that, the final three lines of Jenkins can be reversed for every known hash to create an associated hash that acts better. Specifically, to hash "abcd", you only need the associated hash of "abc" and the letter "d". The associated hashes can be reverse searched for common prefix associated hashes "get_", "is_", etc. Or an end first search can be done. Look for 50 character strings using just memory for 49 associated hashes "a", "ab", "abc", etc. and not having to recompute information. Do "aba" through "abz", using "ab", then find "ac" and do "aca" trough "acz", working towards shorter strings. stormy.scp 1 Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067628986 Share on other sites More sharing options...
Alexander Blade Posted June 20, 2015 Author Share Posted June 20, 2015 NeutrinobeamIt was never about bruteforce speed but about hash collisions . Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067630318 Share on other sites More sharing options...
Transmet Posted June 20, 2015 Share Posted June 20, 2015 Maybe you can make a bruteforcer program based on CUDA ( Nvidia GPU ) for the work is much faster ? Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067632353 Share on other sites More sharing options...
A_SN Posted June 21, 2015 Share Posted June 21, 2015 Neutrinobeam It was never about bruteforce speed but about hash collisions . I think it would be more useful if we had a program where we can input just one hash and see all the possible collisions so we can pick the most fitting one (basically like Skorpo's but faster like yours), which would probably be found among the shortest hits. I ran it once and the list has more comedic value than anything else. IS_CANCERSTICKS_SYSTEM_SIGNIN_UI? GIVE_SNIFF_PED_AMMO_BY_TYPE? IS_PIMP_ALL_ADRENALINE?? I can't even see a single one in the whole list that makes any sense. By the way concerning the new hashes since we already know the name of the natives we can directly search for those, right? As in have "GET_PLAYER_PED" and search for a hash that matches? Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067636636 Share on other sites More sharing options...
MoMadenU Posted June 22, 2015 Share Posted June 22, 2015 ...we need to name their params and types here as well. In order to put more understanding in whatever natives do nativedb page does not appear to allow in-place edits. How can I contribute better descriptions of params and overall information once I discover it ? Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067640367 Share on other sites More sharing options...
Luucky Posted June 22, 2015 Share Posted June 22, 2015 You click that little pen right there. \/ ...we need to name their params and types here as well. In order to put more understanding in whatever natives do nativedb page does not appear to allow in-place edits. How can I contribute better descriptions of params and overall information once I discover it ? Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067641023 Share on other sites More sharing options...
MoMadenU Posted June 23, 2015 Share Posted June 23, 2015 Thanks! Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067643799 Share on other sites More sharing options...
darkphoenixxx Posted June 24, 2015 Share Posted June 24, 2015 (edited) So, since http://gta5-mystery-busters.onet.domains/tools/hashlist.php is down does anyone still have list of hashes for items? Edited June 24, 2015 by darkphoenixxx Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067646403 Share on other sites More sharing options...
marhex Posted June 24, 2015 Share Posted June 24, 2015 (edited) where i found the online decompiled scripts or they don't exist. i need the script of prison break heist. Edited June 24, 2015 by marhex Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067646691 Share on other sites More sharing options...
Alexander Blade Posted June 24, 2015 Author Share Posted June 24, 2015 (edited) Does anybody here have Online ysc/rpf with scripts ? where i found the online decompiled scripts or they don't exist. i need the script of prison break heist. Edited June 24, 2015 by Alexander Blade Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067647709 Share on other sites More sharing options...
sasuke78200 Posted June 24, 2015 Share Posted June 24, 2015 (edited) Yes, there's a rpf stored on R* cloud named bg.rpf which contains online scripts (for hot-fixing for example). http://prod.cloud.rockstargames.com/titles/gta5/pcros/bgscripts/bg_ng_372_0_rpf-Versions/0d55faa5-6b2d-46b1-bb8c-01f3143bff50.rpf Edited June 24, 2015 by sasuke78200 Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067647804 Share on other sites More sharing options...
A_SN Posted June 24, 2015 Share Posted June 24, 2015 So, since http://gta5-mystery-busters.onet.domains/tools/hashlist.php is down does anyone still have list of hashes for items? It's not down anymore. By the way is there a visualiser for those? Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067647846 Share on other sites More sharing options...
marhex Posted June 24, 2015 Share Posted June 24, 2015 Yes, there's a rpf stored on R* cloud named bg.rpf which contains online scripts (for hot-fixing for example). http://prod.cloud.rockstargames.com/titles/gta5/pcros/bgscripts/bg_ng_372_0_rpf-Versions/0d55faa5-6b2d-46b1-bb8c-01f3143bff50.rpf can you give me those scripts please. Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067648057 Share on other sites More sharing options...
MrGTAmodsgerman Posted June 25, 2015 Share Posted June 25, 2015 (edited) Yes, there's a rpf stored on R* cloud named bg.rpf which contains online scripts (for hot-fixing for example). http://prod.cloud.rockstargames.com/titles/gta5/pcros/bgscripts/bg_ng_372_0_rpf-Versions/0d55faa5-6b2d-46b1-bb8c-01f3143bff50.rpf can you give me those scripts please. There included, but idont know how to open it, it comes a Error Message in LibertyV and OpenIV Edited June 25, 2015 by MrGTAmodsgerman Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067650243 Share on other sites More sharing options...
marhex Posted June 25, 2015 Share Posted June 25, 2015 Yes, there's a rpf stored on R* cloud named bg.rpf which contains online scripts (for hot-fixing for example). http://prod.cloud.rockstargames.com/titles/gta5/pcros/bgscripts/bg_ng_372_0_rpf-Versions/0d55faa5-6b2d-46b1-bb8c-01f3143bff50.rpf can you give me those scripts please. There included, but idont know how to open it, it comes a Error Message in LibertyV and OpenIV you have to decompile them to get the code Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067650263 Share on other sites More sharing options...
Transmet Posted June 25, 2015 Share Posted June 25, 2015 So, since http://gta5-mystery-busters.onet.domains/tools/hashlist.php is down does anyone still have list of hashes for items? It's not down anymore. By the way is there a visualiser for those? CTRL + F > ALL Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067651184 Share on other sites More sharing options...
A_SN Posted June 25, 2015 Share Posted June 25, 2015 So, since http://gta5-mystery-busters.onet.domains/tools/hashlist.php is down does anyone still have list of hashes for items? It's not down anymore. By the way is there a visualiser for those? CTRL + F > ALL I mean so you can see what the models look like. Transmet 1 Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067651276 Share on other sites More sharing options...
MoMadenU Posted June 25, 2015 Share Posted June 25, 2015 I really want to be able to contribute to nativedb naming but I'm a business app developer not a game engine veteran. I do have a simple working script I wrote that calls natives so I'm at least that far. Does optimized.exe have to be run in the same folder as the game .exe ? Run optimized.exe while the game is running or not running ? Some actual command lines that show optimized.exe in use would be very helpful Do you have a dev environment set up that lets you set breakpoints and be able to type and execute like the Immediate Window in Visual Studio? It seems brutal to have to restart the game every time just to mess with a native Is it just by luck that optimized will get a hit ? If you get something, how do you actually test it? Any guidance would be much appreciated. Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067651721 Share on other sites More sharing options...
Luucky Posted June 25, 2015 Share Posted June 25, 2015 Hey man, hope this helps you a little. Here's a way around restarting the game. I really want to be able to contribute to nativedb naming but I'm a business app developer not a game engine veteran. I do have a simple working script I wrote that calls natives so I'm at least that far. Does optimized.exe have to be run in the same folder as the game .exe ? Run optimized.exe while the game is running or not running ? Some actual command lines that show optimized.exe in use would be very helpful Do you have a dev environment set up that lets you set breakpoints and be able to type and execute like the Immediate Window in Visual Studio? It seems brutal to have to restart the game every time just to mess with a native Is it just by luck that optimized will get a hit ? If you get something, how do you actually test it? Any guidance would be much appreciated. Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067652068 Share on other sites More sharing options...
MrGTAmodsgerman Posted June 25, 2015 Share Posted June 25, 2015 There included, but idont know how to open it, it comes a Error Message in LibertyV and OpenIV you have to decompile them to get the code How? Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067652199 Share on other sites More sharing options...
MoMadenU Posted June 25, 2015 Share Posted June 25, 2015 Hey man, hope this helps you a little. Here's a way around restarting the game. I really want to be able to contribute to nativedb naming but I'm a business app developer not a game engine veteran. I do have a simple working script I wrote that calls natives so I'm at least that far. Does optimized.exe have to be run in the same folder as the game .exe ? Run optimized.exe while the game is running or not running ? Some actual command lines that show optimized.exe in use would be very helpful Do you have a dev environment set up that lets you set breakpoints and be able to type and execute like the Immediate Window in Visual Studio? It seems brutal to have to restart the game every time just to mess with a native Is it just by luck that optimized will get a hit ? If you get something, how do you actually test it? Any guidance would be much appreciated. OK thanks. I am working mostly in .net so that is nice to not have to reload. I'm off to study the decompiled scripts. There is so much to learn but it will be well worth the effort to be able to harness Rage to the fullest being the masterpiece it is. I work for the DOT and the $250k driving sim we have now looks like Mario Cart on Nintendo 64 compared to GTAV. I ultimately want to use Rage for doing traffic flow studies. Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067652321 Share on other sites More sharing options...
marhex Posted June 25, 2015 Share Posted June 25, 2015 (edited) There included, but idont know how to open it, it comes a Error Message in LibertyV and OpenIV you have to decompile them to get the code How? i don't know how but you see the decompiled scripts. Edited June 25, 2015 by marhex Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067652325 Share on other sites More sharing options...
frodzet Posted June 27, 2015 Share Posted June 27, 2015 Not sure if it's just me being plain stupid here, but in the later later versions of Native Trainer, you added a function to prevent the player from flying through the windscreen. Now here is the code: const int PED_FLAG_CAN_FLY_THRU_WINDSCREEN = 32; if (featureVehSeatbeltUpdated) { if (bPlayerExists && !featureVehSeatbelt) PED::SET_PED_CONFIG_FLAG(playerPed, PED_FLAG_CAN_FLY_THRU_WINDSCREEN, TRUE); featureVehSeatbeltUpdated = false; } if (featureVehSeatbelt) { if (bPlayerExists) { if (PED::GET_PED_CONFIG_FLAG(playerPed, PED_FLAG_CAN_FLY_THRU_WINDSCREEN, TRUE)) PED::SET_PED_CONFIG_FLAG(playerPed, PED_FLAG_CAN_FLY_THRU_WINDSCREEN, FALSE); } } I'm just curious on how to find the different flagID's? Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067660411 Share on other sites More sharing options...
Alexander Blade Posted June 28, 2015 Author Share Posted June 28, 2015 There is no list , this one is found by assumption using natives located around. Not sure if it's just me being plain stupid here, but in the later later versions of Native Trainer, you added a function to prevent the player from flying through the windscreen. Now here is the code: const int PED_FLAG_CAN_FLY_THRU_WINDSCREEN = 32; if (featureVehSeatbeltUpdated) { if (bPlayerExists && !featureVehSeatbelt) PED::SET_PED_CONFIG_FLAG(playerPed, PED_FLAG_CAN_FLY_THRU_WINDSCREEN, TRUE); featureVehSeatbeltUpdated = false; } if (featureVehSeatbelt) { if (bPlayerExists) { if (PED::GET_PED_CONFIG_FLAG(playerPed, PED_FLAG_CAN_FLY_THRU_WINDSCREEN, TRUE)) PED::SET_PED_CONFIG_FLAG(playerPed, PED_FLAG_CAN_FLY_THRU_WINDSCREEN, FALSE); } } I'm just curious on how to find the different flagID's? Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067662000 Share on other sites More sharing options...
Transmet Posted July 1, 2015 Share Posted July 1, 2015 (edited) I request re sorry : It is not possible that someone clutched make a Brute Forcing program in CUDA ( For exploit GPU ) As computing power gripped much acrue .I personnaly do not develop in CUDA but if anyone knows he might be doing , it should help ? And what is the name of the new hash algorithm for native functions ? ( not JOAAT but the other) Thank ^^ Edited July 1, 2015 by TransmetTeam Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067677741 Share on other sites More sharing options...
sasuke78200 Posted July 1, 2015 Share Posted July 1, 2015 They're not using hashing anymore. They just put random values for natives. Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067677924 Share on other sites More sharing options...
Transmet Posted July 2, 2015 Share Posted July 2, 2015 (edited) I programmed a little BruteForcer Native in C#. I nommed "Large Hash Collider" ( LHC ) . It is based on a dictionary of 500 words and mixtures and forms a chain ( the chain is treated not to exceed 30 characters )And the string is hashed in the JOAAT, the joaat hash checker is then in a dump 1799 joaat hash still not found ( I have to retrieve NativeDB ) and if there is one that is worth what hash then the hash and is the native display. I find it rather powerful spell me at least one native Every 15 seconds , even if it is quite random I'm sorry for my English. The link : http://www.mediafire.com/download/4p1616w6cvpwlgo/Large_Hash_Collider_-_V2_-_Transmet.zip EDIT : Link Updated ( with the new version of the program ) this new version add a 300 words in the dictionnary and correct 2 bugs. Edited July 2, 2015 by TransmetTeam Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067680902 Share on other sites More sharing options...
lulzmodder Posted July 3, 2015 Share Posted July 3, 2015 (edited) I was just trying to figure out few unknown things in the entity section, and as a result I got these: Vector3 ENTITY::_0xE465D4AB7CA6AE72(Any P0) //GET_ENTITY_COLLISION_NORMAL? normalized collision pointAny _0x5C3D0A935F535C4C(Any p0) //GET_COLLIDED_STATIC_MAP_OBJECT_HASH? they can't be created or spawned thoughvoid _0x621873ECE1178967(Any p0, float p1, float p2, float p3, BOOL p4, BOOL p5, BOOL p6, BOOL p7) //works same as SET_ENTITY_COORDS (O.o) Edited July 3, 2015 by lulzmodder Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067684781 Share on other sites More sharing options...
InfamousSabre Posted July 8, 2015 Share Posted July 8, 2015 (edited) I was just trying to figure out few unknown things in the entity section, and as a result I got these: Vector3 ENTITY::_0xE465D4AB7CA6AE72(Any P0) //GET_ENTITY_COLLISION_NORMAL? normalized collision pointAny _0x5C3D0A935F535C4C(Any p0) //GET_COLLIDED_STATIC_MAP_OBJECT_HASH? they can't be created or spawned thoughvoid _0x621873ECE1178967(Any p0, float p1, float p2, float p3, BOOL p4, BOOL p5, BOOL p6, BOOL p7) //works same as SET_ENTITY_COORDS (O.o) GET_ENTITY_COLLISION_NORMAL seems very useful to me, but I'm confused as to what exactly it returns. What is a collision normal / normalized collision point? Edited July 8, 2015 by InfamousSabre Link to comment https://gtaforums.com/topic/717612-v-scriptnative-documentation-and-research/page/23/#findComment-1067709161 Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now