Not real hacking!
- Open this file with a hex editor:
\AppData\LocalLow\Red Dot Games\Car Mechanic Simulator 2015\profile#\global
- Search for
- Locate the int32 value of each property in little-endian.
- Convert your current XP and money to hex to make the search easier.
- Overwrite them with
6F FF FF FF.
- You have "hacked" the game.
It does not get easier than this.
- The Game
- Savegame Location
- How Stats are Stored
- What did We do Wrong?
- Signed Int32 Representation
- Very Money, Much Experience
- Integer Overflow
Savegame editing is perhaps the oldest (and most basic) variant of game hacking. One of the reasons I went into security (or got decent at reverse engineering file formats) was computer games.
I used to play the original version of Heroes of Might and Magic. I usually rushed to get a few units. Split them into arbitrary stacks (e.g. 2 archers in slot 1, 3 in slot 2 and so on), then looked in the savegame for those numbers and modified the count to
FF. Voila, I had 255 of every unit.
This is exactly what we are going to do here too.
Over the thanksgiving weekend I got Car Mechanic Simulator 2015 for 2 dollars in the Steam sale. I played it for around 10 hours (that's 20 cents per hour which is quite the bargain :D). It's a good game but it has a lot of grinding1.
First item is to locate the savegame which brings us to this Steam community thread. They are at:
\AppData\LocalLow\Red Dot Games\Car Mechanic Simulator 2015\
profile# directory will contain a different profile.
Note the developer is claiming the file is encrypted
try to hack'em :) good luck with decrypting. It's not encrypted. I am not trying to shit on the dev, it's a good game.
How Stats are Stored
When editing savegames, chances are numbers are saved in hex (or decimal). Convert them into hex and grep.
Currently we have $2000 (
1 experience. Now we can grep for the money like this
grep -arb $'\x07\xd0' but won't find anything. You need to remember endian-ness or you could just search for the word
0x277. Open the file with a hex editor such as HxD.
This seems to be a serialized Unity file according to DisUnity. But we do not care about the format, we want to edit XP and money to unlock auctions.
We can see our XP and money as an int32 (aka 4 bytes) in little-endian (first byte is the LSB). Replace them with whatever you want (remember they are in hex). For example I am going to max out everything with
FF FF FF FF.
Well that did not work out as expected:
What did We do Wrong?
We assumed that a variable representing XP or money is going to be an unsigned int (well money is debatable as games usually use negative balance to indicate debt). But these are signed int32s.
Signed Int32 Representation
We already know how signed ints are stored. Most significant bit or
msb (note the lowercase
b and do not confuse it with most significant byte or
MSB) is sign:
0: Number is positive. Rest of bits represent the number.
1: Number is negative. Rest of bits represent two's complement of absolute value of number.
Two's complement is created simply by flipping all the bits and then adding by one. So
FF FF FF FF is
Very Money, Much Experience
To get the max signed int32 positive number we need to keep the first bit as
0 and set the rest to
1. Take the last byte (first byte to the left) and convert it to bits
1111 1111. Flip the first bit to the left (or msb) to get
0111 1111 or
7F. So max int32 is
7F FF FF FF.
You do not need to exit the game every time, go to the main menu between edits.
However, this is not a good number. If you earn one dollar or XP, int32 will overflow and you are left with min int32 number
80 00 00 00 (MSB:
7F 00 00 00 to unlock everything.
- I have other issues with the game. For example ordering parts is a pain because you have to do them one by one. But this is not a game review. [return]