Season One Championship


It has been long time since i posted, as i wasn't home, and i forgot to update the blog, but im back now, and starting to work on some hacks again (i will post my work as soon as the new LoL update is released, as i will have to update the offsets and stuff).

I have been watching every single game of the season one championship, and i was amazed by the play style from Fnatic and aAa, which both performed really well, but in the end Fnatic won in the second final game, and won $50k, and the championship. Also i am really happy that the finals were European :D

If some of you didn't watch the finals, you can check the game here:

Stay tuned for some new LoL hacks soon :D

Basic AIR Client hacking

Note: This tutorial was not written by me, it was written by Socks form

Prologue: Before we begin
For this howto we will be using the following applications:

  • cws2fws - You can use any number of flash decompressors, I've uploaded the one I'll be using here.
  • HxD - A hex editor. Really, any hex editor will work.
  • Sothink SWF Decompiler - Self explanitory.
The topics covered in this howto are very basic, however, we will be editing ActionScript bytecode. For this howto we will be using the following 4 opcodes:
Code :
24 Push byte
26 Push true
27 Push false
This howto is done using the paths for the current default launcher as of 16-04-2011. If you are using the beta launcher, replace all references to "C:\Riot Games\League of Legends\air" with "C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\<ver sion>\deploy". As of this writing the version is

I will not be posting patched versions of LolClient.swf. Doing so is a copyright violation.

Part 1: Decompressing the client

This will cover the use of the cws2fws that I linked to above, if you are using another decompressor you can skip this step. To make this easy, we won't be adding the exe to the path, just using it directly.

Your Flash decompiler will include a decompressor of its own so that it can open the file. However, we want a decompressed version of the file so that we can edit it easily with a hex editor.

Download the exe and copy it into your air directory (default on windows is C:\Riot Games\League of Legends\air). Open the command line (windows+R type cmd and hit enter). Execute the following commands (changing paths where necessary), your output should match the screenshot below. I personally do not follow the AIR versioning scheme when decompressing these, instead using the patch date.
Code :
cd "C:\Riot Games\League of Legends\air"
cws2fws.exe LolClient.swf LolClient.20110412.swf

Part 2: Using bytecode to enable the developer window

Copy your LolClient.20110412.swf to LolClient.20110412.developer.swf. This is the file we will be using for this part. Open Sothink and using the panel on the left, navigate to your air directory. Click on your developer swf and then expand the file on the right.

Select the actionscript tab at the top and search for "developer" (no quotes). Use the "Search All AS" button. This process will take a while, however, Sothink does a good job of caching the file in memory so subsequent searches will be pretty quick. We're looking for the developer flag that is set in the RiotApplication class, so scroll through the results and look for where that is set to false. You should be able to find this line in the function initDefaults.

At the top of the window, select Raw Data. This will allow us to see the hex and the bytecode side by side. Normally you're going to need to search for the function name you were looking for and actually dig into the code. Since I'm helping you out and we can see from our results above that we want the second "developer" in the class, hit "Search Current AS" twice .

The "_as3_pushfalse" above our search result is what we want to change, turning it into a true (and so yes: this whole part we're doing all this work to change a single bit :p). Open HxD and use it to open our developer swf. We're going to search for the hex we want and then edit the 27 into a 26 (_as3_pushfalse into _as3_pushtrue). In this case, we're going to search for the variable reference before the one we want in addition to ours (initialIndexedPublicChatRoomNames) banking on the fact that these two variables will never be set in the same order again. For this specific client the chunk of code we're searching for looks like:

Code :
//61 e9 3c
_as3_setproperty initialIndexedPublicChatRoomNames
_as3_getlocal <0>
//61 99 3e
_as3_setproperty developer
Change the 27 to a 26 and we're good to go. Save the file.
Backup your original LolClient.swf (I named mine LolClient.orig.swf) and copy LolClient.20110412.developer.swf into its place. Launch the client normally. You are now running in developer mode which includes access to the developer window.

Part 3: Unlocking all Summoner Spells

By now you've played with the developer window and decided that besides that tantalizing "enable draft cheats" checkbox, there's nothing of value there. Now its time to do something worthwhile: Give ourselves Flash at summoner level 1. We've all been in situations where we create level 1 accounts and end up in a 5v5 all smurf game. None of them have Flash, ignite, clarity, etc - but you can, allowing you to keep an advantage despite playing against other skilled players.

This is a real simple hack to do, all we're doing is patching the required summoner level in the air client. Create an new copy of the air client (I called mine lolclient.20110412.summoner.swf) and open it with Sothink. This time instead of searching for developer, search for Clairvoyance (the capital C is important). Again use the "Search All AS" button. However, this time all the results will be relevant.

The SpellFactory.createSpell arguments are as follows:
Code :
SpellFactory.createSpell(spellId:int, name:String, displayName:String, description:String, minLevel:int, gameModes:Array) : Spell
This means that all we have to change to make everything available to our level 1 account is change the minLevel argument. I'm going to provide the steps for cleanse with the rest left as an exercise for the reader.

Once again, click "Raw Data" at the top. Scroll down a bit until you see the summoner spell you want. In this case the raw data we're interested in looks like:
Code :
//24 01
_as3_pushbyte 1
//2c 96 8d 02
_as3_pushstring "SummonerBoost"
//2c 97 8d 02
_as3_pushstring "Cleanse"
//2c 98 8d 02"
_as3_pushstring "Removes all ..."
//24 02
_as3_pushbyte 2
//2c 93 d8 01
_as3_pushstring "CLASSIC"
//2c a0 d8 01
_as3_pushstring "TUTORIAL"
//2c 9f d8 01
_as3_pushstring "ODIN"
//56 03
_as3_newarray [array size:3]

We are looking to change the _as3_pushbyte 2 into an _as3_pushbyte 1. The opcode for _as3_pushbyte is 24 and it takes a single byte argument with the value. Open HxD and open the summoner swf file. Because these are essentially pointers to strings that only appear one place in the entire file, we can simply search for the two strings above the level (the displayName and the description). Change the argument byte from 02 to 01 and you've modified Cleanse's minimum level.

You can test whether or not your modification was successful without entering a game by looking at the spells tab of your profile.
Hopefully this whole thing wasn't too hard to follow and helps some of you looking into the AIR client. Happy Hacking!

Am i the only one eager to try the new champion?

So, am i?

Funny vid about Laning

Just something cool that i stumbled upon today...

Lee Sin Build


So i got to play Lee Sin a bit lately, and i quite liked it, so here is the build i often use:

Long Sword > Sheen > Boots of Swiftness > BF Sword > Phage > BF Sword > Last Whisper > Frozen Mallet > The Bloodthirster > The Black Cleaver > Banshee's Veil

This is pretty much it, won't explain why have i chosen these items, but they will get you some really nice AD burst

Hope you like it, and try the build out!

Did not post for some time now...


I didn't post for some time now, i was really busy, so i didn't have much free time to play anything, just an ocassional LoL game, so im currently not up to date with hacks, and stuff that came out in last month or so.
I hope i will get more time to play now, so bare with me for new hacks!


It's been a while since i posted anything, but i was really busy last couple of weeks.

Few days ago i reached lvl 30, and started playing ranked games a bit, and i got my ELO to 1500 pretty fast.
I still play vlad, but i started playing Nocturne, and it seems pretty good for now.

Servers have improved now, but they queue me for login at weekend evenings:

(note the queue position)