How was the Shellshock.IO cheat made?

A few months ago, I published an aimbot & esp for shellshock.io on greasyfork.com. It gets around 150-400 installs per day. Has 10k+ installs in total as of writing. In this post, I will be explaining how it was done. This post will be split into 3 parts. The first part will cover what an aimbot requires to work. Second, the development of the aimbot. And third, the development of the ESP (or vision through walls). This post could be helpful for peeps wondering how cheats for web games are made. I would suggest looking through the code of the script while reading to better understand this post. You can find it here.

ESP Screenshot
Aimbot & ESP

Starting off

What are the things an aimbot requires to work? The positions of players in the game and a way to set the local player’s aim. How do you find these? You can look for them in the main JS file of the game. How do you find the js file? View the source of the HTML page and search for .js and use some basic logic.

Main game JS file

Going further and looking into the loadJS function reveals that the game uses an XHR to fetch the js file. This is useful for us. We can proxy XHR, inject our code into the fetched js file and let the game run it.

loadJS using XHR

This part of the script takes care of proxying XMLHttpRequest and injecting our needed code.

Proxying XHR

Now that we have a way to modify the main game file, it’s time to find the two things our aimbot needs to work. How do I find the players list? It all comes down to reasoning and logic. How will anyone store players? Either as an object or an array. Shellshock stores it as an array. How do you find this array? You can look for = [] in the beautified version of the js file and use a little bit of guesswork to figure out which one could be the player list. In our case, the highlighted variable in the code below was the players list.

Note: You should never use the exact var name in your script cos var names change whenever the code is rebuilt (aka update is pushed by the developers). You should use regular expressions to find the var names. 

Players list
Using regex to find var names

We can similarly find a way to set the aim of our local player by a little bit of reasoning and guesswork. We know that the aim change when the mouse moves. In browser-based FPS games, movementX and movementY properties of the MouseEvent object are used to change the aim when the cursor moves. Searching for movementX, we find this function that has a health check to determine if our local player is alive. This local player object also has yaw and pitch properties which we can alter to change the aim.

Local player

We now have access to everything our aimbot needs. Time to move on to next part!

Making it aim

This is pretty EZ to do. You just find the closest player to you, calculate its yaw and pitch from your local player, and then set the aim of your local player. There are also a few checks to prevent aiming at your teammates. Below is the code for finding the nearest player and aiming at it.

Aiming

The interesting part here is the Math.radAdd function. It solves a major problem. Without it, some hits won’t be registered. It was an issue with my script for a long time. There were many complaints about it. The thing was that the game stores the yaw up to some fixed precision. Math.radAdd automatically reduces the precision to what the game expects, thus solving the issue.

Making the ESP

ESP is by far the simplest thing one. All you have to do is attach a box to the player models and tell the game engine to render it on top of everything. Shellshock.io uses Babylon.JS for rendering and Babylon provides a very easy-to-use interface for telling which objects to render on top of everything.

Render box on top of everything

The script also shows a line between your local player and the enemies. It is good for keeping an eye on eggies behind you. But I won’t be going over the creation of that. This post has been pretty big already. It’s also not that important in my opinion. If you are just starting out creating scripts for web games, I think this should’ve given you great insight into how things are done already. Thank you for reading! Keep scripting!

Share:

97 comments

  1. awesome script i have been using them for awhile now. I would love to see a script for digdig.io were you can zoom out and see the whole map. also is there any way that the shell shockers script could only lock on when zoomed in?

  2. Can you do a free skin script for shellshock.io cuz other skin scripts only show that you have that skin while when others in the game look at you, you dont have any skins.

  3. emm my suggestion is to detect if the enemy is behind wall or not behind wall in the aimbot. otherwise the aimbot will brings you to a enemy behind wall and then an enemy that is beside you and can see you killed you

  4. this is a great hack and probably the only one that works good job man keep it up your already 1 step ahead of all the other people who create hacks.

  5. Would there be a way to add an ESP for the grenades on the ground? So you could see them too? If so could u show us how it works in a post like this one, or is it pretty much the same as with the players?

  6. help! it keeps saying adblocker And i dont have one. i also whitelised and still doesnt work.

  7. very good I would say, got a kill streak of 52! though i don’t like when i go to shell shockers this screen apear, what ever its good.

Leave a comment

Your email address will not be published.