All Activity

Oops sorry, wrong link. Here you go. Anyway, I found the keystone / capstone modes for x86 and x86_64. So I'll go update the tool right now. Here is the new version! Took 5 hours xD. For your needs, this should be a sufficient script, though: OFFSET = "0x970000" LIB_PATH = r"C:\Users\zachy\Downloads\frida-gadget-17.3.2-android-x86.so" ARCHITECTURE = "x86" # OR: "x86_64" from functools import cache import itertools import binascii import keystone import capstone def remove_whitespace(s: str) -> str: return "".join(s.split()) def wraptext(s: str, size: int) -> list[str]: # Thanks to https://stackoverflow.com/questions/9475241/split-string-every-nth-character return [s[i:i + size] for i in range(0, len(s), size)] def getbytes(hexstring: str) -> list[str]: """ Splits a hex string into a list of bytes. Convenient function because it accounts for both whitespace-separated and un-separated hex strings. """ hexstring = remove_whitespace(hexstring) assert len(hexstring) % 2 == 0, "Invalid hex string (odd length)" return wraptext(hexstring, 2) @cache def bytecount(hexstring: str) -> int: """ Counts the number of bytes in a hex string. Very simple function, but improves readability. """ return len(getbytes(hexstring)) @cache def make_ks(architecture: str) -> keystone.Ks: if architecture == "32bit": return keystone.Ks(keystone.KS_ARCH_ARM, keystone.KS_MODE_ARM) elif architecture == "64bit": return keystone.Ks(keystone.KS_ARCH_ARM64, keystone.KS_MODE_LITTLE_ENDIAN) elif architecture == "x86": return keystone.Ks(keystone.KS_ARCH_X86, keystone.KS_MODE_32) elif architecture == "x86_64": return keystone.Ks(keystone.KS_ARCH_X86, keystone.KS_MODE_64) else: raise ValueError(f"Unrecognized architecture: {architecture}. Only '32bit', '64bit', 'x86', and 'x86_64' are " f"valid strings") @cache def make_cs(architecture: str) -> capstone.Cs: if architecture == "32bit": cs = capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM) elif architecture == "64bit": cs = capstone.Cs(capstone.CS_ARCH_ARM64, capstone.CS_MODE_LITTLE_ENDIAN) elif architecture == "x86": cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32) elif architecture == "x86_64": cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64) else: raise ValueError(f"Unrecognized architecture: {architecture}. Only '32bit', '64bit', 'x86', and 'x86_64' are " f"valid strings") cs.detail = True return cs def offset_to_hex(offset: str, libfile: str, hexbytes: int = 600, sep: str = " "): try: decimal_offset = int(offset, 16) except ValueError: raise ValueError(f"Invalid offset: {offset}. Please provide a hexadecimal value.") with open(libfile, "rb") as lib: # Read certain number of bytes from offset lib.seek(decimal_offset) hexstr = lib.read(hexbytes).hex().upper() if hexstr == "": raise Exception(f"Offset {offset} not found in file {libfile}") return sep.join(getbytes(hexstr)) @cache def armtohex(armcode: str, architecture: str, sep: str = " ", upper: bool = True) -> str: ks = make_ks(architecture) # Convert string of code to list of instructions (split by newline) lines = armcode.split("\n") convertedhexlist = [] for instruction in lines: if instruction.isspace(): continue try: convertedinstruction = ks.asm(instruction, as_bytes=True)[0] convertedhexlist.append(binascii.hexlify(convertedinstruction).decode()) except Exception: raise Exception(f"Failed to assemble ARM opcode: {instruction} with {architecture} " f"architecture. Is the ARM instruction valid? Is the architecture correct?") from None convertedhex = sep.join(convertedhexlist) if upper: convertedhex = convertedhex.upper() return convertedhex @cache def hextoarm(hexstr: str, architecture: str) -> list[str]: if hexstr == "" or hexstr.isspace(): return [] cs = make_cs(architecture) convertedinstructions = [] for insn in cs.disasm(bytearray.fromhex(remove_whitespace(hexstr)), 0x0): op = f"{insn.mnemonic} {insn.op_str}".strip() convertedinstructions.append(op) if not convertedinstructions: raise Exception(f"Failed to disassemble hex: {hexstr} with {architecture} architecture." f" Check that the hex instruction comes from the right lib file at the " f"right offset, and the architecture is correct.") from None return convertedinstructions def is_relative_instruction(instruction: str, architecture): """ Uses capstone and manual heuristics to check if an asm instruction is dynamic. Should work for any architecture! """ cs = make_cs(architecture) # This is annoying. We need to assemble the instruction to hex, then disassemble it again to get capstone info. cs_insns = tuple(cs.disasm(bytearray.fromhex(remove_whitespace(armtohex(instruction, architecture))), 0x0)) if len(cs_insns) != 1: raise Exception(f"Instruction {instruction} is not one instruction (it is {len(cs_insns)}) with architecture" f" {architecture}") cs_insn = cs_insns[0] # noinspection IncorrectFormatting return ("0x" in instruction or "#" in instruction) or (cs_insn.group(capstone.CS_GRP_CALL) or cs_insn.group(capstone.CS_GRP_JUMP) or cs_insn.group(capstone.CS_GRP_BRANCH_RELATIVE)) def generate_aob(hexinstructions: str, architecture: str) -> str: # Convert string of code to list of instructions wildcard_byte = "??" hexlist = [] for instruction in hextoarm(hexinstructions, architecture): instruction_hex = armtohex(instruction, architecture) if instruction_hex == "": continue if is_relative_instruction(instruction, architecture): hexlist.append(" ".join([wildcard_byte] * bytecount(instruction_hex))) else: hexlist.append(instruction_hex) # We want our separator in between every byte, so we do this little maneuver. aob = "".join(hexlist) # Unformatted return " ".join(getbytes(aob)) hexstring = offset_to_hex(OFFSET, LIB_PATH, hexbytes=600) # hexbytes = amount of bytes for AOB print(generate_aob(hexstring, ARCHITECTURE)) x86 turned out to be a huge pain because it has variable-length opcodes and it is harder to detect dynamic ones. But this should work - let me know if it suits you! If you need the dependencies, you can install the tool's requirements.txt.

I'm not seeing the video @efsane10926 -- reupload it. Still looking for a method in order to do this.

how this work?

View File angry birds evolution need five same birds Submitter shuang0524 Submitted 09/23/2025 Category LUA scripts  

I have been using the script made by ApexGG for the game brick inc. there's 3 options available Weapon cooldown(which works), brick hp and gold per brick (both not working), I've been trying to figure out how to change the value manually for the brick hp and coin but I don't know how. Any help is appreciated.

Nice! So you edit directly the amount you already have, the amout you can collect with prestige...is it in E:double, Other like soul eggs? 'Cause when I edit what i find nothing happens, searching in auto gives me like 5 millions numbers Or do you cheat everything else to get to an high number, like I'm doing? Appreciate any tips!

Check YouTube channel update available there

View File Hunting Sniper ❥Ruminant 999 Damage ❥Ruminant 999 Muzzle Velocity ❥Ruminant 999 Slow Motion ❥Ruminant 999 Zoom Time ❥Other Snipers Stat Editor Submitter luckyday-999 Submitted 09/22/2025 Category LUA scripts  

Hi @HorridModz, Thank you, I'm new to keystone, so reading your tool help me to understand it. Although the wordpress seems private.

Thanks!

Can anyone kindly provide me a Lv. 40 Tiger icon like the image above, I'm going to put it in my document.

There are mods for this app, but I can't install them I was wondering how can I hack this game

Yes, of course! But if that's all you want, just copy the few lines of code. In fact, I blogged the creation of the tool and all of the code snippets I used: import itertools import binascii import keystone import capstone def remove_whitespace(s: str) -> str: return "".join(s.split()) def wraptext(s: str, size: int) -> list[str]: # Thanks to https://stackoverflow.com/questions/9475241/split-string-every-nth-character return [s[i:i + size] for i in range(0, len(s), size)] def getbytes(hexstring: str) -> list[str]: """ Splits a hex string into a list of bytes. Convenient function because it accounts for both whitespace-separated and un-separated hex strings. """ hexstring = remove_whitespace(hexstring) assert len(hexstring) % 2 == 0, "Invalid hex string (odd length)" return wraptext(hexstring, 2) def make_ks(architecture: str) -> keystone.Ks: if architecture == "32bit": return keystone.Ks(keystone.KS_ARCH_ARM, keystone.KS_MODE_ARM) elif architecture == "64bit": return keystone.Ks(keystone.KS_ARCH_ARM64, keystone.KS_MODE_LITTLE_ENDIAN) else: raise ValueError(f"Unrecognized architecture: {architecture}. Only '32bit' and '64bit' are valid strings") def make_cs(architecture: str) -> capstone.Cs: if architecture == "32bit": return capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM) elif architecture == "64bit": return capstone.Cs(capstone.CS_ARCH_ARM64, capstone.CS_MODE_LITTLE_ENDIAN) else: raise ValueError(f"Unrecognized architecture: {architecture}. Only '32bit' and '64bit' are valid strings") def armtohex(instruction: str, architecture: str) -> str: ks = make_ks(architecture) convertedhexlist = [] convertedinstruction = ks.asm(instruction, as_bytes=True)[0] return binascii.hexlify(convertedinstruction).decode().upper() def hextoarm(hexinstruction: str, architecture: str) -> list[str]: cs = make_cs(architecture) return next(cs.disasm_lite(bytearray.fromhex(hexinstruction), 0x0))[2:] def generateaobfromarm(armcode: str, architecture: str) -> str: # Convert string of code to list of instructions instructions = list(itertools.chain(*[split1.split(";") for split1 in armcode.split("\n")])) unknownhex = "??" * 4 hexlist = [] for instruction in instructions: if instruction == "" or instruction.isspace(): continue if "0x" in instruction or "#" in instruction: hexlist.append(unknownhex) else: hexlist.append(armtohex(instruction, architecture)) # Hexlist is a list of 4 byte sequences, and we want our separator in between every byte, so we do this little # maneuver. aob = "".join(hexlist) # Unformatted return " ".join(getbytes(aob))

where is @MonkeySAN?

Anyone tried messing around with eggs of truths? Can they be modified directly (I'm guessing they are like soul eggs, so no)?

Hi, Game name: Bloody ***** Google Play link: https://play.google.com/store/apps/details?id=com.tibith.badboxing Is the game free? Yes! I want to hack the level value to open all the classes But whenever i change it the game crashe!? But! If i change the level by one Like 21 to 22 it's okay! But if I want to open all the level the game crashe The coins in other hands is same thing but the values is saved even after crashed I tried encrypted value search, X4 search, F,D, Double same thing Any help?

I think most of those clone apps just cause trouble, fill up with junk quickly, and games usually block them anyway. I’d rather stick to a clean, direct install.

I also have the same problem bro.. I can't put my triceratops in the park, every time I want to put it in the park it always crashes..

Requires an update

Hi @HorridModz, Yeah, I noticed that every instruction containing defined 0x is being replaced. Well it works in the end by limiting the address range.