Leaderboard

Armv8 C80E42B8r;081540FDr::3809 Edit 28008052r;E803679Er And if you want to set so you can claim all without playing (set number of keys collected). Offset (Version 6.9.5) 3FBCA54 Edit 00FA8052r

Hi, your game is protected with CodeStage anti cheat, thankfully this is one of easy one to bypass. First you will need to dump the game using Il2cppDumperGUI any or il2cpp dumper of your choice. next you're going to look for CodeStage detection methods. note those StartDetection methods, most have some overload if you want to be safe you will need to bypass them all, but it is rare that the game use them all, but better be safe than sorry. so here is the list and overloads. CodeStage.AntiCheat.Detectors.ObscuredCheatingDetector StartDetection(); // 0x00818a3c static CodeStage.AntiCheat.Detectors.ObscuredCheatingDetector StartDetection(System.Action callback); // 0x00818ce8 CodeStage.AntiCheat.Detectors.ObscuredCheatingDetector StartDetectionInternal(System.Action callback); // 0x00818b70 System.Void StartDetectionAutomatically(); // 0x00819058 static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(); // 0x008190e0 static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback); // 0x0081948c static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback, System.Single interval); // 0x008194e4 static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback, System.Single interval, System.Byte maxFalsePositives); // 0x0081954c static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback, System.Single interval, System.Byte maxFalsePositives, System.Int32 coolDown); // 0x008195c4 CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetectionInternal(System.Action callback, System.Single checkInterval, System.Byte falsePositives, System.Int32 shotsTillCooldown); // 0x008192dc System.Void StartDetectionAutomatically(); // 0x00819a54 static System.Void StartDetection(); // 0x00818648 static System.Void StartDetection(System.Action<System.String> callback); // 0x008186b0 System.Void StartDetectionAutomatically(); // 0x008187e8 there is two way to bypass those. 1. you can just patch each of them using the "NOP RET/BX LR" opcode. 2. allocate memory page and replace and replace those method with there respective StopDetection, that mean when the game call StartDetection instead it will call StopDetection Now for GEMS/XP/Gold/Health Note at this stage since you have already bypassed the AntiCheat editing your stat wont trigger anything. but you need first to understand how ObscuredInt work. note every obscure value you see on your screen is a fake value. you should not edit it directly but the edit the hidden value using the crypto key. Here bellow is what you need to remember about the structure. public struct ObscuredInt [FieldOffset(Offset = "0x0")] private int currentCryptoKey; [FieldOffset(Offset = "0x4")] private int hiddenValue; [FieldOffset(Offset = "0xC")] private int fakeValue; (what you see on screen) What you see on your screen is the fakeValue. to edit it you will need to edit the hidden value. Here is how to. (note offset might varies depending on the game and version so you better have the latest dump and check the correct offset) When you find an ObscureInt fakeValue. you need to go back into the base pointer so in this case: fakeValue.Address - 0xC which will bring you to currentCryptoKey copy the value of currentCryptoKey in (DWORD) then offset to currentCryptoKey.address + 0x4 this will bring you to the hiddenValue now to edit this to your desired value you need to perform XOR (exclusive OR) to your desired value using the currentCryptoKey as a key. you can do that inside gg, you type the value then apply the xor key That it you are done. you can edit any ObscureInt using this method. now specially for your game there are some vulnerabilities that i found you can exploit to edit your stat and in game money. there are some method likes: public class game_manager : MonoBehaviour [Address(RVA = "0xA65A94", Offset = "0xA65A94", VA = "0xA65A94")] public void gem_plus(int gem) [Address(RVA = "0xA65890", Offset = "0xA65890", VA = "0xA65890")] public void gold_plus(int gold) [Address(RVA = "0xA64DFC", Offset = "0xA64DFC", VA = "0xA64DFC")] public void iron_plus(int iron) All those share the almost the same structure so i will be giving an example only for gem_plus In this de-compiled function gem_plus, you can see that they are loading the value of the ObscureInt field public ObscuredInt gem_total; // 0x2CC into the variable puVar1 which later on they add it value + param_2 which is the gem parameter, to instantiate a new ObscureInt from that sum. the result of that sum will be stored into the register W0, so all we have to do is just hijack this register and change the value to what we want. here is a video of how to do that. This method do not trigger the anti cheat cause the game is writing legit value for us. also if you want to move large value you might want to explore the MOVZ instruction or you can allocate a memory page and spam multiple ADD instruction like this add w0, w0, #500000000 add w0, w0, #500000000 add w0, w0, #500000000 add w0, w0, #500000000 add w0, w0, #500000000 .... Last thing for gems you will need to stay on the main screen like in the video when you start the game cause that function trigger only there. I kinda like the game i might continue working on it and update this thread

Hey @Moonslasher Just wanted to shoot you a quick message about something we've noticed in your scripts updates or within the thread itself. It seems like there's a bit of a pattern where updates are being made without really changing much, almost like it's just to boost visibility in search results. We've checked out your edits compared to previous versions, and there doesn't seem to be any significant changes in topic or content. I just want to give you a heads up that continuing this could lead to some disciplinary action, like a warning on your account or even having your script removed. Also, we've noticed some "VIP" functions in your scripts. Just a reminder that selling features like these is against the rules. So, we're taking this chance to remind everyone to report any scripts that break this policy. Thanks in advance for your cooperation.

View File UPDATED PG3D 24.3.2+ + ACTUAL 32bit SUPPORT - Pixel Gun 3D ALL UPDATE Custom Lottery Rewards Hack (32bit and 64bit) Contact Me: User123456789#6424 / @horridmodz on discord Ahhh, it's finally here! Over a year and a half after posting the original, and many, many requests, it's back! I promised to get this done today, and here it is, just barely in time. Since it's been so long, I am posting this update as a new thread. I've been meaning to update this for a while; and I'm sorry for such a looong wait. But this should be the last time you have to wait - because, if my crazy WIP All Update Script Generator tool works as well as I hope, this will be made so resilient it's practically unpatchable! So, here we are. The script is the same as last time, but with some minor improvements - and 32bit support! Unfortunately, I couldn't get 32bit custom values to work, but I got the predetermined values working. I was finally able to figure out that the issues I've been having are actually not my fault, but a limitation with the way lua itself handles integers - to get technical, the 32bit edit values exceed lua's integer limit, but the 64bit ones do not. I tried to workaround this, but just couldn't do it. However, a big rework of the script that I have planned, which changes the way editing is done, will fix this problem. I finally updated this script because I have time over spring break. Shoutout to @dizzy252for sending a request to update the script that I coincidentally saw right before spring break started - if it hadn't been for him, I probably wouldn't have had the thought to do this! Alongside this script, I've in the process of developing a revolutionary tool that creates resilient all update scripts; all you have to do is input your offset or hex and it spits out the full script. If you're interested, here's a sneak peak: https://www.youtube.com/watch?v=sVwODQcSy4A Want to update the script yourself? I have created a lotto sets template! Disclaimer: This script is bannable! Getting too much currency within a certain time frame will flag your account as suspicious and you will be banned in the next ban wave. I recommend only getting at most a few thousand gems per day, or your account will have a high risk of being banned. Even if you do play it safe, you can still be banned. By the way, due to a rework of sets by the developers, sets no longer work. Only lottery rewards are modified. Warning: Using the custom value option and setting the reward values to over 45,000 will instantly ban you! This is not an ordinary lottery script. Here's what unique about it: -This script will work on all game updates (the lowest game version tested is 22.4.3, but downgrading is impossible anyway), even future updates -The script supports various values, and lets you enter a custom value (currently custom values do not work for 32bit) if it does not have what you want. Currently, only whole numbers (no decimal values like 1.5) in the range of 0 to 65536 are supported. -This script supports both 32bit and 64bit devices -This script has a small antiban feature that warns you when you try to edit the reward values over 45,000 Enjoy! Submitter HorridModz Submitted 04/02/2024 Category LUA scripts  

There is good chance that in some cases it may work by allocating as many pages as needed one after another. Example implementation: local PAGE_SIZE = 0x1000 function allocateConsecutivePages(count, mode, address) count = count or 1 mode = mode or gg.PROT_READ | gg.PROT_EXEC address = address or 0 local firstPageAddress = gg.allocatePage(mode, address) if type(firstPageAddress) == "string" then return firstPageAddress end for i = 1, count - 1 do local desiredPageAddress = firstPageAddress + i * PAGE_SIZE local pageAddress = gg.allocatePage(mode, desiredPageAddress) if pageAddress ~= desiredPageAddress then -- failed to allocate page right after previous one, handle as needed end end return firstPageAddress end

- open GG and tap that in the red circle. - then tap the circle with ? in it. - scroll down and you will find it.

Irritator gen 2:685,802,450 Doe:1,881,417,407 Buck:1,418,401,004

There's a few things in this script that might be useful. I'm sure there's plenty more you can add to it. You can change the value of Damage, Defence & Gold from the pot if you want to. GrowSwordmaster_2_0_7.lua

for version 1.44.2.f2565 x64bit it's not perfect, but should be enough for you to get some hacks with CriticalOps=DUMP(1.44.2.f2565)[x64].txt

I don't believe that's directly possible, but you can allocate as many pages as you need and chain them together. To do this calculate how many pages you need by dividing by 4KB, and in a loop allocate a block and add the return address of the allocated block to a list. You can then combine all of your memory into a table of values by looping over the list and adding the 1000 values (taking the start address and adding 4 each time, 1000 times) to the table for each address. If you don't understand, I can code that for you - it's pretty simple to do. Though I wonder what you're writing to memory that takes so much space? An image or save code, or something?

ok. Good luck.

look like i need to learn some thing new Edit: after add gem to the game look like it's freeze until you restart so you can spend unlimited to get everything before close game

View File RR3 v12.0.1 Reset bonus price (VP) Reset bonus price (VP) in all rounds, both architectures And open all expired rounds. This script uses pointer chains, so it may not work with another game version. Tested on NOX 7.1.2 (32bit) and tablet with Android 10 (x64) and VirtualXposed. reset-vp.mp4 Submitter Count_Nosferatu Submitted 04/29/2023 Category LUA scripts  

Mov w0, #0x1 Ret Or use hex 20008052C0035FD6 For unlock(bool)

Which game (playstore link)? Can give better directions.

[ @Nogggy ] --- Generate the game SDK by dumping it using: Magisk and use: Zygisk-Il2CppDumper module -> then find something "unlock" or "skin" from dump.cs -> take the offset, and use BadCase Toolbox or other similar tools -> paste the offset and change the value accordingly. --- Yes it's simplified.

If you are changing many values at once that could be why its crashing. Set the filter to a lower amount and just change a few at a time.

Memory Range : Anonymous Value Type : Dword Coins, gems & level can all be found together.

I'm still finding a way too bcuz LIAPP detect virtual phone (Cat&Soup Cute Game)

Hi @eliottalderson, it is depends on how the game/app implements emulator detection. Some through java classes and some through compiled library. My approach is to use: frida for java classes and do reverse engineering using: IDA Pro or Ghidra for compiled library. So for LIAPP use frida instead. Yes. Developers can name the 'emulator detection' whatever they want, also the approach can be different. So different app, different approach, unless they are under the same system with the same version (ex: tersafe/anog, liapp, etc) You're in the right category, don't worry. Welp, I've seen some videos that it is possible to disable LIAPP from being launched through smali. However, decompiling the APK requires you to disable the APK Signature first for most game/app which is a different kind of story. You're on the right track, keep tracing the game and you're a reverse engineer!

I don't know if encryption is the right word but. The memory is not disposed how it should be for a il2cpp game. Address are weird. That why any field offset finder won't work. I did manual search like for 3pmon until I gave up. Note since I had also Frida I used the exact runtime address with the goto tool with gg but that did not help at all the address lead somewhere that not the field offset

Try find offsets with name "hack", "detection" and etc, or edit "secondary" value like getting gold and etc

Golden Pass work well but set number of keys not work for me

Make first operand floating-point by multiplying 1.0 by it, that way all calculations will be with floating-point values and you will get approximate result. mpy = 1.0 * tonumber(input[1]) * tonumber(input1[1])

exactly. the hack is done with dinosaur that can be bought with in-game cash. as per instruction, find the correct one(edit value 10 to 40). edit the id. tap the icon(top right corner) to see the changes then buy it.

I set all 4 levels to hide the GG program. I hacked the values of mana, health, skill cooldown. But I do not know how to make a script. https://youtu.be/AMrCGu9jUbk

Hey guys i see a lot of gg scripts of people changing player stats and making players 110 overall with gameguardian. How can i make my own? I would ve plesaured if you help me. Thanks

I'm Karimjada from South Sudan Training to be an IT technique

I don't have root permissions, so I use Parallel Space, but for some reason if I try to select the app where to run GameGuardian's commands it says that it couldn't be done and asks if I have root permissions, is this a bug or does anyone have a tutorial page/video so I can be sure im using Parallel Space or Game Guardian correctly? Thanks

So I believe this game already has all your dice rolls calculated for your account. Server already knows where you'll land on your next roll. I believe minigames, outcomes are already determined before you even land on them (pre determined like all your dice rolls). Wouldn't it be nice to know how much your next roll would've won, then you would've done multiplier to maximize....... Well, that's just what this is going to be about. To see your future rolls/minigames, you'll have game open and switch to offline mode. Using a root file explorer navigate to here: /data/data/com.scopely.monopolygo/files/ Each turn you take a file is generated, something like this: 48d4483b70674c02951ddfd3a289f5d7.ca When you reconnect, it'll send these and get your account synced. If you get prompted no connection, you can click back to remove message and tap roll really quick. So you can roll indefinitely and write down/log all your rolls. Even if you stay on one board logging it all. When you switch to a new board, your dice roll continues. Not like a new board, new roll pattern. When you land on a spot that gives a good size reward. You can delete those .ca files, close, restart game online and use max multiplier to really bonus up those wins. Bank Heist, don't think you had a chance of picking the right combination.... No matter where you selected, what flips over, will always be same when you play it again. So if I flipped coin, ring, cash, cash, ring, cash. When I go to play again, it's going to be that exact order. See attached video. I'm honestly really disappointed in my findings with this developer. It feels like a scam of a game and you're not really "playing". It's basically scripted and if you do x1, x5, x10 at ideal times, that's about the only user "input" that seems to have a chance on the outcome. mobizen_20230426_211255.mp4

server ban just basically normal ban and you can still create new account and use same device, while device ban is basically any new account you use will be banned instantly and only way to get away from it is using new device. but i think there's more about banning system on this game. cuz on lib.initialize.lua and main.lua it loads alot of device information and also google play stuff and vise versa for other types like Apple and huawei. and also on profile file (game data) it had an encrypted PinCode and Key on line 1 and then followed with save_data in table. this is for cloud save checking and auth for online. i still doesnt understand how it works.

For coins set memory range to Anonymous. Click on screen to buy coins (as in pic) and search 1150;175000::5 (dword). Edit 175000 to 999999999 and 1150 to 0 (making it a minus doesn't gain gems). I'll keep trying for gems and hearts.

Patience..... Takes time to find how everything is stored and debugging it....