Leaderboard

GameGuardian work without root So, as for work without root. This is not magic. Technical limitations were, and have remained. So it will not work anywhere and always. Actually it looks like this: 1. You put an application of virtual space (Parallel Space, VirtualXposed, Parallel Space Lite, GO multiple, 2Face and many others). 2. In it you add the game and installed GameGuardian. 3. From the virtual space application, you launch the game and GameGuardian. Actually everything. GameGuardian can be used to hack the game. Everything is simple and transparent. It was a good part of the news. Now about the bad: 1. The game has zero progress. You can not transfer the progress from the existing installation of the game, if the game itself does not provide it (through the cloud or somehow). 2. Not all games work through virtual spaces. 3. There may be another account in the game. 4. Not all functions will be available in GameGuardian. 5. On some firmware it does not work at all. If you cannot choose a proсess in GameGuardian, or get an error 105/106, then on your firmware, GG, without root, will not work. Try optimized versions of virtual spaces or another firmware or other device or get root. 6. In some virtual spaces GameGuardian does not work. What can be done in case of problems: 1. Try different virtual spaces if the problem is in them. Best option: Parallel Space. 2. Try changing the firmware. 3. Get a root and do not fool yourself. Once again: it will not work at all and always. It is possible that it will work for you and will not. Virtual spaces to run GameGuardian without root (#ct7bob3) Proper install without root - GameGuardian (#abausujp) Help: https://gameguardian.net/help/help.html#work_without_root Video-examples: Balls Bounce Free - hack balls - without root - GameGuardian, Parallel Space Bejeweled Stars: Free Match 3 - hack without root - group search - GameGuardian, GO Multiple Hack Tap Counter without root via GO Multiple on Android 7.1.1 - GameGuardian Hack Tap Counter without root via GO Multiple - GameGuardian Work without root via Parallel Space - GameGuardian Work without root via 2Face - GameGuardian Work without root via Mutiple Accounts - GameGuardian Work without root via GO Multiple - GameGuardian No root via VirtualXposed - GameGuardian (#b6l7k1qu) No root via VirtualXposed (without error 105) - GameGuardian (#bpb5835m) No root via optimized Parallel Space Lite - GameGuardian (#47glijbj) No root [from scratch] (boring and long video) - GameGuardian (#9rf9317c) No root via Dr. Clone - GameGuardian (#aft8whcy)

Hi @chrislin2k, Currently Game Guardian haven't been updated for quite some time. There's 3 thing that you can do: - Use Virtual Machine: VPhoneGaGa, VMos Pro, x8SandBox, F1 VM - Change Game Guardian SDK version to 33 using: APK Editor - Force Install Game Guardian using ADB: adb install --bypass-low-target-sdk-block gameguardian.apk

So I believe this game already has all your dice rolls calculated for your account. Server already knows where you'll land on your next roll. I believe minigames, outcomes are already determined before you even land on them (pre determined like all your dice rolls). Wouldn't it be nice to know how much your next roll would've won, then you would've done multiplier to maximize....... Well, that's just what this is going to be about. To see your future rolls/minigames, you'll have game open and switch to offline mode. Using a root file explorer navigate to here: /data/data/com.scopely.monopolygo/files/ Each turn you take a file is generated, something like this: 48d4483b70674c02951ddfd3a289f5d7.ca When you reconnect, it'll send these and get your account synced. If you get prompted no connection, you can click back to remove message and tap roll really quick. So you can roll indefinitely and write down/log all your rolls. Even if you stay on one board logging it all. When you switch to a new board, your dice roll continues. Not like a new board, new roll pattern. When you land on a spot that gives a good size reward. You can delete those .ca files, close, restart game online and use max multiplier to really bonus up those wins. Bank Heist, don't think you had a chance of picking the right combination.... No matter where you selected, what flips over, will always be same when you play it again. So if I flipped coin, ring, cash, cash, ring, cash. When I go to play again, it's going to be that exact order. See attached video. I'm honestly really disappointed in my findings with this developer. It feels like a scam of a game and you're not really "playing". It's basically scripted and if you do x1, x5, x10 at ideal times, that's about the only user "input" that seems to have a chance on the outcome. mobizen_20230426_211255.mp4

New version 12.0.1.5.4 released!

So what I'm finding, I think should be noted and possibly call out the developer on the matter. I'll probably share what I know and how it can benefit within a couple days or so... I'm not really impressed though with the developer. It feels like a scam of a game, you'll all see after I do more tests.

Armv8 C80E42B8r;081540FDr::3809 Edit 28008052r;E803679Er And if you want to set so you can claim all without playing (set number of keys collected). Offset (Version 6.9.5) 3FBCA54 Edit 00FA8052r

New version 12.1.2.5.0 released! read change logs!

New version 12.0.2.5.5 released!

No luck... Definitely have put some time into figuring out dice. And not making any progress. Still trying though.

https://www.mediafire.com/file/6qowx7yuctayo3t/rr3_race_mode.v11.4.1.4.9.x64.bin.lua/file

Working on it.... Their is some stuff in the dump, that if server didn't kick back an error, would be perfect.

View File RR3 v12.0.1 Reset bonus price (VP) Reset bonus price (VP) in all rounds, both architectures And open all expired rounds. This script uses pointer chains, so it may not work with another game version. Tested on NOX 7.1.2 (32bit) and tablet with Android 10 (x64) and VirtualXposed. reset-vp.mp4 Submitter Count_Nosferatu Submitted 04/29/2023 Category LUA scripts  

New version 12.1.2.6.1 released!

New version 12.0.2.5.4 released!

New version 12.0.1.5.4 released!

New version 12.0.1.4.14 released!

New version 11.5.2.4.11 released!

New version 11.5.1.4.1.x64 released! Added 'Search mode' Changed menu

Sorry for the delay on this y'all, I was away for a bit. The issue was affecting new uploads because of security changes we recently made. Should be resolved now.

[ Introduction ] Hi @everyone, in recent times, Android has just released version 14, which includes some SDK restrictions. The requirements are that apps should at least be under SDK version 24+, or else installation fails. Another problem is that Game Guardian hasn't been updated for years (March 22, 2021, since the last update), a total of 2 years. I understand that life can be unbothered sometimes, and I hope there's some confirmation regarding this instead of intending it as an "unforseeable future" kind of thing. I've seen a rising number of these issues on Help, General Discussion, and in other possible sections of the forum. I recommend anyone who has a newer device or just recently updated to Android 14 to follow this topic. Here, I propose several possible solutions regarding this issue: [ Main Course ] You can bypass SDK enforcement using shell commands, which you need to install Game Guardian manually through command line. You can achieve this through ADB: Android Debug Bridge or Termux: Terminal for Command Line application. This tutorial will split into 2: { ADB: Android Debug Bridge } This step doesn't require "Root" permission, but before proceeding into the main tutorial. We should prepare several things: Computer / Laptop running Windows OS A cable data Download ADB depedencies: here Android device with "USB debugging". If your device "cant be recognized" or simply not exist on "Device Manager", you need to install: Universal ADB Driver Then read: XDA: Install ADB & Enable USB Debugging. Now put this command on your command prompt / powershell / gitbash / or whatever terminal you use: # Check if our device works properly adb devices # Install Game Guardian manually through ADB adb install --bypass-low-target-sdk-block <path_to_game-guardian.apk> # If ADB is unresponsive / bugged, do: adb kill-server adb start-server { Termux: Terminal } The only requirement is you need "Root" permission, this is the most easiest way. Since you're going to Install Game Guardian, I assume you already have one (Yes, Game Guardian requires "Root" permission, duh). Download: Termux and Just go ahead execute this command: pkg update pkg upgrade pkg install tsu pkg install android-tools sudo adb install --bypass-low-target-sdk-block <path_to_game-guardian.apk> { Virtual Machine } This is suitable way for non-rooted users. Android 14 is relatively new, some of your ROM/OS might not support "Rooting" yet. Virtual Machine allows you to emulate another Android inside your Android 14 (or etc). Usually it comes with older Android version. I suggest to use Virtual Machine with Android 7 or 9 as you're not going to face any redundant issues, like Android 10-14 did. I would recommend using "VPhoneGaGa": VPhoneGaGa VMos Pro X8Sandbox F1VM { Modded APK } You can try to edit Game Guardian SDK: ("android:targetSdkVersion" to version 24+) and ("android:minSdkVersion" to 24+) on Manifest.xml using: APK Editor. You can also download already modded Game Guardian here (credit to @HEROGAMEOfficial ) : : Game Guardian : [ Aftermath ] With that, you can simply reference this topic in case there's someone that facing the same problem. I hope this topic can help you and other people. Thank you for reading.

New version 12.1.2.6.1 released! see changelogs

Disclaimer: This guide is for educational purposes only. The techniques explored here are intended for understanding the technical aspects of Android games. Users are advised to use this knowledge responsibly and within legal and ethical boundaries. I disclaim any liability for misuse or unauthorized activities. Use this information at your own risk. As you explore with me, remember it's all about learning, not mischief. If you decide to try out any of these tricks, make sure it's within the rules and plays nice with the devs. I'm not taking responsibility for any shenanigans, so be cool, and enjoy the learning ride. Cheers! Goals : • Identify server-side data from local data. • How to tamper server-side data . • bypass SSL encryption. Requirement : • You should be familiar with requests ( http ) . • You should have some level of knowledge about reverse-engeneering / Exploits / etc. Tools : • GameGuardian. • Frida. • IDA (Pro). • BurbSuite / any other proxy interceptor. • LUA Decryption and Encryption for cocos2dlua. Difficulty : 8/10 ----- Let's Dive IN -----First step is to collect information about the game start playing the game normally to get some information about it, it's concept and what data they have like items , coins , gems , vip , battlepass, etc and what they call it in game. Open GameGuardian or root explorer to know what engine the game use and it's libs, like libIl2cpp.so for Unity , Cocos2d for coco's 2d games , or a custom lib built on top of other games engines like libLotaApp. BurbSuite Start Intercepting traffic. Set Up Your Environment Install Burp Suite: Download and install Burp Suite from the official website. Configure Your Android Device: Connect your Android device to the same network as your computer. Go to Wi-Fi settings, find your connected network, and set the proxy to your computer's IP address and the port Burp Suite is running on (default is 8080). Step 2: Configure Burp Suite Start Burp Suite: Open Burp Suite and go to the "Proxy" tab. Configure Proxy Settings: Under the "Options" tab, go to "Proxy" settings. Ensure the proxy listener is running on the IP address and port you specified in your Android device's Wi-Fi settings. Install Burp's CA Certificate: In Burp Suite, go to "Proxy" > "Options" > "Import / export CA certificate." Click "Save CA Certificate" to save the certificate. Transfer the certificate to your Android device and install it. when Exporting the Certificate You should put the Extention of it .ctr Step 3: Configure Android Device Install and Configure Proxy on Android: Ensure the proxy listener is running on the IP address and port you specified in your Android device's Wi-Fi settings. For APN edit the Access point name : Install the Exported Certificate from burb to your Android phone Step 4: Start Capturing Traffic In the "Target" tab, you should see the target host(s) that your Android device has communicated with. Browse on Android Device: Open the browser on your Android device and start browsing. Burp Suite will capture the traffic, In the "Target" tab, you should see the target host(s) that your Android device has communicated with. Inspect and Manipulate Traffic: In the "Proxy" tab, you can intercept requests and responses, inspect them, and even manipulate them before forwarding. Use Other Burp Suite Tools: Explore other tools in Burp Suite, such as "Repeater" and "Intruder," to perform further analysis and testing. Hierarchy: The Site Map is organized in a hierarchical structure that represents the different hosts and paths your client has communicated with. Hosts and Paths: Hosts represent the web servers or domains that your client has interacted with. Paths represent specific URLs or routes within those hosts. HTTP Methods: Each entry in the Site Map includes information about the HTTP methods used (GET, POST, etc.). Status Codes: The status codes of the responses (e.g., 200 OK, 404 Not Found) are displayed, providing insights into the server's responses. Request and Response Details: Clicking on an entry in the Site Map reveals detailed information about the request and response for that specific interaction. This includes headers, parameters, and content. Filtering and Searching: You can filter and search for specific requests or hosts, making it easier to focus on relevant parts of the traffic. Context Menu: Right-clicking on an entry provides a context menu with various options, such as sending the request to other Burp Suite tools for further analysis. Interactivity: The Site Map is an interactive tool that allows you to manipulate and analyze the captured traffic in real-time. Use Cases: Analysis and Debugging: Identify patterns and anomalies in your web traffic for analysis and debugging purposes. Security Testing: Spot potential security issues, such as vulnerabilities or unusual behaviors. Mapping Application Flow: Understand how different paths in your application are accessed and interacted with. select all URLs and right click -> delete selected items ( we don't need them ) launch the app and watch what the app send when it execute I launched "Mythic Su*moner" and this traffic get captured But Most games use SSL pinning and they don't show the full trafic even when intercepting with them . in this case we need Frida to UnSSL it. ( u can use it to bypass root detection aswell ). SSL pinning, also known as certificate pinning or public key pinning, is a security mechanism employed in applications to enhance the security of SSL/TLS connections. It involves associating a specific SSL certificate or public key with a particular domain, and the application will only accept connections with that specific certificate or key. Normal SSL/TLS Connection: In a standard SSL/TLS connection, a client (e.g., a mobile app) connects to a server, and the server presents its digital certificate to the client during the handshake process. SSL Pinning Process: With SSL pinning, the client embeds a specific SSL certificate or public key within the application. When establishing a connection to the server, the client checks whether the server's presented certificate matches the embedded certificate or public key. Verification and Trust: If the presented certificate matches the pinned certificate or key, the connection is considered trusted, and the communication proceeds. If there's a mismatch or the server presents a different certificate, the connection is rejected, preventing potential man-in-the-middle attacks. Using Brbsuite To listen to the game traffic is man-in-the-middle attack. that's why Most of the trafic is rejected in the 1st capture FRIDA Connect your phone with ur pc via USB & and inject an Agent into the process to UNSSL Pinning : when You UNSSL the game you get More Trafic : With this traffic UNSSLed you can play with it, inspect it and modify it with the repeater ( this is how you hack the server-side ) this method called Tampering data. How to Identify Server Data and Local Data. Select the inapps.appflyer.com and watch it when you play every changement in data ( server side ) get registered by this url ( most cases ) it will send a gzip to server and save it there . any local data will be saved in your machine ( android device ) or memory and the inapps.appflyer.com won't send a request. Some games use SOCKET to connect the game and the server and keeps the connection open until the game get terminated or the server get shut down, with burb you can Intercept sockets aswell. TIP : while you intercepting traffic from burb open the lib with IDA pro to dissassemble it. IDA make sure IDA fully dissassemble the lib by showing idle on the buttom go to the functions menu hit ctrl + F to start searching for keywords I mentioned at the beginning ( gold , items name , coins , player stats etc ) when I search for the keywords no functions / methods found that mean the logic and the data proccess isn't in the lib nor in the traffic ( most of them ) that means the only way to store the logic is in the files in this example game. if you found functions your starting point start with frida, you can use Frida to hook it and track the pointers and afterword GG to create a script. Decrypt LUAC take the apk and unzip it ( open with rar / 7zip ) you'll end up with the game files and Done the logic is found in the game files , the game use lua to run with C and cocos2d. but the game won't leave the game logic and codes open and public the must use some sort of encryption to it , for that they use LUAC is the Lua compiler responsible for taking Lua source code and transforming it into Lua bytecode encrypted. try another file : notice : i0lzCcmB1Cjxk6DpvlmdPINybrXXeBA1 each file have this signature at the start ofthe it IDA & LUA Decryption and Encryption for cocos2dlua. copy the signature and search ida for it but this time in the string if found you should find the key aswell : I use IDA & LUA Decryption and Encryption for cocos2dlua to decrypt the files. after it's done every file will be unencrypted and easy to read : and with that data you can create anything you want / mod / script etc Why not just frida? to use frida you need a pc ( termux users isn't included because you just need a pc to use frida -_-) agents ( frida scripts ) isn't portable you always need your pc to use the script powerd with usb I mean too much pain that's why in my opinion GameGuardian is the best choice you can run the script anywhere anytime + lua much easier than js. not all libs work with libc and not all of them contain usefull resources like the example above. ---- tips : the data should be stored in -server -local machine ( your device ) the game files "apk" ( your device aswell ) look at these 3 places to find the game resource. game logic either in the files or in the lib ( like il2cpp ) android games can't afford Hosted Hypervisor for the logic processing. I can update this topic, comment out what you want to know more about ( exluding server-side hacks ) I won't provide tools all you need is your brain to outsmart devs.

New version 12.0.1.3.4 released!

New version 11.6.1.4.12 released!

Just follow my tutorial

New version 11.5.1.5.1.x64 released! I added 'Search mode' for users that have problems running this script. This release also replace 'old cars unlocker' and 'single car unlocker' scripts.

https://www.mediafire.com/file/mepx82j23mrw33c/rr3_car_upgrader.v11.4.1.4.9.x64.bin.lua/file

New version 11.4.1.4.9.x64 released!