Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 08/08/2017 in all areas

  1. Don't know... Might not happen. I actually trying to use same method on other games by same developer. If it works, I might've found a nice vulnerability in their games.
    1 point
  2. Are your watched it? https://gameguardian.net/forum/topic/17283-last-day-on-earth-survival/?page=7&tab=comments#comment-59737
    1 point
  3. If these files are flushed to disk after decryption (which is required for running .dex and .so), they can be copied while they are on the disk. The trick is very simple - you need to know the name of the file and copy it from under the root. For copying, an infinite loop is started in the console. while true; do cp /data/data/pkg/some.file /sdcard/; done Where /data/data/pkg/some.file is the file we need to copy, and /sdcard/ is where we will copy. Run this script in the console, run the desired apk and see the desired file copied. If the filename is autogenerated and changes each time it is run, for example /data/data/com.applisto.appcloner/app_outdex/libdexprotector.16994q0.8902.so /data/data/com.applisto.appcloner/app_outdex/libdexprotector.16994q0.9114.so Then you can specify a mask, instead of the file name: /data/data/com.applisto.appcloner/app_outdex/libdexprotector.*.so Or if you need to copy several files: /data/data/com.applisto.appcloner/app_outdex/*.so Let's move on to an example. I trained on SBGameHacker 3.1 (further GH). There is some sbhack.jar in assets. It's encrypted. Run GH in the Droid4X. We pass to the console. There we find the pid of the process in the output of the ps command: u0_a57 15615 165 925264 45788 ffffffff b7508a27 S org.sbtools.gamehack This is 15615. We look at the memory regions map cat /proc/15615/maps Among other things there will be this: 14800000-14805000 r-xp 00000000 08:13 147416 /data/data/org.sbtools.gamehack/app_load2/libencode.so (deleted) 14805000-14806000 r - p 00004000 08:13 147416 /data/data/org.sbtools.gamehack/app_load2/libencode.so (deleted) 14806000-14807000 rw-p 00005000 08:13 147416 /data/data/org.sbtools.gamehack/app_load2/libencode.so (deleted) 98742000-987ef000 r - p 00000000 08:13 147428 /data/data/org.sbtools.gamehack/app_load1/sbhack.dex (deleted) 987ef000-987f0000 r - s 0003e000 08:13 147429 /data/data/org.sbtools.gamehack/app_load1/sbhack.jar (deleted) Actually, we see the paths we need. In this case, it is /data/data/org.sbtools.gamehack/app_load1/sbhack.jar Now start the script in the console: while true; do cp /data/data/org.sbtools.gamehack/app_load1/sbhack.jar /sdcard/; done Restart the GH. Done, in the root of the memory card appeared the necessary file - /sdcard/sbhack.jar. Similarly, you could copy all the other files: /data/data/org.sbtools.gamehack/app_load2/libencode.so or /data/data/org.sbtools.gamehack/app_load1/sbhack.dex The method of encryption of files does not matter. It matters only whether they are on disk or not. And if .dex, in theory, can be loaded without creating a file, then with .so such a focus will not work, which means that you can always get the decrypted file. If this is not possible at first time - restart the application until the desired file appears.
    1 point
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.