Leaderboard

1.545.691.265 xor 0 = 1545691265 1.545.691.300 xor 37 = 1545691265 1.545.691.494 xor 487 = 1545691265 so it is simple xor with key = 1545691265

It's xor-encryption with the key "1 545 691 265" (equal to value with 0 coins). 1 545 691 265 xor 37 = 1 545 691 300 1 545 691 265 xor 487 = 1 545 691 494 Therefore, to get encrypted value Y that corresponds to real value X, you need to use the following formula: Y = 1 545 691 265 xor X This will work, if the key is constant. If it is not, you will first need to find it out to be able to calculate encrypted values.

To use these features, you need to be constantly connected to the process. then there cause a stop in the right place. Through a software or hardware breakpoint. And then watch the registers. There is another option with step by step run. This is how gdb works. GG does not constantly trace the process. GG connected, searched and disconnected. And that's all. Therefore, it cannot be a breakpoint debugger. And you can now write trampolines, through scripts, as you described it. And when gg ptrace process it is stop on random location so get registers is usually useless. If you try throw trap without ptrace process - it will be killed by system in most cases. If GG try ptrace all time process game can easly detect it. Also it is slow down game and have some other side effects. Also GG memory editor, not debugger. It is connect to random thread of execution. You trap can never be catched if you place it in wrong place. For example you trace thread1, but trap happens in thread2. You need handle all threads or procces died with uncatched trap. Handle all threads it is not easy. And so on. It is only few exists problem. Use gdb, where such problems already solved.

Yes.

I think iosgods has lldb debugging guide for ios. It's not too different than Android. Lldb only supports x64 on Android. So you may want to do the equivalent with gdb. Heh, didn't even think to try that first Edit: For more complex Encryption, debugging could help.

Maybe with gdb. Set write watchpoint on the value. Then you'll get an offset related to the encryption. Assuming game is lib file and not dll.

I see, There alot of work need to do. Handling, hiding, lot more thing to cover up. So i stayed with trampoline. Thank you.

GG memory map can not open. There is no right or something. And to guess what memory is allocated from 4 GB possible is a little real. And if the system is 64 bit, there will be some more possible memory there.

It seems that you do not understand what these functions do. They get or set the processor registers in the current state. They can not work "in some memory address." [added 4 minutes later] It is exact how to work soft breakpoint in gdb. Except some detail. Gdb place trap instruction, you place trampoline. In any case I do not interested write another gdb. Use own scripts like this, or use gdb.

Yep, u can change any value inside register.