Leaderboard

Most tutorials on hex patching do not explain how hex patching works. I'll explain exactly what hex patching is and how it works, from the very beginning. @MainCand @BadCasedid a great job explaining, but they didn't go in-depth. To understand what the libil2cpp.so file is, you have to understand how the game's libil2cpp.so file is generated. All games with libil2cpp.so files are made with Unity's Il2cpp Backend. Unity is a game engine where you write your code in the C# programming language, and the engine compiles it into an apk. Most of the game's code, such as the 'headshot' method, is converted from C# to IL (Intermediate Language) to C++. This C++ code is then compiled to assembly code, which is encoded into hex and stored in the libil2cpp.so file. Different devices use different assembly languages (called architectures) - android has armv7 (32bit) and armv8 (64bit). There is a libil2cpp.so file for each architecture. In most Unity games, there is armv7, armv8, and sometimes x86 support. In armv7, armv8, and x86, all assembly instructions are 4 bits long when encoded into hex. When the game executes a method like the 'headshot' method, the hex for the headshot method is taken from the libil2cpp.so file for the device's respective architecture, decoded back into assembly code, and run. This is not the exact process, but I left some information out and simplified some stuff. To visualize this, I like comparing c code to assembly code to hex. Arm Hex Converter Online can be used to converted between assembly code and hex, and Compiler Explorer can be used to convert c code to assembly code. There is currently no way to perfectly convert from assembly code back to c code, so you will have to learn assembly code to understand it. So what does Mov R0, #1 bx lr mean? I like looking at it in c. This is the same as: return(1) There are multiple ways to write this in assembly, so compiler explorer might contradict us. But Mov R0, #1 bx lr is the simplest way to do it. Let's make up an example of how we would use hex patching and walk through it step by step. Say that the offset for the 'headshot' method is 0x67AB0AB. This means that the function's code begins at the 67AB0AB's byte of the libil2cpp.so file. The offsets are usually in hexadecimal - this is what most hex editors use, and what most tools / resources like dnspy and Il2cppDumper use. This represents the decimal (base10) number 108703915. So, we know that the function begins at the 108703915th byte of the libil2cpp.sp file. If we go to this offset in our hex editor (most hex editors use hexadecimal offsets, so we go to offset 67AB0AB, the first 8 bytes are 06 00 00 15 00 88 FC BF. Each assembly instruction is 4 bytes, so we are looking at the first 2 assembly instructions of the function. We edit this to our hex (if we want to working with armv7, and we want the function to always return 1, we use the hex 01 0 0A0 E3 1E FF 2F E1, which decodes to Mov R0, #1 bx lr . We only have to edit the first 8 bytes (2 instructions) of the function because if we always edit the first instructions to return, the function will always return before it executes any other instructions. This is how return statements work in almost all programming languages. For this reason, we edit only two instructions and do not have to overwrite the whole function. We need to edit two instructions and not just one because return(1) takes two instructions in assembly. If we want to return a number that cannot be expressed in one statement (ex: for armv8, the maximum number you can directly use is 65535, or 0xffff in hexadecimal), or we want to do something more complicated than always returning a number, we may need more than two instructions. In this case, we overwrite as many instructions as we need. If our new function is very complex, it might be longer than the original function. This will rarely happen, but just in case, you should use workarounds when your new function is long. I do not currently know how to find where a function ends, only how it starts. A .so file is a linux shared library file (armv7, armv8, and x86 architectures use linux), so if anybody wants to try to find out an easy way to find out where a function ends, or even better, a way to list all of the functions in a given .so file, (it would be awesome if somebody does this!), this is a starting point to start researching. Hopefully this is a helpful guide and it explains hex patching in-depth! Sorry I wrote so much, I got a little carried away NOTE: In most assembly languages, including armv7, armv8, and x86, the numbers 1 and 0 are used respectively instead of true and false. The hexadecimal representations of 1 and 0 (0x1 and 0x1) can also mean true and false respectively.

you use emulator. i dont use emulator so i cannot say for sure why. maybe choose different memory ranges other than Anonymous?

yup

already checked it. for the latest version 1.8.2 its still working.

Yeah that's the tricky part; that's why i suggest step #2 using Ghidra and using breakpoint. - The purpose of this is to make read things easily as Ghidra will offer current task that process are doing. Also you can set breakpoint to pause the task momentarily, although you can do it with CE but you need to find the right address first; unlike Ghidra. - Sandboxing the game allows it to only the game that's running; if you have Android Emulator, you probably got background system apps/service that running and that's the challange when attaching a debugger to an Android Emulator. Although you can just do it remotely that really slow or using an Android Debugger app (If it's exist and I'm not sure if the features will equal to current standards) That's a challange for Reversing the game; it's good to assume but you had to find another when it's not. Honestly, you can keep experimenting everyday; notes on the progress; and eventually you will get somewhere. Good Luck on your findings!

for Invisibility gadget..uses and duration. search = 1.0F;1D;-1D;1D;5.0F::17 if you get it right..there will be only 10 results. refine to Float values. first set of Float 1 and 5 is the one you need to edit. the other set are only for visual change. values will stay edited as long as you in the game. once restart..need to search the original value again.

Few months ago i met my friend xXRuitXx on androidrepublic.org who released some good candy for the android cheatercommunity. This very young and talented guy was the first one of much modders i found who was open for my plans to bringing the premium hacks (its standard on pc scene) to android. Some good sites like androidrepublic.org or alphagamers have some interesting solutions but they did it wrong. The VIP model is very old and what never worked on pc hacking scene cant work on android community. Thats why we going another way. I sell hacks since 10 years on www.artificialaiming.net, have some experience with this business and i know what people want for their money. We already tested this with our first real androidmulithack release for the game critical ops, with some success. In the near future you can find here some new premium stuff for big games but we release allways a exclusive and free light version for each hack we sell. A special thank going to the father of our great gameguardian.net community SIR @d2dyno Without him and the amazing work of our coder @Enyby we never could give you the experience of advanced gameplay here on www.gameguardian.net PLAY GAMES YOUR WAY!!!!! Our new Premium Project is called APK - Android Premium Killers powered by gameguardian.net

Next days we release our War Robots Engine Hack with exclusive Gameguardian Support. A made few video where you can see the power of our multihack in combination with gameguardian. FEATURELIST WILL BE: ESP, Chamz, ESP Lines, Enemy INFO AIMBOT TELEPORT BEACONJUMP MECHMAGNET ENEMYPUNCHER Fly NO Clip Float Safezones (like god mode) Speedhack (hack) Speedhack (gg) Timejump (gg) And some others...

View File PUBG - ADVANCED script English Im not the creator of that script. I only translated it. The Script contains a lot of Features, most of them work and it seems in the current english version is the Anti-Cheat disabled, but after logging Network packages i saw that they flag most features without to ban yet. 1. To use it start gg and game 2. Kill game gg akd restart it without protection 3. now you must be fast. If you see developer logo, fastly open gg and start autosearch. 4. The script is splittet into hacks you can use into lobby and on the batttlefield Have fun Submitter geribaldi Submitted 03/19/18 Category LUA scripts

Whoooohooooooo. ViP section updated..... VOTE FOR SELLING PREMIUM LUA SCRIPTS TO FILL THAT SECTION FAST ?

Hello guys, We are very happy to see that our lua feature get some success. But we noticed that some guys leek and use functions whats not made by their self to sell other guys work here. We have no problem if you advertise selfmade vip scripts on our side, but if we find out that you use functions what made by others people (we will decrypt everything you upload here) without to post credits, your content will be deleted and you get banned. Leachers and copy paste guys are the shame in the hacking community, especially if they make money with other guys work. If you use other guys functions, you can upload it here for free, but you have everytime to post the credits in the mainpost of your upload. If you dont know who made because a functions is a copy of a copy of a copy of a stolen script....you can write "credits: to a unknown guy" At reversers and guys who made the real work: if you see your functions in other scripts without credits to you, pm me with a small prove that you are the creator and we will remove it from our site. Its very frightening to see that there are some script kiddies who make money with stolen scripts. You guys are not welcome here!!!! Geri

How much?

Post moved to a separate topic: GameGuardian work without root (#jcig3ot)

How to understand that you can use unrandomizer 1. Start the game. 2. Open the list of unrandomizer functions so that it loads. 3. Make the necessary actions in the game, which, presumably, are associated with random numbers. 4. Re-open the list of unrandomizer functions. See if there are green timers in the first column. If they do not exist, the unrandomizer will not work. If so, you can try to set some value for the unrandomizer and repeat the action in the game to see if there is any difference.

How to write a simple script In short, the process of creating a script looks like this: 1. Make a list of actions to achieve the desired result. 2. Perform them manually, in the interface, to check that everything works. 3. Then start each item in the code. To do this, see what functions are, what parameters they take and select the one you want. 4. Test the script, correcting it if necessary. For example, you need to crack some game A. 1. Make a list of actions: - find dword 123 - replace the first 100 results by 456. 2. Perform actions manually: - search for dword 123 - replace the first 100 results by 456. - make sure that everything works as it should, the game does not crash and so on. 3. open the help on scripts: https://gameguardian.net/help/ Go to the function description page: https://gameguardian.net/help/classgg.html Take the first action "find dword 123" and browse the list of functions until you find the one you need. In this case, this is mixed searchNumber (string text, int type = gg.TYPE_AUTO, bool encrypted = false, int sign = gg.SIGN_EQUAL, long memoryFrom = 0, long memoryTo = -1) Perform a search for a number, with the specified parameters. More ... Go to the function description, study it: https://gameguardian.net/help/classgg.html#a7efd4ac7766e72688cb4a84a3915721e Write the first line of the script: gg.searchNumber ('123', gg.TYPE_DWORD) Let's move on to the second action "replace the first 100 results by 456." We read the reference again. We see that we need two functions: mixed getResults (int maxCount) Load results into results. More ... mixed editAll (string value, int type) Edit all search results. More ... We pass to them and read: https://gameguardian.net/help/classgg.html#a57d16baba0f36e4dd157e25774b8977a https://gameguardian.net/help/classgg.html#a5f859e6f707b2336152411b19fea7603 We write down the following two lines of code: gg.getResults (100) gg.editAll ('456', gg.TYPE_DWORD) Continue until you have written the script completely. In this case, the script is already ready: gg.searchNumber ('123', gg.TYPE_DWORD) gg.getResults (100) gg.editAll ('456', gg.TYPE_DWORD) 4. Save the script, run it in GG, check the correctness of the work. This example is very simple, but it shows the essence. As an extension of the script, you can add cleaning results at the very beginning, setting search regions and so on. For more complex scripts, you need to understand the programming language lua and the ability to write code.

Same Problem, phone restart after pressing the "restart without protection" button Log_2017-12-12_02-47-39.txt

I will never understand why asia people ignore that most people on this planet speaking english. Everyone who make scripts, hacks, coding stuff etc...release his work in english...except people from asia. Annoying. Script is useless

Sure. AUTOsKILLz.Net

Pixonic changed their protection to a more difficult one. We are still working on that Gesendet von meinem SM-G930F mit Tapatalk

Seems the gamedev closed that channel

Yeah i know. I tryed to use timejump without "go to desktop" (my phone is to fast, there is no time to go to desktop without that the game closes) and it works too. Sometimes i get a "security error message where you must close the game" Good job sir. Only aimbot didnt work, gamecrash

Do we need to do this step one time or more times depends from detection?

How to use the anticheatexploit?

Their is no antiban. We disabled the anticheat to use gg without risks. If other players report you,you can be banned. The best is to use a second account to hack. You need 3 hours from level 1-20 with the hacks And gentlemens,this is no mod. This is a full engine hack of the game. Only few things arr premodded

Ah, you are the owner of http://www.sinfulandroid.net/downloads/techx-hack-pack/ I tryed to contact you. Did you found any solution with il2cpp in your game? Your idea its not bad. We have now a protection system where the hack self is in the server and not in the apk. The apk only work as loader similar to pc hacks with some leak protections. We have some success with that. The big headache make il2cpp but im sure we found a solution to inject code or similar things.

If anyone interested to get a private Hack for Critical Ops PM me. FEATURE LIST: *SILENT AIM (shoot near target and you kill them easy, looks legit) *ESP(Wallhack) (it changes the color depend from enemy health) *Meleerange 5m (knife them from distance) *NoFlash (dont care about flashnades) *CROSSHAIR (use sniper riffles without zoom) * Fast Reload * Minimap Hack (see all enemy on the map) * INGAME Hackmenu (MAGIC BULLET AND ANTIAIM IS NOT INCLUDED BECAUSE ITS HIGH RISK OF BAN, IF YOU REALY $$$$ WANT IT, TALK WITH RUIT) VIDEO: https://quik.gopro.com/v/AQBSNoRrlu/ This is not a gameguardianservice at this time!!! REQUESTS Only via PM or Discord!!!! https://discord.gg/CxD7S You can downlad discord on https://play.google.com/store/apps/details?id=com.discord

This is the original Version of xXRuitXx legandary CritOps ESP Hacks updated to latest Version 0.7. If you be interested for a NOT FREE privat Hack with more features like Aimbot, you can pm ruit or me. Maybe ruit has a solution exclusive for you?

A amazing Job did Sir @Aufar_R All known Memoryhacks in one Script. Thank you SuperCheat.lua

I hope your real job boss know about your knowledge and experience @Enyby thats not the first time im amazed about the deep of knowledge you have in a lot things. Respect

You made my day enyby. I saw xmodgames use lua too. Ia it possible to protect lua scripts?

Hello community, Some people asked me to release how i did the teleport&flyhack So here is a small guide how i hack this game. On this compilation i uploaded you can see whats possible There are two methods of hack the game 1. Hacking game timers/countdowns like 15 second countdown at roundstart or special features of bots like griffin or stalker (ammo, weapon timers are serverside and cant hacked with that method) You can easily hack it with the timejump feature of our gameguardian app you can download on this website You need to activate the 6. Timer (app) in GG timersetting Then enter the seconds you wanna hack. Thats all. For faster using we will release new version of GG with timejump floaticon next weeks 2. For using teleport and flyhack (you can teleport inside buildings to beeing invulnerable) You need to activate the 3. Timer (others) in GG Timer Settings Now its a litte bit tricky. Use slow walking bots its more save to prevent unlucky teleports outside the map Use timejump 1 second and then move the joypad around (see my video) Best results you get if you turn your bot 180 degree's against the direction you want to move Its a simple exploit of the netcode what try to sync playerpositions Both methods are undetected because they cant log that. But be warned, all other players can see what you do an someone will report you if you fly with rajin across the map It makes a lot of fun, you can epic trolling other players Have fun, geri All credits to me and our team at gameguardian.net

Sounds you are satisfied with this new generation of android hacks?

Yeah we are looking for a solution to break il2cpp

We need gg especially in games with il2cpp

No @NoFear, First we have two new forum sections here. ??? The first is for hacking multiplayer games with gameguardian with my hope you can fill it with your experiences. This section is for mods and hacks (please notice that hacks are not the same like a mod or hacking with gg) we will share here. Our public releases contains few premodded features and things what realy hacked with dll injection. We planning over the air injections in future where hacks injects into a game online to prevent leaks, like alphagamers.net but better thought. Let me say, i hate this boring mods as hell what ag spreads. Most of that, excuse harsh words, is cheap shit. As i said sometimes, the future in android cheating szene will be hacking with gameguardian to change protected things what not serverside and using real hacks like our's whit features like aimbot and esp. Developers can fix mod related things but never the use of external tools. The focus of our project is fps shooters. Please give a look on this for example This cant be made with gameguardian. I love it to use a combination with both methods. Please notice too that in big multiplayer games are anticheats. For example war Robots. If you use gg with speedhack or Timejump you will be banned in seconds because codestage (worst bullshit ac ever) but it can be bypassed with hack or mod to can use gg. In know you spent some time into looking was is possible to hack in much games. In future you get some problems with that because of anticheats. But dont care, we working together and there will be solutions to break some shit for using our lovely app gameguardian.

This is exactly what we really need. We have the most powerful hacking app on the android market and a insane talented programmer enyby who spent a big part of his lifetime into this project. I know a lot good coders, hackers and skilled modders but there are only a few where i can say "this guy life for high quality work" no bad code, no copy paste stuff....nerver "half work jobs" Without enyby we would have a standard memory editor without a big difference to other tools. As i moved from pc hacking scene to android few years ago i used other tools because of "easy to use" but after i have seen that gameguardian became more and more features, more stable and more, most support for different devices, emulators etc. And last but not least a never ending development, so i went complete to this insane application. "Play games your way" (i love this sentence since more than 10 years) is unthinkable without gameguardian. But the problem is the power of this tool. Im a pro cheater but we have so much features that i can only use a small part of them. I have not the experience to use them all because i never learned to code. And 90% of our members have the same problem. We want to hack, we have biggest tool ever, but nobody know how to use. Its like we have a very big p*e*n*i*s and want to fu*ck a girl but we can only do it a little bit because we dont know how to use it rightly ???? And thats why i give you and guys like @NoFear a very big thank for the time you spent to make guides for us "noobs" I know that's a unthankable job but you can be sure there are a lot cheaters like me what see the work behind that and im more than thankful because you help a lot with that guides. Your are absolutely welcome here. Please dont care about "isnt easy to find" we give you full support on our forum and we handle that. Maybe with a gameguardian wiki what will be more clear. Thank you sir's!!!

Yes, ruit will upload it tomorrow

Are you from ag? Read pm on discord _______________________________________________ added 3 minutes later We have now a official discord channel Our Team Name is ANDROID DOMINANCE https://discord.gg/qnQeZkM Please join us for requests, you can ask everything there

Pm me

Hack isnt beta. Its the release version. Sorry. _______________________________________________ added 2 minutes later Check pm

Updated Hack from XxRuitxX. NoSpread/Norecoil is not included because Serverside Anticheat detect this features.

Hack updated to latest version 0.7

Yeah he did it. Gimme me five Minutes.

Yeah, without aqua/water we cant exists

Works fine on my s7 with nougat

@Enyby Would be nice if you can add nougat support GG still work for me on 7.0 bit timejump freezes the game Log_2017-02-03_17-24-27.txt

Lol wtf Im so stupid. But seems i have a mod where i can by all without money

@Skullboyq Smali/Baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The names "Smali" and "Baksmali" are the Icelandic equivalents of "assembler" and "disassembler" respectively. Little example: Old games "anticheat" was to scan for appnames on user phone. If they found "gameguardian" you cant start the game. To crack that you can open a apk and search the smali files for "gameguardian". Delete this string recompile the app and you can play with gg (Sorry eny for hijack your thread)