Leaderboard

surprisingly, this script still works fine with the latest update! thank you, Mario!

New version 10.8.1.5.7 released! 64bit only, sorry

Here's a complete guide to modifying currency. Tested today on energy, gems, and gold: https://imgur.com/a/G1h0MlK

View File Real Racing 3 (11.6.1) AutoWiN Hack REAL RACING 3 AUTOWiN HACK Current version: 11.1.1.5.10 RR3 working version: 11.1.1 Description: Automatically win any race without play. Instructions: 1. Before run this script is highly recommended to logout and restart the game. 2. Win your wished serie then go to profile and check total completed events. 3. Restart the game again. 4. Check total completed events again to see if something went wrong. If you run script in background (default) you have to stop it manually After several wins a game restart is racommended too. Run the script then select any race to win it automatically, or, if you don t run it in background, select race before run the script. Known issues: After several races the game can become unstable, so occasionally restart it to avoid game crashes and loss of game progresses. Video: Submitter MarioRossi93i Submitted 07/09/2020 Category LUA scripts  

Currently i am trying to hack/mod asphalt 9. While hacking it i found out that asphalt 9 doesn't use il2cpp or ue4 libs they have custom lib named as libAsphalt9.so and i tried to find metadata.dat file but unable to find it. I thought that libAsphalt9.so could be dump by ill2cpp dumper but without metadata file i can't do it. If anyone knows please help me. It would be great way to increase our knowledge. @NoFear

Introduction Starting as a legit player, I have been playing Brave Frontier for around 2 months. After that I got bored of the game and decided what exploits could be done to this game to get more fun out of it. Initially, I leeched off damage hacks and stats of my units. This made the game fun but there was never a mod that gave me exactly what I wanted, thus, I started to learn how to mod the game myself through tutorials. Learning ARM from scratch has been quite a challenge for me even with some programming knowledge. As I have seen motivated people wanting to learn how to mod as well as the lack of tutorials of how to get started, I decided to write this guide to help people out as well as get help from people that will eventually surpass me. While I started from scratch, I have been trying to tinker around with IDA Pro and might use some rather advanced terms, please notify me if you do not understand anything so I can make the tutorial easier to understand. Update: I can be found at trybeat.us, come join the community! More guides will be written there too! TL;DR Started Legit Got bored Leeched hacks Hacks not what I want Learnt to make own mod Now want to teach others how to mod Required Tools · IDA Pro 6.1 · HxD · WinRaR for extracting the apk file · ARM to ASM Converter Optional Tools Here are some extra files that are good for your reading reference/ modding reference · Original 1.1.6 Brave Frontier Global libgame.so · Book on ARM · Android Multi-tool (For non-rooted devices) Steps Now, let us get started to finally make your own mod for brave frontier with all the hacks that you yourself can customize! Step 1 (Preparation) 1. Install IDA Pro as well as HxD, how this works is you will look for the parts to edit in IDA Pro and edit the file using HxD. This will be explained later on 2. Download the latest Brave Frontier apk file 3. Open the apk with WinRar and go to lib>armeabi>libgame.so 4. This is the file which we will be going to mod, so extract it somewhere where you will be able to access it later on. We will need 2 copies, 1 file for viewing with IDA Pro and another for the main modding with HxD. Try to take note which one is which to prevent confusion. Step 2 (Opening the file to mod) 1. Right-click your libgame.so and open with “The Interactive Disassembler” A.K.A IDA Pro. 2. You will come across a “Load a new file” window, this is for IDA Pro to set up the program for you to do your viewing and editing. 3. Ensure “ELF for ARM (Shared object) [elf.Idw]” option is highlighted as well as the “Load resources” checkbox at the Options pane. 4. Click OK and wait for IDA Pro to load! This will take quite some time as the file is generally quite big 5. If you see this “ARM AND THUMB MODE SWITCH INSTRUCTIONS” window pop up, click okay and let IDA Pro continue its loading. 6. You can track the progress at the top where there is a coloured bar and arrows pointing to where in the file is being accessed, it is quite obvious when it is done, here is a screenshot of when the loading is completed. Step 3 (Getting Information for modding) 1. Finally! You have managed to load everything! Now is the time to start getting information to do the modding! But how to start? Everything looks so… alien D: 2. Don’t worry, let me start you off with some simple mods such as stats which can be found using simple keywords and experimenting: · Monster Stats -> MonsterUnit::getMaxHP() (set R0 <- you will know what this is for later) 3. You can search by clicking on the “Search” Tab up at the toolbar of IDA Pro or use ALT+T to search for the terms. To go to the next searched term, use CTR+T to go to the next term 4. Let’s set the monster’s HP to 1 in this tutorial as an example of how to mod. Search for the keyword “getMaxHp”, keep going through the search until you find “MonsterUnit::getMaxHP(void)”. This will be the method you will want to modify to edit the HP of the monsters (Look at the highlighted part). 5. Well, if you can “kind of” read the English, you can see there is some blue text that says “blabla…getBaseMaxHp…blabla”. Logically thinking and with some common sense, this should be some “magic” (Let’s call this a function) done to get the HP of the monster… right? 6. To put away some technicalities, this function stores the retrieved HP of the monster in this storage “R0. These registers stores a number up to 255 in value. This is known through reading further into the function and reading the codes. You can view these stuff by clicking on the function and scrolling down to see the whole thing although not really advisable due to its complexity. 7. Now, we know that this function gets the monster HP and stores it into the register R0, what if we forced R0 to always be 1…? That would be awesome right? 1HP Monsters all the way! But what do we need to know in order to edit? The codes look too hard to edit right? Here are some commonly used codes for ARM that is used for modding: · MOV <Target>, #<Value up to 255> (Setting the register R0 to 0 would be MOV R0, #0) · ADD/SUB/MUL/DIV <Target>, <First>, <Second> (For bigger numbers, e.g. MUL R0, #30, #30 makes R0 store the value of 900) · ADD/SUB/MUL/DIV <Target as First>, Second (Similar MUL R0, #30 will multiply the value in R0 by 30 and store it back into R0) 8. Now we want to set R0 to 1 in order to make the monsters HP 1, there are 3 things you need to know and confirm: · The address of where you are editing, which is on the left (In this case its: 00348A22) · What is your intended modifications (we want to set R0 to 1, so the instruction will be “MOV R0, #1”) and its direct translation modify the program (I will explain this later) · Is the modification the same length as the original? (Not in this case, I will show you some stupid remedies that can be done, Step 10. If it is the same length, you can directly replace. If it is shorter than the original, it is best to place it at the bottom of the whole function so that other codes will not affect your modded codes) 9. For step number 3 in part 9, you can check if the length is same in the Hex View-A tab just below the blue-ish bar at the top. This is what you see when you click on the function. To compare the length, usually the mod codes used is 4 alphanumberic characters, in this case it is twice the length of what we need, what I usually do is just repeat the command twice. This can be done as we are setting the R0 to 1. You can also use codes which does nothing, these can be done through NOP(No Operation), or you can put 00 00 to make it not do anything. Examples of alternatives that can be done: [ 01 20 ] MOVS R0, #1 [ C0 46 ] NOP or [ 01 20 ] MOVS R0, #1 [ 00 00 ] 10. Now we have 2 need-to-knows done, the last part is the translation which can be easily done using the program I have provided above. Use the ARM to ASM Converter program to convert the code to the 4 alphanumeric characters which can be used to replace the code later on. Here is the screenshot, hopefully it is self-explanatory: 11. We will use the 2-Byte translation. If you want to have a preview, you can edit the code in the Hex View-A by right clicking and pressing “Edit…” or F2, then typing in “0120” twice. This is what you should see after doing that In Hex View In IDA View 12. Note that if you want to set R0 to above 255, you will have to multiply them. Here is an example: MOV R0, #30 <- Making R0 set to 30 MUL R0, R0 <- Multiplying R0 by itself to total up to 900 and storing it into R0 (From command above) 13. Now we have confirmed that everything looks okay, we will finally do the real modding. A few more steps before our mod is done! Step 4 (Modding the real deal) 1. Now we have the 3 need-to-knows, you want to open the other libgame.so (Yes, the one you did not touch at all) with HxD. Here is what you should see 2. Yes, it looks confusing, you don’t need to know what is all these. It is actually the 4 character equivalent to what we saw in IDA PRO, however, we are able to edit the values directly in this program. So we need our address, the first need-to-know! Aha, 00348A22! 3. You can go to the address by pressing CTR+G or through the Search tab, search the address and it should bring you right onto it! 4. Now you are at that area, try not to use your arrow keys to navigate around as you don’t want to accidentally touch other parts of the code! The 2nd need-to-know, which is the length and intended modification will be needed to replace the original code (01 20 01 20). So go ahead and type it in. 5. Save and you have successfully modded your libgame.so, all that’s left is to copy in and ensure your brave frontier works with your mod! Congratulations for making it this far! Step 5 (Loading the Mod) 1. Hurrah! We have finally modded the libgame.so file! Now how do we loading it in? 5a (Rooted devices) 1. For rooted devices its easy, copy the libgame.so into your phone and move it to /data/data/sg.gumi.bravefrontier/lib/ directory 2. You might want to rename the original libgame.so in case there you screwed up the mod or want to revert back to the original. I have provided the original libgame.so for the version 1.1.6 in case you deleted the file. 5b (Non-Rooted Devices) 1. You are going to need to sign the apk before installing it back. 1. Once you are done with the libgame.so, move it back to the same place in the apk using WinRAR. 2. Extract the AndroidMulitiool folder into your C:Disk 3. Copy the .apk with the modified libgame.so into the files section of the AndroidMultitool (not needed but recommended) 4. Make sure the .apk doesn't have any spaces in the name of it. (Eg: BraveFrontierMod.apk) 5. Go back to the AndroidMultitool folder and run the AndroidMultitool.exe. 6. Go to Signing and click on the ellipses [...] and go to the location of your .apk with the modified libgame.so (C:\AndroidMultitool\Files ; if you moved it to the files section as recommended.) 7. Click sign. 8. Go to your C:\AndroidMultitools\Signed_apk and you should see name_signed.apk (Eg: BraveFrontierMod_signed.apk) 9. Rename it to whatever you like. 10. Move it to your device, install, and play. Conclusion While the guide is lengthy with lots of words, I have tried putting pictures to make it easier to understand for beginners. After all, I was once a beginner and learnt modding through tutorials and videos. I hope experienced modders can help make my guide easier to understand as well as help me out with more advanced stuff. (PM me!) For those that has managed to complete their very own first mod, here is a challenge for you. Can you find the function that will modify your stats (most of you guys like 2katk/4kdef mods)? J *Hint* You will need to use multipliers stated above to make your stats more than 255, thus needing at least 2 lines of instructions. This is my first contribution, I hope it isn’t as bad as I think it currently is :x I hope some of you learnt something from this guide! Thanks and Happy Modding! Credits I would like to thank Optimum for the steps to load the mod into your non-rooted devices and AnonThanatos for alternatives of filling up spaces with nothing instead of repeated codes to make it less confusing.

Thank you so much, it really helped me a lot. I also wanted to do the same as it is a hassle to eat foods everytime I battle a boss

Hi! IDA by default only dissasembling bytecode into set of instruction, this is harder for starters because they also need to learn assembly language. For easier read, you can use Pseudo-code plugin on IDA. - If you're using IDA Pro crack version, you need to find IDA that has Hex-Rays feature to able use Pseudo-code. - Use CTRL+Enter to open a new Pseudo-code window in IDA - You can search IDA 7.0/7.2 (I forgot) that has Hex-Rays feature. Alternatively, you can use Ghidra. It's a similar app to IDA and it's Free. I think they also have some Decompiler that able to create a Pseudo-code from plain library (I haven't test it yet, so IDK). Or you can learn Assembly itself, usually concatenate MOV, JMP, BL Instruction would lead to an Offset. Anyway here's some Reference related to Assemblies: - Hex-Patching - Libil2cpp.so Editing

View File KICK PLAYER VIDEO HACK Forward assault Antiban script please rate and comment and i update to script thanks guys • GAME https://play.google.com/store/apps/details?id=com.blayzegames.newfps •Hacks -SKINS -NO NAME -FLY HACK •KICK ALL PLAYER https://rumble.com/v1vrcig-kick-player.html •NO NAME VIDEO https://rumble.com/v1qqfvg-fwd-no-name.html •Weapons SKIN VIDEO https://rumble.com/v1u82ls-skins-hack.html • FLY HACK VIDEO https://rumble.com/v1v2gi2-fly-hack-fwd.html Submitter Yee77 Submitted 10/27/2022 Category LUA scripts  

The pointer along with the video is posted in the previous posts... i did change it a little bit to find the exact item...I had to change it cuz it was giving me no results... So.. i searched..(Dword) 0;0;13;1,634,496,368;1,918,984,050;1,601,335,149;50 ... Refined 13 ...saved all '0' s i could find preceding 13... and tested pointer search on em... the one that yielded result... i copied and pasted in the id of another item... The buff thing is just a calculative thing... For example... a food/med buff lasts for 8 hours... So.. i search 8×3600=28800 (double) and changed all values to any other time i want... let's say 80 years... so 80×365×24×3600=2522880000 (double) Consume/apply the food/med and presto you get the buff for 80 years... This time trick is also helpful for time skip... Like you want to pass 8 years for homemade wine X... search 24×3600=86400 (double) And change all to 8x365×24×3600=252288000 (double) Now... click on the sleep/tent icon to sleep for a full 24 hours... when next day comes it will be 8 years later...

View File Hungry Shark Evolution hack currency for last version ( 9.6.4 ) this script work only in 64 bit no split ddl from apk combo : Hungry Shark Evo ( ARM8 ) Submitter blocx Submitted 10/27/2022 Category LUA scripts  

Most tutorials on hex patching do not explain how hex patching works. I'll explain exactly what hex patching is and how it works, from the very beginning. @MainCand @BadCasedid a great job explaining, but they didn't go in-depth. To understand what the libil2cpp.so file is, you have to understand how the game's libil2cpp.so file is generated. All games with libil2cpp.so files are made with Unity's Il2cpp Backend. Unity is a game engine where you write your code in the C# programming language, and the engine compiles it into an apk. Most of the game's code, such as the 'headshot' method, is converted from C# to IL (Intermediate Language) to C++. This C++ code is then compiled to assembly code, which is encoded into hex and stored in the libil2cpp.so file. Different devices use different assembly languages (called architectures) - android has armv7 (32bit) and armv8 (64bit). There is a libil2cpp.so file for each architecture. In most Unity games, there is armv7, armv8, and sometimes x86 support. In armv7, armv8, and x86, all assembly instructions are 4 bits long when encoded into hex. When the game executes a method like the 'headshot' method, the hex for the headshot method is taken from the libil2cpp.so file for the device's respective architecture, decoded back into assembly code, and run. This is not the exact process, but I left some information out and simplified some stuff. To visualize this, I like comparing c code to assembly code to hex. Arm Hex Converter Online can be used to converted between assembly code and hex, and Compiler Explorer can be used to convert c code to assembly code. There is currently no way to perfectly convert from assembly code back to c code, so you will have to learn assembly code to understand it. So what does Mov R0, #1 bx lr mean? I like looking at it in c. This is the same as: return(1) There are multiple ways to write this in assembly, so compiler explorer might contradict us. But Mov R0, #1 bx lr is the simplest way to do it. Let's make up an example of how we would use hex patching and walk through it step by step. Say that the offset for the 'headshot' method is 0x67AB0AB. This means that the function's code begins at the 67AB0AB's byte of the libil2cpp.so file. The offsets are usually in hexadecimal - this is what most hex editors use, and what most tools / resources like dnspy and Il2cppDumper use. This represents the decimal (base10) number 108703915. So, we know that the function begins at the 108703915th byte of the libil2cpp.sp file. If we go to this offset in our hex editor (most hex editors use hexadecimal offsets, so we go to offset 67AB0AB, the first 8 bytes are 06 00 00 15 00 88 FC BF. Each assembly instruction is 4 bytes, so we are looking at the first 2 assembly instructions of the function. We edit this to our hex (if we want to working with armv7, and we want the function to always return 1, we use the hex 01 0 0A0 E3 1E FF 2F E1, which decodes to Mov R0, #1 bx lr . We only have to edit the first 8 bytes (2 instructions) of the function because if we always edit the first instructions to return, the function will always return before it executes any other instructions. This is how return statements work in almost all programming languages. For this reason, we edit only two instructions and do not have to overwrite the whole function. We need to edit two instructions and not just one because return(1) takes two instructions in assembly. If we want to return a number that cannot be expressed in one statement (ex: for armv8, the maximum number you can directly use is 65535, or 0xffff in hexadecimal), or we want to do something more complicated than always returning a number, we may need more than two instructions. In this case, we overwrite as many instructions as we need. If our new function is very complex, it might be longer than the original function. This will rarely happen, but just in case, you should use workarounds when your new function is long. I do not currently know how to find where a function ends, only how it starts. A .so file is a linux shared library file (armv7, armv8, and x86 architectures use linux), so if anybody wants to try to find out an easy way to find out where a function ends, or even better, a way to list all of the functions in a given .so file, (it would be awesome if somebody does this!), this is a starting point to start researching. Hopefully this is a helpful guide and it explains hex patching in-depth! Sorry I wrote so much, I got a little carried away NOTE: In most assembly languages, including armv7, armv8, and x86, the numbers 1 and 0 are used respectively instead of true and false. The hexadecimal representations of 1 and 0 (0x1 and 0x1) can also mean true and false respectively.

those are the codes for Physical Resistance Booster. Float value is the one needed to change in order to get high percentage. see how small that value is..it less than 1 exactly 0.05999999866 = 6 in the game. see that Dword values above and below it. 1006 and 1 can be mean its the ID for that booster. scroll down or up and you will see almost the same pattern like that. Dword(big in thousand); Float(slightly less or more than 1); Dword(small maybe less then 10)

Can you update this?

new update script ZGS ZGS.lua