Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 03/10/2023 in all areas

  1. Last thing I forget to mention , the company of grim soul changed and the dev are patching it's inner function and method etc , the game became more depending on LIBC -- and this open the usage of FRIDA , and hacking became more easy ( frida will reclone libil2cpp and perform trampoline hook on every class , method etc ) editing libil2cpp dynamiclay real-time and require no knowladge of assembly language , all you need is basic level of node js code or python , here is a tamplete I wrote for hooking il2cpp with FRIDA that work on grim soul : var lib = Module.findBaseAddress('libil2cpp.so'); function awaitForCondition(callback) { var i = setInterval(function () { var addr = Module.findBaseAddress('libil2cpp.so'); if (addr) { clearInterval(i); callback(+addr); } }, 0); } Java.perform(function () { // this will get the base adderess of il2cpp awaitForCondition(function (base) { lib = ptr(base); if (lib != null) { console.log('lib = ',lib) // this will print the start address of il2cpp in memory }}) }) // copy and paste the code below for multiple method hooks or create a function that does this Interceptor.attach(lib.add(0x1C665E0),{ // change the 0x1C665E0 to the offset of method and the function is hooked ( RVA or Offset in dump.cs) onEnter: function(args){ // time = 0 when the method is called // console.log('args : '+args[0]) arg[0] = R0 (they are the registers in CPU I guess) }, onLeave: function(retval){ // return value of the function // console.log('retval : '+retval) retval.replace(ptr(0x0)) // this will replace the return value to the one you want }, }) --> FRIDA --> Tuto on how to use FRIDA on il2cpp games you can call any function in the il2cpp with it with the parameter you want.
    1 point
  2. • its a field pointer sweap • in grim soul they use pointers in the field values , • "somthing"ScriptNode classes and entity are the main classes for almost every object in the game, • game functionality is based on tables similar to lua , • every item , event , actions etc are just strings , similar to Decision Trees Games ( in 3d ) • stringlinear.json file will be helpful in creating a powerful script for grim soul •( many traps set for hackers such as poker , sanct.. , friend chest keys etc) •you can use pointer sweap in many cases , il2cpp patching is powerful ( you can search for ENUM and lookup what methods / fields use these ENUM and patch them ) •you can patch echeckwall method etc using ENUM values to build upon anything including outside your home •pet rarity , gender , color is used by somthing ScriptNode you can patch it using ENUM • Error handdler in the game is based on ENUM also, 1 , 2 , 3 , 4 etc same for Echeck wall foundation etc the response should be OK enum , • you can exploit error handling to unban or manipulates requestes server-side ( I guess ) • igrim class will hold all the server-side data and encrypted data • hooking ENUM for il2cpp patch u need to use stringlinear.json file to get the offset of string in CB region • patch : use LDR to load the string pointer into a register then BLX to call a function that use string as parameter * use with caution * ( Not recomanded in grim soul since its heavy depending on strings, most of the time it crash for me ) • gg alloc memory will crush the game ( idk why )
    1 point
  3. U can just search the utf-8 for example: gg.searchNumber(":(text here)", gg.TYPE_BYTE, false, gg.SIGN_EQUAL, 0, -1, 0) gg.clearResults() If you're not sure you can use the "record script" function in GG. Which you can find it here:
    1 point
  4. Watch on Youtube: Filters - GameGuardian
    1 point
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.