Leaderboard

Sorry for the delay on this y'all, I was away for a bit. The issue was affecting new uploads because of security changes we recently made. Should be resolved now.

I have been working on this for a long time, and it is really hard to do without a m*ded gg, even with a m*ded gg android restriction still kick in if you are not rooted. First of all. If you want to do this kind of validation avoid doing it locally, you should make it server sided. And @Xaviesz proposition are pretty good you should explore it. And for me til now the the best i have done using normal gg is combining some static data returned by gg.getTargetInfo() that i know will remain static trough the app life-cycle so there is: ['publicSourceDir'] = '/data/app/~~Tjacue3E3QG5Zy6KYvAIxw==/com.absinthe.libchecker-9LGZY2hk_GBOyGOovtH-Dg==/base.apk', ['nativeLibraryDir'] = '/data/app/~~Tjacue3E3QG5Zy6KYvAIxw==/com.absinthe.libchecker-9LGZY2hk_GBOyGOovtH-Dg==/lib/arm64', ['uid'] = 10576, ['sourceDir'] = '/data/app/~~Tjacue3E3QG5Zy6KYvAIxw==/com.absinthe.libchecker-9LGZY2hk_GBOyGOovtH-Dg==/base.apk', And also gg.PACKAGE I have created a simple algorithm that when provided some data will output an unique id, this is consistent, mean if you call the function two+ time with the same data it will provide the same output local function generateIdentifier(...) local concatenatedString = table.concat({ ... }) local hash = 0 for i = 1, #concatenatedString do hash = (hash + string.byte(concatenatedString, i)) % 4294967296 end local uniqueIdentifier = string.format("%08x", hash) return uniqueIdentifier end Here is a simple usage example local gg = gg local target = gg.getTargetInfo() if not target then print('Target not found') return end local uuid = generateIdentifier( target.uid, target.nativeLibraryDir, target.packageName, gg.PACKAGE ) print("uuid:", uuid) --=> uuid: 00003188 -- With the uuid you could now just query your server and perform check if there is a key associated with that uuid But there is a catch, expect target.uid everything will change if user update or reinstall the game. So they will loose access, You may want to only use target.uid it is consistent but may change in some specific case. Here are some research i have done about it: https://stackoverflow.com/questions/20979478/how-uid-of-an-app-determined-during-install-in-android https://pierrchen.blogspot.com/2016/09/an-walk-through-of-android-uidgid-based.html And also i have tested uninstalling/reinstall install a different version of the game, the uid remain the same unless the app is signed with a different certificate. If you are running this validation server sided you additionally have access to the device User-Agent but i dont really like relying on it cause it can be easily spoofed. but still. Here is an example of the http header you get { 'user-agent': 'Dalvik/2.1.0 (Linux; U; Android 13; M2012K11AG Build/TQ2B.230505.005.A1)', host: '10.245.201.18:3000', connection: 'Keep-Alive', 'accept-encoding': 'gzip' } With some text manipulation you could extract the OS Version and Build + the device Model That pretty much it, with all this you may lock the script to a single device. Note: nothing can stop someone who is determined. You should also use a good encryption cause all of this will be for nothing if someone decrypt your code. Note: uuid stand for User Unique Identifier

Yea. I just checked and you can just delete the .ca file if your roll was undesirable. And basically keep re-roll until you get what you want. I'll have to look into forcing rolls now.

how do i do this? i have been trying but it it isnt working

one question are you using the same version of the game or is other version?