Leaderboard

For people who're still watching this thread: I don't know to replace the selling items on Nopaew shop, but I was able to find a way to get the IDs of the items, and was successfully get the Cat Express Ticket. Basically, on this thread there are 3 things: Hack Nopaew existing items to buy a lot of it without gems: https://sbupload.com/ea247239cf61d449 Hack Red / Green keys by locking the IDs: https://pixeldrain.com/u/YmYyqKaK Hack items that are not in Nopaew shop by swapping the IDs, this is similar to the 2nd hack, except that you have to find the IDs for the items you want. I'll give the steps to get the IDs you want in step 3, but I'm too lazy to record a video. If anyone can do it successfully and have the time, please help record and upload a video. I would rather share this with everyone or let the developers fix it, than letting shameless people getting benefits from this. Here are the steps: Download and install apk from apkpure, select the armv8 architecture. This step may not be required, it's simply the version I use since I cannot download from Google Play. Follow the 2nd hack, you should save 3 variables: amount of item, the top 2 pointers (purple color). I believe that only the 2nd is needed, but haven't tested. Search for the ID of the item you want to swap, I hacked only the Cat Express Ticket, so I'll share it: Cat Express Ticket has a text ID: dungeon_ticket.skip Search using :dungeon_ticket.skip (note the semicolon in the beginning, it means text search) Refine the search with :. (semicolon, then dot) There should be 2 - 6 items left Tap on one of the results, then select Go To On this screen, you can tap on the top right corner, in the screenshot, it's where the h,S,D,F is showing. You can config how to display the values for the addresses in this screen, you should tick the Hex, String and DWORD boxes Scroll it down a few addresses, pass the end of the text ID a bit, you should see 2 pointer variables (purple) As in the screenshots, the 2 values you're looking for are 505 087 712 and 504 682 272, on my device, I can easily identify them because there are two 120D value under them, it could be different on different devices If you cannot find these ID, try with other search results Once you have the 2 values, replace the 2 pointer variables you saved before with these values, in their respective order. Like I said, probably only the latter matters but I didn't test. Continue with the hack I'm not good at Game Guardian so these steps are not that refined, and as you can see, it doesn't change the items sold in Nopaew like in the screenshots of the guys who cracked it, but the result should be the same. I hope from these steps, some smart people will refine it and share more detailed steps with everyone. You can use the same steps to hack Opus, and I guess it's possible to hack Cat Coin this way too. All the memoirs should have the prefix: job_rank_item, (e.g: job_rank_item.zodiac_fellislord, job_rank_item.zodiac_blazehero...). You can use text search to find all of them. Another way may be to unzip the downloaded APK file, there should be a localization file that would contain similar IDs. I'll leave that to other people, as for me the skip tickets are enough, as I believe the ability to skip dungeons should be free for everyone, I don't appreciate WFS lock it behind pay wall.

Nopaew: https://pixeldrain.com/u/tkwGUKct SkpTicket (old): https://pixeldrain.com/u/ME2PiaS9 Will try to do a video using bobokill method

For bobokil you need to do the nopaew first, if you can't do that it will be pretty difficult

could be better if you can give the game name so people can took a look into it more specific.

Different devices handle these addresses differently, as you can see the values on my screenshots also look different than the values in the video. Sometimes, I also encountered the problem where the pointer variables are not shown in purple. Here are a few things you can try: Ensure you're using the arm64-v8a version from apkpure. If you download the default one, it may be the armeabi-v7a version. Save all the addresses above the buying amount variables, then click different items in the shop to see how these values change You can see that there are many values with the hex value: B4000075h or B4000076h, these are similar to the value 120D in my screenshots, so usually the value above them are what you're interested in I think in your stream video, the values you're looking for are at these 2 addresses: 75591C1E08 (8 addresses above the buying amount) and 75591C1E10 (6 addresses above the buying amount). Try the text search first, to see how the item IDs look like, and find the numbers that look similar.

Hi, your game is protected with CodeStage anti cheat, thankfully this is one of easy one to bypass. First you will need to dump the game using Il2cppDumperGUI any or il2cpp dumper of your choice. next you're going to look for CodeStage detection methods. note those StartDetection methods, most have some overload if you want to be safe you will need to bypass them all, but it is rare that the game use them all, but better be safe than sorry. so here is the list and overloads. CodeStage.AntiCheat.Detectors.ObscuredCheatingDetector StartDetection(); // 0x00818a3c static CodeStage.AntiCheat.Detectors.ObscuredCheatingDetector StartDetection(System.Action callback); // 0x00818ce8 CodeStage.AntiCheat.Detectors.ObscuredCheatingDetector StartDetectionInternal(System.Action callback); // 0x00818b70 System.Void StartDetectionAutomatically(); // 0x00819058 static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(); // 0x008190e0 static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback); // 0x0081948c static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback, System.Single interval); // 0x008194e4 static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback, System.Single interval, System.Byte maxFalsePositives); // 0x0081954c static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback, System.Single interval, System.Byte maxFalsePositives, System.Int32 coolDown); // 0x008195c4 CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetectionInternal(System.Action callback, System.Single checkInterval, System.Byte falsePositives, System.Int32 shotsTillCooldown); // 0x008192dc System.Void StartDetectionAutomatically(); // 0x00819a54 static System.Void StartDetection(); // 0x00818648 static System.Void StartDetection(System.Action<System.String> callback); // 0x008186b0 System.Void StartDetectionAutomatically(); // 0x008187e8 there is two way to bypass those. 1. you can just patch each of them using the "NOP RET/BX LR" opcode. 2. allocate memory page and replace and replace those method with there respective StopDetection, that mean when the game call StartDetection instead it will call StopDetection Now for GEMS/XP/Gold/Health Note at this stage since you have already bypassed the AntiCheat editing your stat wont trigger anything. but you need first to understand how ObscuredInt work. note every obscure value you see on your screen is a fake value. you should not edit it directly but the edit the hidden value using the crypto key. Here bellow is what you need to remember about the structure. public struct ObscuredInt [FieldOffset(Offset = "0x0")] private int currentCryptoKey; [FieldOffset(Offset = "0x4")] private int hiddenValue; [FieldOffset(Offset = "0xC")] private int fakeValue; (what you see on screen) What you see on your screen is the fakeValue. to edit it you will need to edit the hidden value. Here is how to. (note offset might varies depending on the game and version so you better have the latest dump and check the correct offset) When you find an ObscureInt fakeValue. you need to go back into the base pointer so in this case: fakeValue.Address - 0xC which will bring you to currentCryptoKey copy the value of currentCryptoKey in (DWORD) then offset to currentCryptoKey.address + 0x4 this will bring you to the hiddenValue now to edit this to your desired value you need to perform XOR (exclusive OR) to your desired value using the currentCryptoKey as a key. you can do that inside gg, you type the value then apply the xor key That it you are done. you can edit any ObscureInt using this method. now specially for your game there are some vulnerabilities that i found you can exploit to edit your stat and in game money. there are some method likes: public class game_manager : MonoBehaviour [Address(RVA = "0xA65A94", Offset = "0xA65A94", VA = "0xA65A94")] public void gem_plus(int gem) [Address(RVA = "0xA65890", Offset = "0xA65890", VA = "0xA65890")] public void gold_plus(int gold) [Address(RVA = "0xA64DFC", Offset = "0xA64DFC", VA = "0xA64DFC")] public void iron_plus(int iron) All those share the almost the same structure so i will be giving an example only for gem_plus In this de-compiled function gem_plus, you can see that they are loading the value of the ObscureInt field public ObscuredInt gem_total; // 0x2CC into the variable puVar1 which later on they add it value + param_2 which is the gem parameter, to instantiate a new ObscureInt from that sum. the result of that sum will be stored into the register W0, so all we have to do is just hijack this register and change the value to what we want. here is a video of how to do that. This method do not trigger the anti cheat cause the game is writing legit value for us. also if you want to move large value you might want to explore the MOVZ instruction or you can allocate a memory page and spam multiple ADD instruction like this add w0, w0, #500000000 add w0, w0, #500000000 add w0, w0, #500000000 add w0, w0, #500000000 add w0, w0, #500000000 .... Last thing for gems you will need to stay on the main screen like in the video when you start the game cause that function trigger only there. I kinda like the game i might continue working on it and update this thread