Leaderboard

This method never worked for me, always crash

Game Guardian fuzzy search and dealing with encryption by Gamecheetah.org · Published May 31, 2017 · Updated May 31, 2017 Assuming that you learned lessons from previous Game Guardian tutorials [Game Guardian beginner tutorial] and [Game Guardian group search tutorial], today we will continue with our Game Guardian tutorial series. From this article, you will learn basics of Game Guardian fuzzy search. Article will have two main parts – using Game Guardian fuzzy search for finding unknown, unencrypted values, and using fuzzy search for dealing with encrypted values. But, what is Game Guardian fuzzy search? It is type of scan where the starting value is unknown – maybe wanted value isn’t visible, or the value is encrypted. The best example of unknown value is health bar in games – value is usually unencrypted, but instead of number, you only see red bar. We know that there is some number behind red bar. So let’s see how to change unknown value. Game Guardian fuzzy search This type of scan is fairly easy if you know the basics. Open Game Guardian dashboard, select process from the wanted game, and click on Unknown (fuzzy) search. When you click on it, it will map all in-game values. Now, go back to game, and loose some health. Open Game Guardian, and click on Decreased button. It will go through all values again, filtering the ones that have decreased. Go back to game, and loose some more. Again, open GG and click on Decreased. Game Guardian have one unique feature that isn’t presented in other software of this kind. It can search for unchanged value multiple time. Don’t loose or gain health in game. Open Game Guardian, and choose Unchanged. It will ask you how many scans you want to run. Choose 4-5 times, it will be enough.NOTE! Do not run this right after the first step. Sometimes there will be hundreds of million addresses in the list, and if you run 15 or so Unchanged values scan, it will take forever to finish! If there is many addresses left, gain or loose some health, and do increased or decreased search. When only one or two addresses are left in the list, change them, or better, just freeze them. If you freeze the value, you won’t loose health anymore. Using fuzzy search for encrypted values The main difference between upper example and this one is that we don’t know if the value is increased or decreased. Because developers maybe implemented some shady algorithm to hide the real numbers from the players. Most trivial example is multiplying value with some number. If you have 100 diamonds, it can be stored in memory as Value*8., or 800. If you earn 20 diamonds, new memory value will be 960. Fairly easy, right? You can still use increased or decreased to find the right value and edit it. But look at the following example. If some evil developer choose to store 100 diamonds as Value*(-8), then in-game value will be -800. If you earn 20 more, it will be stored as -960. So, if you gain diamonds, in-memory value will decrease, and if you spend some, in-memory value will increase. So we can’t use fuzzy search the same way as we did in the previous example. All we can do is make first Unknown (fuzzy) search, and find changed/unchanged values. –Side note– Of course, there is much better option for dealing with encrypted values in Game Guardian. On Known (exact) search, there is encryption box that can be checked. This is much faster method which you can try first. If it doesn’t work, you can try fuzzy search. You can find example for searching known encrypted value here [Shadow Fight 2 cheat – finding encrypted value in Game Guardian] In most real life games, you will see even more complex encryption. For example, maybe something like this. In-memory value = 1083112 + in-game value * (-2048.1) . So the in-memory value will be float number, which can be positive or negative. Almost impossible to find, right? Let’s try it on real game. In this video (not made by gamecheetah.org) you can see how to use Game Guardian fuzzy search to find encrypted values in Eternium: Mage and Minions.

Game Guardian group search BY GAMECHEETAH.ORG · MAY 29, 2017 In previous article from this series, we learned basics on how to use Game Guardian to change known values [LINK]. This method is useful when we are dealing with values that can be changed, so we can refine our search multiple times, until we find the right address. In many cases, you will need to find values that can’t be changed from the game (ex. prices from the in-game shop), or to find two or more similar values faster (health and mana). In this tutorial you will find out how to use Game Guardian group search. But first, let us explain what exactly is group search. All data from some game are stored in memory when game is started, and every in-game value is stored in different address. If you used Game Guardian, Cheat Engine, or any similar program, you maybe noticed that there is usually hundreds millions unique addresses occupied by the same game. All addresses are marked with unique code (ex. 9D786251 or 895D2314). When we scan for only one value, Game Guardian will search through all addresses and save the ones that stores wanted value. On repeated search with different value, it will search through saved list, and make smaller list that contain only changed values that stores new wanted value. Game Guardian group search When we do Game Guardian group search, we are searching for two or more values that are close to each other. All addresses are marked with unique hexadecimal number. The reason behind this is that hexadecimal system is more suitable for computer systems, because each digit (from 0 to F) represent 4 bits. So one byte (8bits), let’s say 00000000 in binary, can be written as 00 in hexadecimal. Biggest value that can be stored in one byte is 11111111 binary, or FF in hexadecimal. If you want to know more about this, please read this article [LINK] on Wikipedia, as you will need to understand this if you want do use Game Guardian for something more advanced. Basic syntax for group search is “VALUE1;VALUE2;VALUE2:RANGE“, without quotes. You need 2 values minimum, and you don’t need to define RANGE explicitly. If you don’t define range, Game Guardian will define it as 512. This can be difficult to understand, but let us see the example. Game Guardian group search examples Here we will imagine that this values are stored in some addresses. 8D7C6B00 12 8D7C6B01 13 8D7C6B02 14 8D7C6B03 15 8D7C6B04 16 8D7C6B05 17 8D7C6B06 18 So we want to find the addresses that contains values 13, 15 and 16, we can use this line. 13;15;16:500 Game Guardian will search all addresses that contain values 13, 15 and 16, and there are up to 500 addresses between them. There is probably a lot of addresses that contains 13,15 and 16, and which are close to each other. In most cases, you will search similar values (gold and silver, or price and product) , so they will be close to each other. We could do the same search again, with smaller range. If we run this query, 13;15;16:5, we will find our values too, but with less false positives. It will search all values 13,15 and 16 that are up to 5 addresses from each other. It will drastically narrow our search. Game Guardian ordered group search There is one similar search, ordered group search. Syntax is almost the same, except the range is defined with mark “::“ , without quotes. We could use this search if we are sure that numbers are in exact order as we typed in. In the upper example, 15;13;16:5, 16;13;15:5, 16;15;13:5, 13;16;15:5 will find the same addresses (8D7C6B01, 8D7C6B3, 8D7C6B4). But if we search for 15;13;16::5, it wont find anything, because the values are not in the right order. But if we search for 13;15;16::5, it will show us right addresses. Let’s see how this looks like in practice. This is screenshot from the game SimCity BuildIt. Note how some values occupies more space. Remember what we learned about value types in last tutorial [LINK]!! Now, we will see how to use this knowledge in practice. Using group search for cheating SimCity BuildIt As we already show in this article [LINK], cheating SimCity BuildIt is really easy with group search. Now we will only show how to cheat on the achievements screen, as we do not need to use incremental change (we will cover this latter). In SimCitz, go to the achievement screen. Choose one of the achievements – in video there is one where you need to have 1500000 Sims living in your city to get 32 Simoleans. Make DWORD union search – 1500000;32. You will find only two addresses. Edit the 1500000 to 1 and 32 to, let’s say, 10000. Now claim your hard earned 10000 Simoleans. And this is all for now. In next tutorial, we will expand this knowledge with incremental editing the value – this will allow us to refine results, even if we can’t change values directly from the game.