Leaderboard

NOTE: You should enable string representation (in the memory editor). You should also have at least some basic knowledge of GG, otherwise you might not understand somethings that are discussed below. VERY IMPORTANT: Trade Harbor is unlocked at level 50, so if you are not on level 50 then follow the exp hack given below. EXP HACK Click on your Missions tab and check what your current mission exp value is, search for that value as (DWORD). Then, use increment by 1 and then, close and re-open your Missions tab, check for your value in GG and then revert and remove all other values. Change your value to a big number (like shown on the picture above) and complete that mission. Do this until you reach level 50 and unlock the Trade Harbor. CUSTOM TRADES INCREASE Well, once your Trade Harbor is unlocked and you click on it, then, you will see 2 tabs. The first tab is where Chanya Diogo has some special trade offers for you and the second tab is the Custom Trade tab. In the Custom Trade tab, you can select an item you want to trade and you can also select the type of resource you want to get in return (which is limited). You will also see that you have only 3 Custom Trade's after which you need to buy them in order to use more of the Custom Trades. So, search for 3 as (DWORD), then, do a trade or cancel it and you will be left with 2 trades. Refine 2 as (DWORD) and you will be left with some results. Once you are left with only 1 result, change it to a big number or if you are left with few results, just use increment by 1 and check the number that has changed of your trade with GG and change that number to a big number. Now, this is the part where you have to pay attention to each and everything that is written below, in order to understand and do it on your own. You might need to practice this method a lot of times until you have a good grip on it. This is an Item Swap method and everything is assigned a specific number. ITEM ID's (CUSTOM TRADES) Below are the id's to some of the resources of the game, which you will understand as you read further. Dinosaurs = 0 (Includes Jurassic, Aquatic, Cenozoic and Bosses) Buildings = 1 Decorations = 2 DNA = 3 Food = 4 Coins = 5 Cash = 6 Loyalty = 7 MODS = 8 S-DNA = 9 Some items are simple enough like DNA, Food, Coins, Cash, Loyalty and only require the item id that are listed above. While other items like Dinosaurs, Decorations, Buildings, MODS and S-DNA require 2 item ids. One type of id that is listed above and can be called a Category id (for explanatory purposes) and a Special id that represents that thing or Dino and separates it from other things or Dinos. Since DNA, Food, Coins, Cash and Loyalty do not have any variety in them, that is why they only have 1 id, you will get what I mean as you read further. METHOD So, do a Custom Trade and in your Custom Trade select Coins (or anything that you want to spend, I selected Coins) and then select anything that you want to get (this does not matter much, you can select just anything because we are going to change this item into what we want, you can go with either Food, Jurassic or anything). Once the trade shows your amount of coins and the item you will get in return, you will need to search for your coins value as (DWORD). In the picture above (which I changed my trade item to Salamander 16 and will tell you how) my trade shows 213536 coins. So, you will search for 5;213536::5 as (DWORD) and you will get only 2 results from this ordered search. So the explanation for the search is that 5 is the item id for Coins in the Custom Trade and 213536 is the amount of coins shown above. The last 5 (Ordered) is the distance between these values. Once you get these two results, click on any one of them and long press and then press Go to, this will lead you to the memory editor as shown in the picture below. So, from this picture, you can get the idea, that you can not only change the price of your item, but, you can also change what you will get in return. Let me tell you how you can use these numbers to your advantage. Explanation of the numbers are as so, the first 3 numbers are related to the item that you are trading, here we have 5;213536;0 (DWORD). As explained above 5 (item id of Coins), 213536 (amount of Coins) and 0 (because Coins do not have any Special Id's). Now the bottom 3 numbers (except the last special number 5) are the numbers related to the item you will get in exchange for what you are trading. Here we have 0;1;-1863210213 (DWORD). The 0 is the item id for Dinosaurs (Since Salamader 16 is a Dinosaur), 1 (amount of Dinos you will get) and -1863210213 is the special id of Salamander 16. The last number 5 is a fixed number and is related to in-game significance of the Trade Harbor and other systems (you don't need to mess with this value). So, once you have done changing your values you can proceed with your trade and voila, you just got yourself something special! Now below are the special ids to different resources, I have also mentioned how you can find specific ids. DINOSAURS To find a specific Dino id (Special id), you just got to search for the first 7 letters of the name of your dino, like if you are searching for Albertosaurus, so just search for the string Alberto as UTF-8, you will get a lot of results. Check in these results for the one that has .Alberto written on it and just 2 addresses above that will be your dino's Special ID. Copy this id and paste it in the special id part of your Custom Trade to get an Albertosaurus like shown in the picture below. If you are looking for a Gen 2 dino so add a 2 at the end of it in your search and just the first 6 letters of your Dino's name like Veloci2 (Velociraptor Gen 2). For a Hybrid and a Super Hybrid, you need to put an H before the first 6 letters of your Dinos name like HDunkle (Dunkleosaurus) and HIndora (Indoraptor). If your dino is a Hybrid and is a Gen 2 dino, then add H in the beginning and 2 at the end of your search and just the first 5 letters of your dino's name like HIndom2 (Indominus Rex Gen 2). If your dino's name has less than 7 letters, then, add D to it like BumpyDD and BlueDDD. For Bosses you need to search for PB and then your bosses kind name (not it's own name) like for Omega 09 it will be PBTyran (Tyrannosaurus), for Juggernaut 32 it is PBTrice, for Valkyrie 77 PBPtera and for Salamander 16 PBMicro. I think PB stands for Park Boss. Remember for your Custom Trade you just have to keep the numbers like this: 0;(amount that you want);(special id) SPECIAL ID's (JURASSIC) 1393042012 (Suchomimus) -1743931416 (Therizinosaurus) 1497467848 (Tapejalosaurus) -704664302 (Nundagosaurus) -825574828 (Edmontosaurus) -59391110 (Dimetrodon) -1410955683 (Deinonychus) 581241791 (Megalosaurus) -60998544 (Pelecanipteryx) 40481232 (Tyrannosaurus) 397647001 (Tyrannosaurus gen 2) -1285400332 (Tyrannotitan) 65958984 (Tropeognathus) -1560125181 (Proceratosaurus) -1052162259 (Spinoraptor) 403122970 (Carnoraptor) 1215039218 (Ostafrikasaurus) 121995842 (Pachyceratops) 899619543 (Allosaurus) 772223371 (Albertosaurus) -785679876 (Sonorasaurus) 1564255850 (Deinosuchus) 2055740954 (Tsintaosaurus) -1592891285 (Bumpy) -1640810987 (Blue) 156445524 (Armormata) 1692405504 (Metriaphodon) 883871771 (Indoraptor) SPECIAL ID's (AQUATIC) -30666063 (Kaiwhekea) -1141247809 (Platecarpus) 613996072 (Dunkleosaurus) -75947127 (Hynecoprion) SPECIAL ID's (BOSSES) -1508593356 (Omega 09) -998063698 (Juggernaut 32) 1237788383 (Valkyrie 77) -1863210213 (Salamander 16) I know you might want to own them (Bosses), you now have the id's so go ahead and get them. I will try to update more Bosses as soon as they are added in the game. I did not put the Cenozoic class id's but I know that you can find them easily. DECORATIONS To find the special id's of decorations, things are a bit different from the dinosaurs. Sometimes a decor can be found by using the d_ in your UTF-8 search like the d_LegendP (Paradise Lagoon) decor in TYPE 1, but sometimes, it does not have any specific string as can be seen in the TYPE 2 picture above, just numbers like 33;19 (those who have visited my Jurassic Pack Swap topic will know what I am talking about). If you find any of the type of data shown in the pictures above. So, just 2 addresses above is your items id like -1085599335 which is 2 addresses above the string d_LegendP in TYPE 1. Do not worry I have already found a lot of these id's on my own including Boss statues. Just keep in mind the data structure you would need in order to change your trade: 2;(amount that you want);(special id) SPECIAL ID's (DECOR AND STATUES) -1718690042 (Tar pit) -1659643892 (Flowerbed) 2053427703 (Modern arch) 452427227 (Apatosaurus fossil) -1085599335 (Paradise lagoon) 821951616 (Earth park) -328316449 (Jurassic world flag) -252737352 (John Hammond Memorial) -1629520660 (Rex rival park) 1805323180 (Spinosaurus skeleton) 475348004 (Mosasaurus sculpture) 1067873184 (Tropical boulevard) 1000892167 (Land and Sea rival park) 900898259 (Stegosaurus garden sculpture) 2041039507 (Snack statue) 1166975718 (Tyrannosaurus topiary) -1409675954 (Incubator egg statue) -1940619558 (Nodosaurus fossil) -1489370798 (Mr. DNA statue) -1418590269 (Jurassic park gates) -50253108 (Jungle conservation) -1845385825 (Smilodon diorama) 697020531 (Titanoboa diorama) 1975559997 (Megatherium diorama) 100144443 (Mammoth diorama) 1234806743 (Haast statue) SPECIAL ID's (REGULAR BOSS STATUES) -1479839203 (Omega 09) 169078216 (Juggernaut 32) 1213838668 (Kraken 18) 1511097404 (Colossus 04) 253703920 (Valkyrie 77) -1809034836 (Phoenix 44) -660039944 (Salamander 16) -1402139955 (Maelstrom 08) 57795765 (Ouroboros 66) 686633828 (Death dodo) -153991617 (Alpha 06) -331935970 (Akupara 81) 379729028 (Vulcan 19) -397666220 (Behemoth 93) -2128948937 (Imperatosuchus 53) SPECIAL ID's (GOLD BOSS STATUES) -1238538682 (Gold Kraken 18) 1700107005 (Gold Omega 09) -480609928 (Gold Ouroboros 66) -281760963 (Gold Valkyrie 77) -365400059 (Gold Juggernaut 32) -2010820612 (Gold Death Dodo) 1230544733 (Gold Maelstrom 08) -1536862410 (Gold Colossus 04) 1444559527 (Gold Alpha 06) 1897514044 (Gold Phoenix 44) 948112181 (Gold Salamander 16) -158750391 (Gold Vulcan 19) 203199187 (Gold Akupara 81) -1135756980 (Gold Behemoth 93) 1630620922 (Gold Imperatosuchus 53) SPECIAL ID's (SPECIAL STATUES) -1785246481 (Blue statue) 480622185 (Echo statue) 1794234147 (Delta statue) -1036375985 (Charlie statue) -1870782173 (Booster Legacy) -308089113 (Scorpios Rex statue) 1352911750 (Bumpy's statue) -1289510396 (4th Anniversary gate) -746645681 (6th Anniversary gate) 250203850 (7th Anniversary gate) 1559759805 (Jurassic park T.rex) -766439695 (Dodo Eggs statue) -1195596305 (Amber Motorcycle) SPECIAL ID's (VIP STATUES) 504851324 (Ammonite oasis) -1268232173 (Brachiosaurus statue) 427738399 (Triceratops exhibit) 266163637 (Indoraptor skylight) Well if you are not a VIP (or do not have a VIP subscription) then these VIP statues will be very important for you and even if you are a VIP, then, still you would need these since it requires a lot of months to get them. Also a warning once you put any one of the VIP statues in your park, you cannot put it back in your drafts. BUILDINGS Similar to Decorations you can search for their special id's with a b_ as UTF-8 and they also have the same TYPE 2 thing as discussed above. You can find the id's just 2 addresses above your string like for .b_Museum the id is -162004717. Just remember your pattern for your Custom Trade for buildings: 1;(amount that you want);(special id) SPECIAL ID's (BUILDINGS) -2040279077 (Maintenance Facility) 8991235 (Wild Waterfalls) -1934950112 (Wind Turbine) 1894282273 (Big Bite Burger Restaurant) -477328136 (Revolution Ferris Wheel) -162004717 (Hologram Museum) -1483492551 (Badlands Amphitheater) MODS You can find your MOD special id by just searching the full name of your MOD like Toxin in the above picture. The address just above your string .Toxin is your special id for your MOD. Copy that and put it on your Custom Trade. The Custom Trade pattern for MODS is: 8;(amount that you want);(special id) SPECIAL ID's (MODS) 1830411669 (Split wound) 1872723326 (Spikes) -708689034 (Toxin) S-DNA To find the Special id of the S-DNA is super simple, it is basically the id of that relative dino. So if you want a Velociraptor S-DNA, just search for Velociraptor's dino special id, so, search for Velocir as UTF-8 and same as the dino's special id, copy it and put it in your Custom Trade but remember to change the item id from 0 (Dinos) to 9 (S-DNA). Although I have already found all the S-DNA id's. Keep in mind how your values should look like in Custom Trade: 9;(amount that you want);(special id) SPECIAL ID's (S-DNA) -93170300 (Velociraptor) -59391110 (Dimetrodon) 1205504321 (Kaprosuchus) -2121385870 (Sarcosuchus) -134714335 (Monolophosaurus) -543227015 (Ankylosaurus) 1884519706 (Euoplocephalus) 305981254 (Tupandactylus) FINAL NOTE: If you mess up with the special id's, or if you put the special id of something and forget to put the correct item id, nothing much will happen. Your game will crash and you will just have to restart it again. All codes are tested and found working on the armv7 variant of the game. Hope this has helped you out. It looks lenghty, but is very easy to perform and you can do a lot of trades in just a couple of seconds. Enjoy!

Bypassing XOR encryption in mobile games with Game Guardian In the last few months we noticed increased number of mobile games that uses some sort of encryption. Some of them are simple, like multiplying value with some random number (example: let’s say random number is 8 – in that case, 10 gold in our in-game inventory will be stored as 80 in memory). This simple kinds of encryption can’t trick anyone. But XOR encryption is different story. It is one of the simplest encryption methods, but in most cases it can’t be broken (if data and key have the same length). It is often used as a part in more advanced ciphers. But we will cover this latter. There are lot of tutorials that teach us how to bypass XOR encryption in mobile games, but most of them don’t show us process that lies behind. So before we start, we need to read some theory about the subject. If you learn this, you will be able to bypass XOR encryption with only basic memory editor, paper and pen. Of course, this is some sort of advanced tutorial – we assume that you are at least familiar with basics of memory editing. Cryptography 101 (logic for dummies) In the beginning, there was Boolean algebra. For those who haven’t overslept math and logic classes, you can skip this chapter. If you have overslept, read carefully. George Boole was mathematician, logician and philosopher who published his most famous notes in the middle of the 19th century. You probably asked yourself why are you reading about some dude who lived 100 years before ENIAC. This dude is father of all computers – every digital circuit on our planet works on his principles. For our story, it is important to notice that every algebra has own values and operations. Imagine that, in some sort of simple algebra, values are set of natural numbers from 1 to 10 [1,2,3,4,5,6,7,8,9], and only operations are addition(+), subtraction(-), multiplication(*), and division(/). From our knowledge of elementary algebra (math from school), you can tell that 1+1 =2, or 2*4=8. While elementary algebra deals with numbers, Boolean algebra use only two values – TRUEand FALSE. They are represented as 1(true) and 0(false). All operations are done on this two values. Of course, you can’t preform multiplication or subtraction on this values. We need some other operations that can be preformed on TRUE and FALSE. These operations are called bitwise operations. There are three basic operations in Boolean algebra – NOT(¬), AND (∧) and OR (∨), and they are really simple to understand. Take a look at this image, and everything will be clear. Source: Wikipedia Just kidding, forget this and let’s move on. Basic bitwise operations I know this will maybe be hard to understand, especially if this is your first time you read about logic. So I will try to make it simple. Boolean algebra (and any other logic) are made to teach us how to make correct conclusions. In elementary algebra, correct conclusion is when we write that 1+1=2. As we said, in Boolean algebra there are only two values, and we can only preform operations on them. Now imagine that we have a few true or false statements: Tom is a cat (TRUE or 1) Jerry is a mouse (TRUE or 1) Sky is green (FALSE or 0) NOT operator This is fairly simple examples. Let’s see our first operator, NOT(¬). “Tom in not a cat”, is this statement true or false? Of course, it is FALSE. Jerry is not a mouse = FALSE or 0. Sky is not green = TRUE or 1. This operator preforms logical negation on a given statement. 0 become 1, and 1 become 0. We can write it like this: ¬0 = 1 ¬1 = 0 AND operator AND(∧) operator takes two arguments, and returns TRUE only if both arguments are TRUE. Tom is a cat AND Jerry is a mouse = TRUE(1). Tom is a cat AND Sky is green = FALSE(0). You can easily remember this operator – just multiply two arguments and you have correct result. We can write it like this: 1 ∧ 1 = 1 1 ∧ 0 = 0 0 ∧ 1 = 0 0 ∧ 0 = 0 OR operator OR (∨) operator takes two arguments, and return FALSE only if both of the statements are FALSE. In every other case it returns TRUE. Tom is car OR Sky is green = TRUE(1). Sky is green OR Sky is red = FALSE(0). 1 ∨ 1 = 1 1 ∨ 0 = 1 0 ∨ 1 = 1 0 ∨ 0 = 0 Maybe you wonder why are we talking about Tom and Jerry. In computer world, everything is made in binary system. There are only two states in computer – there is current flow (1) and there isn’t current flow (0). So every information is stored in binary numeral system. Each digit (0 or 1) is called bit. Group of 8 bits are called byte. Any information can be translated into binary system. So our “tom” will be 01110100 01101111 01101101 in binary, and “sky” will be 01110011 01101011 01111001. Guess what? You can preform this bitwise operations on binary values. So, “tom” OR “sky”? 01110100 01101111 01101101 tom ∨ 01110011 01101011 01111001 sky ____________________________ 01110111 01101111 01111101 wo} If we want preform AND operator, this will be result: 01110100 01101111 01101101 tom ∧ 01110011 01101011 01111001 sky _______________________________ 01110000 01101011 01101001 pki Well, this was not very useful. But it is important to remember this, because now you will learn another bitwise operation – exclusive disjunction (exclusive OR, known as XOR). XOR (exclusive OR) bitwise operator I hope you understand these basic bitwise operators. There is also so-called “secondary operators or operations”, which can be derived from basic operators. One of these secondary operators is XOR, or exclusive OR. You will understand why is it called “exclusive OR” when you see the following table. 1 XOR 1 = 0 1 XOR 0 = 1 0 XOR 1 = 1 0 XOR 0 = 0 As you can see, if you perform XOR operation on two different values, it will return 1 or true. If values are the same, it will return 0 or false. So what is the catch? Why are XOR so special, and why is it used in cryptography? Now, look again our previous example, and you will see. From now on, we will preform XOR operation on original data (“tom” in our case) with the key (“sky” in our case). 01110100 01101111 01101101 tom XOR 01110011 01101011 01111001 sky _____________________________________ 00000111 00000100 00010100 //this can't be converted to meaningful text But what will happen if we XOR out new value (00000111 00000100 00010100) with the same key (sky or 01110011 01101011 01111001)? Let’s try it. 00000111 00000100 00010100 XOR 01110011 01101011 01111001 sky ___________________________________ 01110100 01101111 01101101 tom Right, we got our original data. But there is more -what if we don’t know the key (“sky”) 01110100 01101111 01101101 tom XOR 00000111 00000100 00010100 ___________________________________ 01110011 01101011 01111001 sky We have out original key. This is the reason why XOR operator is special. We can’t achieve this with other operators. XOR encryption in mobile games So let’s see some real world example – using XOR encryption in mobile games. Imagine that you have 1000 gold in some game. Developers implemented that all values are XOR-ed with the key 1337, and stored in memory. So look at the example. For conversion for decimal to binary you can use Windows calculator, or some online tools [BINARY TO DECIMAL CONVERTER] 0000001111101000 1000 XOR 0000010100111001 1337 _________________________ 0000011011010001 1745 This means that “1000” gold is stored as “1745” in memory. If you earn more gold (let’s say you got 1050 gold now), it will be stored in memory like this. 0000010000011010 1050 XOR 0000010100111001 1337 _________________________ 0000000100100011 291 So how we can bypass this sort of encryption? Bypassing XOR encryption with Game Guardian We already saw that: original value XOR key = encrypted value encrypted value XOR key = original value original value XOR encrypted value = key With this principle, we can bypass XOR encryption even if we don’t know that key developers used. So let’s start with practical work. If you aren’t familiar with fuzzy search, it will be useful to first read this tutorial [GAME GUARDIAN FUZZY SEARCH TUTORIAL]. We are going to use examples from previous paragraph. Our first step is to find address where the encrypted value is stored. This step is simple. First, scan for unknown starting value – this is done by selecting Fuzzy search from Game Guardian. As value type, you can choose DWORD (it was DWORD in all games that we cheated). Change the amount of gold in-game, then search for changed value. Repeat this step until only one address has left on the list. Now it is time to check if XOR encryption is used. Let’s say you got 1000 gold in game, but with fuzzy search you found value 1745. Preform XOR operation on this two values. 0000001111101000 1000 //Ingame gold XOR 0000011011010001 1745 //Value that you have found with fuzzy search _________________________ 0000010100111001 1337 //Key? --write it down Now change original value – earn or spend some gold. Let’s say you have 1050 gold now. Look at the address that you found with fuzzy search, and read the value. Again, preform XOR operation with in-game value and in-memory value. 0000010000011010 1050 //In-game value XOR 0000000100100011 291 //Value which is stored in memory _________________________ 0000010100111001 1337 //KEY!! If two keys are the same, XOR encryption is used and you have found the key. If they are not, XOR encryption is not used. Now, let’s change our gold (it was our primary goal, right?). We want 9999 gold. Again, preform XOR operation on it with key that you found (1337 in our case). 0010011100001111 9999 XOR 0000010100111001 1337 ___________________________ 0010001000110110 8758 Change the value that you found with fuzzy search – as new value set 8758. Open game again, and you should have 9999 gold. You can now cheat game using paper and pen, as we promised on the beginning. But it would be smarter if you use XOR calculator built in Game Guardian Second method to bypass XOR encryption Now, you will see the true power of Game Guardian. For this method, it is important to note that in most games, encrypted value and key are stored next to each other in memory – for DWORD type,one value occupies 4 bytes,so the key is usually 4 bytes away from encrypted value. Look at this picture. In Game Guardian, there is builtin method which automatically search for values, and XOR them with value which is X bytes away. That means that we don’t need to do fuzzy search, or calculate XOR values. Game Guardian can do it for us. Let’s get back to our previous example and imagine that encrypted value and key are 4 bytes away. If you have 1000 gold in-game, click on Known search, as type choose Dword (it can be some other types too, but it is usually dword.). As value, put in 1000X4, and click on search. In this example, first number “1000” is amount of currency that we want to change. Second part, “X4“, marks how many bytes away is the key. For dword values it can be X4,X8, X12, X16… Earn or spend some currency – let’s say that you have 900 gold now. Now input 900X4, and click on refine. Repeat previous step until you have only one address left (or few addresses if you want). Click on Edit, and as a value input 9999X4. And that’s it. Game Guardian will automatically search for encrypted values, and XOR them with key which is X bytes away. Pretty impressive feature. With this, our tutorial has finished. There will be reference links bellow, if you want to know more about this subject. Any suggestions are appreciated. Happy cheating. Reference links [Algebraic operation – Wikipedia article] [Binary numbers] [Boolean algebra] [Exclusive OR – XOR, Wikipedia] [NoFear’s tutorial – Xor search guide] [Binary to decimal online calculator]

@pajser Nice write up! I might've missed this or it wasnt mentioned, games with rotating xor key... Essentially was "near impossible", excessive amount of unknown searches and checking pairs in results for proper xor value. The addition of the xor search in GG is so amazing. Thank you for the detailed information on XOR.