Leaderboard

Too many guys ask about GG and libil2cpp.so to working with gameguardian. So I decided to make some guides to working around with it using offset. Game: Call of duty - Mobile VN Funtion to hack: Show enemy on radar This game was protected from dumper, so I uses Il2CppInspector to inspect the lib. Open up the Il2CppInspector.exe and drag the apk to the app GUI then wait a bit: I exported the Json file to find the function and address, and I want to find where the function to show enemy on rada, I found this: 0x046C37F4 -- here is address holded the function get_ShowEnemyOnRadar() So what should we do? We can mod directly in libil2cpp.so, using the hock, create the app to call... But here, I willshow you how to modify this function using GameGuardian First, you need the function tohandle the lib, share on Internet and I just copy paste here: local memFrom, memTo, lib, num, lim, results, src, ok = 0, -1, nil, 0, 32, {}, nil, false function name(n) if lib ~= n then lib = n local ranges = gg.getRangesList(lib) if #ranges == 0 then print("⚠ERROR: " .. lib .. " are not found!⚠") gg.toast("⚠ERROR: " .. lib .. " are not found!⚠") os.exit() else memFrom = ranges[1].start memTo = ranges[#ranges]["end"] end end end function hex2tbl(hex) local ret = {} hex:gsub( "%S%S", function(ch) ret[#ret + 1] = ch return "" end ) return ret end function original(orig) local tbl = hex2tbl(orig) local len = #tbl if len == 0 then return end local used = len if len > lim then used = lim end local s = "" for i = 1, used do if i ~= 1 then s = s .. ";" end local v = tbl[i] if v == "??" or v == "**" then v = "0~~0" end s = s .. v .. "r" end s = s .. "::" .. used gg.searchNumber(s, gg.TYPE_BYTE, false, gg.SIGN_EQUAL, memFrom, memTo) if len > used then for i = used + 1, len do local v = tbl[i] if v == "??" or v == "**" then v = 256 else v = ("0x" .. v) + 0 if v > 127 then v = v - 256 end end tbl[i] = v end end local found = gg.getResultCount() results = {} local count = 0 local checked = 0 while true do if checked >= found then break end local all = gg.getResults(8) local total = #all local start = checked if checked + used > total then break end for i, v in ipairs(all) do v.address = v.address + myoffset end gg.loadResults(all) while start < total do local good = true local offset = all[1 + start].address - 1 if used < len then local get = {} for i = lim + 1, len do get[i - lim] = {address = offset + i, flags = gg.TYPE_BYTE, value = 0} end get = gg.getValues(get) for i = lim + 1, len do local ch = tbl[i] if ch ~= 256 and get[i - lim].value ~= ch then good = false break end end end if good then count = count + 1 results[count] = offset checked = checked + used else local del = {} for i = 1, used do del[i] = all[i + start] end gg.removeResults(del) end start = start + used end end end function replaced(repl) num = num + 1 local tbl = hex2tbl(repl) if src ~= nil then local source = hex2tbl(src) for i, v in ipairs(tbl) do if v ~= "??" and v ~= "**" and v == source[i] then tbl[i] = "**" end end src = nil end local cnt = #tbl local set = {} local s = 0 for _, addr in ipairs(results) do for i, v in ipairs(tbl) do if v ~= "??" and v ~= "**" then s = s + 1 set[s] = {["address"] = addr + i, ["value"] = v .. "r", ["flags"] = gg.TYPE_BYTE} end end end if s ~= 0 then gg.setValues(set) end ok = true end Now you need to call the function: gg.setRanges ( gg .REGION_CODE_APP | gg .REGION_C_DATA) -- usally you only need this region name('libil2cpp.so') -- name the lib myoffset = 0x046C37F4 -- offset you found original('7F 45 4C 46 01 01 01 00') -- begin hex, open the libil2cpp.so with HexView and find first 8 bytes of hex replaced('01 00 A0 E3 1E FF 2F E1') -- use arm to hex converter, convert "return true" to hex, see https://armconverter.com/?code=mov%20r0,%20%231%0Abx%20lr gg.toast("Done!") Put it in your lua and done, you're now can hack the radar using GG and libil2cpp. Demo: Demo file: CODHack_Demo.lua

download the simple armeabi-v7a version! when you install your app via google play, it automatically reads your build.prop to choose your base architecture, by default in emulators, the architecture of your libraries is x86, but the emulator also runs armeabi, but the priority is x86 if the game has this build in the store. then download the arm version from other stores and apk sites and try it out.

go with "il2cpp inspector" & export it as "json" i just export it today for codm btw metadata can be found in asset/bin/managed/data (something like that) folder from ff.apk

if i remember correctly, there is a program to extract data from dump files that you collect from the game guardian app, look in the downloads tab, other / programs

it is simple, the arm architecture is different from x86, its libunity.so and libil2cpp.so in the emulator is x86 and consequently the memory data are different, addresses, offset etc ... The garena compiles its game on armeabi-v7a and x86, try to force the installation of the arm version manually.

Dot decimal separator. So '1.014.350.479' is not a valid number. For change one value from group search need do refine search and editAll after that. Or load all values and work with it in loop. Use 'if' and 'setValues'.

You could also do this offset 93CD08 Mov w1, #1 Will set all characters to price of 1 gem (not upgrade) including inapp characters.

Gdb + gg... One day I'll get around to creating a full gdb + gg guide.

Do not cancel GG install for reinstall with random name. If it its not work - record logcat from fresh GG install. Gathering information about GG errors (#9ggo57t)

hey @AspKom the first time i try it, it works, i follow this xor tutorial first (using Dword), and then I freeze the value, and exit the game, and whoa it works... but the next time I use it, bump! it failed (both continuing the current game or start the new game). Every time I exit and reenter the game, the value doesn't change. and i try to unfreeze it, and nothing change again, can you help me? I'm using Nox I already tried it 4-5 time in a single game, doent work, i wonder maybe the first time it works just a fluke ? @mapleshilc and sir how do you make it work the second time, in a new game