Leaderboard

Armv8 C80E42B8r;081540FDr::3809 Edit 28008052r;E803679Er And if you want to set so you can claim all without playing (set number of keys collected). Offset (Version 6.9.5) 3FBCA54 Edit 00FA8052r

Hi, your game is protected with CodeStage anti cheat, thankfully this is one of easy one to bypass. First you will need to dump the game using Il2cppDumperGUI any or il2cpp dumper of your choice. next you're going to look for CodeStage detection methods. note those StartDetection methods, most have some overload if you want to be safe you will need to bypass them all, but it is rare that the game use them all, but better be safe than sorry. so here is the list and overloads. CodeStage.AntiCheat.Detectors.ObscuredCheatingDetector StartDetection(); // 0x00818a3c static CodeStage.AntiCheat.Detectors.ObscuredCheatingDetector StartDetection(System.Action callback); // 0x00818ce8 CodeStage.AntiCheat.Detectors.ObscuredCheatingDetector StartDetectionInternal(System.Action callback); // 0x00818b70 System.Void StartDetectionAutomatically(); // 0x00819058 static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(); // 0x008190e0 static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback); // 0x0081948c static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback, System.Single interval); // 0x008194e4 static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback, System.Single interval, System.Byte maxFalsePositives); // 0x0081954c static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback, System.Single interval, System.Byte maxFalsePositives, System.Int32 coolDown); // 0x008195c4 CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetectionInternal(System.Action callback, System.Single checkInterval, System.Byte falsePositives, System.Int32 shotsTillCooldown); // 0x008192dc System.Void StartDetectionAutomatically(); // 0x00819a54 static System.Void StartDetection(); // 0x00818648 static System.Void StartDetection(System.Action<System.String> callback); // 0x008186b0 System.Void StartDetectionAutomatically(); // 0x008187e8 there is two way to bypass those. 1. you can just patch each of them using the "NOP RET/BX LR" opcode. 2. allocate memory page and replace and replace those method with there respective StopDetection, that mean when the game call StartDetection instead it will call StopDetection Now for GEMS/XP/Gold/Health Note at this stage since you have already bypassed the AntiCheat editing your stat wont trigger anything. but you need first to understand how ObscuredInt work. note every obscure value you see on your screen is a fake value. you should not edit it directly but the edit the hidden value using the crypto key. Here bellow is what you need to remember about the structure. public struct ObscuredInt [FieldOffset(Offset = "0x0")] private int currentCryptoKey; [FieldOffset(Offset = "0x4")] private int hiddenValue; [FieldOffset(Offset = "0xC")] private int fakeValue; (what you see on screen) What you see on your screen is the fakeValue. to edit it you will need to edit the hidden value. Here is how to. (note offset might varies depending on the game and version so you better have the latest dump and check the correct offset) When you find an ObscureInt fakeValue. you need to go back into the base pointer so in this case: fakeValue.Address - 0xC which will bring you to currentCryptoKey copy the value of currentCryptoKey in (DWORD) then offset to currentCryptoKey.address + 0x4 this will bring you to the hiddenValue now to edit this to your desired value you need to perform XOR (exclusive OR) to your desired value using the currentCryptoKey as a key. you can do that inside gg, you type the value then apply the xor key That it you are done. you can edit any ObscureInt using this method. now specially for your game there are some vulnerabilities that i found you can exploit to edit your stat and in game money. there are some method likes: public class game_manager : MonoBehaviour [Address(RVA = "0xA65A94", Offset = "0xA65A94", VA = "0xA65A94")] public void gem_plus(int gem) [Address(RVA = "0xA65890", Offset = "0xA65890", VA = "0xA65890")] public void gold_plus(int gold) [Address(RVA = "0xA64DFC", Offset = "0xA64DFC", VA = "0xA64DFC")] public void iron_plus(int iron) All those share the almost the same structure so i will be giving an example only for gem_plus In this de-compiled function gem_plus, you can see that they are loading the value of the ObscureInt field public ObscuredInt gem_total; // 0x2CC into the variable puVar1 which later on they add it value + param_2 which is the gem parameter, to instantiate a new ObscureInt from that sum. the result of that sum will be stored into the register W0, so all we have to do is just hijack this register and change the value to what we want. here is a video of how to do that. This method do not trigger the anti cheat cause the game is writing legit value for us. also if you want to move large value you might want to explore the MOVZ instruction or you can allocate a memory page and spam multiple ADD instruction like this add w0, w0, #500000000 add w0, w0, #500000000 add w0, w0, #500000000 add w0, w0, #500000000 add w0, w0, #500000000 .... Last thing for gems you will need to stay on the main screen like in the video when you start the game cause that function trigger only there. I kinda like the game i might continue working on it and update this thread

Hey @Moonslasher Just wanted to shoot you a quick message about something we've noticed in your scripts updates or within the thread itself. It seems like there's a bit of a pattern where updates are being made without really changing much, almost like it's just to boost visibility in search results. We've checked out your edits compared to previous versions, and there doesn't seem to be any significant changes in topic or content. I just want to give you a heads up that continuing this could lead to some disciplinary action, like a warning on your account or even having your script removed. Also, we've noticed some "VIP" functions in your scripts. Just a reminder that selling features like these is against the rules. So, we're taking this chance to remind everyone to report any scripts that break this policy. Thanks in advance for your cooperation.

View File UPDATED PG3D 24.3.2+ + ACTUAL 32bit SUPPORT - Pixel Gun 3D ALL UPDATE Custom Lottery Rewards Hack (32bit and 64bit) Contact Me: User123456789#6424 / @horridmodz on discord Ahhh, it's finally here! Over a year and a half after posting the original, and many, many requests, it's back! I promised to get this done today, and here it is, just barely in time. Since it's been so long, I am posting this update as a new thread. I've been meaning to update this for a while; and I'm sorry for such a looong wait. But this should be the last time you have to wait - because, if my crazy WIP All Update Script Generator tool works as well as I hope, this will be made so resilient it's practically unpatchable! So, here we are. The script is the same as last time, but with some minor improvements - and 32bit support! Unfortunately, I couldn't get 32bit custom values to work, but I got the predetermined values working. I was finally able to figure out that the issues I've been having are actually not my fault, but a limitation with the way lua itself handles integers - to get technical, the 32bit edit values exceed lua's integer limit, but the 64bit ones do not. I tried to workaround this, but just couldn't do it. However, a big rework of the script that I have planned, which changes the way editing is done, will fix this problem. I finally updated this script because I have time over spring break. Shoutout to @dizzy252for sending a request to update the script that I coincidentally saw right before spring break started - if it hadn't been for him, I probably wouldn't have had the thought to do this! Alongside this script, I've in the process of developing a revolutionary tool that creates resilient all update scripts; all you have to do is input your offset or hex and it spits out the full script. If you're interested, here's a sneak peak: https://www.youtube.com/watch?v=sVwODQcSy4A Want to update the script yourself? I have created a lotto sets template! Disclaimer: This script is bannable! Getting too much currency within a certain time frame will flag your account as suspicious and you will be banned in the next ban wave. I recommend only getting at most a few thousand gems per day, or your account will have a high risk of being banned. Even if you do play it safe, you can still be banned. By the way, due to a rework of sets by the developers, sets no longer work. Only lottery rewards are modified. Warning: Using the custom value option and setting the reward values to over 45,000 will instantly ban you! This is not an ordinary lottery script. Here's what unique about it: -This script will work on all game updates (the lowest game version tested is 22.4.3, but downgrading is impossible anyway), even future updates -The script supports various values, and lets you enter a custom value (currently custom values do not work for 32bit) if it does not have what you want. Currently, only whole numbers (no decimal values like 1.5) in the range of 0 to 65536 are supported. -This script supports both 32bit and 64bit devices -This script has a small antiban feature that warns you when you try to edit the reward values over 45,000 Enjoy! Submitter HorridModz Submitted 04/02/2024 Category LUA scripts  

There is good chance that in some cases it may work by allocating as many pages as needed one after another. Example implementation: local PAGE_SIZE = 0x1000 function allocateConsecutivePages(count, mode, address) count = count or 1 mode = mode or gg.PROT_READ | gg.PROT_EXEC address = address or 0 local firstPageAddress = gg.allocatePage(mode, address) if type(firstPageAddress) == "string" then return firstPageAddress end for i = 1, count - 1 do local desiredPageAddress = firstPageAddress + i * PAGE_SIZE local pageAddress = gg.allocatePage(mode, desiredPageAddress) if pageAddress ~= desiredPageAddress then -- failed to allocate page right after previous one, handle as needed end end return firstPageAddress end

- open GG and tap that in the red circle. - then tap the circle with ? in it. - scroll down and you will find it.

Irritator gen 2:685,802,450 Doe:1,881,417,407 Buck:1,418,401,004

There's a few things in this script that might be useful. I'm sure there's plenty more you can add to it. You can change the value of Damage, Defence & Gold from the pot if you want to. GrowSwordmaster_2_0_7.lua

[ Introduction ] Hi @everyone, in recent times, Android has just released version 14, which includes some SDK restrictions. The requirements are that apps should at least be under SDK version 24+, or else installation fails. Another problem is that Game Guardian hasn't been updated for years (March 22, 2021, since the last update), a total of 2 years. I understand that life can be unbothered sometimes, and I hope there's some confirmation regarding this instead of intending it as an "unforseeable future" kind of thing. I've seen a rising number of these issues on Help, General Discussion, and in other possible sections of the forum. I recommend anyone who has a newer device or just recently updated to Android 14 to follow this topic. Here, I propose several possible solutions regarding this issue: [ Main Course ] You can bypass SDK enforcement using shell commands, which you need to install Game Guardian manually through command line. You can achieve this through ADB: Android Debug Bridge or Termux: Terminal for Command Line application. This tutorial will split into 2: { ADB: Android Debug Bridge } This step doesn't require "Root" permission, but before proceeding into the main tutorial. We should prepare several things: Computer / Laptop running Windows OS A cable data Download ADB depedencies: here Android device with "USB debugging". If your device "cant be recognized" or simply not exist on "Device Manager", you need to install: Universal ADB Driver Then read: XDA: Install ADB & Enable USB Debugging. Now put this command on your command prompt / powershell / gitbash / or whatever terminal you use: # Check if our device works properly adb devices # Install Game Guardian manually through ADB adb install --bypass-low-target-sdk-block <path_to_game-guardian.apk> # If ADB is unresponsive / bugged, do: adb kill-server adb start-server { Termux: Terminal } The only requirement is you need "Root" permission, this is the most easiest way. Since you're going to Install Game Guardian, I assume you already have one (Yes, Game Guardian requires "Root" permission, duh). Download: Termux and Just go ahead execute this command: pkg update pkg upgrade pkg install tsu pkg install android-tools sudo adb install --bypass-low-target-sdk-block <path_to_game-guardian.apk> { Virtual Machine } This is suitable way for non-rooted users. Android 14 is relatively new, some of your ROM/OS might not support "Rooting" yet. Virtual Machine allows you to emulate another Android inside your Android 14 (or etc). Usually it comes with older Android version. I suggest to use Virtual Machine with Android 7 or 9 as you're not going to face any redundant issues, like Android 10-14 did. I would recommend using "VPhoneGaGa": VPhoneGaGa VMos Pro X8Sandbox F1VM { Modded APK } You can try to edit Game Guardian SDK: ("android:targetSdkVersion" to version 24+) and ("android:minSdkVersion" to 24+) on Manifest.xml using: APK Editor. You can also download already modded Game Guardian here (credit to @HEROGAMEOfficial ) : : Game Guardian : [ Aftermath ] With that, you can simply reference this topic in case there's someone that facing the same problem. I hope this topic can help you and other people. Thank you for reading.

I reason is i have to write some code which is longer then 4kb , using your concept i can write the code. But what happened is i had to write a jump code at the end of 4kb to another allocated space, so i was wondering if there was any way to allocate an continues block of memory more then 4kb. But turns but there isn't such option. I think i will move forward with jump code. Thank you

Do you just mean multiplication? Or do you want to add the value N separate times, with a pause in between? For the latter, you could write a simple script, like this: N = 10 -- how many times add = 100 -- value to add on every time timebetween = 1000 -- how long to wait between times (milliseconds) values = gg.getResults(gg.getResultsCount()) for _ in N do for i in values do values[i].value = values[i].value + add end gg.sleep(timebetween) end

Please sir help me this game.i can't find level value tried dword,encrypted,word,xor but value Didn't find https://play.google.com/store/apps/details?id=com.CashGames.watersort Help me please @nok1a @MonkeySANMonkeySAN @THETWINSOFFICIAL

Which game (playstore link)? Can give better directions.

Without checking dump or going into ida, just simple debug to find what's reading gems. Armv8 Offset: 11A6C34 Edit to B [PC,#0x80] This will skip the area that would trigger ban. Then this Offset: 113DD74 Mov w22 (large value). This is what writes value after it does a check. So you can force it to write something excessive after it checks value (I don't think you have limit since the check will never branch to ban, see attached image). You could apply this same concept to any value, just set read watch to see what is checking it, then bypass the ban. Could check dump or something to see what the offset is part of or maybe what it branches to.

Serving my warmth welcome @kashM, glad you're joining us.

Use SELGG Lua Encryption Its Strong + Efficient.

Try find offsets with name "hack", "detection" and etc, or edit "secondary" value like getting gold and etc

I managed to do it using frida but using GG it seem like an impossible task or a skill issue the game is using some kind of encryption. So far this is class and offset public class levelSelection : MonoBehaviour { public bool unlockalllevel; }

Bumpy: -1592891285

Nice

The blue is an address location. Need to calculate the offset from start of lib to that address. That will be your offset that you would go-to in ida if using ida. But the lib hit on your screen shot is system and not game lib... Can't debug on emulator if that's what you're attempting...

x=gg.getResults(10) gg.clearResults() for i, v in ipairs(x) do b=tonumber(v.address-10000) c=tonumber(v.address+10000) gg.searchNumber("1.2",64,false,gg.SIGN_EQUAL,b, c) z=gg.getResults(gg.getResultsCount()) gg.addListItems(z) gg.clearResults() end gg.loadResults(gg.getListItems())

Scelidosaurus = -1,165,376,541 Stegouros = 1,191,790,010 Homalocephale = -2,046,750,789

How to download

Hi @mac0912, as long as you have root permission. Yes.

Yes. They are all pointers... You need to follow the pointer to see the "value".

I'm Karimjada from South Sudan Training to be an IT technique

For coins set memory range to Anonymous. Click on screen to buy coins (as in pic) and search 1150;175000::5 (dword). Edit 175000 to 999999999 and 1150 to 0 (making it a minus doesn't gain gems). I'll keep trying for gems and hearts.

View File Sas_4_ADMIN(FIXED) THIS IS THE BIGGEST SCRIPT IVE EVER MADE PLZ ENJOY IT LOTS OF LOVE Love you blackwatch69 Submitter MRS_BLACK Submitted 12/02/2020 Category LUA scripts  

View File School Of Chaos Star This is my first script, it may contain errors. Tell me if you have any errors, Discord: StarButterfly#4640 Submitter StarButterfly Submitted 02/16/2020 Category LUA scripts  

I'm not sure if the procedure is correct or not, but I did some simple tests to show you how you can get a lower value than usual 9999999... As you can see the coins decrease or increase depending on what I change. InShot_20191017_180807319.mp4 (1).mp4

Patience..... Takes time to find how everything is stored and debugging it....