Leaderboard

Check e_machine from specific lib using GameGuardian. function GetLibraryTextBase(lib) for _, __ in pairs(gg.getRangesList(lib)) do --print(string.format("%s | Start: 0x%08x | End: 0x%08x | Size: 0x%x | State: %s | Protection: %s", lib, __["start"], __["end"], __["end"] - __["start"], __["state"], __["type"])) if __["state"] == "Xa" or __["state"] == "Xs" then return __["start"], __["end"] end end return nil end function GetLibraryArch(LibName) e_machine = GetLibraryTextBase(LibName) + 0x12 -- e_machine offset _ = {{address = e_machine, flags = gg.TYPE_WORD }} return gg.getValues(_)[1].value & 0xFFFF -- Format end Arch = GetLibraryArch("libc.so") -- http://www.sco.com/developers/gabi/2000-07-17/ch4.eheader.html if Arch == 40 then ArchName = "Advanced RISC Machines ARM: " else ArchName = "Unknown" end gg.alert(string.format("libc.so\n\nArchitecture: %s (0x%02X)", ArchName, Arch)) References: http://www.sco.com/developers/gabi/2000-07-17/ch4.eheader.html

Have you tried it at least? I highly doubt that searching for 500 consecutive addresses and editing all of them to one value can noticeably slow down your script. So are you sure that it does not suffice because of performance reasons? As pointed out above, editing values one-by-one in a loop is very inefficient. This approach should be used instead, if simple one with fuzzy search does not suffice: Example of implementing it: local startAddress = 0x12340000 local count = 500 local editValue = '555444' local values = {} for i = 1, count do values[i] = {address = startAddress; flags = gg.TYPE_DWORD; value = editValue} startAddress = startAddress + 4 end gg.setValues(values)

Good intuition... magic is still not part of hacking, sorry. ? I think you didn't really get what is this [value] in the video: "[value]X4" Just to be sure I say this, but I think you already know that and it's not the problem here. Let's say you search for Dword: Searching for "[value]X4" means: "find a Dword, containing [value] (not encrypted) xored with the Dword (see nofear following post) 4 bytes after or before (= just the length of the Dword containing [value], so the following/preceding Dword)" Well if you understand that, you have to know what [value] you want to search for. I think you were confused because it wasn't maybe the best example. Nofear is searching for an odd thing. He's looking for the number of coins here, not the actual money value you see. So he does "1~9X4" first because he just collected between 1 and 9 coins, and then he searches for "53X4" because he counted the number of coins the arrow of coins he collected was made of, which is exactly 53 coins ^-^. Why? Because the money is probably not Xor encrypted, and the numbers of coins collected are xor encrypted and can indirectly change money, and/or Nofear just wanted to show another way to hack money that the way you'll first think about, which is directly changing the money. You second problem is related to the definition of "[value]X4" I wrote, or most probably to the xor encryption itself. Xor operation is reversible: the value which is xored with [value] can be after or before it. In this case it is before. Plus you have to know that [value] xor 0 = [value]. So eventually, in this case, nofear sets the xor key to 0 and then he can simply change the encrypted coins number as if it wasn't encrypted at all!

You need to use "Changed/Unchanged" if you want to find xor-encrypted value with fuzzy search. "Increased/Decreased" won't work out because of how xor-encryption works.

? Couple other nice surprises too in the script

This is a very basic task. You need to: 1. Get first 5 results via getResults function and store them in a variable. 2. Remove first 5 results via removeResults function by passing variable from step 1 to the function as argument. Note: this will only work as expected, if you have exactly 6 results, so you may need to check count of results via getResultsCount function and/or consider possibility of getting different amount of results.

Do you mean you think he first edited the dword value following the xored number of coins (target) to 0, but this didn't change anything so he assumed the xor key was before the target? No, because as you can see, there is no former value under parentheses next to the 0 (which is how GG displays the backup of an edited value). Even if the following value wasn't originally 0, there would probably be no point testing it because you can also suppose by a first look that the xor key is just before the target because you know it is 53 decrypted, so the difference between the xor key and the target shouldn't be very high (about 100~200 max I suppose).

You can also use this method to figure out the items you wish to dupe using the method I came up with (use Search or YouTube). Also, you can edit the stats of weapons as well, makes it really helpful when you can choose any item/weapon you really want. Good to see someone release something new with this game. ?