Jump to content


  • Content Count

  • Donations

  • Joined

  • Last visited

  • Days Won


Un_Known last won the day on May 28

Un_Known had the most liked content!

Community Reputation

33 Learning

About Un_Known

  • Rank
    Advanced Member

Additional Information

  • Android
    9.x (Pie)

Recent Profile Visitors

4,030 profile views
  1. A quick and easy guide on how to mod Hill Climb Racing (1.41.1) to get unlimited fuel mod (fuel will increase instead of decreasing) Working on version 1.41.1 Prerequisites: Hex Editor Apk or Zip Signer libgame.so Note: Generally 3 lib folders are found in this game but only edit libgame.so in Armeabi-v7a and delete other two folders. Steps: Extract the libgame.so file from apk Open it using hex editor search for hex pattern 479B06EE There would be two occurrences of this pattern Only edit the first one to 079B06EE save changes put libgame.so back to apk sign the Apk and install it. Enjoy and Explaination coming soon. It doesn't require a pc or laptop you can it it only using Your smartphone! com.myprog.hexedit_98.apk kellinwood.zipsigner2_31.apk
  2. While lib files on android can be analysed statically very easily but dynamic lib debugging is also another option to get to know what is happening during runtime. When static analysis may take up alot of time dynamic analysis is always a better option! So how to debug libs? lib files are not independent they need a running process to be debugged. Let's Start: Perquisites: IDA PRO ADB Rooted Device USB cable Note: Enable usb debugging And don't select Filetransfer mode select PTP mode otherwise device won't be listed by ADB Google if you don't Know how to Connect to PC using ADB Now Load lib in IDA PRO first which is to be analysed. Now connect your device to PC over ADB Go to IDA PRO installation directory and from folder dbgsrv copy file android_server to adb folder And execute following commands: adb devices [To make sure device is connected ] adb push android_server /local/data/tmp adb shell su cd /data/local/tmp ll [To Get list of files incurrent directory] chmod 755 android_server ./android_server Minimizethe windows where android_server is running and open a new command prompt window and run following command: adb forward tcp:23946 tcp:23946 select the "Remote ARM Linux/Android debugger", go into "ProcessOptions" in the debugger menu, and set the hostname to localhost.And port : 23946 Now Run the apk on your device from which this lib was extracted! And In IDA go to: Debugger menu Choose attach to process and from list of processes select the process of your apk. Thnx Any correction and suggetion would be welcomed!
  3. You have to make a search first! It only work if values are available in search list!
  4. Feature not added so Feeling sad! No update since long Time !
  5. It's for understanding game logic and then modding the game!
  6. If above Answer is confusing this might be better explanation: In ARM State: PC (Program counter , R15). stores the address of the current instruction plus 8 (two ARM instructions) in ARM state. In Thumb State: For B, BL, CBNZ, and CBZ instructions, the value of the PC is the address of the current instruction plus 4 bytes. For all other instructions that use labels, the value of the PC is the address of the current instruction plus 4 bytes, with bit[1] of the result cleared to 0 to make it word-aligned.
  7. So finally I Got answer to this thnx to @saiaapiz . Posting Answer here because it can help many! The Program Counter is automatically incremented by the size of the instruction executed. This size is always 4 bytes in ARM state and 2 bytes in THUMB mode. When a branch instruction is being executed, the PC holds the destination address. During execution, PC stores the address of the current instruction plus 8 (two ARM instructions) in ARM state, and the current instruction plus 4 (two Thumb instructions) in Thumb(v1) state. This is different from x86 where PC always points to the next instruction to be executed.
  8. Why pc is pointing to 0x8 shouldn't it be pointing to 0x4 from current address! As next instruction would always be at 0x4 from current address as instructions are of 32 bits (exclude thumb instruction set here )@saiaapiz
  9. Thnx buddy for putting a lot of effort just to helpme!
  10. Above question can be ignored Updated: I think it is offset is loaded into R1 after subtraction between ahighscore and 0x19D8B4 and their addresses being subtracted! so Here ahighscore has address =>00319CEC so 00319CEC - 0x19D8B4 =17C438 So R1, = 17C438 would it be an offset? Am.i correct or Wrong? @saiaapiz @Enyby
  11. What is happening here can u explain? I have highlighted offset pushed to R1 with cursor? what type of sign is between ahighscore and offset is it just a dash ? What is purpose of ahighscore here? Any reference guide for arm instruction set ?
  12. ohh thnx buddy once again sorry for disturbing you
  13. It generally means that value of coins would be highest (because 2147483647 is largest dword) only when value in R0 is less than 0 Okk if I change MOVLT to MOV and STRLT to STR then value will always be 2147483647 because it will bypass condition check is it correct and plz elaborate this part =(dword_36BD38 - 0x19D86C) couldn't understand this That What would be value in R3 register @saiaapiz
  14. I have learnt a lot after joining GG forum. Thnx to @saiaapiz @Enyby
  • Create New...