Jump to content

MAARS

Contributor
  • Posts

    667
  • Joined

  • Last visited

  • Days Won

    27

MAARS last won the day on May 25

MAARS had the most liked content!

Additional Information

  • Android
    9.x
    13.x
  • Device
    M2012K11AG; Emulator
  • Service provider
    Other

Recent Profile Visitors

26,549 profile views

MAARS's Achievements

  1. Should be sleeping in between each edit else it wont work as expected for i=1, 20 do gg.setValue(targetValue) gg.sleep(100) end
  2. Yeah this is also a good method. my idea was to find a function we know run every frame and add a BL call to another function inside this one kinda just like before: void Shoot() { printf("Shooting"); } void Tick() { printf("I run every frame !"); } After: void Shoot() { printf("Shooting"); } void Tick() { Shoot(); printf("I run every frame !"); }
  3. To achieve this, you need to understand how the button works in the game. Understand Button Events. When you click a button in a game, it triggers an event. This event is linked to a specific action or function in the game's code. Find the Function: Each button in the game is programmed to run a specific function when clicked. For example, a "shoot" button in a shooting game runs a function that handles shooting. Locate the Memory Address, Games store information and functions in memory. To trigger a button's action without clicking it, you need to find the memory address where the button's function is stored. Better do the call or hooking trough modding, you will have a hard time trying this with game guardian cause the only way is to write raw assembly code. Using Auto Clickers (Alternative): If finding and changing memory addresses sounds too complex, you can use an auto-clicker app. Auto-clickers simulate clicks at specified intervals, so you can automate the button clicking without dealing with the game's code. https://play.google.com/store/apps/details?id=com.truedevelopersstudio.automatictap.autoclicker&pcampaignid=web_share
  4. Just checkout here. Learn a litle bit how pastebin api work: https://pastebin.com/doc_api Learn discord webhook: https://discordjs.guide/popular-topics/webhooks.html#creating-webhooks-through-server-settings Learn the webhook api: https://discord.com/developers/docs/resources/webhook It will be pretty straightforward if you have some background. I have made some working example you can test on here. This one only use discord: https://gist.github.com/devmaars/26e544083ae2cab8859581e6bf4f6148 This use discord and pastebin: https://gist.github.com/devmaars/7ccaffa1f4bd3b8d137bd16ed2d9df25 For the second one you will have to set your own pastebin dev key. Here is the dummy discord server you can live see the the crash log being pushed https://discord.gg/yDw349UGtW Note: this examples can be used for anything else not just crash log.
  5. no need of a server. you can use pastebin + discord or just discord. you can even make it automatic so that when your script crash it automatically publish the crash log to pastebin then send the url of the paste to your discord server using discord webhook. for me the is the simplest and easy way
  6. Try this https://youtu.be/Hwuc5-cWqT4 script.lua
  7. Change both if you only change that one the level will change but In the home screen it will not
  8. Can you show your error log ?
  9. The script only add values into the saved list you have to manually edit them. if the edit did not work just try again (64 bit only) script.lua
  10. Is the game fully offline ? if not i will not recommend doing this, that just a way to flag yourself as a cheater if the game actually keep player record which is mostly the case if your game is online/semi online
  11. The index is not always the same so to avoid some runtime error you can make it dynamic local function getBaseAddr(lib) local rangeList = gg.getRangesList(lib) for _, v in ipairs(rangeList) do if v.state == "Xa" then return v.start end end end local libanogs = getBaseAddr("libanogs.so") gg.alert(tostring(libanogs + 0x129fc4)) -- "0x129fc4" is your function address -- The function will be located at libil2cpp.so + function address.
  12. write this in QWORD 00 00 A0 E3 1E FF 2F E1r
  13. public class SaveGameManager : MonoBehaviour [Address(RVA = "0x129E248", Offset = "0x129D248", VA = "0x129E248")] public static int getTotalMoney() // return high ammount Unlimited money public class CarProperties : MonoBehaviour [Address(RVA = "0x12B34E4", Offset = "0x12B24E4", VA = "0x12B34E4", Slot = "47")] public virtual bool getIsPremium() // return false make paid cars available to buy with in game money instead of real money
  14. Hi, your game is protected with CodeStage anti cheat, thankfully this is one of easy one to bypass. First you will need to dump the game using Il2cppDumperGUI any or il2cpp dumper of your choice. next you're going to look for CodeStage detection methods. note those StartDetection methods, most have some overload if you want to be safe you will need to bypass them all, but it is rare that the game use them all, but better be safe than sorry. so here is the list and overloads. CodeStage.AntiCheat.Detectors.ObscuredCheatingDetector StartDetection(); // 0x00818a3c static CodeStage.AntiCheat.Detectors.ObscuredCheatingDetector StartDetection(System.Action callback); // 0x00818ce8 CodeStage.AntiCheat.Detectors.ObscuredCheatingDetector StartDetectionInternal(System.Action callback); // 0x00818b70 System.Void StartDetectionAutomatically(); // 0x00819058 static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(); // 0x008190e0 static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback); // 0x0081948c static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback, System.Single interval); // 0x008194e4 static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback, System.Single interval, System.Byte maxFalsePositives); // 0x0081954c static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback, System.Single interval, System.Byte maxFalsePositives, System.Int32 coolDown); // 0x008195c4 CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetectionInternal(System.Action callback, System.Single checkInterval, System.Byte falsePositives, System.Int32 shotsTillCooldown); // 0x008192dc System.Void StartDetectionAutomatically(); // 0x00819a54 static System.Void StartDetection(); // 0x00818648 static System.Void StartDetection(System.Action<System.String> callback); // 0x008186b0 System.Void StartDetectionAutomatically(); // 0x008187e8 there is two way to bypass those. 1. you can just patch each of them using the "NOP RET/BX LR" opcode. 2. allocate memory page and replace and replace those method with there respective StopDetection, that mean when the game call StartDetection instead it will call StopDetection Now for GEMS/XP/Gold/Health Note at this stage since you have already bypassed the AntiCheat editing your stat wont trigger anything. but you need first to understand how ObscuredInt work. note every obscure value you see on your screen is a fake value. you should not edit it directly but the edit the hidden value using the crypto key. Here bellow is what you need to remember about the structure. public struct ObscuredInt [FieldOffset(Offset = "0x0")] private int currentCryptoKey; [FieldOffset(Offset = "0x4")] private int hiddenValue; [FieldOffset(Offset = "0xC")] private int fakeValue; (what you see on screen) What you see on your screen is the fakeValue. to edit it you will need to edit the hidden value. Here is how to. (note offset might varies depending on the game and version so you better have the latest dump and check the correct offset) When you find an ObscureInt fakeValue. you need to go back into the base pointer so in this case: fakeValue.Address - 0xC which will bring you to currentCryptoKey copy the value of currentCryptoKey in (DWORD) then offset to currentCryptoKey.address + 0x4 this will bring you to the hiddenValue now to edit this to your desired value you need to perform XOR (exclusive OR) to your desired value using the currentCryptoKey as a key. you can do that inside gg, you type the value then apply the xor key That it you are done. you can edit any ObscureInt using this method. now specially for your game there are some vulnerabilities that i found you can exploit to edit your stat and in game money. there are some method likes: public class game_manager : MonoBehaviour [Address(RVA = "0xA65A94", Offset = "0xA65A94", VA = "0xA65A94")] public void gem_plus(int gem) [Address(RVA = "0xA65890", Offset = "0xA65890", VA = "0xA65890")] public void gold_plus(int gold) [Address(RVA = "0xA64DFC", Offset = "0xA64DFC", VA = "0xA64DFC")] public void iron_plus(int iron) All those share the almost the same structure so i will be giving an example only for gem_plus In this de-compiled function gem_plus, you can see that they are loading the value of the ObscureInt field public ObscuredInt gem_total; // 0x2CC into the variable puVar1 which later on they add it value + param_2 which is the gem parameter, to instantiate a new ObscureInt from that sum. the result of that sum will be stored into the register W0, so all we have to do is just hijack this register and change the value to what we want. here is a video of how to do that. This method do not trigger the anti cheat cause the game is writing legit value for us. also if you want to move large value you might want to explore the MOVZ instruction or you can allocate a memory page and spam multiple ADD instruction like this add w0, w0, #500000000 add w0, w0, #500000000 add w0, w0, #500000000 add w0, w0, #500000000 add w0, w0, #500000000 .... Last thing for gems you will need to stay on the main screen like in the video when you start the game cause that function trigger only there. I kinda like the game i might continue working on it and update this thread
  15. Thanks, gotta get my hands on gdb tho, never used it
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.