MAARS
-
Posts
680 -
Joined
-
Last visited
-
Days Won
28
Content Type
Profiles
Forums
Downloads
Gallery
Posts posted by MAARS
-
-
3 hours ago, bs6489570 said:
I tried to find the y firection uding vector 3 but nothing happened. no search result came.
Technique Used : FuzzyFuzzy search. Then take the bus upper road and lower road.
Second, I tried to change any of the value that related to vector3 in dump.cs. But this also happed nothing. If you need i can give you the dump file
Remember it is trial and error, it nomal if you dont get it in the first try.
the first thing you need to make sure is you are on the correct class representing the BUS/CAR.
might be more easy with modding but with gg you can do like so.
1. Find the BUS instance
2. Find the transform offset and follow the pointer3. On the transform follow the position Vector3 pointer
4. if position V3 found you can now edit the x,y,z coordinate0 -
Unity objects have a transform component.
to make something fly you can elevate the y axis on the position property
https://docs.unity3d.com/6000.0/Documentation/ScriptReference/Transform.html0 -
METHODE 1:
You have inbuilt freeze value option just use it without any scriptMETHODE 2:
Do the research, then add the value into the save list. This can be done manually if it is really complex or involves increment/decrement features (User Interaction).
Then we just pick up the value(s) from the save list and check if they changed.
local VALUE_FREEZE = 4 local listItems = gg.getListItems() local listItemsSize = #listItems if listItemsSize == 0 then print("List Item is empty!") gg.alert("List Item is empty!") os.exit(1) end while true do local hasChanged = false for i = 1, listItemsSize do local v = listItems[i] if v.value ~= VALUE_FREEZE then v.value = VALUE_FREEZE hasChanged = true end end if hasChanged then gg.setValues(listItems) end gg.sleep(100) end
Note: this code is not tested
1 -
Provide the game url, i will give it a try
0 -
1 hour ago, Bunta said:
OK, so what would the algorithm be based on the data I provided?
I tried doing some XOR calculations but I wasn't entirely sure how to reverse engineer what the key should be.
Simple XOR keys are easy to find
0 -
You need to determine what algorithm is being used to enc. value. if it is XOR it will be easy
0 -
It is a split apk, i think there are already topic about this here, just look around can start there
Game lib (#6iy0jaei)1 -
4 hours ago, 8ballpool12 said:
How can I stop the pop-up notification after a file has completely downloaded in Lua? The file is already in place and ready to execute, so the pop-up is unnecessary. Any tips on how to remove it? Thanks in advance!
local gg = gg local FILE_PATH = "some_file.lua" -- Relative or absolute path local function fileExist(filename) local f, err = io.open(filename, "r") if (f) then f:close() return true else return false, err end end local isScriptDownloaded = fileExist(FILE_PATH) if (isScriptDownloaded) then print ("Script exist") else print ("Script does not exist") end -- Alt way of doing if (fileExist(FILE_PATH)) then dofile(FILE_PATH) else -- download here end
0 -
On 1/4/2025 at 12:10 PM, Trews27 said:
This is not an answer to the question. Your answer didn’t help at all, I knew that without you.
Sorry if my reply wasn’t what you were looking for. There’s no universal method since every game’s protections are different, but I hope the general direction I gave was somewhat helpful. I’ll leave it here—good luck!
2 -
Welcome among us Dan
1 -
Reverse engineering game protections isn’t about pressing a magic “hack” button—it’s about understanding how the game detects tools like GameGuardian and systematically bypassing those checks. Internal protections often include memory obfuscation, integrity checks, and anti-tamper routines designed to detect suspicious behavior, like scanning or modifying values. To bypass these, you’ll need to hide GameGuardian using root-hiding tools, analyze the game’s binaries with tools like IDA Pro or Ghidra, and use dynamic instrumentation with Frida to hook or disable anti-cheat functions. It’s a process of patience, analysis, and experimentation—there’s no universal solution, only techniques tailored to each game’s protection mechanisms.
GPT2 -
try this
adb shell pm set-installer PACKAGE INSTALLER
for example
adb shell pm set-installer com.tencent.ig com.android.vending
This make your app look like it have been installed by playstore
0 -
On 11/1/2024 at 6:27 PM, CmP said:
local savedValues = gg.getListItems() -- Enough to get items once if list won't change during execution of loop local targetValues = {} for i, v in ipairs(savedValues) do if v.name == "R" then targetValues[#targetValues + 1] = { address = v.address, flags = v.flags, value = "-2.0" } end end for i = 1, 20 do gg.setValues(targetValues) -- doesn't really make sense without delay end
And, please, don't mention anyone in questions that are not directed to someone specifically.
Should be sleeping in between each edit else it wont work as expected
for i=1, 20 do gg.setValue(targetValue) gg.sleep(100) end
0 -
-
Change both if you only change that one the level will change but In the home screen it will not
0 -
Can you show your error log ?
0 -
The script only add values into the saved list you have to manually edit them. if the edit did not work just try again (64 bit only)
0 -
Hi, your game is protected with CodeStage anti cheat, thankfully this is one of easy one to bypass.
First you will need to dump the game using Il2cppDumperGUI any or il2cpp dumper of your choice.
next you're going to look for CodeStage detection methods.
note those StartDetection methods, most have some overload if you want to be safe you will need to bypass them all, but it is rare that the game use them all, but better be safe than sorry.
so here is the list and overloads.
CodeStage.AntiCheat.Detectors.ObscuredCheatingDetector StartDetection(); // 0x00818a3c static CodeStage.AntiCheat.Detectors.ObscuredCheatingDetector StartDetection(System.Action callback); // 0x00818ce8 CodeStage.AntiCheat.Detectors.ObscuredCheatingDetector StartDetectionInternal(System.Action callback); // 0x00818b70 System.Void StartDetectionAutomatically(); // 0x00819058 static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(); // 0x008190e0 static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback); // 0x0081948c static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback, System.Single interval); // 0x008194e4 static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback, System.Single interval, System.Byte maxFalsePositives); // 0x0081954c static CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetection(System.Action callback, System.Single interval, System.Byte maxFalsePositives, System.Int32 coolDown); // 0x008195c4 CodeStage.AntiCheat.Detectors.SpeedHackDetector StartDetectionInternal(System.Action callback, System.Single checkInterval, System.Byte falsePositives, System.Int32 shotsTillCooldown); // 0x008192dc System.Void StartDetectionAutomatically(); // 0x00819a54 static System.Void StartDetection(); // 0x00818648 static System.Void StartDetection(System.Action<System.String> callback); // 0x008186b0 System.Void StartDetectionAutomatically(); // 0x008187e8
there is two way to bypass those.
1. you can just patch each of them using the "NOP RET/BX LR" opcode.
2. allocate memory page and replace and replace those method with there respective StopDetection, that mean when the game call StartDetection instead it will call StopDetectionNow for GEMS/XP/Gold/Health
Note at this stage since you have already bypassed the AntiCheat editing your stat wont trigger anything. but you need first to understand how ObscuredInt work.
note every obscure value you see on your screen is a fake value. you should not edit it directly but the edit the hidden value using the crypto key. Here bellow is what you need to remember about the structure.public struct ObscuredInt [FieldOffset(Offset = "0x0")] private int currentCryptoKey; [FieldOffset(Offset = "0x4")] private int hiddenValue; [FieldOffset(Offset = "0xC")] private int fakeValue; (what you see on screen)
What you see on your screen is the fakeValue. to edit it you will need to edit the hidden value.
Here is how to. (note offset might varies depending on the game and version so you better have the latest dump and check the correct offset)When you find an ObscureInt fakeValue. you need to go back into the base pointer so in this case: fakeValue.Address - 0xC which will bring you to currentCryptoKey copy the value of currentCryptoKey in (DWORD) then offset to currentCryptoKey.address + 0x4 this will bring you to the hiddenValue now to edit this to your desired value you need to perform XOR (exclusive OR) to your desired value using the currentCryptoKey as a key. you can do that inside gg, you type the value then apply the xor key
That it you are done. you can edit any ObscureInt using this method.
now specially for your game there are some vulnerabilities that i found you can exploit to edit your stat and in game money. there are some method likes:
public class game_manager : MonoBehaviour [Address(RVA = "0xA65A94", Offset = "0xA65A94", VA = "0xA65A94")] public void gem_plus(int gem) [Address(RVA = "0xA65890", Offset = "0xA65890", VA = "0xA65890")] public void gold_plus(int gold) [Address(RVA = "0xA64DFC", Offset = "0xA64DFC", VA = "0xA64DFC")] public void iron_plus(int iron)
All those share the almost the same structure so i will be giving an example only for gem_plus
In this de-compiled function gem_plus, you can see that they are loading the value of the ObscureInt field
public ObscuredInt gem_total; // 0x2CC
into the variable puVar1 which later on they add it value + param_2 which is the gem parameter, to instantiate a new ObscureInt from that sum. the result of that sum will be stored into the register W0, so all we have to do is just hijack this register and change the value to what we want. here is a video of how to do that.
This method do not trigger the anti cheat cause the game is writing legit value for us. also if you want to move large value you might want to explore the MOVZ instruction or you can allocate a memory page and spam multiple ADD instruction like this
add w0, w0, #500000000add w0, w0, #500000000
add w0, w0, #500000000
add w0, w0, #500000000
add w0, w0, #500000000....
Last thing for gems you will need to stay on the main screen like in the video when you start the game cause that function trigger only there.
I kinda like the game i might continue working on it and update this thread6 -
2 hours ago, NoFear said:
Gdb, rwatch on value. If editing value with GG triggers a ban or local error, just rwatch value to see everything reading it. Sometimes you'll get many results, just have to go through and find the one that triggers ban. Ideally, it'd be a branch to one anti cheat function. Then you could xref that function, NOP all the branches to it, or RET the function.
Thanks, gotta get my hands on gdb tho, never used it
0 -
11 hours ago, NoFear said:
is will skip the area that woul
12 hours ago, NoFear said:Without checking dump or going into ida, just simple debug to find what's reading gems.
Armv8
Offset: 11A6C34
Edit to
B [PC,#0x80]
This will skip the area that would trigger ban.
Then this
Offset: 113DD74
Mov w22 (large value).
This is what writes value after it does a check. So you can force it to write something excessive after it checks value (I don't think you have limit since the check will never branch to ban, see attached image).
You could apply this same concept to any value, just set read watch to see what is checking it, then bypass the ban. Could check dump or something to see what the offset is part of or maybe what it branches to.
Interesting, this technique could be also useful with my other project, which tool you use to monitor memory access ?
0 -
public class DataBaseScript : MonoBehaviour public int Quest_Get_Gem_Normal(int Quest_numb) // return a high amount if you want (like 100K) public bool Quest_Bool_Normal(int Quest_numb) // return true to redeem quest reward infinitly
In game quest -> dungeon
4Million so far and no ban.
Off Topic:
I recommend using this app Swift Backup to backup the game if you are trying something that you think might get you banned. so if you get banned you can just restore previous game state and continue. since the ban is local nothing from a serverYou get banned around 18 Millions
0 -
After a lot of hours working on this game, i conclude that the game is actively subtracting your earning - your total spent gems to detect if you cheated or not. all you have to do is just disguise your coins as it have been earned.
for that you can edit reward etc.., here i edited gems you get when unlocking book skin, you can also edit quest reward if you want
public class DataBaseScript : MonoBehaviour public int Get_Gem_Book_by_Rare(int rare_)
0 -
29 minutes ago, MonkeySAN said:
you edited the Gems value and get away with it?
i got this right away after changed the Gems value.
everything else seems fine to edit.
How did you edit it ? still did not find something to directly edit it
0 -
5 hours ago, imperialx said:
Ohh manual ban, by the way I was using auto clicker with gg script given up there and speed hack at 4 . I completed all the maps and was farming rank dungeon.
What is your architecture? 64bit or 32bit ? I think the ban can be ignored, but I still can't get myself banned right now, so you might want to test the bypass
0
Coroutine don't work
in Help
Posted · Edited by MAARS
If you really need it, you can implement it. just write a library