Jump to content


  • Content Count

  • Donations

  • Joined

  • Last visited

  • Days Won


Posts posted by NoFear

  1. 5 hours ago, THELEGENDARYSSC said:

    The problem is with people who you think are  trustworthy but in real they are not. Everyone but not everyone wants free hack. Giving free hack is like plague. Most of the websites are copy/paste and they always wait for the real moder to release the hack. That mod wasn't free actually. The guy who post it must have copied it from somewhere. it was  actually  leaked by someone who brought it just like someone leak your mod in last update. I have 10 clients  they are  very trustworthy. I have been selling nitro mod since last 4 updates and they never share my mod to anyone. Though nitro value changes slightly but it's easy to find on every new update. Building apk with only one architecture was a pain but now i have learnt it. And thanks for that tutorial, I have learnt few more things not everything though. it might take time but will learn it.

    Can't agree with you more.

    I have a small group that gets full custom mods every update. Usually within a few hours of update. I can mod both, armv8 and armv7. I don't ask for money each update. Until gameloft makes it so I need to debug again. When that day comes, I hope it ends all public mods.

  2. 59 minutes ago, THELEGENDARYSSC said:

    Yeah, that actually sounds complicated n gg is itself time consuming. i know that mod is public and you ( i mean to you) can easily modify its existing offsets but not everyone. Here is  where l exist .He might not update it later but i can. Nobody else has the offsets n brain to do so that's why they look around on youtube, here and there on copy/paste websites. That mod is original mean with brutal speed/unlimited nitro/ghost/drift radius..you really can't play mp with all that and ban is confirmed in a day or two or a week. Tons of reports are already been made.


    I actually want to learn from you .I might don't have your level brain or experience but i have the ability.

    It's actually why I'm annoyed at everyone taking credit...

    To find these encrypted values initially, took an EXTREMELY long time to find. Especially since most are static values. So unknown changed will never find them. I'm just waiting for Gameloft to changed the strings entirely so no one can keep taking credit. 

    I learned most of my debugging from here


    Yes, it's ios, but it's not that different. This was the best guide I could find.

  3. 7 minutes ago, THELEGENDARYSSC said:

    I read your post that you use gg+gdb and hex editor but i din't get, how could you use gdb ( visual extension) without visual studio? You said you don't even use pc. if you could teach me, i promise next time you will see my own work.

    Find value with GG.

    set watch point with gdb.

    Goto offset, make edit

    You still need to find the value to set watch point. That's where it is extremely complicated and time consuming since they encrypted a lot of values.


    That's the public mod. Can easily remove offsets/modify existing offsets to your liking.

  4. 1 minute ago, THELEGENDARYSSC said:

    You know what I actually tried pretty hard day n night to find out the codes be it android studio but the thing i failed. I couldn't able to fix this native lib error while debugging the apk. I worked on ida too but it was confusing and didn't understand the actual code cause i can't test each n every code. Searching hex pattern is easy.

    And the proper way is using gdb and setting watch points.

    It's not guess work, it's accurate.  

  5. 1 minute ago, THELEGENDARYSSC said:

    Well, there are two types of people. First, who work hard and gets nothing when someone steal there work. Second, smart people who don't focus on each n everything they just need one break point. I understand what you are trying to say but why not you just think it as a work no matter who and what. It's a game neither the moder owns it neither I then why to fight. And if your forum demand only original work then i don't think anyone follows it.

    I don't consider it skill/work at all. Sorry. What you do is just lazy but you think is lots of hard work. You try to profit on someone else doing the work for you. Good luck. I'll find and provide the free links here later. 

  6. 1 minute ago, THELEGENDARYSSC said:


    I'm the original modder. I know the difficulty in finding the offsets from scratch and not using someone else's work. "Your own work" is basically changing someone's mov r0, #1 and doing like mov r0, #2 and acting like you did magic. Changing the value at the register that was already found by someone else, not original.

  7. 17 minutes ago, THELEGENDARYSSC said:

    where? The mod you are talking about is the original one. I just modified it for better use and nitro in air does  trigger soft ban or cheat board for a day. Test by me on earlier updates. and safe/no ban is guaranteed by me cause i haven't exaggerate anything.

    Lol. Get enough user reports, you have no guarantee on anti ban....  I know you aren't a modder, you just copy old hex and search for them. You don't know how to do any original work yourself. I think Android Republic has mod. If not, be happy to paste what's already made public by other thieves.


  8. 56 minutes ago, nalcwap said:

    you know any ap android for debug without root?

    I think if you use ida on pc. You can debug without root that way.

    I just prefer gdb, for I don't need pc to do it.

  9. I think iosgods has lldb debugging guide for ios.

    It's not too different than Android. Lldb only supports x64 on Android. So you may want to do the equivalent with gdb.

    3 minutes ago, CmP said:

    It's xor-encryption with the key "1 545 691 265" (equal to value with 0 coins).

    1 545 691 265 xor 37 = 1 545 691 300

    1 545 691 265 xor 487 = 1 545 691 494

    Therefore, to get encrypted value Y that corresponds to real value X, you need to use the following formula:

    Y = 1 545 691 265 xor X

    This will work, if the key is constant. If it is not, you will first need to find it out to be able to calculate encrypted values.

    Heh, didn't even think to try that first 😛



    For more complex Encryption, debugging could help.

  10. Maybe with gdb. Set write watchpoint on the value. Then you'll get an offset related to the encryption. Assuming game is lib file and not dll.

  11. 3 hours ago, NotATypicalHacker said:

    This developer make me got an extreme headache because the security of the game was god d*** high even when i'm edit the right things it will get banned so soon hope they figure out how to modded it at least

    Do you know how to hack the XP or  Level NoFear?

    Yes, I do.

    3 hours ago, NotATypicalHacker said:

    How many the limit of numbers in putting the medkit,food,water value max so it will not get banned is it more than 10k or less? i'm only do 1k max incase my alt got banned

    or maybe Stats Points value 

    As for limits. Not sure the exact limits. Seems most things are safe. Hard currency is the one with a limit.

    Editing values, is very complex...

  12. 50 minutes ago, NotATypicalHacker said:

    I wonder how IOSGOD manage to make damage hack ?

    The hack pretty works on Med kit,food,water but when wrong edit the game force closes and got banned

    Anyways how to do Level or XP hack ?


    I talked with the modder about it.

    Seems game is very different for ios on its protections.

    He was looking at the American version too.

    If you edit things correctly and within limits, seems save.

    Even if you edit perfectly and do something too high, you'll just have delayed ban instead.

  13. 3 minutes ago, saiaapiz said:

    Not watchpoint support.
    Backtrace ? I only can find LR (Address of current function caller.)

    I've created shellcode that save R0-R12, LR into stack. Then copy the stack address into my allocated region, so i can read it with script.

    ROM:00000000                 STMFD           SP!, {R0-R12,LR}
    ROM:00000004                 LDR             R0, =0xBBBBBBBB
    ROM:00000008                 STR             SP, [R0]
    ROM:0000000C isLocked                                ; CODE XREF: ROM:00000014j
    ROM:0000000C                 LDR             R0, =0
    ROM:00000010                 CMP             R0, #1
    ROM:00000014                 BNE             isLocked
    ROM:00000018                 LDMFD           SP!, {R0-R12,LR}
    ROM:0000001C                 LDR             PC, =0xAAAAAAAA
    ROM:0000001C ; ---------------------------------------------------------------------------
    ROM:00000020 _returnaddress  DCD 0xAAAAAAAA          ; DATA XREF: ROM:0000001Cr
    ROM:00000024 _stackaddress   DCD 0xBBBBBBBB          ; DATA XREF: ROM:00000004r
    ROM:00000028 _spinlockctl    DCD 0                   ; DATA XREF: ROM:isLockedr


    Ok. I'll stick with gdb for sure. Thank you.

  14. 5 minutes ago, saiaapiz said:

    Yes, it look like when you setting up breakpoint with gdb, where you can view/change register in realtime.

    In short terms, can you add api for PTRACE_SETREGS and PTRACE_GETREGS into GG, So we can view register on any address.

    Watch point? (Not break point)

    And it does back trace too?

    Just find it interesting GG is implementing debugging features when Enyby was/is firmly against it for the last couple years.

  15. 1 hour ago, Linkrag said:

    I can only find health, by using auto because it's a float number with random numbers after the value. So just insert the original health take dmg and refine. But I can't find anything else from the stats.

    Fairly certain that not the right value. On the right track.

  16. 1 hour ago, saiaapiz said:


    I wish enyby would add this feature into GG, so i can avoid compatibility issue with shellcode.

    We can get dynamic pointer by viewing its register, and make cheating more advanced.

    This using that chainer script?

    I haven't tried using it yet. It gives offsets on lib file for modify register?

  17. 45 minutes ago, Un_Known said:

    Sorry bit of confusion was there


    LDR r2,[r1],r0,lsl#3 = 802191E6

    LDR R0,[R1],R2,LSL#3 = 820191E6

    just want to know what is happening in this particular example



    I'm thinking it's Thumb....  You are getting a hex result, but it's saying conversion failed. 

    The 802.... Hex

    MOVS    R1, #0x80
    B    #0xFFFFFD28

    Is moving 128 to R1


    Your 820820191E6 hex

    LSLS    R2, R0, #6
    B    #0xFFFFFD28




    16-bit instructions

    The following forms of this instruction are available in Thumb code, and are 16-bit instructions:

    LSLS Rd, Rm, #sh

    Rd and Rm must both be Lo registers. This form can only be used outside an IT block






    Logical Shift Left. This instruction is a preferred synonym for MOV instructions with shifted register operands.

  • Create New...