Jump to content

MC874

Contributor
  • Posts

    522
  • Joined

  • Last visited

  • Days Won

    18

Community Answers

  1. MC874's post in How to remove unwanted list items from list was marked as the answer   
    Hi @Ardit19,
    if not false then gg.removeListItems(res) end I'm not sure what you're trying to do here. Are you checking if results are empty or you're doing some flagging here?
    --Check if results are empty: checks = gg.getResultsCount() if checks ~= nil then res = gg.getResults(checks) gg.clearResults() for i, v in ipairs(res) do v.address = v.address + 0x8 end gg.addListItems(res) end If you're doing some flagging/conditioning, you need to store it as variable so you can edit it anywhere.
    flags = false if not flags then gg.removeListItems(res) end /*******************************************\
    gg.addListItems(gg.getResults(gg.getResultsCount())) res = gg.getListItems() gg.clearResults() if not false then gg.removeListItems(res) end for i, v in ipairs(res) do v.address = v.address + 0x8 end gg.addListItems(res) It is better that you're editing the 'res' variable first before adding them to saved list using addListItems(). Otherwise, you will have duplicated items in your saved list.
    /*******************************************\
    Coming to your question. You can store them first into a temporary variable:
    temp_res = {} for i, v in ipairs(res) do if v.value == 12340000 then temp_res[#temp_res + 1] = { name = "Name 2" address = v.address value = v.value flags = v.flags } elseif v.value == 12345000 then temp_res[#temp_res + 1] = { name = "Name 3" address = v.address value = v.value flags = v.flags } elseif v.value == 12345600 then temp_res[#temp_res + 1] = { name = "Name 4" address = v.address value = v.value flags = v.flags } end end gg.addListItems(temp_res) Or you can edit remove it directly, the index will change:
    for i, v in ipairs(res) do if v.value == 12340000 then v.name = "Name 2" elseif v.value == 12345000 then v.name = "Name 3" elseif v.value == 12345600 then v.name = "Name 4" else table.remove(res, i) end end gg.addListItems(res) Edit directly without changing indexes:
    for i, v in ipairs(res) do if v.value == 12340000 then v.name = "Name 2" elseif v.value == 12345000 then v.name = "Name 3" elseif v.value == 12345600 then v.name = "Name 4" else res[i] = nil end end gg.addListItems(res) /*******************************************\
  2. MC874's post in How to view .so (Shared Object) Functions Name and Address with Offset? was marked as the answer   
    Hi @GuyLian, there's several ways to do this:
    Using dissasembler software: IDA Pro or Ghidra (Windows / Linux) Using debugging tool: Frida Toolkit Using dissasembler command line toolset: Radare2 on Termux (Android) Analyze manually from Game Guardian Memory Viewer, function often starts with: "LDR", "PUSH" or "ADRL" Let me know if you have any questions.
  3. MC874's post in GG Doesn't work in x8 Sandbox was marked as the answer   
    Hi @LITTLETIMMYWANTWIN, Looking at the logs, it has the same behavior as in other issue related to Android 12-13 SpeedHack.
    [Initialization] aarch64: x0: b4000072a025dca0, x1: 0, x2: 1, x3: 7271b4c100, x4: 0, x5: 0, x6: 0, x7: 17, x8: 80, x9: 1, x10: 1, x11: 3b8b87c0, x12: 1, x13: 3e8, x14: 7271b4bf24, x15: 1, x16: 727cbfb348, x17: 78b8dd4ca4, x18: 1, x19: b4000072a025dc90, x20: 7271b4c100, x21: b4000073a0218fc0, x22: b4000072a025dca0, x23: 1, x24: 45, x25: 0, x26: 270f, x27: 0, x28: b4000073a0218fc0, x29: 7271b4c070, x30: 727c84b7b8, sp: 7271b4c070, pc: 78b8dd4cc0, pstate: 60201000 [Execution] breakpoint: status(77f) WIFSTOPPED(1) WIFEXITED(0) WIFSIGNALED(0) WTERMSIG(127) WEXITSTATUS(7), WCOREDUMP(0) WSTOPSIG(7) aarch64: x0: 726b378060, x1: 2, x2: 1, x3: 700000000000f, x4: 0, x5: 727e48b000, x6: 0, x7: 17, x8: 80, x9: 1, x10: 1, x11: 3b8b87c0, x12: 1, x13: 3e8, x14: 7271b4bf24, x15: 1, x16: 727cbfb348, x17: 78b8dd4ca4, x18: 1, x19: 726b37802c, x20: 7271b4c100, x21: b4000073a0218fc0, x22: b4000072a025dca0, x23: 1, x24: 45, x25: 0, x26: 270f, x27: 0, x28: b4000073a0218fc0, x29: 7271b4c070, x30: 727e48b004, sp: 7271b4c070, pc: 700000000000f, pstate: 60001000 Stop, but not a breakpoint!, WIFSTOPPED(1) at 700000000000f VM_FAIL 4: -1 6ffffffffffef, 17, 14, Bad address VM_FAIL 4: -1 7000000000000, 63, 14, Bad address In short: the PC register suddenly changed from 78b8dd4cc0 to non-existent address 7000000000000. Currently, we don't have a solution to this weird behavior.

    [ Similar Thread ]
    - SpeedHack and Android 13 - SpeedHack on Galaxy S21 Android 12 - SpeedHack Diagnostics
     
  4. MC874's post in How to find color value was marked as the answer   
    Hi @DARK_DEMON_SCRIPTER, I assume you're finding for WallHacks; then you can use above comments. It's usually for Unity Engine. You can also check:
    1) Items are usually use Texture, rather than defined material each-parts. Thus you can use: Special-K. You can change the Texture in Realtime. It is for PC though, so you need to use Emulators. It is working on "Tencent Gaming Buddy" (older version of: gameloop) from the last time I've been used. 2) If the colors is shaders / using material; you can technically edit it using Special-K, however that's not applicable to physical devices. You can check for reference to "depthBiass" or "Biass" and change it's value into really high number. Might need a little help by dumping the game:
    3) Modifying a shaders for WallHack can be tiresome, as it's might depends on your GPU (Mediatek, Snapdragon, etc). Shaders are served by OpenGL in Android, thus you can find all the game shader vertex or fragments inside LibGLES. I'm not sure how to do this on Game Guardian though, probably find the Process Memory Range that are related to OpenGL and do some basic graphical change (Resolution low to max, etc). For example PUBGM WallHack using GL: RedMan 4) You can start from the basic by finding RGBA values of the Item. RGB ranges from 0 to 255 & A only 0 to 1. It can also take hexes form: Hex Color Codes. RGBA values are also Floats type.
  5. MC874's post in Game Detects GG Memory Attack - 20 was marked as the answer   
    Hi @lykomedes, try the following command in Termux, do it before you're changing the Memory. Recommended to not interact with the game Interface/UI. If you want to interact with it, detach the Game Guardian from the Game.
    for i in $(pidof com.your.game.name); do mount -o bind /proc/2/maps /proc/$i/maps; done -com.your.game.name: change with your game package name I'm still doing some research about LIAPP behaviour externally. Actually, you can remove the LIAPP by modify it internally but it won't work for any APKs since it's depends on the App Signature. Prefered to read similar thread here:
    LIAPP Alert Memory Attack  
  6. MC874's post in Doubt on lib files was marked as the answer   
    Hi @DARK_DEMON_SCRIPTER, it is different. IDA will only shows you the general function that 'found' inside the lib, segments it, pseudo-code the instruction, and graphing them based on the Jump function. The function naming and the lib structure are not properly aligned, for function naming it is usually need some manual de-obfuscation or string-xoring. That's why the function naming will looks like as loc-[numbers], random. You might want to read this: Decrypt Strings
  7. MC874's post in The game sees GG, how to hide the app? was marked as the answer   
    Hi @Marks01,  I've conducted experiment and it seems to hide GG completely. Here's what you need to do:

    [ Resources ]
    - Magisk or  Magisk Terminal for Android Emulator. - Shamiko Magisk Module - LSPosed Framework (Use Zygisk Variant) - HideMyApplist for SudoHide Alternative. [ Practice ]
    - First Install Magisk [below demonstration are performed on LDPlayer Emulator using Magisk Terminal] - Install Shamiko & LSPosed Module on Magisk App - Navigate into /data/adb/manager.apk and Install it - Install Game Guardian (If haven't) and setup: 1) Hide Guardian from the Game: check all of them or experiment it Yourself, 2) PTrace Potrection: set to Freeze. - Now reboot Your device. - Inside LSPosed App, enable HideMyApplist module and then delete LSPosed App after doing so. - Reboot again - On HideMyApplist, select Template > Blacklist > Invisible > (Select GG and Any App that You want to Hide). - Go back and select Applied > Hidea Game (Or Any LIAPP Game) - Go back again and add a name for Your template. - Just go back to Main Menu (It will Automaticly save the Template) - Done. Go ahead enjoy the game. [ Note ]
    - If this helps, consider to mark this post as a Solution. If not, You can mention me @MC_ on this thread. - If Speedhack doesn't work, it because of 'Hide Guardian from the Game'. You can experiment it yourself by unchecking some level (1-4) and see if it works. - Make sure to keep follow the Reboot step, it's intended to Apply the changes. [ Visual Demo ]
    Magisk on LDPlayer: 
    LIAPP Alert Bypass (Hide Mode)
  8. MC874's post in custom lib was marked as the answer   
    Hi! It's possible, haven't you tried this list of tools? 
    - Memory-Dumper - MemDumper - MemDumper APK Try the APK one first, it's should be work accross libs. To run others, you need Termux. Make sure to run the commands using elevated Root permissions:
     
  9. MC874's post in How to find wall hack in any type of dumped lib file? was marked as the answer   
    I would say: Yes and No, most Wallhack involves GLes lib (OpenGL), it act as Shaders. On Lib Dumps, you can search for "vertex", "renderer", "buffer", "shader", "alpha" on Player properties. Or you can play around with Floats, since vertex are mostly stored in Floats.
    EDIT1: Maybe you can refer to this topic: Wallhack for Most Games
  10. MC874's post in How to find Anti BAN? was marked as the answer   
    Hi! Security System will vary each game. In general, there's 2 type of approach to do this:
    1) Directly eliminate the Ban itself 2) Hide your Memory Hack/Cheats. # Ban Value
    1) You can start to prevent the ban from received to your game session by simply disabling send & recv function inside your game library. To find it; you need to decompile the game library using a decompiler. For Android, you might want try this: Android Dissasembler, Highly suggest to use IDA Pro or Ghidra if you have some Windows device. It might effective but for heavy/popular games such as PUBG, it wouldn't work and require extra patch inside the game library.  You can find the game library inside the game APK by opening it using ZArchiver and others, or you can check the game directory:
      /data/app/[com.Game.Package.Name]/lib/ After you have found the function, you take it's  Array of Bytes and find it using GG Hex:
     
    h00 01 02 03 04 05 # Sample Value, "h" must exist to represent Hex string. *I suggest to use Arm 32-bit Architecture of the game so you can follow for patches i use, otherwise you need to adjust it yourself.
    Next, we going to patch the target function with some Arm Instruction:
     
    1E FF 2F E1 #BX LR, Represent End of Function OR 00 00 A0 E3 # mov r0, #0 2) Using IPTables and filter the ban values from Game Packets. First, you need to setup some Network Traffic Monitor and save the game traffic into .pcap for later use. Highly suggest to use WireShark on Windows, or you can install TShark inside Termux with Root / SU Previlege:
      apt install tsu apt install tshark sudo tshark <Your Command Here> # TShark = WireShark but Cli # Read Wireshark documentation about TShark command and uses. *Before further explanation, note that: this require dummy account and needs to receive BAN while capturing the Game Packets.
    If you have NON-Rooted Device, you can try to use: PCAPDroid or HTTP Canary. I'm afraid that it would not capture the traffic properly as you need to get the UDP layer traffic instead of TCP. After getting the PCAP File, you need to find Array of Bytes pattern from UDP Traffic, and use IPTables to reject the connection if it's using that specific pattern. You might get Trial and Error but you need to keep trying:
     
    iptables -A INPUT --match string --algo bm --hex-string '|[AoB Pattern]|' -j DROP iptables -A OUTPUT --match string --algo bm --hex-string '|00 3D|' -j DROP In the end, there's many work-around to get "Anti-Ban". I'm trying to stick with the Topic; so I'm not gonna mention on how to Hide Memory Cheats. If you're interested, you can create a new Thread/Post. Anti-Ban is very difficult to find because of many factors that involve with it. It could be your Patched Hack, Your Gameplay Statistics, Your Gameplay behaviour / pattern, etc.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.