-
Posts
547 -
Joined
-
Last visited
-
Days Won
19
Everything posted by MC874
-
Hi @APEXggV2. If the coordinate is constant, the above solution will work. In Minecraft, player coordinate will stay in place except if the player switch into a server, realm, or dimension. If the coordinate address keep changing, then just modify the code above: function find_address() gg.searchNumber("233;5;100::9", gg.TYPE_DWORD) gg.refineNumber('233', gg.TYPE_DWORD) result = gg.getResults() gg.editAll('45000', gg.TYPE_DWORD) gg.clearResults() gg.searchNumber("1667;2;5731::9", gg.TYPE_DWORD) gg.refineNumber('1667', gg.TYPE_DWORD) results = gg.getResults() gg.editAll('2000', gg.TYPE_DWORD) gg.clearResults() return result, results end result, results = find_address() while(true) if gg.getValues({{address=result[1].address, flags=result[1].flags}}).value == '233' then result, results = find_address() gg.sleep(5000) --in milisecond (5 second) end
-
Hi @ninjavour If you're trying to update modded games, you can't expect your mods to carried over to newer version. Modded games only work for that apk only and that version only, when you update modded games, the apk will simply replaced with a new version that DOES NOT have mods. --- If you are okay with that, try to update your game from third-party website like: APKCombo
-
Hi @moh4mmed, as I said earlier: That's why you need to use RVA because it's constant. Just grab the library base address and add RVA to it (Base address + RVA) --- You're trying to hook a method, also it is void types. You can change the "int32" as desired, but you need to find some instruction based on parameter it's located. For example, if "int32" is the first parameter, you need to find register R1 and change it to your value. For example: MOV R0, R1 -> MOV R0, #1 --- So yeah, editing void method is kind of hard. You need to understand assembly first.
-
Hi @moh4mmed, RVA is Relative Virtual Address, it takes the offset from the beginning of a file / the start of lib address that exist on memory. Meanwhile VA (Virtual Address) is the method address while you're dumping the game. VA should not be used, you need to use only RVA. It seems the RVA & VA is the same. It should be different. Try redumping.
-
Hi @DoDevil, It is not 'unreadable', it's a normal function name. Decompiler tends to rename 'unknown' function from what that function corresponds to and probably most of the function name is obsecured when the library is being compiled.
-
Hi @kai_nevan, I'm LDPlayer5 user. Game Guardian works perfectly on my end. Is your Game Guardian crashing a lot? Or is there something else that happened? Atleast attach some screenshot here.
-
Hi @Exit-, you need to read on how to use adb: How to install ADB on Windows
-
Hi @harpov, you're trying to pass a string as parameter. It is kind of difficult in Game Guardian, since it can only replace existing memory. String is handled as pointer, when function asking for string types, it is asking the pointer of the string not the string itself. It is because string can consist more than one character, which there will be several hex/bytes representing each character. You might want to read this: ARM Patching I've seen that you're only trying to make it return null. First, you need to check wether the function is void or returning something. If you're intending to disable the function just do: BX LR 1E FF 2F E1 If it's void, disabling the function can crash the game. Alternatively you can pass one character to the parameter. You can try to convert character to hex: UTF8 to Hex. For example, character 'a' is '0x61' in hex. So you can do something like this: MOV R1, 0x61 61 10 A0 E3 Note that you need to adjust the 'R1' or the register according to the parameter. First parameter is usually passed into R1 register, but since it is a string, you might looking for LDR/LDRB instruction inside the function and change it with the instruction above.
-
Yeah, I forgot. It's just printing the address of metadata and libil2cpp.so. Just use Zygisk instead for easy use.
-
Hi @missmcp, that's weird. If GGIL2CPP works, then it can find it, otherwise it's not. For me it is working:
-
Hi @Saaammii, the game has some kind of protection. Please read this comment: AntiCheat
-
Hi @Collen, asking for permission to attach this apk to the thread.
-
Hi @missmcp, you can use: GGIL2CPP to find metadata registration offset. require("Il2cppApi") Il2cpp() gg.alert(tostring(Il2cpp))
-
Hi @FlashNUT, Pardon me, you need to put the APK inside your Windows (not inside your android storage). Save this command as a .bat file and game guardian apk in the same location as your adb.exe. cd/d "%~dp0" adb.exe install gameguardian.apk
-
Hi @FlashNUT, you need to indicate where you save the Game Guardian apk, for example: adb install --bypass-low-target-sdk-block /storage/emulated/0/Download/gameguardian.apk Also, you need to place your apk inside your phone, not in Windows.
-
Hi @kotako, The easiest way but probably takes long is to just simply reflash your rom (or factory reset?) or use Virtual Machine on your phone like VPhoneGaGa. I'll check the game on my freetime.
-
Hi @kotako So this problem is fixed then?
-
Hi @kotako, This is weird. VM/Emulator is sandboxed Android, it will have random id each VM/Emulator instances you created. (Yes. You don't need to reinstall the whole Emulator/VM). Every Emulator/VM supports for Multi-instance, just create a new one each time you getting banned. Your game has Emulator detection, you can simply disable it from offsets. And also, I dont recommend getting Bluestacks, it is so bloated, hard to root (you literally need to change the boot config). Here's emulator I recommend: - MuMuPlayer - LDPlayer - GTArcade - Wakuoo Send your Diamond script through DM, I will do some testing on my part using VM/Emulator.
-
Hi @kotako, it usually means that your previous banned account info still saved somewhere inside the game files. Re-downloading resources won't help as game tends to download specific resources according to your account id. Removing banned account from your device requires heavy lifting: - You need to spoof your any device information from external and internal. You can use modules and apps mentioned above, while also changing device information from offsets. Inside dump.cs look for: deviceid, devid, cpuid, playerid, accountid, oaid, imei, uuid, uniqueidentifier, etc. - Modify your account id from /data/data/your_game/sharedprefs -> save the file somewhere -> uninstall your game -> install it again (dont use the same resources for data, but you can still use the same obb) -> don't open the game first, create game folder manually: /data/data/com.your_game/sharedprefs -> put your modified file to sharedprefs. I would suggest you to just using emulator or any virtual machine, so you can reset the emulator/virtual and play with new account.
-
Hi @Rxhacker, this is great. Since 'hooking' is being mentioned, is there a chance to add feature such as: method linking, update() hooking, etc?
- 9 replies
-
- void hooking
- calling methods
-
(and 1 more)
Tagged with:
-
Hi @derbeyonder, It is not different, you're doing it incorrectly. As it's name, offset is displacement, so you need the first address where the libil2cpp is located: lib_address = gg.getRangesList('libil2cpp.so')[1].start method_address lib_address + 0x0DF91EE4 /*****************\ Try 'WZR', it is zero-point register, meaning the register value is always empty MOV W23, WZR Or try immediate value, I mean 0x0 is the same as #0 MOV W23, #0 Or you can enforce it by changing it's hex string to: hF7031F2A or h17008052 /*****************\
-
Hi @derbeyonder, Good, you're on the right track. You need to remember that method/function usually starts with 'PUSH' and ends with 'POP' or if you find another 'PUSH' it means that you're reaching another method/function. So, find any 'MOV' instruction beetween both 'PUSH', and make sure that it contains 'R3', something like this: MOV ..., R3 and change the 'R3' to '#0'
-
Been familiar with it too, but never purely try it on Android. Always need a helping hand with windows.
-
Hi @derbeyonder, No, you don't have to. Just goto that method address and look for: Find this instruction from the method: mov [r1-r10], r3 Replace it with: mov [r1-r10], #0 Since 'int price' is the 3rd parameter, it would likely that the value is saved on register r3. You can see it on Memory Viewer. If you didn't found it, the value might be on different register (from r1 to r10). Just test every single 'mov' instruction: Search any 'mov' from the method: mov [r1-r12], [r1-r10] Replace it with: mov [r1-r10], #0 If change all the mov from the method doesn't work, it is probably that the value is stored on some address and not on the register. If that's the case, look for any LDR instruction: Find these instruction at the start of the method: LDR [r1-r10], ... LDRB [r1-r10], ... and change it to: MOV [r1-r10], #0