-
Posts
538 -
Joined
-
Last visited
-
Days Won
19
Content Type
Profiles
Forums
Downloads
Gallery
Everything posted by MC874
-
Hi @DimoNULL, you need to get the libil2cpp.so address first, then do calculate offset by simply adding the RVA address of the function. Here's what it looks like using the script: so = gg.getRangesList('libanogs.so')[1].start gg.alert(tostring(so + "0x129fc4")) -- "0x129fc4" is your function address -- The function will be located at libil2cpp.so + function address.
-
Hi @harpov, you're trying to pass a string as parameter. It is kind of difficult in Game Guardian, since it can only replace existing memory. String is handled as pointer, when function asking for string types, it is asking the pointer of the string not the string itself. It is because string can consist more than one character, which there will be several hex/bytes representing each character. You might want to read this: ARM Patching I've seen that you're only trying to make it return null. First, you need to check wether the function is void or returning something. If you're intending to disable the function just do: BX LR 1E FF 2F E1 If it's void, disabling the function can crash the game. Alternatively you can pass one character to the parameter. You can try to convert character to hex: UTF8 to Hex. For example, character 'a' is '0x61' in hex. So you can do something like this: MOV R1, 0x61 61 10 A0 E3 Note that you need to adjust the 'R1' or the register according to the parameter. First parameter is usually passed into R1 register, but since it is a string, you might looking for LDR/LDRB instruction inside the function and change it with the instruction above.
-
Hi @kashM, go to appropiate section of the forum, for example: HELP Section. Then simply click on "Ask a question" button:
-
Yeah, I forgot. It's just printing the address of metadata and libil2cpp.so. Just use Zygisk instead for easy use.
-
Hi @missmcp, that's weird. If GGIL2CPP works, then it can find it, otherwise it's not. For me it is working:
-
Hi @Kest, Metadata doesnt matter. It uses Zygisk to dump from runtime. It is working thanks. dump.cs
-
Hi @Kest, try to use: Zygisk-Il2CppDumper, it's Magisk module: zygisk-il2cppdumper.zip
-
Hi @kotako, might tag admin as well @Collen- @NoFear.
-
Serving my warmth welcome @kashM, glad you're joining us.
-
Hi @Saaammii, the game has some kind of protection. Please read this comment: AntiCheat
-
Hi @eliottalderson, it is depends on how the game/app implements emulator detection. Some through java classes and some through compiled library. My approach is to use: frida for java classes and do reverse engineering using: IDA Pro or Ghidra for compiled library. So for LIAPP use frida instead. Yes. Developers can name the 'emulator detection' whatever they want, also the approach can be different. So different app, different approach, unless they are under the same system with the same version (ex: tersafe/anog, liapp, etc) You're in the right category, don't worry. Welp, I've seen some videos that it is possible to disable LIAPP from being launched through smali. However, decompiling the APK requires you to disable the APK Signature first for most game/app which is a different kind of story. You're on the right track, keep tracing the game and you're a reverse engineer!
-
Importing mod menu to a newer version of the apk
MC874 replied to serdarag's topic in Non-GameGuardian
Hi @serdarag, it is certainly possible to update mod menu values to newer version but not in a way that you moved the mod menu to new version. So, you can run the modded apk first -> activate mod menu cheats -> dumps the game library -> find differences between dumped library and the original library -> mark the differences -> reverse the library and find the address that's already marked -> reverse the new version library and find the same location, you can judge it by code structure, pointer or etc -> then you can create your own Game Guardian script.- 1 reply
-
- Forward Assault
- Mod Menu
-
(and 1 more)
Tagged with:
-
Hi @Collen, asking for permission to attach this apk to the thread.
-
Hi @missmcp, you can use: GGIL2CPP to find metadata registration offset. require("Il2cppApi") Il2cpp() gg.alert(tostring(Il2cpp))
-
Hi @FlashNUT, Pardon me, you need to put the APK inside your Windows (not inside your android storage). Save this command as a .bat file and game guardian apk in the same location as your adb.exe. cd/d "%~dp0" adb.exe install gameguardian.apk
-
Hi @FlashNUT, you need to indicate where you save the Game Guardian apk, for example: adb install --bypass-low-target-sdk-block /storage/emulated/0/Download/gameguardian.apk Also, you need to place your apk inside your phone, not in Windows.
-
Hi @ninjavour, Judging from this, it is Windows Tekken, meaning there's no Emulation involved. It is likely to be downloaded from Steam (or elsewhere) but the point is, it is Native Windows OS game. From this value, you can tell that it is boolean (true/false). Probably the game has some kind of check wether the main player is bot or actual player: meaning that the main player can be played both ways.
-
Hi @nigaer, Sure, what do you want to apply? Fields or Methods? Before continuing, better to look up: GGIL2CPP
-
Hi @nigaer Game Guardian can't create custom UI like LGL did. It was utilizing existing GG API, you can use something like: gg.prompt(), gg.multiChoice(), gg.choice(), etc. I don't exactly get what you mean. Do you have difficulties in writing a lua script? Or finding the correct offsets?
-
Hi @kotako, The easiest way but probably takes long is to just simply reflash your rom (or factory reset?) or use Virtual Machine on your phone like VPhoneGaGa. I'll check the game on my freetime.
-
Hi @Gayesh01, are you trying to get in-game assets? (Animation/Video/Texture,etc)
-
Hi @kotako So this problem is fixed then?
-
Hi @kotako, This is weird. VM/Emulator is sandboxed Android, it will have random id each VM/Emulator instances you created. (Yes. You don't need to reinstall the whole Emulator/VM). Every Emulator/VM supports for Multi-instance, just create a new one each time you getting banned. Your game has Emulator detection, you can simply disable it from offsets. And also, I dont recommend getting Bluestacks, it is so bloated, hard to root (you literally need to change the boot config). Here's emulator I recommend: - MuMuPlayer - LDPlayer - GTArcade - Wakuoo Send your Diamond script through DM, I will do some testing on my part using VM/Emulator.
-
Hi @kotako, it usually means that your previous banned account info still saved somewhere inside the game files. Re-downloading resources won't help as game tends to download specific resources according to your account id. Removing banned account from your device requires heavy lifting: - You need to spoof your any device information from external and internal. You can use modules and apps mentioned above, while also changing device information from offsets. Inside dump.cs look for: deviceid, devid, cpuid, playerid, accountid, oaid, imei, uuid, uniqueidentifier, etc. - Modify your account id from /data/data/your_game/sharedprefs -> save the file somewhere -> uninstall your game -> install it again (dont use the same resources for data, but you can still use the same obb) -> don't open the game first, create game folder manually: /data/data/com.your_game/sharedprefs -> put your modified file to sharedprefs. I would suggest you to just using emulator or any virtual machine, so you can reset the emulator/virtual and play with new account.
-
Hi @Rxhacker, this is great. Since 'hooking' is being mentioned, is there a chance to add feature such as: method linking, update() hooking, etc?
- 1 reply
-
- void hooking
- calling methods
-
(and 1 more)
Tagged with: