Jump to content

MainC

Contributor
  • Posts

    182
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by MainC

  1. Hi! I can't really gives an 'Ultimate' reference but I will talk about common ways that used in Hex-patching. First of All, I don't really understand your (@Phalice) points about: Programming Languages (C,C#,C++,Python) exist to Avoids using Machine Codes. Also it's more readable and more easier than reading low-level Machine language. In General, any codes you type in any languages will eventually interpreted into machine readable (not human readable) called Assembly Language. Every Programming languages has it's own Intrepreter to convert your code into Assembly; as it's really a low-level language that you shouldn't necessarily understand. It breaks the use of Programming Languages. *Do note that: Arm is Architecture type and not a language. Hex is just a Data representation; the same type as Floats, Dword, Qword, etc Boolean Since Bool only takes 2 condition (False/True) then the value is fixated as 0-1. Bool in Assembly reserved as value, so it will be similar in assembly if a function takes multiple condition. # Bool 0 = False 1 = True # Multiple Condition: Based on returned values 0 = Random 1 = Enabled 2 = Disabled # Example: Instruction: mov r0, #Your Values Hex: 01 00 A0 E3 Thumb: 4F F0 01 00 NOPs It's an Instruction to: Not doing anything. It will ignore and continues to next instruction. It's so easy that you can just put bunch of 00 to produce it. Instruction: mov r0, r0 Hex : 00 00 Large - Small Values Since Arm has a limitation being in 8bits wide value (0x12345678), I just suggest to use Floats instead. Largest/Smallest values can be achieved by this: # Double Mov mov r0, #0xYour-Values mov r0, #Your-Values # Using LDR ldr r0, =Your-Values In the end, it's more complex than you think. I would rather just learn programming languages and let the intrepreter do the job. But if you insist in learning this; I'm not holding you (I also still learning Assembly), so I recommend to read this with a cup of coffee: References - Simple Cheat-Sheet - Intermediate Cheat-Sheet - Hex Patching
  2. MainC

    Reset all changes

    Your script working fine but the problem is on search value. The script unable to find result at Index 1 according to this: Are you really sure you got the correct one? Values can be dynamic or based on Game Session.
  3. MainC

    Reset all changes

    Hi! The problem is on .value1 while it's should be just .value; it's hardcoded function not a variable. Change it to this: your_values2[1].value = 5000 your_values2[6].value = 5000 your_values2[9].value = 5000
  4. Hi! There's several ways to hide Game Guardian from being detected by the game, you might try these: 1) Use Sudo Hide, this require a framework to be installed in your Phones. You can either install Taichi Framework or XPosed Framework or or for newer Android; you can use Magisk LSPosed Framework. To use it; select your game inside SudoHide and select GG. This will hide GG from the game. 2) Use XPrivacyLua; this once again requires a Framework. You can choose prefered framework at #1. Inside the app, find the your game and uncheck any 'GET ...' permission. 3) Use Android Virtual Machine, such as X8 Sandbox, VMos Pro, or F1 VM. Run the game inside the Virtual Machine and install Game Guardian on your phone (Outside VM/ Not inside VM). Answers above is intended for Offline Games; The game Cookie Run seems to be Online Multiplayer since it has Guest account? I'm not sure, I haven't tried the game yet. But you can always try above first and see if it's working. If it's not; then you can try this: Packet Capture 1) Use PCAPDroid or HTTP Canary to monitor your internet traffic. You can set the capture to only your game. 2) Launch the game, until the message is appeared. 3) Stop the PCAP Capture, and check the latest internet logs. 4) Click on the target log and select "block". This will block that connection from accessing your game; It might responsible from server-side checking. IPTables: 1) If somehow using the above method causes some un-intended effect; you can use IPTables for more dynamic blocks. You can check my repo here: IPTables if your Android don't have any IPTables Installed. 1.1) To Install it, you need Root/SuperSu. Now place both files (IPTables & IP6Tables) into /system/bin with 777 Permissions. 2) Next, to use IPTables command; you need Terminal Emulator or Termux. Inside the terminal put this command: su iptables -A INPUT -p udp --dport [Port] -j DROP iptables -A OUTPUT -p udp --dport [Port] -j DROP # Check the Connection [Port] from your Packet Capture The reason Why using Packet Capture Blocking can cause Weird Effect is because it's on TCP Layer. So you need to block it via UDP Layer using IPTables. Similar Thread: - Survivor.io Detected - Deadly Sins Grand Cross Error Code 2
  5. Hi! Since it could be Android 12 that's causing this; haven't you tried Android Virtual Machine? It can launch Android 10 inside Android 12, you can look-up this: x8 Sandbox. Or if you want just a Speedhack; you can use x8 Speeder
  6. Hi! There's also similar issue where Game Guardian being detected by other game. You may look-up this Thread: Survivor.io Detected, I've posted several ways to Hide Game Guardian from a Game in that Thread; Including Online Games.
  7. MainC

    Huuuge casino

    Hi! There's a same question and a same effect as you have, check this: Charms. The reason it "doesn't get stuck" is because it's only a visual value; meaning it's not the real number of charms. Currently, there's no answers yet but it's safe to assume that Casino games are mostly save their progress on the server, so it might hard to do. Other experienced member may help you with this.
  8. If that's the case, then you need to block specififc/all internet connection that through your game. You can achieve this via several ways: Packet Capture 1) Use PCAPDroid or HTTP Canary to monitor your internet traffic. You can set the capture to only your game. 2) Launch the game, until the message is appeared. 3) Stop the PCAP Capture, and check the latest internet logs. 4) Click on the target log and select "block". This will block that connection from accessing your game; It might responsible from server-side checking. IPTables: 1) If somehow using the above method causes some un-intended effect; you can use IPTables for more dynamic blocks. You can check my repo here: IPTables if your Android don't have any IPTables Installed. 1.1) To Install it, you need Root/SuperSu. Now place both files (IPTables & IP6Tables) into /system/bin with 777 Permissions. 2) Next, to use IPTables command; you need Terminal Emulator or Termux. Inside the terminal put this command: su iptables -A INPUT -p udp --dport [Port] -j DROP iptables -A OUTPUT -p udp --dport [Port] -j DROP # Check the Connection [Port] from your Packet Capture The reason Why using Packet Capture Blocking can cause Weird Effect is because it's on TCP Layer. So you need to block it via UDP Layer using IPTables.
  9. MainC

    dump lib

    Hi! There's some attempt for this but i haven't tried it myself. Maybe look-up on Runtime Libil2cpp dumper such as this: Auto Il2cppDumper or use Magisk Zygisk Dumper: Zygisk Il2CppDumper, they are relatively new; might work with the latest one. It might only works on low-level games, so the idea to dump lib without metadata in most games is hard/impossible.
  10. Hi! There's several ways to hide Game Guardian from being detected by the game, you might try these: 1) Use Sudo Hide, this require a framework to be installed in your Phones. You can either install Taichi Framework or XPosed Framework or EDXposed Framework or for newer Android; you can use Magisk LSPosed Framework.To use it; select your game inside SudoHide and select GG. This will hide GG from the game. 2) Use XPrivacyLua; this once again requires a Framework. You can choose prefered framework at #1. Inside the app, find the your game and uncheck any 'GET ...' permission. 3) Use Android Virtual Machine, such as X8Sandbox, VMos Pro, or F1 VM. Run the game inside the Virtual Machine and install Game Guardian on your phone (Outside VM/ Not inside VM). 4) Reinstall Game Guardian, you might want to try this first. Game Guardian name should be randomized by default (com.xajssdasd.xadasd) not as GGuardian86X. This yet again, could be caused by GG cannot complete hiding itself or there's double GG Installation.
  11. Hi! It looks like the game has kind of protection? Did this happen instantly or when you're changing some values? I assume it's somehow detect some hooker apps, here's what you can do: 1) If you're on an Emulator, why not using Cheat Engine? This will avoid app/hook detection of the game. (Recommended) 2) If the game uses some package blacklisting; you might try SudoHide but make sure to have LSPosed / XPosed framework to be installed. In summary, this could happen because of several things: 1) The game has Emulator Detection and it forbids you to play the game in Emulation 2) The game detects Game Guardian Installation 3) The game has hooker detection; meaning it will trigger that screen when you attaching GG into the game 4) The game has memory detection; it will shows the screen when you're changing some values. You can add more description to your post; if it's related to any one of these.
  12. MainC

    Blackbox support

    Hi! Blackbox is abandoned due to copyright #121. Atleast we should waiting for @Enybyfor blackbox gg optimized. In the meantime, you can use Android Virtual Machine to replace blackbox: VMos Pro or VPhoneGaGa
  13. Hi! there's several ways that indicate this: 1) Check if the game communicating with game server oftenly; even when not scrolling through in-game marketplace/items. You can use PCAPDroid or HTTPCanary to check your game connection. 2) The game use Online Account / GPlay account, etc 3) When you're changing some values, the game will revert it by sending some connection; check it on PCAP. For websocket connection, find the game connection that sill "Open". This could be the case but not always indicate the values being stored on server. Here's why: 1) It's not a real value, meaning that is only visual and being updated based on real values. You should find the right one by finding what address that changing the visual, it may lead to the real one. 2) The game has memory changes detection, it means you need to disable the address that access your values to make it stay unchange. See common hex patching here: Hex Patching 3) The game is client sided but the server forcing previous saved values; you can just simply block the connection that causing this on PCAP. Actually, server sided games can still be hacked but just need some different workaround instead of directly changing the values: 1) If you want to increase the game money to buy some item, you can just hack the item instead. Change the price into 0 or Free state, each game may different, it can depends purely on currency or game state. For example: "free": false is a state of item that aren't free or you can change the price itself ("currency": 1234) something like that. 2) You can do connection swap; using a network engineering using Postman, you can try to get a free item. When click on claim, change the Item ID on the game connection with Paid item, you will get paid item for free by manipulating this. 3) If the game is related to Google Play accounts, you might check this post: Hacking Rare Currencies
  14. Hi! You can use template script for offset patching from here: Il2Cpp Hex Patch via GG function libBase(lib, offset,hex) gg.setVisible(false) local targetAddr = 0 local hexStrCount = #hex:gsub(" ", "") if hexStrCount%2~=0 then return print("Check your hex again. Something wrong there") end local hexCount = hexStrCount/2 for i, v in ipairs(gg.getRangesList(lib)) do if v.type:sub(3,3) == "x" then targetAddr=v.start+offset break end end local editHex = {} for i=1, hexCount do editHex[i] = {address=targetAddr+(i-1), flags=gg.TYPE_BYTE} end gg.loadResults(editHex) gg.getResults(hexCount) local edit = "h"..hex gg.editAll(edit,1) gg.clearResults() end --[[Use it as a code eg libBase("libil2cpp.so",0x46992E0,"D6 5F 03 C0") ]] *The script are derived from @DARK_DEMON_SCRIPTER with little adjustment to suits your goal. It's an array of bytes/hex string of D6 5F 03 C0, Is this what you means by dword? or do you wan't to change that hex into dword?
  15. MainC

    hook some class

    Hi! You can't create custom hooks using Game Guardian. Infact; Hooking is do-it manually by creating a custom wrapper that's do read/write. You can use public Hook Driver, this will save you time instead of starting from scratch. You may lookup on C++ Pointer, atleast this is mostly used on Mod Menu. Anyway, you can go into general Modding Forum, they should atleast have a source about it. Most source usually in C-lang, so probably; you need to learn another language instead of Lua.
  16. Hi! Instead of waiting for updates; you can try the Alternative: LSPosed, it's XPosed Framework but using Magisk and it's updated regularly. I think it's should work with Android 12 with ease but the advantage is: You need to replace your SuperSu and Migrate to MagiskSu, it's recommended that you're doing it on Virtual Andorid: VPhoneGaGa. There's many tutorials available online, but if you're confused; you can always ask me for installation tutorial.
  17. MainC

    Bypass emulator PC?

    Hi! Apex legend emulator bypass is similar to PUBG Mobile; they also relies on new libAnogs. There's a 2 way to do it: 1) Look up on the game directory at /data/user/0/com.ea.gp.apexlegendsmobilefps/files/ano_tmp and set the permission to 000, including the group permission. You can use this using Mixplorer with root settings. Also set the folder itself: /data/user/0/com.ea.gp.apexlegendsmobilefps/ into 555 permission as recursive; this will make it as Read-only and trying to prevent the game to Write something. 2) Changing the value of offset libanogs.so+0x3726A into something 00 or 10, kinda forgot. Do note: It requires AntiBan obviously as the game also has Memory Detection for this.
  18. Hi! I'm trying to answer as easy as possible, hopefully it's also easy to understand. Starts off the first one; Memory range is 'How long the Memory'. First of all, Memory is consist of many addresses. In that memory, there's App data that currently processed/used by the app. To understand memory range, let's take a real-life example: there's a library, it has many rack of books. - Cooking books are served in the last 8-9 rack - Utensils are in the first - 3 row and - Novels is on upstairs. From this; you can get the idea on how the memory works: - 8-9 rack are location range of Cooking books - Utensils are stored in 1-3 row range, and - Novels is on upstairs (It's related to offset, we going to talk about it next) Libs is a Library; it contains saved data that app will use to run. There's a memory-range with various data related to players, weapon, etc. It's the same as a Book Library we talked about earlier, it contains many rack of books for people to read. There's a range place of cooking books, novels and etc. It's the name of Unity Games Library. Unity is a game engine; that people use to make games. So, if a game is made from Unity; it has many chance from being similar from another unity game. Each game engine has it's own unique library name and data-structure; in Unreal Engine 4, the lib naming is LibUE4.so. You shouldn't be worry about this, it's just a naming; the same as a product brand. So.. Offsets.. It's a displacement or an instructional form to get into your destination. In Memory; There's address. It's the same to regular address in real-life. Taking an example from earlier; Rack 8 and Rack 9 is address for Cooking books; Row 1, 2, and 3 is address for Utensils. The different is: Memory Address is written like this: 01234567 in Hex form. For clarity; Hex can also be written like this - 01 23 45 67 - 0x01234567 - 0x01 0x23 0x45 0x67 Alright, let's dive into Offsets. Offset is how to get into your address, in instructional form. Again, we going to use the same example: Let's say you're on a library and you want to read a cooking book. So the offset to cooking book is: - From the entrance, walk straight to the end - Turn right into rack 8 Now, in Memory; again let's say that you want to get into 12345678 address, the offsets would be: - From base/first address 00 00 00 00 - Add 12 34 56 78 (00000000 + 12345678 = 12345678) Let's do another example: if you're on Address 00 A0 and want to reach 01 50; you can do (00 A0 + 00 B0 = 01 50). If you're confused with hexing, you can experiment with: Hex Calculator
  19. Hi! this have been talked about on this forum, many of them infact. Virtual Space/App Cloner apps are very limited. The first suggestion is to use Android VM such as: X8Sandbox, F1 VM, VMos Pro or Twoyi. You can find it on Youtube, there's many of them that provides Modded VM that offers Free VIP Feature, etc.
  20. @HorridModz Provides a Nice detailed explanation. Hex patching is rather easy as it's only a form of data that simply overwrited / added, the important thing is: to understand the assembly itself. Probably I'll provide a little more coverage about the topic. [ Usage ] - Replacement: You can only replace hex at fixed length. The hex length is depends on Data types that you're dealing with, it could be a Set / Subset Instruction. In general it can take 2-4 bytes, make sure to read the instruction as a string not in hex form. More simple coverage on the next section. - Addition: This used when doing references such as memory allocation. To manually add a custom instruction; you need to write it in empty/unread memory region (the indication is: it's filled with 00) and then reference the game function to your allocated memory. It's the general idea, you shouldn't be worry about it; most tools already provide this feature. Why no substraction? You can't remove a function even after proper patching and 'disabling' any reference to that function, directly or memorily. It leads to data corrupt/crashing; so it's uncommon. You can use this to cut fake data (such as malware app that filled with 00 to make a large size) because "they" only add additional hex at the end. There's more reason to this. [ Data Types ] - Function/Instructional data takes 4 length; mov r0, r0 #00 00 A0 E1 bx lr #1E FF 2F E1 - Inner Function/Subset Instruction takes 2-4 length. It's called as thumb and can be found on 32-bit architecture. mov r0, r0 #00 46 bx lr #70 47 [ Patching ] - Lazy Patch: You can 'remove' instruction without removal, simply fills with 00. This off course wouldn't work if the app have high security but the benefit is: You don't need to understand Assembly. - Proper Patch: You can just memorize this common patch and applies it anywhere; it's simple and not a time consuming. Well, for more instruction patches; you need to learn assembly. Learn returning values and Jump instruction (BL/JMP) patches would mostly help. [Patch 1] Instruction: mov r0, r0 Arm Encoded: 00 00 A0 E1 Thumb Encoded: 00 46 [Patch 2]: Usually a boolean/takes value Instruction: mov r0, #0 Arm Encoded: 00 00 A0 E3 Thumb Encoded: 4F F0 00 00 [End Patch]: Indicate closing, put after patches Instruction: bx lr Arm Encoded: 1E FF 2F E1 Thumb Encoded: 70 47 [ Misc ] - 00 is equal to 1 Hex - Hex can present in 00 or 0x00 - Thumb can be found on 32-Bit Architecture (x86, Armeabi / Armv7 / Arm32 ) - Thumb can also takes 4 length; the same length as Arm encoded - To differentiate Thumb and Arm encoding; 1) Copy the instruction hex, 2) Compare hex and instruction, including after and before offset
  21. Hi! In case of hiding it from HttpCanary, I'm afraid that you need 3rd-party tools to do that. You can't hide/mask connection using Game Guardian, it can only send http request directly; as you defined on the script. If you wan't to know how to hide your pastebin link from Packet Capture like HTTPCanary/Wireshark, you can ask me but it requires extra step and effort. As for encryption; you can use this SelGG. Even it's public, should be enough to encrypt your script. You're still on the right direction if you want to make an online based script.
  22. Hi! you can just ignore the message, is the speedhack still work for you? Alternatively you can use: x8speeder if you want only speedhack. It would be good if you also mention the game name / game link and what kind of speedhack that you want.
  23. Hi! If that's the case; i think you should try LSPosed instead. It's a Magisk module, equivalent of SuperSu/Root. You can install it using Android Virtual Machine: VPhoneGaGa, it's should've more stable than using Parallel Space.
  24. MainC

    I need help

    Hi! By means "Alternative" ; have you also tried Android Virtual Machine such as F1VM, X8SandBox, or VPhoneGaGa? Using App Cloner (Parallel Space) alternative is obsolete in my opinion. Also; it's good to mention what Android Version you're running, newer one has incompability in term of most Apps.
  25. MainC

    Android version

    The continuation of this; yes, it can be done through DNS Server but alternatively, you can just use AdGuard DNS: It has inbuilt ad-list and even can import one, this can avoid to setup wordlist manually, Altho; the queries are limited to 300K Requests, should've use DNS List from SimpleDNSCrypt. To use Both DNS, just simply put the address into DNS setting. Alternatively, you can use MyAndroidToolsPro and disable Ad-mob services from the app, altho; you need root for this.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.