MC874

Hi @HorridModz, Thank you, I'm new to keystone, so reading your tool help me to understand it. Although the wordpress seems private.

Hi @HorridModz, Yeah, I noticed that every instruction containing defined 0x is being replaced. Well it works in the end by limiting the address range.

@HorridModz, Definitely, it's getting quite a hassle to manually reversing through IDA. It would help me (And probably others) to make the process faster.

[ @HorridModz ] Not really, I always uses x86 and x64 as Emulator users (Yes, the Emulator can also run Arms) and also it's because the least I'm familiar with. When making mod menu, I always thought to include All Architecture support, so intel chipset device can also uses it. I think it would be best if you include search-pattern that the tool use in the documentation, is it debug symbol, pointer or etc? Because I always find it difficult when finding function between Arm and x86/x64.

Hi @HorridModz, this is impressive. Does this work outside IL2CPP? Also with x86 / x64 architecture? (Not Arm)

Hi @Exit-, you need to read on how to use adb: How to install ADB on Windows

Yeah, I forgot. It's just printing the address of metadata and libil2cpp.so. Just use Zygisk instead for easy use.

Hi @missmcp, that's weird. If GGIL2CPP works, then it can find it, otherwise it's not. For me it is working:

Hi @Saaammii, the game has some kind of protection. Please read this comment: AntiCheat

Hi @Collen, asking for permission to attach this apk to the thread.

Hi @missmcp, you can use: GGIL2CPP to find metadata registration offset. require("Il2cppApi") Il2cpp() gg.alert(tostring(Il2cpp))

Hi @FlashNUT, Pardon me, you need to put the APK inside your Windows (not inside your android storage). Save this command as a .bat file and game guardian apk in the same location as your adb.exe. cd/d "%~dp0" adb.exe install gameguardian.apk

Hi @FlashNUT, you need to indicate where you save the Game Guardian apk, for example: adb install --bypass-low-target-sdk-block /storage/emulated/0/Download/gameguardian.apk Also, you need to place your apk inside your phone, not in Windows.

Hi @kotako, The easiest way but probably takes long is to just simply reflash your rom (or factory reset?) or use Virtual Machine on your phone like VPhoneGaGa. I'll check the game on my freetime.

Hi @kotako So this problem is fixed then?

Hi @kotako, This is weird. VM/Emulator is sandboxed Android, it will have random id each VM/Emulator instances you created. (Yes. You don't need to reinstall the whole Emulator/VM). Every Emulator/VM supports for Multi-instance, just create a new one each time you getting banned. Your game has Emulator detection, you can simply disable it from offsets. And also, I dont recommend getting Bluestacks, it is so bloated, hard to root (you literally need to change the boot config). Here's emulator I recommend: - MuMuPlayer - LDPlayer - GTArcade - Wakuoo Send your Diamond script through DM, I will do some testing on my part using VM/Emulator.

Hi @kotako, it usually means that your previous banned account info still saved somewhere inside the game files. Re-downloading resources won't help as game tends to download specific resources according to your account id. Removing banned account from your device requires heavy lifting: - You need to spoof your any device information from external and internal. You can use modules and apps mentioned above, while also changing device information from offsets. Inside dump.cs look for: deviceid, devid, cpuid, playerid, accountid, oaid, imei, uuid, uniqueidentifier, etc. - Modify your account id from /data/data/your_game/sharedprefs -> save the file somewhere -> uninstall your game -> install it again (dont use the same resources for data, but you can still use the same obb) -> don't open the game first, create game folder manually: /data/data/com.your_game/sharedprefs -> put your modified file to sharedprefs. I would suggest you to just using emulator or any virtual machine, so you can reset the emulator/virtual and play with new account.

Hi @Rxhacker, this is great. Since 'hooking' is being mentioned, is there a chance to add feature such as: method linking, update() hooking, etc?

Hi @derbeyonder, It is not different, you're doing it incorrectly. As it's name, offset is displacement, so you need the first address where the libil2cpp is located: lib_address = gg.getRangesList('libil2cpp.so')[1].start method_address lib_address + 0x0DF91EE4 /*****************\ Try 'WZR', it is zero-point register, meaning the register value is always empty MOV W23, WZR Or try immediate value, I mean 0x0 is the same as #0 MOV W23, #0 Or you can enforce it by changing it's hex string to: hF7031F2A or h17008052 /*****************\

Hi @derbeyonder, Good, you're on the right track. You need to remember that method/function usually starts with 'PUSH' and ends with 'POP' or if you find another 'PUSH' it means that you're reaching another method/function. So, find any 'MOV' instruction beetween both 'PUSH', and make sure that it contains 'R3', something like this: MOV ..., R3 and change the 'R3' to '#0'

Been familiar with it too, but never purely try it on Android. Always need a helping hand with windows.

Hi @derbeyonder, No, you don't have to. Just goto that method address and look for: Find this instruction from the method: mov [r1-r10], r3 Replace it with: mov [r1-r10], #0 Since 'int price' is the 3rd parameter, it would likely that the value is saved on register r3. You can see it on Memory Viewer. If you didn't found it, the value might be on different register (from r1 to r10). Just test every single 'mov' instruction: Search any 'mov' from the method: mov [r1-r12], [r1-r10] Replace it with: mov [r1-r10], #0 If change all the mov from the method doesn't work, it is probably that the value is stored on some address and not on the register. If that's the case, look for any LDR instruction: Find these instruction at the start of the method: LDR [r1-r10], ... LDRB [r1-r10], ... and change it to: MOV [r1-r10], #0

Hi @Fujimkad, I wouldn't recommend doing debugging on Android, as there's no apps that have a full feature for debugging, but you can still do it: - Game Guardian: itself can be used as a debugging tool but if you know what you're doing. - radare2: You can try to install radare2 on your Termux. It can read most of the function from a library, so it is still kinda useful. - ADA: Or you can do conventional dissasembling using Android Disassembler. So as far as I know, there's no advanced way of doing debugging on Android except with the help of computers.

Hi @Error-404, using virtual apps is not recommended. I have provided list of virtual machine below that you can use it as replacement to virtual apps. I suggest using VPhoneGaGa.