Jump to content

MC874

Contributor
  • Posts

    539
  • Joined

  • Last visited

  • Days Won

    19

Posts posted by MC874

  1. Hi @DimoNULL, you need to get the libil2cpp.so address first, then do calculate offset by simply adding the RVA address of the function. Here's what it looks like using the script:

    so = gg.getRangesList('libanogs.so')[1].start
    gg.alert(tostring(so + "0x129fc4"))
    
    -- "0x129fc4" is your function address
    -- The function will be located at libil2cpp.so + function address.

     

  2. Hi @harpov, you're trying to pass a string as parameter. It is kind of difficult in Game Guardian, since it can only replace existing memory. String is handled as pointer, when function asking for string types, it is asking the pointer of the string not the string itself. It is because string can consist more than one character, which there will be several hex/bytes representing each character. You might want to read this: ARM Patching

    Quote

        public static Sprite getFrame(string id = "")
        {
            return null;
        }

    I've seen that you're only trying to make it return null. First, you need to check wether the function is void or returning something. If you're intending to disable the function just do:

    BX LR
    1E FF 2F E1

    If it's void, disabling the function can crash the game. Alternatively you can pass one character to the parameter. You can try to convert character to hex: UTF8 to Hex. For example, character 'a' is '0x61' in hex. So you can do something like this:

    MOV R1, 0x61
    61 10 A0 E3

    Note that you need to adjust the 'R1' or the register according to the parameter. First parameter is usually passed into R1 register, but since it is a string, you might looking for LDR/LDRB instruction inside the function and change it with the instruction above.

  3. Hi @eliottalderson, it is depends on how the game/app implements emulator detection. Some through java classes and some through compiled library. My approach is to use: frida for java classes and do reverse engineering using: IDA Pro or Ghidra for compiled library. So for LIAPP use frida instead.

    Quote

    Should every app be dealt with in a specific way than the rest due to this LIAPP protection?

    Yes. Developers can name the 'emulator detection' whatever they want, also the approach can be different. So different app, different approach, unless they are under the same system with the same version (ex: tersafe/anog, liapp, etc)

    Quote

    P.S. this is my first post so I hope am in the right category.

    You're in the right category, don't worry.

    Quote

    - searching for emulator keywords in game guardian (searched ":emulator") and tried changing the values but they didn't.
    - tried decompiling the app and see if its possible to remove detection functions but I don't think decompiling was successful in the first place to my knowledge.

    Welp, I've seen some videos that it is possible to disable LIAPP from being launched through smali. However, decompiling the APK requires you to disable the APK Signature first for most game/app which is a different kind of story. You're on the right track, keep tracing the game and you're a reverse engineer!

  4. Hi @serdarag, it is certainly possible to update mod menu values to newer version but not in a way that you moved the mod menu to new version. So, you can run the modded apk first -> activate mod menu cheats -> dumps the game library -> find differences between dumped library and the original library -> mark the differences -> reverse the library and find the address that's already marked -> reverse the new version library and find the same location, you can judge it by code structure, pointer or etc -> then you can create your own Game Guardian script.

  5. Hi @FlashNUT,

    Quote

    This still doesnt work. I tried the same location as you wrote (i checked and it is the same), after that i tried to change the name of the apk into GameGuardian.101.1.apk and still it show the same thing, no such file or directory.

    Pardon me, you need to put the APK inside your Windows (not inside your android storage). Save this command as a .bat file and game guardian apk in the same location as your adb.exe.

    cd/d "%~dp0"
    adb.exe install gameguardian.apk

     

  6. Hi @FlashNUT, you need to indicate where you save the Game Guardian apk, for example:

    adb install --bypass-low-target-sdk-block /storage/emulated/0/Download/gameguardian.apk

    Also, you need to place your apk inside your phone, not in Windows.

  7. Hi @ninjavour,

    Quote

    <Address>"TekkenGame-Win64-Shipping.exe"+34E87C0</Address>

    Judging from this, it is Windows Tekken, meaning there's no Emulation involved. It is likely to be downloaded from Steam (or elsewhere) but the point is, it is Native Windows OS game.

    Quote

    <Value>1</Value>
    <Value>0</Value>

    From this value, you can tell that it is boolean (true/false). Probably the game has some kind of check wether the main player is bot or actual player: meaning that the main player can be played both ways.

  8. Hi @nigaer

    Quote

    like the toggle for example

    Game Guardian can't create custom UI like LGL did. It was utilizing existing GG API, you can use something like: gg.prompt()gg.multiChoice()gg.choice(), etc.

    Quote

    but i want to apply offsets and every post it was to edit the offset and things but with what..

    I don't exactly get what you mean. Do you have difficulties in writing a lua script? Or finding the correct offsets?

  9. Hi @kotako,

    Quote

    On PC yes, but i need way unban my phone

    The easiest way but probably takes long is to just simply reflash your rom (or factory reset?) or use Virtual Machine on your phone like VPhoneGaGa. I'll check the game on my freetime.

  10. Hi @kotako,

    Quote

    in a VM, reinstalling does not help (the VM itself)

    This is weird. VM/Emulator is sandboxed Android, it will have random id each VM/Emulator instances you created. (Yes. You don't need to reinstall the whole Emulator/VM). Every Emulator/VM supports for Multi-instance, just create a new one each time you getting banned.
    image.thumb.png.f43698206fbeedaad4cfa7068179340d.png

    Quote

     I also used BlueStacks But today I cant even get in from It

    Your game has Emulator detection, you can simply disable it from offsets. And also, I dont recommend getting Bluestacks, it is so bloated, hard to root (you literally need to change the boot config). Here's emulator I recommend:

    Quote

    if I change the offset to get the identifiers from the device, then i get disabled though server

    Send your Diamond script through DM, I will do some testing on my part using VM/Emulator.

  11. Hi @kotako, it usually means that your previous banned account info still saved somewhere inside the game files. Re-downloading resources won't help as game tends to download specific resources according to your account id. Removing banned account from your device requires heavy lifting:

    • - You need to spoof your any device information from external and internal. You can use modules and apps mentioned above, while also changing device information from offsets. Inside dump.cs look for: deviceid, devid, cpuid, playerid, accountid, oaid, imei, uuid, uniqueidentifier, etc.
    • - Modify your account id from /data/data/your_game/sharedprefs -> save the file somewhere -> uninstall your game -> install it again (dont use the same resources for data, but you can still use the same obb) -> don't open the game first, create game folder manually: /data/data/com.your_game/sharedprefs -> put your modified file to sharedprefs.

    I would suggest you to just using emulator or any virtual machine, so you can reset the emulator/virtual and play with new account.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.