MC874

Hi @mac0912, as long as you have root permission. Yes.

Hi @Jorides, we're happy to see you too! If you have any questions, don't hesitate to ask

Hi @Xcasqq58, from what I read in another forum, PUBGM Skin Changer requires hooking, which is not a simple memory editing. I believe it involves multiple function or class: Player -> WeaponManager -> WeaponID, it is also seems to requires a separate thread to watch player inventory. I suggest you to visit: PUBGM

Hi @derbeyonder, It is not different, you're doing it incorrectly. As it's name, offset is displacement, so you need the first address where the libil2cpp is located: lib_address = gg.getRangesList('libil2cpp.so')[1].start method_address lib_address + 0x0DF91EE4 /*****************\ Try 'WZR', it is zero-point register, meaning the register value is always empty MOV W23, WZR Or try immediate value, I mean 0x0 is the same as #0 MOV W23, #0 Or you can enforce it by changing it's hex string to: hF7031F2A or h17008052 /*****************\

Hi @derbeyonder, Good, you're on the right track. You need to remember that method/function usually starts with 'PUSH' and ends with 'POP' or if you find another 'PUSH' it means that you're reaching another method/function. So, find any 'MOV' instruction beetween both 'PUSH', and make sure that it contains 'R3', something like this: MOV ..., R3 and change the 'R3' to '#0'

Been familiar with it too, but never purely try it on Android. Always need a helping hand with windows.

Hi @derbeyonder, No, you don't have to. Just goto that method address and look for: Find this instruction from the method: mov [r1-r10], r3 Replace it with: mov [r1-r10], #0 Since 'int price' is the 3rd parameter, it would likely that the value is saved on register r3. You can see it on Memory Viewer. If you didn't found it, the value might be on different register (from r1 to r10). Just test every single 'mov' instruction: Search any 'mov' from the method: mov [r1-r12], [r1-r10] Replace it with: mov [r1-r10], #0 If change all the mov from the method doesn't work, it is probably that the value is stored on some address and not on the register. If that's the case, look for any LDR instruction: Find these instruction at the start of the method: LDR [r1-r10], ... LDRB [r1-r10], ... and change it to: MOV [r1-r10], #0

Hi @Henkli, it is weird to me. What happen if you use Nox inbuilt apk installer? (click on +apk on the right bar)

Hi @PONLANGSAKALAM, for finding the right value, you must go through trial and error. You can try to find something related to: "currency", "gold", "coin" or something. Just test it one by one if there's multiple result, I suggest to edit the field first to find the right class. You can provide the dump.cs here so I could create a config for testing.

Hi @Fujimkad, I wouldn't recommend doing debugging on Android, as there's no apps that have a full feature for debugging, but you can still do it: - Game Guardian: itself can be used as a debugging tool but if you know what you're doing. - radare2: You can try to install radare2 on your Termux. It can read most of the function from a library, so it is still kinda useful. - ADA: Or you can do conventional dissasembling using Android Disassembler. So as far as I know, there's no advanced way of doing debugging on Android except with the help of computers.

Hi @Error-404, using virtual apps is not recommended. I have provided list of virtual machine below that you can use it as replacement to virtual apps. I suggest using VPhoneGaGa.

Hi @Domofon5, it is not offset, it is savedlist config. The value you modified inside game guardian can be saved into -> saved list -> then you can export it as a config file. You can load the 'savedlist' config again from icon.

Hi @option_user, the speedhack works for a little while before it doesn't work: 03-01 19:44:39.724 3678 3678 I android-daemon: Load shell: af 03-01 19:44:39.820 2821 2830 I android-daemon: SH load... 03-01 19:44:39.820 2821 2830 I android-daemon: SH loaded 03-01 19:44:39.820 2821 2830 I android-daemon: c 2830 0 0xd1e82fa0 354 03-01 19:44:39.833 3678 3678 I android-daemon: breakpoint: status(57f) WIFSTOPPED(1) WIFEXITED(0) WIFSIGNALED(0) WTERMSIG(127) WEXITSTATUS(5), WCOREDUMP(0) WSTOPSIG(5) 03-01 19:44:39.833 3678 3678 I android-daemon: Got breakpoint! 03-01 19:44:39.833 3678 3678 I android-daemon: Got trap 03-01 19:44:39.836 3678 3678 I android-daemon: VM_FAIL 2: -1 12c00000, 4, 14, Bad address Now the thing is, it seems that you're playing browser game. Speedhack is absolutely wouldn't work if you're playing browser games, especially it is server-side game. I can tell that you're using browser because the speedhack try to hook browser lib: 03-01 19:44:39.437 3678 3678 I android-daemon: elf_hook32 [/system/lib/libwebviewchromium_loader.so] baseOffset: 5000 - 5000 5000 0

Hi @Emmyboi, you can try download: termux then run these command: su setenforce 0 Then open Game Guardian -> 'Fix It' button -> Switch to work with SELinux.

Hi @Dr4gon65, the files is generated from savedlist. You can just goto saved list () inside game guardian -> use load saved list () -> located the file -> then 'load' it.

Hi @Howrang, ESP hack cannot be done by Game Guardian. You need to create an overlay in order to pull this off. You might want to start with learning Mod Menu as ESP hack is rather hard for starters. However, you can try to modify existing mod menu by adjusting it's bone offset and player class. Here go take a look: Make ESP for Unity games.

Hi @JamesRalleca15, newer Android version has some limitations within the kernel. You need to use Virtual Machine in order it runs properly, I suggest using VPhoneGaGa: - VPhoneGaGa - VMOS Pro - x8Sandbox - F1VM

Hi @Dezo If the Virtual Machine freezes, it means that you don't have enough memory or the app itself is bugged out. You might want to try another VM, I suggest to use VPhoneGaGa: - VPhoneGaGa - VMOS Pro

Hi @san8067san, here's what you can do: - Use Fuzzy search, and scan for changed values. You need to always have some card/anything that can modify the damage each time you find the value. - If it's Unity game, you can dump the game and look for appropiate damage fields - You might want to find player class that might have damage value stored somewhere. Look for 'PlayerController', 'CharacterControl', etc as strings, and then find any pointer to that. Once you've found the player class, the next step is to find pointer inside that class. Some of them might have damage value.

Hi @DSz, On Android 12-14, Android introduces 'phantom processes' that will kill any intensive app and also limiting app, so it can't access another app namespace. Read more about it here: Android Phantom. I'm refering "Game Breaking" feature to changes that significantly affect kernel, how app works, system, and etc.

Hi @Dontae798, Game Guardian works with any application. You're probably mistaken for "Car Parking Multiplayer" script. And yes, you can create your own Game Guardian lua script for other games, see our: documentation

Hi @St3gm4, Actually, Cheat Engine Android is already exist for a long time now. The only downside is, it is not as advanced as Game Guardian. We can just hope that Android doesn't introduce a game breaking feature, just like Microsoft did with their Windows 11.

Hi @angel88888, There's several ways to do this: - You can use pattern search from: games. - You can also debug the game library using: Ghidra or IDA Pro -> use it's string finder (Shift+F12) and look for GWorld/Gname -> Use (CTRL+X) to find any reference point -> GWorld should be in one of the references. - If the strings is somehow encrypted, try to read: Finding Offset in UE4 or try to look around/ask the people at the forum

Hi @broyashka, I don't have telegram so I can't try it myself. All data from /shared_prefs will loaded into memory at some point, so you can just attach the Game Guardian into Telegram processes, then find a pattern on how the string are stored in memory (pointer/debug symbol/group search). There's a thread similar to this, you might take your time to read it: HIWD Lock Script

Hi @amammt, Game Guardian and Termux requires SU / Root. Without that it wouldn't work. I see that you're using virtual spaces app, please try virtual machine: - VphoneGaGa - X8sandbox - VMOS Pro