nok1a

Press on Sx

Game: https://play.google.com/store/apps/details?id=com.unicostudio.gemdoku&hl=en_IN&gl=US I want to locate the level value in the com.unicostudio.gemdoku.v2.playerprefs.xml file so i can edit it with GG or CheatDroid. Normally i can cheat the level by overwriting the current com.unicostudio.gemdoku.v2.playerprefs.xml file with the one from older versions since the names and values where readable back then as shown in the screenshots. It was a quick work around but i am rather interested in finding out how the player level is really stored in the current xml file because i noticed quite some games have values like coins stored in a long string. On top of that the string will include more then just the coins, for example it can include some functions that are needed to have the coins appear properly. So if you don't edit the string correctly you will get a undesired result. So i started running some basic tests that i am familiar with. Like comparing the content in the .xml file when i was a level 5 with the content in the .xml file when i became lv6. Then replace the old string with the new string to see which string makes me go back to level 5. Eventually it came down to this string, the string when i was a level 5: <string name="1EBXq7XeVC545LnqsugT4jS%2FTXFJQZG%2BkJ1CodU1l%2BGkd5zLuX%2BoPk2Z1QWV9JkXAJmyRo9KdrM%3D">1EBXq7XeVC5e6TxnIVs%2FT%2BMZXc3zTi%2FMR5bkR5NzbftgLsNAbMjgO2EU4JrjCwSZusRXHZl1d4Li7vw0P3fcuvB36rs0RvYSfwduwbvRwLX%2Fi58tS5lkESmKdSQfxJFpIyTxQcSMn6qkwSNCDJhFDCf7Mp3mA9baBgWYX9q0oKTmi1l2NZ48vf1OXIehi0zKQpAMt6nTIMgQYxIhfxAOxVBrd0180%2FGzugECxwjNwcjfLy%2FaYaoiKA%3D%3D</string> Then when i whent to level 6 the string changed to this: <string name="1EBXq7XeVC545LnqsugT4jS%2FTXFJQZG%2BkJ1CodU1l%2BGkd5zLuX%2BoPk2Z1QWV9JkXAJmyRo9KdrM%3D">1EBXq7XeVC5e6TxnIVs%2FT%2BMZXc3zTi%2FMR5bkR5NzbftgLsNAbMjgO2EU4JrjCwSZusRXHZl1d4Li7vw0P3fcuvB36rs0RvYSe3e5rsbaG7LN%2FfLGOhZwig%2FMiGabQt1ZHSZBQ4B9j%2BAtDkZvUP2cKg9VEQkyvFwu7vRSk%2BtVVpC4EXD6C4IcgN8BjpNq%2FIuWKud5LzCmdIr9TlyHoYtMyuc%2FO%2BdfyyhyJhuGPpaK98AkejcbIKUeIKrfAcOjp%2F0gQSKbb6ZZdJo%3D</string> Only whent up one level in the game. Did not do any extra changes. So i believe every different between both strings should be related to the level. I dunno nothing about encoding or encryption but i did saw that "%2F" and "%3D" occurred a lot in both strings and the internet says that it is common in URL's although i doubt it's a URL did try to decode it as a URL and then it shows me the slashes in the string. Making it look like this (first string is level 5, second string level 6): -- decoded level 5 1EBXq7XeVC5e6TxnIVs/T+MZXc3zTi/MR5bkR5NzbftgLsNAbMjgO2EU4JrjCwSZusRXHZl1d4Li7vw0P3fcuvB36rs0RvYSfwduwbvRwLX/i58tS5lkESmKdSQfxJFpIyTxQcSMn6qkwSNCDJhFDCf7Mp3mA9baBgWYX9q0oKTmi1l2NZ48vf1OXIehi0zKQpAMt6nTIMgQYxIhfxAOxVBrd0180/GzugECxwjNwcjfLy/aYaoiKA== -- decoded level 6 1EBXq7XeVC5e6TxnIVs/T+MZXc3zTi/MR5bkR5NzbftgLsNAbMjgO2EU4JrjCwSZusRXHZl1d4Li7vw0P3fcuvB36rs0RvYSe3e5rsbaG7LN/fLGOhZwig/MiGabQt1ZHSZBQ4B9j+AtDkZvUP2cKg9VEQkyvFwu7vRSk+tVVpC4EXD6C4IcgN8BjpNq/IuWKud5LzCmdIr9TlyHoYtMyuc/O+dfyyhyJhuGPpaK98AkejcbIKUeIKrfAcOjp/0gQSKbb6ZZdJo= Then copy pasted MR5bkR5NzbftgLsNAbMjgO2EU4JrjCwSZusRXHZl1d4Li7vw0P3fcuvB36rs0RvYSfwduwbvRwLX into MR5bkR5NzbftgLsNAbMjgO2EU4JrjCwSZusRXHZl1d4Li7vw0P3fcuvB36rs0RvYSe3e5rsbaG7LN and then encoded it back which resulted the game to kind act weird. The font shows lv1 but then when trying to enter the map it shows lv500 with nothing on the background. This was not the intended result. Some help would be appreciated.

Did you close the game before you changed the value?

I don't think it's possible to do that with GG. The authorization flow simply wouldn't allow you to send a transaction through with modified price value. And the verification of the product happens at the app creators server. You can trick the system though from the client's part but that would be with it's original price values in order for the transaction to be authorized. You can also do edits at the client without having anything send to the server which mainly for offline games but that wouldn't be a transaction then.

Its in the xml file i uploaded. Download and replace it with the xml file in the data/data/com.unicostudio.gemdoku/shared_prefs folder

Yea. It's complicated to help you because i can't install the APK. But it should be a bit similar as the normal APK (i think). Can you go to lives value and see if you have a pointer at offset -11 that looks a bit as in the video. Can you make a video of it as well on how you do it. mobizen_20231029_154743.mp4

If you remove the game and then reinstall you won't have the same addresses. Still advice you not go rely on it otherwise you would not have the issue your having now. You have to know how to do a group search and offsets otherwise you will have this address problems.

cheat = LEVEL (#2xt1y13p)

I really advice you to not rely on the addresses. May work for now but it's the least static methods. You have to know how to do group searches and offsets and then you will find this problem quite easy to resolve. Check for static values around the health value and if some of them are always at the same offset of your health value. Even after restarting the game. If so then you put the static value in a script and do offset calculation. There is the scripting documentation for how to do that.

I see, but im using the touch version. The no touch version i can't install since i get an error. So perhaps that's why the script doesn't give the right values. Can you try on touch version. Also it really comes down to comparing values for a few times and see if the offset remains same. It takes a few tries. But since we don't use the same apk it will be hard to help or you will need to do some screenshare.

Yeah it's different for you. Not sure if it's because your having the no touch apk or something else. But if value changes address each time you have to use offsets. So you can search for values that don't change and restart the game a few times to see if the distance from the non changable value and the health value remains same. Will take a few tries. It's not practical for me to guess to much what values are static so a screen share or somesort is most suitable by my opinion. Perhaps on discord or something.

the no touch version doesn't work for me. You can do a few dumps and see if you find a static value that has a fixed distance from your desired values but you can't search for a pointer scan by using dumps because as you said, after restart the value is on a different memory location. Unless you find a value and you already know the address at that value is a pointer. Oke can you use the old script, then go to the saved list and select all values and do offset +0x169 and type byte. which values you get?

Maby not needed to send screenshot. Can you see if you get your health and life values? gg.setRanges(gg.REGION_C_BSS) gg.searchNumber(":spotvg", gg.TYPE_BYTE) local t = gg.getResults(1) gg.clearResults() gg.searchNumber(t[1].address -0x8, gg.TYPE_QWORD) local a = gg.getResults(60) for i, v in ipairs(a) do v.address = v.address -0x8 v.flags = gg.TYPE_DWORD end gg.loadResults(a) for i = 1, 10 do gg.searchNumber("1", gg.TYPE_DWORD) end local b = gg.getResults(1) local startAddress = b[1].address list = {{address = startAddress + 0x169, flags = gg.TYPE_BYTE, name = "inf lives"}, {address = startAddress + 0x16B, flags = gg.TYPE_BYTE, name = "inf health"}} gg.addListItems(list)

Oke looking good so far. But can you send screenshot of the saved list. It's where you gave the results a name.

I understand. Please save the code in a lua file and then run the script and provide than a screenshot of the saved list. gg.setRanges(gg.REGION_C_BSS) gg.searchNumber(":spotvg", gg.TYPE_BYTE) local t = gg.getResults(1) gg.clearResults() gg.searchNumber(t[1].address -0x8, gg.TYPE_QWORD) local a = gg.getResults(60) for i, v in ipairs(a) do v.address = v.address -0x8 v.flags = gg.TYPE_DWORD end gg.addListItems(a)

The nature of topic is fine but i see what you mean. Can you do a offset calculation -0x16B starting from your inf health value. And see if the value at that address is 1 dword. If so add offset of +0x08 and type qword. Check if there is a pointer. If so goto pointer and make sure UTF-8 is enabled. Then see if you see string name "spotvg"?

Hi i think i misunderstood the question. You ment the values change address when you restart the application. You would need to find a static group search.

You mean you can't find the values? Or you find them but can't edit them or nothing happens? Have you already tried encrypted search?

Yes. You must write script that has the pointer that is responsible for pointing to a new memory address in which your health, time...etc is stored. You could do this by using backwards pointer search. In Unity games this goes quite efficient. Then must place the pointer in a while loop so that the moment the memory address changes of your health the script will automatically find the new memory address. Also if possible provide link to the game. So others can do tests and so that one can be more easily supported.

Yeah. For now use this. Game engine alert gets ignored. Will later do more adjustment to script. Will work if game is unity and has speedvalue is 1.0 speedhack_finder_unity.lua

Use the field offset finder and provide an update if it works. You game must be 64bits. mobizen_20231019_064520.mp4

Can you provide an example of a new game that is Unity in which the script not know it's unity? Haven't updated anything for sometime. I will look to it when i got the free time but the work and other factors don't give me to much freedom to update speedhack script.

It's just a group search. Dunno if chainer is suitable. A script can be made for it or field offset finder. It's class is JourneyProgress and field name numberOfCompleted. Has offset 18 bytes on 64bit.

The game got a updated? Try this: 50;yourgamelevel -1::9 My level is 10078 so i go in match and search 50;10077::9. Enable region anonymous. Then edit the level while your in match and then leave it.