nok1a

How you found the key? I can´t find that. Well, could not find anything mentioned actually due lack of understanding, but i see you explain it as clear as possible. I was assuming you found it somewhere here: namespace System.Security.Cryptography { // Token: 0x02000303 RID: 771 [Token(Token = "0x2000303")] internal class TripleDESTransform : SymmetricTransform { // Token: 0x0600190B RID: 6411 RVA: 0x00002053 File Offset: 0x00000253 [Token(Token = "0x600190B")] [Address(RVA = "0xEC3CCC", Offset = "0xEC3CCC", VA = "0xEC3CCC")] public TripleDESTransform(TripleDES algo, bool encryption, byte[] key, byte[] iv) { } // Token: 0x0600190C RID: 6412 RVA: 0x00002053 File Offset: 0x00000253 [Token(Token = "0x600190C")] [Address(RVA = "0xED0E18", Offset = "0xED0E18", VA = "0xED0E18", Slot = "15")] protected override void ECB(byte[] input, byte[] output) { } // Token: 0x0600190D RID: 6413 RVA: 0x00002050 File Offset: 0x00000250 [Token(Token = "0x600190D")] [Address(RVA = "0xED0D54", Offset = "0xED0D54", VA = "0xED0D54")] internal static byte[] GetStrongKey() { return null; } // Token: 0x04000CF9 RID: 3321 [Token(Token = "0x4000CF9")] [FieldOffset(Offset = "0x34")] private DESTransform E1; // Token: 0x04000CFA RID: 3322 [Token(Token = "0x4000CFA")] [FieldOffset(Offset = "0x38")] private DESTransform D2; // Token: 0x04000CFB RID: 3323 [Token(Token = "0x4000CFB")] [FieldOffset(Offset = "0x3C")] private DESTransform E3; // Token: 0x04000CFC RID: 3324 [Token(Token = "0x4000CFC")] [FieldOffset(Offset = "0x40")] private DESTransform D1; // Token: 0x04000CFD RID: 3325 [Token(Token = "0x4000CFD")] [FieldOffset(Offset = "0x44")] private DESTransform E2; // Token: 0x04000CFE RID: 3326 [Token(Token = "0x4000CFE")] [FieldOffset(Offset = "0x48")] private DESTransform D3; } } Then first result i got after searching destransform E1 brought me to this github that follows something similair as the above and the encryption method you mentioned: https://github.com/mono/mono/blob/main/mcs/class/corlib/System.Security.Cryptography/TripleDESCryptoServiceProvider.cs I guess to decode the result in base64 i need another key? Because i tried decoding in base64 with some basic base64 decoder...without any key and then use a gzip decompresser but i got an error that im using invalid characters.

It does but sure, there are exceptions.

If its not that one specific game try it manually with GG and Hex editor using one of the two tutorials. You need a PC though. Because some mobile dumpers don't support some metadata versions while on PC it does. Dunno why.

I just changed the language. This crystal value,try changing it before the timer finishes. Then when game collects the crystal daily rewards you may get it cheated. Will try testing it.

In that case it may make sense to cheat the reward value and wait till the timer is finished to get the reward. The game is in foreign language but do we get crystal rewards from this? I also just noticed that on the full version to buy something with crystals the game is online or some sort. So maby we have to cheat the crystals on the uncomplete version? (Just theorizing)

My bad regarding background sound. Did not pay attention.

Could not find anything to buy with the crystals. So not 100% sure if works. But if you buy sometimes and it works, the crystals should remain after restarting the game. mobizen_20231117_083925.mp4

Should be data type double and memory range Ca.

Have you tried searching the crystals in double?

Do you know how to do some basic searches on a game? It's usually the same kinda games your trying to cheat.

Which game? I don't understand

You can cheat the level but you need to do it from the lobby so you dont get detected. And for the level to remain you need to play a match. I dunno from the top how to skip the modes but if you finish lv100 you go to the next mode. Download the field offset finder. Then in lobby search for the class: GemCondition sith offset 14(64bit) and change the result to 0 and then put some blox and you should move to the next lv. Level will be saved so duding restart you don't lose the data. For unlock all levels in a mode use again field offset finder and search DBController with offset 0xA8 Its xor encrypted. mobizen_20231111_122024(0).mp4 And no worries about the ban warning. They don't ban you.

Not sure why a game like that has a anticheat..

What have you tried so far?

Hi, where are the crystals located, have a screenshot?

I checked these fields but when editing the values no changes happen. Personally i think that aside from editing the values in java region you will only find the level value in the regions where the executable is located.

But why would they have it in process memory if they already have it in the shared pref? These small puzzle games with lots of adds often have there coins and level values in region Java Heap, Other or Java. Since i usually don't dump the game the quickest way for me would be opening sharedpref file. Search the key name of the coins or level and then edit it in GG in it's appropiate memory region, otherwise it's really hard to find the level or coins value with a regular GG search. Not to sure how you found that out, may i know where in dump you see that it says both encrypted and unencrypted exist? I dumped the game but can't find anything yet about the level, lot's of classes but not really providing me results. I believe im forced to check the libil2cpp.so and edit those methods although i prefer to stay with the green regions which is more understandable. Well, dumping is for me last resort. Usually i rely on my typical GG search techniques. As far i understand my GG search skill the dump doesn't usually provide me more advantage in finding something then i would without. But this depends on the knowledge one has about the dumps and executables.

I am not sure if it would be more easy to do it in process memory. If it is a method of a class then i would not say it is easy, at least for my opinion because i never edit methods since the results after editing usually don´t make sense to me. How so not? Finding the name and value in the preference file and then editing that value in process memory is more easy for me because i will know where and what exactly i need to edit, also because everything in shared pref is location in java heap, java and region Other. and values in shared pref files change addresses each time the client writes to the shared pref file. So if you don´t know how to edit methods this is gone be the second thing you gone try. Checking if the value can be found in pref...if so make a script and edit it with GG. Interesting, will take a look and see what it gives on the surface level. But if the level value is located in a method of a class then it will probably be more hard for me to edit it from the region where the executable is located. But the point is to find the level value in that string. But if i need to dump the game for find it then i will do that.

Press on Sx

Game: https://play.google.com/store/apps/details?id=com.unicostudio.gemdoku&hl=en_IN&gl=US I want to locate the level value in the com.unicostudio.gemdoku.v2.playerprefs.xml file so i can edit it with GG or CheatDroid. Normally i can cheat the level by overwriting the current com.unicostudio.gemdoku.v2.playerprefs.xml file with the one from older versions since the names and values where readable back then as shown in the screenshots. It was a quick work around but i am rather interested in finding out how the player level is really stored in the current xml file because i noticed quite some games have values like coins stored in a long string. On top of that the string will include more then just the coins, for example it can include some functions that are needed to have the coins appear properly. So if you don't edit the string correctly you will get a undesired result. So i started running some basic tests that i am familiar with. Like comparing the content in the .xml file when i was a level 5 with the content in the .xml file when i became lv6. Then replace the old string with the new string to see which string makes me go back to level 5. Eventually it came down to this string, the string when i was a level 5: <string name="1EBXq7XeVC545LnqsugT4jS%2FTXFJQZG%2BkJ1CodU1l%2BGkd5zLuX%2BoPk2Z1QWV9JkXAJmyRo9KdrM%3D">1EBXq7XeVC5e6TxnIVs%2FT%2BMZXc3zTi%2FMR5bkR5NzbftgLsNAbMjgO2EU4JrjCwSZusRXHZl1d4Li7vw0P3fcuvB36rs0RvYSfwduwbvRwLX%2Fi58tS5lkESmKdSQfxJFpIyTxQcSMn6qkwSNCDJhFDCf7Mp3mA9baBgWYX9q0oKTmi1l2NZ48vf1OXIehi0zKQpAMt6nTIMgQYxIhfxAOxVBrd0180%2FGzugECxwjNwcjfLy%2FaYaoiKA%3D%3D</string> Then when i whent to level 6 the string changed to this: <string name="1EBXq7XeVC545LnqsugT4jS%2FTXFJQZG%2BkJ1CodU1l%2BGkd5zLuX%2BoPk2Z1QWV9JkXAJmyRo9KdrM%3D">1EBXq7XeVC5e6TxnIVs%2FT%2BMZXc3zTi%2FMR5bkR5NzbftgLsNAbMjgO2EU4JrjCwSZusRXHZl1d4Li7vw0P3fcuvB36rs0RvYSe3e5rsbaG7LN%2FfLGOhZwig%2FMiGabQt1ZHSZBQ4B9j%2BAtDkZvUP2cKg9VEQkyvFwu7vRSk%2BtVVpC4EXD6C4IcgN8BjpNq%2FIuWKud5LzCmdIr9TlyHoYtMyuc%2FO%2BdfyyhyJhuGPpaK98AkejcbIKUeIKrfAcOjp%2F0gQSKbb6ZZdJo%3D</string> Only whent up one level in the game. Did not do any extra changes. So i believe every different between both strings should be related to the level. I dunno nothing about encoding or encryption but i did saw that "%2F" and "%3D" occurred a lot in both strings and the internet says that it is common in URL's although i doubt it's a URL did try to decode it as a URL and then it shows me the slashes in the string. Making it look like this (first string is level 5, second string level 6): -- decoded level 5 1EBXq7XeVC5e6TxnIVs/T+MZXc3zTi/MR5bkR5NzbftgLsNAbMjgO2EU4JrjCwSZusRXHZl1d4Li7vw0P3fcuvB36rs0RvYSfwduwbvRwLX/i58tS5lkESmKdSQfxJFpIyTxQcSMn6qkwSNCDJhFDCf7Mp3mA9baBgWYX9q0oKTmi1l2NZ48vf1OXIehi0zKQpAMt6nTIMgQYxIhfxAOxVBrd0180/GzugECxwjNwcjfLy/aYaoiKA== -- decoded level 6 1EBXq7XeVC5e6TxnIVs/T+MZXc3zTi/MR5bkR5NzbftgLsNAbMjgO2EU4JrjCwSZusRXHZl1d4Li7vw0P3fcuvB36rs0RvYSe3e5rsbaG7LN/fLGOhZwig/MiGabQt1ZHSZBQ4B9j+AtDkZvUP2cKg9VEQkyvFwu7vRSk+tVVpC4EXD6C4IcgN8BjpNq/IuWKud5LzCmdIr9TlyHoYtMyuc/O+dfyyhyJhuGPpaK98AkejcbIKUeIKrfAcOjp/0gQSKbb6ZZdJo= Then copy pasted MR5bkR5NzbftgLsNAbMjgO2EU4JrjCwSZusRXHZl1d4Li7vw0P3fcuvB36rs0RvYSfwduwbvRwLX into MR5bkR5NzbftgLsNAbMjgO2EU4JrjCwSZusRXHZl1d4Li7vw0P3fcuvB36rs0RvYSe3e5rsbaG7LN and then encoded it back which resulted the game to kind act weird. The font shows lv1 but then when trying to enter the map it shows lv500 with nothing on the background. This was not the intended result. Some help would be appreciated.

Did you close the game before you changed the value?

I don't think it's possible to do that with GG. The authorization flow simply wouldn't allow you to send a transaction through with modified price value. And the verification of the product happens at the app creators server. You can trick the system though from the client's part but that would be with it's original price values in order for the transaction to be authorized. You can also do edits at the client without having anything send to the server which mainly for offline games but that wouldn't be a transaction then.

Its in the xml file i uploaded. Download and replace it with the xml file in the data/data/com.unicostudio.gemdoku/shared_prefs folder

Yea. It's complicated to help you because i can't install the APK. But it should be a bit similar as the normal APK (i think). Can you go to lives value and see if you have a pointer at offset -11 that looks a bit as in the video. Can you make a video of it as well on how you do it. mobizen_20231029_154743.mp4

If you remove the game and then reinstall you won't have the same addresses. Still advice you not go rely on it otherwise you would not have the issue your having now. You have to know how to do a group search and offsets otherwise you will have this address problems.