Jump to content

nok1a

Contributor
  • Posts

    630
  • Joined

  • Last visited

  • Days Won

    13

Everything posted by nok1a

  1. nok1a

    Improve script

    I don't think i changed anything here except for the parts mentioned by CmP. Also i lost this script with all other scripts posted here due to loss of device, so i don't remember which changes i made personally. Also the script is not made for work on all devices. It was made based on the device i was working with.
  2. Hey, sorry for late reply. I just checked and tried using gameguardians speedhack to speed up the daily timer and it added the 5 crystals to it when i switched menus and even after restarting the game the crystals remained. So im not sure what i need to understand from that.
  3. nok1a

    Brain Puzzle

    tried encrypted search?
  4. I had that issue happening sometimes in a old game i was playing. Turned out depending on the instruction set architecture the game installs a different game version. So the value may differ. So if you have already checked all memory regions as Kiynox instructed make sure to check the game versions. Here an example of different game versions on different instruction set architecture: Combat magic stats change? (#o1uhthk) If that´s not the issue you could use pointers to "try" locate the value in your phone but for that you have to understand the pointer structure in Nox. What you also can do is check the behaviour of the value in Nox. Seeing if the value increases or dicreases when doing sercent actions and replicate that behaviour using unknown search in mobile. I mean it´s what i usually do.
  5. Often in online games the bullet speed is server sided. But which game is it? Edit: I mean, the bullet speed may be sever sided or it could be the timing of amount of bullets that hit the target in a sercent time that could be server sided. But sometimes you can make it work.
  6. Welcome, There are lots beginners friendly tutorials https://gameguardian.net/forum/gallery/category/2-video-tutorials/
  7. Dump 64bit: https://mega.nz/folder/HVkHlKzJ#eLLBQbnyMzeHJWJzL6ypDQ Aside from that i also received same error as you when using the script. For fix the issue you have to contact the owner of the script: libil2cpp.so and metadata.dat dumping script (#rpaaz4p) Game had some protection on mobile when i selected the process. I was using F1 in VM. Dunno why. On Bluestacks did not get a message that game is protected. So dumped it there. Works fine: There are 2 libil2cpp.so files: so i dumped both of them, i am not sure if they are the same, but the sizes differ between dumps..so i guess not. This is the other dump.
  8. How you found the key? I can´t find that. Well, could not find anything mentioned actually due lack of understanding, but i see you explain it as clear as possible. I was assuming you found it somewhere here: namespace System.Security.Cryptography { // Token: 0x02000303 RID: 771 [Token(Token = "0x2000303")] internal class TripleDESTransform : SymmetricTransform { // Token: 0x0600190B RID: 6411 RVA: 0x00002053 File Offset: 0x00000253 [Token(Token = "0x600190B")] [Address(RVA = "0xEC3CCC", Offset = "0xEC3CCC", VA = "0xEC3CCC")] public TripleDESTransform(TripleDES algo, bool encryption, byte[] key, byte[] iv) { } // Token: 0x0600190C RID: 6412 RVA: 0x00002053 File Offset: 0x00000253 [Token(Token = "0x600190C")] [Address(RVA = "0xED0E18", Offset = "0xED0E18", VA = "0xED0E18", Slot = "15")] protected override void ECB(byte[] input, byte[] output) { } // Token: 0x0600190D RID: 6413 RVA: 0x00002050 File Offset: 0x00000250 [Token(Token = "0x600190D")] [Address(RVA = "0xED0D54", Offset = "0xED0D54", VA = "0xED0D54")] internal static byte[] GetStrongKey() { return null; } // Token: 0x04000CF9 RID: 3321 [Token(Token = "0x4000CF9")] [FieldOffset(Offset = "0x34")] private DESTransform E1; // Token: 0x04000CFA RID: 3322 [Token(Token = "0x4000CFA")] [FieldOffset(Offset = "0x38")] private DESTransform D2; // Token: 0x04000CFB RID: 3323 [Token(Token = "0x4000CFB")] [FieldOffset(Offset = "0x3C")] private DESTransform E3; // Token: 0x04000CFC RID: 3324 [Token(Token = "0x4000CFC")] [FieldOffset(Offset = "0x40")] private DESTransform D1; // Token: 0x04000CFD RID: 3325 [Token(Token = "0x4000CFD")] [FieldOffset(Offset = "0x44")] private DESTransform E2; // Token: 0x04000CFE RID: 3326 [Token(Token = "0x4000CFE")] [FieldOffset(Offset = "0x48")] private DESTransform D3; } } Then first result i got after searching destransform E1 brought me to this github that follows something similair as the above and the encryption method you mentioned: https://github.com/mono/mono/blob/main/mcs/class/corlib/System.Security.Cryptography/TripleDESCryptoServiceProvider.cs I guess to decode the result in base64 i need another key? Because i tried decoding in base64 with some basic base64 decoder...without any key and then use a gzip decompresser but i got an error that im using invalid characters.
  9. It does but sure, there are exceptions.
  10. If its not that one specific game try it manually with GG and Hex editor using one of the two tutorials. You need a PC though. Because some mobile dumpers don't support some metadata versions while on PC it does. Dunno why.
  11. I just changed the language. This crystal value,try changing it before the timer finishes. Then when game collects the crystal daily rewards you may get it cheated. Will try testing it.
  12. In that case it may make sense to cheat the reward value and wait till the timer is finished to get the reward. The game is in foreign language but do we get crystal rewards from this? I also just noticed that on the full version to buy something with crystals the game is online or some sort. So maby we have to cheat the crystals on the uncomplete version? (Just theorizing)
  13. My bad regarding background sound. Did not pay attention.
  14. Could not find anything to buy with the crystals. So not 100% sure if works. But if you buy sometimes and it works, the crystals should remain after restarting the game. mobizen_20231117_083925.mp4
  15. Should be data type double and memory range Ca.
  16. Have you tried searching the crystals in double?
  17. Do you know how to do some basic searches on a game? It's usually the same kinda games your trying to cheat.
  18. Which game? I don't understand
  19. You can cheat the level but you need to do it from the lobby so you dont get detected. And for the level to remain you need to play a match. I dunno from the top how to skip the modes but if you finish lv100 you go to the next mode. Download the field offset finder. Then in lobby search for the class: GemCondition sith offset 14(64bit) and change the result to 0 and then put some blox and you should move to the next lv. Level will be saved so duding restart you don't lose the data. For unlock all levels in a mode use again field offset finder and search DBController with offset 0xA8 Its xor encrypted. mobizen_20231111_122024(0).mp4 And no worries about the ban warning. They don't ban you.
  20. Not sure why a game like that has a anticheat..
  21. What have you tried so far?
  22. Hi, where are the crystals located, have a screenshot?
  23. I checked these fields but when editing the values no changes happen. Personally i think that aside from editing the values in java region you will only find the level value in the regions where the executable is located.
  24. But why would they have it in process memory if they already have it in the shared pref? These small puzzle games with lots of adds often have there coins and level values in region Java Heap, Other or Java. Since i usually don't dump the game the quickest way for me would be opening sharedpref file. Search the key name of the coins or level and then edit it in GG in it's appropiate memory region, otherwise it's really hard to find the level or coins value with a regular GG search. Not to sure how you found that out, may i know where in dump you see that it says both encrypted and unencrypted exist? I dumped the game but can't find anything yet about the level, lot's of classes but not really providing me results. I believe im forced to check the libil2cpp.so and edit those methods although i prefer to stay with the green regions which is more understandable. Well, dumping is for me last resort. Usually i rely on my typical GG search techniques. As far i understand my GG search skill the dump doesn't usually provide me more advantage in finding something then i would without. But this depends on the knowledge one has about the dumps and executables.
  25. I am not sure if it would be more easy to do it in process memory. If it is a method of a class then i would not say it is easy, at least for my opinion because i never edit methods since the results after editing usually don´t make sense to me. How so not? Finding the name and value in the preference file and then editing that value in process memory is more easy for me because i will know where and what exactly i need to edit, also because everything in shared pref is location in java heap, java and region Other. and values in shared pref files change addresses each time the client writes to the shared pref file. So if you don´t know how to edit methods this is gone be the second thing you gone try. Checking if the value can be found in pref...if so make a script and edit it with GG. Interesting, will take a look and see what it gives on the surface level. But if the level value is located in a method of a class then it will probably be more hard for me to edit it from the region where the executable is located. But the point is to find the level value in that string. But if i need to dump the game for find it then i will do that.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.