HorridModz
-
Posts
282 -
Joined
-
Last visited
-
Days Won
7
Content Type
Profiles
Forums
Downloads
Gallery
Posts posted by HorridModz
-
-
35 minutes ago, HorridModz said:
Hi, I have a hex patch that must be run when the game's process size is before approximately 450 MB. After this point, the game has gotten to the point in its initialization where the function I am patching has already been called. So, if you patch it when the game's process size is over around 450 MB, it will not work.
I'm trying to write a script to do this patch. I want the script to detect if the game's process size is below 450 MB, and if not, tell the user to restart the game. However, I couldn't find anything for this in gg.getTargetInfo() or any other functions. So, I'm stumped on how to do this.
I've given up with gameguardian and, as a workaround I'm now just trying to locate some kind of value in memory or function in the game that can give me a hint on the process size or initialization progress. My best guess right now is to see how much the game has loaded by finding the function that reports the % loaded.
Is there any way to do this natively in gameguardian? Or is there any easy workaround I can use? Thanks!I'm wondering if there's some way to do it by seeing the highest address in the game. Like if I can somehow find the base address of the game, then I do an address search for base address + 0x1AD27480 (450000000) - equivalent to 450 million, or 450 mb. Then if the search comes up with a result, game process size is at least 450 MB. Could that work?
0 -
On 4/8/2024 at 6:06 AM, INMENR said:
nice job.. hope you can please update weapon unlocker too =)..
Sorry, I no longer maintain that script.
On 4/8/2024 at 12:16 PM, mesidex said:Hi,
How can you avoid the following error after selecting the process in GG?
That sucks, looks like pixel gun 3d is detecting gameguardian. This is device-specific, it seems, and not an issue with my script. So I can't help you - sorry! Perhaps you can ask around and see if anyone else has managed to circumvent this detection.
0 -
On 4/17/2024 at 9:35 PM, Rxhacker said:
I reason is i have to write some code which is longer then 4kb , using your concept i can write the code. But what happened is i had to write a jump code at the end of 4kb to another allocated space, so i was wondering if there was any way to allocate an continues block of memory more then 4kb. But turns but there isn't such option. I think i will move forward with jump code. Thank you
Okay, that's what I figured. You're right about the block not being continuous; sorry. @CmPprovided actual code which solves that problem by trying to allocate continuously, but I have no idea how often that would work and the tendency of it to fail (I'm unaware of how the kernel decides where to allocate the memory). A solution to that might be to allocate the first block in an obscure region (maybe an unused memory region, like c++ heap, would work? This is a gray area for me, so I wouldn't really know.) where you are sure there's enough consecutive space.
If I were you, I would first take CmP's code and play around with it, seeing if you encounter any issues.0 -
Hi, I have a hex patch that must be run when the game's process size is before approximately 450 MB. After this point, the game has gotten to the point in its initialization where the function I am patching has already been called. So, if you patch it when the game's process size is over around 450 MB, it will not work.
I'm trying to write a script to do this patch. I want the script to detect if the game's process size is below 450 MB, and if not, tell the user to restart the game. However, I couldn't find anything for this in gg.getTargetInfo() or any other functions. So, I'm stumped on how to do this.
I've given up with gameguardian and, as a workaround I'm now just trying to locate some kind of value in memory or function in the game that can give me a hint on the process size or initialization progress. My best guess right now is to see how much the game has loaded by finding the function that reports the % loaded.
Is there any way to do this natively in gameguardian? Or is there any easy workaround I can use? Thanks!0 -
On 4/2/2024 at 12:41 AM, Rxhacker said:
Is there any way to allocate more then 4kb in the memory using game guardian ?
I don't believe that's directly possible, but you can allocate as many pages as you need and chain them together. To do this calculate how many pages you need by dividing by 4KB, and in a loop allocate a block and add the return address of the allocated block to a list. You can then combine all of your memory into a table of values by looping over the list and adding the 1000 values (taking the start address and adding 4 each time, 1000 times) to the table for each address. If you don't understand, I can code that for you - it's pretty simple to do.
Though I wonder what you're writing to memory that takes so much space? An image or save code, or something?1 -
On 4/4/2024 at 6:42 AM, Tristan1972 said:
Hi guys,
Could any anyone tell me how would go about adding N times a decimal value to a Dword?
N should be determined by me
Do you just mean multiplication? Or do you want to add the value N separate times, with a pause in between? For the latter, you could write a simple script, like this:
N = 10 -- how many times add = 100 -- value to add on every time timebetween = 1000 -- how long to wait between times (milliseconds) values = gg.getResults(gg.getResultsCount()) for _ in N do for i in values do values[i].value = values[i].value + add end gg.sleep(timebetween) end
1 -
UPDATED PG3D 24.3.2+ + ACTUAL 32bit SUPPORT - Pixel Gun 3D ALL UPDATE Custom Lottery Rewards Hack (32bit and 64bit)
Contact Me:
User123456789#6424 / @horridmodz on discord
Ahhh, it's finally here! Over a year and a half after posting the original, and many, many requests, it's back! I promised to get this done today, and here it is, just barely in time. Since it's been so long, I am posting this update as a new thread.
I've been meaning to update this for a while; and I'm sorry for such a looong wait. But this should be the last time you have to wait - because, if my crazy WIP All Update Script Generator tool works as well as I hope, this will be made so resilient it's practically unpatchable!
So, here we are. The script is the same as last time, but with some minor improvements - and 32bit support! Unfortunately, I couldn't get 32bit custom values to work, but I got the predetermined values working. I was finally able to figure out that the issues I've been having are actually not my fault, but a limitation with the way lua itself handles integers - to get technical, the 32bit edit values exceed lua's integer limit, but the 64bit ones do not. I tried to workaround this, but just couldn't do it. However, a big rework of the script that I have planned, which changes the way editing is done, will fix this problem.I finally updated this script because I have time over spring break. Shoutout to @dizzy252for sending a request to update the script that I coincidentally saw right before spring break started - if it hadn't been for him, I probably wouldn't have had the thought to do this! Alongside this script, I've in the process of developing a revolutionary tool that creates resilient all update scripts; all you have to do is input your offset or hex and it spits out the full script. If you're interested, here's a sneak peak: https://www.youtube.com/watch?v=sVwODQcSy4A
Want to update the script yourself? I have created a lotto sets template!
Disclaimer: This script is bannable! Getting too much currency within a certain time frame will flag your account as suspicious and you will be banned in the next ban wave. I recommend only getting at most a few thousand gems per day, or your account will have a high risk of being banned. Even if you do play it safe, you can still be banned.
By the way, due to a rework of sets by the developers, sets no longer work. Only lottery rewards are modified.
Warning: Using the custom value option and setting the reward values to over 45,000 will instantly ban you!
This is not an ordinary lottery script. Here's what unique about it:
-This script will work on all game updates (the lowest game version tested is 22.4.3, but downgrading is impossible anyway), even future updates
-The script supports various values, and lets you enter a custom value (currently custom values do not work for 32bit) if it does not have what you want. Currently, only whole numbers (no decimal values like 1.5) in the range of 0 to 65536 are supported.
-This script supports both 32bit and 64bit devices
-This script has a small antiban feature that warns you when you try to edit the reward values over 45,000
Enjoy!
-
Submitter
-
Submitted04/02/2024
-
Category
2 -
-
1 hour ago, MAARS said:
I don't know if encryption is the right word but. The memory is not disposed how it should be for a il2cpp game. Address are weird. That why any field offset finder won't work. I did manual search like for 3pmon until I gave up. Note since I had also Frida I used the exact runtime address with the goto tool with gg but that did not help at all the address lead somewhere that not the field offset
I don't understand. What does disposing memory have to do with the memory layout?
Also, I have an idea for dynamically finding out the address, though I don't quite know how to do it myself. If you know the field offset, perhaps you could find a method that references the field by using a hex search or offset calculation, then navigate to the instruction that references the field? From that point, I believe that you could extract the offset from the assembly instruction - it would be relative to something, maybe an ldr or an instruction of the like - and then determine the field's address in memory. Just a suggestion; again, I don't have the experience to know if that would work.1 hour ago, MAARS said:The memory is not disposed how it should be for a il2cpp game. Address are weird.
Have you tried poking around in the dump using dnspy to find anything peculiar, such as an anticheat?
0 -
On 3/30/2024 at 12:33 AM, MAARS said:
I managed to do it using frida but using GG it seem like an impossible task or a skill issue the game is using some kind of encryption. So far this is class and offset
public class levelSelection : MonoBehaviour { public bool unlockalllevel; }
Unrelated, but I'm trying to learn Frida myself. I know you have posted some youtube videos on the subject; is there any description you could give me or tutorial you could link to show me just how you did this? Props!
0 -
On 7/17/2015 at 11:13 PM, Enyby said:No logcat - No help!!!
Lmao, I love the meme!
On 2/6/2024 at 2:09 AM, bilalafghan546 said:I have I problem virtual space data error
On 2/19/2024 at 4:31 AM, Barnabas said:I have the same error. Does anyone know how to fix it? Any help would be appreciated.
On 2/20/2024 at 10:43 AM, Miraxidor said:There are already three of us with this error. I look forward to helping you!
What's the error? Video or description? And of course logcat - but it's even more important that you describe what the error is!
0 -
Woah, this is great! I'm impressed by your perseverance - if I found a server sided game, I would instantly quit. People who persist always amaze me!
It's good that you found some useful hacks, but unfortunately, many games like this simply aren't very hackable. You can only touch what's client sided, and that's not under your control. Of course keep looking, because the more cheats you have at your disposal, the better. Additionally, my suggestion for how to move forward would be exploring how you can use these hacks to gain a significant advantage. A great example of this is the game Township: The game is mostly server-sided, but there are some hacks the community has discovered that are not. There is a cheat that allows you to change the rewards from and cost of a task, but there is a very low ceiling on how much you can gain at once, or else you will be flagged and auto-banned. To workaround this, I used a gameguardian script and autoclicker to automate the process of editing and completing these tasks. I'm telling you this to show that it is possible to get around restrictions and use what you can hack to achieve lofty goals.
So, I would suggest seeing what you can do with the hacks you do have. Perhaps you can create some kind of bot or macro? Since you have cheats that seem to make the game much easier, would this allow you to, say, farm games AFK with a simple autoclicker? Again, some stuff simply cannot be achieved (such as gaining VIP, in your case), but you can sometimes still do big things with what you do have.
Another piece of advice I have is to look for low-hanging fruit. If the game is only partially server-sided, this suggests that the developers have deliberately made important things server sided and left more trivial things (such as movement speed) to the client. This means that if you do the opposite of your intuition, and seek relatively harmless hacks, you may have a higher chance of succeeding. See what small, seemingly inconsequential things you can do, because these little hacks can do big things if applied right.
Lastly, remember that searching for methods is not the only way to mod. Editing values with gameguardian may seem less effective and more failure-prone, but it is easier. quicker, and much more direct. In the same way, you may want to try searching for these trivial values and inconsequential numbers. For instance, how about editing some value in an event, changing a progress bar, or editing strings to swap an ordinary reward in for a better one. This strategy may not work as well, but in my opinion, it is worth exploring - at least for testing things before diving into dump.cs.
I'm excited to see if you figure anything else out. Good luck, and happy hacking!
0 -
Have you tried this script?
0 -
On 1/18/2023 at 7:51 AM, lereda2017 said:
it a good script but not working anymore for the version 23.0.0 and i find out that you had another script that you need to update yourself but the thing is that i watched many tutoriels, and i don't know what hex value i need for the 64bit and 34bit, pls help
Can you please elaborate? Do you not know what whether you are 32bit or 64bit? Do you not know what libil2cpp.so file to use? Do you not know what hex value to edit to? I need more information to be able to help.
0 -
Pixel Gun 3D Lottery Sets Template
Unlike the all updates version, this script does support Armv7 (32bit).
Contact Me:
User123456789#6424 on discord
Disclaimer: This script is bannable! Getting too much currency within a certain time frame will flag your account as suspicous and you will be banned in the next ban wave. I recommend only getting at most 2,000 gems per day, or your account will have a high risk of being banned. Even if you do play it safe, you can still be banned.
Warning: Using the custom value option and setting the reward values to over 45,000 will instantly ban you!
While my all updates lottery sets script will work for multiple versions, the devs like to patch it manually. So, I decided to make an alternative.
This is a template for updating lottery sets yourself!
Features:
-Supports various values, and lets you enter a custom value if it does not have what you want. Currently, only whole numbers (no decimal values like 1.5) in the range of 0 to 65536 are supported.
-Supports devices with both armv7 (32bit) and armv8 (64bit) architectures
-This script has a small antiban feature that warns you when you try to edit the reward values over 45,000
Updating:
This script will only work for one update, but unlike the all updates version, it's really easy to update the script yourself. Just open up the file in a text editor, and you will be greeted with some data to fill in: The 32bit and 64bit hex values, game version, and your name (optional).
The hard work is obtaining these hex values. While it's very easy to do yourself, you will have to be experienced with hex patching in order to update it. Here's my favorite beginner-friendly hex patching tutorial: https://www.youtube.com/watch?v=yAK7rRhmTG4&t=41s&ab_channel=PMTDVA.
If you have any questions about how to do this, feel free to contact me on discord!
While it is possible to make this template work for all updates, it would require a lot of work. I may eventually make this, but don't count on it.
-
Submitter
-
Submitted01/14/2023
-
Category
1 -
-
On 12/9/2022 at 1:55 PM, MC189 said:
Hi! Are You using Game Guardian inbuilt Speedhack? I thought You're using some kind of script. Well, since PG3D is an Online Game, I thinkGG Speedhack no longer works on that game (But IDK). Probably @HorridModzcan help, since it's PG3D related. Also, I don't think it's the game fault, Perhaps compare libs (/data/data/com.pixel.gun3d/lib) on VPhoneGaGa and BlueStacks?
This isn't pg3d related; it's the architecture. PG3D has no anti-speedhack or anything special. However, you don't have to use the built-in speedhack. You can also use a script, like this one: https://gameguardian.net/forum/files/file/2918-auto-speedhack-finder/
0 -
On 12/19/2022 at 4:33 PM, Chaositic said:
Horrid, there a real big problem, a anti cheat system just do not allow to change value, how do i bypass it?
I don't currently have an anti-cheat bypass. Sorry.
0 -
On 1/2/2023 at 2:51 PM, maxx200715 said:
Does not work. I did everything according to the instructions and there is no way to buy(
Have you tried restarting your game and trying again?
0 -
6 hours ago, Ferib said:
Happy to see you are finally catching up on the conversation as this is exactly my point, all I request is to have a Lua API so that I can call `pthread_create` from the Lua context.
For example, `gg.setValues` eventually calls the native `process_vm_writev` function, I don't see why extending the Lua APIs is a problem in general.Lua scripts are sandboxed. They have limited file access. They show a warning when the script tries to access the internet. This stuff is intentional. It's to prevent abuse. If gameguardian devs added these safety features, why would they encourage a way to bypass them?
However, lua scripts need some freedom, or else they will be useless. So functions like gg.setValues are provided and encouraged. Just like in any software, there's a balance between security and functionality.
As I said before, I do wish this functionality existed myself. But my point is that it realistically has no chance to make it into vanilla gameguardian.
By the way, I'm sorry for being a little rude to you. I don't want to get stuck on this.
0 -
11 hours ago, strxx said:
Xp spoofer upgrade please
I don't intend to make this, but thanks for the suggestion! I'll keep it in mind.
On 4/18/2022 at 2:38 AM, NightShroud200 said:If you could make a currency script for pg3d that would be really helpful
I have a 64bit lottery and sets script that gives you lots of gems and coins.
0 -
10 hours ago, Ferib said:
the GG daemon process is just an example, can be any process
Your theory doesn't make much sense to me. All I requested was the use of `pthread_create` which you argue would allow code execution which can be achieved in different ways, no matter how dIfFiCuLt that is.
But that is okay man, the reason we don't have it has to do with the fundamentals of Android.
pthread_create is a feature of c++. Gameguardian does not encourage the use of running arbitrary c++. Why would they add to a feature when the feature is unwanted in the first place?
6 hours ago, CmP said:This example doesn't make sense. Only memory of selected process can be modified. Scripts have no control over which process is selected. So the question remains, what does GG daemon have to do with this?
I think @Feribjust doesn't want to admit he made a bad example. He's doesn't want to admit he made a mistake, so there's no point arguing about it.
1 -
On 11/18/2022 at 4:27 PM, LatoM said:
where can i get this free tools
and thx
1 -
On 11/18/2022 at 3:47 PM, Frosty67 said:
Hello im have a problem in emu i have error and nothing find i have newest version and i can to use it
On 11/19/2022 at 6:55 AM, only2we said:Hello brother, after the new forced update, the script don't work
Nothing found. Make sure you are fully loaded into the game, and you have not used any other lottery / set event scripts in this game session.
If you are fully loaded in and you have not used any lottery / set event scripts this game session, the script must have been patched. Please contact User123456789#6424 on discord so I can fix it.
On 11/24/2022 at 9:02 AM, Pixelpixel said:This script is awesome, but patched, pls fix !
On 11/24/2022 at 3:46 AM, Frosty67 said:When u fix this one
The script has been patched, but @Michael1541went through a lot of effort to make an updated version for the community! Switch to that one instead: PG3D Lottery and Sets script updated - LUA scripts - GameGuardian
1 -
On 11/20/2022 at 9:38 AM, Ferib said:
You are such a joke, we can just write bytes into memory and have them executed by hooking a hot code path. Might as well hook the GG daemon and executed arbitrary code.
Yes, I know this is possible and I've done it myself. But my theory for why this functionality is not included is that Enyby does not want it to be easy. It's impossible to prevent this from happening because you can use hooking, but it's more difficult when it's not baked into gameguardian.
Also, please be respectful. The moderators on this site are very sensitive, and this post could easily get you a warning (which would give you a warning point that showed on your profile forever and reminded people you weren't a very nice guy).
0 -
On 6/6/2022 at 7:27 AM, Ferib said:
the pthread_create is indeed a native thing, what I meant is that I would like a Lua wrapper API to invoke the pthread_create so that I can spawn a thread on my injected assembly instructions. Lua coroutines are overrated btw
This would be useful, but I believe gameguardian specifically does not want us to run our own code because of security. That's why lua scripts are sandboxed and have certain functionality, eg: file access, limited / entirely removed.
Adding an option to inject assembly code would be begging for someone to come along and make a malicious script. Personally, I am in support of this. But AFAIK the gameguardian admins aren't.
0
Bug Report: "Copy as group search" assumes values are consecutive when used with utf-8 text and utf-16 text options
in Help
Posted · Edited by HorridModz
@EnybyHello, I am reporting a behavior that appears to be a bug in gameguardian.
It seems that the "Copy as group search", when used with "UTF-8" and "UTF-16", assumes that the values are consecutive, i.e. one byte apart. However, this is not always the case, causing group searches to sometimes fail.
This is best illustrated by examples: Let's search the string "abc" in UTF-8 and save the first 3 results, but leave out the second one:
Now, we have two results: 97 byte, representing the character "a", and 99, representing the character "c". These results are a byte apart - so they do not directly form the string "ac" and would not be searchable as ":ac"; rather, they would be searchable by a group search that accounts for the byte in between: 97B;0~~0B;99B::3. However, the Copy as Group Search function, when I select UTF-8, gives ":ac". This is not the right group search and seems to be a bug.
In order to show why this is wrong, here is the situation where I discovered the bug. I had a script that writes a string to memory, like this:
If I run this script, I get the string written in consecutive byte values. I use Copy as Group Search for UTF-8, and it gives me the correct search: ":Here is my special string!".
But now let's revert what we just did by refreshing the game, change the address spacing to every 2 bytes, so the string is no longer consecutive, and copy it as a group search again:
We copy it as group search again, and get the exact same thing: ":Here is my special string!". However, now that the addresses are 2 bytes apart, this is wrong and will not work. If we try to search it, nothing comes up.
So, this is definitely not working right. I'm pretty sure that it's a bug. My suggestion for fixing this would simply be displaying an error message if the addresses were not consecutive, like this: "UTF-8 [or UTF-16] group search only works for consecutive addresses. Please use a different type of group search."
If there's any other information anyone would like, feel free to ask.