HorridModz
-
Posts
282 -
Joined
-
Last visited
-
Days Won
7
Content Type
Profiles
Forums
Downloads
Gallery
Posts posted by HorridModz
-
-
On 11/13/2022 at 7:11 PM, ShotinmybagXD1234 said:
Alr tysm for the nice and friendly reply like always
Ig I'm gonna work on somewhat easy stuff for a starter modder like sets & lottery script
That sounds great. Since pg3d has lots of protections and anticheat, it may be more satisfying for you to mod an easier game, such as an offline game, or maybe even a mono game (mono is what unity games were made with before 2017, it made app apks come with the source code so you could easily edit the source code however you pleased). Personally, I remember when I edited the source code of an offline game with no protection that was built with mono. I trivially modified a lot of stuff in only a few hours, then I installed the modified game and got to enjoy all the mods I had created. It was really cool and gave me a lot of motivation.
I recommend trying that to give yourself courage, but if you want to stick to pg3d, feel free to. I just hope you don't get frustrated.
Also, make sure to follow a tutorial every once in a while. In my opinion, that's the best way to learn new things as well as to build onto your current skills. I recommend watching a couple of PMTDVA's tutorials.
0 -
14 hours ago, adachi1705 said:
No XP Spoofer?
Tell me where anyone said this was an xp spoofer. You just did the equivalent of walking into a furniture store and asking if they sold shoes.
On 11/15/2022 at 5:31 AM, ikme1337 said:Can you update for 22.8?
I don't plan to update this script. Sorry.
0 -
Just now, ShotinmybagXD1234 said:
Does anyone know how to make a bp script I've been looked up for almost a year "pg3d battle pass script" nothing comes up and I'm not good with making scripts so that's it...
Ik this is off topic and unrelated but it just needs to be addressed...
I don't think there's any bp scripts that currently exist. You'll have to make your own.
The reason bp scripts are almost extinct is because the game has been obfuscated since version 16.6.1, and most modding has been achieved by comparing 16.6.1 with the current version to deobfuscate the game's code and find hacks. The pixel pass was not a thing in version 16.6.1, so all the pixel pass code is obfuscated and almost impossible to deobfuscate. This makes it very difficult to find battle pass hacks.
1 -
On 10/2/2022 at 9:23 AM, SanCorry said:
Limit Report
In game(playing)
- Coins 18000
- Gems 10800
NonPlaying
- Coins 50 000
- Gems 900
24 h time = 1 report
Thanks so much! Where in the heck did you find this?
On 10/2/2022 at 9:23 AM, SanCorry said:Limit Report
In game(playing)
- Coins 18000
- Gems 10800
NonPlaying
- Coins 50 000
- Gems 900
24 h time = 1 report
Correction: This says paying, not playing (meaning whether you are an f2p player or you have spent money or the game before)
On 10/4/2022 at 9:53 AM, Murilo_GOLD said:Hi! I tried to use it, but when I try to run the script it says "searching", than after a minute it says "nothing found". What should I do?
On 10/4/2022 at 12:12 PM, miku103067939 said:22.7.2edition It doesn't work.
On 10/7/2022 at 6:58 AM, Murilo_GOLD said:How did you do?? I tried but it always says "nothing found".
4 hours ago, lordvillain said:Hello horrid, bro your script is awesome, but after new update it doesn't work, it need your update.
I believe the script is working again in 22.8, but I have not verified this myself.
0 -
On 9/7/2022 at 12:28 AM, qwer098 said:
After watching the tutorial video about hex editing, I had a question about hex language.
In that video (game was archero), he found offset of 'headshot' and replaced the value to 'mov r0,#1' and 'bx lr' that converted into arm32. And all attack became headshot.
What is meaning of 'mov r0,#1' and 'bx lr'? Is there any othet useful texts that can be used for hitbox or aimbot mod?
Sorry for my bad English, translator didnt work properly, so I just write it down.
Most tutorials on hex patching do not explain how hex patching works. I'll explain exactly what hex patching is and how it works, from the very beginning.
@MainCand @BadCasedid a great job explaining, but they didn't go in-depth.
To understand what the libil2cpp.so file is, you have to understand how the game's libil2cpp.so file is generated. All games with libil2cpp.so files are made with Unity's Il2cpp Backend. Unity is a game engine where you write your code in the C# programming language, and the engine compiles it into an apk. Most of the game's code, such as the 'headshot' method, is converted from C# to IL (Intermediate Language) to C++. This C++ code is then compiled to assembly code, which is encoded into hex and stored in the libil2cpp.so file. Different devices use different assembly languages (called architectures) - android has armv7 (32bit) and armv8 (64bit). There is a libil2cpp.so file for each architecture. In most Unity games, there is armv7, armv8, and sometimes x86 support. In armv7, armv8, and x86, all assembly instructions are 4 bits long when encoded into hex.
When the game executes a method like the 'headshot' method, the hex for the headshot method is taken from the libil2cpp.so file for the device's respective architecture, decoded back into assembly code, and run.
This is not the exact process, but I left some information out and simplified some stuff.
To visualize this, I like comparing c code to assembly code to hex. Arm Hex Converter Online can be used to converted between assembly code and hex, and Compiler Explorer can be used to convert c code to assembly code. There is currently no way to perfectly convert from assembly code back to c code, so you will have to learn assembly code to understand it.So what does
Mov R0, #1 bx lr
mean? I like looking at it in c. This is the same as:
return(1)
There are multiple ways to write this in assembly, so compiler explorer might contradict us. But
Mov R0, #1 bx lr
is the simplest way to do it.
Let's make up an example of how we would use hex patching and walk through it step by step. Say that the offset for the 'headshot' method is 0x67AB0AB. This means that the function's code begins at the 67AB0AB's byte of the libil2cpp.so file. The offsets are usually in hexadecimal - this is what most hex editors use, and what most tools / resources like dnspy and Il2cppDumper use. This represents the decimal (base10) number 108703915. So, we know that the function begins at the 108703915th byte of the libil2cpp.sp file. If we go to this offset in our hex editor (most hex editors use hexadecimal offsets, so we go to offset 67AB0AB, the first 8 bytes are 06 00 00 15 00 88 FC BF. Each assembly instruction is 4 bytes, so we are looking at the first 2 assembly instructions of the function. We edit this to our hex (if we want to working with armv7, and we want the function to always return 1, we use the hex 01 0 0A0 E3 1E FF 2F E1, which decodes to
Mov R0, #1 bx lr
. We only have to edit the first 8 bytes (2 instructions) of the function because if we always edit the first instructions to return, the function will always return before it executes any other instructions. This is how return statements work in almost all programming languages. For this reason, we edit only two instructions and do not have to overwrite the whole function. We need to edit two instructions and not just one because
return(1)
takes two instructions in assembly. If we want to return a number that cannot be expressed in one statement (ex: for armv8, the maximum number you can directly use is 65535, or 0xffff in hexadecimal), or we want to do something more complicated than always returning a number, we may need more than two instructions. In this case, we overwrite as many instructions as we need. If our new function is very complex, it might be longer than the original function. This will rarely happen, but just in case, you should use workarounds when your new function is long.
I do not currently know how to find where a function ends, only how it starts. A .so file is a linux shared library file (armv7, armv8, and x86 architectures use linux), so if anybody wants to try to find out an easy way to find out where a function ends, or even better, a way to list all of the functions in a given .so file, (it would be awesome if somebody does this!), this is a starting point to start researching.
Hopefully this is a helpful guide and it explains hex patching in-depth! Sorry I wrote so much, I got a little carried away
NOTE: In most assembly languages, including armv7, armv8, and x86, the numbers 1 and 0 are used respectively instead of true and false. The hexadecimal representations of 1 and 0 (0x1 and 0x1) can also mean true and false respectively.
8 -
On 8/21/2022 at 5:42 AM, Onions96 said:
Hi. Just wanna ask . Are u using gg in rooted? If not what what version of gg u are using
I use a rooted android emulator with gameguardian. I am not an expert at setting up gameguardian or rooting, so don't ask me if you are having issues - there are many great tutorials on youtube that explain better than I can.
1 -
11 minutes ago, MainC said:
Hi! From previous behaviour that "Dumped Metadata is identical to Obfuscated/Encrypted one", I assume that; it is because of Metadata is still on loading stage.
- 1) Since Metadata is got flushed from memory so quickly, here we going to suffer from trial and error to make sure we got the right timing. Highly recommend to do it on PC with some Android Emulator because of milisecond is really important. On PC, you need to prepare Cheat Engine and some script for Auto Suspend/Freeze emulator. Prepare everything, by the time you launch the game; run the script (Highly suggest to use Custom Hotkey to execute the script) and search the Metadata Header on Cheat Engine. If not found, do Unfreeze-Freeze and scan again on CE, do this until you got some interesting bytes. You can try to use PsSuspend and make a script to automate that.
- 2) You might need the game sandboxed, although you can try it using emulator but it has whole Android emulated, too big for us to debug it. The reason for this is; we can use Ghidra and attach it directly into the game. This will make read things more easily.
- 3) If you're sure that the Decryption thing is happen on HProtect Java Class, probably you can try some external hooking. Frida seems the right choice but I'm not sure if it's able to read what the function are currently doing, since it's just read class? I'm not an expert, so I didn't know the full ability of Frida. You can try to create custom hooks from scratch and make it access the data that's currently handled by HProtect. This yet a big effort to just looking for Metadata, not recommend since it's wasting of time.
From Platonic, it's more likely that Metadata will exist in bare form for doing step #1, since there's multiple Metadata co-exist? At this point, the only option is to Reverse Engineering the game; since every current tools aren't able to do the job.
You can try running the pc version of the game, using ProcMon to find where the metadata is accessed, then setting a breakpoint. This will make sure you dump the metadata at the correct time (referencing this tutorial).
There is also the possibility that the dumped metadata is a decoy.
0 -
4 hours ago, Enfusia said:
The game refused to launch and straight up crashed, even when just decompiling and compiling without making any changes.
I checked out the UnityPlayer class and compared it with the old version, the developers almost completely rewrote it.
The new UnityPlayer class also contains many suspicious variables and functions (which the old one didn't have), like 'bix2hex, hash_sha256, logLoadLibMainError, mProcessKillRequested:Z, mQuitting:Z, mKillingIsMyBusiness:Landroid/content/BroadcastReceiver', and so on.
I got the game to stop crashing on startup after making some changes to the UnityPlayer, but now it's just an endless blackscreen. Still a step in the right direction, though.
By the way, the game doesn't initialize HProtect through the UnityPlayerActivity.smali class like it used to, but it still gets loaded.
If no tools are working, I think the only option is (of course) to manually reverse engineer it. Good luck!
0 -
Glad this was fixed, but I just want to say that while@MAARS's solution works, it is not very clean. This is because if not will also be true if the value is false, not just if it is nil. if not works, but it is not clean code because it is not clear whether a boolean value is expected or not. You should also try to make your code as clean and understandable as possible. For example, look at this code:
variable = false if not variable then alert("Variable is nil!") else alert("Variable is not nill!") end
0 -
I don't have the time to analyze this, but here are some notes:
-Just because the 4 magic bytes are there does not mean the metadata is not encrypted (like in this game: https://katyscode.wordpress.com/2021/01/15/reverse-engineering-adventures-league-of-legends-wild-rift-il2cpp/)
-You can try using Il2cppInspector to dump the game
-You can try opening the game in ida pro and comparing with the old versions to see what has been changed
-You can try forcing the il2cpp version in the config.json file for il2cpp dumper - maybe this game switched the version of il2cpp to an older one for some reason
However, I do think the problem is that there is some protection in the libil2cpp.so file - this seems to be the most likely explanation.
0 -
VED
in LUA scripts
Nice description
0 -
Pixel Gun 3D ALL UPDATE Custom Lottery + Sets Hack (32bit and 64bit)
The script has been patched, but @Michael1541 went through a lot of effort to make an updated version for the community! Switch to that one instead: PG3D Lottery and Sets script updated - LUA scripts - GameGuardian@Michael1541's updated version has also been patched
.
Want to update the script yourself? I have created a lotto sets template!
Notice: Armv7 (32bit) is not currency supported, because I grinded 18 hours to make this and I'm really burnt out. But it should be finished in a few days.
Update: I said I would add Armv7 (32bit) support in a few days when this script was first released, but it never came out. I know a lot of people are upset about this. The reason is that I tried multiple times to make it work but kept encountering bugs and running into issues. Sorry to all the 32bit users!
Contact Me:
User123456789#6424 on discord
Disclaimer: This script is bannable! Getting too much currency within a certain time frame will flag your account as suspicous and you will be banned in the next ban wave. I recommend only getting at most 10,000 gems per day, or your account will have a high risk of being banned. Even if you do play it safe, you can still be banned.
Warning: Using the custom value option and setting the reward values to over 45,000 will instantly ban you!
After almost 18 hours straight of work, and a completely sleepless night, I finally present:
Pixel Gun 3D All Update Custom Lottery and Set Event Hack!
This is not the ordinary lotto sets script. Here's what unique about it:
-This script will work on all game updates (the lowest game version tested is 22.4.3, but downgrading is impossible anyway), even future updates
-The script supports various values, and lets you enter a custom value if it does not have what you want. Currently, only whole numbers (no decimal values like 1.5) in the range of 0 to 65536 are supported.
-This script supports devices with both armv7 (32bit) and armv8 (64bit) architectures
-This script employs multiple searches, to ensure that only the correct value is edited, and as a backup in case the mIain search does not work
-This script has a small antiban feature that warns you when you try to edit the reward values over 45,000
I really hope you enjoy, and that this was worth staying up until 5 AM for!
-
Submitter
-
Submitted08/20/2022
-
Category
1 -
-
Change Price
in Help
5 hours ago, ENDUP said:Hello my friend, I know that your goal is to help, but your method is wrong because modifying a large number of values will taking out or ruin your game and if it is a hack in Xa Or a speed hack, like fixed numbers, your method will not work. I am offering the most professional ways to help everyone. Thank you.
Thanks for trying to help, but he is also trying to help. Maybe you think your method is better, but we should all be allowed to contribute our methods. Do not try to denounce someone else's advice.
This is also quite hypocritical of you because your method also involves editing a large number of values.
On 8/14/2022 at 10:59 AM, TypoWasTaken said:Hi so I was wondering how I could find a value that I can’t change so i’m trying to change the price of a item in a shop that costs lets say 50 coins when I go in GG I put in 50 and search then I have lets say 800 search results how can I narrow this down to find the one for the price when I can’t change the price? thanks in advance
I have another method. Another way to find the value you want is by group search. If there are multiple items in the shop, try searching multiple of these items with ";" in between (ex: if there is an offer 50 coins for item a and an offset 100 coins for item b, search 50;100 instead of just 50). A group search will only return values that are close together. In something like a shop, the different offers are usually close together in memory because they belong to the same elements of the game.
3 -
Thanks so much for the awesome tutorial, you made ida pro (a very overwhelming tool) seem easy to use and helped me mod a function with ida pro. I do have one question: I was confused on this line:
Quote*Hint* You will need to use multipliers stated above to make your stats more than 255, thus needing at least 2 lines of instructions.
I am using arm64 (armv8), and my target function has four lines of code. For lines should be very comfortable for returning whatever value I want. However, I am kind of stuck on how. The Mul command looks like it doesn't exist in arm64.
0 -
On 7/21/2022 at 9:41 AM, Lover1500 said:
I am not sure if this is what you need. I add some instruction that I think it is easy to understand.
Thanks for helping! My code does the same thing, but now @XkPPhas options! They can choose whichever one they understand the most.
0 -
Ah ok. Here's code for that:
The code may have some errors.It works by building an array of all the values you selected, and removing any results that do not have any of those values.
local function contains(item,array) local index local value for index, value in ipairs(array) do if value == item then return true end end return false end local menu = gg.multiChoice(val,nil,"") if menu == nil then os.exit() -- user clicked 'cancel' end valid = {} local index = 0 while index < #menu do index = index + 1 if menu[index] then valid[#valid + 1] = val[index] end end results = gg.getResults(gg.getResultsCount()) for result in results do if not(contains(result.value,results)) then gg.removeResults(result) end end
0 -
5 hours ago, XkPP said:
Ugh, this is exactly what I said.
I just made a mistake in that code. Use this new code.
On 7/3/2022 at 7:32 PM, HorridModz said:local menu = gg.multiChoice(val,nil,"") if menu == nil then os.exit() -- user clicked 'cancel' end local index = 0 while menu[index] ~= true do index = index +1 if index > #menu then os.exit() - no checkboxes selected end end gg.refineNumber(val[index],4) end
Just now, HorridModz said:Ugh, this is exactly what I said.
I just made a mistake in that code. Use this new code.
Try the code in the quote.
I updated it.
0 -
Dynamic Value Remover
This is a simple tool that spams value unchanged search on your search results.
It is useful when you have a bunch of results, and want to narrow them down.
-
Submitter
-
Submitted07/14/2022
-
Category
0 -
-
On 7/6/2022 at 6:50 AM, XkPP said:
after I tried it with one of the values the loading took a long time, can you fixed it again?
I don't know what you mean. I also don't intend to fix any issues you have.
I'm trying to explain to you how to do what you want to do. It's great that you want to make a script using advanced features and I know it's not easy. But I'm not going to make your script for you. I'm only here to help you when you get stuck on how to do something.Please rephrase what you mean by this - I don't get what you are trying to say.
0 -
On 6/28/2022 at 6:02 AM, XkPP said:
tar = gg.getResults(gg.getResultCount())
val = {}
for i, v in ipairs(tar) do
table.insert(val,v.value)
end
local menu = gg.multiChoice(val,nil,"")
if not menu then os.exit() end
if menu[val] == true then
gg.refineNumber(menu[val],4)
endwhen I try it doesn't respond to refine please help
It's not menu[val]. If your multichoice gets val, and val is a table, then gg will return the index checkbox you selected.
Fixed:
local menu = gg.multiChoice(val,nil,"") if menu == nil then os.exit() -- user clicked 'cancel' end local index = 0 while menu[index] ~= true do index = index + 1 if index > #menu then os.exit() - no checkboxes selected end end gg.refineNumber(val[index],4) end
Another way to do this is with gg.choice. gg.choice has different ui (only lets you select one, rather than checkboxes) and returns the index of the one you clicked.
local menu = gg.choice(val,nil,"") if menu == nil then os.exit() -- user clicked 'cancel' end gg.refineNumber(val[menu],4) end
0 -
22 hours ago, xlordzz said:
can this get you banned?
Only if reported by the community, which is likely if you play duels.
0 -
Pixel Gun 3D Xray Hack
Youtube Demo:
Made with my pixel gun 3d zoom hack (read that post before downloading this script):
Pixel Gun 3D Zoom Hack - LUA scripts - GameGuardian
Make sure to run this script when the game is around 5-60% loaded.
If it doesn't work, try restarting the game and retrying.
This script was made on a 64bit device for version 22.5.0. I don't know if this will work on version 22.5.1 or on armv7 devices. Please tell me if it does or not!
-
Submitter
-
Submitted07/01/2022
-
Category
0 -
-
PG3D Godmode Hack (All Updates)
Youtube demo:
Contact me on discord: User123456789#6424
This script gives you godmode in pixel gun 3d! Just activate the script while in a match and you will be immune to damage!
Thanks to poggersbutnot (don't try to contact him, he's gone) for the godmode method. I just made it into a script.
-
Submitter
-
Submitted06/30/2022
-
Category
0 -
-
Pixel Gun 3D Zoom Hack
Contact me on discord: User123456789#6424
Youtube demo:
This is a simple zoom hack for pixel gun 3d. It lets you zoom in and out. It's not very useful, but it was fun to make and hopefully will be fun to use.
Both the script and the way I found this hack are inspired by @Platonic.
This script was made on a 64bit device for version 22.5.0. I don't know if this will work on version 22.5.1 or on armv7 devices. Please tell me if it does or not!
Sometimes, multiple values are found. If you want only one value to be found, try running the script when the game is around 5-60% loaded.
Enjoy!
-
Submitter
-
Submitted06/30/2022
-
Category
0 -
Protecting Your Lua Scripts
in LUA scripts
Posted
This is great @Sysadmin, but can you also shoutout Moonsec? I feel like they deserve a shoutout just as much. Moonsec also has an awesome obfuscator that's free - and it comes with an anti-log feature. In addition, they have a paid obfuscator and a tool called LuaAuth that allows users to manage access to scripts by ip addresses.