Jump to content

darklinux

Ascended
  • Posts

    32
  • Joined

  • Last visited

3 Followers

Additional Information

  • Android
    10.x
  • Device
    Android

Profile Fields

  • Discord ID
    darklinux#5584

Recent Profile Visitors

1,129 profile views

darklinux's Achievements

Explorer

Explorer (4/14)

  • Collaborator Rare
  • One Month Later
  • Reacting Well Rare
  • Week One Done
  • Dedicated Rare

Recent Badges

10

Reputation

  1. Ah, in that case I have a feeling GG will not support native threads. I do want to release a small shellcode lib for native functions. I have "LoadLibrary" working, next is CreateThread, VirtualProtect and so on. Should be easy to do with little asm.
  2. GG supports web requests via makeRequest, multi threading would help a lot when making multiple requests.
  3. Thanks! I'll fix that. I'll see if I can get frida working, I dont have root so I may not be able to debug any issues.
  4. They most likely have an encrypted copy of the value they check against, or the value is tracked on their backend. I would dump the game into IDA Pro and check cross references or use a debugger and see who accesses the value.
  5. Never used a comma like that before, looks like it sets the value after the call, that's why its not equal (aka nil). -- lua _bsd_8 = "ue0", SPD() -- bytes code LOADK 1 7 ; "ue0" GETTABUP 2 0 8 ; _ENV "SPD" CALL 2 1 1 ; 0 in 0 out SETTABUP 0 6 1 ; _ENV "_bsd_8" and -- lua _bsd_8 = "ue0" SPD() -- bytes code SETTABUP 0 6 7k ; _ENV "_bsd_8" "ue0" GETTABUP 1 0 8 ; _ENV "SPD" CALL 1 1 1 ; 0 in 0 out https://www.luac.nl/
  6. You would need to have your own service to implement https://developers.google.com/youtube/v3/guides/authentication Then you can proxy requests with gg.makeRequest to your service.
  7. View File Jad3d arm64 .so injector Info: This project is in a "work in progress" state. Please report any bugs or suggestions. Many features are missing, like "create thread", "save settings", ... Testing was limited, not all .so will work How to use: Attach GG to target process Run script, click "Inject" Locate file via file prompt Select function by name that you would like to run Toggle target app to background and then to foreground Done! Submitter darklinux Submitted 07/26/2022 Category Tools  
  8. You would need to log API requests, unless its over a socket, then its much harder to narrow down.
  9. Version 1.0.1

    449 downloads

    Info: This project is in a "work in progress" state. Please report any bugs or suggestions. Many features are missing, like "create thread", "save settings", ... Testing was limited, not all .so will work How to use: Attach GG to target process Run script, click "Inject" Locate file via file prompt Select function by name that you would like to run Toggle target app to background and then to foreground Done!
  10. I have been writing an arm64 .so lib loader for GG over the last week. I'm going to be releasing it soon. It will have some examples of shellcode and hooks. Yes, that's the idea, you would allocate a page and write your asm byte code to it.
  11. If static analyzing is not your thing you can hook the target function and log all return addresses.
  12. -- Lua simple XOR encrypt by Ganlv -- https://github.com/ganlvtech/lua-simple-encrypt Yes, its encoded, so not so simple. Would need to make or find a decoder.
  13. https://gameguardian.net/help/classgg.html#a15e72eaba99c1eadac1ccdeb8e2b5009 Has some good info I would use a site like https://godbolt.org/ I'm using ARM64 gcc trunk You can write some c++ code like, int square(int num) { return num * num; } and get asm for it sub sp, sp, #16 str w0, [sp, 12] ldr w0, [sp, 12] mul w0, w0, w0 add sp, sp, 16 ret then use something like http://shell-storm.org/online/Online-Assembler-and-Disassembler/ I'm using AArch64 This will take your asm and convert it to byte code "\xff\x43\x00\xd1\xe0\x0f\x00\xb9\xe0\x0f\x40\xb9\x00\x7c\x00\x1b\xff\x43\x00\x91\xc0\x03\x5f\xd6" You will need to write your own functions, but something like this, local shell_code = "\xff\x43\x00\xd1\xe0\x0f\x00\xb9\xe0\x0f\x40\xb9\x00\x7c\x00\x1b\xff\x43\x00\x91\xc0\x03\x5f\xd6" local shell_address = gg.allocatePage(gg.PROT_READ | gg.PROT_WRITE | gg.PROT_EXEC) local result = hook(offset + base, shell_code, shell_address) I would recommend reading over this project, GGInjector (#9c9qcq9g)
  14. Not the shell code part, that's why I wish GG supported hooks. GG would handle the allocation and hooking, and then passes the values to lua. GG is currently external, so it would be a drastic change. I have implemented my own hooking library for lua, so it can be done. Hook example, hookFun = function(x) return x * 2 end -- address -- lua hook function -- arg sizes array -- return arg size -- return or complete function (ret, complete) gg.hook(offset + base, hookFun, [TYPE_DWORD], TYPE_DWORD, HOOK_RET) Native call example -- address -- name -- arg sizes array -- return arg size gg.regsiterNative(offset + base, 'sendPacket', [TYPE_DWORD, TYPE_DWORD], TYPE_DWORD) function StopFalling() packetStopFallingId = 154 return sendPacket(packetStopFallingId, 1) == 1 end
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.