XEKEX

Try to search the HWID or the UUID/GUID in the memory of that game ( in json format "GUID": or "HWID":) as a string some games use this as a unique identifer for the user data or for the file encryption key you can use it for your script aswell it will remain the same even the game get updated

vip + for thoes who donate to the forum

does GG forum support paid scripts or services ?

@DARK_DEMON_SCRIPTER The syntax of NOP can be used on in both MASM and ARMv7a ARM7.pdf Ref Page 511

you can use vpn I guess

can you provide screenshots on how you do the fuzzy ? tag me if you do so

X32 True : ~A MOV R0, #0x1 ~A BX LR False : ~A MOV R0, #0x0 ~A BX LR Int : -------------------------------- -- 9999 ~A MOVW R0, #0x270F ~A BX LR -------------------------------- -- 99999999 ~A MOVW R0, #0xE0FF ~A MOVT R0, #0x05F5 ~A BX LR Float : --100 ~A MOVT R0, #0x42C8 ~A VMOV S15, R0 ~A VMOV.F32 S0, S15 ~A BX LR ------------------- --50 ~A MOVT R0, #0x4248 ~A VMOV S15, R0 ~A VMOV.F32 S0, S15 ~A BX LR ------------------- --10 ~A MOVT R0, #0x4120 ~A VMOV S15, R0 ~A VMOV.F32 S0, S15 ~A BX LR ------------------- --0.1 ~A MOVW R0, #0xCCCD ~A MOVT R0, #0x3DCC ~A VMOV S15, R0 ~A VMOV.F32 S0, S15 ~A BX LR ------------------- --0.01 ~A MOVW R0, #0xD70A ~A MOVT R0, #0x3C23 ~A VMOV S15, R0 ~A VMOV.F32 S0, S15 ~A BX LR ------------------- --999999999.999999999 ~A MOVW R0, #0x6B28 ~A MOVT R0, #0x4E6E ~A VMOV S15, R0 ~A VMOV.F32 S0, S15 ~A BX LR Double : --100 ~A MOV R0, #0x0 ~A MOVT R1, #0x4059 ~A VMOV D16, R1, R0 ~A VMOV.F64 D0, D16 ~A BX LR ------------------- --50 ~A MOV R0, #0x0 ~A MOVT R1, #0x4049 ~A VMOV D16, R1, R0 ~A VMOV.F64 D0, D16 ~A BX LR ------------------- --10 ~A MOV R0, #0x0 ~A MOVT R1, #0x4024 ~A VMOV D16, R1, R0 ~A VMOV.F64 D0, D16 ~A BX LR ------------------- --0.1 ~A MOVW R0, #0x999A ~A MOVT R0, #0x9999 ~A MOVW R1, #0x9999 ~A MOVT R1, #0x3FB9 ~A VMOV D16, R1, R0 ~A VMOV.F64 D0, D16 ~A BX LR ------------------- --0.01 ~A MOVW R0, #0x999A ~A MOVT R0, #0x9999 ~A MOVW R1, #0x9999 ~A MOVT R1, #0x3FB9 ~A VMOV D16, R1, R0 ~A VMOV.F64 D0, D16 ~A BX LR ------------------- --999999999.999999999 ~A MOV R0, #0x0 ~A MOVW R1, #0xCD65 ~A MOVT R1, #0x41CD ~A VMOV D16, R1, R0 ~A VMOV.F64 D0, D16 ~A BX LR X64 True : ~A8 MOV R0, #0x1 ~A8 RET False : ~A8 MOV R0, #0x0 ~A8 RET Int : -- 9999 ~A8 MOVK R0, #0x270F ~A8 RET --99999999 ~A8 MOVK W0, #0xE0FF, LSL #16 ~A8 MOVK W0, #0x05F5, LSL #32 ~A8 RET Float : --100 ~A8 MOVK W0, #0x0000, LSL #16 ~A8 MOVK W0, #0x42C8, LSL #32 ~A8 FMOV S15, W0 ~A8 VMOV.F32 S0, S15 ~A8 RET ----------------------------- --50 ~A8 MOVK W0, #0x0000, LSL #16 ~A8 MOVK W0, #0x4248, LSL #32 ~A8 FMOV S15, W0 ~A8 VMOV.F32 S0, S15 ~A8 RET ----------------------------- --10 ~A8 MOVK W0, #0x0000, LSL #16 ~A8 MOVK W0, #0x4120, LSL #32 ~A8 FMOV S15, W0 ~A8 VMOV.F32 S0, S15 ~A8 RET ----------------------------- --0.1 ~A8 MOVK W0, #0xCCCD, LSL #16 ~A8 MOVK W0, #0x3DCC, LSL #32 ~A8 FMOV S15, W0 ~A8 VMOV.F32 S0, S15 ~A8 RET ----------------------------- --0.01 ~A8 MOVK W0, #0xD70A, LSL #16 ~A8 MOVK W0, #0x3C23, LSL #32 ~A8 FMOV S15, W0 ~A8 VMOV.F32 S0, S15 ~A8 RET ----------------------------- --99999999.99999999 ~A8 MOVK W0, #0xBC20, LSL #16 ~A8 MOVK W0, #0x4CBE, LSL #32 ~A8 FMOV S15, W0 ~A8 VMOV.F32 S0, S15 ~A8 RET Double : --100 ~A8 MOVZ X0, #0x0 ~A8 MOVK X0, #0x0, LSL #16 ~A8 MOVK X0, #0x0, LSL #32 ~A8 MOVK X0, #0x4059, LSL #48 ~A8 FMOV D16, X0 ~A8 VMOV.F64 D0, D16 ~A8 RET ----------------------------- --50 ~A8 MOVZ X0, #0x0 ~A8 MOVK X0, #0x0, LSL #16 ~A8 MOVK X0, #0x0, LSL #32 ~A8 MOVK X0, #0x4049, LSL #48 ~A8 FMOV D16, X0 ~A8 VMOV.F64 D0, D16 ~A8 RET ----------------------------- --10 ~A8 MOVZ X0, #0x0 ~A8 MOVK X0, #0x0, LSL #16 ~A8 MOVK X0, #0x0, LSL #32 ~A8 MOVK X0, #0x4024, LSL #48 ~A8 FMOV D16, X0 ~A8 VMOV.F64 D0, D16 ~A8 RET ----------------------------- --0.1 ~A8 MOVZ X0, #0x999A ~A8 MOVK X0, #0x9999, LSL #16 ~A8 MOVK X0, #0x9999, LSL #32 ~A8 MOVK X0, #0x3FB9, LSL #48 ~A8 FMOV D16, X0 ~A8 VMOV.F64 D0, D16 ~A8 RET ----------------------------- --0.01 ~A8 MOVZ X0, #0x147B ~A8 MOVK X0, #0x47AE, LSL #16 ~A8 MOVK X0, #0x7AE1, LSL #32 ~A8 MOVK X0, #0x3F84, LSL #48 ~A8 FMOV D16, X0 ~A8 VMOV.F64 D0, D16 ~A8 RET ----------------------------- --99999999.99999999 ~A8 MOVZ X0, #0xFFFF ~A8 MOVK X0, #0xFFFF, LSL #16 ~A8 MOVK X0, #0xD783, LSL #32 ~A8 MOVK X0, #0x4197, LSL #48 ~A8 FMOV D16, X0 ~A8 VMOV.F64 D0, D16 ~A8 RET • You can find lua code to convert any value to ARM -> HERE ----> If you get an error comment it out

if patching still make the weapon stop shooting try negative value ( example -100% this might work) and make sure that method is related to the player class only cause you dont want rapid fire fo all entity I guess

I guess badcase tool patch it as an int thats why you get error consider checking the edits or do it manually also respect every data type , edits with wrong code may cause game crush or system crush in some cases

edit it as float or double depending on the data type of the percentage if it has a method or if it's a const u simply edit the value without arm patching or if it's a void method pointer search that class and find the percentage value in that class ( calculate offset manually if it doesn't show on the dump file ) -> don't need arm patching either

no need because we end the function with bx lr : editing push instruction with movw r0, #999 followed by bx lr in the next instruction is like we create a new function code : int new() { return 999; } the remain instrunction are useless the proccessor won't read them

edit the address 9936C000 ( push instruction ) to MOVW R0, #999 edit the address below it (ADD R11 SP #16 ) to BX LR

PM me the modified apk or follow this tuto on youtube.

The Android system requires that all installed applications be digitally signed with a certificate whose private key is held by the application's developer. The Android system uses the certificate as a means of identifying the author of an application and establishing trust relationships between applications.

I guess you need to re-sign the apk

did you sign the apk ?

specify your case so i can make a tuto

Requests anti-tamper (ssl) : you can use frida to bypass ssl pinning and patch the apk this will make you see the requests contents and tamper them ( server side hacking ) . inner code anti-tamper ( anti-cheat ) : for il2cpp games you can search the dump file for the class which responsible for data compairing etc and disable it ( or arm patching it ) this will bypass the game anticheat, for non unity games : you can use ida to dissamble the lib from there you can do the same steps with il2cpp ( when it comes to arm patching using frida or similar debugger is recomanded ). another aproach is to use jadx & frida to hook the java (JM)

the ? region is a memory out of boundry means for each app to be executed the proccessor allocate a memory for the app , these addresses and values are for another application editing them won't affect the game but it does for the other application what cause this : it might be a GLIBC Heap bug or a heap overflow

you mean requests tamper or inner code tamper ?

what @CmP said is the answer

the il2cpp might be misconfigured by the dev and puted a linker for il2cpp in system region

this is why it's not a good practice because ipairs , pairs and every built-in functions in lua that deals with tables start the iteration by default at index 1 --> here is an example

void functions doenst have return , also it act like : for key , value in pairs() in lua

youre right forget that metatable doesn't work with numbers index