XEKEX

open the apk as zip ull find folder called lib if u find libil2cpp then the game use unity engine if u find cocos2D then the game use lua and c if u find UEsomthing then the game use unreal engine some games write their own lib (rare case) the server side hacking is more higher in cocos2d bc they use libC aswell and you can exploit in many ways such as buffer over flow remote code execution and frida use ida or jadx to dump that lib and search for function that encrypt data and hook it with frida use burp suite aswell to intercept server data and decrypt it using frida most cases the game use firebase to transfer data server side + ngnix and the only solution to hack the server side is by brute force ssh and u need powrfull pc to perform that and linux machine using msf console or ghidra and nmap

View File Dump.CS to Lua Table This Script will change all the Dump.cs file into new file.lua contain a lua table • remove void function since they act on themself or on the class and no return values • filter all possible function / classes for hack usage • ENUM not included • seal / protected are filterd • filter system and all other dll functions • Work for PC and GG script Note : use the script on PC for faster results + the dump name MUST be "Dump.cs" --Script not Encoded feel free to learn Submitter XEKEX Submitted 01/23/2023 Category Tools  

I get it now , anyway your script is similar to elf binary you can research it it might help you

lua script runs from top to buttom it won't execute the condition befor the the val get increment also last value in dex won't meet the requirement for the condition this is why u need to put all conditions on top of the loop

to change 2 values u need to select 2 values u can add the 2ed address by adding new value to your table : arm_True= { ------------- we add new tabe that contain the arm instruction we want [1] = '~A MOV R0, #1', [2] = '~A BX LR', } -- in the table below (base_T) u can save only the address + offset of multiple functions (function a , b , c ,d .. ) base_T = {['address'] = gg.getRangesList('libil2cpp.so')[1].start + offset } -------- we add another table that contain the base address + offset for i = 1 ,#arm_True do ------------ I prefer use for loop this will make changes depending on the number of changes in arm table base_T[i].value = arm_True[i] base_T[i].address + 4 ------------- the 2ed address is always the prev one + 4 end -- if u use the loop above it will change all the functions a,b,c ,d .. to the arm instruction u want (true) without any other coding or searching for every 2ed address gg.setValues(base_T) ----- then we set the values --this method work for 2+ modification --u can also write base_T[1] = .. base_T[2] = .. manually instead -- u can add new index contain the original value in case u want to perform multiple changes base_T = gg.getValues(base) ---- and it's values

for i = 1, loop do if valStart >= range[3]["end"] then break ---->>>>>> make the if statment at the start so it won't add some unwanted addresses an cause crush later dex[#dex + 1] = {address = valStart, flags = gg.TYPE_QWORD} valStart = valStart + 0x250 end end

yes but it's time consuming

Lua Course Video --> link Pointers basic explain video --> link C# Beginners guide video link --> link GameGuardian Scripting reference --> link thats all u need to learn the basics also Google / youtube is ur best solution in case of learning how to create a script I don't recommend following some tutorials on youtube stick with GG doc read and try the more u write the more u learn that's all don't forget that this forum can give you more help in case u want a fast lua compiler use this one I prefer link also if u are intrested in arm use godbolt.org

View File Pure Lua library import this lib to your script : • setup ! XEK = nil load_lib = gg.makeRequest('https://raw.githubusercontent.com/chihaamin/XEKEX/main/xLIB.lua') if load_json_lib.code == 200 then -- check the status of the request XEK = load(load_json_lib.content,'bt')() end • Comment if you find a bug / error or if you have Idea for implementation. • All the file is documented and commented for beginners. ♥ Add "XEKEX was here" in your script if it was helful ------------------------------------------------------------------------------- IMPORT : JSON = XEK.import('https://raw.githubusercontent.com/rxi/json.lua/master/json.lua') -- this will import a lib into your script JSON.decode(response.content) Text2Dword : -- Text2Dword function Convert a text to dword value local DWORD = XEK.Text2Dword("berry") -- Print the result print(DWORD) --> Output: '6619234;7471218;121::9' Dword2Text : -- Dword2Text function Convert a Dword value to text local sampleValue = "6619234;7471218;121" local text = XEK.Dword2Text(sampleValue) -- Print the result print(text) --> Output: 'berry' hex : The 'hex' function takes two arguments: a value to convert to hexadecimal and a boolean 'hx' indicating whether to add '0x' or 'h' prefix to the output. --[[ If hx is true, the function returns the hexadecimal value with '0x' prefix. If hx is false, the function returns the hexadecimal value with 'h' suffix. If hx is not provided or not a boolean, the function returns the hexadecimal value without any prefix or suffix. The function uses string formatting to convert the value to hexadecimal. ]] --> Examples: --Convert decimal value to hexadecimal with '0x' prefix print(XEK.hex(255, true)) --> Output: 0xFF --Convert decimal value to hexadecimal with 'h' suffix print(XEK.hex(255, false)) --> Output: FFh --Convert decimal value to hexadecimal without any prefix or suffix print(XEK.hex(255)) --> Output: FF dump : --[[ dump function takes a table as input and returns a string representation of the table. If the input is not a table, it returns a string representation of the input. Parameters: tab (table): the table to be dumped Returns: (string): the string representation of the table ]] --> Example usage: local myTable = {name = "John", age = 30, hobbies = {"reading", "running"}} print(XEK.Dump(myTable)) -- Output: { ["name"] = "John", ["age"] = 30, ["hobbies"] = { [1] = "reading", [2] = "running", } } split : --split function splits a string into a table of substrings using a specified delimiter --The function takes two parameters: s, which is the string to be split, and delimiter, which is the character or string used to separate the substrings --> Example usage: local myString = "apple,banana,cherry,orange" local myTable = XEK.split(myString, ",") -- The above code will split the string "apple,banana,cherry,orange" into substrings using the comma as the delimiter and store the result in a table called myTable --The resulting table will contain the following values: myTable[1] = "apple" myTable[2] = "banana" myTable[3] = "cherry" myTable[4] = "orange" ARMIT fix : --# Example 1: Converting an Integer to Assembly Instructions local instructions = XEK.ARMIT(123456, "int", true) --The above function call will generate assembly instructions to move the value 123456 into a register in AArch64. --> Output: instructions = { [1] = '~A8 MOVK W0, #0xE240, LSL #16', [2] = '~A8 MOVK W0, #0x0001, LSL #32', [3] = '~A8 RET', } --# Example 2: Converting a Boolean to Assembly Instructions local instructions = XEK.ARMIT(true, "bool") --The above function call will generate assembly instructions to move the value 1 (true) into a register in AArch32. --> Output: instructions = { [1] = '~A MOV R0, #0x1', [2] = '~A BX LR', } --# Example 3: Converting a Float to Assembly Instructions local instructions = XEK.ARMIT(3.14159, "f", true) --The above function call will generate assembly instructions to move the value 3.14159 into a floating point register in AArch64. --> Output: instructions = { [1] = '~A8 MOVK W0, #0x0FD0, LSL #16', [2] = '~A8 MOVK W0, #0x4049, LSL #32', [3] = '~A8 FMOV S0, W0', [4] = '~A8 RET', } --# Example 4: Converting a Double to Assembly Instructions local instructions = XEK.ARMIT(123456789.987654321, "d") --The above function call will generate assembly instructions to move the value 123456789.987654321 into a double precision floating point register in AArch32. --> Output: instructions = { [1] = '~A MOVW R0, #0x5BA8', [2] = '~A MOVT R0, #0x57F3', [3] = '~A MOVW R1, #0x6F34', [4] = '~A MOVT R1, #0x419D', [5] = '~A VMOV D0, R1, R0', [6] = '~A BX LR', } readBytes | readWord | readDword | readFloat | readDouble : local words = XEK.readWord(addr, size, ';') <-| return a string local dwords = XEK.readDword(addr, size, '-') <-| return a string local floats = XEK.readFloat(addr, size, '|') <-| return a string local doubles = XEK.readDouble(addr, size, ':') <-| return a string -- OR local words = XEK.readWord(addr, size) <-| return a table local dwords = XEK.readDword(addr, size) <-| return a table local floats = XEK.readFloat(addr, size) <-| return a table local doubles = XEK.readDouble(addr, size) <-| return a table --<< these function purpose is to read values from memory for comparison >>-- getResults : --# Example usage of getResults function and its returned table local t = XEK.getResults(10) or t = XEK.getResults() <-|-- Get 10 results or all result | you can specified parameter same as GG print(t.data[1].address) <-|-- Print the address of the first result --# Example usage of focus function t:focus() <-|-- Save original values of results table print(t.original[1]) <-|-- Print the original value of the first result --# Example usage of update function t:update(999) <-|-- Set all values in result table to 999 --# Example usage of reset function t:reset() <-|-- Reset all values in result table to their original values --# Example usage of offset function t:offset(0x8) <-|-- Add 8 to the address of each result --# Example usage of append function local t2 = XEK.getResults(5) <-|-- Get 5 more results t:append(t2) <-|-- Append t2 results to t print(#t.data) <-|-- Print the total number of results in t --# Example usage of get function t:get() <-|-- Refresh the results table --# Example usage of clear function t:clear() <-|-- Destroy the results table and clear garbage MakeMenu : -- Create a new menu object local myMenu = XEK.MakeMenu().Menu:new({"Option 1", "Option 2", "Option 3"}) | this will add Menues -- Add a new action to the menu myMenu.actions:new(1, function() -- argument 1 is the index of menu ( option 1 function ) | index must be a number print("Option 1 was selected!") end) myMenu.actions:new(2, function() print("Option 2 was selected!") end) -- etc -- . -- . -- . -- Display the menu and wait for the user to make a selection myMenu:display() --whenever the user select a menu item it will trigger the functions inside myMenu.actions ( created with myMenu.actions:new(index, function) ) Submitter XEKEX Submitted 01/13/2023 Category Tools  

The x64 has been released

+ Learn Lua & some basic C++ / arm / pointers and You good to go

I know the Underline is illegal even if it's for game hacking

yeah Ive done it manytimes usally android games have a weak servers security means that u can exploit many server exploits like ssh, sql injection ,heartbleed, JWT etc it's not 100% success but u can try it Note : I'm not encouraging to do thoes kind of stuff it's illeagl and can cause jail so be careful unless u are experineced and have CISSP or CEH

You can use PUT / PATCH / DELETE aswell to add shell code to server-side if they use weak security You can Use fiddler(avrage) / Burp-suite (pro) / Charles proxy (easy)

Some games Uses Json /csv for items and in memory they use ID for every item ingame and from the ID it get it's information like status etc the ID might be an int value or pointer for unity games they usally use int value for ID or a string and for other libs like libcocos2d they use pointers in case U change the pointer and it's just visual then the data is server side in most cases it's both sides game and server and the server just check if it's the correct data depending on manythings like lvl / stages etc if the game isn't unity game use ida pro to debug that lib and search for encrypt function or md5 or whatever encryption they use after that use frida to hook that function and make sure that u use charls proxy or burpsuite as a listener and from thoes request the game made use that encrypt function as a new native function and copy it's data (encrypted in charls or burp ) to decrypt that data if you find somthing interresting edit it and use the encrypt function again to reencrypt it and post it to server-side this is how you hack non unity game server side in case of unity game they most likly use strings to the items as const if the dump file doesn't give thoes strings try to find a method or a class related to thoes string and write a custom script to dump them then from there u can hack the items easly

ALTERNATIVE MODDING : after you load the lib in IDA pro (The game must have LIBC maybe not in some cases) connect ur phone with ur PC and download frida instrument in ur pc also vscode and adb ( go to youtube how to download frida / adb ) create a file in your workspace like "test.js" in test.js write this basic hook code : this code will hook the lib u put it and log it's base adress same as game guardian. after that go to IDA pro and find what function u want to hook for example from this tutorial : MonsterUnit::getMaxHP() after u searched for the function click on it and copy this part : Go back to test.js and write this code : What does this function is to log the R0 and the Return value of the function (you can change args[0] to any R1 .. R2 .. etc ) Finally : attach ur phone to ur pc via usb in terminal write adb devices to make sure adb is active then from vscode terminal write : frida -Uf the game bandlle name com.somthing -l .\test.js --no-pause -U means usb f mean force -l means the file to inject --no-pause a parameter to frida to doesnt pause the game by default NOTE : the scipt only console log the values to change the args just make args[0] = the value u want (should be in hex 0x) to change the return value : retval.replace(0xthe value u want in hex) WHY FRIDA ? * MOD the game realtime without changing the lib or game files * You can change the SCRIPT while it's running * You can Bypass root detection / SSL pinning from the game * Undetected from server-side bc it clone the lib u hooked on the script and perform trampoline hook for all it's functions * U just need a little javascript / py knowledge Frida Repo ---> frida.re A tuto found in youtube --> Tuto (in the tuto he use libil2cpp.so(debbugable = true) and the app should have libc in their lib file or frida won't work you can make it work by hooking java function instead of IDA use jadx note : MORE ADVANCED) ------------------------------------------------------ "From my experince with frida I hooked encrypt function in a game and from that hook I successfully decrypt all the data from requests and Hack the game server-side with burpsuite & frida "

If u are using 32bit this might help u but u need to do it manually the value u searched copy it's address then go to offset calculator paste the address and for offset type -0x6b0 then save the address u get from offset calculator long press and click go to pointer then go down by 2 addresses and the 2ed address should be colored in yellow same again go to pointer and don't forget to enable string representative in memory you should read the class name 2 letters by 2 letters Mr.Dragon Star explained it in depth in his yt channel you can look up for his video :