-
Posts
255 -
Joined
-
Last visited
-
Days Won
13
Content Type
Profiles
Forums
Downloads
Gallery
Everything posted by XEKEX
-
yes but it's time consuming
-
Lua Course Video --> link Pointers basic explain video --> link C# Beginners guide video link --> link GameGuardian Scripting reference --> link thats all u need to learn the basics also Google / youtube is ur best solution in case of learning how to create a script I don't recommend following some tutorials on youtube stick with GG doc read and try the more u write the more u learn that's all don't forget that this forum can give you more help in case u want a fast lua compiler use this one I prefer link also if u are intrested in arm use godbolt.org
-
View File Pure Lua library import this lib to your script : • setup ! XEK = nil load_lib = gg.makeRequest('https://raw.githubusercontent.com/chihaamin/XEKEX/main/xLIB.lua') if load_json_lib.code == 200 then -- check the status of the request XEK = load(load_json_lib.content,'bt')() end • Comment if you find a bug / error or if you have Idea for implementation. • All the file is documented and commented for beginners. ♥ Add "XEKEX was here" in your script if it was helful ------------------------------------------------------------------------------- IMPORT : JSON = XEK.import('https://raw.githubusercontent.com/rxi/json.lua/master/json.lua') -- this will import a lib into your script JSON.decode(response.content) Text2Dword : -- Text2Dword function Convert a text to dword value local DWORD = XEK.Text2Dword("berry") -- Print the result print(DWORD) --> Output: '6619234;7471218;121::9' Dword2Text : -- Dword2Text function Convert a Dword value to text local sampleValue = "6619234;7471218;121" local text = XEK.Dword2Text(sampleValue) -- Print the result print(text) --> Output: 'berry' hex : The 'hex' function takes two arguments: a value to convert to hexadecimal and a boolean 'hx' indicating whether to add '0x' or 'h' prefix to the output. --[[ If hx is true, the function returns the hexadecimal value with '0x' prefix. If hx is false, the function returns the hexadecimal value with 'h' suffix. If hx is not provided or not a boolean, the function returns the hexadecimal value without any prefix or suffix. The function uses string formatting to convert the value to hexadecimal. ]] --> Examples: --Convert decimal value to hexadecimal with '0x' prefix print(XEK.hex(255, true)) --> Output: 0xFF --Convert decimal value to hexadecimal with 'h' suffix print(XEK.hex(255, false)) --> Output: FFh --Convert decimal value to hexadecimal without any prefix or suffix print(XEK.hex(255)) --> Output: FF dump : --[[ dump function takes a table as input and returns a string representation of the table. If the input is not a table, it returns a string representation of the input. Parameters: tab (table): the table to be dumped Returns: (string): the string representation of the table ]] --> Example usage: local myTable = {name = "John", age = 30, hobbies = {"reading", "running"}} print(XEK.Dump(myTable)) -- Output: { ["name"] = "John", ["age"] = 30, ["hobbies"] = { [1] = "reading", [2] = "running", } } split : --split function splits a string into a table of substrings using a specified delimiter --The function takes two parameters: s, which is the string to be split, and delimiter, which is the character or string used to separate the substrings --> Example usage: local myString = "apple,banana,cherry,orange" local myTable = XEK.split(myString, ",") -- The above code will split the string "apple,banana,cherry,orange" into substrings using the comma as the delimiter and store the result in a table called myTable --The resulting table will contain the following values: myTable[1] = "apple" myTable[2] = "banana" myTable[3] = "cherry" myTable[4] = "orange" ARMIT fix : --# Example 1: Converting an Integer to Assembly Instructions local instructions = XEK.ARMIT(123456, "int", true) --The above function call will generate assembly instructions to move the value 123456 into a register in AArch64. --> Output: instructions = { [1] = '~A8 MOVK W0, #0xE240, LSL #16', [2] = '~A8 MOVK W0, #0x0001, LSL #32', [3] = '~A8 RET', } --# Example 2: Converting a Boolean to Assembly Instructions local instructions = XEK.ARMIT(true, "bool") --The above function call will generate assembly instructions to move the value 1 (true) into a register in AArch32. --> Output: instructions = { [1] = '~A MOV R0, #0x1', [2] = '~A BX LR', } --# Example 3: Converting a Float to Assembly Instructions local instructions = XEK.ARMIT(3.14159, "f", true) --The above function call will generate assembly instructions to move the value 3.14159 into a floating point register in AArch64. --> Output: instructions = { [1] = '~A8 MOVK W0, #0x0FD0, LSL #16', [2] = '~A8 MOVK W0, #0x4049, LSL #32', [3] = '~A8 FMOV S0, W0', [4] = '~A8 RET', } --# Example 4: Converting a Double to Assembly Instructions local instructions = XEK.ARMIT(123456789.987654321, "d") --The above function call will generate assembly instructions to move the value 123456789.987654321 into a double precision floating point register in AArch32. --> Output: instructions = { [1] = '~A MOVW R0, #0x5BA8', [2] = '~A MOVT R0, #0x57F3', [3] = '~A MOVW R1, #0x6F34', [4] = '~A MOVT R1, #0x419D', [5] = '~A VMOV D0, R1, R0', [6] = '~A BX LR', } readBytes | readWord | readDword | readFloat | readDouble : local words = XEK.readWord(addr, size, ';') <-| return a string local dwords = XEK.readDword(addr, size, '-') <-| return a string local floats = XEK.readFloat(addr, size, '|') <-| return a string local doubles = XEK.readDouble(addr, size, ':') <-| return a string -- OR local words = XEK.readWord(addr, size) <-| return a table local dwords = XEK.readDword(addr, size) <-| return a table local floats = XEK.readFloat(addr, size) <-| return a table local doubles = XEK.readDouble(addr, size) <-| return a table --<< these function purpose is to read values from memory for comparison >>-- getResults : --# Example usage of getResults function and its returned table local t = XEK.getResults(10) or t = XEK.getResults() <-|-- Get 10 results or all result | you can specified parameter same as GG print(t.data[1].address) <-|-- Print the address of the first result --# Example usage of focus function t:focus() <-|-- Save original values of results table print(t.original[1]) <-|-- Print the original value of the first result --# Example usage of update function t:update(999) <-|-- Set all values in result table to 999 --# Example usage of reset function t:reset() <-|-- Reset all values in result table to their original values --# Example usage of offset function t:offset(0x8) <-|-- Add 8 to the address of each result --# Example usage of append function local t2 = XEK.getResults(5) <-|-- Get 5 more results t:append(t2) <-|-- Append t2 results to t print(#t.data) <-|-- Print the total number of results in t --# Example usage of get function t:get() <-|-- Refresh the results table --# Example usage of clear function t:clear() <-|-- Destroy the results table and clear garbage MakeMenu : -- Create a new menu object local myMenu = XEK.MakeMenu().Menu:new({"Option 1", "Option 2", "Option 3"}) | this will add Menues -- Add a new action to the menu myMenu.actions:new(1, function() -- argument 1 is the index of menu ( option 1 function ) | index must be a number print("Option 1 was selected!") end) myMenu.actions:new(2, function() print("Option 2 was selected!") end) -- etc -- . -- . -- . -- Display the menu and wait for the user to make a selection myMenu:display() --whenever the user select a menu item it will trigger the functions inside myMenu.actions ( created with myMenu.actions:new(index, function) ) Submitter XEKEX Submitted 01/13/2023 Category Tools
-
Version 2
1,131 downloads
import this lib to your script : • setup ! XEK = nil load_lib = gg.makeRequest('https://raw.githubusercontent.com/chihaamin/XEKEX/main/xLIB.lua') if load_lib.code == 200 then -- check the status of the request XEK = load(load_lib.content,'bt')() end • Comment if you find a bug / error or if you have Idea for implementation. • All the file is documented and commented for beginners. ♥ Add "XEKEX was here" in your script if it was helful ------------------------------------------------------------------------------- IMPORT : JSON = XEK.import('https://raw.githubusercontent.com/rxi/json.lua/master/json.lua') -- this will import a lib into your script JSON.decode(response.content) Text2Dword : -- Text2Dword function Convert a text to dword value local DWORD = XEK.Text2Dword("berry") -- Print the result print(DWORD) --> Output: '6619234;7471218;121::9' Dword2Text : -- Dword2Text function Convert a Dword value to text local sampleValue = "6619234;7471218;121" local text = XEK.Dword2Text(sampleValue) -- Print the result print(text) --> Output: 'berry' hex : The 'hex' function takes two arguments: a value to convert to hexadecimal and a boolean 'hx' indicating whether to add '0x' or 'h' prefix to the output. --[[ If hx is true, the function returns the hexadecimal value with '0x' prefix. If hx is false, the function returns the hexadecimal value with 'h' suffix. If hx is not provided or not a boolean, the function returns the hexadecimal value without any prefix or suffix. The function uses string formatting to convert the value to hexadecimal. ]] --> Examples: --Convert decimal value to hexadecimal with '0x' prefix print(XEK.hex(255, true)) --> Output: 0xFF --Convert decimal value to hexadecimal with 'h' suffix print(XEK.hex(255, false)) --> Output: FFh --Convert decimal value to hexadecimal without any prefix or suffix print(XEK.hex(255)) --> Output: FF dump : --[[ dump function takes a table as input and returns a string representation of the table. If the input is not a table, it returns a string representation of the input. Parameters: tab (table): the table to be dumped Returns: (string): the string representation of the table ]] --> Example usage: local myTable = {name = "John", age = 30, hobbies = {"reading", "running"}} print(XEK.Dump(myTable)) -- Output: { ["name"] = "John", ["age"] = 30, ["hobbies"] = { [1] = "reading", [2] = "running", } } split : --split function splits a string into a table of substrings using a specified delimiter --The function takes two parameters: s, which is the string to be split, and delimiter, which is the character or string used to separate the substrings --> Example usage: local myString = "apple,banana,cherry,orange" local myTable = XEK.split(myString, ",") -- The above code will split the string "apple,banana,cherry,orange" into substrings using the comma as the delimiter and store the result in a table called myTable --The resulting table will contain the following values: myTable[1] = "apple" myTable[2] = "banana" myTable[3] = "cherry" myTable[4] = "orange" ARMIT fix : --# Example 1: Converting an Integer to Assembly Instructions local instructions = XEK.ARMIT(123456, "int", true) --The above function call will generate assembly instructions to move the value 123456 into a register in AArch64. --> Output: instructions = { [1] = '~A8 MOVK W0, #0xE240, LSL #16', [2] = '~A8 MOVK W0, #0x0001, LSL #32', [3] = '~A8 RET', } --# Example 2: Converting a Boolean to Assembly Instructions local instructions = XEK.ARMIT(true, "bool") --The above function call will generate assembly instructions to move the value 1 (true) into a register in AArch32. --> Output: instructions = { [1] = '~A MOV R0, #0x1', [2] = '~A BX LR', } --# Example 3: Converting a Float to Assembly Instructions local instructions = XEK.ARMIT(3.14159, "f", true) --The above function call will generate assembly instructions to move the value 3.14159 into a floating point register in AArch64. --> Output: instructions = { [1] = '~A8 MOVK W0, #0x0FD0, LSL #16', [2] = '~A8 MOVK W0, #0x4049, LSL #32', [3] = '~A8 FMOV S0, W0', [4] = '~A8 RET', } --# Example 4: Converting a Double to Assembly Instructions local instructions = XEK.ARMIT(123456789.987654321, "d") --The above function call will generate assembly instructions to move the value 123456789.987654321 into a double precision floating point register in AArch32. --> Output: instructions = { [1] = '~A MOVW R0, #0x5BA8', [2] = '~A MOVT R0, #0x57F3', [3] = '~A MOVW R1, #0x6F34', [4] = '~A MOVT R1, #0x419D', [5] = '~A VMOV D0, R1, R0', [6] = '~A BX LR', } readBytes | readWord | readDword | readFloat | readDouble : local words = XEK.readWord(addr, size, ';') <-| return a string local dwords = XEK.readDword(addr, size, '-') <-| return a string local floats = XEK.readFloat(addr, size, '|') <-| return a string local doubles = XEK.readDouble(addr, size, ':') <-| return a string -- OR local words = XEK.readWord(addr, size) <-| return a table local dwords = XEK.readDword(addr, size) <-| return a table local floats = XEK.readFloat(addr, size) <-| return a table local doubles = XEK.readDouble(addr, size) <-| return a table --<< these function purpose is to read values from memory for comparison >>-- getResults : --# Example usage of getResults function and its returned table local t = XEK.getResults(10) or t = XEK.getResults() <-|-- Get 10 results or all result | you can specified parameter same as GG print(t.data[1].address) <-|-- Print the address of the first result --# Example usage of focus function t:focus() <-|-- Save original values of results table print(t.original[1]) <-|-- Print the original value of the first result --# Example usage of update function t:update(999) <-|-- Set all values in result table to 999 --# Example usage of reset function t:reset() <-|-- Reset all values in result table to their original values --# Example usage of offset function t:offset(0x8) <-|-- Add 8 to the address of each result --# Example usage of append function local t2 = XEK.getResults(5) <-|-- Get 5 more results t:append(t2) <-|-- Append t2 results to t print(#t.data) <-|-- Print the total number of results in t --# Example usage of get function t:get() <-|-- Refresh the results table --# Example usage of clear function t:clear() <-|-- Destroy the results table and clear garbage MakeMenu : -- Create a new menu object local myMenu = XEK.MakeMenu().Menu:new({"Option 1", "Option 2", "Option 3"}) | this will add Menues -- Add a new action to the menu myMenu.actions:new(1, function() -- argument 1 is the index of menu ( option 1 function ) | index must be a number print("Option 1 was selected!") end) myMenu.actions:new(2, function() print("Option 2 was selected!") end) -- etc -- . -- . -- . -- Display the menu and wait for the user to make a selection myMenu:display() --whenever the user select a menu item it will trigger the functions inside myMenu.actions ( created with myMenu.actions:new(index, function) ) -
The x64 has been released
-
-
-
+ Learn Lua & some basic C++ / arm / pointers and You good to go
-
Has anyone succesfully hacked online game before?
XEKEX replied to Sup32's topic in General Discussion
I know the Underline is illegal even if it's for game hacking -
Has anyone succesfully hacked online game before?
XEKEX replied to Sup32's topic in General Discussion
yeah Ive done it manytimes usally android games have a weak servers security means that u can exploit many server exploits like ssh, sql injection ,heartbleed, JWT etc it's not 100% success but u can try it Note : I'm not encouraging to do thoes kind of stuff it's illeagl and can cause jail so be careful unless u are experineced and have CISSP or CEH -
How can I be sure that the value is stored on server side?
XEKEX replied to Iqbroly's topic in General Discussion
You can use PUT / PATCH / DELETE aswell to add shell code to server-side if they use weak security You can Use fiddler(avrage) / Burp-suite (pro) / Charles proxy (easy) -
How can I be sure that the value is stored on server side?
XEKEX replied to Iqbroly's topic in General Discussion
Some games Uses Json /csv for items and in memory they use ID for every item ingame and from the ID it get it's information like status etc the ID might be an int value or pointer for unity games they usally use int value for ID or a string and for other libs like libcocos2d they use pointers in case U change the pointer and it's just visual then the data is server side in most cases it's both sides game and server and the server just check if it's the correct data depending on manythings like lvl / stages etc if the game isn't unity game use ida pro to debug that lib and search for encrypt function or md5 or whatever encryption they use after that use frida to hook that function and make sure that u use charls proxy or burpsuite as a listener and from thoes request the game made use that encrypt function as a new native function and copy it's data (encrypted in charls or burp ) to decrypt that data if you find somthing interresting edit it and use the encrypt function again to reencrypt it and post it to server-side this is how you hack non unity game server side in case of unity game they most likly use strings to the items as const if the dump file doesn't give thoes strings try to find a method or a class related to thoes string and write a custom script to dump them then from there u can hack the items easly -
TUT A beginner's guide to brave frontier modding with IDA Pro [PICS]
XEKEX replied to xXL3g3ndXx's topic in Tutorials
ALTERNATIVE MODDING : after you load the lib in IDA pro (The game must have LIBC maybe not in some cases) connect ur phone with ur PC and download frida instrument in ur pc also vscode and adb ( go to youtube how to download frida / adb ) create a file in your workspace like "test.js" in test.js write this basic hook code : this code will hook the lib u put it and log it's base adress same as game guardian. after that go to IDA pro and find what function u want to hook for example from this tutorial : MonsterUnit::getMaxHP() after u searched for the function click on it and copy this part : Go back to test.js and write this code : What does this function is to log the R0 and the Return value of the function (you can change args[0] to any R1 .. R2 .. etc ) Finally : attach ur phone to ur pc via usb in terminal write adb devices to make sure adb is active then from vscode terminal write : frida -Uf the game bandlle name com.somthing -l .\test.js --no-pause -U means usb f mean force -l means the file to inject --no-pause a parameter to frida to doesnt pause the game by default NOTE : the scipt only console log the values to change the args just make args[0] = the value u want (should be in hex 0x) to change the return value : retval.replace(0xthe value u want in hex) WHY FRIDA ? * MOD the game realtime without changing the lib or game files * You can change the SCRIPT while it's running * You can Bypass root detection / SSL pinning from the game * Undetected from server-side bc it clone the lib u hooked on the script and perform trampoline hook for all it's functions * U just need a little javascript / py knowledge Frida Repo ---> frida.re A tuto found in youtube --> Tuto (in the tuto he use libil2cpp.so(debbugable = true) and the app should have libc in their lib file or frida won't work you can make it work by hooking java function instead of IDA use jadx note : MORE ADVANCED) ------------------------------------------------------ "From my experince with frida I hooked encrypt function in a game and from that hook I successfully decrypt all the data from requests and Hack the game server-side with burpsuite & frida " -
-
Your_Table = gg.getResults(gg.getResultsCount()) ---> this function returns a table contains a key/index that contain address , value , and flags etc if you want to refresh values u need to type : Your_Table = gg.getValues(Your_Table) if you want to change it's values(if u have more than 2) then you need to make a loop and type : for key,values in pairs(Your_Table) do Your_Table[key].value = AnyValueYouWant end gg.setValues(Your_Table) to avoid writing this every time if you have many values/functions etc you can make a function that does that with less writing and You just need to declaire it one time on your script and since in lua we can insert a function inside a table and call it we can do it like so : function UP() function temp_table.update(self) local temp_table = {} -- empty temp table temp_table.results = gg.getResults(gg.getResultsCount()) -- results temp_table.update = function(self,setvalue) -- update function -------------------------------------> Updates the values for key,values in pairs(self.results) do self.results = gg.getValues(self.results) end end ------------------------------------> the self parametre allow us to call the function and make it act on its self and since it self is a table that mean it will update it self(the function call look like thistable= update(thistable) but we instead call it like this thistable:update() return temp_table end -------------------------------------------------------------------------------------------------------------- we can add if then else or any loop/conditions/ we can also add an explicit parametre to the update function like gg.setValues(Your_Table) and the final function will look like this : function UP() local temp_table = {} temp_table.results = gg.getResults(gg.getResultsCount()) temp_table.update = function(self,setvalue) for key,values in pairs(self.results) do if setvalue ~= nil then setvalue = tostring(setvalue) self.results[key].value = setvalue gg.setValues(self.results) end self.results= gg.getValues(self.results) gg.alert(tostring(self.results[key].value)..' Updated') end end return temp_table end note : you can also use assert for type(key) == 'table' so the function update rest intact -------------------------------------------------------------------------------------------------------------- Finally after You use gg.SearchValue() instead of writing : Your_Table = gg.getResults(gg.getResultsCounts()) just type Your_Table = UP() and inside the while true do add Your_Table:update() and if you want to set values just type Your_Table:update(1598) code example : LIVE code: XRecorder_Edited_24112022_140550.mp4 You can use this method to toggle ON/OFF menu and to check if specifc value met requirement for example postions like if u have X,Y values u can make a condition if X == 15 then .. etc (inside update function) I hope you get the point Enjoy
-
-
If u are using 32bit this might help u but u need to do it manually the value u searched copy it's address then go to offset calculator paste the address and for offset type -0x6b0 then save the address u get from offset calculator long press and click go to pointer then go down by 2 addresses and the 2ed address should be colored in yellow same again go to pointer and don't forget to enable string representative in memory you should read the class name 2 letters by 2 letters Mr.Dragon Star explained it in depth in his yt channel you can look up for his video :
-
-
View File Grim Soul RPG Item Hack Script ( Final Update ) • This will be the last script update for this game • (Please read "About This Update") CREDITS : ALL BY ME AKA XEKEX Submitter XEKEX Submitted 11/19/2022 Category LUA scripts
-
-
if u want to use it in gg.alert/gg.toast functions u need to change the value to a string to print it gg.toast(tostring(the Qword value))
-
- 4 comments
-
1
-
- Shared Library
- Hook
-
(and 5 more)
Tagged with:
-
it does crush and ban u bc for example u have 1 value .. there is 5 values related to it u need to change 3 of them also u need to pause the game bc xor encryp need 3 values to be changed at the same time
-
they use double xor encryption on the 4 pointer above the value u trying to use
-
iMonster Classic iMonster Classic Item Hack By XEKEX V
XEKEX replied to XEKEX's topic in LUA scripts
if u use the script then re-open it will give u that error try to restart the game ty