kiynox
-
Posts
455 -
Joined
-
Last visited
-
Days Won
12
Content Type
Profiles
Forums
Downloads
Gallery
Posts posted by kiynox
-
-
[ @_yourram ]
---
Sorry I forgot to add commas:gg.searchNumber('140', gg.TYPE_FLOAT) results = gg.getResults(gg.getResultsCount()) edits = {} for k, v in ipairs({3,6,9}) do edits[#edits + 1] = { address = results[v].address, value = '17', --gg.TYPE_FLOAT = 16 flags = gg.TYPE_FLOAT } end gg.setValues(edits) gg.addListItems(edits)
---
Should work now.0 -
[ @_yourram ]
---Quotewhat does the script wants?
You put your value after the variable instead of replacing the variable. That's wrong:
-- Wrong: value = results[v].value '17' -- Correct: value = '17'
---
This looks like my script, here, I improve it a little bit:gg.searchNumber('140', gg.TYPE_FLOAT) results = gg.getResults(gg.getResultsCount()) edits = {} for k, v in ipairs({3,6,9}) do edits[#edits + 1] ={ address = results[v].address value = '17' --gg.TYPE_FLOAT = 16 flags = gg.TYPE_FLOAT } end gg.setValues(edits) gg.addListItems(edits)
---
*Do note that the script above will only edit the 3, 6 & 9 position of the results.
*I told you to read the error message carefully.0 -
[ @_yourram ]
---Quotewhy did i get the error, what mistakes i'm doing?
You gotta be kidding me. Make sure to READ the error message and do double check to really sure the command is correct. You need to change:
gg.setVlaues -- Wrong gg.setValues -- Correct
---
0 -
[ @ggxAthene ]
---QuoteAnd that's to hook onto a function, and see/intercept the parameters.
You can put the library inside a dissasembler like: IDA Pro or Ghidra -> find your method/function in there -> and generate pseudo-code (F5) and you can see what register that holds our parameter.
---QuoteHow would one even call them when its pointed to the same offsets? I rarely see dumps like this.
Zygisk dumper is extracting purely from memory, it can be incomplete/hit and miss but it is working for most of the time. You should do another dumping
---QuoteHowever, I get a largely blown out number that I'm 100% sure isnt the drop_rate.
It is int32, I'm pretty sure it is not what you're looking for:
- - You can find all the fields related to "drop_rate" and test it one by one
- - You can change the parameter of some method/function instead of doing-it from fields.
---
0 -
[ @EnMan ]
---Quotewhich values in memory are current
- Values are passed to registers, you can see-it using: RegView. Do note that this tool is only for Armeabi-v7a architecture, which is Arm 32-bit and can't be any others. You can either check your game libs on "/data/data/your_app_name/lib" folder.
- You can also use debugger: Frida or GDB and set some breakpoint to see current register value.
---
QuoteI know the previous value
If you know the previous value, why don't just find the address that causing the value to change? (You can find it using Pointer search)
---1 -
-
[ @SussyBaka69 ]
---QuoteHi Is there a virtual that supports android 13
It is trials and errors. There's no fully stable Virtual Apps for Android 13 currently. Android 12-14 introduces alot of restriction, causing alot of problems. You might try:
- - VPhoneGaGa
- - x8Sandbox
---
0 -
[ @Sami1982 ]
---QuoteThough it's not a Game Guardian-related question but have you looked into iEMU and Cider?
'iOS Emulator' is doesn't exist, those kinds of apps is only transform your UI into IOS like looking (Simulator), meaning it is only mimicking how it looks and not emulating the OS itself.
---
[ @ninjavour ]
---Quoteis there emulator emulate ios system can run on android phone or pc windows like vphonegaga emulator but for emulating ios 9 or 10 so we can play apple store games on android phone ?!!
iOS is closed source, unlike Android or Linux. This makes it impossible for someone to create emulator for it, as far as I know, there's a project to emulate Iphone apps and not iOS itself. Also it is only works for older version of apps that compatible with iOS 2. Check it here: touchHLE
---
*I highly sure that there will be no such thing as 'IOS Emulator' in the future, unless Apple goes bankrupt or acquisited by other company.
*Also there's differences between 'simulator' and 'emulator'1 -
[ @bue ]
---QuoteHow am I do it about what you said?
Just open your dumper datas in IDA, file -> open -> your dumped datas -> set the 'processor type' to 'ARM' -> ok. I recommend to learn assembly first.
---0 -
[ @irzam21 ]
---Quotehow to find that offset belongs to dword float or else
What offset you're refering to? Offset is basically a displacement to certain address, it is like 1+2=3 (address+offset=final address)
---Quotealso in which range it belongs to like xa ca cd or else
Depends, you need to see the address first on Memory Viewer, then see if the address is part of what memory range. Mind you, memory range is colored in game guardian to contrast the differences.
---Quotewhich offset will behave as true or false
If you're taking offset from some kind of dumper, true or false is called as bool / boolean.
---1 -
[ @jesty ]
---QuoteHello, can you tell me how to decompile the GG modifier to achieve b40000 elimination
What do you mean by 'b4000 elimination'? Are you refering to bytes? Also what GG modifier? doesn't make sense.
---Quoteit can scan the base address?
You can see base addresses by going into Memory viewer -> goto -> select dropdown menu (v) -> and there you go.
---0 -
[ @bue ]
---QuoteCan you send me another link?The link you gave me redirect the ads web every time I register.I can't download.Or you can send me your ida through link.
You can visit: ThePirateBays then search for IDA. Reminder that it is a torrent site, which you need: UTorrent to download the file.
---QuoteI have no credit card to register.
You dont need a credit card. It is free after all. You got the wrong site probably.
---Quote'This version can only disassemble the PE file'.
That's the limitation of using IDA Free, you need IDA Pro to do all things.
---0 -
[ @bue ]
---QuoteHey is IDA free?
IDA is a paid program. There's a free version with limited features but I would suggest using cracked/pirated version of IDA Pro. Check it on: ThePirateBay
---Quoteghidra is installed with JDK
The minimum requirement is to use JDK 17 or above. See: Ghidra Installation Guide. You can use JDK from Oracle itself: Java17
---1 -
[ @bue ]
---QuoteIs there any powerful memory editor?
Game Guardian is already really powerful. Nothing else can't beat it unless Cheat Engine.
---QuoteIt is hard to explain because necessity of language.
You're doing a good job explaining alat. It does make sense judging from your explanation. Online games partially store some values on the client, for example cache data or temporary value. In this case, the reward / item values are stored inside your game, thus making it modifiable. It is considered a workaround to hack server-sided value using client-sided value.
---
You might want to create another topic at: requests section. You can ask other people to hack your game. Hopefully, one of our Contributor can assist you.0 -
[ @bue ]
---QuoteCan I use hex editor instead ida,ghidra?
Unfortunately you can't. Your only option on the phone is to use Game Guardian. Hex editor cannot translate hex into readable assembly instruction, it is pretty much useless.
---QuoteFor example,I find 'diamond' in dump lib file by searching 'diamond' in search bar in MT manager. Am I right or worng?
You are wrong. You're only finding string/text that has nothing to do with diamond values. If you want to find diamond values using only string/text, you need to use IDA/ any dissasembler apps that can do string reference. Also, diamond values are usually server sided, meaning that you can't change it only trough memory / library.
---
I've seen alot of people trying to hack 'myid'. Looking at it, it is some kind of internet provider app isn't it? It must have been online games. If that's the case, then you can't hack it. It is the same as browser games, where the games is preloaded from server and has nothing to do with the app itself. Meaning that the values are not stored inside the app but rather server sided.0 -
[ @bue ]
---QuoteDo you have some kind of social media like telegram?
I do have: @kiynox
---QuoteI want to ask something specific
Just dm me here
---0 -
[ @bue ]
---QuoteCan Bin files I got help game hacking?I I tried everything.Dumping lib file,dex file and finding values that is so challenging
All games component is inside library (.so) or OBB, not dex file.
---QuoteHi guys,I got bin files from the game by dumping memory in gg.But I don't know what next can I do
What's your point of dumping? It is just saving raw memory into a file. It is pointless if you don't know the way to read it. You can however 'try' to read it by dissasembling the dumped datas using some tools like: IDA Pro, Ghidra, x64dbg, etc; but you need to have some experience in reading assembly (architectural language: ARM, x86, RISC, etc)
---QuoteMy mission is to get offset.
Offset is not obtained by dumping. Did you know what "offset" is? Offset is just basically a diplacement from base address, it is just the way to get our final address, it is like: base + offset = final (1 + 2 = 3). If you're talking about libil2cpp dumper / ue4 dumper, then you're missing the point by dumping raw data from memory. Those 'dumpers' tools is reading the game memory structure from metadata/pattern, read the string references, and then saving it to a file (cs/json file), thus making it readable.
---
So how to get Offset?- - Finds your hack manually using Game Guardian -> copy the 'hack' address -> find out the memory range of our address -> copy the first address of our memory range -> now calculate: hack address - first address of our memory range = offset. You can do all these inside Game Guardian or do some calculation online: Hex Calculator
- - Dissasemble our library using tools I mentioned earlier -> find strings related to our hacks (ex: emulator) -> find any references to our string (xref) -> your offset is the address of any function that referenced by our string.
I made alot of simplification here, it might sounds hard, but it is easy once you understand it.
1 -
[ @johnson128 ]
---QuoteI'm so sad... i wish my game never attacked by game guardian...
You're the owner the of the game? x for doubt.
---0 -
[ @benkomilan ]
---QuoteHey i need help becouse the x8 dont vork to me so i downloaded F1 and that cant download gg
Download GG first on your phone then import it into F1. I recommend using: VPhoneGaGa instead of F1.
---0 -
[ @_yourram ]
---QuoteLoad all changed elements as a result of the search - GameGuardian
You can but it has to be manual, just use gg.addListItems()
--Search DWORD: 30 gg.searchNumber('30', gg.TYPE_DWORD) --Get search results results = gg.getResults(gg.getResultsCount()) --Store addresses that wants to be edited edits = {} --Edit 3,6,9 result for k, v in ipairs({3,6,9}) do if v ~= nil then edits[#edits + 1] ={ address = results[k].address value = results[k].value --Change your value here flags = results[k].flags } end end --Apply edits gg.setValues(edits) --Save edits gg.addListItems(edits)
---
0 -
[ @_yourram ]
---Quotestill gg.toast doesn't appearing and I know about gg.alert() but I just want to fix this problem :!
It's either notification/permission/or some daemon problem:
- > Hold game guardian app shortcut -> App Info -> Grant all kind of notification (badge, etc).
- > Allow display over other apps
- > Allow any kind of permission
- > Run this command on termux:
su setenforce 0
then go inside Game Guardian -> Fix It -> Switch to work with SELinux and restart the app
---Quotedo you know how to run the "changed as search result" command in a script?
Don't understand. Please describe it more precisely.
---
To see the toast, you need to close the Game Guardian UI:gg.setVisible(false)
0 -
[ @_yourram ]
---
As it's name, gg.toast will summon: android toast, it is only visible when you hide the game guardian ui (press the 'x' button on top right corner). If you want to show a message, use gg.alert():Quotegg.alert('done')
---
0 -
[ @angel88888 ]
---QuoteDo u mean that it is impossible to change the game speed in a UE4 engine game by modifying memory values, and the only way to do so is through its internal speed hack
What do you mean by internal and memory? All running app lives in Memory. It is possible to modify speedhack through memory itself but there's differences between Game Guardian speedhack and in-game speedhack (player speed, stats, etc). Game Guardian speedhack needs to keep emulate the time, this cannot be done by only "changing values" as timers will keep revert to original. It is a little bit complicated, but I highly suggest to modify your player speed instead.
---0 -
[ @angel88888 ]
---QuoteTo achieve this, I attempted to modify the speed using the internal speed hack feature on my Android 11 phone
Your logic is flawed. This could work if you find common value, but it is not the case with speedhack. Even If Game Guardian shows you x2, x3, etc; it is only a modifier, which it is not the actual value. Speed value is usually in floats. So if the default speed is 1.05 and the speedhack modifier is 2, it should be = 1.05 * 2. That's why in order to find speedhack, you need to find for unknown/fuzzy value. Also remember that Game Guardian speedhack is related to OS/Kernel timers function, which make it unlikely the value stored in game's memory range.
---QuoteI don't know how to use UE4 dumper
You just need: Termux installled. Then read their documentation, you can find it at the bottom of the github page. There's 2 UE4-Dumper, use it if another fails: AndUE4Dumper - UE4Dumper. Must be noted that you need to know the GWorld & GName addresses of LibUE4 first in order for it to work. It acts like Unity, where you need: libil2cpp.so & metadata.dat, but in UE4 you need: libUE4.so & Gworld - GName address. You can find GWorld or GName trough Hex pattern:
Examples. Find the GWorld-Gname first on Game Guardian -> calculate the offset: GName - Base address of LibUE4 -> Use the tool on termux and put the address:su ./sdcard/download/ue4dumper --sdkw --gworld <address_of_gworld> --gname <address_of_gname> --ptrdec --package <you_game_pkgs_name> --output /sdcard/sdk.txt
---
Unlike Unity / libil2cpp dumper that automatically look for metada.dat, in UE4 Dumper you still need to manually find GWorld & GName.0
Scanning for too many values causes LMK to kill GG
in Help
Posted
[ @r3zaa ]
---
It is unlikely because of memory issues, it is caused by Phantom processes that exist in newer Android version (Android 11-14). This is new restriction that Android (the OS itself) will kill/shutdown memory extensive app. You can try to disable it, but it can cause problems, do it at your responsibility:
---
I recommend to downgrade your Android to atleast Android 9-11.