kiynox
-
Posts
452 -
Joined
-
Last visited
-
Days Won
12
Content Type
Profiles
Forums
Downloads
Gallery
Posts posted by kiynox
-
-
[ @Newtomod ]
---
Using virtual apps / virtual spaces is deprecated. I recommend to use virtual machine:- - VPhoneGaGa
- - VMos Pro
- - x8Sandbox
- - F1 VM
---
1 -
[ @mercutos ]
---QuoteHow can I get the source code for the following game?
Unfortunately you can't get the original source code from already compiled library. You might assume it wrong about SDK. It is just the structure of the game library that shows you the pattern on "how the values are stored".
---QuoteI found some ways, but it was with paid programs. I would like some free option (even if it is more rudimentary, I have engineering knowledge)
There's a free version that you can use: Ghidra dissasembler software or Frida toolkit.
---0 -
[ @BiNoops ]
---Quotetips about hiding GG from the game did not help, apparently it was in the script.
- - Shamiko
- - HideMyAppList
You can use these external modules in the future.
---QuoteI used the for loop because there are a lot of teleportations
If so, I recommend to do teleportations once in a while, trough prompt or interval because you're using "freeze value" here. Then set all of your coordinates into a table:
player_coords = { [1] = {["x"]=1, ["y"]=2, ["z"]=3}, [2] = {["x"]=2, ["y"]=3, ["z"]=4} }
---
QuoteAbout freezing values - sometimes someone can push a character, so I freeze values
Your "for loop" is apparently the main problem here. You need to remove "freeze value" or atleast clear any items from your savedlist: gg.clearList() before adding a new teleportations.
---
If you have any problem just ask me.0 -
[ @BiNoops ]
---
I forgot, should works now:gg.setRanges(gg.REGION_C_ALLOC) gg.sleep(300) gg.searchNumber('1 688;1 374;11.99852752686', gg.TYPE_FLOAT) gg.refineNumber('1 688', gg.TYPE_FLOAT) local xCoord = gg.getResults(gg.getResultsCount()) local xCotemp = {} gg.clearResults() gg.searchNumber('1 688;1 374;11.99852752686', gg.TYPE_FLOAT) gg.refineNumber('1 374', gg.TYPE_FLOAT) local yCoord = gg.getResults(gg.getResultsCount()) local yCotemp = {} gg.clearResults() gg.searchNumber('1 688;1 374;11.99852752686', gg.TYPE_FLOAT) gg.refineNumber('11.99852752686', gg.TYPE_FLOAT) local zCoord = gg.getResults(gg.getResultsCount()) local zCotemp = {} gg.clearResults() for i, v in ipairs(xCoord) do if v.flags == gg.TYPE_FLOAT then xCotemp[i] = { ["address"] = v.address, ["value"] = '1575', ["flags"] = v.flags } end end gg.setValues(xCotemp) for i, v in ipairs(yCoord) do if v.flags == gg.TYPE_FLOAT then yCotemp[i] = { ["address"] = v.address, ["value"] = '1356', ["flags"] = v.flags } end end gg.setValues(yCotemp) for i, v in ipairs(zCoord) do if v.flags == gg.TYPE_FLOAT then zCotemp[i] = { ["address"] = v.address, ["value"] = '13.44929885', ["flags"] = v.flags } end end gg.setValues(zCotemp)
---
1 -
[ @BiNoops ]
---
Alright, let's do some troubleshoot:QuoteGame is protected.
Try to enable the following things:
- 1. Hide Game Guardian from Game: Level 1-4
- 2. Bypass for PTrace Protection: freeze / restore
- 3. Prevent Unload: Level 1-4
----
QuoteBUT when I do the same with a script, the game crashes
Try execute this script and tell me the numbers.
gg.searchNumber('1 688;1 374;11.99852752686', gg.TYPE_FLOAT) gg.refineNumber('1 688', gg.TYPE_FLOAT) gg.alert(tostring(gg.getResultsCount())) gg.clearResults() gg.searchNumber('1 688;1 374;11.99852752686', gg.TYPE_FLOAT) gg.refineNumber('1 374', gg.TYPE_FLOAT) gg.alert(tostring(gg.getResultsCount())) gg.clearResults() gg.searchNumber('1 688;1 374;11.99852752686', gg.TYPE_FLOAT) gg.refineNumber('11.99852752686', gg.TYPE_FLOAT) gg.alert(tostring(gg.getResultsCount())) gg.clearResults()
---
[ Solution ]- - If you want to apply the values, instead of saving it into "Saved Lists", try to use: "gg.setValues".
- - Dont do unnecessary loops, using "for" is enough
Here, I have improve your script:
gg.setRanges(gg.REGION_C_ALLOC) gg.sleep(300) gg.searchNumber('1 688;1 374;11.99852752686', gg.TYPE_FLOAT) gg.refineNumber('1 688', gg.TYPE_FLOAT) local xCoord = gg.getResults(gg.getResultsCount()) local xCotemp = {} gg.clearResults() gg.searchNumber('1 688;1 374;11.99852752686', gg.TYPE_FLOAT) gg.refineNumber('1 374', gg.TYPE_FLOAT) local yCoord = gg.getResults(gg.getResultsCount()) local yCotemp = {} gg.clearResults() gg.searchNumber('1 688;1 374;11.99852752686', gg.TYPE_FLOAT) gg.refineNumber('11.99852752686', gg.TYPE_FLOAT) local zCoord = gg.getResults(gg.getResultsCount()) local zCotemp = {} gg.clearResults() for i, v in ipairs(xCoord) do if v.flags == gg.TYPE_FLOAT then xCotemp[i].address = v.address xCotemp[i].value = '1575' xCotemp[i].flags = v.flags end end gg.setValues(xCotemp) for i, v in ipairs(yCoord) do if v.flags == gg.TYPE_FLOAT then yCotemp[i].address = v.address yCotemp[i].value = '1356' yCotemp[i].flags = v.flags end end gg.setValues(yCotemp) for i, v in ipairs(zCoord) do if v.flags == gg.TYPE_FLOAT then zCotemp[i].address = v.address zCotemp[i].value = '13.44929885' zCotemp[i].flags = v.flags end end gg.setValues(zCotemp)
---
[ Problems ]- - Since you're looking for floats, it is possible the results can be alot, causing unnecessary things to change and break your game
- - You're looping 99 times ("for repeatC = 1, 99 do"), this is bad practice. Using ("for i, v ipairs()") is enough. This causing the script to add the same 60 results into saved list for 99 times. Just calculate it yourself: 60x99.
- - You're changing coordinates (to teleport), it doesn't make sense to freeze the value ("v.freeze = true"). Coordinate is dynamic, it changes once the character is moving. Freezing the value can cause un-intended effects.
- - Your forgot to close ("for repeatC = 1, 99 do") with ("end").
So try the solution above.
----0 -
-
[ @ninjavour ]
---Quotewe want to translate this application to english language using gameguardian
You can't. The app is fetching contents from the website itself, which is in chinese language. Might use: AllTrans, then you can use: LSPosed (it is Magisk module)
---
Note: I don't know if the module ables to translate website inside an app.0 -
[ @ninjavour ]
---Quotewe want to modify players and background and even weapons
You need to understand that doing this requires physical in-game file (you can get it through dumping) -> decrypt/extract the file -> edit the file -> encrypt/format them again somehow -> and put it inside the game somehow. This is hard, especially we're dealing with console games and old. And no, Game Guardian cannot replace any existing texture with another texture only from memory. To some extent, Game Guardian can only do basic shader changes (like colors, etc) because it exist on memory (only works with current rendered in-game object).
---Quotefor example Last Bronx
I suggest you to use QuickBMS tool that allow to read these kind of files. Of course, you need to know the game formats, it's encryption, etc; to create your own QuickBMS script. Or, you can see if other people have done this in the past, it seems that no-one already done this:
- - Help with .bin and .cmp files from AM2 games
- - import psx\sega saturn 3d models
- - Sega PC: Last Bronx
---
Quotewe have a console game(sega saturn)
If you want to edit these kind of files, I think you should ask it on this forum: Xentax, Zenhax. As for now, the forum is dead. You can visit Xentax before the forum shutting-down at the end of 2023. So far, I don't know the alternative to this OG forum.
---Quotehow to decrypt .bin file using game gurdian
(.bin) extension usually just pure - raw binary format, it could be anything to images, movies, etc. So there's no "Universal .bin extractor/reader" since it's depends on Games/that (.bin) file comes from. And yes, even Game Guardian can't help you with this.
---Quotewe want to GET players and background and even weapons
Instead of *Modify*, you can instead *Get* in-game assets. Yes, this is possible. All in-game object is rendered using some kind of Graphics pipeline (Vulkan, OpenGL, DirectX). There's a lot of tool that allows you to GET in-game Textures/Models only from renderer. I suggest you to emulate your game using some kind of Sega Console Emulator: Sega Model 2 Emulator and then use: NinjaRipper, 3D Ripper DX. Note that: you can only obtain in-game assets, you can't change/replace them.
---
In theory, since you can get in-game assets from renderer (Vulkan, OpenGL, DirectX), you can also change the assets directly on the renderer itself. There's a tool that allow this: SpecialK, might as well try it with Sega Emulator: SpecialK Demo. Otherwise, you need to do it manually by recomposite edited assets into renderer formats (hard).
---0 -
[ @Godlevel ]
---
Forgot to mention that when using "Termux", you need to allow root for it by using this command:su---
Anyway, glad that it is working.0 -
[ @ash_9 ]
---Quoteit works perfectly but when grant GG root access waydroid start to freezes clicks and holds clicks even though I just click.
Are you sure it only happens after granting access or when you open Game Guardian? I would heavily suspect this is the WayDroid/Hardware faults. Stuttering is commonly happen on Android Emulator, I guess that's normal. Perhaps attach some diagnostic from both WayDroid and your devices (how many used RAM, Processor, and renderers: Vulkan/OpenGL/DirectX)
---0 -
[ @JebaczKoz ]
---QuoteWhat is the cause of this?
The game probably uses newer version of Unity Engine which can have different format, structure and headers. If you have some (.unity3d) files from the game, you can open it on Unity to see it's engine version (of the file).
---0 -
[ @Godlevel ]
---
Try these command on Termux:cmd appops set <game_guardian-package-name> android:no_isolated_storage allow cmd appops set <game_guardian-package-name> android:legacy_storage allow
---
Quoteit's not showing,it show files like(MP4,mov)
Is (.txt) extension can be seen? Perhaps your script isn't (.lua) extension. Honestly, extension doesn't matter, as long it contains some lua script. On Game Guardian, (.lua) extension only intended for highlighting the files with green color but you can still execute any files.
---0 -
[ @L0CHENET ]
---Quotedue to virtual spaces not working and virtual machines being confusing
What exact problem you face with virtual machines?
---Quotedue to virtual spaces not working and virtual machines being confusing
As Android 10 users, I would recommend: VPhoneGaGa, it fits both world (performance and compatibility).
---Quotewhere it's not too hard to use
Virtual machine is easy once you get grasp for it and it is not too hard, just behave like android itself (it is android on top of android, basically).
---Quotestill has good performance
Using virtuals will have less performance in general, no matter what apps it is. Since you're using Android 10, why not try to root it? Welp, in my case, there's no root option because of OPPO Manufacturer being s**tty, that's why I end up using VPhoneGaGa as I mentioned earlier.
---0 -
[ @ABCDEabe ]
---
Send the file here. We need it to iterate all of them from beginning, but you can just do this:Quotefor key, value in ipairs(your_table) do
print(value.address)
print(value.flags)
print(value.offset)
print(value.value)
end---
0 -
[ @ninjavour ]
---QuoteEvil Twin Procedures
In theory, yes, you can. You can setup some proxy capable in intercepting "in-game requests", in meaning that it is understand the datas the game tried to send & receive. Setting this is hard and require in understanding game structs.
---Quoteso it is preferable to edit the apk+obb than using a gameguardian script.
You can go this route. APK+OBB is editable using Game Guardian, you can just "DISABLE" in-game server check. It is the common way others create "offline games" but you see:
- - If the games only require "a server" for login purposes, you can still return a fake credential, which altered through in-game files. (Ex: Red Dead Redemption 2, Far Cry, GTA V, etc)
- - If the games only require "a server" for license check, you can just skip by disabling it. (Ex: Minecraft)
You need to understand what this "server" is actually for and the game must have some kind of "Offline Game Modes" (Ex: Classic, Story, Solo Mode, etc) because if it's heavily depends on Multiplayer server, you can't do anything other than stuck at the lobby/menu screen.
---0 -
---
[ @XEKEX ]Quotea script to manipulate your android system files that create a server in your phone and listen to it
This is weird. How can you handle the in-game packets then?
---0 -
[ @SYLVIA ]
---
He's already done that Amiya...Quote- - Hide from game, check 1, 2, 3, and 4;
- - Bypass mode for ptrance: frozen or restore;
- - Prevent unload: Lv3.
---
0 -
[ @gumigumi ]
---QuoteSearch a unique value -> CE return one address but it is for sure different from 80AA0000h because it is physical address -> stuck there...
So you're talking about "goto pointer". Well.. since you're doing it from outside (using CE), it cannot be done but there's a workaround.
- 1) On CE: Right click on the result -> Find out what accessing this address -> Do something in-game to change the value. Hopefully it would lead you to another physical address.
- 2) Look for any possible pointer that points to the same location (1 address can have multiple pointer). Might want to find Static Pointer using these: Chainer, Pointer Scan (Find pointer that exist even after restarting the game). After getting static pointer, do number #1 from my earlier comment.
---
- - Is this the right game?: Honor of Kings [Level Infinite]
- - You can probably tell me what values you're searching on my DM, so I could help you finding it on CE.
---
0 -
[ @noah000 ]
---
Here's tutorial for Mod Menu: LGL, and here's the step for Library Patching: Edit Values
---0 -
[ @noah000 ]
---
It is possible, there's 2 way to achieve this:- - Library Patching
- - Mod Menu (example: LGL Mod Menu)
---
1 -
[ @Jonathan3 ]
---QuoteI used gg to dump dbd mobile and get a lot of .bin files around 3.93GB
You need to dump the specific memory range to eliminate unnecessary part of the game. Goto Memory Viewer -> Goto Address (->) -> Select the dropdown menu (v: on the right of the address bar) -> Find any live memory with (.pak) on it and write down it's memory range (Ex: *****-*****: 12bcd-12ccd) -> The dump it using the memory range you wrote.
---Quotehow should i perform next to get a .pak file
(.pak) files are usually encrypted, unlike (.unity3d) files. It involves md5 hashing and some "key". Even big games like PUBGM (also use (.pak) files) are rarely seen someone able to unlock their (.pak) files.
---Quotewanna export some mobile cosmetics out
If you want to get their cosmetics or textures, you can just dump it from Android Renderer (OpenGL), some tools like Ninja Ripper should do it (but you need to use Android Emulator on PC).
---0 -
[ @gumigumi ]
---QuoteI can find the location where the pointer is saved, but the pointer is pointing to an address inside the emulator (virtual memory address I think), and from outside I don't know how to map it
If you're using CheatEngine, I recommend to not use Pointer as it always changed whenever you start the Emulator. You might want to search using ArrayOfBytes/ Hex String. For example:
- 1) Take the first 16 bytes of your lib > search it on Cheat Engine > now add your pointer / offset to the address founds.
- 2) You can search the value directly: goto your pointer first on Game Guardian > Memory View -> Set the view as "Hex" -> Copy atleast 16 hex (up-to-down) from your pointer.
---
Have you tried to search for values on the main menu? (the game is closed but still exist on "recent activity"), probably mention the games name.
---0 -
[ @Gamestudio ]
You can also run codes externally through Application Services or MainActivity Invokation, with your codes prebuilt as library.
---
[ @m554 ]
What "run codes" exactly means here? Is it to trigger the codes from the game or you want to run your own codes for the game?
---0 -
[ @TheEagleEye ]
---QuoteI can't/don't understand if you've already mentioned to Decrypt the values! But I'd like to hear decryption method or maybe a link to an available explanation.
You can find something related to: XOR, Obscured, Encrypted or Obfuscated value. There's a lot of tutorial that covers it (on this forum or even YouTube): XOR. Sadly, the tutorial for Obscured value is taken down due to violating YouTube TOS, the closest thing I found is: Obscured
---QuoteI don't know what a function is!
Function is a block of code that does something, I couldn't explain it even better. Function accept values that will be used by the function codes:
this_is_value = 1 def this_is_function(this_is_value): print(this_is_value)
Something like that, you can find this by using dissasembler tools like IDA Pro or Ghidra or find it using Game Guardian, usually it starts with LDR/ADDR (Arm Instruction).
---QuoteNever heard of Components!
Game uses alot of components, specifically we talking about Anti-Cheat related here. Component is just ingredients of game (again, I couldn't explain it even better). Look for function that related "Codestage" or "Anti-Cheat".
---
Looks like you're new to this kind of stuff. I suggest to do some experiments with other game that we've cover on this forum, visits Requests section, there's a lot of useful material in there. And yes, "hard-hitting tricks" does exist as it is really depends on the game itself. With that, knowing the basics can help you a lot in "combining" tricks to hack your game.
---0
Hi i am a member. Let's me introduce myself
in Introduce yourself (:
Posted
[ @soccerillustrate ]
---
Hi, nice to meet you too.
Usually I do experiment in my free time. Welp, I would experiment anything but mostly breaking game mechanics.
---
I hope you can enjoy your stay with me here, lol.