Jump to content

Enfusia

Members
  • Posts

    6
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Enfusia's Achievements

Newbie

Newbie (1/14)

  • Week One Done
  • First Post Rare
  • Conversation Starter Rare

Recent Badges

2

Reputation

  1. I guess I'll drop the modding attempt (for now), since nothing I tried seems to be working. I tried the PsSuspend way again, there were 4 (!) metadata headers in the initial dump, which slowly merge into 2 headers in total (and I have absolutely no idea what the deal with that is). Making the apk debuggable also didn't work for some reason. I set the debuggable string in the manifest.xml to true, but I wasn't able to find the app in the developer settings. Even the LSPosed module didn't work. So I guess no debugging for me, then. Trying to analyze the smali code is also quite tough, but the fact that I'm not able to debug it makes it even harder. Maybe someday I'll return to the project, but that seems to be it. Kudos to the developers though, they REALLY don't want people to mod their game. Also, thank you guys for your time.
  2. I used Nox to emulate the game and Cheat Engine's memory viewer to look for the metadata header. I also made a script which uses PsSuspend, just like you recommended, so I can toggle between a halted and running state via a hotkey. I attached Cheat Engine to "NoxVMHandle.exe", and while I eventually found the metadata header, it wasn't what I was looking for. Maybe my timings were off, but I'm not sure. I didn't quite understand what you meant by this. How do I sandbox the game? And you also mentioned that I shouldn't use an Android emulator, did you mean that I should run the game on my phone and attach the debugger remotely? To be honest, I'm not even sure what HProtect does anymore. I compared the old and new version of the game with WinMerge, and they basically overhauled everything. I guess I'll just use Android Studio and debug some suspicious looking classes, maybe that will guide me to the correct path.
  3. The pc version of the game doesn't have any protection whatsoever though (besides il2cpp, ofc).
  4. The game refused to launch and straight up crashed, even when just decompiling and compiling without making any changes. I checked out the UnityPlayer class and compared it with the old version, the developers almost completely rewrote it. The new UnityPlayer class also contains many suspicious variables and functions (which the old one didn't have), like 'bix2hex, hash_sha256, logLoadLibMainError, mProcessKillRequested:Z, mQuitting:Z, mKillingIsMyBusiness:Landroid/content/BroadcastReceiver', and so on. I got the game to stop crashing on startup after making some changes to the UnityPlayer, but now it's just an endless blackscreen. Still a step in the right direction, though. By the way, the game doesn't initialize HProtect through the UnityPlayerActivity.smali class like it used to, but it still gets loaded. UnityPlayer.smali
  5. Yeah my bad, you're right about the 4 magic bytes, I just wanted to point out that the developers changed the encryption method. I didn't bother with ida because the actual decryption / encryption (probably) takes place in the HProtect java class, so ida wouldn't help that much, I assume. Forcing the il2cpp version also didn't work, unfortunately. I thought that the metadata file is the only encrypted file here, but you may be right. I'll try to investigate a little bit further, but I'm kinda running out of options. Thank you anyways though, I appreciate it.
  6. A new major update of the game 'Night of the Full Moon' is coming out soon, which kinda caught my attention. I was able to mod an older version of the game (1.5.1.37), but that approach doesn't work for the newest version anymore (1.5.1.50). Here's my analysis: -The developers use their own anti-tamper solution called 'HProtect'. It (was?) responsible for decrypting the metadata, and it also force closed the game if any changes were detected. -They updated HProtect, and I wasn't able to figure out what it does now. -The metadata in the old version of the game was obviously obfuscated, but the one in the new version is not, since the 4 magic bytes are valid (I uploaded some screenshots). -The il2cpp.so binary seems to be valid and not encrypted at all. Things that I tried so far: -Using the zygisk il2cppdumper didn't work (dump.cs hasn't been created), but it did work with the old version of the game though. -Dumping via GameGuardian worked, but the output was identical to the file you get from the apk. -il2cppdumper gives me the "System.IO.EndOfStreamException: Unable to read beyond the end of the stream" error when trying to dump. -il2cppInspector says "could not verify the integrity of the metadata file or accurately identify the metadata sub-version" when selecting the metadata file. -Libdumper didn't work (also produced the identical output). I'm kinda lost at this point, it would be great if someone could help me out with this. Also, please let me know if I forgot to include something. Thanks in advance Metadata from the newest version.rar Metadata from the older version.rar Newest version of HProtect.rar Older version of HProtect.rar
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.