-
Posts
5 -
Joined
-
Last visited
Additional Information
-
Android
13.x
-
Device
Samsung Rooted
Recent Profile Visitors
993 profile views
Phantom_Combat_Venue's Achievements
-
How bypass cheating detected
Phantom_Combat_Venue replied to THETWINSOFFICIAL's topic in Video Tutorials
Good tutorial! I applied it to the game "Sniper Warrior: PvP Sniper" and found several classes: // CodeStage.AntiCheat.Detectors // // Types: // // ActDetectorBase // InjectionDetector // ObscuredCheatingDetector // SpeedHackDetector // TimeCheatingDetector // WallHackDetector So, I believe the game uses the "Anti-Cheat Toolkit" by CodeStage. However, consider this: If I have a possible list of hacks for which the engineers have already set up an anti-cheat, does that mean I can reverse-engineer and identify them? If so, I could potentially disable the call to the "StartDetection" methods by editing the first instruction with ~A8 RET. -
View File Lua script template v0.0.0: Patching memory addresses in the libil2cpp library | by Phantom Combat Venue | example game :: Sniper Warrior: PvP Sniper v0.0.3 build 19 Last updated on Aug 29, 2023 Phantom Combat Venue Lua Script Template v0.0.0 - No Recoil Camera Hack and Utility Functions Introduction: Hello, GameGuardian community! Today, I'm excited to share the Phantom Combat Venue Lua Script Template v0.0.0, an open-source script under the MIT license. This template serves as a foundation for patching memory addresses in the libil2cpp library for any game. I used "Sniper Warrior: PvP Sniper" as an example. In this post, we'll focus on the No Recoil Camera Hack as an example, and we'll also explore some utility functions and other Lua code provided in the template. License: This script is open-source under the MIT license, giving you the freedom to modify and adapt it for your needs. Global Variables: - `__ON` and `__OFF`: Emoji indicators for ON and OFF states. - `VISIBILITY_FLAG`: A flag to manage script visibility. Utility Functions: 1. libBase(lib, offsets, vals, type): - Purpose: Finds and modifies memory addresses in the specified library. - Parameters: - `lib`: Library name. - `offsets`: List of offsets. - `vals`: List of values. - `type`: Data type. - Functionality: Iterates through memory ranges, identifies the library, and modifies addresses. function libBase(lib, offsets, vals, type) local rangeList = gg.getRangesList(lib) local addresses = {} for i, v in ipairs(rangeList) do if v.state == "Xa" then for j, offset in ipairs(offsets) do table.insert(addresses, { address = v.start + offset, flags = type, value = vals[j] .. "h" }) end break end end if #addresses == 0 then print("Not found lib") else gg.setValues(addresses) end end 2. convertToHexString(number, digits): - Purpose: Converts a number to a hexadecimal string with a specified number of digits. - Parameters: - `number`: Number to convert. - `digits`: Number of hexadecimal digits. - Functionality: Applies a bitmask and formats the number as a hexadecimal string. function convertToHexString(number, digits) local mask = (1 << (digits * 4)) - 1 return string.format("%X", number & mask) end 3. getHexValueByOffset(offset): - Purpose: Retrieves the hexadecimal value at a specific offset in libil2cpp. - Parameters: - `offset`: Offset to read. - Functionality: Uses `gg.getValues` to obtain the hexadecimal value at the specified offset. function getHexValueByOffset(offset) local responseVal = gg.getValues({{ address = gg.getRangesList("libil2cpp.so")[1].start + offset, flags = gg.TYPE_DWORD }}) return convertToHexString(responseVal[1].value, 8) end Main Function: - Main(): - Purpose: Entry point for script execution. - Functionality: Displays a menu with options, including the No Recoil Camera, and handles user input. function Main() VISIBILITY_FLAG = -1 gg.setVisible(false) menu = gg.choice({ no_recoil_camera_state .. "No Recoil Camera.", " EXIT " }, nil, "Sniper Warrior v 0.0.3 b19 - MOD") if menu == nil then gg.toast(" MINIMIZED ") gg.setVisible(false) elseif menu == 1 then no_recoil_camera_fn() else os.exit() end end No Recoil Camera: 1. Initialization: - `no_recoil_camera_offset`: Offset for the No Recoil Camera hack. - `no_recoil_camera_active_hack_hex_code`: Hex code for the active state. no_recoil_camera_offset = 0x115DA58 no_recoil_camera_active_hack_hex_code = "D65F03C0" -- "~A8 RET" 2. State Check: - Checks the current state of the No Recoil Camera and sets the corresponding state indicator (`__ON` or `__OFF`). if getHexValueByOffset(no_recoil_camera_offset) == no_recoil_camera_active_hack_hex_code then no_recoil_camera_state = __ON else no_recoil_camera_state = __OFF end 3. Function: no_recoil_camera_fn(): - Purpose: Activates or deactivates the No Recoil Camera. - Functionality: Utilizes `libBase` to modify the necessary memory addresses based on the current state. function no_recoil_camera_fn() local offsets = {0x115DA58, 0x115DA5C, 0x115DA60, 0x115DA64, 0x115DA68, 0x115DA6C, 0x115DA70} local values_on = {no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code} local values_off = {"6DBD23E9", "F9000BF3", "A9027BFD", "910083FD", "4EA01C08", "AA0003F3", "9400000E"} if no_recoil_camera_state == __OFF then libBase("libil2cpp.so", offsets, values_on, gg.TYPE_DWORD) gg.toast("No Recoil Camera activated") no_recoil_camera_state = __ON elseif no_recoil_camera_state == __ON then libBase("libil2cpp.so", offsets, values_off, gg.TYPE_DWORD) gg.toast("No Recoil Camera deactivated") no_recoil_camera_state = __OFF end end Entrypoint: - While Loop: - Purpose: Keeps the script running in the background. - Functionality: Checks for script visibility and calls the `Main()` function accordingly. while true do if gg.isVisible(true) then VISIBILITY_FLAG = 1 gg.setVisible(false) end if VISIBILITY_FLAG == 1 then Main() end end Happy scripting! Your friend, Phantom Combat Venue. Submitter Phantom_Combat_Venue Submitted 12/01/2023 Category Templates
-
Hello GameGuardian community! Today, I'm excited to share a video tutorial on discovering techniques for Android Unity Game Modding. This includes decompiling the il2cpp library, dumping classes, and editing memory addresses using Game Guardian, IDA Pro, and il2cppdumper for patching memory addresses in the libil2cpp library for any game. For illustration, I've used "Sniper Warrior: PvP Sniper" as an example. We'll specifically focus on the No Recoil Camera Hack in this tutorial. This is also an open collaboration for reverse engineering the game ''Sniper Warrior: PvP Sniper v0.0.3 build 19''. The goal is to find new techniques for identifying classes to edit and discovering new hacks for this game, continuously expanding our knowledge. You can watch the video below: Watch on YouTube: Watch on Vimeo: Download video from Google Drive: https://drive.google.com/file/d/1fROYs_0XCJsXMuex8amP-BSsINCp-BYL/view?usp=sharing Hey guys, I've already posted the template script. You can find it at this URL: Lua script template v0.0.0: Patching memory addresses in the libil2cpp library | by Phantom Combat Venue | example game :: Sniper Warrior: PvP Sniper v0.0.3 build 19 Last updated on Aug 29, 2023 (#14nagcf4) * You can download the game from: https://apkcombo.com/sniper-warrior-pvp-sniper/com.horus.sniper.warrior/download/apk * For jadx (Dex to Java decompiler), you can find it here: https://github.com/skylot/jadx/releases * If you need apktool, you can download it here: https://apktool.org/ , although it is not required for this method. I've included it to view the smali classes code. Download 7-zip from https://www.7-zip.org/download.html Download il2cppdumper from : https://github.com/Perfare/Il2CppDumper/releases Download Notepad++ from : https://notepad-plus-plus.org/downloads/ To download IDA Pro, visit https://hex-rays.com/ida-pro/ or reverse your own pro version Download VSCode from https://code.visualstudio.com/download Happy scripting! Your friend, Phantom Combat Venue. -- I will be truly happy if members reply to my post with new hacks or techniques to find more hacks. -- So, this is a challenge for you. -- Yes, you! Read my post.
- 1 reply
-
- reverse engineering
- Android
- (and 9 more)
-
Version 1.0.0
220 downloads
Phantom Combat Venue Lua Script Template v0.0.0 - No Recoil Camera Hack and Utility Functions Introduction: Hello, GameGuardian community! Today, I'm excited to share the Phantom Combat Venue Lua Script Template v0.0.0, an open-source script under the MIT license. This template serves as a foundation for patching memory addresses in the libil2cpp library for any game. I used "Sniper Warrior: PvP Sniper" as an example. In this post, we'll focus on the No Recoil Camera Hack as an example, and we'll also explore some utility functions and other Lua code provided in the template. License: This script is open-source under the MIT license, giving you the freedom to modify and adapt it for your needs. Global Variables: - `__ON` and `__OFF`: Emoji indicators for ON and OFF states. - `VISIBILITY_FLAG`: A flag to manage script visibility. Utility Functions: 1. libBase(lib, offsets, vals, type): - Purpose: Finds and modifies memory addresses in the specified library. - Parameters: - `lib`: Library name. - `offsets`: List of offsets. - `vals`: List of values. - `type`: Data type. - Functionality: Iterates through memory ranges, identifies the library, and modifies addresses. function libBase(lib, offsets, vals, type) local rangeList = gg.getRangesList(lib) local addresses = {} for i, v in ipairs(rangeList) do if v.state == "Xa" then for j, offset in ipairs(offsets) do table.insert(addresses, { address = v.start + offset, flags = type, value = vals[j] .. "h" }) end break end end if #addresses == 0 then print("Not found lib") else gg.setValues(addresses) end end 2. convertToHexString(number, digits): - Purpose: Converts a number to a hexadecimal string with a specified number of digits. - Parameters: - `number`: Number to convert. - `digits`: Number of hexadecimal digits. - Functionality: Applies a bitmask and formats the number as a hexadecimal string. function convertToHexString(number, digits) local mask = (1 << (digits * 4)) - 1 return string.format("%X", number & mask) end 3. getHexValueByOffset(offset): - Purpose: Retrieves the hexadecimal value at a specific offset in libil2cpp. - Parameters: - `offset`: Offset to read. - Functionality: Uses `gg.getValues` to obtain the hexadecimal value at the specified offset. function getHexValueByOffset(offset) local responseVal = gg.getValues({{ address = gg.getRangesList("libil2cpp.so")[1].start + offset, flags = gg.TYPE_DWORD }}) return convertToHexString(responseVal[1].value, 8) end Main Function: - Main(): - Purpose: Entry point for script execution. - Functionality: Displays a menu with options, including the No Recoil Camera, and handles user input. function Main() VISIBILITY_FLAG = -1 gg.setVisible(false) menu = gg.choice({ no_recoil_camera_state .. "No Recoil Camera.", " EXIT " }, nil, "Sniper Warrior v 0.0.3 b19 - MOD") if menu == nil then gg.toast(" MINIMIZED ") gg.setVisible(false) elseif menu == 1 then no_recoil_camera_fn() else os.exit() end end No Recoil Camera: 1. Initialization: - `no_recoil_camera_offset`: Offset for the No Recoil Camera hack. - `no_recoil_camera_active_hack_hex_code`: Hex code for the active state. no_recoil_camera_offset = 0x115DA58 no_recoil_camera_active_hack_hex_code = "D65F03C0" -- "~A8 RET" 2. State Check: - Checks the current state of the No Recoil Camera and sets the corresponding state indicator (`__ON` or `__OFF`). if getHexValueByOffset(no_recoil_camera_offset) == no_recoil_camera_active_hack_hex_code then no_recoil_camera_state = __ON else no_recoil_camera_state = __OFF end 3. Function: no_recoil_camera_fn(): - Purpose: Activates or deactivates the No Recoil Camera. - Functionality: Utilizes `libBase` to modify the necessary memory addresses based on the current state. function no_recoil_camera_fn() local offsets = {0x115DA58, 0x115DA5C, 0x115DA60, 0x115DA64, 0x115DA68, 0x115DA6C, 0x115DA70} local values_on = {no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code} local values_off = {"6DBD23E9", "F9000BF3", "A9027BFD", "910083FD", "4EA01C08", "AA0003F3", "9400000E"} if no_recoil_camera_state == __OFF then libBase("libil2cpp.so", offsets, values_on, gg.TYPE_DWORD) gg.toast("No Recoil Camera activated") no_recoil_camera_state = __ON elseif no_recoil_camera_state == __ON then libBase("libil2cpp.so", offsets, values_off, gg.TYPE_DWORD) gg.toast("No Recoil Camera deactivated") no_recoil_camera_state = __OFF end end Entrypoint: - While Loop: - Purpose: Keeps the script running in the background. - Functionality: Checks for script visibility and calls the `Main()` function accordingly. while true do if gg.isVisible(true) then VISIBILITY_FLAG = 1 gg.setVisible(false) end if VISIBILITY_FLAG == 1 then Main() end end Happy scripting! Your friend, Phantom Combat Venue. -
Hello, you can't find the coins by searching because they are not saved as coins but rather in the following format: public enum MiniGamesRewards.Rewards // TypeDefIndex: 3436 { // Fields public int value__; // 0x0 public const MiniGamesRewards.Rewards None = 0; public const MiniGamesRewards.Rewards VIP = 1; public const MiniGamesRewards.Rewards Coin10 = 2; public const MiniGamesRewards.Rewards Coin25 = 3; public const MiniGamesRewards.Rewards Coin30 = 4; public const MiniGamesRewards.Rewards Coin35 = 5; public const MiniGamesRewards.Rewards Coin40 = 6; public const MiniGamesRewards.Rewards Coin50 = 7; public const MiniGamesRewards.Rewards Coin60 = 8; public const MiniGamesRewards.Rewards Coin75 = 9; public const MiniGamesRewards.Rewards Coin100 = 10; public const MiniGamesRewards.Rewards Coin150 = 11; public const MiniGamesRewards.Rewards Sale10 = 12; public const MiniGamesRewards.Rewards Sale20 = 13; public const MiniGamesRewards.Rewards Sale25 = 14; public const MiniGamesRewards.Rewards Sale50 = 15; public const MiniGamesRewards.Rewards Gem25 = 16; public const MiniGamesRewards.Rewards Gem35 = 17; public const MiniGamesRewards.Rewards Gem50 = 18; public const MiniGamesRewards.Rewards Gem75 = 19; public const MiniGamesRewards.Rewards Gem100 = 20; } and here the function to set the coins: // Methods // RVA: 0x119A3BC Offset: 0x119A3BC VA: 0x119A3BC public void SetReward(MiniGamesRewards.Rewards _reward) { } you can use GG to set the reward