Phantom_Combat_Venue
-
Posts
5 -
Joined
-
Last visited
Content Type
Profiles
Forums
Downloads
Gallery
Posts posted by Phantom_Combat_Venue
-
-
Lua script template v0.0.0: Patching memory addresses in the libil2cpp library | by Phantom Combat Venue | example game :: Sniper Warrior: PvP Sniper v0.0.3 build 19 Last updated on Aug 29, 2023
Phantom Combat Venue Lua Script Template v0.0.0 - No Recoil Camera Hack and Utility Functions
Introduction:
Hello, GameGuardian community! Today, I'm excited to share the Phantom Combat Venue Lua Script Template v0.0.0, an open-source script under the MIT license.This template serves as a foundation for patching memory addresses in the libil2cpp library for any game. I used "Sniper Warrior: PvP Sniper" as an example.
In this post, we'll focus on the No Recoil Camera Hack as an example, and we'll also explore some utility functions and other Lua code provided in the template.
License:
This script is open-source under the MIT license, giving you the freedom to modify and adapt it for your needs.Global Variables:
- `__ON` and `__OFF`: Emoji indicators for ON and OFF states.
- `VISIBILITY_FLAG`: A flag to manage script visibility.Utility Functions:
1. libBase(lib, offsets, vals, type):
- Purpose: Finds and modifies memory addresses in the specified library.
- Parameters:
- `lib`: Library name.
- `offsets`: List of offsets.
- `vals`: List of values.
- `type`: Data type.
- Functionality: Iterates through memory ranges, identifies the library, and modifies addresses.function libBase(lib, offsets, vals, type) local rangeList = gg.getRangesList(lib) local addresses = {} for i, v in ipairs(rangeList) do if v.state == "Xa" then for j, offset in ipairs(offsets) do table.insert(addresses, { address = v.start + offset, flags = type, value = vals[j] .. "h" }) end break end end if #addresses == 0 then print("Not found lib") else gg.setValues(addresses) end end
2. convertToHexString(number, digits):
- Purpose: Converts a number to a hexadecimal string with a specified number of digits.
- Parameters:
- `number`: Number to convert.
- `digits`: Number of hexadecimal digits.
- Functionality: Applies a bitmask and formats the number as a hexadecimal string.function convertToHexString(number, digits) local mask = (1 << (digits * 4)) - 1 return string.format("%X", number & mask) end
3. getHexValueByOffset(offset):
- Purpose: Retrieves the hexadecimal value at a specific offset in libil2cpp.
- Parameters:
- `offset`: Offset to read.
- Functionality: Uses `gg.getValues` to obtain the hexadecimal value at the specified offset.function getHexValueByOffset(offset) local responseVal = gg.getValues({{ address = gg.getRangesList("libil2cpp.so")[1].start + offset, flags = gg.TYPE_DWORD }}) return convertToHexString(responseVal[1].value, 8) end
Main Function:
- Main():
- Purpose: Entry point for script execution.
- Functionality: Displays a menu with options, including the No Recoil Camera, and handles user input.function Main() VISIBILITY_FLAG = -1 gg.setVisible(false) menu = gg.choice({ no_recoil_camera_state .. "No Recoil Camera.", "
EXIT "
}, nil, "Sniper Warrior v 0.0.3 b19 - MOD")
if menu == nil then
gg.toast(" 
MINIMIZED ")
gg.setVisible(false)
elseif menu == 1 then
no_recoil_camera_fn()
else
os.exit()
end
endNo Recoil Camera:
1. Initialization:
- `no_recoil_camera_offset`: Offset for the No Recoil Camera hack.
- `no_recoil_camera_active_hack_hex_code`: Hex code for the active state.no_recoil_camera_offset = 0x115DA58 no_recoil_camera_active_hack_hex_code = "D65F03C0" -- "~A8 RET"
2. State Check:
- Checks the current state of the No Recoil Camera and sets the corresponding state indicator (`__ON` or `__OFF`).if getHexValueByOffset(no_recoil_camera_offset) == no_recoil_camera_active_hack_hex_code then no_recoil_camera_state = __ON else no_recoil_camera_state = __OFF end
3. Function: no_recoil_camera_fn():
- Purpose: Activates or deactivates the No Recoil Camera.
- Functionality: Utilizes `libBase` to modify the necessary memory addresses based on the current state.function no_recoil_camera_fn() local offsets = {0x115DA58, 0x115DA5C, 0x115DA60, 0x115DA64, 0x115DA68, 0x115DA6C, 0x115DA70} local values_on = {no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code, no_recoil_camera_active_hack_hex_code} local values_off = {"6DBD23E9", "F9000BF3", "A9027BFD", "910083FD", "4EA01C08", "AA0003F3", "9400000E"} if no_recoil_camera_state == __OFF then libBase("libil2cpp.so", offsets, values_on, gg.TYPE_DWORD) gg.toast("No Recoil Camera activated") no_recoil_camera_state = __ON elseif no_recoil_camera_state == __ON then libBase("libil2cpp.so", offsets, values_off, gg.TYPE_DWORD) gg.toast("No Recoil Camera deactivated") no_recoil_camera_state = __OFF end end
Entrypoint:
- While Loop:
- Purpose: Keeps the script running in the background.
- Functionality: Checks for script visibility and calls the `Main()` function accordingly.while true do if gg.isVisible(true) then VISIBILITY_FLAG = 1 gg.setVisible(false) end if VISIBILITY_FLAG == 1 then Main() end end
Happy scripting!
Your friend, Phantom Combat Venue.
-
Submitter
-
Submitted12/01/2023
-
Category
0 -
-
Hello GameGuardian community! Today, I'm excited to share a video tutorial on discovering techniques for Android Unity Game Modding. This includes decompiling the il2cpp library, dumping classes, and editing memory addresses using Game Guardian, IDA Pro, and il2cppdumper for patching memory addresses in the libil2cpp library for any game. For illustration, I've used "Sniper Warrior: PvP Sniper" as an example.
We'll specifically focus on the No Recoil Camera Hack in this tutorial.
This is also an open collaboration for reverse engineering the game ''Sniper Warrior: PvP Sniper v0.0.3 build 19''.
The goal is to find new techniques for identifying classes to edit and discovering new hacks for this game, continuously expanding our knowledge.
You can watch the video below:
Watch on YouTube:
Watch on Vimeo:
Download video from Google Drive: https://drive.google.com/file/d/1fROYs_0XCJsXMuex8amP-BSsINCp-BYL/view?usp=sharing
Hey guys, I've already posted the template script. You can find it at this URL:
Lua script template v0.0.0: Patching memory addresses in the libil2cpp library | by Phantom Combat Venue | example game :: Sniper Warrior: PvP Sniper v0.0.3 build 19 Last updated on Aug 29, 2023 (#14nagcf4)* You can download the game from: https://apkcombo.com/sniper-warrior-pvp-sniper/com.horus.sniper.warrior/download/apk
* For jadx (Dex to Java decompiler), you can find it here: https://github.com/skylot/jadx/releases
* If you need apktool, you can download it here: https://apktool.org/ , although it is not required for this method. I've included it to view the smali classes code.
Download 7-zip from https://www.7-zip.org/download.html
Download il2cppdumper from : https://github.com/Perfare/Il2CppDumper/releases
Download Notepad++ from : https://notepad-plus-plus.org/downloads/
To download IDA Pro, visit https://hex-rays.com/ida-pro/ or reverse your own pro version
Download VSCode from https://code.visualstudio.com/download
Happy scripting! Your friend, Phantom Combat Venue.
-- I will be truly happy if members reply to my post with new hacks or techniques to find more hacks.
-- So, this is a challenge for you.
-- Yes, you! Read my post.
0 -
Hello, you can't find the coins by searching because they are not saved as coins but rather in the following format:
public enum MiniGamesRewards.Rewards // TypeDefIndex: 3436
{
// Fields
public int value__; // 0x0
public const MiniGamesRewards.Rewards None = 0;
public const MiniGamesRewards.Rewards VIP = 1;
public const MiniGamesRewards.Rewards Coin10 = 2;
public const MiniGamesRewards.Rewards Coin25 = 3;
public const MiniGamesRewards.Rewards Coin30 = 4;
public const MiniGamesRewards.Rewards Coin35 = 5;
public const MiniGamesRewards.Rewards Coin40 = 6;
public const MiniGamesRewards.Rewards Coin50 = 7;
public const MiniGamesRewards.Rewards Coin60 = 8;
public const MiniGamesRewards.Rewards Coin75 = 9;
public const MiniGamesRewards.Rewards Coin100 = 10;
public const MiniGamesRewards.Rewards Coin150 = 11;
public const MiniGamesRewards.Rewards Sale10 = 12;
public const MiniGamesRewards.Rewards Sale20 = 13;
public const MiniGamesRewards.Rewards Sale25 = 14;
public const MiniGamesRewards.Rewards Sale50 = 15;
public const MiniGamesRewards.Rewards Gem25 = 16;
public const MiniGamesRewards.Rewards Gem35 = 17;
public const MiniGamesRewards.Rewards Gem50 = 18;
public const MiniGamesRewards.Rewards Gem75 = 19;
public const MiniGamesRewards.Rewards Gem100 = 20;
}and here the function to set the coins:
// Methods
// RVA: 0x119A3BC Offset: 0x119A3BC VA: 0x119A3BC
public void SetReward(MiniGamesRewards.Rewards _reward) { }you can use GG to set the reward
0
How bypass cheating detected
in Video Tutorials
Posted
Good tutorial!
I applied it to the game "Sniper Warrior: PvP Sniper" and found several classes:
So, I believe the game uses the "Anti-Cheat Toolkit" by CodeStage.
However, consider this: If I have a possible list of hacks for which the engineers have already set up an anti-cheat, does that mean I can reverse-engineer and identify them?
If so, I could potentially disable the call to the "StartDetection" methods by editing the first instruction with ~A8 RET.