Jump to content

Platonic

Contributor
  • Posts

    934
  • Joined

  • Last visited

  • Days Won

    40

Everything posted by Platonic

  1. Did some quick checking and its a first for me to, to see the names are scattered around in different locations in memory. I can't give you a solution. There are also two global metadata headers i believe. Can't spectate it because lost access to 010 Editor but you can search the magical bytes in Ca and copy. I believe header size is 272 bytes. But this could be 264 bytes as well i believe. If you would replace the header from the meta in Others with that of Ca il2cppdumper would recognize it as a valid metadata. But then the values in the header don't correspond with the rest of the metadata. So if the metadata is encrypted the meta in Ca is the one that has no encryption. But im just assuming here. You would need to look deeper in to it. Both meta headers point to different code/meta registration. I'm not sure if its realistic to say that you could try to fix the values in the Others metadata so that it corresponds to the data of the Ca meta header? This was just some idea. Further then that i can't help you. But perhaps people more suitable for the issue can help you.
  2. Ah nvm i see your refering to the if statement. Yes that has been fixed. I originally used elseif. Just to be sure.
  3. It increases the distance in which the game alerts you that there is a supply pod.
  4. I believe the script is understandable if you understand the game a bit. I just try to avoid group searches and repeating behaviour which slows down the script or increases its size or makes me spend more time writhing. For load all cheats with group search it takes one minute. By making this script with offsets it only takes 10 sec. Then checks are also there to alert if values changed or things like that. Everything has purpose. Its also more easy for me to update as i don't need to change much things.
  5. Based on my objective Maars solution is great because what i needed was for the script to execute a specific action when the condition was met. That condition was, using a feature of the prompt, if feature has been used for the first time then condition is met. Which was resolved using boolean values true/false. He gave me the idea with the expectation i implemented it. Which i did. I placed the bool at each feature. You can see it here. Its named "menuHasBeenUsed", and its set true only when a feature from the prompt is used. For example here: function boolCheck() menuHasBeenUsed = false loopMenu = 0 end boolCheck() And then in the prompt: if speed == nil then noselect() else if speed[1] then menuHasBeenUsed = true charLoop = charLoop + 1 if charLoop <= 1 then characterAnim() end for i = 1, #characterAnimation do characterAnimation[i]["value"] = speed[1] end gg.setValues(characterAnimation) end I do not use it for nill because i dont want that "menuHasBeenUsed" becomes true if nill. So i don't see a issue.
  6. Used to. This script is from 2018. I doubt it still works.
  7. Hi, ofc no problem. Will reach you on discord.
  8. There are issues because of the functionality of the script. "if gg.prompt == nil" was included in the script. If the script is designed to open the prompt menu first before executing the functions based on user input, i must know if the user presses nil or not untill the user used one of the features for the first time. That is my question. How can i put some check so that i know that the user has not used any feature yet, and only pressed nil instead. As long that situation is happening the script is not allowed to execute this code: jumpPointer = gg.getValues(jumpPointer) valueCheck() because it will lead to a function that has a variable that only exist in the jumpCounter() function, a function that hasn't been used yet because the user pressed nil. Also this check is needed because imagen the user used some feature in the promp but afterwards he presses nil. Then this: jumpPointer = gg.getValues(jumpPointer) valueCheck() Would not be executed because you only set a flag that it should not be executed when nil, since what i want is that it only doesn't execute untill a feature has be used.
  9. Having some issue. I have a gg.prompt menu. function mappedMemoryRangesJump(scatteredExecutable, compactExecutable) if #memoryMap == 3 then mainAddressPoint = {address = memoryMap[1]["start"] + startPointer[1]["value"] + compactExecutable} elseif #memoryMap >= 4 then mainAddressPoint = {address = memoryMap[1]["start"] + startPointer[1]["value"] + scatteredExecutable} end end function nonFoundValues() gg.toast("the values are not found yet, trying again in 10 sec") gg.sleep(1000) end function filterSettings(set, offset_0, offset_1, offset_2, dataTye_0, dataType_1, dataType_2) local resultTable = gg.getResults(gg.getResultsCount()) filterTable = {} for i, v in ipairs(resultTable) do local filter = {{address = resultTable[i]["address"] + offset_0, flags = dataTye_0}} local filter_1 = {{address = resultTable[i]["address"] + offset_1, flags = dataType_1}} filter = gg.getValues(filter) filter_1 = gg.getValues(filter_1) if set == 2 then if filter[1]["value"] == "2" and filter_1[1]["value"] ~= "0" then filterTable[#filterTable + 1] = {address = resultTable[i]["address"] + offset_2, flags = dataType_2} end end if set == 3 then if filter[1]["value"] == "2" then filterTable[#filterTable + 1] = {address = resultTable[i]["address"] + offset_2, flags = dataType_2} end end if set == 4 then if filter[1]["value"] == "1031127695" and filter_1[1]["value"] ~= "0" then filterTable[#filterTable + 1] = {address = resultTable[i]["address"] + offset_2, flags = dataType_2} end end end end local old = gg.getRanges() function jumpCounter() --features mappedMemoryRangesJump(0x269F60, 0x26A0D8) gg.setRanges(gg.REGION_ANONYMOUS) gg.searchNumber(mainAddressPoint["address"], gg.TYPE_QWORD) jumpPointerCheck = mainAddressPoint["address"] local startPointerJump = gg.getResults(20) jumpCount = {} jumpPointer = {} gg.clearResults() for i, v in ipairs(startPointerJump) do local filter = {{address = startPointerJump[i]["address"] + 0x8, flags = gg.TYPE_DWORD}} filter = gg.getValues(filter) if filter[1]["value"] == "8" then jumpCount[#jumpCount + 1] = {address = startPointerJump[i]["address"] + 0x358, flags = gg.TYPE_DWORD} jumpPointer[#jumpPointer + 1] = {address = startPointerJump[i]["address"], flags = gg.TYPE_QWORD} end end jumpCount = gg.getValues(jumpCount) jumpPointer = gg.getValues(jumpPointer) if #jumpCount == 0 then nonFoundValues() jumpCounter() end gg.addListItems(jumpCount) end jumpCounter() function characterAnim() --features mappedMemoryRangesJump(0xCC64D8 ,0xCC6010) gg.setRanges(gg.REGION_ANONYMOUS) gg.searchNumber(mainAddressPoint["address"], gg.TYPE_QWORD) filterSettings(2, 0x74, 0xB0, 0x8E0, gg.TYPE_DWORD, gg.TYPE_DWORD, gg.TYPE_FLOAT) gg.clearResults() characterAnimation = gg.getValues(filterTable) if #characterAnimation == 0 then nonFoundValues() characterAnim() end gg.addListItems(characterAnimation) end characterAnim() function fullGameSpeed() --features mappedMemoryRangesJump(0x27B548, 0x27B660) gg.setRanges(gg.REGION_ANONYMOUS) gg.searchNumber(mainAddressPoint["address"], gg.TYPE_QWORD) filterSettings(3, 0x33, 0x0, 0x300, gg.TYPE_BYTE, gg.TYPE_BYTE, gg.TYPE_FLOAT) gg.clearResults() gameSpeedFull = gg.getValues(filterTable) if #gameSpeedFull == 0 then nonFoundValues() fullGameSpeed() end gg.addListItems(gameSpeedFull) end fullGameSpeed() function charsObjectSpeed() --features mappedMemoryRangesJump(0xC82268, 0xC81DA0) gg.setRanges(gg.REGION_ANONYMOUS) gg.searchNumber(mainAddressPoint["address"], gg.TYPE_QWORD) filterSettings(4, 0x40, 0x58, 0x1640, gg.TYPE_DWORD, gg.TYPE_QWORD, gg.TYPE_FLOAT) gg.clearResults() characterObjectSpeed = gg.getValues(filterTable) if #characterObjectSpeed == 0 then nonFoundValues() charsObjectSpeed() end gg.addListItems(characterObjectSpeed) end charsObjectSpeed() function valueCheck() --features if jumpPointer[1]["value"] ~= jumpPointerCheck then -- all values have changed address gg.toast("Values have changed address, Script will auto search values again in 10 sec.") gg.sleep(10000) jumpCount[1]["freeze"] = false -- unfreeze to prevent crash gg.addListItems(jumpCount) jumpCounter() characterAnim() fullGameSpeed() charsObjectSpeed() gg.toast("Script ready") end end function START() --menu speed = gg.prompt ( {'Animation Speed | default value = 1 | [0.1; 10.0]', 'Game Speed | default value = 1 [0.1; 10.0]', 'Playerobject Speed | default value = 1 [0.1; 10.0]', 'Jump hack'}, {[1]='1', [2]='1', [3]='1'}, {'number', 'number', 'number', 'checkbox'} ) if speed == nil then noselect() else if speed[1] then for i = 1, #characterAnimation do characterAnimation[i]["value"] = speed[1] end gg.setValues(characterAnimation) end if speed[2] then for i = 1, #gameSpeedFull do gameSpeedFull[i]["value"] = speed[2] end gg.setValues(gameSpeedFull) end if speed[3] then for i = 1, #characterObjectSpeed do characterObjectSpeed[i]["value"] = speed[3] end gg.setValues(characterObjectSpeed) end if speed[4] then for i = 1, #jumpCount do jumpCount[i]["value"] = "0" jumpCount[i]["freeze"] = true gg.addListItems(jumpCount) end end end end function noselect() gg.toast('You not select anything') end START() while (true) do if gg.isVisible() then gg.setVisible(false) START() else --should only execute when user used a feature for first time. jumpPointer = gg.getValues(jumpPointer) valueCheck() end gg.sleep(200) end Currently the script executes the features first before it uses gg.prompt. i want the gg.prompt to run first and then make the features only run once, and then let the while loop take care of it. However the while loop as has issues. If the gg.prompt menu equals nil for the first time of opening it then it should not execute this else part in the while loop Untill the user has pressed his first feature in the menu, pressing "Ok" is also a feature. When user pressed a feature it won't matter anymore if menu was nil or not and the code after the else statement is then allowed to be executed: START() while (true) do if gg.isVisible() then gg.setVisible(false) START() else -- action after else should not be executed aslong user has used its first feature jumpPointer = gg.getValues(jumpPointer) valueCheck() end gg.sleep(200) end How to proceed?
  10. Don't use on main account. They updated anticheat after creation of the script. Im not sure what bans. You will have to test.
  11. No more updates.
  12. Just tried, on first sight i wasn't able to fix the freezing. The values that point to the class in which your desired value is keeps changing. One of these pointers crash the game when editing it to zero or to an other location in memory with same data. Crash does not happen instantly but after few sec. So replicating the data didn't work to by pass that freezing. But, if your main objective is to change the values of the roulette tokens you can use the daily rewards. Your using 32 bit so the video will be according to that. Basically you search a value in the daily rewards. Day 15 has 25 diamonds. I search 25 in double. Get a few 100 results. Use increment to narrow down value. Then go to first pointer few bytes above the address were your value is contained, copy the offset between the two addresses. Then go to that pointer. Then do pointer search. Then save all the values in the result list to saved list. Then do the same offset calculation (0x28) then place the values in the result list. Refine them to 1~5000 as it will contain all the values related to rewards..etc. Edit them. Then do a purchase.
  13. I was actually looking for make a script to try out the seeker bar feature in GG. So i used this game as test app, as seeker bar works very well for speed hacks. Also this game is Unreal engine. And doesn't require some expensive phone. It even runs on Nox emulator. I made some test script, with some basic features. Didn't really try to cheat it but lots of stuff can probably be found. If you like to i can share it when its finished, i probably add more features because the game is kind of getting popular, ofc no need to pay, its just a game and i do it for learn my self. Others can just benefit from it through my script. Here you have video: mobizen_20220819_212837(0).mp4
  14. Hi, can you show us how we find the value?
  15. Way out of range. Tagged pointer is one problem, Bigger problem is that it is the value that has the needed pointers near it which is out of range. Haven't find any other pointers that are properly ordered to get the desired values. Except for manually group searching. If manual group search is the only way then i suggest to install 32 bit apk of the game. Then script will work.
  16. One thing i forgot on the script was to add the appropriate regions,mainly its Ca but some special devices like emu will be only Anonymous or Other. Its included in script now. com.mytona.seekersnotes.android.lua
  17. I would suggest to do some prints on the script so we can find the issue. Is instruction set architecture value correct as in your apk? (If not then script uses wrong offsets), (return instructionSetArchitecture) Do you get 500+ results when first qword search happen?(make sure to try region (A, Ca, O) manually(just for sure) If above two are working correct it can be that your offsets for the pointers are different after the search. (Which would be strange, but you can check it manually) Check manually(this is for the first process level of Cafe): group search: 180D;35D;20D;4D;7D;10D;0D;0D;19D:33 18 or 9 results. Refine 4D Go to address of one of the two(there function is same) Go to address. You should see two pointers. They point to same address. 64bit -> - 0x1C and 32bit -> - 0x14 Go to pointer. Then you should see a string named .types = 126,879,515,898,890 and a pointer above that. Pointer should be 64bit -> 0x10 and 32bit -> 0x8 from the value 126,879,515,898,890. That pointer points back to the address where we saw two pointers. You have that?
  18. Tested on Memu 32 bit apk which only uses region A and a Xiaomi phone 64 bit apk Which is Ca before uploading. Both worked. If not emulator you must select region Ca. Where did the issue occure?
  19. Made a quick script just in case. Finding the values manually for each object location and progress level seems tiring as all values are all different. The script loads every process rate value for each location. Execute and edit all values to zero and it will give same results as above. com.mytona.seekersnotes.android.lua
  20. Hello Jennie1998, Please note: Value is dword. Value is different for each progress rate and object location Decreasing value = increasing % per play How value is found: First thing to try would be searching for nearby values because i could not find that process rate value directly either. Since the game starts with the Cafe i look there. Start with group searching the values from up to down(ignore symbols first): 75;60;19:: I get results, refine to 75. Use increment by 1 on the results to see if anything happens to desired value. 75 became 84, refine 84(make sure you reverted all other values to avoid crash) We must go to address of the value..to inspect if your process rate value is there. We first should analyze the structure, so we know more or less the range in which we should edit. We can see values that represent the same as on the board. 84, 60 and 19. As shown on the board. Since they are all dword values properly structured it seems to resemble a some data that represents stats. The stats visible on that board. We don't see anywhere the value 100, yet in memory it shows that value. Since it is a dword value between the 60 and 19 (known values) it should not be harmful to edit that value. I edit it to zero. Then switch board and return so that effects have taken. Value changed from 0% to NaN%, We play a game, you finish it in one go.
  21. Don't know what it is you need? You need Xa libil2cpp.so only for your research? No idea why but on Nox emulator its usually working a bit different: https://mega.nz/file/2AUnVZpD#h9bIE8Q99lExtyCHl2FTzw4E8HKJ-lxTWSrNOoPOyc0
  22. Has to be dumped with GG. Both libil2cpp.so and metadata.dat. Then it can be dumped with il2cpp dumper.
  23. Sadly has no subtitles. There is a other video. Bit more information and has YT subtitle feature avaible.
  24. Personnaly i don't really get the point of obfuscating a script that your not even selling(i guess your not selling). At fist all scripts where open source and people could learn from it..now alot think there script is so valuable no one is allowed to see it. Im only talking about those scripts made for specific games. Not talking about tools. @HEROGAMEOfficial im not sure because i can't install your game but are this some of your values? If so then i think the info is enough after a few tries here and there to replicate your behaviour. I also don't expect you to tell me. I would not know eitherway as i can't install that game. I tried for learning purposes. Not looking for take anything. testHero.txt
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.