[How to know if gg.prompt is nil before his features are executed]

On 9/1/2022 at 4:01 PM, MAARS said:

I am a little bit lost here can you explain a little please.

For me the simple way to solve this is using state, for example on top of your script you put 

local isUsed = false

And after the first use of your function you just set it to true 

Working great

[War Robot Hack]

8 hours ago, BrEeZy808 said:

can this be used online answer quick bro

Used to. This script is from 2018. I doubt it still works.

[How to know if gg.prompt is nil before his features are executed]

31 minutes ago, MAARS said:

gg.prompt return nil when the user dismiss the dialog. So a simple condition check on the variable will do it 

local prompt = gg.prompt({"Enter number"})
if not prompt then 
  gg.alert("You dismissed the dialog")
else 
  gg.alert(("The number is: %s"):format(prompt[1]))
end

 

There are issues because of the functionality of the script. 

"if gg.prompt == nil" was included in the script.

If the script is designed to open the prompt menu first before executing the  functions based on user input, i must know if the user presses nil or not untill the user used one of the features for the first time. That is my question. How can i put some check so that i know that the user has not used any feature yet, and only pressed nil instead. As long that situation is happening the script is not allowed to execute this code:

jumpPointer = gg.getValues(jumpPointer)
valueCheck()

because it will lead to a function that has a variable that only exist in the jumpCounter() function, a function that hasn't been used yet because the user pressed nil.

Also this check is needed because imagen the user used some feature in the promp but afterwards he presses nil. Then this:

jumpPointer = gg.getValues(jumpPointer)
    valueCheck()

Would not be executed because you only set a flag that it should not be executed when nil, since what i want is that it only doesn't execute untill a feature has be used.

[How to know if gg.prompt is nil before his features are executed]

Having some issue. I have a gg.prompt menu. 

function mappedMemoryRangesJump(scatteredExecutable, compactExecutable)
  if #memoryMap == 3 then
    mainAddressPoint = {address = memoryMap[1]["start"] + startPointer[1]["value"] + compactExecutable}
  elseif #memoryMap >= 4 then
    mainAddressPoint = {address = memoryMap[1]["start"] + startPointer[1]["value"] + scatteredExecutable}
  end
end

function nonFoundValues()
  gg.toast("the values are not found yet, trying again in 10 sec")
  gg.sleep(1000)
end

function filterSettings(set, offset_0, offset_1, offset_2, dataTye_0, dataType_1, dataType_2)
  local resultTable = gg.getResults(gg.getResultsCount())
  filterTable = {}
  for i, v in ipairs(resultTable) do
    local filter = {{address = resultTable[i]["address"] + offset_0, flags = dataTye_0}}
    local filter_1 = {{address = resultTable[i]["address"] + offset_1, flags = dataType_1}}
    filter = gg.getValues(filter)
    filter_1 = gg.getValues(filter_1)
    if set == 2 then
      if filter[1]["value"] == "2" and filter_1[1]["value"] ~= "0" then
        filterTable[#filterTable + 1] = {address = resultTable[i]["address"] + offset_2, flags = dataType_2}
      end
    end
    if set == 3 then
      if filter[1]["value"] == "2" then
        filterTable[#filterTable + 1] = {address = resultTable[i]["address"] + offset_2, flags = dataType_2}
      end
    end
    if set == 4 then
      if filter[1]["value"] == "1031127695" and filter_1[1]["value"] ~= "0" then
        filterTable[#filterTable + 1] = {address = resultTable[i]["address"] + offset_2, flags = dataType_2}
      end
    end
  end
end

local old = gg.getRanges()

function jumpCounter() --features
  mappedMemoryRangesJump(0x269F60, 0x26A0D8)
  gg.setRanges(gg.REGION_ANONYMOUS)
  gg.searchNumber(mainAddressPoint["address"], gg.TYPE_QWORD)
  jumpPointerCheck = mainAddressPoint["address"]
  local startPointerJump = gg.getResults(20)
  jumpCount = {}
  jumpPointer = {}
  gg.clearResults()
  for i, v in ipairs(startPointerJump) do
    local filter = {{address = startPointerJump[i]["address"] + 0x8, flags = gg.TYPE_DWORD}}
    filter = gg.getValues(filter)
    if filter[1]["value"] == "8" then
      jumpCount[#jumpCount + 1] = {address = startPointerJump[i]["address"] + 0x358, flags = gg.TYPE_DWORD}
      jumpPointer[#jumpPointer + 1] = {address = startPointerJump[i]["address"], flags = gg.TYPE_QWORD}
    end
  end
  jumpCount = gg.getValues(jumpCount)
  jumpPointer = gg.getValues(jumpPointer)
  if #jumpCount == 0 then
    nonFoundValues()
    jumpCounter()
  end
  gg.addListItems(jumpCount)
end
jumpCounter()

function characterAnim() --features
  mappedMemoryRangesJump(0xCC64D8 ,0xCC6010)
  gg.setRanges(gg.REGION_ANONYMOUS)
  gg.searchNumber(mainAddressPoint["address"], gg.TYPE_QWORD)
  filterSettings(2, 0x74, 0xB0, 0x8E0, gg.TYPE_DWORD, gg.TYPE_DWORD, gg.TYPE_FLOAT)
  gg.clearResults()
  characterAnimation = gg.getValues(filterTable)
  if #characterAnimation == 0 then
    nonFoundValues()
    characterAnim()
  end
  gg.addListItems(characterAnimation)
end
characterAnim()

function fullGameSpeed() --features
  mappedMemoryRangesJump(0x27B548, 0x27B660)
  gg.setRanges(gg.REGION_ANONYMOUS)
  gg.searchNumber(mainAddressPoint["address"], gg.TYPE_QWORD)
  filterSettings(3, 0x33, 0x0, 0x300, gg.TYPE_BYTE, gg.TYPE_BYTE, gg.TYPE_FLOAT)
  gg.clearResults()
  gameSpeedFull = gg.getValues(filterTable)
  if #gameSpeedFull == 0 then
    nonFoundValues()
    fullGameSpeed()
  end
  gg.addListItems(gameSpeedFull)
end
fullGameSpeed()

function charsObjectSpeed() --features
  mappedMemoryRangesJump(0xC82268, 0xC81DA0)
  gg.setRanges(gg.REGION_ANONYMOUS)
  gg.searchNumber(mainAddressPoint["address"], gg.TYPE_QWORD)
  filterSettings(4, 0x40, 0x58, 0x1640, gg.TYPE_DWORD, gg.TYPE_QWORD, gg.TYPE_FLOAT)
  gg.clearResults()
  characterObjectSpeed = gg.getValues(filterTable)
  if #characterObjectSpeed == 0 then
    nonFoundValues()
    charsObjectSpeed()
  end
  gg.addListItems(characterObjectSpeed)
end
charsObjectSpeed()

function valueCheck() --features
  if jumpPointer[1]["value"] ~= jumpPointerCheck then -- all values have changed address
    gg.toast("Values have changed address, Script will auto search values again in 10 sec.")
    gg.sleep(10000)
    jumpCount[1]["freeze"] = false -- unfreeze to prevent crash
    gg.addListItems(jumpCount)
    jumpCounter()
    characterAnim()
    fullGameSpeed()
    charsObjectSpeed()
    gg.toast("Script ready")
  end
end

function START() --menu
  speed = gg.prompt
  (
    {'Animation Speed | default value = 1 | [0.1; 10.0]', 'Game Speed | default value = 1  [0.1; 10.0]', 'Playerobject Speed | default value = 1  [0.1; 10.0]', 'Jump hack'},
    {[1]='1', [2]='1', [3]='1'},
    {'number', 'number', 'number', 'checkbox'}
  )
  
  if speed == nil then
    noselect()
  else
    
    if speed[1] then
      for i = 1, #characterAnimation do
        characterAnimation[i]["value"] = speed[1]
      end
      gg.setValues(characterAnimation)
    end
    
    if speed[2] then
      for i = 1, #gameSpeedFull do
        gameSpeedFull[i]["value"] = speed[2]
      end
      gg.setValues(gameSpeedFull)
    end
    
    if speed[3] then
      for i = 1, #characterObjectSpeed do
        characterObjectSpeed[i]["value"] = speed[3]
      end
      gg.setValues(characterObjectSpeed)
    end
    
    if speed[4] then
      for i = 1, #jumpCount do
        jumpCount[i]["value"] = "0"
        jumpCount[i]["freeze"] = true
        gg.addListItems(jumpCount)
      end
    end
    
  end
end


function noselect()
  gg.toast('You not select anything')
end

START()
while (true) do
  if gg.isVisible() then
    gg.setVisible(false)
    START()
  else --should only execute when user used a feature for first time. 
    jumpPointer = gg.getValues(jumpPointer)
    valueCheck()
  end
  gg.sleep(200) 
end

Currently the script executes the features first before it uses gg.prompt. i want the gg.prompt to run first and then make the features only run once, and then let the while loop take care of it. However the while loop as has issues.

If the gg.prompt menu equals nil for the first time of opening it then it should not execute this else part in the while loop Untill the user has pressed his first feature in the menu, pressing "Ok" is also a feature. When user pressed a feature it won't matter anymore if menu was nil or not and the code after the else statement is then allowed to be executed:

START()
while (true) do
  if gg.isVisible() then
    gg.setVisible(false)
    START()
  else -- action after else should not be executed aslong user has used its first feature
    jumpPointer = gg.getValues(jumpPointer)
    valueCheck()
  end
  gg.sleep(200) 
end

How to proceed?

[Genshin Impact]

On 7/30/2022 at 9:49 AM, Yokosooooo said:

any updates?

 

No more updates. 

[value keeps reverting when i try to change it]

Just tried, on first sight i wasn't able to fix the freezing. The values that point to the class in which your desired value is keeps changing. One of these pointers crash the game when editing it to zero or to an other location in memory with same data. Crash does not happen instantly but after few sec. So replicating the data didn't work to by pass that freezing.

But, if your main objective is to change the values of the roulette tokens you can use the daily rewards.

Your using 32 bit so the video will be according to that. 

Basically you search a value in the daily rewards. Day 15 has 25 diamonds. I search 25 in double. Get a few 100 results. Use increment to narrow down value. Then go to first pointer few bytes above the address were your value is contained, copy the offset between the two addresses. Then go to that pointer. Then do pointer search. Then save all the values in the result list to saved list. Then do the same offset calculation (0x28) then place the values in the result list. Refine them to 1~5000 as it will contain all the values related to rewards..etc. Edit them. Then do a purchase. 

 

[Tower of Fantasy]

I was actually looking for make a script to try out the seeker bar feature in GG. So i used this game as test app, as seeker bar works very well for speed hacks.

Also this game is Unreal engine. And doesn't require some expensive phone. It even runs on Nox emulator. I made some test script, with some basic features. Didn't really try to cheat it but lots of stuff can probably be found. If you like to i can share it when its finished, i probably add more features because the game is kind of getting popular, ofc no need to pay, its just a game and i do it for learn my self. Others can just benefit from it through my script. Here you have video: 

 

 

 

 

[value keeps reverting when i try to change it]

18 minutes ago, xander1009 said:

just tried that and value still keeps resetting to the original

Hi, can you show us how we find the value? 

[Can't hack decimal values, pls help!]

Way out of range. 

Tagged pointer is one problem, Bigger problem is that it is the value that has the needed pointers near it which is out of range.

Haven't find any other pointers that are properly ordered to get the desired values. Except for manually group searching.

If manual group search is the only way then i suggest to install 32 bit apk of the game.

Then script will work.

[Can't hack decimal values, pls help!]

One thing i forgot on the script was to add the appropriate regions,mainly its Ca but some special devices like emu will be only Anonymous or Other. Its included in script now.

com.mytona.seekersnotes.android.lua

[Can't hack decimal values, pls help!]

I would suggest to do some prints on the script so we can find the issue. 

• Is instruction set architecture value correct as in your apk? (If not then script uses wrong offsets), (return instructionSetArchitecture)
• Do you get 500+ results when first qword search happen?(make sure to try region (A, Ca, O) manually(just for sure)
• If above two are working correct it can be that your offsets for the pointers are different after the search. (Which would be strange, but you can check it manually)

Check manually(this is for the first process level of Cafe): group search: 180D;35D;20D;4D;7D;10D;0D;0D;19D:33

18 or 9 results.

Refine 4D

Go to address of one of the two(there function is same)

Go to address. You should see two pointers. They point to same address. 64bit -> - 0x1C and 32bit -> - 0x14

Go to pointer. Then you should see a string named .types = 126,879,515,898,890 and a pointer above that. Pointer should be 64bit -> 0x10 and 32bit -> 0x8 from the value 126,879,515,898,890. That pointer points back to the address where we saw two pointers. You have that?

[Can't hack decimal values, pls help!]

1 hour ago, MonkeySAN said:

the script doesnt working.

no results found.

did you double check it?

Tested on Memu 32 bit apk which only uses region A and a Xiaomi phone 64 bit apk Which is Ca before uploading. Both worked. If not emulator you must select region Ca. Where did the issue occure?

[Can't hack decimal values, pls help!]

Made a quick script just in case. Finding the values manually for each object location and progress level seems tiring as all values are all different. The script loads every process rate value for each location. Execute and edit all values to zero and it will give same results as above.

com.mytona.seekersnotes.android.lua

[Can't hack decimal values, pls help!]

Hello Jennie1998,

Please note:

• Value is dword.
• Value is different for each progress rate and object location
• Decreasing value = increasing % per play

How value is found:

First thing to try would be searching for nearby values because i could not find that process rate value directly either. Since the game starts with the Cafe i look there.

Start with group searching the values from up to down(ignore symbols first): 75;60;19::

I get results, refine to 75. Use increment by 1 on the results to see if anything happens to desired value. 

75 became 84, refine 84(make sure you reverted all other values to avoid crash)

We must go to address of the value..to inspect if your process rate value is there. We first should analyze the structure, so we know more or less the range in which we should edit.

We can see values that represent the same as on the board. 84, 60 and 19. As shown on the board. Since they are all dword values properly structured it seems to resemble a some data that represents stats. The stats visible on that board.

We don't see anywhere the value 100, yet in memory it shows that value. Since it is a dword value between the 60 and 19 (known values) it should not be harmful to edit that value. I edit it to zero. Then switch board and return so that effects have taken.

Value changed from 0% to NaN%, We play a game, you finish it in one go.

[Lib Il2cpp not show]

Don't know what it is you need? You need Xa libil2cpp.so only for your research? No idea why but on Nox emulator its usually working a bit different: https://mega.nz/file/2AUnVZpD#h9bIE8Q99lExtyCHl2FTzw4E8HKJ-lxTWSrNOoPOyc0

[Lib Il2cpp not show]

On 7/16/2022 at 1:43 PM, sammax71 said:

I tried to make a dump.cs but it didn't work so I guess there's some kind of protection going on.

Has to be dumped with GG. Both libil2cpp.so and metadata.dat. Then it can be dumped with il2cpp dumper.

[Genshin Impact| How to find values using pointers and metadata]

On 8/3/2022 at 7:10 PM, kimfai said:

I wonder if you can match the video with subtitles. My hearing is a little impaired. If it's inconvenient, it doesn't matter. Thank you

Sadly has no subtitles. There is a other video. Bit more information and has YT subtitle feature avaible.

[I need a good encryption]

Personnaly i don't really get the point of obfuscating a script that your not even selling(i guess your not selling). At fist all scripts where open source and people could learn from it..now alot think there script is so valuable no one is allowed to see it. Im only talking about those scripts made for specific games. Not talking about tools. @HEROGAMEOfficial im not sure because i can't install your game but are this some of your values? If so then i think the info is enough after a few tries here and there to replicate your behaviour. I also don't expect you to tell me. I would not know eitherway as i can't install that game. I tried for learning purposes. Not looking for take anything.

testHero.txt

[I need a good encryption]

On 7/25/2022 at 11:01 AM, Ferib said:

You take your lua code, obfuscate your lua code, then use THAT obfuscated lua code. (it will run just fine)

Hello. Can you explain why GG can run obfuscated scripts, i see scripts that start with "LuaR"? New to this. Also does this work the same as with encrypted metadata that when loaded during runtime the texts becomes readable because it has been decrypted with some key(i think). If i recall a serious member of the forum once explained that no matter what the obfuscation is, GG has to understand the script. So it must do some conversion in something GG understands. Let me know because it kind of seems interesting for learn. Thanks.

[gg.allocatePage code help]

On 6/24/2022 at 8:33 PM, darklinux said:

https://gameguardian.net/help/classgg.html#a15e72eaba99c1eadac1ccdeb8e2b5009
Has some good info
 

I would use a site like https://godbolt.org/

I'm using ARM64 gcc trunk

You can write some c++ code like,

int square(int num) {
    return num * num;
}

and get asm for it

sub     sp, sp, #16
str     w0, [sp, 12]
ldr     w0, [sp, 12]
mul     w0, w0, w0
add     sp, sp, 16
ret

 

then use something like http://shell-storm.org/online/Online-Assembler-and-Disassembler/

I'm using AArch64

This will take your asm and convert it to byte code

"\xff\x43\x00\xd1\xe0\x0f\x00\xb9\xe0\x0f\x40\xb9\x00\x7c\x00\x1b\xff\x43\x00\x91\xc0\x03\x5f\xd6"

 

You will need to write your own functions, but something like this,

local shell_code = "\xff\x43\x00\xd1\xe0\x0f\x00\xb9\xe0\x0f\x40\xb9\x00\x7c\x00\x1b\xff\x43\x00\x91\xc0\x03\x5f\xd6"
local shell_address = gg.allocatePage(gg.PROT_READ | gg.PROT_WRITE | gg.PROT_EXEC)
local result = hook(offset + base, shell_code, shell_address)

 

I would recommend reading over this project,

GGInjector (#9c9qcq9g)

 

So i can as well allocate a memory page and writhe a function in assembly, and make the pointer that points to the original function point to the new function that has been allocated?

I don't understand a thing of C++ to be fair, a little bit ARM 32/64, so was thinking about writhing it out and converting to hex and past it in the new allocated memory page. Then setting pointers to new function.

[Sky: Children of The Light]

2 minutes ago, gxost said:

I am not really sure, but I think this guy stopped making script... since there is no sound from him for so long. But hey.. Author.. if you read my message, know that your script helped me in making my own script. Because of you I started making my own Sky script.

Yeah, not working on sky for long time and not planning to work further on it. Glad to hear you made your own script for the game, if you want to you can also use values from this script, use whatever you need and continue improving

[Dump Memory Guidance]

1 hour ago, HorridModz said:

If class name changes, it won't work?

Then it won't work no, but i haven't tried it on so much games so maby the name changing is mostly a thing with obfuscated games. Not sure.

[Dump Memory Guidance]

On 6/26/2022 at 2:19 AM, Yuukis said:

On the other hand, game may have different offsets depending on library architecture wich can differs each device. I only recommend doing it only on Armeabi (armv7), x86, or arm64 arch if you're going to make public hacks. 

But you can just dump both 32/64 of the game so that you can input the right offsets. You then need to know the instruction set architecture and check if its 32 or 64 bit so that script works for most devices.

[Dump Memory Guidance]

On 6/26/2022 at 2:19 AM, Yuukis said:

Probably he just mentioned about debug symbols wich can be the same on each update. Just search some string near or on that area of target, it can pinpoint you to that target. 

On the other hand, game may have different offsets depending on library architecture wich can differs each device. I only recommend doing it only on Armeabi (armv7), x86, or arm64 arch if you're going to make public hacks. 

Offsets in metadata are the first character of the string. So unless the string name changes each update you could use this method to.

@HorridModz you can use the guns of boom script for check how offset is used. Its open source. Print the offsets or save them in the saved list. Then go to its address...you can see that each offset is the first char of a string. The string is equal to the class name. Then the address of that first char is used as new search...so you can either use offsets to get that first char..or you can search the full string. Check the script. 

[Genshin Impact]

6 hours ago, Xameth said:

Do you have any group chat or forum etc, so I could follow you

No, i only use the forum.