-
Posts
934 -
Joined
-
Last visited
-
Days Won
39
Content Type
Profiles
Forums
Downloads
Gallery
Posts posted by Platonic
-
-
8 hours ago, BrEeZy808 said:
can this be used online answer quick bro
Used to. This script is from 2018. I doubt it still works.
1 -
31 minutes ago, MAARS said:
gg.prompt return nil when the user dismiss the dialog. So a simple condition check on the variable will do it
local prompt = gg.prompt({"Enter number"}) if not prompt then gg.alert("You dismissed the dialog") else gg.alert(("The number is: %s"):format(prompt[1])) end
There are issues because of the functionality of the script.
"if gg.prompt == nil" was included in the script.
If the script is designed to open the prompt menu first before executing the functions based on user input, i must know if the user presses nil or not untill the user used one of the features for the first time. That is my question. How can i put some check so that i know that the user has not used any feature yet, and only pressed nil instead. As long that situation is happening the script is not allowed to execute this code:
jumpPointer = gg.getValues(jumpPointer) valueCheck()
because it will lead to a function that has a variable that only exist in the jumpCounter() function, a function that hasn't been used yet because the user pressed nil.
Also this check is needed because imagen the user used some feature in the promp but afterwards he presses nil. Then this:
jumpPointer = gg.getValues(jumpPointer) valueCheck()
Would not be executed because you only set a flag that it should not be executed when nil, since what i want is that it only doesn't execute untill a feature has be used.
0 -
Having some issue. I have a gg.prompt menu.
function mappedMemoryRangesJump(scatteredExecutable, compactExecutable) if #memoryMap == 3 then mainAddressPoint = {address = memoryMap[1]["start"] + startPointer[1]["value"] + compactExecutable} elseif #memoryMap >= 4 then mainAddressPoint = {address = memoryMap[1]["start"] + startPointer[1]["value"] + scatteredExecutable} end end function nonFoundValues() gg.toast("the values are not found yet, trying again in 10 sec") gg.sleep(1000) end function filterSettings(set, offset_0, offset_1, offset_2, dataTye_0, dataType_1, dataType_2) local resultTable = gg.getResults(gg.getResultsCount()) filterTable = {} for i, v in ipairs(resultTable) do local filter = {{address = resultTable[i]["address"] + offset_0, flags = dataTye_0}} local filter_1 = {{address = resultTable[i]["address"] + offset_1, flags = dataType_1}} filter = gg.getValues(filter) filter_1 = gg.getValues(filter_1) if set == 2 then if filter[1]["value"] == "2" and filter_1[1]["value"] ~= "0" then filterTable[#filterTable + 1] = {address = resultTable[i]["address"] + offset_2, flags = dataType_2} end end if set == 3 then if filter[1]["value"] == "2" then filterTable[#filterTable + 1] = {address = resultTable[i]["address"] + offset_2, flags = dataType_2} end end if set == 4 then if filter[1]["value"] == "1031127695" and filter_1[1]["value"] ~= "0" then filterTable[#filterTable + 1] = {address = resultTable[i]["address"] + offset_2, flags = dataType_2} end end end end local old = gg.getRanges() function jumpCounter() --features mappedMemoryRangesJump(0x269F60, 0x26A0D8) gg.setRanges(gg.REGION_ANONYMOUS) gg.searchNumber(mainAddressPoint["address"], gg.TYPE_QWORD) jumpPointerCheck = mainAddressPoint["address"] local startPointerJump = gg.getResults(20) jumpCount = {} jumpPointer = {} gg.clearResults() for i, v in ipairs(startPointerJump) do local filter = {{address = startPointerJump[i]["address"] + 0x8, flags = gg.TYPE_DWORD}} filter = gg.getValues(filter) if filter[1]["value"] == "8" then jumpCount[#jumpCount + 1] = {address = startPointerJump[i]["address"] + 0x358, flags = gg.TYPE_DWORD} jumpPointer[#jumpPointer + 1] = {address = startPointerJump[i]["address"], flags = gg.TYPE_QWORD} end end jumpCount = gg.getValues(jumpCount) jumpPointer = gg.getValues(jumpPointer) if #jumpCount == 0 then nonFoundValues() jumpCounter() end gg.addListItems(jumpCount) end jumpCounter() function characterAnim() --features mappedMemoryRangesJump(0xCC64D8 ,0xCC6010) gg.setRanges(gg.REGION_ANONYMOUS) gg.searchNumber(mainAddressPoint["address"], gg.TYPE_QWORD) filterSettings(2, 0x74, 0xB0, 0x8E0, gg.TYPE_DWORD, gg.TYPE_DWORD, gg.TYPE_FLOAT) gg.clearResults() characterAnimation = gg.getValues(filterTable) if #characterAnimation == 0 then nonFoundValues() characterAnim() end gg.addListItems(characterAnimation) end characterAnim() function fullGameSpeed() --features mappedMemoryRangesJump(0x27B548, 0x27B660) gg.setRanges(gg.REGION_ANONYMOUS) gg.searchNumber(mainAddressPoint["address"], gg.TYPE_QWORD) filterSettings(3, 0x33, 0x0, 0x300, gg.TYPE_BYTE, gg.TYPE_BYTE, gg.TYPE_FLOAT) gg.clearResults() gameSpeedFull = gg.getValues(filterTable) if #gameSpeedFull == 0 then nonFoundValues() fullGameSpeed() end gg.addListItems(gameSpeedFull) end fullGameSpeed() function charsObjectSpeed() --features mappedMemoryRangesJump(0xC82268, 0xC81DA0) gg.setRanges(gg.REGION_ANONYMOUS) gg.searchNumber(mainAddressPoint["address"], gg.TYPE_QWORD) filterSettings(4, 0x40, 0x58, 0x1640, gg.TYPE_DWORD, gg.TYPE_QWORD, gg.TYPE_FLOAT) gg.clearResults() characterObjectSpeed = gg.getValues(filterTable) if #characterObjectSpeed == 0 then nonFoundValues() charsObjectSpeed() end gg.addListItems(characterObjectSpeed) end charsObjectSpeed() function valueCheck() --features if jumpPointer[1]["value"] ~= jumpPointerCheck then -- all values have changed address gg.toast("Values have changed address, Script will auto search values again in 10 sec.") gg.sleep(10000) jumpCount[1]["freeze"] = false -- unfreeze to prevent crash gg.addListItems(jumpCount) jumpCounter() characterAnim() fullGameSpeed() charsObjectSpeed() gg.toast("Script ready") end end function START() --menu speed = gg.prompt ( {'Animation Speed | default value = 1 | [0.1; 10.0]', 'Game Speed | default value = 1 [0.1; 10.0]', 'Playerobject Speed | default value = 1 [0.1; 10.0]', 'Jump hack'}, {[1]='1', [2]='1', [3]='1'}, {'number', 'number', 'number', 'checkbox'} ) if speed == nil then noselect() else if speed[1] then for i = 1, #characterAnimation do characterAnimation[i]["value"] = speed[1] end gg.setValues(characterAnimation) end if speed[2] then for i = 1, #gameSpeedFull do gameSpeedFull[i]["value"] = speed[2] end gg.setValues(gameSpeedFull) end if speed[3] then for i = 1, #characterObjectSpeed do characterObjectSpeed[i]["value"] = speed[3] end gg.setValues(characterObjectSpeed) end if speed[4] then for i = 1, #jumpCount do jumpCount[i]["value"] = "0" jumpCount[i]["freeze"] = true gg.addListItems(jumpCount) end end end end function noselect() gg.toast('You not select anything') end START() while (true) do if gg.isVisible() then gg.setVisible(false) START() else --should only execute when user used a feature for first time. jumpPointer = gg.getValues(jumpPointer) valueCheck() end gg.sleep(200) end
Currently the script executes the features first before it uses gg.prompt. i want the gg.prompt to run first and then make the features only run once, and then let the while loop take care of it. However the while loop as has issues.
If the gg.prompt menu equals nil for the first time of opening it then it should not execute this else part in the while loop Untill the user has pressed his first feature in the menu, pressing "Ok" is also a feature. When user pressed a feature it won't matter anymore if menu was nil or not and the code after the else statement is then allowed to be executed:
START() while (true) do if gg.isVisible() then gg.setVisible(false) START() else -- action after else should not be executed aslong user has used its first feature jumpPointer = gg.getValues(jumpPointer) valueCheck() end gg.sleep(200) end
How to proceed?
0 -
On 7/30/2022 at 9:49 AM, Yokosooooo said:
any updates?
No more updates.
0 -
Just tried, on first sight i wasn't able to fix the freezing. The values that point to the class in which your desired value is keeps changing. One of these pointers crash the game when editing it to zero or to an other location in memory with same data. Crash does not happen instantly but after few sec. So replicating the data didn't work to by pass that freezing.
But, if your main objective is to change the values of the roulette tokens you can use the daily rewards.
Your using 32 bit so the video will be according to that.
Basically you search a value in the daily rewards. Day 15 has 25 diamonds. I search 25 in double. Get a few 100 results. Use increment to narrow down value. Then go to first pointer few bytes above the address were your value is contained, copy the offset between the two addresses. Then go to that pointer. Then do pointer search. Then save all the values in the result list to saved list. Then do the same offset calculation (0x28) then place the values in the result list. Refine them to 1~5000 as it will contain all the values related to rewards..etc. Edit them. Then do a purchase.
1 -
I was actually looking for make a script to try out the seeker bar feature in GG. So i used this game as test app, as seeker bar works very well for speed hacks.
Also this game is Unreal engine. And doesn't require some expensive phone. It even runs on Nox emulator. I made some test script, with some basic features. Didn't really try to cheat it but lots of stuff can probably be found. If you like to i can share it when its finished, i probably add more features because the game is kind of getting popular, ofc no need to pay, its just a game and i do it for learn my self. Others can just benefit from it through my script. Here you have video:
8 -
18 minutes ago, xander1009 said:
just tried that and value still keeps resetting to the original
Hi, can you show us how we find the value?
0 -
Way out of range.
Tagged pointer is one problem, Bigger problem is that it is the value that has the needed pointers near it which is out of range.
Haven't find any other pointers that are properly ordered to get the desired values. Except for manually group searching.
If manual group search is the only way then i suggest to install 32 bit apk of the game.
Then script will work.
0 -
One thing i forgot on the script was to add the appropriate regions,mainly its Ca but some special devices like emu will be only Anonymous or Other. Its included in script now.
0 -
I would suggest to do some prints on the script so we can find the issue.
- Is instruction set architecture value correct as in your apk? (If not then script uses wrong offsets), (return instructionSetArchitecture)
- Do you get 500+ results when first qword search happen?(make sure to try region (A, Ca, O) manually(just for sure)
- If above two are working correct it can be that your offsets for the pointers are different after the search. (Which would be strange, but you can check it manually)
Check manually(this is for the first process level of Cafe): group search: 180D;35D;20D;4D;7D;10D;0D;0D;19D:33
18 or 9 results.
Refine 4D
Go to address of one of the two(there function is same)
Go to address. You should see two pointers. They point to same address. 64bit -> - 0x1C and 32bit -> - 0x14
Go to pointer. Then you should see a string named .types = 126,879,515,898,890 and a pointer above that. Pointer should be 64bit -> 0x10 and 32bit -> 0x8 from the value 126,879,515,898,890. That pointer points back to the address where we saw two pointers. You have that?
0 -
1 hour ago, MonkeySAN said:
the script doesnt working.
no results found.
did you double check it?
Tested on Memu 32 bit apk which only uses region A and a Xiaomi phone 64 bit apk Which is Ca before uploading. Both worked. If not emulator you must select region Ca. Where did the issue occure?
0 -
Made a quick script just in case. Finding the values manually for each object location and progress level seems tiring as all values are all different. The script loads every process rate value for each location. Execute and edit all values to zero and it will give same results as above.
0 -
Hello Jennie1998,
Please note:
- Value is dword.
- Value is different for each progress rate and object location
- Decreasing value = increasing % per play
How value is found:
First thing to try would be searching for nearby values because i could not find that process rate value directly either. Since the game starts with the Cafe i look there.
Start with group searching the values from up to down(ignore symbols first): 75;60;19::
I get results, refine to 75. Use increment by 1 on the results to see if anything happens to desired value.
75 became 84, refine 84(make sure you reverted all other values to avoid crash)
We must go to address of the value..to inspect if your process rate value is there. We first should analyze the structure, so we know more or less the range in which we should edit.
We can see values that represent the same as on the board. 84, 60 and 19. As shown on the board. Since they are all dword values properly structured it seems to resemble a some data that represents stats. The stats visible on that board.
We don't see anywhere the value 100, yet in memory it shows that value. Since it is a dword value between the 60 and 19 (known values) it should not be harmful to edit that value. I edit it to zero. Then switch board and return so that effects have taken.
Value changed from 0% to NaN%, We play a game, you finish it in one go.
1 -
Don't know what it is you need? You need Xa libil2cpp.so only for your research? No idea why but on Nox emulator its usually working a bit different: https://mega.nz/file/2AUnVZpD#h9bIE8Q99lExtyCHl2FTzw4E8HKJ-lxTWSrNOoPOyc0
0 -
On 7/16/2022 at 1:43 PM, sammax71 said:
I tried to make a dump.cs but it didn't work so I guess there's some kind of protection going on.
Has to be dumped with GG. Both libil2cpp.so and metadata.dat. Then it can be dumped with il2cpp dumper.
0 -
On 8/3/2022 at 7:10 PM, kimfai said:
I wonder if you can match the video with subtitles. My hearing is a little impaired. If it's inconvenient, it doesn't matter. Thank you
Sadly has no subtitles. There is a other video. Bit more information and has YT subtitle feature avaible.
0 -
Personnaly i don't really get the point of obfuscating a script that your not even selling(i guess your not selling). At fist all scripts where open source and people could learn from it..now alot think there script is so valuable no one is allowed to see it. Im only talking about those scripts made for specific games. Not talking about tools. @HEROGAMEOfficial im not sure because i can't install your game but are this some of your values? If so then i think the info is enough after a few tries here and there to replicate your behaviour. I also don't expect you to tell me. I would not know eitherway as i can't install that game. I tried for learning purposes. Not looking for take anything.
0 -
On 7/25/2022 at 11:01 AM, Ferib said:
You take your lua code, obfuscate your lua code, then use THAT obfuscated lua code. (it will run just fine)
Hello. Can you explain why GG can run obfuscated scripts, i see scripts that start with "LuaR"? New to this. Also does this work the same as with encrypted metadata that when loaded during runtime the texts becomes readable because it has been decrypted with some key(i think). If i recall a serious member of the forum once explained that no matter what the obfuscation is, GG has to understand the script. So it must do some conversion in something GG understands. Let me know because it kind of seems interesting for learn. Thanks.
0 -
On 6/24/2022 at 8:33 PM, darklinux said:
https://gameguardian.net/help/classgg.html#a15e72eaba99c1eadac1ccdeb8e2b5009
Has some good info
I would use a site like https://godbolt.org/
I'm using ARM64 gcc trunk
You can write some c++ code like,
int square(int num) { return num * num; }
and get asm for it
sub sp, sp, #16 str w0, [sp, 12] ldr w0, [sp, 12] mul w0, w0, w0 add sp, sp, 16 ret
then use something like http://shell-storm.org/online/Online-Assembler-and-Disassembler/
I'm using AArch64
This will take your asm and convert it to byte code
"\xff\x43\x00\xd1\xe0\x0f\x00\xb9\xe0\x0f\x40\xb9\x00\x7c\x00\x1b\xff\x43\x00\x91\xc0\x03\x5f\xd6"
You will need to write your own functions, but something like this,
local shell_code = "\xff\x43\x00\xd1\xe0\x0f\x00\xb9\xe0\x0f\x40\xb9\x00\x7c\x00\x1b\xff\x43\x00\x91\xc0\x03\x5f\xd6" local shell_address = gg.allocatePage(gg.PROT_READ | gg.PROT_WRITE | gg.PROT_EXEC) local result = hook(offset + base, shell_code, shell_address)
I would recommend reading over this project,
So i can as well allocate a memory page and writhe a function in assembly, and make the pointer that points to the original function point to the new function that has been allocated?
I don't understand a thing of C++ to be fair, a little bit ARM 32/64, so was thinking about writhing it out and converting to hex and past it in the new allocated memory page. Then setting pointers to new function.
0 -
2 minutes ago, gxost said:
I am not really sure, but I think this guy stopped making script... since there is no sound from him for so long. But hey.. Author.. if you read my message, know that your script helped me in making my own script. Because of you I started making my own Sky script.
Yeah, not working on sky for long time and not planning to work further on it. Glad to hear you made your own script for the game, if you want to you can also use values from this script, use whatever you need and continue improving
1 -
1 hour ago, HorridModz said:
If class name changes, it won't work?
Then it won't work no, but i haven't tried it on so much games so maby the name changing is mostly a thing with obfuscated games. Not sure.
0 -
On 6/26/2022 at 2:19 AM, Yuukis said:
On the other hand, game may have different offsets depending on library architecture wich can differs each device. I only recommend doing it only on Armeabi (armv7), x86, or arm64 arch if you're going to make public hacks.
But you can just dump both 32/64 of the game so that you can input the right offsets. You then need to know the instruction set architecture and check if its 32 or 64 bit so that script works for most devices.
0 -
On 6/26/2022 at 2:19 AM, Yuukis said:
Probably he just mentioned about debug symbols wich can be the same on each update. Just search some string near or on that area of target, it can pinpoint you to that target.
On the other hand, game may have different offsets depending on library architecture wich can differs each device. I only recommend doing it only on Armeabi (armv7), x86, or arm64 arch if you're going to make public hacks.
Offsets in metadata are the first character of the string. So unless the string name changes each update you could use this method to.
@HorridModz you can use the guns of boom script for check how offset is used. Its open source. Print the offsets or save them in the saved list. Then go to its address...you can see that each offset is the first char of a string. The string is equal to the class name. Then the address of that first char is used as new search...so you can either use offsets to get that first char..or you can search the full string. Check the script.
0 -
6 hours ago, Xameth said:
Do you have any group chat or forum etc, so I could follow you
No, i only use the forum.
0
How to know if gg.prompt is nil before his features are executed
in Help
Posted
Working great