Jump to content

Platonic

Contributor
  • Posts

    803
  • Joined

  • Last visited

  • Days Won

    29

Everything posted by Platonic

  1. Platonic

    help

    Well, teleport is for each game different. You can't really ask for someone to write script for it for if they don't know the game. Also, it will just end up someone else writhing teleport script for you.
  2. Platonic

    help

    Did you check first if your game doesn't has any rubber banding mechanism? You can not just think you will be able to teleport because you found xyz values. Lots of games have protection against that, you get teleported back to previous location because server does not allow jumps of specific times, frames. But in lots of cases the flags are set on vertical and horizontal. Not for example diagonal. But then time/frames play role. Only when you understand how the values works and how to counter all the mechanism the game has in place you should start writhing teleport script. Like does the xyz values sometimes change address while being in match? This happens as well. How will you counter that? The GoB script will know that. Its a requirement otherwise you get crashes and non working teleports.
  3. Platonic

    help

    But in the script pointers are used. Its not like every game has pointer coordinates.
  4. Well, i search the weaponSound class manually. Then i search the desired gun. The i pointer search the start address of the field address of that gun and see if there is a pointer that is always pointing to that gun or some weapon of it. Then i check which class that value that is pointing to the start of that field address of that gun belongs to. In this case it belongs to claas weaponManager. Then when you find the class struct there will be a address having the value which point to the metadata. In this case its named weaponManager. But if your search weaponManager you get to much results so you copy some extra bytes to refine the results amount.
  5. This value doesnt work?: h 57 65 61 70 6F 6E 4D 61 6E 61 67 65 72 00 E4 B8 9E E4 B8 94 E4 B8 89 E4 Found it by pointer searching the first field offsets address.
  6. It doesn't matter if its obfuscated or not. The objective would be to find a pointer that always point to your desired weapon. Here is a video example (you want to disable the sound, i recorded sound by accident). Where it shows it always finds your gun. Without needing to do everything all over again. Regardless of leaving a match. So can you kind of picture how you would have to script it? Manually the value is not efficient ti use for edit, but when you script it, it is better then the other option of pointer searching again and again because you actually don't need to search anything.
  7. Did you check the class: WeaponManager ?
  8. Scripting this should be doable. The only issue usually is refining till you get only one result. There are two methods you could try. One is copying the data of that specific gun and allocating that data at a read and write page with your own modified values and then setting the pointer that point to the start of your gun class equal to the start of the gun class which you have allocated. Its not a guarantee it works but it could prevent you from having to search the value all over again. But it could as well be that your game is crashing. See here for an example. Eitherway you need to script it. Second method you can take from nok1a's script. We use the start of a char in the metadata.dat and pointer search it till the region Anonymous and set or required parameters. Then you also need to find a value that indicates when the match is finished or not. I need to do that as well for the game Tower of Fantasy. I believe the class your editing has a field as weapon ID's. Each weapon should be different. You can filter based on that. So that eventually all that would be left is the desired value that you would like to modify. Actually i don't even think you need to refine to one result. Its possible that all the results you got was for different weapon ID's Nice cheat btw.
  9. Is this for a script your making? Is the value static during the match? It's not the issue though.
  10. Why? Already has highest range.
  11. Did some quick checking and its a first for me to, to see the names are scattered around in different locations in memory. I can't give you a solution. There are also two global metadata headers i believe. Can't spectate it because lost access to 010 Editor but you can search the magical bytes in Ca and copy. I believe header size is 272 bytes. But this could be 264 bytes as well i believe. If you would replace the header from the meta in Others with that of Ca il2cppdumper would recognize it as a valid metadata. But then the values in the header don't correspond with the rest of the metadata. So if the metadata is encrypted the meta in Ca is the one that has no encryption. But im just assuming here. You would need to look deeper in to it. Both meta headers point to different code/meta registration. I'm not sure if its realistic to say that you could try to fix the values in the Others metadata so that it corresponds to the data of the Ca meta header? This was just some idea. Further then that i can't help you. But perhaps people more suitable for the issue can help you.
  12. Ah nvm i see your refering to the if statement. Yes that has been fixed. I originally used elseif. Just to be sure.
  13. It increases the distance in which the game alerts you that there is a supply pod.
  14. I believe the script is understandable if you understand the game a bit. I just try to avoid group searches and repeating behaviour which slows down the script or increases its size or makes me spend more time writhing. For load all cheats with group search it takes one minute. By making this script with offsets it only takes 10 sec. Then checks are also there to alert if values changed or things like that. Everything has purpose. Its also more easy for me to update as i don't need to change much things.
  15. Based on my objective Maars solution is great because what i needed was for the script to execute a specific action when the condition was met. That condition was, using a feature of the prompt, if feature has been used for the first time then condition is met. Which was resolved using boolean values true/false. He gave me the idea with the expectation i implemented it. Which i did. I placed the bool at each feature. You can see it here. Its named "menuHasBeenUsed", and its set true only when a feature from the prompt is used. For example here: function boolCheck() menuHasBeenUsed = false loopMenu = 0 end boolCheck() And then in the prompt: if speed == nil then noselect() else if speed[1] then menuHasBeenUsed = true charLoop = charLoop + 1 if charLoop <= 1 then characterAnim() end for i = 1, #characterAnimation do characterAnimation[i]["value"] = speed[1] end gg.setValues(characterAnimation) end I do not use it for nill because i dont want that "menuHasBeenUsed" becomes true if nill. So i don't see a issue.
  16. Using some temporary fix. if menuBool == false then speed = gg.prompt ( {'Animation Speed | default value = 1 | [1; 10]', 'Game Speed | default value = 1 [1; 10]', 'Playerobject Speed | default value = 1 [1; 10]', 'Jump hack', 'Player size | default value = 1 [1;10]'}, {[1]='1', [2]='1', [3]='1', [5]='1'}, {'number', 'number', 'number', 'checkbox', 'number'} ) end if menuBool == true then speed = gg.prompt ( {'Animation Speed | default value = 1 | [1; 10]', 'Game Speed | default value = 1 [1; 10]', 'Playerobject Speed | default value = 1 [1; 10]', 'Jump hack', 'Player size | default value = 1 [1;10]'}, {[1]=characterAnimation[1]["value"], [2]=gameSpeedFull[1]["value"], [3]=characterObjectSpeed[1]["value"], [5]=characterObjectSize[1]["value"]}, {'number', 'number', 'number', 'checkbox', 'number'} ) end It works fine using a the tables but im not sure if its good idea for use it. I do like to know how to fix the error of the original question.
  17. When user sets the value of the seekbar, the seekbar must display the new values when user opens the gg.prompt. The script partly works, but i receive an error the moment the second menu becomes nil. function boolCheck() menuHasBeenUsed = false loopMenu = 0 end boolCheck() function loopCheck() charLoop = 0 gameSpdLoop = 0 objSpdLoop = 0 jmpLoop = 0 charSizeLoop = 0 end loopCheck() function menu() menuBool = false end menu() function menu() menuBool = false end menu() function START() if menuBool == false then speed = gg.prompt ( {'Animation Speed | default value = 1 | [1; 10]', 'Game Speed | default value = 1 [1; 10]', 'Playerobject Speed | default value = 1 [1; 10]', 'Jump hack', 'Player size | default value = 1 [1;10]'}, {[1]='1', [2]='1', [3]='1', [5]='1'}, {'number', 'number', 'number', 'checkbox', 'number'} ) elseif menuBool == true then speed = gg.prompt ( {'Animation Speed | default value = 1 | [1; 10]', 'Game Speed | default value = 1 [1; 10]', 'Playerobject Speed | default value = 1 [1; 10]', 'Jump hack', 'Player size | default value = 1 [1;10]'}, {[1]=speed[1], [2]=speed[2], [3]=speed[3], [5]=speed[5]}, {'number', 'number', 'number', 'checkbox', 'number'} ) end menuBool = true if speed == nil then noselect() else if speed[1] then menuHasBeenUsed = true charLoop = charLoop + 1 if charLoop <= 1 then characterAnim() end for i = 1, #characterAnimation do characterAnimation[i]["value"] = speed[1] end gg.setValues(characterAnimation) end if speed[2] then menuHasBeenUsed = true gameSpdLoop = gameSpdLoop + 1 if gameSpdLoop <= 1 then fullGameSpeed() end for i = 1, #gameSpeedFull do gameSpeedFull[i]["value"] = speed[2] end gg.setValues(gameSpeedFull) end if speed[3] then menuHasBeenUsed = true objSpdLoop = objSpdLoop + 1 if objSpdLoop <= 1 then charsObjectSpeed() end for i = 1, #characterObjectSpeed do characterObjectSpeed[i]["value"] = speed[3] end gg.setValues(characterObjectSpeed) end if speed[4] then menuHasBeenUsed = true for i = 1, #jumpCount do jumpCount[i]["value"] = "0" jumpCount[i]["freeze"] = true gg.addListItems(jumpCount) end end if speed[5] then menuHasBeenUsed = true charSizeLoop = charSizeLoop + 1 if charSizeLoop <= 1 then charsObjectSize() end for i = 1, #characterObjectSize do characterObjectSize[i]["value"] = speed[5] end gg.setValues(characterObjectSize) end print(speed) end end function noselect() gg.toast('You not select anything') end START() while (true) do if gg.isVisible() then gg.setVisible(false) START() else if menuHasBeenUsed == true then jumpPointer = gg.getValues(jumpPointer) valueCheck() end end gg.sleep(200) end Error: Script error: luaj.o: /storage/emulated/0/Pictures/LearningLua.lua:209 ` {[1]=speed[1], [2]=speed[2], [3]=speed[3], [5]=speed[5]},` attempt to index ? (a nil value) with key '1' (global 'speed') level = 1, const = 41, proto = 0, upval = 1, vars = 9, code = 215 GETTABLE v3 v3 1 ; PC 41 CODE 01C280C7 OP 7 A 3 B 3 C 266 Bx 1802 sBx -129269 stack traceback: /storage/emulated/0/Pictures/LearningLua.lua:209 in function 'START' /storage/emulated/0/Pictures/LearningLua.lua:288 in main chunk [Java]: in ? at luaj.LuaValue.f(src:989) at luaj.LuaValue.c(src:2864) at luaj.LuaValue.i(src:2767) at luaj.LuaValue.w(src:1094) at luaj.LuaClosure.a(src:363) at luaj.LuaClosure.l(src:160) at luaj.LuaClosure.a(src:533) at luaj.LuaClosure.l(src:160) at android.ext.Script.d(src:6056) at android.ext.Script$ScriptThread.run(src:5785)
  18. Used to. This script is from 2018. I doubt it still works.
  19. Hi, ofc no problem. Will reach you on discord.
  20. There are issues because of the functionality of the script. "if gg.prompt == nil" was included in the script. If the script is designed to open the prompt menu first before executing the functions based on user input, i must know if the user presses nil or not untill the user used one of the features for the first time. That is my question. How can i put some check so that i know that the user has not used any feature yet, and only pressed nil instead. As long that situation is happening the script is not allowed to execute this code: jumpPointer = gg.getValues(jumpPointer) valueCheck() because it will lead to a function that has a variable that only exist in the jumpCounter() function, a function that hasn't been used yet because the user pressed nil. Also this check is needed because imagen the user used some feature in the promp but afterwards he presses nil. Then this: jumpPointer = gg.getValues(jumpPointer) valueCheck() Would not be executed because you only set a flag that it should not be executed when nil, since what i want is that it only doesn't execute untill a feature has be used.
  21. Having some issue. I have a gg.prompt menu. function mappedMemoryRangesJump(scatteredExecutable, compactExecutable) if #memoryMap == 3 then mainAddressPoint = {address = memoryMap[1]["start"] + startPointer[1]["value"] + compactExecutable} elseif #memoryMap >= 4 then mainAddressPoint = {address = memoryMap[1]["start"] + startPointer[1]["value"] + scatteredExecutable} end end function nonFoundValues() gg.toast("the values are not found yet, trying again in 10 sec") gg.sleep(1000) end function filterSettings(set, offset_0, offset_1, offset_2, dataTye_0, dataType_1, dataType_2) local resultTable = gg.getResults(gg.getResultsCount()) filterTable = {} for i, v in ipairs(resultTable) do local filter = {{address = resultTable[i]["address"] + offset_0, flags = dataTye_0}} local filter_1 = {{address = resultTable[i]["address"] + offset_1, flags = dataType_1}} filter = gg.getValues(filter) filter_1 = gg.getValues(filter_1) if set == 2 then if filter[1]["value"] == "2" and filter_1[1]["value"] ~= "0" then filterTable[#filterTable + 1] = {address = resultTable[i]["address"] + offset_2, flags = dataType_2} end end if set == 3 then if filter[1]["value"] == "2" then filterTable[#filterTable + 1] = {address = resultTable[i]["address"] + offset_2, flags = dataType_2} end end if set == 4 then if filter[1]["value"] == "1031127695" and filter_1[1]["value"] ~= "0" then filterTable[#filterTable + 1] = {address = resultTable[i]["address"] + offset_2, flags = dataType_2} end end end end local old = gg.getRanges() function jumpCounter() --features mappedMemoryRangesJump(0x269F60, 0x26A0D8) gg.setRanges(gg.REGION_ANONYMOUS) gg.searchNumber(mainAddressPoint["address"], gg.TYPE_QWORD) jumpPointerCheck = mainAddressPoint["address"] local startPointerJump = gg.getResults(20) jumpCount = {} jumpPointer = {} gg.clearResults() for i, v in ipairs(startPointerJump) do local filter = {{address = startPointerJump[i]["address"] + 0x8, flags = gg.TYPE_DWORD}} filter = gg.getValues(filter) if filter[1]["value"] == "8" then jumpCount[#jumpCount + 1] = {address = startPointerJump[i]["address"] + 0x358, flags = gg.TYPE_DWORD} jumpPointer[#jumpPointer + 1] = {address = startPointerJump[i]["address"], flags = gg.TYPE_QWORD} end end jumpCount = gg.getValues(jumpCount) jumpPointer = gg.getValues(jumpPointer) if #jumpCount == 0 then nonFoundValues() jumpCounter() end gg.addListItems(jumpCount) end jumpCounter() function characterAnim() --features mappedMemoryRangesJump(0xCC64D8 ,0xCC6010) gg.setRanges(gg.REGION_ANONYMOUS) gg.searchNumber(mainAddressPoint["address"], gg.TYPE_QWORD) filterSettings(2, 0x74, 0xB0, 0x8E0, gg.TYPE_DWORD, gg.TYPE_DWORD, gg.TYPE_FLOAT) gg.clearResults() characterAnimation = gg.getValues(filterTable) if #characterAnimation == 0 then nonFoundValues() characterAnim() end gg.addListItems(characterAnimation) end characterAnim() function fullGameSpeed() --features mappedMemoryRangesJump(0x27B548, 0x27B660) gg.setRanges(gg.REGION_ANONYMOUS) gg.searchNumber(mainAddressPoint["address"], gg.TYPE_QWORD) filterSettings(3, 0x33, 0x0, 0x300, gg.TYPE_BYTE, gg.TYPE_BYTE, gg.TYPE_FLOAT) gg.clearResults() gameSpeedFull = gg.getValues(filterTable) if #gameSpeedFull == 0 then nonFoundValues() fullGameSpeed() end gg.addListItems(gameSpeedFull) end fullGameSpeed() function charsObjectSpeed() --features mappedMemoryRangesJump(0xC82268, 0xC81DA0) gg.setRanges(gg.REGION_ANONYMOUS) gg.searchNumber(mainAddressPoint["address"], gg.TYPE_QWORD) filterSettings(4, 0x40, 0x58, 0x1640, gg.TYPE_DWORD, gg.TYPE_QWORD, gg.TYPE_FLOAT) gg.clearResults() characterObjectSpeed = gg.getValues(filterTable) if #characterObjectSpeed == 0 then nonFoundValues() charsObjectSpeed() end gg.addListItems(characterObjectSpeed) end charsObjectSpeed() function valueCheck() --features if jumpPointer[1]["value"] ~= jumpPointerCheck then -- all values have changed address gg.toast("Values have changed address, Script will auto search values again in 10 sec.") gg.sleep(10000) jumpCount[1]["freeze"] = false -- unfreeze to prevent crash gg.addListItems(jumpCount) jumpCounter() characterAnim() fullGameSpeed() charsObjectSpeed() gg.toast("Script ready") end end function START() --menu speed = gg.prompt ( {'Animation Speed | default value = 1 | [0.1; 10.0]', 'Game Speed | default value = 1 [0.1; 10.0]', 'Playerobject Speed | default value = 1 [0.1; 10.0]', 'Jump hack'}, {[1]='1', [2]='1', [3]='1'}, {'number', 'number', 'number', 'checkbox'} ) if speed == nil then noselect() else if speed[1] then for i = 1, #characterAnimation do characterAnimation[i]["value"] = speed[1] end gg.setValues(characterAnimation) end if speed[2] then for i = 1, #gameSpeedFull do gameSpeedFull[i]["value"] = speed[2] end gg.setValues(gameSpeedFull) end if speed[3] then for i = 1, #characterObjectSpeed do characterObjectSpeed[i]["value"] = speed[3] end gg.setValues(characterObjectSpeed) end if speed[4] then for i = 1, #jumpCount do jumpCount[i]["value"] = "0" jumpCount[i]["freeze"] = true gg.addListItems(jumpCount) end end end end function noselect() gg.toast('You not select anything') end START() while (true) do if gg.isVisible() then gg.setVisible(false) START() else --should only execute when user used a feature for first time. jumpPointer = gg.getValues(jumpPointer) valueCheck() end gg.sleep(200) end Currently the script executes the features first before it uses gg.prompt. i want the gg.prompt to run first and then make the features only run once, and then let the while loop take care of it. However the while loop as has issues. If the gg.prompt menu equals nil for the first time of opening it then it should not execute this else part in the while loop Untill the user has pressed his first feature in the menu, pressing "Ok" is also a feature. When user pressed a feature it won't matter anymore if menu was nil or not and the code after the else statement is then allowed to be executed: START() while (true) do if gg.isVisible() then gg.setVisible(false) START() else -- action after else should not be executed aslong user has used its first feature jumpPointer = gg.getValues(jumpPointer) valueCheck() end gg.sleep(200) end How to proceed?
  22. function filterSettings(set, offset_0, offset_1, offset_2, dataTye_0, dataType_1, dataType_2) local resultTable = gg.getResults(gg.getResultsCount()) filterTable = {} for i, v in ipairs(resultTable) do local filter = {{address = resultTable[i]["address"] + offset_0, flags = dataTye_0}} local filter_1 = {{address = resultTable[i]["address"] + offset_1, flags = dataType_1}} filter = gg.getValues(filter) filter_1 = gg.getValues(filter_1) if set == 2 then if filter[1]["value"] == "2" and filter_1[1]["value"] ~= "0" then filterTable[#filterTable + 1] = {address = resultTable[i]["address"] + offset_2, flags = dataType_2} end end if set == 3 then if filter[1]["value"] == "2" then filterTable[#filterTable + 1] = {address = resultTable[i]["address"] + offset_2, flags = dataType_2} end end if set == 4 then if filter[1]["value"] == "1031127695" and filter_1[1]["value"] ~= "0" then filterTable[#filterTable + 1] = {address = resultTable[i]["address"] + offset_2, flags = dataType_2} end end end end I'm writhing several times the "if" statement, beside the conditions all the actions of the if statements are the same. Can it be optimized? I don't know the proper way to nest the if statements so that i only have to use this code once: filterTable[#filterTable + 1] = {address = resultTable[i]["address"] + offset_2, flags = dataType_2}
  23. Hi, used to do something similair like this with Fiddler and GG years ago. Im quite sure with decent knowledge of Lua/Python scripting, Java, GG and networking you can pull of some good things. With only GG its not possible to find the right data to modify before its been sended to the server because that info changes all the time, and sometimes gets removed from the process and mapped somewhere else in process vm. And you don't know how it looks so proxy debuggers like Fiddler or Burpsuite are a good bet but you can also make your own proxy debugger, if you do it in Lua i heard you can use Luasocket/Lapis, if you don't have PC you can use packet capture app on mobile. You need to set up a proxy. Then you can sniff HTTP, HTTPS, HTTP/2 and websockets, You can then analyze each session and see if there is something of interest. Let's say for example that the URL of one of the sessions is of interests, and needs to be modified. You can use Gameguardian to find that URL on the client. Then see how or what you have to modify about it and then use the gg.makeRequest() with modified info. Usually the URL string, application parameters is encrypted (beside server name indicator) and private key is stored on the server. So if you don't modify the data correctly you could receive an invalid response from the server. So you should modify the URL with data which is already encrypted on the client but your aware of what it does. Like that you could get a valid response from the server to which the client acts on accordingly. I do advise you to check out the GG help. But for currency hacks modifying http packages will not help. No one in their right mind sends over currency data though HTTP(S), it was done on some old games, But in reallity they usually use UDP. So you probably need WireShark. But to be fair i don't think GG and Wireshark can be properly used, at least i think so. But quite sure with the right knowledge its possible.
  24. Platonic

    Help offset pointers

    I already gave you the answer. You ask for example but not all games are the same. So i can only give example of how it works in general. Which i just did but i was expecting to leave the rest your knowledge on how to use pointers...etc. Most examples are for Unity games but not all games are Unity so i give you a general explenation that does not care about the game engine or whatsoever. Scenario: I found X coordinates in some game, took me 5 min to find. When i restart the game i must find the values again. I don't want that. The values around the coordinates are changing each time so i can't do group search. My only option is doing pointer search. Solution: You need to find a value that points to an executable. First you check if the distance between your value(in my case the X coordinate with address 0x6FCF08C690)and the pointer you found stays the same. Even after restart. If its not the same then you need to look for the next pointer. I found a pointer at offset -0x1E0, with address 0x6FCF08C4B0 it pointed directly to a segment of an executable. The pointer met the following conditions: It points to an segment of an executable / or it points to an address on which you can use pointer search as well which eventually gets you to an executable or some static data on which you can perform an offset calculation. The offset from the pointer to the X coordinate did not change. So you do pointer search, you can see it points a segment of the executable. Its in Cb: .data. with address 0x70836DCAC8 We now know that as long the process is running the pointer in region A will point to that address in CD. Even if the X coordinate value in A changes address we know that on its offset - 0x1E0 there will be that pointer pointing to that address. If we would restart the game the offset from X coordinate to that value pointer would still be - 0x1E0. Since the value on that address in Cd is a pointer as well we need to search a bit deeper so that we reach the place where it's only assembly instructions. So i goto its pointer. The address is 0x707D66CBB8 So we reached the segment of the executable where its all ARM assembly instructions. In this case the instructions are 64 bit. Now we need to see where is the start of the executable is. Copy the address 0x707D66CBB8 and see which region it is. The address 0x707D66CBB8 is located in Xa The start of that segment is in 0x707D33D000 however in this case its not the start of the executable. But its because of this type of game and the architecture. Normally in most games the start of that segment in which your value is located is the start of the executable. For me the start of thr executable is the first libUE4.so path that you can see. Which is in region Cd and has address 0x7079183000 You calculate the offset from start of executable to the address where you found your value which was in Xa. In my case thats 0x44E9BBA Now you have everything you need. I saved it all in the saved list, hope it looks clear. So now next time you start the game and search for X coordinate you can directly do this: Find the mapped memory region in which the start of your executable is. In my case its in Cd and the name of the executable is libUE4.so Do the offset calculation which was 0x44E9BBA Then pointer search its address since we have a value that points to that address in region Cd Then pointer search the address in Cd which eventually shows you the pointer in region A Then offset 0x1E0 which eventually gets you to the X coordinate value It can happend that you get multiply unwanted results while doing pointer searches but thats up to your eyes on how to filter those out.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.