Jump to content

Platonic

Contributor
  • Posts

    934
  • Joined

  • Last visited

  • Days Won

    39

Posts posted by Platonic

  1. 19 minutes ago, revoltac said:

    When i run the script, prompt 'Path to libUE4.so can not be found, download the APK of the game from the APKpure and try again

    I already download but still same problem, please help thanks

    Move the libUE4.so file to correct directory, see video. 

     

  2. 2 hours ago, XEKEX said:

    lua script runs from top to buttom it won't execute the condition befor the the val get increment also last value in dex won't meet the requirement for the condition this is why u need to put all conditions on top of the loop
    885131675_Capturedcran2023-01-22082850.thumb.png.3ec86f73d717ca3d637e1b952b250a6d.png

    This is my point, it does meet the requirement because valStart gets incremented by 0x250 before the if statement will check and compare valStart. If i put the if statement at the top, the loop will index once more which is a waste to do because we already know that the value has reached the condition when valStart was incremented. So for that reason i placed the if statement at the bottom.

    dex = {}
    for i = 1, loop do
    if valStart >= range[3]["end"] then 
    print(i, "Condition: "..string.format("%x",  valStart), string.format("%x", valEnd))
    break end
    print(i, "Current: "..string.format("%x",  valStart),"End address: "..string.format("%x", valEnd))
      dex[#dex + 1] = {address = valStart, flags = gg.TYPE_QWORD}
      valStart = valStart + 0x250
    end

    Look like this: 

    Screenshot_2023-01-22-10-39-31-235_com_rs.explorer.filemanager.thumb.jpg.842fa24578778500e79441bdecd4d9d3.jpg

    It will increment loop once more and then do the break. At the top.

    But here i do if statement at the botton before loop index increments:

    dex = {}
    for i = 1, loop do
    print(i, "Current: "..string.format("%x",  valStart),"End address: "..string.format("%x", valEnd))
      dex[#dex + 1] = {address = valStart, flags = gg.TYPE_QWORD}
      valStart = valStart + 0x250
    if valStart >= range[3]["end"] then 
    print(i, "Condition: "..string.format("%x",  valStart), string.format("%x", valEnd))
    break end
    end

    IMG_20230122_104500.thumb.jpg.3be8caad707a63f0cd76bcaee3c1c461.jpg

  3. 20 hours ago, XEKEX said:

    for i = 1, loop do
    if valStart >= range[3]["end"] then break ---->>>>>> make the if statment at the start so it won't add some unwanted addresses an cause crush later
    dex[#dex + 1] = {address = valStart, flags = gg.TYPE_QWORD}
    valStart = valStart + 0x250

    end
    end

    Hmm although i see what you mean. I just printed out but i can't see a difference that would cause unwanted addresses.

    When the condition in the loop is met it will break the loop. In this case regardless if the if statement is placed at start or end. Because the variable varStart gets incremented by 250 before new address and flags gets added to the dex table. So actually i think its better that the if statement is at the end(in this case) so that the loop gets broken before the loop increments.

    dex = {}
    for i = 1, loop do
      dex[#dex + 1] = {address = valStart, flags = gg.TYPE_QWORD}
      valStart = valStart + 0x250 
      if valStart >= range[3]["end"] then break end -- break before loop gets incremented
    end

    But let me know your opinion.

     

  4. local count = gg.getResultsCount()
    local valueRes = gg.getResults(count)
    local valueResFi = {}
    for i, v in ipairs(valueRes) do
      valueResFi[i] = {address = v.value, flags = v.flags}
    end
    gg.loadResults(valueResFi)

    This? Did not try to touch to much the variables.

     

  5. Thanks for providing the info. Notes taken for next time. A small question regarding reference. Is there specific reason why byte.value got referenced through the variable "value" ? 

     

    Screenshot_2023-01-20-06-20-00-269_jp.sblo.pandora.jota.jpg

  6. 16 minutes ago, zolotov_official0 said:

    why do you continue to use these ancient methods of patching, there are loadlists that are faster and easier to update and take less code and are more amenable to obfuscation

    Because the question was not "improve my script" or something like that. Personally i build on what is provided unless asked otherwise.

     

    IMG_20230119_214336.jpg

    IMG_20230119_214351.jpg

  7. 3 hours ago, MAARS said:

    Can you tell the purpose of the script please ?

     

    Must load start address of executables with there responding path name. I use it if i need to find for example the libil2cpp.so in a split apk without moving the files to different folder.

     

    Screenshot_2023-01-19-18-47-34-963_com.miui.home.jpg

    Screenshot_2023-01-19-18-48-02-334_com.android.chrome.jpg

    But its only made for my device, wont work on most other devices. Offsets different..etc

  8. Can the script be improved in writing and speed? When i run the script it seems to take a suspicious amount of time to add the string names to the corresponding addresses.  Im not sure how i could improve it so that the script in general goes faster.

    local range = gg.getRangesList("anon:linker_alloc")
    local valStart = range[3].start + 0x20
    local valEnd = range[3]["end"]
    local loop = valEnd - valStart
    
    dex = {}
    for i = 1, loop do
      dex[#dex + 1] = {address = valStart, flags = gg.TYPE_QWORD}
      valStart = valStart + 0x250
      if valStart >= range[3]["end"] then break end
    end
    
    gg.loadResults(dex)
    gg.refineNumber(0, gg.TYPE_QWORD, nil, gg.SIGN_NOT_EQUAL)
    
    local dex = gg.getResults(gg.getResultsCount())
    local strPointer = {}
    local exe = {}
    
    for i, v in ipairs(dex) do
      strPointer[i] = {address = v.address + 0xC8, flags = gg.TYPE_QWORD}
      exe[i] = {address = v.value, flags = gg.TYPE_DWORD}
    end
    
    exe = gg.getValues(exe)
    strPointer = gg.getValues(strPointer)
    
    local lup = 1
    local executable = {}
    
    for i = 1, #exe do
      local stringAddress = {}
      local final = {}
      for j = 1, 150 do
        stringAddress[#stringAddress + 1] = {address = strPointer[lup].value, flags = gg.TYPE_BYTE}
        strPointer[lup].value = strPointer[lup].value + 1
      end
      strings = gg.getValues(stringAddress)
      for b, t in ipairs(strings) do
        if strings[b].value ~= "0" then
          final[#final + 1] = string.char(t.value&0xFF)
          a = table.concat(final)
        else
          break
        end
      end
      executable[#executable + 1] = {address = exe[i].address, flags = gg.TYPE_DWORD, name = a}
      lup = lup + 1
    end
    gg.addListItems(executable)
    
    local lib = {}
    for i, v in ipairs(executable) do
      if (string.find(v.name, "libil2cpp.so")) ~= nil then
        lib[#lib + 1] = v
        break
      end
    end
    gg.loadResults(lib)

     

  9. On 7/13/2022 at 9:52 PM, Iqbroly said:

    When I change the value of some item in game guardian and it doesn't work(or doesn't actually change the value permanently) does that mean that it is server sided? Or there are other things/steps I need to follow to confirm that it's not hackable. 

    I don't want to spend time tricking something that's not trickable.

    If it is a item from the store, you can just know it by changing the value of that item and then buying something in the game store. If the math done on the values you changed are based on the original value before modification then it is server sided. Regardless what the value shows on your screen.

  10. On 9/6/2022 at 11:17 AM, shubhamyadav said:

    Hello 👋 sir,

                       I am fresh beginners in game hacking and cracking.

    I have doubt. 

    Maby reading the following sources helps:

    On 9/19/2022 at 3:40 PM, Alessa- said:

     

     

    On 9/6/2022 at 11:17 AM, shubhamyadav said:

    What is  memory Range?

    https://en.m.wikipedia.org/wiki/Data_segment

     

    On 9/6/2022 at 11:17 AM, shubhamyadav said:

    what is  lib ?

    https://en.wikipedia.org/wiki/Library_(computing)

     

    On 9/6/2022 at 11:17 AM, shubhamyadav said:

    what is il2cpp?

    Maby it helps to know how it works: 

    https://docs.unity3d.com/560/Documentation/Manual/IL2CPP-HowItWorks.html

    https://docs.unity3d.com/Manual/IL2CPP.html#HowItWorks

     

    On 9/6/2022 at 11:17 AM, shubhamyadav said:

    What is offsets?

    https://en.m.wikipedia.org/wiki/Offset_(computer_science)

  11. 4 hours ago, Mastertaba said:

    I tried this today but it is just loading and loading. Can you provide video so I can know what I am doing wrong.

    You have to be in the game, and the game should not be on pause  when you activate the script because it will set the value to zero. Make sure there is no message on screen. Here is video:

  12. Its possible that the actual levels are xor encrypted or somehow only accesses through pointers. If they are xor encrypted one could try finding the revert button value

    IMG_20221207_041908.thumb.jpg.6b1d18c4008b390238ff3b97170ced42.jpg

     because that one also cant be found by normal search nor unknown search. Which i think is also in the class UIManager and static. If that one turns out to be a encrypted xor value one could try same xor value on the currency and levels and hope they are the same. But thats just speculation. It could be more efficient to see what methods it has in Xa i think.

    Total moves is actually float while current moves used is dword, Could already be suspicious, but share me your thoughts and approaches we could try.

    Screenshot_2022-12-07-04-22-26-396_com.playspare.watersort3d.thumb.jpg.b5d3d9f512a1f85bd560195b3f71be38.jpg

  13. On 12/5/2022 at 5:38 PM, sammax71 said:

    @erzuu

    Not very helpful to you but I can change the level using Cheat Droid but not with Game Guardian. I'll keep trying.

    Hey, i am not sure if i can help a hand with the research, but there is this class, UIManager, it has 260 fields. It could be interesting? To be fair personally i find design of this game weird but im suspecting everything relevant is under that one class. Either by direct dword values or pointers. I dunno how to check Xa but perhaps its as well interesting for you to research.

  14. 2 hours ago, inzzzi said:

    yes, that's right, and to automatically replace with USP "Geometric"

    Like this?

    function setNewName()
      gg.setRanges(gg.REGION_ANONYMOUS)
      gg.searchNumber(';USP \"Line\"')
      gg.refineNumber(';U')
      local t = gg.getResults(gg.getResultsCount())
      local replaceString = {}
      local stringSize = {}
      local str = {}
      gg.clearResults()
      for i= 1, 15 do
        str[i] = string.sub("USP \"Geometric\"", i, j)
      end
      for i, v in ipairs(t) do
        stringSize[#stringSize + 1] = {address = t[i].address - 0x4, flags = gg.TYPE_WORD, value = 15}
        for charCount = 1, 15 do
          replaceString[#replaceString + 1] = {address = t[i].address, flags = gg.TYPE_WORD, value = string.byte(string.sub(str[charCount], 1, 1))}
          t[i].address = t[i].address + 2
        end
      end
      gg.setValues(replaceString)
      gg.setValues(stringSize)
    end
    setNewName()

     

  15. 1 hour ago, inzzzi said:

    friend please help. How to make sure that the menu does not appear and the desired skin is automatically replaced. can you please do this, I will be very grateful to you :))

    Oh, The desired skin is always USP "Line" ?

  16. 4 hours ago, inzzzi said:

    I tried it and realized that it doesn't work. Skin simply does not find:(

    Very weird, i tried on 64 and 32 bit emulator. Should work fine.

    Did you put the string properly? Show video.

     

  17. On 12/1/2022 at 4:44 AM, inzzzi said:

    I need that when the script is turned on, the names are replaced with the one I need and there is no restriction on characters 

    Does this work?

    function setNewName()
      local t = gg.getResults(gg.getResultsCount())
      local replaceString = {}
      local stringSize = {}
      local str = {}
      gg.clearResults()
      for i= 1, #editname[1] do
        str[i] = string.sub(editname[1], i, j)
      end
      for i, v in ipairs(t) do
        stringSize[#stringSize + 1] = {address = t[i].address - 0x4, flags = gg.TYPE_WORD, value = #editname[1]}
        for charCount = 1, #editname[1] do
          replaceString[#replaceString + 1] = {address = t[i].address, flags = gg.TYPE_WORD, value = string.byte(string.sub(str[charCount], 1, 1))}
          t[i].address = t[i].address + 2
        end
      end
      gg.setValues(replaceString)
      gg.setValues(stringSize)
    end
    function findName()
      gg.setRanges(gg.REGION_ANONYMOUS)
      gg.searchNumber(';'..playername[1])
      local a = gg.getResults(gg.getResultsCount())
      if #a == 0 then
        gg.toast("name not found, search again")
        prompt_search()
      else
        gg.refineNumber(a[1].value..';'..a[2].value..';'..a[3].value..'::5')
        gg.refineNumber(a[1].value)
      end
    end
    
    -- if menu is nil
    function noselect()
      gg.toast('You not select anything')
    end
    
    function prompt_edit()
      editname = gg.prompt(
        {[1] = 'Input name to modify to'},
        {[1] = '0'},
        {[1] = 'text'})
      if editname == nil then noselect() else
        setNewName()
      end
    end
    
    function prompt_search()
      playername = gg.prompt(
        {[1] = 'Input desired player name.'},
        {[1] = '0'},
        {[1] = 'text'})
      if playername == nil then
        noselect()
      else
        findName()
        prompt_edit()
      end
    end
    
    prompt_search()
    while (true) do
      if gg.isVisible() then
        gg.setVisible(false)
        prompt_search()
      end
      gg.sleep(100) 
    end

     

  18. 19 hours ago, MAARS said:

    for me  the main problem is optimization,

    the problem i have noticed

    •  you are using global variable everywhere

    Use local variable, they are more fast

    • can you explain why you double loop here ?

    The first loop might be ok but the second one i think there is to much iteration going on here, an address divided by 4 still result a big number i think

    after test, this his approximately how much time you loop every time, the list still go down, so it is totally normal that you crash.

    image.thumb.png.79152ce2e1be372a8ba31d3c24a03e84.png

    code used for test

    local ranges = gg.getRangesList("anon:libc_malloc")
    
    for i, v in ipairs(ranges) do
      print('( v["end"] - v.start ) / 4 => ', (v["end"] - v.start) / 4)
    end

     

    • You just override a native libary

    Unless you voluntary does it, table is a native library, so when you use it as a variable name you just override everything from it

    • You are using #identifiant +1 to set your table index

    this is a big performance problem, unless you are looping just 10 or 20 time that might be ok, but here you will loop more that 1000 time i guess event more,what the # operator does on a table ? actually it will also loop to count every item on your table so as you guess, when you have a 10k+ item on your table imagine how slow and memory that will take.

    in the beginning you say you must load  value within offset of 4 but since you are using DWORD, offset 4 mean just the next address, since DWORD value are 8bit encoded

     

     

     

    Appreciate the info about memory occupation in Lua and thanks as well for the script examples! Although your scripts are way more efficient, I assumed the 100k method would be faster to reach the full address range of a segment. Reason i don't want to use search is because i miss the data that gets allocated at unused memory addresses while old data gets replaced or cleared due to memory management techniques. Being dependable on addresses being used or not was in this case out of option to me, so i thought i should and could get all addresses in a reasonable time frame. And thats my mistake for thinking that was even optional with loops of 1m+

    CmP is basically pointing out that it is not possible to do that(having a table that has all those addresses stored) because of memory. And if by your own method it still would take long time to process then i guess i have to work towards something else because its just not pleasant to work like that. The scripts you provided where educational for efficiency!

  19. 42 minutes ago, under_score said:

    android 6.0 was released in 2015 (7 years ago)

    i think you need to buy a newer phone

    Its unfortunate that there is no maturity test before making an account. It would be great if you can change the attitude a bit. People that want to show how superior they are do act in a way as you do, Could be by giving joke answers to serious questions. Or simply enable to have a proper conversation. Very self centered and serious arrogance. 

    My question remains.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.