Rastakiwi

There is an exploit in event races. You can change some values during the race without being detected by the anticheat. Look at this: Only event tickets and rewards hack worked for me.

Thanks for the xor type information, I didn't know that, and also never saw that, but it is good to know. ? I don't understand why it seems impossible sometimes to find the key in memory for some games. I check all memory ranges, then dword exact search with the xor key I calculated, but nothing comes out...

l know you try to keep it simple, or maybe you have never seen that, but I'm surprised that you didn't mentioned that the key can be anywhere in memory. Some games store xor keys near the pointer to the value xored. It is the case for Blade crafter (this game is very weirdly encrypted, but anyway). And why couldn't the key be stored very far away sometimes, even if it is not common to do so? In Hitman sniper, I wasn't able to find the xor key in memory even with exact dword search with its value I known. I'm also a litle lost because I was originally looking for xor type in GG, but I didn't find anything about that on the forum.

Can you make a quick video of what you do? Don't use the same key as me if you did that. You have to follow the steps, but you should not have any value like in the video.

By the way I was searching for the xor key in memory but it didn't look like I found it. I don't know why. However after changing some results, some weird stuff happened and I think earned bonus points. There may be something interesting to do with that ;).

Sorry for the long wait, here is the video: Search for: -1,476,395,007;2,080,374,785;-1,476,395,007::97

maybe you made a mistake while writing. The video will come, but this game is very memory consuming and my recorder keeped crashing in the middle of the video. Also you'll see, what I did to find score value everytime without search is not hard but it takes time.

I'm sorry the key isn't static. It changes everytime. You'll have to search the value by yourself for the moment as I explained in "to find xor key+value". (exact search with "encrypted" checked)

OK I'll do it in about 3h.

Knowing how to interact with encrypted values is very important with memory editors like GG (and not only for mem editors). It is hard to understand written as that, see my last paragraph. To find Xor key + value: I began a mission and I did exact search with encrypted value checked. I found the encrypted value. To find the xor key, you push modify button on the value, then the arrow on the right, you go in the last tab and put the real value in the box. You push OK and now the xor key replaced the encrypted value in the window. To use Xor key (find value/modify it): If you want to change the encrypted value or search for it (for next mission, because its place change each time), copy this xor key I gave you (or you can find it by yourself as explained before), go to modify or exact search tab, put the non encrypted score value you want or the one you can see in game, then right arrow, last tab, paste the key, OK, and you can search or edit the value now. --> once you used a xor key on a game, the "XOR 0 = ..." tab can be a shortcut to use the last xor key entered (it replaces the "...") for this game. If you want more help about encrypted values in GG, watch eniby's video tutorial on the forum about XOR encryption, he shows what I said here but it is much more easy to understand with a video. Btw you should really take a look at tutorials section of the forum, it is really helpful. tutorial link: How to find XOR key - example on game Bullet Force - GameGuardian (#ar22qhso)

Yep, xor key is 802,893,787. YYou don't need to pause but just make sure there is no more points added to the score when you search for it. You can also easily cheat ammo (simple sword, not encrypted). I'll see if I can find an interesting structure to share (weapon, player or smtg like that).

Wow, do you have any idea how she/he did manage to access and modify it? Do you think it was done thanks to a remote shellcode from a malware? Pretty awesome ?

The value seems to be encrypted or even changing place each time. I'm trying fuzzy search dword to find a pointer to this changing address. I also tried to cheat number of headshots to get better score and I think it works too. I'll keep searching.

What did you mean NoFear? What did mila do? Server hack??

Try dword if score is integer. You should also try encrypted value. If still nothing, try fuzzy search with dword. I'll reinstall the app soon to help you further.

You have to search for Dwords. Also, make sure your memory ranges are set to default ("memory ranges"--> "reset" button). If you want to be helped, you should explain what is not working.

Yep, or try edit database ;).

I think it happened to me too a lot of times when I cheated this game. You're not hacked lol (it would be pretty hard to hack another player btw xd), your stages are maybe broken or something like that. I think it did it to me when I set too high champion stage value, even if it is possible to get to it by playing. I think this is some weird bug of the game. Also, you have to know that there is a file in the database of the game where every single stage completed is written down. So, even if you just played the game from champion 1 to 352 without cheating stages, maybe the game usually do smthg with "non-champion" stages of this file, and, not being written down because of the hack, it can't do its job properly and it breaks your stage... Well these are just hypothesis. ? you could try to hack your waves again with not too high value when you get to champion waves, or you could try to edit the database to make it look legit (writing down every wave, with a program to not spent hours on it ^^). Good luck!

Ahah cool :). You should give a look at GG's help tab (menu/actions/help) and browse around the forum to have a quicker progress. I didn't do that when i started, but you can learn many interesting things you won't see anywhere else because people are tired of repeating the basics.

Thanks for this post, it helped me realising something: i didn't explained what the values are and I'm sorry because it isn't logic when you start. The first value, "200", is the price of the object. The second one, "3", is the number of objets you get when purshasing. Finally, the " ; " separator means that the values are near in memory, and the ":5" is this max distance between them --> 200 and 3 are 2 Dwords following each other, so 5 bytes (4 bytes for the first dword and 1 for the beginning of the second). So for the bomb, search for 150;3:5. In fact, you could even search for 150 only, but there would be much more results, so more chances of crash when changing values.

You need to refresh the value. Just close and open the buying window again for that, you'll see the cost will have changed like in the video. Every step is important ;). Good luck and have fun! Edit: Btw, I said somewhere on the forum that the gold value is server sided in toon blast, but it is false. I'm trying to find a way to directly change gold value.

Maybe it has been patched, i'll check it soon

Hello! I wanted to share my "protocol" to find any value in any application, I tried to group everything I learned from GG and people from this forum who helped me and others! If 1- doesn't work, go to 2-, etc... Each time I repeat until I find my value (sometimes they can be more than one), or nothing. I can see the value I'm searching for in memory, it is not a static value. If I dont know the value, go to 4-: 1- dword exact search if integer (1,2,3...), float exact search if not (0.1,0.5,1.8...), sometimes I do a group search of related values 2- Double exact search for integer or not (+ float exact search for integer if it fails, but I usually dont do that cause it is often time wasting) Now I think the value is encrypted or changes place each time: 3- Dword exact search "encrypted" if integer (I think a not integer value (float or double) is never encrypted this way (even if it is possible)) Now it is the same if I know the value or or not: 4- fuzzy Dword search value or float depending if it is integer value or not 5- if I know exactly how the value changes, I use advanced fuzzy search menu (more button) and I type the changes i can see to maybe waste less time, or only increased/decreased 6- fuzzy change/unchanged Now I'm sure the value always changes place, I search for a pointer: 7- Dword fuzzy search and "changed" each time the value changes, or after a loading, for certain values for example 8- Once there are just a few values, I can freeze the pointers one by one and see if the value still changes, if not, it is the good pointer Now i just follow the pointer, and look for my value, or try to change weird looking ones (it can still be encrypted) after where I land in memory. Sometimes they can be multiple pointers, so if I dont find my value I just go down in memory and follow the next pointer and repeat that. When my value is found, i look around it in memory (before or after) if I can't see something realted to (another currency...). It can be quite far sometimes, but there can still be interesting static values related. When I found what I want, I look for static values around it in memory tab and I copy as a group search with group size checked. Then I go in search tab, exact search and historic and I mark the last entry. Now I'll be able to find my value again next time :). Do you think it is good? Would you add something?