Jump to content

saiaapiz

Ascended
 View Profile  See their activity

  • Posts

    159

  • Joined

  • Last visited

  • Days Won

    7

 Content Type 

Posts posted by saiaapiz

    Anti-peeping mechanism

    in Help

    Posted · Edited by saiaapiz

    I've been using this technique for a long time, and undococumented api inside gg.
    Someone with good brain will know how to surpasses this.

    1

    Can Someren decrypt/decompile this gameguardian file?

    in Help

    Posted

    23 minutes ago, TopGEOYT said:

    Oh really ?

    Finally i can decrypt Revo6.0 chunk and badcase script cannot be decrypted ?

    What a joke ?

    As i know all his new version launcher will be executable for Normal GG and you are telling me that cannot decrypt .

    Huh big joke 😵

    Not a joke for someone who has enough knowledge to do this. 

    0

    PLEASE HELL ME

    in Requests

    Posted

    On 5/8/2019 at 12:59 PM, nevergiveup said:

    ouw can find value code in libc_malloc example 00880055 in file lib.so in game via hex editor ?

    Yes, you can.. Just copy the byte pattern of 00880055, then copy into gg search.

    0

    how to search multiple xor value+key for lua

    in Help

    Posted

    Oh i forgot about important thing, Now i know why it failed to change value xD

    gg.setValues must appended after modifiying result from gg.getResults.
      

    xor = bit32.bxor
sf	= string.format

DefaultXorKey_1	= 0xFF
DefaultXorKey_2	= 0xAA

DialogOut = gg.prompt({
'Xor Key #1',	-- [1]
"Value #1",		-- [2]
'Xor Key #2', 	-- [3]
"Value #2"		-- [4]
},
{DefaultXorKey_1, 0, DefaultXorKey_2, 0},
{number, number, number, number})

XoredValueWithKey_1	= xor(DialogOut[2], DialogOut[1])
XoredValueWithKey_2	= xor(DialogOut[4], DialogOut[3])

gg.clearResults()
gg.searchNumber(sf("%d;%d;%d;%d;1;5:100", DialogOut[1], XoredValueWithKey_1, DialogOut[3], XoredValueWithKey_2), gg.TYPE_DWORD, false, gg.SIGN_EQUAL, 0, -1)

o = gg.getResults(4)
o[2].value = xor(1000000000, DialogOut[1])
o[4].value = xor(1000000000, DialogOut[3])


gg.setValues(o) -- < This api is required to apply modified value.

     

    2

    how to search multiple xor value+key for lua

    in Help

    Posted

    1 hour ago, absolutenothing said:

    wanted this to work properly but idk why it doesn't for me...

    so I did for the mean time to check if values can change was 

    
gg.searchNumber(sf("%d;%d;%d;%d;%d;%d::45",  DialogOut[1], XorValueWithKey_1, DialogOut[1], XorvValueWithKey_2, DialogOut[1], XorValueWithKey_3), gg.TYPE_DWORD, false, gg.SIGN_EQUAL, 0, -1)
gg.searchNumber(sf("%d;%d;%d", XorValueWithKey_1, XorValueWithKey_2, XorValueWithKey_2), gg.TYPE_DWORD, false, gg.SIGN_EQUAL, 0, -1)

gg.getResults(3)
gg.editAll('1222333444', gg.TYPE_DWORD)

    suddenly the values changed but not the way I really like to edit each with different values.

    Check gg.getResults return value, It may return less than what you expected.

    That why it doesnt work, and only changed when you use gg.editAll.

    1

    how to search multiple xor value+key for lua

    in Help

    Posted · Edited by saiaapiz
    Adding example.

    You mean "Make a dialog for editing Xor Key and Value to Xored" ?

    Maybe this could be usefull ..
      

    xor = bit32.bxor
sf	= string.format

DefaultXorKey_1	= 0xFF
DefaultXorKey_2	= 0xAA

DialogOut = gg.prompt({
'Xor Key #1',	-- [1]
"Value #1",		-- [2]
'Xor Key #2', 	-- [3]
"Value #2"		-- [4]
},
{DefaultXorKey_1, 0, DefaultXorKey_2, 0},
{number, number, number, number})

XoredValueWithKey_1	= xor(DialogOut[2], DialogOut[1])
XoredValueWithKey_2	= xor(DialogOut[4], DialogOut[3])

gg.clearResults()
gg.searchNumber(sf("%d;%d;%d;%d;1;5:100", DialogOut[1], XoredValueWithKey_1, DialogOut[3], XoredValueWithKey_2), gg.TYPE_DWORD, false, gg.SIGN_EQUAL, 0, -1)

o = gg.getResults(4)
o[2].value = xor(1000000000, DialogOut[1])
o[4].value = xor(1000000000, DialogOut[3])

     

    Example.lua

    2

    Gathering information about GG errors

    in Guides

    Posted · Edited by saiaapiz

    6 hours ago, Enyby said:

    I think they re-allocate memory. Copied to a new place and freed the old one. This slowly, but allows you to break the work of memory editors.

    Yep, i saw same shared lib mapped about 6 time. Just like you said.. they map and unmap. 

    0

    Gathering information about GG errors

    in Guides

    Posted

    5 hours ago, Enyby said:

    On normal firmware with root access and worked ptrace all memory can be modified.

    Yeah, it work just fine.. but not for PUBGM... its work abit.. on game heap (maybe if they protect heap, then game will crash).. not for static memory region like xa. I know its not gg bug, but it preventing gg from writing specific mem region.

    Screenshot_2019-03-11-01-46-08-997_com.tencent_ig.thumb.png.ea960ae608e3ee4fb64a8dca4dec744b.png

    This really new for me, havent seen this before. or ... Maybe they hook gameguardian daemon xD

    1

    GGInjector

    in LUA scripts

    Posted

    GGInjector

    View File

    GGInjector

    GGInjector

    Inject shared library by using GameGuardian.

    • This was possible by hooking getuid (that often called) to achieve code execution in target process.

    Note: Only tested on Android Oreo 8.1.0 (ARMv7/32-Bit) and Huge Thanks to Enyby.

    - Github

    In-action: 

     

     

    2

    Hide Online | ESP | Unlock All | Infinity Ability&Respawn | No Cooldown

    in LUA scripts

    Posted

    Hide Online | ESP | Unlock All | Infinity Ability&Respawn | No Cooldown

    View File

    Hide Online | ESP | Unlock All | Infinity Ability&Respawn | No Cooldown

    Free Features !
      •     Limited ESP
      • No Ability Cooldown

    Donation Access !
      • Perfect ESP (See-Through).
      • Infinity Respawn and Ability.
      • No Cooldown.
      • Unlock All Item.
      • All hack work even after game update.
      • Constant support from me.

    * To donate, contact @apizdev on telegram. *

    Gameplay (Donation)

     

     

    2

    ElfInfo | Get Elf Info Using GG

    in LUA scripts

    Posted

    ElfInfo | Get Elf Info Using GG

    View File

    ElfInfo | Get Elf Info Using GG

    Get information about loaded library inside memory.

    * Pros
    - Parsed ELF Structure, Program Header, Dynamic Segment, Symbol

    * Cons
    - Section Header are not parsed, because it not loaded into memory.
    - Only 32-Bit Elf Supported.

    * Thanks to: 
    - @Enyby

    * Use cases:
    PinOut Hax
    - Injection


    References: 
    [1] https://en.wikipedia.org/wiki/Executable_and_Linkable_Format
    [2] http://phrack.org/issues/59/8.html     (I need to create elf parser before getting through. xD)

     

     

    1

    [Leatest encryption]PUBG Mobile Chinese Hack

    in LUA scripts

    Posted · Edited by saiaapiz

    I think this script use timing to calculate the difference between hooked or normal runtime.
    try to change your cpu clock to 1Ghz, this script will likely will failed to execute. Since it does not match to hardcoded calculate time.
    I've used this type of method to protect script, but it does not working for some low end phone.

    It was nice method to protect script, but not ready for production release.

    0
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept