Search the Community

.class public Landroid/ext/ActionModeImpl; .super Landroid/view/ActionMode; .source "ActionModeImpl.java" # interfaces .implements Landroid/view/View$OnClickListener; # annotations .annotation build Landroid/annotation/TargetApi; value = 0xb .end annotation # instance fields .field private callback:Landroid/view/ActionMode$Callback; .field private context:Landroid/content/Context; .field private customView:Landroid/view/View; .field private finished:Z .field private mLayoutParams:Landroid/view/WindowManager$LayoutParams; .field private mWindowManager:Landroid/view/WindowManager; .field private menu:Landroid/menu/ActionMenu; .field private showed:Z .field private subtitle:Ljava/lang/CharSequence; .field private title:Ljava/lang/CharSequence; .field private view:Landroid/widget/LinearLayout; # direct methods .method public constructor <init>(Landroid/view/ActionMode$Callback;)V .registers 8 .param p1, "callback" # Landroid/view/ActionMode$Callback; .prologue const/high16 v5, 0x3f800000 # 1.0f const/4 v4, 0x0 const/4 v2, 0x0 .line 38 invoke-direct {p0}, Landroid/view/ActionMode;-><init>()V .line 23 iput-object v2, p0, Landroid/ext/ActionModeImpl;->title:Ljava/lang/CharSequence; .line 24 iput-object v2, p0, Landroid/ext/ActionModeImpl;->subtitle:Ljava/lang/CharSequence; .line 25 iput-object v2, p0, Landroid/ext/ActionModeImpl;->customView:Landroid/view/View; .line 26 iput-object v2, p0, Landroid/ext/ActionModeImpl;->view:Landroid/widget/LinearLayout; .line 27 iput-object v2, p0, Landroid/ext/ActionModeImpl;->menu:Landroid/menu/ActionMenu; .line 30 iput-boolean v4, p0, Landroid/ext/ActionModeImpl;->showed:Z .line 31 iput-boolean v4, p0, Landroid/ext/ActionModeImpl;->finished:Z .line 39 sget-object v2, Landroid/ext/BulldogService;->context:Landroid/content/Context; iput-object v2, p0, Landroid/ext/ActionModeImpl;->context:Landroid/content/Context; .line 40 new-instance v2, Landroid/menu/ActionMenu; iget-object v3, p0, Landroid/ext/ActionModeImpl;->context:Landroid/content/Context; invoke-direct {v2, v3}, Landroid/menu/ActionMenu;-><init>(Landroid/content/Context;)V iput-object v2, p0, Landroid/ext/ActionModeImpl;->menu:Landroid/menu/ActionMenu; .line 41 new-instance v2, Landroid/widget/LinearLayout; iget-object v3, p0, Landroid/ext/ActionModeImpl;->context:Landroid/content/Context; invoke-direct {v2, v3}, Landroid/widget/LinearLayout;-><init>(Landroid/content/Context;)V iput-object v2, p0, Landroid/ext/ActionModeImpl;->view:Landroid/widget/LinearLayout; .line 42 iget-object v2, p0, Landroid/ext/ActionModeImpl;->view:Landroid/widget/LinearLayout; invoke-virtual {v2, v5}, Landroid/widget/LinearLayout;->setAlpha(F)V .line 44 const/4 v1, 0x0 .line 45 .local v1, "color":I iget-object v2, p0, Landroid/ext/ActionModeImpl;->view:Landroid/widget/LinearLayout; invoke-virtual {v2}, Landroid/widget/LinearLayout;->getBackground()Landroid/graphics/drawable/Drawable; move-result-object v0 .line 46 .local v0, "background":Landroid/graphics/drawable/Drawable; instance-of v2, v0, Landroid/graphics/drawable/ColorDrawable; if-eqz v2, :cond_41 .line 47 check-cast v0, Landroid/graphics/drawable/ColorDrawable; .end local v0 # "background":Landroid/graphics/drawable/Drawable; invoke-virtual {v0}, Landroid/graphics/drawable/ColorDrawable;->getColor()I move-result v1 .line 49 :cond_41 const/high16 v2, -0x1000000 or-int/2addr v1, v2 .line 50 iget-object v2, p0, Landroid/ext/ActionModeImpl;->view:Landroid/widget/LinearLayout; invoke-virtual {v2, v1}, Landroid/widget/LinearLayout;->setBackgroundColor(I)V .line 52 new-instance v2, Landroid/view/WindowManager$LayoutParams; invoke-direct {v2}, Landroid/view/WindowManager$LayoutParams;-><init>()V iput-object v2, p0, Landroid/ext/ActionModeImpl;->mLayoutParams:Landroid/view/WindowManager$LayoutParams; .line 53 iget-object v2, p0, Landroid/ext/ActionModeImpl;->mLayoutParams:Landroid/view/WindowManager$LayoutParams; const/16 v3, 0x7d2 iput v3, v2, Landroid/view/WindowManager$LayoutParams;->type:I .line 54 iget-object v2, p0, Landroid/ext/ActionModeImpl;->mLayoutParams:Landroid/view/WindowManager$LayoutParams; const/4 v3, -0x1 iput v3, v2, Landroid/view/WindowManager$LayoutParams;->width:I .line 55 iget-object v2, p0, Landroid/ext/ActionModeImpl;->mLayoutParams:Landroid/view/WindowManager$LayoutParams; const/4 v3, -0x2 iput v3, v2, Landroid/view/WindowManager$LayoutParams;->height:I .line 56 iget-object v2, p0, Landroid/ext/ActionModeImpl;->mLayoutParams:Landroid/view/WindowManager$LayoutParams; const/4 v3, 0x1 iput v3, v2, Landroid/view/WindowManager$LayoutParams;->format:I .line 57 iget-object v2, p0, Landroid/ext/ActionModeImpl;->mLayoutParams:Landroid/view/WindowManager$LayoutParams; const/16 v3, 0x28 iput v3, v2, Landroid/view/WindowManager$LayoutParams;->flags:I .line 59 iget-object v2, p0, Landroid/ext/ActionModeImpl;->mLayoutParams:Landroid/view/WindowManager$LayoutParams; const/16 v3, 0x37 iput v3, v2, Landroid/view/WindowManager$LayoutParams;->gravity:I .line 60 iget-object v2, p0, Landroid/ext/ActionModeImpl;->mLayoutParams:Landroid/view/WindowManager$LayoutParams; iput v4, v2, Landroid/view/WindowManager$LayoutParams;->y:I .line 61 iget-object v2, p0, Landroid/ext/ActionModeImpl;->mLayoutParams:Landroid/view/WindowManager$LayoutParams; iput v5, v2, Landroid/view/WindowManager$LayoutParams;->alpha:F .line 63 sget-object v2, Landroid/ext/BulldogService;->context:Landroid/content/Context; const-string v3, "window" invoke-virtual {v2, v3}, Landroid/content/Context;->getSystemService(Ljava/lang/String;)Ljava/lang/Object; move-result-object v2 check-cast v2, Landroid/view/WindowManager; iput-object v2, p0, Landroid/ext/ActionModeImpl;->mWindowManager:Landroid/view/WindowManager; .line 65 iput-object p1, p0, Landroid/ext/ActionModeImpl;->callback:Landroid/view/ActionMode$Callback; .line 66 return-void .end method # virtual methods .method public finish()V .registers 2 .prologue .line 136 iget-boolean v0, p0, Landroid/ext/ActionModeImpl;->finished:Z if-eqz v0, :cond_5 .line 143 :goto_4 return-void .line 139 :cond_5 const/4 v0, 0x1 iput-boolean v0, p0, Landroid/ext/ActionModeImpl;->finished:Z .line 140 invoke-virtual {p0}, Landroid/ext/ActionModeImpl;->hide()V .line 141 iget-object v0, p0, Landroid/ext/ActionModeImpl;->callback:Landroid/view/ActionMode$Callback; invoke-interface {v0, p0}, Landroid/view/ActionMode$Callback;->onDestroyActionMode(Landroid/view/ActionMode;)V goto :goto_4 .end method .method public getCustomView()Landroid/view/View; .registers 2 .prologue .line 162 iget-object v0, p0, Landroid/ext/ActionModeImpl;->customView:Landroid/view/View; return-object v0 .end method .method public getMenu()Landroid/view/Menu; .registers 2 .prologue .line 147 iget-object v0, p0, Landroid/ext/ActionModeImpl;->menu:Landroid/menu/ActionMenu; return-object v0 .end method .method public getMenuInflater()Landroid/view/MenuInflater; .registers 3 .prologue .line 167 new-instance v0, Landroid/view/MenuInflater; iget-object v1, p0, Landroid/ext/ActionModeImpl;->context:Landroid/content/Context; invoke-direct {v0, v1}, Landroid/view/MenuInflater;-><init>(Landroid/content/Context;)V return-object v0 .end method .method public getSubtitle()Ljava/lang/CharSequence; .registers 2 .prologue .line 157 iget-object v0, p0, Landroid/ext/ActionModeImpl;->subtitle:Ljava/lang/CharSequence; return-object v0 .end method .method public getTitle()Ljava/lang/CharSequence; .registers 2 .prologue .line 152 iget-object v0, p0, Landroid/ext/ActionModeImpl;->title:Ljava/lang/CharSequence; return-object v0 .end method .method public hide()V .registers 4 .prologue .line 183 iget-boolean v1, p0, Landroid/ext/ActionModeImpl;->showed:Z if-nez v1, :cond_5 .line 192 :goto_4 return-void .line 187 :cond_5 :try_start_5 iget-object v1, p0, Landroid/ext/ActionModeImpl;->mWindowManager:Landroid/view/WindowManager; iget-object v2, p0, Landroid/ext/ActionModeImpl;->view:Landroid/widget/LinearLayout; invoke-interface {v1, v2}, Landroid/view/WindowManager;->removeView(Landroid/view/View;)V :try_end_c .catch Ljava/lang/Throwable; {:try_start_5 .. :try_end_c} :catch_10 .line 191 :goto_c const/4 v1, 0x0 iput-boolean v1, p0, Landroid/ext/ActionModeImpl;->showed:Z goto :goto_4 .line 188 :catch_10 move-exception v0 .line 189 .local v0, "e":Ljava/lang/Throwable; const-string v1, "BulldogService" const-string v2, "removeView failed" invoke-static {v1, v2, v0}, Landroid/ext/Log;->e(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Throwable;)I goto :goto_c .end method .method public invalidate()V .registers 11 .annotation build Landroid/annotation/TargetApi; value = 0x10 .end annotation .prologue const/16 v9, 0x20 const/4 v8, 0x0 const/high16 v7, 0x3f800000 # 1.0f .line 107 :try_start_5 iget-object v5, p0, Landroid/ext/ActionModeImpl;->callback:Landroid/view/ActionMode$Callback; iget-object v6, p0, Landroid/ext/ActionModeImpl;->menu:Landroid/menu/ActionMenu; invoke-interface {v5, p0, v6}, Landroid/view/ActionMode$Callback;->onPrepareActionMode(Landroid/view/ActionMode;Landroid/view/Menu;)Z :try_end_c .catchall {:try_start_5 .. :try_end_c} :catchall_32 .line 109 iget-object v5, p0, Landroid/ext/ActionModeImpl;->view:Landroid/widget/LinearLayout; invoke-virtual {v5}, Landroid/widget/LinearLayout;->removeAllViews()V .line 110 iget-object v5, p0, Landroid/ext/ActionModeImpl;->menu:Landroid/menu/ActionMenu; invoke-virtual {v5}, Landroid/menu/ActionMenu;->size()I move-result v4 .line 111 .local v4, "size":I const/4 v1, 0x0 .local v1, "i":I :goto_18 if-lt v1, v4, :cond_8a .line 125 iget-object v5, p0, Landroid/ext/ActionModeImpl;->customView:Landroid/view/View; if-eqz v5, :cond_25 .line 126 iget-object v5, p0, Landroid/ext/ActionModeImpl;->view:Landroid/widget/LinearLayout; iget-object v6, p0, Landroid/ext/ActionModeImpl;->customView:Landroid/view/View; invoke-virtual {v5, v6}, Landroid/widget/LinearLayout;->addView(Landroid/view/View;)V .line 129 :cond_25 iget-object v5, p0, Landroid/ext/ActionModeImpl;->view:Landroid/widget/LinearLayout; invoke-virtual {v5}, Landroid/widget/LinearLayout;->invalidate()V .line 130 const-string v5, "BulldogService" const-string v6, "invalidate" invoke-static {v5, v6}, Landroid/ext/Log;->d(Ljava/lang/String;Ljava/lang/String;)I .line 132 return-void .line 108 .end local v1 # "i":I .end local v4 # "size":I :catchall_32 move-exception v5 .line 109 iget-object v6, p0, Landroid/ext/ActionModeImpl;->view:Landroid/widget/LinearLayout; invoke-virtual {v6}, Landroid/widget/LinearLayout;->removeAllViews()V .line 110 iget-object v6, p0, Landroid/ext/ActionModeImpl;->menu:Landroid/menu/ActionMenu; invoke-virtual {v6}, Landroid/menu/ActionMenu;->size()I move-result v4 .line 111 .restart local v4 # "size":I const/4 v1, 0x0 .restart local v1 # "i":I :goto_3f if-lt v1, v4, :cond_59 .line 125 iget-object v6, p0, Landroid/ext/ActionModeImpl;->customView:Landroid/view/View; if-eqz v6, :cond_4c .line 126 iget-object v6, p0, Landroid/ext/ActionModeImpl;->view:Landroid/widget/LinearLayout; iget-object v7, p0, Landroid/ext/ActionModeImpl;->customView:Landroid/view/View; invoke-virtual {v6, v7}, Landroid/widget/LinearLayout;->addView(Landroid/view/View;)V .line 129 :cond_4c iget-object v6, p0, Landroid/ext/ActionModeImpl;->view:Landroid/widget/LinearLayout; invoke-virtual {v6}, Landroid/widget/LinearLayout;->invalidate()V .line 130 const-string v6, "BulldogService" const-string v7, "invalidate" invoke-static {v6, v7}, Landroid/ext/Log;->d(Ljava/lang/String;Ljava/lang/String;)I .line 131 throw v5 .line 112 :cond_59 iget-object v6, p0, Landroid/ext/ActionModeImpl;->menu:Landroid/menu/ActionMenu; invoke-virtual {v6, v1}, Landroid/menu/ActionMenu;->getItem(I)Landroid/view/MenuItem; move-result-object v3 .line 113 .local v3, "item":Landroid/view/MenuItem; new-instance v0, Landroid/widget/Button; iget-object v6, p0, Landroid/ext/ActionModeImpl;->context:Landroid/content/Context; invoke-direct {v0, v6}, Landroid/widget/Button;-><init>(Landroid/content/Context;)V .line 114 .local v0, "button":Landroid/widget/Button; invoke-virtual {v0, v7}, Landroid/widget/Button;->setAlpha(F)V .line 115 invoke-virtual {v0, v8}, Landroid/widget/Button;->setFocusable(Z)V .line 116 invoke-interface {v3}, Landroid/view/MenuItem;->getIcon()Landroid/graphics/drawable/Drawable; move-result-object v2 .line 117 .local v2, "icon":Landroid/graphics/drawable/Drawable; invoke-static {v0, v2, v9}, Landroid/ext/Tools;->addIconToTextVew(Landroid/widget/TextView;Landroid/graphics/drawable/Drawable;I)V .line 118 if-nez v2, :cond_7c .line 119 invoke-interface {v3}, Landroid/view/MenuItem;->getTitle()Ljava/lang/CharSequence; move-result-object v6 invoke-virtual {v0, v6}, Landroid/widget/Button;->setText(Ljava/lang/CharSequence;)V .line 121 :cond_7c invoke-virtual {v0, v3}, Landroid/widget/Button;->setTag(Ljava/lang/Object;)V .line 122 invoke-virtual {v0, p0}, Landroid/widget/Button;->setOnClickListener(Landroid/view/View$OnClickListener;)V .line 123 iget-object v6, p0, Landroid/ext/ActionModeImpl;->view:Landroid/widget/LinearLayout; invoke-virtual {v6, v0}, Landroid/widget/LinearLayout;->addView(Landroid/view/View;)V .line 111 add-int/lit8 v1, v1, 0x1 goto :goto_3f .line 112 .end local v0 # "button":Landroid/widget/Button; .end local v2 # "icon":Landroid/graphics/drawable/Drawable; .end local v3 # "item":Landroid/view/MenuItem; :cond_8a iget-object v5, p0, Landroid/ext/ActionModeImpl;->menu:Landroid/menu/ActionMenu; invoke-virtual {v5, v1}, Landroid/menu/ActionMenu;->getItem(I)Landroid/view/MenuItem; move-result-object v3 .line 113 .restart local v3 # "item":Landroid/view/MenuItem; new-instance v0, Landroid/widget/Button; iget-object v5, p0, Landroid/ext/ActionModeImpl;->context:Landroid/content/Context; invoke-direct {v0, v5}, Landroid/widget/Button;-><init>(Landroid/content/Context;)V .line 114 .restart local v0 # "button":Landroid/widget/Button; invoke-virtual {v0, v7}, Landroid/widget/Button;->setAlpha(F)V .line 115 invoke-virtual {v0, v8}, Landroid/widget/Button;->setFocusable(Z)V .line 116 invoke-interface {v3}, Landroid/view/MenuItem;->getIcon()Landroid/graphics/drawable/Drawable; move-result-object v2 .line 117 .restart local v2 # "icon":Landroid/graphics/drawable/Drawable; invoke-static {v0, v2, v9}, Landroid/ext/Tools;->addIconToTextVew(Landroid/widget/TextView;Landroid/graphics/drawable/Drawable;I)V .line 118 if-nez v2, :cond_ad .line 119 invoke-interface {v3}, Landroid/view/MenuItem;->getTitle()Ljava/lang/CharSequence; move-result-object v5 invoke-virtual {v0, v5}, Landroid/widget/Button;->setText(Ljava/lang/CharSequence;)V .line 121 :cond_ad invoke-virtual {v0, v3}, Landroid/widget/Button;->setTag(Ljava/lang/Object;)V .line 122 invoke-virtual {v0, p0}, Landroid/widget/Button;->setOnClickListener(Landroid/view/View$OnClickListener;)V .line 123 iget-object v5, p0, Landroid/ext/ActionModeImpl;->view:Landroid/widget/LinearLayout; invoke-virtual {v5, v0}, Landroid/widget/LinearLayout;->addView(Landroid/view/View;)V .line 111 add-int/lit8 v1, v1, 0x1 goto/16 :goto_18 .end method .method public onClick(Landroid/view/View;)V .registers 4 .param p1, "v" # Landroid/view/View; .prologue .line 96 invoke-virtual {p1}, Landroid/view/View;->getTag()Ljava/lang/Object; move-result-object v0 check-cast v0, Landroid/view/MenuItem; .line 97 .local v0, "item":Landroid/view/MenuItem; instance-of v1, v0, Landroid/menu/ActionMenuItem; if-eqz v1, :cond_10 move-object v1, v0 .line 98 check-cast v1, Landroid/menu/ActionMenuItem; invoke-virtual {v1}, Landroid/menu/ActionMenuItem;->invoke()Z .line 100 :cond_10 iget-object v1, p0, Landroid/ext/ActionModeImpl;->callback:Landroid/view/ActionMode$Callback; invoke-interface {v1, p0, v0}, Landroid/view/ActionMode$Callback;->onActionItemClicked(Landroid/view/ActionMode;Landroid/view/MenuItem;)Z .line 101 return-void .end method .method public setCustomView(Landroid/view/View;)V .registers 2 .param p1, "view" # Landroid/view/View; .prologue .line 90 iput-object p1, p0, Landroid/ext/ActionModeImpl;->customView:Landroid/view/View; .line 91 invoke-virtual {p0}, Landroid/ext/ActionModeImpl;->invalidate()V .line 92 return-void .end method .method public setSubtitle(I)V .registers 3 .param p1, "resId" # I .prologue .line 85 invoke-static {p1}, Landroid/ext/Re;->s(I)Ljava/lang/String; move-result-object v0 iput-object v0, p0, Landroid/ext/ActionModeImpl;->subtitle:Ljava/lang/CharSequence; .line 86 return-void .end method .method public setSubtitle(Ljava/lang/CharSequence;)V .registers 2 .param p1, "subtitle" # Ljava/lang/CharSequence; .prologue .line 80 iput-object p1, p0, Landroid/ext/ActionModeImpl;->subtitle:Ljava/lang/CharSequence; .line 81 return-void .end method .method public setTitle(I)V .registers 3 .param p1, "resId" # I .prologue .line 75 invoke-static {p1}, Landroid/ext/Re;->s(I)Ljava/lang/String; move-result-object v0 iput-object v0, p0, Landroid/ext/ActionModeImpl;->title:Ljava/lang/CharSequence; .line 76 return-void .end method .method public setTitle(Ljava/lang/CharSequence;)V .registers 2 .param p1, "title" # Ljava/lang/CharSequence; .prologue .line 70 iput-object p1, p0, Landroid/ext/ActionModeImpl;->title:Ljava/lang/CharSequence; .line 71 return-void .end method .method public show()V .registers 5 .prologue .line 171 iget-boolean v1, p0, Landroid/ext/ActionModeImpl;->showed:Z if-eqz v1, :cond_5 .line 180 :goto_4 return-void .line 175 :cond_5 :try_start_5 iget-object v1, p0, Landroid/ext/ActionModeImpl;->mWindowManager:Landroid/view/WindowManager; iget-object v2, p0, Landroid/ext/ActionModeImpl;->view:Landroid/widget/LinearLayout; iget-object v3, p0, Landroid/ext/ActionModeImpl;->mLayoutParams:Landroid/view/WindowManager$LayoutParams; invoke-interface {v1, v2, v3}, Landroid/view/WindowManager;->addView(Landroid/view/View;Landroid/view/ViewGroup$LayoutParams;)V .line 176 const/4 v1, 0x1 iput-boolean v1, p0, Landroid/ext/ActionModeImpl;->showed:Z :try_end_11 .catch Ljava/lang/Throwable; {:try_start_5 .. :try_end_11} :catch_12 goto :goto_4 .line 177 :catch_12 move-exception v0 .line 178 .local v0, "e":Ljava/lang/Throwable; const-string v1, "BulldogService" const-string v2, "addView failed" invoke-static {v1, v2, v0}, Landroid/ext/Log;->e(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Throwable;)I goto :goto_4 .end method

This is the Forum's Changelog. It includes a list of system changes, and such. If you cannot see some/any of the changes listed below, you need to clear your browser cache. Sometimes you just have to wait for your browser to get the update. Note: Confidential changes will not be listed. GameGuardian.net Changelog: _______________________________________________________________________________________________________ 090213: -Updated restrictions for downloads: Members - Max download speed 100 KB/s Validating - Max download speed 50 KB/s 083013: -Made some behind the scenes changes that allows us to more efficiently block spammers. 083013: -Updated pre-defined post content for cheats & requests. 082413: -Fixed an issue with menus: http://codingjungle.com/tracker/issue-24-primary-menu-not-using-full-space/ 082213: -Fixed a bug regarding the download search option: http://www.ibskin.com/forums/tracker/issue-575-downloads-search-option-misplaced/ 082013: -Fixed an issue with menus on mobile theme: http://codingjungle.com/tracker/issue-23-empty-space-on-mobile-theme-menu/ -Fixed Tapatalk configuration. -Updated "resolved" text. 080613: -Fixed 2 skin related issues: http://www.ibskin.com/forums/tracker/issue-573-links-in-file-info-are-wrong-color/ http://www.ibskin.com/forums/tracker/issue-574-links-in-file-info-are-wrong-color/ 080513: -updated ProMenu layout. Moved raffle & apply menus to the "More" section. -Menu moved back to middle of page on "Revolution" skin. -Fixed 7 issues related to skins: http://www.ibskin.com/forums/tracker/issue-570-tags-hard-to-read/ http://www.ibskin.com/forums/tracker/issue-568-view-new-content-text-on-page-hard-to-read/ http://www.ibskin.com/forums/tracker/issue-566-search-options-hard-to-read/ http://www.ibskin.com/forums/tracker/issue-567-downloadsviews-hard-to-read-in-ip-downloads/ http://www.ibskin.com/forums/tracker/issue-569-tags-hard-to-read/ http://www.ibskin.com/forums/tracker/issue-571-text-color-in-signatures-too-dark/ http://www.ibskin.com/forums/tracker/issue-572-context-info-in-ip-downloads-is-too-dark/ 080313: -Announcements forum moved under "General" category, to make space on the forum. -Out going email system updated. 071713: -Updated Link Titles hook. -Changed screenshot max size to 1 MB from 5 MB to save space. -Removed FTP download availability. 07-12-13: -Updated DMCA badge. Previously: -Fixed PayPal issue. -Updated Tapatalk. -Fixed Google integration. 060613: -Updated themes: Revolution -> 3.4.5 Pure (light theme) -> 3.4.5 -Added theme: Revolution Red. -Updated ad system. -Update Recent Topics system. 060113: -Changed Chat limit from 20 to 5. -Added shoutbox. -Moved image sliders to main server. -Removed Recent topics. -Added Recent Topics sidebar. 053113: -Updated front page (gameguardian.net). Now includes server check. -Added new server check: http://gameguardian.net/status.php -Removed save prefix from Cheats forum. 053013: -Forum Updated to latest versions: http://community.invisionpower.com/topic/387226-ipboard-345-and-application-maintenance-updates-released/#entry2408066 052713: -Updated Custom Name Styles. -Fixed bug when adding mirrors to download files. 052413: -Updated Tapatalk plugin. 052013: -Fixed a bug where PayPal doesn't communicate with the store. 051513: -Updated Google login hook. -Updated advanced prefixes app. Previously -Updated Tapatalk. -Updated ProMenu. -Updated LinkTitles. 050313: -Updated Revolution skin from 3.4.2 to 3.4.4. 043013: -Patched a bug in the Custom Name Styles application, which caused endless errors in the error log. 042913: -Update Genesis 'GameGuardian' theme to 3.4.4 -Re-enabled Store/VIP+ and Gallery menus on mobile theme. 042813: -Updated Tapatalk plugin to 3.4.0: Update note: optimize advanced search feature replace app alert with app banner updated BYO options add push failed status tracking for network problem optimize online page from browser for byo user add color bbcode compatibility fixed line break issue when posting fixed url in report post email can not open issue _______________________________________________________________________________________________________ Changelog legend: IPS: This means that the issue/fix was found and patched by IPS support.

RELATIVITY WARS ZERO: https://play.google.com/store/apps/details?id=com.fungameco.relativityzero RELATIVITY WARS: https://play.google.com/store/apps/details?id=com.mangopub.relativitywars It's both the same App, but I don't know why it's released twice?! My Request is a EINSTANIUM Hack/Mod for Unlimited. The Gamedescription: Relativity Wars Zero l Version: 1.6 | Size: 30.20MB Developers: Fungameco | Language: English Relativity Wars Zero is a FREE god-type strategy/action game, set in a universe which obeys Einstein’s theories of relativity! DON'T PANIC While Relativity Wars uses some pretty crazy physics concepts you really don't need to understand them to play this game. Hopefully some physics will rub off as you are playing the game and you will suddenly start impressing* your friends in the pub** with phrases like "space/time continuum" and "time dilation". * Please Note: Actual level of impressed may vary. Relativity Wars is not responsible for any lack of impression that may occur. ** bar, coffee shop, watering hole, street corner, etc, etc. The Zero version of the game is completely free to play through the entire campaign, you'll be conquering the universe before you know it, and you might even learn a bit of science! Note: Internet required to start only the first ever game session, after this the game can be played offline. ------------------ Praise for Relativity Wars “Game of the month” - 9.5/10 - AppStoreArcade.com “Relativity Wars is addictive and a lot of fun with a bit of science thrown into the mix” - 8.5/10 - TheAppleGoogle “Relativity Wars is a unique take on real-time strategy games with a humorous personality as it incorporates several different scientific principles. This makes it an educational yet fun experience, something which I always welcome. “ - 4/5 - iFanzine "What helps it to distinguish itself though is its use of physics, and its interesting take on space warfare. Who needs ships when it's possible to send a space/time wave across the galaxy to distort gravity?" - 4/5 - 148 apps “Strategy Meets Science... Relativity Wars is worth your hard-earned cash!” - Tapscape Thanks for playing! ★★★★★★★ Relativity wars takes epic real time strategy (RTS) to the next level. ( x 4 , four X or 4X style gameplay). You will be exploring the infinite galaxy and pushing back the frontline in the battle to defeat the squishian plague that is infecting the empire. You will be learning about science and Einstein at the same time as having fun and this version is free! This is a great fun game for either *****, men, women, teenagers and adults alike, you will laugh at the humour and daft parts in the game. You will have a nice word to say about us. (Eg. “I can't believe this is free!“ - (Tom) ... “Man, this game is the awesome!” - (Keith) .... “I Love it!” - (Ben).. “the Toodians are super cute!” - (Gina)). Strategy or RTS is all about making good command decisions and playing a great tactical game on each level. What is great about this game is the massive variety of levels and weapons witch are at your disposal. Also you will have epic battles in space as well as small scale ninja attacks on planets surface with your minion. Rock and roll baby! Explosions! Guns! Aliens! Die! this is way totally awesome. believe me its a rush! The game contains exciting tower defense style levels. Build castles on your planets and defend your star with your space knights and beat the evil alien army that is trying to infect your planets. Sometimes who will win a battle on a planet comes down to a fruit machine style chance game. If the odds are despicable and stacked against you you can always run for it. It is possible to play the game in a very open way like minecraft, building and exploring your galaxy and just letting your little charges live you their days in peace, or you can go straight for the kill and violent destruction of your enemies. So this game includes many aspects inc heroes, space battles and tower defense saga. Life in relativity is an epic roller coaster of fun and the infinite universe is yours to conquer. And ALL THAT FOR FREE.. Don't be Dumb, you will be talking about us to your friends. This is one of the best games on google play. We should be No 1. Hopefully this game will bubble up through the charts and reach the masses! Download the game now!

Hello and welcome to GG. Since version 2 there is more work to do to easily get correct values, don't know why exactly, but now max HP is like duplicated 80 times in memory... while before that it was about 4-8 times... So my previous post explains some info about what you can easily do with GG. Example: 1. Current HP Let say you have 1,932,711 HP left. Search can be : 0D;1,932,711A;0D;0D;0D::21 You will get most of the time 1 result, perhaps 2. try to freeze the float value to see which one is your HP. The aim of group search is to avoid to get too much result if your current HP is the same as your MAX HP. "A" type is to manage to find approximate float value (still don't know.why A will search for any float around the value you type but F will only find exact value... for a float it is a bit stupid as a float is almost never exactly what you see on the screen, anyway... 2. Damage boost If you don't know your max HP, search for your current HP, then go to memory region, you will see some lines after that your MAX HP. Just above your max HP there is a DWORD number (most of the time small one, like 3000 or 5000.). This is a damage boost, if you change it to 200,000 you will likely kill your opponent is a few hits. I forgot to capture the result for this one but on the previous image after the 0 0 0 0 if you go down a bit you will find these values. 3. Basic stats When you know your max HP, let say the same value as before. Search for 0D;500,00A;0F;10D::16 the 0F after the max HP is kind of boolean (if you are not familiar it is like a switch, 0 means OFF 1 means ON). If you change it to 1, you will have infinite HP and it will display 999,999,999, if it is not like that, check an other result, you should have at least 2 results, the first one is often the one to change. When you find these values, if you go to memory view you will see your char stats (you can compare them easily with the detail view of your char). Will be 4 floats, for example something like 200,000 200,000 180,000 180,000 (all in FLOAT) for a level 5000 SP. If you don't want to cheat too much you can change these 4 values to 999,999. You can think it is a huge boost, but in fact, not, in most of the events (like rushes) this won't change anything like instead of dealing 300k damage you will deal 350-400k. Previous capture show at the first line the 1F I already changed and the 4 stats values. While you are in this memory region, you can go down a bit, and you should noticed the critical hit of your char, and the ki regen speed with 3 (I thought it was 4, strange) small float values, between 2000 - 5000 most of the time. You can change them to 99,999. At the bottom of the basic stats you previously found you should also find 2,000D (seen on previous capture), it should always be this value, do not change this one. Instead you want to have some fun without changing other stats you should see a series of 3 zeros just between the critical hit values. Change them to 999,999 (DWORD not float this time) to have a shield that prevents your char to be knock out by standard attack and blocks some damages (specials and ultimates will still hit you). You can see the shield in action just above. After the 2,000D you should find a series of 0. In DWORD you can change the next 6 zeros to 200,000 to have damage and defense boost. Have fun !

Hello I am new to this forum, but I would like to share my discoveries. I found the addresses to some of the values in the Stats page: Critical Chance - 7xxxxx94 (float - this is saved as a simple decimal, if you have 5% critical chance, just search for 0.05, changing this to 1 will gives you 100% critical chance) Min Critical Multiplier - 7xxxxx9C (encoded float) Max Critical Multiplier - 7xxxxxA4 (encoded float) These values are grouped together with the same offsets, so if you find one of the above addresses, you know the rest are just nearby. All Damage - 7xxxxx1C Hero Damage - 7xxxxx24 Melee Damage - 7xxxxx2C Ranged Damage - 7xxxxx34 Magic Damage - 7xxxxx3C Chesterson Gold Amount - 7xxxxx84 Chesterson Chance - 7xxxxx8C Gold Multiplier - 7xxxxxCC Titan HP - 7xxxx(x+1)7C Tap Damage Multiplier - 7xxxx(x+2)04 These values are all encoded float, I reversed engineered the encoding method, the formula below: To encode a value, take the following steps: 1. V1 = Floor(Log2(<value> / 2)) + 1 2. V2 = Floor(<V1> / 8) + 1 3. encoded = 2<V2> * ( 1 + ( MOD(<V1> - 1, 8) + <value> / 2<V1> - 1 ) / 8 ) To decode a memory value, take the following steps: 1. V1 = Floor(Log2(<value>)) 2. V2 = (<V1> - 1) * 8 + Floor((<value> - 2<V1>) / (2<V1> / 8)) + 1 3. decoded = 2<V2> * (1 + Mod( (<value> - 2<V1>) / (2<V1>/8), 1 ) ) The excel formula I use to enocde: =2^(FLOOR((FLOOR(LOG(<VALUE>/2,2),1)+1)/8)+1)*(1+(MOD(FLOOR(LOG(<VALUE>/2,2),1),8)+<VALUE>/(2^(FLOOR(LOG(<VALUE>/2,2),1)+1))-1)/8) this above formula has a mistake, the one below gives me the correct encoded values: =2^(FLOOR((FLOOR(LOG(<VALUE>/2,2),1))/8,1)+1)*(1+(MOD((FLOOR(LOG(<VALUE>/2,2),1)),8)+<VALUE>/(2^(FLOOR(LOG(<VALUE>/2,2),1)+1))-1)/8) just replace <VALUE> with the correct cell Sample values: Value -> Encoded 1 -> 1.875 1.1 -> 1.8875 (I just realized the float is not exact value, so it is actually stored as 1.88749992847) 0.5 -> 1.75 0.1 -> 1.45 2 -> 2 10 -> 2.5625 100 -> 3.390625 512 -> 4 So what I do is get some equipment or pets, say you have normally 1x All Damage Bonus, and have a Pet that give 1.1x All Damage Bonus, I would equip another Pet, then search for 1.875 (for 1x All Damage Bonus), then equip the 1.1x All Damage Pet, and the search for 1.8875 (for 1.1x All Damage Bonus), it should gives you a single address, that will be the address for All Damage Bonus, you can change its value to 1449.41, that will give you 1e23x bonus (it will show 1e25% in the Stats Page). Even if you change your equipment or pets, or prestige, it will only modify this value and not reset it, only if you quit the game and restart, it will then resets the value. I have tried multiple times and never got the teapot, given you prestige at reasonable stages (i.e. reaching stage 3500 within 5 prestiges is unreasonable, take your time to gain some equipments/pets/skill points/prestiges before pushing up stages). This will work for any of the values listed above. You could in theory change the Titan HP to 0.1x (1.45), and Gold Multiplier to 10x (2.5625), so you still get the same amount of Gold as before but Titans becomes much easier to kill. Hope someone find this helpful.

Game Guardian fuzzy search and dealing with encryption by Gamecheetah.org · Published May 31, 2017 · Updated May 31, 2017 Assuming that you learned lessons from previous Game Guardian tutorials [Game Guardian beginner tutorial] and [Game Guardian group search tutorial], today we will continue with our Game Guardian tutorial series. From this article, you will learn basics of Game Guardian fuzzy search. Article will have two main parts – using Game Guardian fuzzy search for finding unknown, unencrypted values, and using fuzzy search for dealing with encrypted values. But, what is Game Guardian fuzzy search? It is type of scan where the starting value is unknown – maybe wanted value isn’t visible, or the value is encrypted. The best example of unknown value is health bar in games – value is usually unencrypted, but instead of number, you only see red bar. We know that there is some number behind red bar. So let’s see how to change unknown value. Game Guardian fuzzy search This type of scan is fairly easy if you know the basics. Open Game Guardian dashboard, select process from the wanted game, and click on Unknown (fuzzy) search. When you click on it, it will map all in-game values. Now, go back to game, and loose some health. Open Game Guardian, and click on Decreased button. It will go through all values again, filtering the ones that have decreased. Go back to game, and loose some more. Again, open GG and click on Decreased. Game Guardian have one unique feature that isn’t presented in other software of this kind. It can search for unchanged value multiple time. Don’t loose or gain health in game. Open Game Guardian, and choose Unchanged. It will ask you how many scans you want to run. Choose 4-5 times, it will be enough.NOTE! Do not run this right after the first step. Sometimes there will be hundreds of million addresses in the list, and if you run 15 or so Unchanged values scan, it will take forever to finish! If there is many addresses left, gain or loose some health, and do increased or decreased search. When only one or two addresses are left in the list, change them, or better, just freeze them. If you freeze the value, you won’t loose health anymore. Using fuzzy search for encrypted values The main difference between upper example and this one is that we don’t know if the value is increased or decreased. Because developers maybe implemented some shady algorithm to hide the real numbers from the players. Most trivial example is multiplying value with some number. If you have 100 diamonds, it can be stored in memory as Value*8., or 800. If you earn 20 diamonds, new memory value will be 960. Fairly easy, right? You can still use increased or decreased to find the right value and edit it. But look at the following example. If some evil developer choose to store 100 diamonds as Value*(-8), then in-game value will be -800. If you earn 20 more, it will be stored as -960. So, if you gain diamonds, in-memory value will decrease, and if you spend some, in-memory value will increase. So we can’t use fuzzy search the same way as we did in the previous example. All we can do is make first Unknown (fuzzy) search, and find changed/unchanged values. –Side note– Of course, there is much better option for dealing with encrypted values in Game Guardian. On Known (exact) search, there is encryption box that can be checked. This is much faster method which you can try first. If it doesn’t work, you can try fuzzy search. You can find example for searching known encrypted value here [Shadow Fight 2 cheat – finding encrypted value in Game Guardian] In most real life games, you will see even more complex encryption. For example, maybe something like this. In-memory value = 1083112 + in-game value * (-2048.1) . So the in-memory value will be float number, which can be positive or negative. Almost impossible to find, right? Let’s try it on real game. In this video (not made by gamecheetah.org) you can see how to use Game Guardian fuzzy search to find encrypted values in Eternium: Mage and Minions.

Kingdom Adventurers V2.42 Date: Aug 25th 2023 Tested on Nox Emulator using Adguard to block Ads Disclaimer: Use Cheats at your own risk, banning is likely It's raining Items Kairo Cookies, 400+ to all stats in Training and +12 for your Eggs Kingdom Adventures work in 2 ways, you need to activate an Item for it to appear in your List, from there you can change the quantity The Search Syntax is similar to Group Items except the Item Quantities are stored elsewhere. First we need to ACTIVATE the Item Search Syntax 3B9AC9FFh~C4653600h;0;0~1;0~65536;ItemCode;ItemFlag;3B9AC9FFh~C4653600h::25 3B9AC9FFh~C4653600h - Searches between -1,000,000,000 and -999,999,999, we will take a note of the Value from the Search 0 - Flag 0~1 - Flag 0 = Inactive 1 = Activated 0~65536 - Flag 0 = Inactive 65536 = Activated? ItemCode - Flag that points to the Item ItemFlag - Flag that puts items in catergories 3B9AC9FFh~C4653600h - Flag Now to put in the Kairo Cookie Values Kairo Cookies - ItemCode 171 Kairo Cookies - ItemFlag 148074 3B9AC9FFh~C4653600h;0;0~1;0~65536;171;148074;3B9AC9FFh~C4653600h::25 For my Search, the first flag is -1,812,715,520, I can use this value instead of the first 3B9AC9FFh~C4653600h for future Item Searches as long as I don't quit the game As my search is showing 0 I need to change the Activation Code to 1 and the value below it to 65536 Now it's time to change the Quantity Search Syntax ItemCode;-1;ItemCode;0~~0::13 ItemCode - Flag that points to the Item -1 - Flag ItemCode - Flag that points to the Item 0~~0 - Quantity Now to put in the Kairo Cookie Values Kairo Cookies - ItemCode 171 -1 - -1 Kairo Cookies - ItemCode 171 0 - Since we just activated the code it will be 0, you can change this to the quantity you have if the item was activated 171;-1;171;0::13 I can change the Quantity of Item, some items will reset after you quit the game, like Kairo Cookies, it's up to you whether you put in a low value then freeze it This search is pretty straight forward Activate 3B9AC9FFh~C4653600h;0;0~1;0~65536;ItemCode;ItemFlag;3B9AC9FFh~C4653600h::25 Change Quantity ItemCode;-1;ItemCode;Quantity::13 Item ItemCode;ItemFlag Accessory Sample 168;262762 Apple 110;197226 Armor Sample 166;262762 Banana 111;197226 Beef Stew 155;149226 Berry 108;197226 Bread 140;149226 Bronze 80;270954 Cabbage 103;197226 Cake 147;149226 Carrot 101;197226 Cheese 139;148202 Clam 119;197226 Copper Coin 12;96 Crab 125;197226 Creamy Soup 153;149226 Curry 159;149226 Cut of Meat 129;131690 Donut 144;149226 Egg 138;148202 Enchanted Root 87;328426 Energy Drink 94;328426 Farm Produce 71;270954 Fizzy Juice 137;149226 Flan 145;149226 Fragrant Flower 88;328426 French Toast 141;149226 Fresh Beans 98;197226 Fried Noodles 161;149226 Fried Potatoes 149;149226 Fried Rice 162;149226 Fruit Basket 117;149226 Garlic 106;197226 Gold Coin 14;96 Gold Nugget 81;270954 Grape Juice 136;149226 Grapes 114;197226 Hamburger 143;149226 Healthy Mushroom 97;197226 Hearty Soup 154;149226 Helmet Sample 167;262762 High Grade Brick 78;270954 Icecream 146;149226 Iron Ore 79;270954 Kairo Cake 148;149226 Kairo Cookie 171;148074 Large Nail 76;270954 Leaf of Life 86;328426 Mackerel 120;197226 Mage's Bottle 91;328426 Magic Bottle 90;328426 Marbled Beef 131;149226 Meat on the Bone 128;131690 Medical Herb 85;270954 Melon 115;197226 Milk 135;148202 Mixed Fruit Juice 134;149226 National Flag 73;270954 Nuts 72;270954 Octopus 127;197226 Onion 102;197226 Orange 109;197226 Paella 156;149226 Pasta 163;149226 Pear 112;197226 Pineapple 116;197226 Pizza 157;149226 Potato 99;197226 Pretty Cloth 84;270954 Radish 100;197226 Rice Omelete 160;149226 Rope 77;270954 Sage's Potion 93;328426 Sage's Tome 169;262762 Salad 107;149226 Sashimi Platter 151;149226 Scroll of Knowledge 170;262762 Sea Bream 122;197226 Sea Snail 118;197226 Sea Urchin 123;197226 Shield Sample 165;262762 Shrimp 124;197226 Silk Cloth 82;270954 Silver Coin 13;96 Sliced Bread 142;149226 Sorceror's Bottle 92;328426 Spit Roast 130;149226 Spring Water 74;328298 Squid 126;197226 Steak 158;149226 Strawberry 113;197226 Strong Cloth 83;270954 Sturdy Board 75;270954 Sushi 150;149226 Sweet Medicine 95;328426 Sweet Mushroom 96;197226 Sweetcorn 105;197226 Tomato 104;197226 Top Grade Beef 132;149226 Tuna 121;197226 Vegetable Soup 152;149226 Veggie Juice 133;149226 Vitality Bottle 89;328426 Wairo Cookie 172;148074 Weapon Sample 164;262762

Gameloft forums: there's an even bigger CANCER in this game that's called GG (game guardian) I think the reality is that 75% of the top 100 players are using GG. Game is completely ruined and has been for a long time. I quit because of GG and need to compete with other players in GW and tourney who use GG. If you want tourney gems you have to join a top guild and compete against the ten guys in that guild who are using GG to shoot up 250 trophies in the last 15 minutes. Its impossible otherwise. I agree the gem bug is small compared to GG. FIX THE "PLAGUE" WHICH IS GAME GUARDIAN I decided to test the game Guardian, famous mod already used by many players. A group of people which uses increases greatly. After checking my analysis are shocking, You acknowledge that 10% of bonuses in guilds to them compared to this. To begin with, that the mod modifies the speed of the game gives you infinite energy turns to statistical billion. In other words, we have EVERYTHING. With infinite energy we wanted to kill us points as time allows. Thanks to the billions raised statistics can include waypoint 60 easily and with greater speed we can do it in a few hours. With over statistics, we can destroy every castle. Legendary punching a matter of time. Not is only in WC, with this hack (game guardian) you can win any stronghold. game guardian and lots of free morale from level up does miracles .. UNIONFORCE WITH 12 VETERANS active is at 151000 points in Guild Wars. They still doing 10000+ points each war. Maybe is the non stop usage of GameGuardian that makes them so unstoppable plus the unlimited GEM bug. There are no cheaters in game. Your eyes just play games with you. GameGuardian 8.1 update with upgraded slowmotion doesn't exist. neither the Macedonian flag cheater horde on iOS. Trung's iOS R&D hack video is just after effects, and Windows leaderboards are not how you see it. Asphalt8-ModdedByS2Cancer doesn't exist. And the number of cheaters did not increase minute by minute. Before you even think of releasing a new update fix the d*** gameguardian hackers first and than you can come up with something new in game even if every update comes with new bugs ...i guess we are used to this been already 1 year . This hacking program ruined your game since few updates now and you fools arent doing nothing .the way i see it either you guys are truly incompetent or this denial of fixing gameguardian is being done on purpose . wake the hell up and give us a fair game ....not a BROKEN product . I would remove the word "apparently" Game Guardian sadly works too well... Scopely forums: Game guardian users sucks balls!! Ok, we know you cannot ban players for using "ghosting", but what about the players that use Game Guardian? You are very fast to delete the posts about Game Guardian, but are you very fast to ban this cheaters too? Game Guardian works still do not have it locked scopely! People use Game guardian to know in advance the events that you will do! it's too obvious the top factions are all gameguardian users... Hello staff scopely, I know that you have reset the people to hack the time, but you must know that this Hack GameGuardian still works you have not blocked completely! In fact people are now exploiting to know in advance what the competition will be next, going from a war to a single assaults! But you can not put the notifications with the date and time of these competitions and lock definitely GameGuardian? I do not think it is so hard to deliver a message to all players who let us know when a tournament begins, so ospostare inactive members and play at 100% without it being used Hack GG! GG does an awful lot more than just speed up your game. By speeding up the game, your SD resets faster, your building upgrades complete faster, your training is done in a blink and your farms are filled in an instant. > Those have been patched I Googled gg and every forum says the same thing. All hacks have been patched when the game reboots into normal time everything resets back. This is false, Game Guardian "Updates" every night at midnight, where the developers look at and holes that need reprogrammed. I know Game Guardian comes out with an update roughly twice a week to stay ahead of the curve. My only concern...that nothing can really be done. Cheaters and exploits will always be one step ahead, or will do just enough to not have their head above water. and yet the man who can get in and out of two raids in 16 seconds is refusing to show anyone how? wanna know why? because its impossible without GG! People in our region in a certain faction are using Game Guardian in our region to take the towers before the timer even runs out to start war, how? The get all 3 towers every war at the start of a certain player is in and their timers on the tower are offset with the actually way the timers should be set with the towers. Maybe Scopley is unaware of the fact GG keeps releasing new updates when Scopley figures out how to stop one of the previous ones.

Ladies and Gentlemen of GameGuardian, I'm not sure if you're aware, but it IS possible to hack this game! Sadly, we can't alter the game while it is active, but we CAN edit the save file! I use Hex Editor, but if there is a hex reader/editor app that you prefer, it should work the same. Attached is a list of all the items in Final Fantasy Dimensions, as far as I could find. There ARE some missing, but that's most likely due to them being on an ID that's much further than I wanted to take time to find. These items are listed, so if you find them in-game, let me know, please! Without further ado, HOW to hack: Now, I take no credit for this info, just the list. All my infos came from Android Cheats. Newho... 1. Locate your file. It should be /data/data/com.square_enix.android_googleplay.ffl_gb/files. That's where mine is. The save.bin is the file in question. 2. Locate info you wish to modify. This is pretty easy if you use the first save slot. Your money should be really close to the top of the file, your inventory under that, then character stats under the inventory (the character names are spelled out if you're using Hex Editor, so even easier!!!) I find Sol's info at line 17d6. 3. Change what you want! Before you go gung-ho changing stuff, you should know that there's a checksum on the save. For those who don't know what that is, here's the simple explanation: In order to take, you must give. In order to give, you must take (Equivalent Exchange, eh? EH?! Maybe I'm just watching FMA too much recently...). Each byte is added up (in portions, I believe) to check the whole size of the file. If it's not the same as when the game last saved, it won't load. Trust me. There are two ways to get around that: shifting numbers and the give-and-take. Shifting: Lets use gil for an example. You start the game with 300 gil. So, at the top, you'll find "00 00 01 2c". Quite simply, you rearrange those numbers. So, "2C 01 00 00". That's usually sufficient for gil, but it can be applied elsewhere. Give-and-Take: Let's move to character stats. (For me,) Three lines under Sol's name you'll find his EXP, current Health, and current MP (actual stats are directly tied to level and class, so those don't even get recorded in the save file). At the beginning of the game, that's 97, 71, and 21, respectively. So, in the save file, you'll see 00 61 00 47 00 15. If you want to raise his EXP by 10 in hex, you'd change, say, HP to 37 and then you can raise EXP to 71. The easiest way to tell which numbers are which are by having a hex calculator handy and recording things before you close the game. EXP, HP, MP, AP, Job Levels, JP, all can easily be changed by taking from another (HP works best because you can easily heal that back in the game). Items I don't fully understand the inventory yet, so don't touch that. You can find the items themselves easily enough with the IDs I've provided, but the quantities are the problem. They're in a certain order, so unless you know what's what, it'll ***** you up. And just changing one item to another will break the item; you'll have 0 of the new item, so it'll be gone once you use it, and the old item won't be able to be used again, even if you get more of it. So, we go to character equipment! For Sol, shortly after the HP and MP, you'll see "00 14 00 00 00 00 01 3b 00 00". This, my friends, is where item babies are born. I MEAN, you can alter his equips! Yeah! every two bytes is an item. Respectively, you've got R. Hand, L. Hand, Head, Body, Accessory. The same laws still apply, so your best bet is to take from HP. So, say you want to change his current Short Sword (14) to a Greatsword (1a). The difference in hex is 6, so HP becomes 41 while R. Hand becomes 1a! Load game and... BAM! In this manner, you can do a force dual equip, even of items that are two handed (DUAL WIELDIN BOWS LIKE AH GOTS 4 ARMS!?), equip regular items then un-equip them to have them in your inventory (Secret Memory, I'm lookin at you... Can someone confirm if this works, actually? It's a memory that gives 30 to a Memorist stat!), and even, say, equip an accessory on your head (which I just checked. Hermes' Sandals and Miracle Shoes! HUZZAH!). Each character's layout is relatively the same model. You can even edit the temp characters, but I haven't so I can't say what will happen when you do. Since I've been using a brand new file to figure out all this (my legit file is on an unrootable device....), I haven't actually worked on any of the job-related stats, such as abilities, JP, AP, and Job Level, but it should be rather easy; someone else has modded AP, and the Job Levels are in a nice little row in the memory, which I DO plan on figuring out once I've got the jobs. I'll update this post once I've got that. Lastly, a few notes about the file. Again, there are a scant few items and equips that I haven't ID'd. If you find one, let me know. I'll update the file ASAP to reflect new info. Any colored items/equips simply denotes that it's an item out of numerical order in the memory. More for my knowledge than anything else, but it may help guide those who explore the memory. The list is currently: Weapons, Armor, Accessories, Items. I plan on adding Abilities once I know all the IDs. I'll also explain how to mod those then. If I can, I'll figure out Fusion Abilities, but I suspect that will be just a smidgen harder than I anticipate, so that will probably come last. I apologize for the length of the post, but I simply suck at "as little words as possible". Didn't do too well in that class... If someone wants to take the meat of this post and condense it, I won't be mad. Just, ya know, give credit where it's due, yeah? Oh, one final thing: if you mod your file and can't seem to fix what went wrong, remember the Resume function in the game: just Resume your game and re-Save. It's a pretty neat fail-safe, actually. Just be careful where you can, k? Happy Haxxing! -Arikaido FFD Item IDs.pdf

Guide:Mobile inventory editing (Android) Method 1: GameGuardian App info GameGuardian is an app that allow the editing of values in realtime(while playing). the app is very similar to the popular Cheat Engine for PC. Due to the way it edits values in running processes it requires root access. GameGuardian download location: Homepage THIS IS NOT A PLAYSTORE APPLICATION!! This app must be installed manually once downloaded to your device. You may have to allow installation "from unknown sources" in your device's settings to do this (image) The video here provides a basic visual tutorial on how to use the app to edit values in game. Video Description Items needed in game 1 Chest or Container of any type. On mobile, a barrel or trashcan are valid substitutions for a chest. It is advised you place the container close to your spawn point, as you will need to save and exit the world on completion. Any number of easily acquired block/item (Wood(any type), Dirt, Gel, etc.) Note: The more of the item you have, the easier it will be to find the value. Step 1. Download and Install GameGuardian: Download the apk file from the above webpage. Once downloaded, run the apk file. If this is your first time installing a non-playstore application, you will likely need to allow installation from unknown sources. See image 1 Once installed, open the app. You will be prompted to allow the app Super User Permission. Select Okay See image 2 After you provide permission, you will see a secondary installation taking place. This is a defensive installation that will prevent apps on your device from detecting GameGuardian's presence. There are a few apps that will not allow users to run them if a memory editor is present. GameGuardian gets around this by installing itself with a random process name. The name will be unique to your device See image 3. You will be prompted to allow Superuser permission to this installation as well. Note: this secondary installation is not mandatory and can be canceled. You may also refuse Superuser Permission on the second request. Refusing runs the risk of other apps on your device detecting GameGuardian. 1 2 3. This image will not be the same as yours Step 2. Preparation: Once the app has Superuser Permission, open Terraria and navigate to the main menu. Next, press your Home button on your device, leaving Terraria running. Open GameGuardian again and you should see a list of running applications. Navigate through the list and select Terraria. If the list does not automatically appear, you can open it by touching current process name in the top left corner. See image 4 Once you have directed GameGuardian to Terraria, minimize GameGuardian by pressing your Back button on your device. You can maximize it at any time by clicking the floating icon. You can also close it if necessary by opening the menu and choosing Exit Load your world in Terraria and acquire a container and a handfull of any item. Place the container close to your spawn point and deposit your chosen item into it. Maximize GameGuardian by pressing the floating icon. 4 Step 3. Finding your values: In the top right side of GameGuardian, press the magnifying glass icon(the one WITHOUT the question mark) See image 5. You should see a new widow pop up. In the empty value field, enter the quantity of your chosen item. You should also see a box with three "???". Press that box and choose "Word" Yours should look like image 6. Once done, press Search. On this first search you will likely have too many results to judge which is the one you need. Go back to Terraria and move your item from its current slot to any other slot. Once the item is moved, open GameGuardian again and do another search. This time the value you search for should be "ZERO" Alternatively, you can swap your first item with another that you have more or less of and search for that quantity instead See image 7. Repeat the search process until you only have one value in the results list. Once you have only one value, proceed to the next step. 5 6 7. Swap the dirt with the wood. Searching for the value of whichever is in the first chest slot. Step 4. Finding additional information: In order to be able to change what the item IS, you need to find two more values. No worries tho, the values for the item name and icon are stored in a static address directly next to your quantity. In the results list, long press on your value until a box of options pop up. Choose "Go to Address". On this screen, you will likely be overwhelmed by the amount of information on the screen. To simplify the view, Click the button with three lines directly next to the refresh circle in the top right See image 8. You will be presented with several options. Choose "Value Format" Uncheck all boxes with the exception of the "Word" box See image 9. Now that the values are easier to read, select the check box next to the one that matches your value, as well as the first and third values directly above yours(these two extra values should be the same) See image 10. One additional value is optional. You will only need it if you want to add Modifiers This guide will assume you chose to do this step Long press on the topmost value that you selected(value "3" in image 10) and choose "Offset Calculator" In the offset box, type -82 and press "GOTO" See image 11. Select the checkbox next to the topmost value on the list See image 12. Now that you have your four values marked, Click the top right button with three lines again(the one next to the refresh circle)See image 12 and choose "Save Values". Once you have sent the values to the saved list, press the icon at the top shaped like a floppy disk("What's a floppy disk?", you ask. Google it...) This will take you to a page with the values you saved displayed. The first value in this list is for the Prefix modifier. Rename this value "Prefix" OR "Modifier" by clicking the value and selecting the "Variable Name" box. Simply rename the variable without changing the value for now. The second and third values are for the item name and item icon, select the checkbox on these See image 13. This will allow you to modify both at the same time. Rename these accordingly(Note: It won't matter which you name "Icon" or "Name", for that matter you could just name them both "Item", naming them only makes it easier for you to tell what's what.) The fourth and final value is the items' quantity. Name it accordingly. Once you've named the values to something intelligible(hopefully), click the three line button in the top right(next to the refresh circle) and choose save. Android 5.x + users will be able to load this list in the future after completely exiting their game and these 4 values will not have changed. 8 9 10 11 12 13 Step 5. Adding/Editing an item Find the internal item ID of the item you wish to add. Click the top three line button(same one) and choose "Modify Selected Values" Change the values to the desired item.(Note: Some mobile exclusive items have multiple ID's. See the section at the bottom of this page for more information.) Next, change the quantity value to the desires amount. Different items have different maximum stack sizes: Potions have a limit of 30, dirt and most blocks have a limit of 999, etc. You can exceed this limit up to 32767. If the Item you are adding is a weapon, armor, tool, etc. that normally does not stack, It is advised to make the quantity value "One". If the item you are adding is an equipable item, you may want to add a prefix modifier. Once all values have been changed to suit your needs, DO NOT MOVE THE ITEM INTO THE PLAYERS INVENTORY!!! If you want to add more items in, move the item into another slot in the container and repeat Step 5. Once you are completely finished adding/editing items, SAVE AND EXIT TO THE GAMES MAIN MENU! Step 6. Relaunch your world and enjoy your new items

The rest of the elements depend on the selected tab. If the first tab (settings) is selected, the main part of the screen will be occupied by the list of settings. All other tabs will have two panels. Their content is slightly different and may depend on application settings. On the narrow top panel, the following is normally displayed (from left to right): the game pause button, the pid of the selected process and its name, the amount found (only on the search tab), the menu button (if the toolbar is disabled on this tab) and the list update button. By the name of the process, you can click - this will open the dialog for selecting the process. Click on the number of found opens the filter dialog. Below is the toolbar with quick action buttons. It can be hidden, through the settings of the application, for each tab separately. The rightmost button in the toolbar is the menu button. It shows a complete list of possible actions. The first actions are displayed on the toolbar itself. All that is not fit - hiding. In the application settings, you can specify the algorithm for filling the toolbar with buttons: from the right edge (default), from the left edge and from the center. If you do not know the purpose of any icon - press the menu button and see the text description for each icon. Under the toolbar is a list of items. For each tab, it has its own: search - search results, saved list - list items, memory editor - memory contents. Let's consider each tab in more detail. Let's start with the settings tab. Here is a list of all available settings for the application, as well as some actions. The list is regularly updated and expanded. There are such items: 1. Help. Runs the application's built-in help. 2. Donate. Opens the browser with a donation page on the official website. 3. Select process. Opens the game process selection dialog. Can be invoked by clicking on the process name or the game icon. 4. Exit. The application exit. 5. Kill the game. Kills the selected application by calling the system call 'kill'. Can lead to loss of game data, since this close is forced. 6. Select memory ranges. Opens the memory regions selection dialog. Memory in the processes of android is allocated by blocks, some of which are marked in a special way. In this dialog, you can select the categories of memory blocks that will be used when searching for values. Most regions have common names, so you can get more information by typing their name into a web search. Java heap - the main Java memory. C++ heap - main memory for native code. C++ alloc - dynamic allocation of memory in native code. C++ .data - pre-initialized memory in native code. C++ .bss - memory initialized by zeros in the native code. PPSSPP - PPSSPP emulator memory, which contains the game. Anonymous - regions of memory without description - there can be anything data. Java - system regions of Java memory, are usually not needed, since they do not contain user application data. Stack - memory of the native code stack. Usually not needed, because it contains very rapidly changing local data. Sometimes applications use this memory to store long-term values, but this is considered bad practice and is practiced very rarely. Ashmem - shared memory - can sometimes be used by applications for user data, but this happens rarely. Other (slow) - all other regions of memory that are available for reading and writing, but not in other regions. The use of these regions can help in certain situations, but in most cases they are not needed. In addition, they are quite large and some of them have slow access, which leads to a strong slowdown in search. If you find values in this group of regions, you need to write the region log when there are such values found, and send it to us so that we improve the definition of regions. Bad - "bad" regions of memory, which can not exactly contain useful data for hacking. For example, an accelerator video buffer, system fonts and so on. Can very slow down the search. On some firmware, the use of these regions can lead to freezes or reboots. Code app (dangerous) - the code of the application. Changing this memory can corrupt user data. Code system (dangerous) - the code of the system libraries. Changing this memory can corrupt user data. Regions that are marked as (slow) can greatly slow down the search. Changing the memory in (dangerous) regions can lead to application crashes and data corruption. 7. Autpause game. Automatic pausing of the game process when opening the GG interface. It can be useful in dynamic games, as well as to bypass simple defenses. If you hide the GG interface, the game will resume. 8. Freeze interval. Interval, in milliseconds, overwriting the values ??in the memory of the game when freezing. The whole point of freezing the value in the memory of the game comes down to the fact that GG very often rewrites the value in the memory of the game. There is no other way to freeze the value. Small values can lead to increased CPU usage, heat and battery consumption. 9. Saved list updates interval. The interval for updating the values ??in the saved list. Small values can lead to increased CPU usage, heat and battery consumption. 10. Data in RAM. Storage of search data in memory. You can select a specific amount of memory. All that more will be stored on the disk. Usually the best option is to choose Yes if you have enough memory. This does not mean that the entire device memory will be used. If there is a shortage of memory, the data will be flushed to disk, regardless of what is selected here. This option can greatly speed up the search, however, in x86 emulators, using RAM can, on the contrary, slow down the search. Usually the data is quite large, so the choice of 5-20 MB does not change anything. The difference, usually, can be seen from 100 MB and above. 11. Language (Language). Select the language of the application. This setting item always has an English version of the name so you can find it even if you select a language that you do not know or for which there is no font on your system. This setting requires the application to be restarted. If this is not done, then some of the dialogues will remain in the previous language. Almost all of the language options are available in the application. 12. Speedhack: Reset on exit. Reset speedhack when exiting from the application. If disabled, then when you exit from the application, the reset will not happen and the game will remain accelerated or slow. To change the speed in the game again, you will need to run GG again. 13. Speedhack: List of speeds. Edit speed list of the speedhack. It is at these speeds that the speedhead switches, when you press the left / right arrows. 14. Speedhack: List of speeds. Specifies the behavior when processing list of the speeds. Available options: Nothing - there is no processing, that is entered into the list, it will be. Sort - the list is sorted in ascending order. Sort and remove duplicates - the list is sorted in ascending order, and duplicate values are deleted.

I have dump.cs // Namespace: Photon.Pun public static class PhotonNetwork // TypeDefIndex: 9417 { // Fields private static string gameVersion; // 0x0 public static LoadBalancingClient NetworkingClient; // 0x8 public static readonly int MAX_VIEW_IDS; // 0x10 private static ServerSettings photonServerSettings; // 0x18 public static ConnectMethod ConnectMethod; // 0x20 public static PunLogLevel LogLevel; // 0x24 public static bool EnableCloseConnection; // 0x28 public static float PrecisionForVectorSynchronization; // 0x2C public static float PrecisionForQuaternionSynchronization; // 0x30 public static float PrecisionForFloatSynchronization; // 0x34 private static bool offlineMode; // 0x38 private static Room offlineModeRoom; // 0x40 private static bool automaticallySyncScene; // 0x48 private static int sendFrequency; // 0x4C private static int serializationFrequency; // 0x50 private static bool isMessageQueueRunning; // 0x54 private static double frametime; // 0x58 private static int frame; // 0x60 private static Stopwatch StartupStopwatch; // 0x68 public static float MinimalTimeScaleToDispatchInFixedUpdate; // 0x70 private static int lastUsedViewSubId; // 0x74 private static int lastUsedViewSubIdStatic; // 0x78 private static readonly HashSet<string> PrefabsWithoutMagicCallback; // 0x80 private static readonly Hashtable SendInstantiateEvHashtable; // 0x88 private static readonly RaiseEventOptions SendInstantiateRaiseEventOptions; // 0x90 private static HashSet<byte> allowedReceivingGroups; // 0x98 private static HashSet<byte> blockedSendingGroups; // 0xA0 private static HashSet<PhotonView> reusablePVHashset; // 0xA8 private static NonAllocDictionary<int, PhotonView> photonViewList; // 0xB0 private static Action<PhotonView, Player> OnOwnershipRequestEv; // 0xB8 private static Action<PhotonView, Player> OnOwnershipTransferedEv; // 0xC0 private static Action<PhotonView, Player> OnOwnershipTransferFailedEv; // 0xC8 internal static byte currentLevelPrefix; // 0xD0 internal static bool loadingLevelAndPausedNetwork; // 0xD1 private static IPunPrefabPool prefabPool; // 0xD8 public static bool UseRpcMonoBehaviourCache; // 0xE0 private static readonly Dictionary<Type, List<MethodInfo>> monoRPCMethodsCache; // 0xE8 private static Dictionary<string, int> rpcShortcuts; // 0xF0 public static bool RunRpcCoroutines; // 0xF8 private static AsyncOperation _AsyncLevelLoadingOperation; // 0x100 private static float _levelLoadingProgress; // 0x108 private static readonly Type typePunRPC; // 0x110 private static readonly Type typePhotonMessageInfo; // 0x118 private static readonly object keyByteZero; // 0x120 private static readonly object keyByteOne; // 0x128 private static readonly object keyByteTwo; // 0x130 private static readonly object keyByteThree; // 0x138 private static readonly object keyByteFour; // 0x140 private static readonly object keyByteFive; // 0x148 private static readonly object keyByteSix; // 0x150 private static readonly object keyByteSeven; // 0x158 private static readonly object keyByteEight; // 0x160 private static readonly object[] emptyObjectArray; // 0x168 private static readonly Type[] emptyTypeArray; // 0x170 internal static List<PhotonView> foundPVs; // 0x178 private static readonly Hashtable removeFilter; // 0x180 private static readonly Hashtable ServerCleanDestroyEvent; // 0x188 private static readonly RaiseEventOptions ServerCleanOptions; // 0x190 internal static RaiseEventOptions SendToAllOptions; // 0x198 internal static RaiseEventOptions SendToOthersOptions; // 0x1A0 internal static RaiseEventOptions SendToSingleOptions; // 0x1A8 private static readonly Hashtable rpcFilterByViewId; // 0x1B0 private static readonly RaiseEventOptions OpCleanRpcBufferOptions; // 0x1B8 private static Hashtable rpcEvent; // 0x1C0 private static RaiseEventOptions RpcOptionsToAll; // 0x1C8 public static int ObjectsInOneUpdate; // 0x1D0 private static readonly PhotonStream serializeStreamOut; // 0x1D8 private static readonly PhotonStream serializeStreamIn; // 0x1E0 private static RaiseEventOptions serializeRaiseEvOptions; // 0x1E8 private static readonly Dictionary<PhotonNetwork.RaiseEventBatch, PhotonNetwork.SerializeViewBatch> serializeViewBatches; // 0x1F0 private static RegionHandler _cachedRegionHandler; // 0x1F8 // Methods // RVA: 0x17F6AE8 Offset: 0x17F6AE8 VA: 0x17F6AE8 public static string get_GameVersion() { } // RVA: 0x17F6B40 Offset: 0x17F6B40 VA: 0x17F6B40 public static void set_GameVersion(string value) { } // RVA: 0x17F6C10 Offset: 0x17F6C10 VA: 0x17F6C10 public static string get_AppVersion() { } // RVA: 0x17F3058 Offset: 0x17F3058 VA: 0x17F3058 public static ServerSettings get_PhotonServerSettings() { } // RVA: 0x17F7020 Offset: 0x17F7020 VA: 0x17F7020 public static string get_ServerAddress() { } // RVA: 0x17F70C8 Offset: 0x17F70C8 VA: 0x17F70C8 public static string get_CloudRegion() { } // RVA: 0x17F7364 Offset: 0x17F7364 VA: 0x17F7364 public static string get_BestRegionSummaryInPreferences() { } // RVA: 0x17F73AC Offset: 0x17F73AC VA: 0x17F73AC internal static void set_BestRegionSummaryInPreferences(string value) { } // RVA: 0x17F7184 Offset: 0x17F7184 VA: 0x17F7184 public static bool get_IsConnected() { } // RVA: 0x17F7438 Offset: 0x17F7438 VA: 0x17F7438 public static bool get_IsConnectedAndReady() { } // RVA: 0x17F7520 Offset: 0x17F7520 VA: 0x17F7520 public static ClientState get_NetworkClientState() { } // RVA: 0x17F726C Offset: 0x17F726C VA: 0x17F726C public static ServerConnection get_Server() { } // RVA: 0x17F7620 Offset: 0x17F7620 VA: 0x17F7620 public static AuthenticationValues get_AuthValues() { } // RVA: 0x17F76A8 Offset: 0x17F76A8 VA: 0x17F76A8 public static void set_AuthValues(AuthenticationValues value) { } // RVA: 0x17F28C8 Offset: 0x17F28C8 VA: 0x17F28C8 public static Room get_CurrentRoom() { } // RVA: 0x17F7740 Offset: 0x17F7740 VA: 0x17F7740 public static Player get_LocalPlayer() { } // RVA: 0x17F77C8 Offset: 0x17F77C8 VA: 0x17F77C8 public static string get_NickName() { } // RVA: 0x17F782C Offset: 0x17F782C VA: 0x17F782C public static void set_NickName(string value) { } // RVA: 0x17F7898 Offset: 0x17F7898 VA: 0x17F7898 public static Player[] get_PlayerList() { } // RVA: 0x17F7A38 Offset: 0x17F7A38 VA: 0x17F7A38 public static Player[] get_PlayerListOthers() { } // RVA: 0x17F7C9C Offset: 0x17F7C9C VA: 0x17F7C9C public static bool get_OfflineMode() { } // RVA: 0x17F7CF4 Offset: 0x17F7CF4 VA: 0x17F7CF4 public static void set_OfflineMode(bool value) { } // RVA: 0x17F8160 Offset: 0x17F8160 VA: 0x17F8160 public static bool get_AutomaticallySyncScene() { } // RVA: 0x17F81B8 Offset: 0x17F81B8 VA: 0x17F81B8 public static void set_AutomaticallySyncScene(bool value) { } // RVA: 0x17F8258 Offset: 0x17F8258 VA: 0x17F8258 public static bool get_InLobby() { } // RVA: 0x17F3120 Offset: 0x17F3120 VA: 0x17F3120 public static int get_SendRate() { } // RVA: 0x17F82BC Offset: 0x17F82BC VA: 0x17F82BC public static void set_SendRate(int value) { } // RVA: 0x17F3180 Offset: 0x17F3180 VA: 0x17F3180 public static int get_SerializationRate() { } // RVA: 0x17F83CC Offset: 0x17F83CC VA: 0x17F83CC public static void set_SerializationRate(int value) { } // RVA: 0x17F84DC Offset: 0x17F84DC VA: 0x17F84DC public static bool get_IsMessageQueueRunning() { } // RVA: 0x17F8534 Offset: 0x17F8534 VA: 0x17F8534 public static void set_IsMessageQueueRunning(bool value) { } // RVA: 0x17F8590 Offset: 0x17F8590 VA: 0x17F8590 public static double get_Time() { } // RVA: 0x17F8660 Offset: 0x17F8660 VA: 0x17F8660 public static int get_ServerTimestamp() { } // RVA: 0x17F879C Offset: 0x17F879C VA: 0x17F879C public static void set_KeepAliveInBackground(float value) { } // RVA: 0x17F8900 Offset: 0x17F8900 VA: 0x17F8900 public static float get_KeepAliveInBackground() { } // RVA: 0x17F5568 Offset: 0x17F5568 VA: 0x17F5568 public static bool get_IsMasterClient() { } // RVA: 0x17F61F0 Offset: 0x17F61F0 VA: 0x17F61F0 public static Player get_MasterClient() { } // RVA: 0x17F8A50 Offset: 0x17F8A50 VA: 0x17F8A50 public static bool get_InRoom() { } // RVA: 0x17F8AA8 Offset: 0x17F8AA8 VA: 0x17F8AA8 public static int get_CountOfPlayersOnMaster() { } // RVA: 0x17F8B0C Offset: 0x17F8B0C VA: 0x17F8B0C public static int get_CountOfPlayersInRooms() { } // RVA: 0x17F8B70 Offset: 0x17F8B70 VA: 0x17F8B70 public static int get_CountOfPlayers() { } // RVA: 0x17F8BDC Offset: 0x17F8BDC VA: 0x17F8BDC public static int get_CountOfRooms() { } // RVA: 0x17F8C40 Offset: 0x17F8C40 VA: 0x17F8C40 public static bool get_CrcCheckEnabled() { } // RVA: 0x17F8CAC Offset: 0x17F8CAC VA: 0x17F8CAC public static void set_CrcCheckEnabled(bool value) { } // RVA: 0x17F8DD0 Offset: 0x17F8DD0 VA: 0x17F8DD0 private static void .cctor() { } // RVA: 0x17F97AC Offset: 0x17F97AC VA: 0x17F97AC private static void StaticReset() { } // RVA: 0x17F9E48 Offset: 0x17F9E48 VA: 0x17F9E48 public static bool ConnectUsingSettings() { } // RVA: 0x17F9F5C Offset: 0x17F9F5C VA: 0x17F9F5C public static bool ConnectUsingSettings(AppSettings appSettings, bool startInOfflineMode = False) { } // RVA: 0x17FA5E4 Offset: 0x17FA5E4 VA: 0x17FA5E4 public static bool ConnectToMaster(string masterServerAddress, int port, string appID) { } // RVA: 0x17FA9C4 Offset: 0x17FA9C4 VA: 0x17FA9C4 public static bool ConnectToBestCloudServer() { } // RVA: 0x17FAB98 Offset: 0x17FAB98 VA: 0x17FAB98 public static bool ConnectToRegion(string region) { } // RVA: 0x17FADC4 Offset: 0x17FADC4 VA: 0x17FADC4 public static void Disconnect() { } // RVA: 0x17FAF1C Offset: 0x17FAF1C VA: 0x17FAF1C public static bool Reconnect() { } // RVA: 0x17FB254 Offset: 0x17FB254 VA: 0x17FB254 private static bool VerifyCanUseNetwork() { } // RVA: 0x17FB2F8 Offset: 0x17FB2F8 VA: 0x17FB2F8 public static int GetPing() { } // RVA: 0x17FB364 Offset: 0x17FB364 VA: 0x17FB364 public static void SendAllOutgoingCommands() { } // RVA: 0x17FB3F4 Offset: 0x17FB3F4 VA: 0x17FB3F4 public static bool CloseConnection(Player kickPlayer) { } // RVA: 0x17FB61C Offset: 0x17FB61C VA: 0x17FB61C public static bool SetMasterClient(Player masterClientPlayer) { } // RVA: 0x17FB774 Offset: 0x17FB774 VA: 0x17FB774 public static bool JoinRandomRoom() { } // RVA: 0x17FB7D8 Offset: 0x17FB7D8 VA: 0x17FB7D8 public static bool JoinRandomRoom(Hashtable expectedCustomRoomProperties, byte expectedMaxPlayers, MatchmakingMode matchingType, TypedLobby typedLobby, string sqlLobbyFilter, string[] expectedUsers) { } // RVA: 0x17FBF14 Offset: 0x17FBF14 VA: 0x17FBF14 public static bool CreateRoom(string roomName, RoomOptions roomOptions, TypedLobby typedLobby, string[] expectedUsers) { } // RVA: 0x17FC488 Offset: 0x17FC488 VA: 0x17FC488 public static bool JoinOrCreateRoom(string roomName, RoomOptions roomOptions, TypedLobby typedLobby, string[] expectedUsers) { } // RVA: 0x17FCA48 Offset: 0x17FCA48 VA: 0x17FCA48 public static bool JoinRoom(string roomName, string[] expectedUsers) { } // RVA: 0x17FCF64 Offset: 0x17FCF64 VA: 0x17FCF64 public static bool RejoinRoom(string roomName) { } // RVA: 0x17FD3EC Offset: 0x17FD3EC VA: 0x17FD3EC public static bool ReconnectAndRejoin() { } // RVA: 0x17FD6BC Offset: 0x17FD6BC VA: 0x17FD6BC public static bool LeaveRoom(bool becomeInactive = True) { } // RVA: 0x17FBD7C Offset: 0x17FBD7C VA: 0x17FBD7C private static void EnterOfflineRoom(string roomName, RoomOptions roomOptions, bool createdRoom) { } // RVA: 0x17FD8F0 Offset: 0x17FD8F0 VA: 0x17FD8F0 public static bool JoinLobby() { } // RVA: 0x17FD940 Offset: 0x17FD940 VA: 0x17FD940 public static bool JoinLobby(TypedLobby typedLobby) { } // RVA: 0x17FD9EC Offset: 0x17FD9EC VA: 0x17FD9EC public static bool LeaveLobby() { } // RVA: 0x17FDA90 Offset: 0x17FDA90 VA: 0x17FDA90 public static bool FindFriends(string[] friendsToFind) { } // RVA: 0x17FDB48 Offset: 0x17FDB48 VA: 0x17FDB48 public static bool GetCustomRoomList(TypedLobby typedLobby, string sqlLobbyFilter) { } // RVA: 0x17FDBC4 Offset: 0x17FDBC4 VA: 0x17FDBC4 public static bool RaiseEvent(byte eventCode, object eventContent, RaiseEventOptions raiseEventOptions, SendOptions sendOptions) { } // RVA: 0x17FDE10 Offset: 0x17FDE10 VA: 0x17FDE10 private static bool RaiseEventInternal(byte eventCode, object eventContent, RaiseEventOptions raiseEventOptions, SendOptions sendOptions) { } // RVA: 0x17FDF7C Offset: 0x17FDF7C VA: 0x17FDF7C public static int AllocateViewID(int ownerId) { } // RVA: 0x17FE220 Offset: 0x17FE220 VA: 0x17FE220 public static GameObject Instantiate(string prefabName, Vector3 position, Quaternion rotation, byte group = 0, object[] data) { } // RVA: 0x17FEAE0 Offset: 0x17FEAE0 VA: 0x17FEAE0 public static GameObject InstantiateRoomObject(string prefabName, Vector3 position, Quaternion rotation, byte group = 0, object[] data) { } // RVA: 0x17FECA8 Offset: 0x17FECA8 VA: 0x17FECA8 private static GameObject NetworkInstantiate(Hashtable networkEvent, Player creator) { } // RVA: 0x17FE414 Offset: 0x17FE414 VA: 0x17FE414 private static GameObject NetworkInstantiate(InstantiateParameters parameters, bool roomObject = False, bool instantiateEvent = False) { } // RVA: 0x17FF478 Offset: 0x17FF478 VA: 0x17FF478 internal static bool SendInstantiate(InstantiateParameters parameters, bool roomObject = False) { } // RVA: 0x17FF9A4 Offset: 0x17FF9A4 VA: 0x17FF9A4 public static void Destroy(PhotonView targetView) { } // RVA: 0x180002C Offset: 0x180002C VA: 0x180002C public static void Destroy(GameObject targetGo) { } // RVA: 0x180008C Offset: 0x180008C VA: 0x180008C internal static void RPC(PhotonView view, string methodName, RpcTarget target, bool encrypt, object[] parameters) { } // RVA: 0x1800ED8 Offset: 0x1800ED8 VA: 0x1800ED8 internal static void RPC(PhotonView view, string methodName, Player targetPlayer, bool encrypt, object[] parameters) { } // RVA: 0x18010F8 Offset: 0x18010F8 VA: 0x18010F8 public static void SetInterestGroups(byte group, bool enabled) { } // RVA: 0x180154C Offset: 0x180154C VA: 0x180154C public static void LoadLevel(int levelNumber) { } // RVA: 0x18016EC Offset: 0x18016EC VA: 0x18016EC public static void LoadLevel(string levelName) { } // RVA: 0x180185C Offset: 0x180185C VA: 0x180185C public static bool WebRpc(string name, object parameters, bool sendAuthCookie = False) { } // RVA: 0x17FA4F0 Offset: 0x17FA4F0 VA: 0x17FA4F0 private static void SetupLogging() { } // RVA: 0x17F6C74 Offset: 0x17F6C74 VA: 0x17F6C74 public static void LoadOrCreateSettings(bool reload = False) { } // RVA: 0x17F4C88 Offset: 0x17F4C88 VA: 0x17F4C88 public static NonAllocDictionary.ValueIterator<int, PhotonView> get_PhotonViewCollection() { } // RVA: 0x17F54F0 Offset: 0x17F54F0 VA: 0x17F54F0 public static int get_ViewCount() { } // RVA: 0x18018E0 Offset: 0x18018E0 VA: 0x18018E0 private static void add_OnOwnershipRequestEv(Action<PhotonView, Player> value) { } // RVA: 0x18019D4 Offset: 0x18019D4 VA: 0x18019D4 private static void remove_OnOwnershipRequestEv(Action<PhotonView, Player> value) { } // RVA: 0x1801AC8 Offset: 0x1801AC8 VA: 0x1801AC8 private static void add_OnOwnershipTransferedEv(Action<PhotonView, Player> value) { } // RVA: 0x1801BBC Offset: 0x1801BBC VA: 0x1801BBC private static void remove_OnOwnershipTransferedEv(Action<PhotonView, Player> value) { } // RVA: 0x1801CB0 Offset: 0x1801CB0 VA: 0x1801CB0 private static void add_OnOwnershipTransferFailedEv(Action<PhotonView, Player> value) { } // RVA: 0x1801DA4 Offset: 0x1801DA4 VA: 0x1801DA4 private static void remove_OnOwnershipTransferFailedEv(Action<PhotonView, Player> value) { } // RVA: 0x17F31E0 Offset: 0x17F31E0 VA: 0x17F31E0 public static void AddCallbackTarget(object target) { } // RVA: 0x17F35D0 Offset: 0x17F35D0 VA: 0x17F35D0 public static void RemoveCallbackTarget(object target) { } // RVA: 0x17F9D74 Offset: 0x17F9D74 VA: 0x17F9D74 public static void set_PrefabPool(IPunPrefabPool value) { } // RVA: 0x1801E98 Offset: 0x1801E98 VA: 0x1801E98 public static float get_LevelLoadingProgress() { } // RVA: 0x17F7F64 Offset: 0x17F7F64 VA: 0x17F7F64 private static void LeftRoomCleanup() { } // RVA: 0x17F5834 Offset: 0x17F5834 VA: 0x17F5834 internal static void LocalCleanupAnythingInstantiated(bool destroyInstantiatedGameObjects) { } // RVA: 0x1801F88 Offset: 0x1801F88 VA: 0x1801F88 private static void ResetPhotonViewsOnSerialize() { } // RVA: 0x1802138 Offset: 0x1802138 VA: 0x1802138 internal static void ExecuteRpc(Hashtable rpcData, Player sender) { } // RVA: 0x1804000 Offset: 0x1804000 VA: 0x1804000 private static bool CheckTypeMatch(ParameterInfo[] methodParameters, Type[] callParameterTypes) { } // RVA: 0x18041A8 Offset: 0x18041A8 VA: 0x18041A8 public static void DestroyPlayerObjects(int playerId, bool localOnly) { } // RVA: 0x1804A08 Offset: 0x1804A08 VA: 0x1804A08 public static void DestroyAll(bool localOnly) { } // RVA: 0x17FFAA4 Offset: 0x17FFAA4 VA: 0x17FFAA4 internal static void RemoveInstantiatedGO(GameObject go, bool localOnly) { } // RVA: 0x1804C54 Offset: 0x1804C54 VA: 0x1804C54 private static void ServerCleanInstantiateAndDestroy(PhotonView photonView) { } // RVA: 0x18048F4 Offset: 0x18048F4 VA: 0x18048F4 private static void SendDestroyOfPlayer(int actorNr) { } // RVA: 0x1804B48 Offset: 0x1804B48 VA: 0x1804B48 private static void SendDestroyOfAll() { } // RVA: 0x18046C4 Offset: 0x18046C4 VA: 0x18046C4 private static void OpRemoveFromServerInstantiationsOfPlayer(int actorNr) { } // RVA: 0x18050D8 Offset: 0x18050D8 VA: 0x18050D8 internal static void RequestOwnership(int viewID, int fromOwner) { } // RVA: 0x18051C8 Offset: 0x18051C8 VA: 0x18051C8 internal static void TransferOwnership(int viewID, int playerID) { } // RVA: 0x17F56F0 Offset: 0x17F56F0 VA: 0x17F56F0 internal static void OwnershipUpdate(int[] viewOwnerPairs, int targetActor = -1) { } // RVA: 0x1804F50 Offset: 0x1804F50 VA: 0x1804F50 public static bool LocalCleanPhotonView(PhotonView view) { } // RVA: 0x1803D80 Offset: 0x1803D80 VA: 0x1803D80 public static PhotonView GetPhotonView(int viewID) { } // RVA: 0x18052B8 Offset: 0x18052B8 VA: 0x18052B8 public static void RegisterPhotonView(PhotonView netView) { } // RVA: 0x18047DC Offset: 0x18047DC VA: 0x18047DC public static void OpCleanActorRpcBuffer(int actorNumber) { } // RVA: 0x1804A78 Offset: 0x1804A78 VA: 0x1804A78 public static void OpRemoveCompleteCache() { } // RVA: 0x1804FDC Offset: 0x1804FDC VA: 0x1804FDC public static void OpCleanRpcBuffer(PhotonView view) { } // RVA: 0x1800274 Offset: 0x1800274 VA: 0x1800274 internal static void RPC(PhotonView view, string methodName, RpcTarget target, Player player, bool encrypt, object[] parameters) { } // RVA: 0x18011D4 Offset: 0x18011D4 VA: 0x18011D4 public static void SetInterestGroups(byte[] disableGroups, byte[] enableGroups) { } // RVA: 0x17F6520 Offset: 0x17F6520 VA: 0x17F6520 internal static void NewSceneLoaded() { } // RVA: 0x17F3E60 Offset: 0x17F3E60 VA: 0x17F3E60 internal static void RunViewUpdate() { } // RVA: 0x1805C2C Offset: 0x1805C2C VA: 0x1805C2C private static void SendSerializeViewBatch(PhotonNetwork.SerializeViewBatch batch) { } // RVA: 0x18055D4 Offset: 0x18055D4 VA: 0x18055D4 private static List<object> OnSerializeWrite(PhotonView view) { } // RVA: 0x1806870 Offset: 0x1806870 VA: 0x1806870 private static void OnSerializeRead(object[] data, Player sender, int networkTime, short correctPrefix) { } // RVA: 0x18065A8 Offset: 0x18065A8 VA: 0x18065A8 private static List<object> DeltaCompressionWrite(List<object> previousContent, List<object> currentContent) { } // RVA: 0x1807014 Offset: 0x1807014 VA: 0x1807014 private static object[] DeltaCompressionRead(object[] lastOnSerializeDataReceived, object[] incomingData) { } // RVA: 0x18062FC Offset: 0x18062FC VA: 0x18062FC private static bool AlmostEquals(IList<object> lastData, IList<object> currentContent) { } // RVA: 0x1807300 Offset: 0x1807300 VA: 0x1807300 private static bool AlmostEquals(object one, object two) { } // RVA: 0x17F486C Offset: 0x17F486C VA: 0x17F486C internal static void LoadLevelIfSynced() { } // RVA: 0x17F43A4 Offset: 0x17F43A4 VA: 0x17F43A4 internal static void SetLevelInPropsIfSynced(object levelId) { } // RVA: 0x18077E0 Offset: 0x18077E0 VA: 0x18077E0 private static void OnEvent(EventData photonEvent) { } // RVA: 0x18092E0 Offset: 0x18092E0 VA: 0x18092E0 private static void OnOperation(OperationResponse opResponse) { } // RVA: 0x1809534 Offset: 0x1809534 VA: 0x1809534 private static void OnClientStateChanged(ClientState previousState, ClientState state) { } // RVA: 0x1809654 Offset: 0x1809654 VA: 0x1809654 private static void OnRegionsPinged(RegionHandler regionHandler) { } } There are 2 classes related to kicking // Namespace: Photon.Pun.Demo.c****pit public class PlayerDetailsController : MonoBehaviourPunCallbacks // TypeDefIndex: 9068 { // Fields public GameObject ContentPanel; // 0x20 public PropertyCell PropertyCellPrototype; // 0x28 public Text UpdateStatusText; // 0x30 public Transform BuiltInPropertiesPanel; // 0x38 public Transform PlayerNumberingExtensionPanel; // 0x40 public Transform ScoreExtensionPanel; // 0x48 public Transform TeamExtensionPanel; // 0x50 public Transform TurnExtensionPanel; // 0x58 public Transform CustomPropertiesPanel; // 0x60 public GameObject MasterClientToolBar; // 0x68 public GameObject NotInRoomLabel; // 0x70 private Dictionary<string, PropertyCell> builtInPropsCellList; // 0x78 private Player _player; // 0x80 // Methods // RVA: 0x181A158 Offset: 0x181A158 VA: 0x181A158 private void Awake() { } // RVA: 0x181A184 Offset: 0x181A184 VA: 0x181A184 Slot: 28 public override void OnEnable() { } // RVA: 0x181A25C Offset: 0x181A25C VA: 0x181A25C Slot: 29 public override void OnDisable() { } // RVA: 0x181704C Offset: 0x181704C VA: 0x181704C public void SetPlayerTarget(Player player) { } // RVA: 0x181A8F8 Offset: 0x181A8F8 VA: 0x181A8F8 private void AddProperty(string property, string value, Transform parent) { } // RVA: 0x181A79C Offset: 0x181A79C VA: 0x181A79C private string ParseKey(object key) { } // RVA: 0x181AB04 Offset: 0x181AB04 VA: 0x181AB04 public void KickOutPlayer() { } // RVA: 0x181AB60 Offset: 0x181AB60 VA: 0x181AB60 public void SetAsMaster() { } // RVA: 0x181ABBC Offset: 0x181ABBC VA: 0x181ABBC Slot: 43 public override void OnPlayerLeftRoom(Player otherPlayer) { } // RVA: 0x181AC10 Offset: 0x181AC10 VA: 0x181AC10 Slot: 32 public override void OnMasterClientSwitched(Player newMasterClient) { } // RVA: 0x181AC3C Offset: 0x181AC3C VA: 0x181AC3C Slot: 47 public override void OnPlayerPropertiesUpdate(Player target, Hashtable changedProps) { } // RVA: 0x181AF84 Offset: 0x181AF84 VA: 0x181AF84 private void OnPlayerNumberingChanged() { } // RVA: 0x181B078 Offset: 0x181B078 VA: 0x181B078 private IEnumerator UpdateUIPing() { } // RVA: 0x181A2E8 Offset: 0x181A2E8 VA: 0x181A2E8 public void ResetList() { } // RVA: 0x181A514 Offset: 0x181A514 VA: 0x181A514 private Hashtable GetAllPlayerBuiltIntProperties() { } // RVA: 0x181B114 Offset: 0x181B114 VA: 0x181B114 public void .ctor() { } } How do I turn off the kick? By the way, the game does not contain any protection

**VERY LONG POST** Game Version: 2.1.7 Hello everyone. Just wanted to share the compilation of the game's IDs (tickets, jobs, equipments, facilities, skills) that I managed to easily search thanks to the methods of some people's previous comments on this post. I have been using GG for years now but I still considered myself a beginner. So credits to those fellas for helping me a lot. **IMPORTANT NOTES** - DO NOT edit values as it is. Instead, click the box "Add to values, do not replace", and add only up to 2 DIGITS MAXIMUM (1-99). You can keep repeating this process until you reach your desired amount. - Group Items are SAFE to change until 999 (use "add to values" and 2 digits max only every single time) - Tickets, Jobs, Items, Skills, Equipments and Facilities should be kept BELOW 99, and nothing more. (I am not sure which one of these exactly but I already got banned MULTIPLE times for going over 99 with these categories) So to be sure, keep them BELOW 99. - Don't worry even if you can only stock up to 99, you can freeze the values anyway so it won't decrease when you use it. - Not yet tried freezing the TICKETS, so be careful and do at your own risk. - You can add up to 9K diamonds in each of the daily quests. I am only looting maximum of 18K diamonds per day (2 quests, 9K each). I haven't tried going over 20K diamonds cause I read one comment here that below 20K is SAFE. - DO NOT try to unlock second generation classes via job ID search. (Possible soft ban) - DIRECT editing or hacking of resources (grass, wood, food, ore, mystic ore, energy) will lead to BAN. Instead, you can just build a lot of storehouses and use bounty bag and recovery energy to refill those resources. - Town hall level hack and Character stats hack will lead to ban. - I haven't tried hacking the stock values of chaos stones and town halls. And even eggs, and pet stats. *** I've restarted the game a thousand times already just to know the safety nets of this game. And after a lot of trial and errors, and by strictly implenting all these rules to myself, I am still able to play the game up until now without getting banned. Total of 4 towns, highest town level is 30, already unlocked some of the second generation classes (with 999 stats) via marriage. I can still access shop, can play pvp, can still add friends, join online rankings, literally still have the access to all the features this game has to offer. **Extra Tip for having UNLIMITED COINS: - Freeze the coins (copper, silver, or gold) in one of your towns to have an unlimited supply of coins. Use movers from different towns to collect those coins. My other 3 towns now have 11K-30K (and still counting) copper coins in the boxes just by using this method. **I have two questions: 1. Did someone here managed to hack the items and making the values permanent??? Cause by using the items, they become 0 after restart or they will just revert back to their original values when trying to change it. The items are the only ones I still didn't figure out. 2. Did someone here already tried to hack and edit the stats of pets or the eggs? Will it get your account banned? STRUCTURE EXAMPLE: -751,830,528 (sample flag) 0 0 (change to 1 to unlock) 0 (change to 1 to unlock. Becomes 65536 if already unlocked) 9 (sample ID) 0 (unknown number) 99 (sample quantity) **IMPORTANT NOTE: - Adding the specific number after the colons (::) on each group search for every category (e.g ::25) will lessen and give you accurate results. If you try to group search just by leaving only the colons (::) at the end, the search will automatically put "::512" and this will give you thousands or hundreds of results. I already included the needed specific numbers in each category. - ::25 for tickets, items and skills - ::29 for jobs and facilities - ::33 for equipments TICKETS: ticket_flag;0;0~1;0~~0;ticket_id;0~~0;quantity::25 Example: -751,830,528;0;0~1;0~~0;7;0~~0;0::25 Ticket ID: 7 - job ticket 8 - equipment ticket 9 - facility ticket 10 - item ticket 11 - friend ticket *#*#*#*#*#*#*#*#*#*#*#*#*#*#*# ITEMS: item_flag;0;0~1;0~~0;item_id;0~~0;quantity::25 Example: -757,448,704;0;0~1;0~~0;27;0~~0;0::25 Item ID: 26 - recovery energy 27 - recovery potion L 28 - recovery potion S 29 - mystic flute 30 - small flute 31 - holy herb 32 - sacred leaf 33 - energizing stew 34 - energy rice ball 35 - mystic elixir 36 - homeopathic elixir 37 - eternal candle 38 - awakening vessel 39 - royal gift 40 - kairo flan 41 - wairo flan 42 - kairo cake 43 - wairo cake 44 - hp orb 45 - mp orb 46 - vigor orb 47 - power orb 48 - resilience orb 49 - agility orb 50 - fortune Orb 51 - mallet 59 - bounty bag 60 - grass pouch 61 - wood pouch 62 - food pouch 63 - ore pouch 64 - gem pouch 65 - skill slots up 66 - bronze trophy 67 - silver trophy 68 - gold trophy 69 - kairo trophy 70 - crown *#*#*#*#*#*#*#*#*#*#*#*#*#*#*# JOBS: job_flag;0;0~1;0~~0;job_id;0~~0;0~~0;job_quantity::29 Example: -757,189,696;0;0~1;0~~0;119;0~~0;0~~0;0::29 LEGEND: rank S,A,B,C,D (in order) Job ID: Santa Claus - 133 Scholar - 132 Champion - 119, 118, 117, 116, 115 Pirate - 114, 113, 112, 111, 110 Viking - 109, 108, 107, 106, 105 Samurai - 104, 103, 102, 101, 100 Ninja - 99, 98, 97, 96, 95 Archer - 94, 93, 92, 91, 90 Gunner - 89, 88, 87, 86, 85 Paladin - 84, 83, 82, 81, 80 Mage - 79, 78, 77, 76, 75 Knight - 74, 73, 72, 71, 70 Guard - 69, 68, 67, 66, 65 Rancher - 64, 63, 62, 61, 60 Monk - 59, 58, 57, 56, 55 Doctor - 54, 53, 52, 51, 50 Blacksmith - 49, 48, 47, 46, 45 Artisan - 44, 43, 42, 41, 40 Cook - 39, 38, 37, 36, 35 Researcher - 34, 33, 32, 31, 30 Trader - 29, 28, 27, 26, 25 Mover - 24, 23, 22, 21, 20 Carpenter - 19, 18, 17, 16, 15 Farmer - 14, 13, 12, 11, 10 Merchant - 9, 8, 7, 6, 5 Monarch - 4, 3, 2, 1, 0 *#*#*#*#*#*#*#*#*#*#*#*#*#*#*# EQUIPMENTS: equipment_flag;0;0~1;0~~0;equipment_id;0~~0;0~~0;0~~0;0::33 Example: -757,447,680;0;0~1;0~~0;111;0~~0;0~~0;0~~0;0::33 Equipment ID: (S) = S rank equipment 5 - hammer 6 - pickaxe 7 - sickle 8 - garden hoe 9 - torch 10 - shovel 11 - net 12 - fishing net 13 - fishing rod 14 - axe 15 - watering can 16 - rake 17 - wooden staff 18 - metal ore staff 19 - sturdy staff 20 - magic staff 21 - diamond staff 22 - iron staff 23 - wooden wand 24 - spiked staff 25 - shining staff 26 - light staff 27 - green staff 28 - grief staff 29 - lightning staff 30 - thunder staff 31 - frosty rod 32 - red staff 33 - royal scepter 34 - ancient staff 35 - legendary staff 36 - mystic staff (S) 37 - wooden club 38 - sturdy club 39 - oak club 40 - elder club 41 - hero club 42 - gnarly club 43 - ladle 44 - club 45 - iron club 46 - red club 47 - mace 48 - cudgel 49 - morning star 50 - steel club 51 - golden club (S) 52 - prayer club 53 - holy club 54 - light club 55 - angelic club 56 - divine club (S) 57 - bludgeon 58 - tough club 59 - the spike 60 - artistic club 61 - emerald club 62 - wooden stick 63 - pokey stick 64 - spiked club 65 - folk art club 66 - tree branch 67 - wooden spear 68 - iron spear 69 - master's spear 70 - trident 71 - legendary spear 72 - fisherman's pike 73 - iron pike 74 - red spear 75 - steel spear 76 - fire spear (S) 77 - bronze spear 78 - paladin's spear 79 - commander's spear 80 - golden spear 81 - black spear 82 - tiny mallet 83 - mallet 84 - iron hammer 85 - big bad hammer 86 - fire hammer (S) 87 - basic hammer 88 - long hammer 89 - silver hammer 90 - master's hammer 91 - golden hammer (S) 92 - sword 93 - steel sword 94 - master's sword 95 - commander's sword 96 - artisanal sword 97 - fruit knife 98 - kitchen knife 99 - silver knife 100 - master's knife 101 - golden knife 102 - tiny knife 103 - scalpel 104 - silver scalpel 105 - lightning scalpel 106 - ice scalpel 107 - pirate sword 108 - cutlass 109 - tomato sword 110 - teardrop sword 111 - fire sword (S) 112 - infantry sword 113 - sabre 114 - silver sword 115 - destruction sword 116 - ancient sword 117 - ice knife 118 - ice sword 119 - ice greatsword 120 - frosty sword 121 - blizzard sword 122 - kunai 123 - ninja star 124 - giant ninja star 125 - flame ninja star 126 - giga ninja star 127 - simple katana 128 - samurai sword 129 - shogun's katana 130 - master's katana 131 - legendary katana 132 - bronze sword 133 - copper sword 134 - tempered sword 135 - lightweight sword 136 - honor sword 137 - longish sword 138 - ***** sword 139 - saint's sword 140 - sword of rage 141 - legendary sword (S) 142 - black sword 143 - darkness sword 144 - sword of the void 145 - royal sword 146 - conqueror's sword (S) 147 - normal sword 148 - courage sword 149 - hero sword 150 - immortal sword 151 - yggdrasil sword (S) 152 - novel 153 - research guide 154 - magnifying glass 155 - ancient tome 156 - paintbrush 157 - pistol 158 - rifle 159 - musket 160 - mighty rifle 161 - golden gun (S) 162 - bow 163 - infanrty bow 164 - hunting bow 165 - swift bow 166 - champion's bow (S) 167 - adze 168 - lumberjack's axe 169 - steel axe 170 - battle axe 171 - legendary axe (S) 172 - kairo sword 173 - kairo hammer 174 - kairo lance 175 - kairo bow 176 - kairo gun 177 - wooden shield 178 - leather shield 179 - infantry shield 180 - buckler 181 - iron shield 182 - noble shield 183 - hero shield 184 - crystal shield 185 - shell shield 186 - wairo shield (S) 187 - scholar's shield 188 - holy shield 189 - folk art shield 190 - sturdy shield 191 - nightmare shield 192 - legendary shield (blue color) 193 - green shield 194 - mirror shield (S) 195 - golden shield 196 - shining shield (S) 197 - demonic shield 198 - legendary shield (gold color) 199 - conqueror's shield 200 - kairo shield (S) 201 - loincloth 202 - linen garment 203 - common garment 204 - yellow garment 205 - durable garment 206 - stylish garment 207 - thick garment 208 - chain mail 209 - skirt 210 - dress 211 - pajamas 212 - fur coat 213 - coat 214 - robe 215 - fine robe 216 - men's kimono 217 - cape 218 - durable cape 219 - purple cape 220 - royal robe 221 - leather chest guard 222 - iron chest guard 223 - leather armor 224 - light mail 225 - bronze armor 226 - silver armor 227 - verdant armor 228 - heavy armor 229 - golden armor (S) 230 - black chainmail (S) 231 - bandana (green color) 232 - alice band 233 - headband 234 - turban 235 - hat (blue color) 236 - helmet 237 - hat (brown color) 238 - bandana (blue color) 239 - ninja headband 240 - forehead guard 241 - chef hat 242 - top hat 243 - hat (white color) 244 - holy hat 245 - angel's halo 246 - pirate hat 247 - director's beret 248 - winged bandana 249 - winged hat 250 - winged helm 251 - magic hat 252 - mage's hat 253 - wizard's hat 254 - legendary hat 255 - mystic hat 256 - mail coif 257 - shampoo hat 258 - kairo hat 259 - royal crown (S) 260 - tiara 261 - lookout hat 262 - guard helmet 263 - bronze headpiece 264 - helmet 265 - iron mask 266 - iron headpiece 267 - black headpiece 268 - golden headpiece (S) 269 - dragon headpiece 270 - robot helmet 271 - locket 272 - necklace 273 - amulet 274 - blue pendant 275 - red pendant 276 - golden pendant (S) 277 - magic pendant 278 - goden bracelet 279 - leather band 280 - wristband 281 - gold medal (S) 282 - scarf 283 - collar 284 - golden collar 285 - ring 286 - pearl ring 287 - silver ring 288 - light ring 289 - golden ring (S) 290 - gloves 291 - leather gloves 292 - silk gloves 293 - silver earrings 294 - golden earrings 295 - royal earrings (S) 296 - leather shoes 297 - wooden sandals 298 - loafers 299 - silver boots 300 - boots 301 - winged sandals 302 - candle 303 - charm 304 - golden bell 305 - red ribbon 306 - ribbon 307 - wooden carving 308 - cloth bag 309 - gold bag 310 - sally pin figure 311 - santa staff 312 - santa shield *#*#*#*#*#*#*#*#*#*#*#*#*#*#*# FACILITIES: **So far, these are the only facilities I already unlocked, I am pretty sure I am still missing a lot of things based on the missing ID numbers. But it's probably the town hall, chaos stones, shelves and crib. So that makes this list the only thing that isn't complete yet** facility_id;0;0~1;0~~0;facility_id;0~~0;0~~0;quantity::29 Example: -761,248,000;0;0~1;0~~0;35;0~~0;0~~0;5::29 Facility ID: 3 - gravel path 4 - road 6 - bridge 11 - small land 12 - medium land 13 - large land 14 - xl land 23 - wall fence 24 - wall wood 25 - defensive wall 26 - castle wall 28 - gate 29 - torch 30 - nighttime meeting place 31 - low watchtower 32 - turret 33 - grass storehouse 34 - food storehouse 35 - wood storehouse 36 - ore storehouse 37 - gem storehouse 38 - item storehouse 39 - energy storehouse 40 - treasure storehouse 42 - field 43 - plantation 44 - ranch 45 - ore mine 46 - mystic ore mine 47 - energy mine 67 - well 69 - wasteland guide 70 - stables 72 - outdoor treasure lab 73 - temporary shelter 74 - outdoor research lab 75 - rest stop 76 - simple stove 77 - bonfire 78 - thorny trap 79 - flower bed 80 - bushes 81 - seedlings 82 - fountain 83 - goddess statue 84 - rejuvenation spring 85 - monster statue 86 - monster repelling orb 87 - monster repelling sword 88 - monster repelling slate 89 - windmill 90 - monster feeds 91 - bench 92 - expedition hut 101 - double bed 106 - chair 119 - decorative plant 120 - tomato 121 - flowers 122 - pansy 123 - glittering stone 124 - dining table 125 - couch 126 - candle 127 - tree nursery 128 - decorative armor 129 - red carpet 130 - fluffy carpet 131 - black carpet 132 - training room 133 - shooting range 134 - magic training ground 135 - rejuvenating bath 136 - rainwater barrel 137 - fireplace 138 - tool workshop 139 - kitchen shelves 140 - bathtub 141 - chest of drawers 142 - stove 143 - flower vase 144 - animal figurine 145 - vanity mirror 146 - cooking counter 147 - shelf 148 - desk 149 - window 150 - bookshelf 151 - dresser 152 - ore workbench 153 - study desk 154 - friend bed 157 - monster room 160 - dragon stables 161 - pitfall 162 - monster stables 182 - ancestor statue 183 - copper storage 184 - silver storage 185 - gold storage 186 - kairo king statue 189 - daycare 194 - egg storage 206 - high grade grass storehouse 207 - high grade wood storehouse 208 - high grade food storehouse 209 - high grade ore storehouse 210 - high grade mystic ore storehouse 211 - high grade energy storehouse 212 - high grade treasure storehouse 213 - high grade item storehouse 214 - high grade egg storehouse 215 - reclaimed land 234 - cash register 238 - reindeer stable *#*#*#*#*#*#*#*#*#*#*#*#*#*#*# SKILLS: **Skills with question marks (?) have chinese characters in their description so I didn't let it stay inside my game. I immediately deleted them just to be safe** skill_flag;0;0~1;0~~0;skill_id;0~~0;quantity::25 Example: -761,320,960;0;0~1;0~~0;0~~0;0~~0;0~~0::25 LEGEND: I, II, III, IV, V (in order) Skill ID: 0 - normal attack 1 - bow attack 2 - gun attack 3 - critical hit 4 - arrow rain fire magic - 5, 6, 7, 8, 9 ice magic - 10, 11, 12, 13, 14 lightning magic - 15, 16, 17, 18, 19 20 - half reflect 21 - full reflect Hit Attack - 22, 23, 24, 25 26 - counter 27 - parry 28 - perfect dodge 29 - dodge up 30 - critical up Direct attack - 31, 32 Area attack - 33, 34, 35 36 - myriad arrows 37 - heal maddy 38 - heal M 39 - heal L 40 - revive 50 41 - revive 100 42 - agriculturist 43 - construction chief 44 - thief 45 - culinarian 46 - transport crops Research - 47, 48, 49, 50, 51 52 - ranch know how 53 - treasure analysis Craftsmanship - 54, 55, 56, 57, 58 59 - instant construction 60 - instant workshop 61 - insta move 62 - instant weeding 63 - instant treasure analysis 64 - move speed up 65 - all out sprint 66 - miner Deployment range - 67, 68 69 - de fogger Experience up - 70, 71, 72 Deployment discount - 73, 74 75 - auto recovery HP 76 - auto recovery MP 77 - auto recovery VIGOR 78 - facility rec HP 79 - facility rec VIGOR 80 - facility rec MP 81 - stubborn 82 - sword resistance 83 - staff resistance 84 - axe resistance 85 - spear resistance 86 - hammer resistance 87 - club resistance 88 - gun resistance 89 - bow resistance 90 - book resistance 91 - shield resistance 92 - stealth 93 - instinct 94 - strategic retreat 95 - battle maniac 96 - ?house sitter? 97 - round trip 98 - ?rambler? 99 - ?naturalistic? 100 - ?traveler? 101 - aid specialist 102 - domestic production 103 - ?countryside fanatic? 104 - ?well prepared? 105 - leading the charge 106 - daring charge 107 - backup 108 - critical up+ 109 - 6 hit attack 110 - 7 hit attack Skilled craftsman - 111, 112 Armor breaker - 113, 114, 115, 116 Sandman - 117, 118, 119 Skill (unknown) - 120, 121, 122, 123 Guerilla - 124, 125, 126 Art - 127, 128, 129, 130, 131 132 - capture Chat - 133, 134, 135 **I hope these lists will be helpful to everyone especially those who are trying to make a script. **I really appreciate those people in the previous comments for sharing their search methods. Thank you guys. **I am a BIG FAN of kairosoft games and I am merely hacking my game so I can see it through the end. **Please don't be greedy in this game to avoid ban. Have fun and just enjoy.

Lesson 1: GameGuardian Lesson - Getting Started Note: This article is re-shared because original author deleted it What is GameGuardian? GameGuardian is application for Android Operation System, which afford you to hack and modify memory, used by games and other software. Sounds complicated? Just look to screenshots below and you will quickly understand. So, GameGuardian allow you to modify any numeric value (and not only numeric, but graphics data, like HP/MP bars, too). As you can see GameGuardian designed to be your ultimate cheating and hacking solution. There few features, you should know or be aware of: You NEED ROOT. Sorry, non-rooted devices will not support GameGuardian. GameGuardian is completely free. There is no paid functions or features. Everything completely free. However, your donations will be very nice and hardly appreciate. =) The performance of the program are very heavy based on your device’s CPU and memory. In other word – better your phone is, better and faster your program will be. So, let’s move? GameGuardian official site and authors Official GameGuarding site is gameguardian.net. Beware, there are many scums in the Internet, who claimed that their ad-bloated sites are official residence of GameGuarding and they even asking money for this program! Assholes… GameGuarding made by and maintained by four people: d2dyno [Profile] – Owner, lead designer, project management. Enyby [Profile#1] & [Profile#2] – Lead coder, project management. Trasd [Profile] – Technical consultant, project management. Aqua [Profile] – Creator (retired). GameGuardian Download Move on official GameGuarding’s site: gameguardian.net/download and follow this instruction to download: 1. Click on “Download this file”; 2. Agree with Terms; 3. Wait until download is end. You can find latest version of GameGuarding on this link: gameguardian.net/download GameGuardian Install 1. Now transfer installation file on your phone and tap on it to install. 2. Giving root access. One more time – you NEED ROOT to this APP works properly. You need grand root access few times. NOTE: This is okay that name of GameGuardian changed from “GameGuardian” to some random gibberish like “yelbplyqvsly”. This made in a order to bypass anti-cheat mechanism of some games. Nowdays games are searching for “GameGuardian” in your APP list and when they found “GameGuardian” they stop to work, telling you to delete this APP before playing the game. But if GameGuardian installed on your device with different absurd name like you see on screenshots below, anti-cheat mechanism of game will not work properly and you cheat freely. 3. That’s all. Now you have GameGuardian properly installed. You can find shortcut on your homepage. NOTE: if, you have this message during the installation “For security, your phone is set to block installation of apps obtained from unknown sources”, this means your device’s security settings are blocking installation APK not from Google Marker. You can disable it, by going into “Settings” – “Security” – “Unknown Sources: ON” GameGuardian Update If you installing newer GameGuardian over previous version installer will ask you to delete previous version from your device. GameGuardian Uninstall You can delete GameGuardian freely without any problem. Go in you APP list Find GameGuarding icon (in may names different, like some gibberish , it is okay) Delete it as any other program from your android. No restart or reboot needed. Credit: greatestmeow Lesson 2: GameGuardian Lesson - Searching “known” value Note: This article is re-shared because original author deleted it Let’s do our first hack in this GameGuardian manual. For our first hack we will try something simply. I recommend Tap Counter [Link]. Only 80 KB, no special permission required. Try this one for practice. Step #1. Launch GameGuardian and select “Tap Counter” as your target application. After that press on “cross” icon in top-right corner Step #2. Now launch Tap Counter and tap it few times. Remember number 3 (three). Go back to GameGuardian and tap “known” button. Step #3. Here we go. This is our search window. Input: value is “3” and type is “auto”. Start searching and wait. Let me explain a little. In “value” text field you should input value you would like to search, for example 3 (three) as you see in our game/app. In “type” text field you should select one of the type you are looking for: Byte – if your value is from 0 to 255; Word – if your value is from 0 to 65,535; Dword – if your value is from 0 to 4,294,967,295; Xor – if your value is from 0 to 4,294,967,295; Float – if your value has decimals, like 9.3335 or 12.2 or 76.705 Auto – all above in the single run. Note: use “auto” everytime you want to hack game – this is a little slowly, but guaranteed you will find value. Step #4. You see, you have 170,504 values (they named addresses) in the game, that have “3” in it. This is too much. Go back to the game and tap one more time. Now you have “4” (four) taps. Now, go back to GameGuardian and input value “4” in searching. Step #5. Now you have 843 addresses with 4 in it, which has 3 while ago. Try to increase your tap counter one more time, up to 5 (five) and do search one more time. Ideally, you should do this step as many times as you want to get only 1-10 addresses to check. Step #6. Wonderful, you have only 3 addresses to check, but look closely, they all share same address (22D338C8). but they differ in a type of data they store in. See this “B”, “W”, “D” at the right? You can modify any of this address in anyway you would like, but if you will hack “22D338C8” address with “B”-letter, you should input number from 0 to 255 (B stands for “Byte”), from 0 to 65,535 in W-letter (W stands for “Word “), from 0 to 4,294,967,295 in D-letter (D stands for “Dword “). Tap on “22D338C8” with D-letter and change its value to any number you want (like 987,654,321) and tap “yes”. Now, go back to game and tap on it one more time to see results. Awesome! ^_^ Step #7. We have found value that can change tap counter. Now, we need to save it. Go back to GameGuardian and uncheck “W”-letter and “B”-letter values (since we don’t need them – “D”-letter accept more values). Tap on content-menu and tap on “Save Selected”. Now you can find your value on “Save list” tab. Now you may change this value in whatever way you want, even decreasing. Or freezing value. What is freezing? Well, in GameGuardian you can “stop” any value from increasing or decreasing. This way you can have maximum HP, MP or money every time in android game, no matter how many times you have been hit by enemies or items you bought. Just tap one more time on value and check “freeze” value. By the way, you may tap on “normal” test string and this way change it to “may increase”, “may decrease” or “may stay in range”. After that you will found “equal” sign near your value. Tap on it to quickly unfreeze your value. Congratulation! Now you know how to hack android game. You should know, that many games are not so easy to break and you need to know some tricks and hints to mod game properly. Keep reading to known more. Next lesson is “grouped” search and hack. Credit: greatestmeow Lesson 3: Searching encrypted “known” value Now you should be able to hack or modify any game, right? Let’s try to hack score value in “300: Seize Your Glory” game. This is promo-game, based on “300:Rise of an Empire” movie. Download GameGuardian APK: https://gameguardian.net/download and install it on your Android device Okay, our score is 200 right now. Go find it in GameGuardian (known search -> type: auto, value: 200). We have found – 198,659 address. Well, too much. Go back to game and increase our score a little, up to 1,550. Go back to GameGuarding and try new search with value “1,550”. Wait, what? Nothing have found? How this can be? Yes, this can be. Modern game developers trying to do everything to make their games harder to hack or modify. For example, you may see number 3,006 in your game, but this number may be actually stored as: · Sum of two different number (700 + 2306 or 1402 + 1604) · Multiply of three differnt number (501 * 3* 2) · Floated number (300.6 or 0.003006) · as number 62,530 (65,536 – 3,006) · as any other number at all (33,584), e.t.c. In this cases we can say that value in our game is encrypted and we should use special switch, see this: Now try to do search with encrypted switch on. wow. 174,228,480 addresses! This is much more then 198,659 address we had in first “not-encrypted” try! Now, you need to make few iteration with new values. 1,750 points 5,000 points 24050 points After few iterations we stuck with eight addresses, four of them share same address – 94B06338, but with different letters (F-letter, X-letter, D-letter, W-letter) and same story with 9E621920. One of this address should store our score, but which of two. Let’s play a game, called Russian Roulette and try to change 94B06338 with D-letter. And go back to the game Holy moly! We found it! As you can see, you should try use regular “non-encrypted” search first in order to get value you are looking for. And only if this failed – try “encrypted” search. Awesome. You are almost pro, you only need to check one last lesson – unknown search. Credit: greatestmeow

Bypassing XOR encryption in mobile games with Game Guardian In the last few months we noticed increased number of mobile games that uses some sort of encryption. Some of them are simple, like multiplying value with some random number (example: let’s say random number is 8 – in that case, 10 gold in our in-game inventory will be stored as 80 in memory). This simple kinds of encryption can’t trick anyone. But XOR encryption is different story. It is one of the simplest encryption methods, but in most cases it can’t be broken (if data and key have the same length). It is often used as a part in more advanced ciphers. But we will cover this latter. There are lot of tutorials that teach us how to bypass XOR encryption in mobile games, but most of them don’t show us process that lies behind. So before we start, we need to read some theory about the subject. If you learn this, you will be able to bypass XOR encryption with only basic memory editor, paper and pen. Of course, this is some sort of advanced tutorial – we assume that you are at least familiar with basics of memory editing. Cryptography 101 (logic for dummies) In the beginning, there was Boolean algebra. For those who haven’t overslept math and logic classes, you can skip this chapter. If you have overslept, read carefully. George Boole was mathematician, logician and philosopher who published his most famous notes in the middle of the 19th century. You probably asked yourself why are you reading about some dude who lived 100 years before ENIAC. This dude is father of all computers – every digital circuit on our planet works on his principles. For our story, it is important to notice that every algebra has own values and operations. Imagine that, in some sort of simple algebra, values are set of natural numbers from 1 to 10 [1,2,3,4,5,6,7,8,9], and only operations are addition(+), subtraction(-), multiplication(*), and division(/). From our knowledge of elementary algebra (math from school), you can tell that 1+1 =2, or 2*4=8. While elementary algebra deals with numbers, Boolean algebra use only two values – TRUEand FALSE. They are represented as 1(true) and 0(false). All operations are done on this two values. Of course, you can’t preform multiplication or subtraction on this values. We need some other operations that can be preformed on TRUE and FALSE. These operations are called bitwise operations. There are three basic operations in Boolean algebra – NOT(¬), AND (∧) and OR (∨), and they are really simple to understand. Take a look at this image, and everything will be clear. Source: Wikipedia Just kidding, forget this and let’s move on. Basic bitwise operations I know this will maybe be hard to understand, especially if this is your first time you read about logic. So I will try to make it simple. Boolean algebra (and any other logic) are made to teach us how to make correct conclusions. In elementary algebra, correct conclusion is when we write that 1+1=2. As we said, in Boolean algebra there are only two values, and we can only preform operations on them. Now imagine that we have a few true or false statements: Tom is a cat (TRUE or 1) Jerry is a mouse (TRUE or 1) Sky is green (FALSE or 0) NOT operator This is fairly simple examples. Let’s see our first operator, NOT(¬). “Tom in not a cat”, is this statement true or false? Of course, it is FALSE. Jerry is not a mouse = FALSE or 0. Sky is not green = TRUE or 1. This operator preforms logical negation on a given statement. 0 become 1, and 1 become 0. We can write it like this: ¬0 = 1 ¬1 = 0 AND operator AND(∧) operator takes two arguments, and returns TRUE only if both arguments are TRUE. Tom is a cat AND Jerry is a mouse = TRUE(1). Tom is a cat AND Sky is green = FALSE(0). You can easily remember this operator – just multiply two arguments and you have correct result. We can write it like this: 1 ∧ 1 = 1 1 ∧ 0 = 0 0 ∧ 1 = 0 0 ∧ 0 = 0 OR operator OR (∨) operator takes two arguments, and return FALSE only if both of the statements are FALSE. In every other case it returns TRUE. Tom is car OR Sky is green = TRUE(1). Sky is green OR Sky is red = FALSE(0). 1 ∨ 1 = 1 1 ∨ 0 = 1 0 ∨ 1 = 1 0 ∨ 0 = 0 Maybe you wonder why are we talking about Tom and Jerry. In computer world, everything is made in binary system. There are only two states in computer – there is current flow (1) and there isn’t current flow (0). So every information is stored in binary numeral system. Each digit (0 or 1) is called bit. Group of 8 bits are called byte. Any information can be translated into binary system. So our “tom” will be 01110100 01101111 01101101 in binary, and “sky” will be 01110011 01101011 01111001. Guess what? You can preform this bitwise operations on binary values. So, “tom” OR “sky”? 01110100 01101111 01101101 tom ∨ 01110011 01101011 01111001 sky ____________________________ 01110111 01101111 01111101 wo} If we want preform AND operator, this will be result: 01110100 01101111 01101101 tom ∧ 01110011 01101011 01111001 sky _______________________________ 01110000 01101011 01101001 pki Well, this was not very useful. But it is important to remember this, because now you will learn another bitwise operation – exclusive disjunction (exclusive OR, known as XOR). XOR (exclusive OR) bitwise operator I hope you understand these basic bitwise operators. There is also so-called “secondary operators or operations”, which can be derived from basic operators. One of these secondary operators is XOR, or exclusive OR. You will understand why is it called “exclusive OR” when you see the following table. 1 XOR 1 = 0 1 XOR 0 = 1 0 XOR 1 = 1 0 XOR 0 = 0 As you can see, if you perform XOR operation on two different values, it will return 1 or true. If values are the same, it will return 0 or false. So what is the catch? Why are XOR so special, and why is it used in cryptography? Now, look again our previous example, and you will see. From now on, we will preform XOR operation on original data (“tom” in our case) with the key (“sky” in our case). 01110100 01101111 01101101 tom XOR 01110011 01101011 01111001 sky _____________________________________ 00000111 00000100 00010100 //this can't be converted to meaningful text But what will happen if we XOR out new value (00000111 00000100 00010100) with the same key (sky or 01110011 01101011 01111001)? Let’s try it. 00000111 00000100 00010100 XOR 01110011 01101011 01111001 sky ___________________________________ 01110100 01101111 01101101 tom Right, we got our original data. But there is more -what if we don’t know the key (“sky”) 01110100 01101111 01101101 tom XOR 00000111 00000100 00010100 ___________________________________ 01110011 01101011 01111001 sky We have out original key. This is the reason why XOR operator is special. We can’t achieve this with other operators. XOR encryption in mobile games So let’s see some real world example – using XOR encryption in mobile games. Imagine that you have 1000 gold in some game. Developers implemented that all values are XOR-ed with the key 1337, and stored in memory. So look at the example. For conversion for decimal to binary you can use Windows calculator, or some online tools [BINARY TO DECIMAL CONVERTER] 0000001111101000 1000 XOR 0000010100111001 1337 _________________________ 0000011011010001 1745 This means that “1000” gold is stored as “1745” in memory. If you earn more gold (let’s say you got 1050 gold now), it will be stored in memory like this. 0000010000011010 1050 XOR 0000010100111001 1337 _________________________ 0000000100100011 291 So how we can bypass this sort of encryption? Bypassing XOR encryption with Game Guardian We already saw that: original value XOR key = encrypted value encrypted value XOR key = original value original value XOR encrypted value = key With this principle, we can bypass XOR encryption even if we don’t know that key developers used. So let’s start with practical work. If you aren’t familiar with fuzzy search, it will be useful to first read this tutorial [GAME GUARDIAN FUZZY SEARCH TUTORIAL]. We are going to use examples from previous paragraph. Our first step is to find address where the encrypted value is stored. This step is simple. First, scan for unknown starting value – this is done by selecting Fuzzy search from Game Guardian. As value type, you can choose DWORD (it was DWORD in all games that we cheated). Change the amount of gold in-game, then search for changed value. Repeat this step until only one address has left on the list. Now it is time to check if XOR encryption is used. Let’s say you got 1000 gold in game, but with fuzzy search you found value 1745. Preform XOR operation on this two values. 0000001111101000 1000 //Ingame gold XOR 0000011011010001 1745 //Value that you have found with fuzzy search _________________________ 0000010100111001 1337 //Key? --write it down Now change original value – earn or spend some gold. Let’s say you have 1050 gold now. Look at the address that you found with fuzzy search, and read the value. Again, preform XOR operation with in-game value and in-memory value. 0000010000011010 1050 //In-game value XOR 0000000100100011 291 //Value which is stored in memory _________________________ 0000010100111001 1337 //KEY!! If two keys are the same, XOR encryption is used and you have found the key. If they are not, XOR encryption is not used. Now, let’s change our gold (it was our primary goal, right?). We want 9999 gold. Again, preform XOR operation on it with key that you found (1337 in our case). 0010011100001111 9999 XOR 0000010100111001 1337 ___________________________ 0010001000110110 8758 Change the value that you found with fuzzy search – as new value set 8758. Open game again, and you should have 9999 gold. You can now cheat game using paper and pen, as we promised on the beginning. But it would be smarter if you use XOR calculator built in Game Guardian Second method to bypass XOR encryption Now, you will see the true power of Game Guardian. For this method, it is important to note that in most games, encrypted value and key are stored next to each other in memory – for DWORD type,one value occupies 4 bytes,so the key is usually 4 bytes away from encrypted value. Look at this picture. In Game Guardian, there is builtin method which automatically search for values, and XOR them with value which is X bytes away. That means that we don’t need to do fuzzy search, or calculate XOR values. Game Guardian can do it for us. Let’s get back to our previous example and imagine that encrypted value and key are 4 bytes away. If you have 1000 gold in-game, click on Known search, as type choose Dword (it can be some other types too, but it is usually dword.). As value, put in 1000X4, and click on search. In this example, first number “1000” is amount of currency that we want to change. Second part, “X4“, marks how many bytes away is the key. For dword values it can be X4,X8, X12, X16… Earn or spend some currency – let’s say that you have 900 gold now. Now input 900X4, and click on refine. Repeat previous step until you have only one address left (or few addresses if you want). Click on Edit, and as a value input 9999X4. And that’s it. Game Guardian will automatically search for encrypted values, and XOR them with key which is X bytes away. Pretty impressive feature. With this, our tutorial has finished. There will be reference links bellow, if you want to know more about this subject. Any suggestions are appreciated. Happy cheating. Reference links [Algebraic operation – Wikipedia article] [Binary numbers] [Boolean algebra] [Exclusive OR – XOR, Wikipedia] [NoFear’s tutorial – Xor search guide] [Binary to decimal online calculator]

Quick Notes: Low Registers (R0 to R7): Accessible by all instructions using general-purpose registers. High Registers (R8 to R12): Accessible by 32-bit instructions specifying a general-purpose register, not all 16-bit instructions. Stack Pointer (R13): Used as the Stack Pointer (SP). Autoaligned to a word, four-byte boundary, ignoring writes to bits [1:0]. Link Register (R14): Subroutine Link Register (LR). Receives return address from PC during Branch and Link (BL) or Branch and Link with Exchange (BLX). Also used for exception return. Treat as a general-purpose register. Program Counter (R15): PC. FPU (Floating Point Unit): Supports single-precision operations - add, subtract, multiply, divide, multiply and accumulate, and square root. Also handles conversions between fixed-point and floating-point formats, and floating-point constant instructions. FPU Registers: Sixteen 64-bit doubleword registers: D0-D15. Thirty-two 32-bit single-word registers: S0-S31. ->Source <- --------------------------------------------------------------------------------------------------------------------------------- In Arm Patching we are using only Low Registers and the FPU. True and false Editing. ~A MOV R0, #1 MOV means Move , by this instruction we are telling the proccessor to move the value 1 to register R0 similar when you assign a variable name : R0 = 1 in most programing languages the true statment always = 1 and the false statment = 0 so #1 = true and #0 = false ~A BX LR BX Means branch exit LR or in another way return the value we stored to the caller. Int Editing : we can use MOV R0, # aswell for the int value but you need to know the integral data types. • byte : Signed: From −128 to 127 ­ ­ ­ ­ ­ ­ ­ ­ ­: Unsigned: From 0 to 255 we can use MOV here if the int value we want is between -128 and 255 so the instruction will be : ~A MOV R0, #-128 or #255 at max • short : Signed: From −32,768 to 32,767 : Unsigned: From 0 to 65,535 in this case we use MOVW the W stands for Word so same as above the instruction will be : ~A MOVW R0, #−32,768 or #65,535 at max NOTE : • Don't forget to return (~A BX LR) • We can Use MVN which mean Move Negative so the Max Negative Value will be #255 for Byte and MVNW for Short #65,535 (Don't add "-" since we already telling the proccessor we are dealing with negative number) • #value will be converted automatically to hex value in the Register means #8 will be 0x00000008 and so on • Int 32 : Signed: From −2,147,483,648 to 2,147,483,647 : Unsigned: From 0 to 4,294,967,295 the typical DWORD in GG : here we move to the advanced Part of this guide: as I said in the Note above the values are converted in the register automatically to hex so the max value in short in hex will be 0x0000FFFF so we have 4 zero's we can't change in the int 32, in this case we use one more instructon MOVT T stands for Top example : MOVW R0, #22136 -> R0 will be : 0X00005678 MOVT R0 , #4660 -> R0 will be : 0x12345678 So in case of INT32 we need 2 things • Convert the value we want to change to hex value • 3 instruction in total the Same concept here work for QWORD aswell (64 bit) 0x0000000000000001 Note : MVN R0, #2 will change to 0xFFFFFFF2 in hex MOV R0, #2 or MOV R0, #0x2 are the same Float and Double: • Float and Double are IEEE 754 Floating-Point: We need the FPU here and things will get a little bit complicated, • we need 2 or 3 registers in this case R0 , R1 and S0(for float) or D0(for double) Suppose the hex value of this float 12.6 is : 0x4149999A same as the int 32 : ~A MOVW R0, #0x999A (R0 = 0x0000999A) ~A MOVT R0, #0x4149 (R0 now = 0x4149999A) now R0 is set but if we return the value (~A BX LR) the result will be : 1095342490 and we don't want that value we want 12.6 as float (This Doesn't Work Because we didn't tell the proccessor that is a float number) the right way is to use FPU VMOV S15, R0 ( VMOV is the instruction MOV in the FPU : by that instruction we mean move the register value of R0 to the FPU register R15 ) VMOV.F32 S0, S15 (here we are telling the FPU we are dealing with Float number (F32) and move the value from S15 to S0 ) for double we use the same concept except we use F64 instead and register D16 and D0 Float : so the final code will be : ~A MOVW R0, #0x999A (R0 = 0x0000999A) ~A MOVT R0, #0x4149 (R0 = 0x4149999A) ~A VMOV S15, R0 ~A VMOV.F32 S0, S15 ~A BX LR ----------------- Double : For double the hex value of 12.6 is : 0x4029333333333333 (Same Concept for Big Float Number) • Here we use R0, R1 , D0 and D16 • divide the hex value 0x4029333333333333 into 2 part 0x40293333 and 0x33333333 one goes for R0 and the other one goes for R1 Be carful of the placement of the hex value we start from the last 4 to the 1st 4 means we start with 0x3333 -> 0x4029 Use same concept of MOVW and MOVT to get the result. Result: ~A MOVW R0, #0x3333 (R0 = 0x00003333) ~A MOVT R0, #0x3333 (R0 = 0x33333333) ~A MOVW R1, # 0x3333 (R1 = 0x00003333) ~A MOVT R1, #0x4029 (R1 = 0x40293333) ~A VMOV D16, R0, R1 (Move value Of R0 and R1 to register D16 Be Careful here R0 last 8 hex 1st then R1 the top 8 hex) ~A VMOV.F64 D0, D16 (here we use F64 and D0 , and D16 instead of F32 , S0 and S15 because the hex value is 64 bit) ~A BX LR ------ This is How you arm patch bool / int / float / double NOTE : When it comes to function args and returns the only register that give return or args are R0,R1,R2,R3 (and SP) this is why we use R0 and VMOV S15/D16 to S0/D0 ARMv8 : In ARMv8, LSL stands for "Logical Shift Left". It is an instruction used to shift the bits in a register to the left by a specified number of bits, and the bits that are shifted off the left-hand end are discarded. LSL can be used with immediate values or with a register value. The immediate value specifies the number of bits to shift, which can be between 0 and 63. When using a register value, the bottom byte of the register specifies the number of bits to shift Example : Level 1 ) LSL X1, X2, #3 --> Shift the contents of X2 left by 3 bits and store the result in X1 -> In this example, X2 is being multiplied by 8 (since 8 is 2 to the power of 3), and the result is stored in X1. Level 2) MOV and LSL example: MOV X1, #0x10 -->Move the value 0x10 into register X1 LSL X1, X1, #3 --> Shift the contents of X1 left by 3 bits (multiply by 8 ) Level 3) Float Value : 3.14159 / Hex : 0x40490FD0 --Load the value 0x0FD00000 into bits 16-31 of W0 • MOVK W0, #0x0FD0, LSL #16 --> W0 = 0x00000FD0 -- Load the value 0x40490000 into bits 32-47 of W0 • MOVK W0, #0x4049, LSL #32 -> W0 = 0x40490FD0 -- Move the value of W0 into single-precision floating-point register S0 • FMOV S0, W0 --> S0 = 0x40490FD0 (interpreted as a floating-point value) Note : 4 bytes hex (32) value we use register W and for float we use S Level 4 ) Double value : 3.14159 / Hex : 0x400921F9F01B866E MOVK X0, #0xF01B866E, LSL #16 -->X0 = 0x00000000F01B866E MOVK X0, #0x400921F9, LSL #48 -->X0 = 0x400921F9F01B866E FMOV D0, X0 Note: 8 bytes hex (64) value we use register X and for Double we use D NOTE: SAME CONCEPT IN AARCH32 WITH (INT, BOOL, FLOAT, AND DOUBLE) LSL and MOV(Z/K) is the diffrences. PART II (LDR / STR): [STRING] ( NON UNITY GAMES ) Little-endian / Big-endians : LDR and STR are instructions used in ARMv7 and ARMv8 architectures to load and store data from memory. LDR stands for "Load Register" and is used to load a value from memory into a register. The syntax for LDR in ARMv7 and ARMv8 is LDR <Register>, [<Address>] STR stands for "Store Register" and is used to store a value from a register into memory. The syntax for STR in ARMv7 and ARMv8 is STR <Register>, [<Address>] where <Register> is the name of the register to load the value into, and <Address> is the memory address from which to load the value. In both cases, the square brackets around <Address> indicate that the value inside the brackets is a memory address, rather than a register. To load the string 'GG TESTING' into a register, you can use the LDR instruction. Assume the pointer to 'G' is 0x00000004 we can use this address as the base address for the LDR instruction. The instruction for loading the first four characters of the string into a 32-bit register (e.g., R1/X1) would be: • LDR R1/X1, [0x00000004] -- R1/X1 = 'GG T' This instruction loads the 32-bit value at memory address 0x00000004 into R1/X1. Note: Use the Move instructions above (PART I) to assign the value (address) to a register BEFOR USING LDR --> LDR R1/X1, [R0] -- R0 = 0x123456789 ( use MOV to assign the correct address to R0 or X0) To load the entire string into a register, you can use the LDR instruction with a register offset. Assuming the string is stored in consecutive memory locations, we can use the following instruction to load the entire string into a register (e.g., R1/X1) LDR R1/X1, [0x00000004], #10 This instruction loads the 32-bit value at memory address 0x00000004 into R1 and increments the base address by 10 (the length of the string). As a result, the entire string 'GG TESTING' will be loaded into R1. ADVANCED : If 'GG TESTING' is a half-word (i.e., each character is 2 bytes or 16 bits) and the pointer to 'G' is located at memory address 0x0000004 + 0x8, then the instructions for loading the string into a register would be different Dummy memory: 0x0000004 (<-- pointer )= 123 0x0000008 = 21 0x000000C = 9999999 0x0000010 = 'GG' 0x0000014 = ' T' -- with space at the start. 0x0000018 = 'ES' etc.. --> between every byte value ( character ) there is 0 [ example in memory 0x00000010 = 71 (G) <-- byte 0x00000011 = 0 <-- byte 0x00000012 = 71 (G) <-- byte 0x00000013 = 0 <-- byte 0x00000014 = 32 (space) <- byte ] To load the half-word 'GG' into a 32-bit register (e.g., R0/X0), we can use the LDRH instruction as follows: LDRH R0, [0x00000004, 0x8] This instruction loads the 16-bit value at memory address 0x00000010 into the lower 16 bits of R0/X0. Since we want to load the first two characters of the string, we add an offset of 0x8 to the base address. Read more about LDR To load the entire string into a register, we can use the LDRH instruction with a register offset as follows: LDRH R0, [0x00000004, 0x8], #0xC This instruction loads the 16-bit value at memory address 0x00000010 into the lower 16 bits of R1, and increments the base address by 0xC (or 12 bytes) to load the remaining characters of the string. The 'GG TESTING' string has a length of 10 characters, which corresponds to 20 bytes (11 characters x 2 bytes per character), so we need to load 12 bytes in addition to the first 2 bytes to load the entire string. AARCH64 : LDRH --> LDURH (Load Unsigned Halfword with a 64-bit offset) or LDSRH (signed) LDURH W0, [X1, #16] ; Load a halfword from the memory address X1 + 16 into W0 This loads a 16-bit unsigned halfword from the memory address X1 + 16 into the 32-bit register W0. Note that the offset value is added to the base register X1 to form the memory address. Also, because LDURH is an unsigned load instruction, the loaded halfword is zero-extended to 32 bits. NOTE: the LDURH instruction is specific to AArch64 architecture and is not available in AArch32 architecture. STR: STR is used to store the contents of a register into a memory location that is addressed using a base register and an optional offset. The contents of the register are written to the memory location, overwriting any previous data that was stored at that location. -->STR Rd, [Rn {, #offset}] where Rd is the source register whose contents will be stored in memory, Rn is the base register that points to the memory location where the data will be stored, and offset is an optional 32-bit offset that is added to the base register to form the memory address. Example of using the STR instruction to store the contents of R0 register into a memory location: --> STR R0/X0, [R1/X1, #4] ; Store the contents of R0/X1 into the memory location R1/X1 + 4. NOTE : STR Wd, [Xn, #offset], imm | the STR instruction with the imm option is only available in AArch64. |--> Wd/Xd, [Xn, #offset] The imm option allows you to add an immediate value to the offset to form the memory address. The immediate value is sign-extended to 64 bits, shifted left by the scale factor (which is determined by the size of the data being transferred), and then added to the offset. -> STR W0, [X1, #0x100], #0x20 -- This stores the contents of register W0 into the memory location pointed to by register X1 plus 0x100 plus 0x20, overwriting any previous data stored at that location. In AArch32, there is no imm option for the STR instruction. However, you can achieve a similar effect by adding the immediate value to the offset before using it in the instruction. Here's an example: ADD R2, R1, #0x120 --> R2 = R1 + 0x120 STR R0, [R2] --> Store R0 at address R2 Here, the ADD instruction adds the immediate value 0x20 to the base register R1, storing the result in R2. The STR instruction then stores the contents of register R0 into the memory location pointed to by register R2. Note: that the immediate value is added to the offset before using it in the instruction, rather than being added as a separate operand like the imm option in AArch64. --->FOR Using LDR / STR on values just LDR/STR R0/X0, [DESTINATION ADDRESS] Note : Unity games use pointers for the string ----------------------------------------------> Converting Float and Double to Hex <--------------------------------- This is mainly IEEE Standard for Floating-Point Arithmetic. (you can skip this part by using online converter) > You need : • Advanced Lua scripting Knowladge. • Math Knowladge. • Binary 32 and 64 Knowladge. --------------Please read--------------