Search the Community

Hey, mates! I'd like to know if it's possible to make some cheats for Tomb Raider Reloaded. I tried editing money, gems and other custom currencies, but when I change the values it resets to the original ones right away, so I probably only found the display ones. For HP and armor I couldn't even find any values. Same thing for item shop prices. I hope someone can help, thanks in advance!

Hmmm... I tested in emulator and Android 10 with VirtualXposed only. Android 13 not tested, since I don't have it.

View File Craft of Survival - Gladiators Game : Craft of Survival: Gladiators Play Store : https://play.google.com/store/apps/details?id=com.action.survival.craft.rpg ARM8 / 64 BIT Feature [ MOD MENU ] - [ GOD MOD ] 🇸‌‌🇦‌‌🇫‌‌🇪‌ - [ ALWAYS CRIT ] 🇸‌‌🇦‌‌🇫‌‌🇪‌ - [ MAX DURABILITY ] 🇸‌‌🇦‌‌🇫‌‌🇪‌ - [ CRAFT & UPGRADE ] 🇸‌‌🇦‌‌🇫‌‌🇪‌ NOTES = USER : COSCOS PASS : 101 Group Telegram : @allgamesmodchat Thanks Submitter dodiriyadi Submitted 10/04/2023 Category LUA scripts  

View File Sword Master Story sword master story [x64]: Unlock Hero + Unlimit Daily Quest Submitter quocphepha009 Submitted 10/05/2023 Category LUA scripts  

I tried running script 10 times, reloading game, rebooting device, it always works. Try reloading game and running script again.

View File Tools DumpCS Tools Dump Script Gamegudian By name Class, Fields or address in memory Watch my video to see how to use it Submitter LTC Submitted 10/04/2023 Category Tools  

View File Grim Soul 5.6.1 Playstore: https://play.google.com/store/apps/details?id=fantasy.survival.game.rpg&hl=de&gl=US Telegram: BixxlerGames ARM8 - 64BIT ONLY PASSWORD: 0000 [MOD MENU] - Unlimited Durability - NEW - - LVL 200 AFTER Kill - NEW - - Instant Travel - - Max Move Speed - - Max Attack Damage - - VIP - - Split Weapons - - Free Build & Crafting,Assemble,Tier - - Maps Unlock - If you have any problems, please feel free to contact me Here. Submitter Bixxler Submitted 10/03/2023 Category LUA scripts  

so far this is what i found in Ninja Arashi 2. Screenrecorder-2023-10-03-15-32-25-173.mp4

[ @STGX44x ] --- This is a common issue on Samsung devices, sadly, I still don't know the root-cause of this. My assumption is because of: - Samsung Knox Security - Android 12-13 - Firmware itself. Here's several threads of people having the same problem: - Samsung Note 20 Ultra - Samsung A32 - Samsung S20 - Samsung Tab S7 - Samsung A32 (again) --- Let me know if you remember something about this, in the mean-time, may try some of these: - Use Termux to execute the command (or if you're using Magisk, use SELinux Permissive module) and Game Guardian -> "Fix It" button -> Switch to work with SELinux and restart - Downgrade your OS / Android / Security Patch or just use Custom OS in general (Android 10 and below is recommended) - Use Virtual Machine (F1VM, x8Sandbox, VPhoneGaGa, VMOS Pro, etc) ---

View File Westland 6.5.0 Script Telegram: https://t.me/+dqNrOHrRDB9mYWQ Many useful Hacks for Westland ARMV8 / 64 BIT Only. PASS:0000 [Caution risk to be banned] [MOD MENU] - VIP Active - - Gamespeed x3 (testing) - - Most Opponents are blind - - Unlock Map Events - - Unlock Premium Events - - Insta Travel - - Godmode (Eat any Food & Switch Armor) - - Auto Kill (Activate before Enter Map) - - DMG & HEALTH & Hungry mod - - Unlock Pet Bait - - Unlock All Mount (Give pet to NPC) - - High Durability & No lost on Death - - Repair Durability (only Base) - - Free Build / Upgrade / Finalize - - Amulet & Ring Max STATS on CRAFTING - - Weapon Split - - FREE SHOP & SPIN & Free Trader - - Calender Take Daily Rewards - - Automaticly Unlocking Location Doors - Submitter Bixxler Submitted 10/01/2023 Category LUA scripts  

View File Mutiny: Pirate Survival RPG Game : Mutiny: Pirate Survival RPG Play Store : https://play.google.com/store/apps/details?id=com.heliogames.pirates Feature [ MOD MENU ] - GOD MOD - FREE CRAFT AND UPGRADE - DAILY REWARD - MAX DURABILITY - FREE TRAVEL - INCREASE ATT SPEED (NEW) - INCREASE ATT RANGE (NEW) [ Risk To Ban , So Be Careful ] Group Telegram : https://t.me/allgamesmodchat ™ATTENTION PLEASE™ How to using script for prevent get banned and Update, You Can Check in Group Telegram Thanks Submitter dodiriyadi Submitted 10/02/2023 Category LUA scripts  

Disclaimer: This guide is for educational purposes only. The techniques explored here are intended for understanding the technical aspects of Android games. Users are advised to use this knowledge responsibly and within legal and ethical boundaries. I disclaim any liability for misuse or unauthorized activities. Use this information at your own risk. As you explore with me, remember it's all about learning, not mischief. If you decide to try out any of these tricks, make sure it's within the rules and plays nice with the devs. I'm not taking responsibility for any shenanigans, so be cool, and enjoy the learning ride. Cheers! Goals : • Identify server-side data from local data. • How to tamper server-side data . • bypass SSL encryption. Requirement : • You should be familiar with requests ( http ) . • You should have some level of knowledge about reverse-engeneering / Exploits / etc. Tools : • GameGuardian. • Frida. • IDA (Pro). • BurbSuite / any other proxy interceptor. • LUA Decryption and Encryption for cocos2dlua. Difficulty : 8/10 ----- Let's Dive IN -----First step is to collect information about the game start playing the game normally to get some information about it, it's concept and what data they have like items , coins , gems , vip , battlepass, etc and what they call it in game. Open GameGuardian or root explorer to know what engine the game use and it's libs, like libIl2cpp.so for Unity , Cocos2d for coco's 2d games , or a custom lib built on top of other games engines like libLotaApp. BurbSuite Start Intercepting traffic. Set Up Your Environment Install Burp Suite: Download and install Burp Suite from the official website. Configure Your Android Device: Connect your Android device to the same network as your computer. Go to Wi-Fi settings, find your connected network, and set the proxy to your computer's IP address and the port Burp Suite is running on (default is 8080). Step 2: Configure Burp Suite Start Burp Suite: Open Burp Suite and go to the "Proxy" tab. Configure Proxy Settings: Under the "Options" tab, go to "Proxy" settings. Ensure the proxy listener is running on the IP address and port you specified in your Android device's Wi-Fi settings. Install Burp's CA Certificate: In Burp Suite, go to "Proxy" > "Options" > "Import / export CA certificate." Click "Save CA Certificate" to save the certificate. Transfer the certificate to your Android device and install it. when Exporting the Certificate You should put the Extention of it .ctr Step 3: Configure Android Device Install and Configure Proxy on Android: Ensure the proxy listener is running on the IP address and port you specified in your Android device's Wi-Fi settings. For APN edit the Access point name : Install the Exported Certificate from burb to your Android phone Step 4: Start Capturing Traffic In the "Target" tab, you should see the target host(s) that your Android device has communicated with. Browse on Android Device: Open the browser on your Android device and start browsing. Burp Suite will capture the traffic, In the "Target" tab, you should see the target host(s) that your Android device has communicated with. Inspect and Manipulate Traffic: In the "Proxy" tab, you can intercept requests and responses, inspect them, and even manipulate them before forwarding. Use Other Burp Suite Tools: Explore other tools in Burp Suite, such as "Repeater" and "Intruder," to perform further analysis and testing. Hierarchy: The Site Map is organized in a hierarchical structure that represents the different hosts and paths your client has communicated with. Hosts and Paths: Hosts represent the web servers or domains that your client has interacted with. Paths represent specific URLs or routes within those hosts. HTTP Methods: Each entry in the Site Map includes information about the HTTP methods used (GET, POST, etc.). Status Codes: The status codes of the responses (e.g., 200 OK, 404 Not Found) are displayed, providing insights into the server's responses. Request and Response Details: Clicking on an entry in the Site Map reveals detailed information about the request and response for that specific interaction. This includes headers, parameters, and content. Filtering and Searching: You can filter and search for specific requests or hosts, making it easier to focus on relevant parts of the traffic. Context Menu: Right-clicking on an entry provides a context menu with various options, such as sending the request to other Burp Suite tools for further analysis. Interactivity: The Site Map is an interactive tool that allows you to manipulate and analyze the captured traffic in real-time. Use Cases: Analysis and Debugging: Identify patterns and anomalies in your web traffic for analysis and debugging purposes. Security Testing: Spot potential security issues, such as vulnerabilities or unusual behaviors. Mapping Application Flow: Understand how different paths in your application are accessed and interacted with. select all URLs and right click -> delete selected items ( we don't need them ) launch the app and watch what the app send when it execute I launched "Mythic Su*moner" and this traffic get captured But Most games use SSL pinning and they don't show the full trafic even when intercepting with them . in this case we need Frida to UnSSL it. ( u can use it to bypass root detection aswell ). SSL pinning, also known as certificate pinning or public key pinning, is a security mechanism employed in applications to enhance the security of SSL/TLS connections. It involves associating a specific SSL certificate or public key with a particular domain, and the application will only accept connections with that specific certificate or key. Normal SSL/TLS Connection: In a standard SSL/TLS connection, a client (e.g., a mobile app) connects to a server, and the server presents its digital certificate to the client during the handshake process. SSL Pinning Process: With SSL pinning, the client embeds a specific SSL certificate or public key within the application. When establishing a connection to the server, the client checks whether the server's presented certificate matches the embedded certificate or public key. Verification and Trust: If the presented certificate matches the pinned certificate or key, the connection is considered trusted, and the communication proceeds. If there's a mismatch or the server presents a different certificate, the connection is rejected, preventing potential man-in-the-middle attacks. Using Brbsuite To listen to the game traffic is man-in-the-middle attack. that's why Most of the trafic is rejected in the 1st capture FRIDA Connect your phone with ur pc via USB & and inject an Agent into the process to UNSSL Pinning : when You UNSSL the game you get More Trafic : With this traffic UNSSLed you can play with it, inspect it and modify it with the repeater ( this is how you hack the server-side ) this method called Tampering data. How to Identify Server Data and Local Data. Select the inapps.appflyer.com and watch it when you play every changement in data ( server side ) get registered by this url ( most cases ) it will send a gzip to server and save it there . any local data will be saved in your machine ( android device ) or memory and the inapps.appflyer.com won't send a request. Some games use SOCKET to connect the game and the server and keeps the connection open until the game get terminated or the server get shut down, with burb you can Intercept sockets aswell. TIP : while you intercepting traffic from burb open the lib with IDA pro to dissassemble it. IDA make sure IDA fully dissassemble the lib by showing idle on the buttom go to the functions menu hit ctrl + F to start searching for keywords I mentioned at the beginning ( gold , items name , coins , player stats etc ) when I search for the keywords no functions / methods found that mean the logic and the data proccess isn't in the lib nor in the traffic ( most of them ) that means the only way to store the logic is in the files in this example game. if you found functions your starting point start with frida, you can use Frida to hook it and track the pointers and afterword GG to create a script. Decrypt LUAC take the apk and unzip it ( open with rar / 7zip ) you'll end up with the game files and Done the logic is found in the game files , the game use lua to run with C and cocos2d. but the game won't leave the game logic and codes open and public the must use some sort of encryption to it , for that they use LUAC is the Lua compiler responsible for taking Lua source code and transforming it into Lua bytecode encrypted. try another file : notice : i0lzCcmB1Cjxk6DpvlmdPINybrXXeBA1 each file have this signature at the start ofthe it IDA & LUA Decryption and Encryption for cocos2dlua. copy the signature and search ida for it but this time in the string if found you should find the key aswell : I use IDA & LUA Decryption and Encryption for cocos2dlua to decrypt the files. after it's done every file will be unencrypted and easy to read : and with that data you can create anything you want / mod / script etc Why not just frida? to use frida you need a pc ( termux users isn't included because you just need a pc to use frida -_-) agents ( frida scripts ) isn't portable you always need your pc to use the script powerd with usb I mean too much pain that's why in my opinion GameGuardian is the best choice you can run the script anywhere anytime + lua much easier than js. not all libs work with libc and not all of them contain usefull resources like the example above. ---- tips : the data should be stored in -server -local machine ( your device ) the game files "apk" ( your device aswell ) look at these 3 places to find the game resource. game logic either in the files or in the lib ( like il2cpp ) android games can't afford Hosted Hypervisor for the logic processing. I can update this topic, comment out what you want to know more about ( exluding server-side hacks ) I won't provide tools all you need is your brain to outsmart devs.

Old account now has an alert when I try to login. New account works well so far after 10+ days of using GGuardian daily. Got to HR76 as of now. You can also modify the Defense stats so you won't need to use potions anymore because monsters will only make 1 damage. Defense is also a Float value and can be searched with as a group search with the attack stat.

It's one box diamond, can get either 100, 50 or under 10 So yeah, not worth anymore Need to find other weakness

This is an amazing discovery! I've been trying to find a way to run Game Guardian on Android 10 without root for ages, and VMOS is the perfect solution. Thanks so much for sharing this tip!

Sorry for late joining to this topic. They fixed this already since 1.9.2 version for the "fixed" roll and randomized it already BUT only for the roll. Everything else still the same, FIXED for heist, community chest, sticker packs, and so on. The differences in cake event / car event the special buddy event, its still fixed but with the multiplier, if you change the multiplier into x1, its fixed for the x1 only if change to x20, it fixed to x20 only. so there no win win situation here. the thing about monopoly go is, actually not everything is server sided but im still not sure how they do it. Like the glitch for getting dice bar fulled via invitation it was base on client side (and check the version of the client on server side before sending request) and so far there is around 10 people using this method on newest version 1.11.0 - 1.11.5 by decompiling sources of 1.10.0 into 1.11 and again i think its just bug from the game that the developer miss out a lot. and i found out that rolling at active connection is different with offline. etc, i manage to always "double" roll the dice when there is connection but when i turn off the internet the always "double" roll wont be activated. may i know who you are?

So if there any chances for the exact same script like in the video it will be helpful to understand lua scripts In example when the person put wrong password then it go again to prompt menu and when the person entered wrong password 3 times then the script will toast a wrong password try again in 10 sec And then it will go again in prompt

I'm not as talented as you mate.

View File PUBG MOBILE 2.8 BYPASS+ SCRIPT ʟɪʙʙᴀsᴇ sᴄʀɪᴘᴛ ғᴏʀ 2.8 sᴜᴘᴘᴏʀᴛ = ᴀʟʟ ᴘᴜʙɢ[32ʙɪᴛ] ғᴇᴀᴛᴜʀᴇs •ʙʏᴘᴀss• •ɪɴsᴛᴀɴᴛ ʜɪᴛ• •ᴀɪᴍʙᴏᴛ• •ʟᴇss ʀᴇᴄᴏɪʟ• •ɴᴏ ʀᴇᴄᴏɪʟ• •ɪᴘᴀᴅ ᴠɪᴇᴡ•[1-10 ᴄᴜsᴛᴏᴍɪᴢᴀʙʟᴇ] •sᴍᴀʟʟ ᴄʀᴏsʜɪᴇʀ• •xʜɪᴛ ᴇғғᴇᴄᴛ• •ʜᴇᴀᴅsʜᴏᴛ• •ʜɪɢʜ ᴅᴀᴍᴀɢᴇ• •ғɪx ᴘɪɴɢ• •ɴᴏ ɢʀᴀss• •ɴᴏ ғᴏɢ• •ʙʟᴀᴄᴋ ʙᴏᴅʏ• •ʙʟᴀᴄᴋ sᴋʏ• •ʟᴏɴɢ ᴊᴜᴍᴘ• •ɴɪɢʜᴛ ᴍᴏᴅᴇ• •ᴋɴᴏᴄᴋ sᴘᴇᴇᴅ ᴏɴ• •ᴋɴᴏᴄᴋ sᴘᴇᴇᴅ ᴏғғ• •ғʟᴀsʜ ᴏɴ• •ғʟᴀsʜ ᴏғғ• •ғᴀsᴛ sʜᴏᴏᴛ• •ɴᴏ ᴛʀᴇᴇ• •ᴄᴀʀ sᴘᴇᴇᴅ• •ᴄᴀʀ ғʟʏ• •ᴄᴀʀ ғʟʏ ᴏғғ• •ᴍᴀɢɪᴄ ʙᴜʟʟᴇᴛ• sᴇɴᴅ ғᴇᴇᴅʙᴀᴄᴋs ᴛᴏ https://t.me/Reo_45 ᴄʜᴀɴɴᴇʟ https://t.me/Reohecks Submitter HACK__KILLER Submitted 09/13/2023 Category PUBG  

View File Survivor Legend Function Description: All functions activate in battle! Multiply Gold. Tornado Skill. Arrows Skill. Comets Skill. Lightning Skill. Axe Skill. Boomerang Skill. Frost Nova Skill. Fire Ball Skill. You can activate features whether you have the appropriate skill or not. The hacked values are saved. Warning! Made for game version 2.0 The script may not work after a game update or may work partially. Submitter Artem_Nikiforov Submitted 09/10/2023 Category LUA scripts  

View File Idle Breaker Function Description: Health (100 000). Power attack (100 000%). Damage to all weapon (10 000). Enemy damage is low. Before activation, it's worth playing a little. Gather some resources, shoot some zombies, run around. Submitter Artem_Nikiforov Submitted 09/01/2023 Category LUA scripts  

Not work. Error: Script end: 1. For address 0x753AD3304C Namespace: SYBO.Subway ClassName: CurrencyCounter Field offset: 0x4C Error script: luaj.n: /storage/emulated/0/GameGuardianUtils/className_and_fieldOffset_searcher(V-3.1).lua:228 ` gg.setRanges(searchRanges[selectedRange_shortname])` bad argument #1: nil: int expected, got nil (field 'setRanges') level = 1, const = 15, proto = 0, upval = 10, vars = 15, code = 92 CALL v2..v3 ; PC 6 CODE 0100409D OP 29 A 2 B 2 C 1 Bx 1025 sBx -130046 stack traceback: /storage/emulated/0/GameGuardianUtils/className_and_fieldOffset_searcher(V-3.1).lua:228 in upvalue 'Dump' /storage/emulated/0/GameGuardianUtils/className_and_fieldOffset_searcher(V-3.1).lua:302 in local 'main' /storage/emulated/0/GameGuardianUtils/className_and_fieldOffset_searcher(V-3.1).lua:315 in main chunk [Java]: in ? at luaj.ap.a(src:265) at luaj.ap.o(src:301) at android.ext.Script$setRanges.d(src:2997) at android.ext.Script$ApiFunction.c(src:1481) at android.ext.Script$ApiFunction$1.run(src:1453) at android.os.Handler.handleCallback(Handler.java:938) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loop(Looper.java:254) at android.app.ActivityThread.main(ActivityThread.java:8243) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:612) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1006)