Search the Community

if gg.isVisible(true) then gg.setVisible(false) end toggle = { menu = false, preloadValues = true, finishPreload = false, skipTimer = true, showChannelAd = true, errorToast = true, --no errors catched toast / useless atm } function main() vPool = gg.getListItems() if toggle.menu == true then SDM() else if toggle.preloadValues == true then toggle.preloadValues = false if toggle.finishPreload == false then if toggle.skipTimer == true then preload() else gg.alert([[ you have 10 seconds to figure out what your current Money and Highscore is. ]]) gg.sleep(10000) preload() end else mainMenu() end else mainMenu() end end end function SDM() menu = gg.choice({ "Debug Menu", "Preload Values", "Skip Timer", "mainMenu()" }, nil, "Secret Debug Menu") if menu == 1 then if toggle.menu == true then toggle.menu = false gg.alert("Debug Menu = false") main() else toggle.menu = true gg.alert("Debug Menu = true") main() end end if menu == 2 then if toggle.preloadValues == true then toggle.preloadValues = false gg.alert("Preload Values = false") main() else toggle.preloadValues = true gg.alert("Preload Values = true") main() end end if menu == 3 then if toggle.skipTimer == true then toggle.skipTimer = false gg.alert("Skip Timer = false") main() else toggle.skipTimer = true gg.alert("Skip Timer = true") main() end end if menu == 4 then mainMenu() end end function mainMenu() menu = gg.prompt({ "Modify Money", "Modify Current Kills", "Modify Highscore", "Modify Multiplier" }, { vPool[1].value, vPool[3].value, vPool[6].value, vPool[7].value },{ "number", "number", "number", "number" }) for v, k in pairs(vPool) do v[1].value = menu[1] v[3].value = menu[2] v[6].value = menu[3] v[7].value = menu[4] v[7].freeze = true v[7].freezeType = gg.FREEZE_NORMAL end gg.setValues(v) end function preload() --1243657 menu = gg.prompt({ "Enter Current money", }, nil, {"number"}) gg.searchNumber(menu[1], gg.TYPE_DWORD) gg.refineAddress("CD4", -1, gg.TYPE_DWORD, gg.SIGN_EQUAL, 0, -1, 0) base = gg.getResults(1) base[1].name = "[1] Money" vPool[1] = base[1] gg.addListItems(base) _G.totalGain = {} totalGain[1] = { address = base[1].address + tonumber(0x4), flags = gg.TYPE_FLOAT, name = "[2] Total Money Gained", } vPool[2] = totalGain gg.addListItems(totalGain) --gg.alert("Preload Done, Preloaded Following Hacks:\n- Money\n- Total Money Gained") gg.clearResults() base = nil gg.searchNumber("1500", gg.TYPE_DWORD) gg.refineAddress("D68", -1, gg.TYPE_DWORD, gg.SIGN_EQUAL, 0, -1, 0) base = gg.getResults(1) base[1].name = "[4] Target Limit" vPool[3] = base[1] gg.addListItems(base) _G.currentKills = {} currentKills[1] = { address = base[1].address - tonumber(0x4), flags = gg.TYPE_DWORD, name = "[3] currentKills", } vPool[4] = currentKills gg.addListItems(currentKills) --gg.alert("Preload Done, Preloaded Following Hacks:\n- Target Limit\n- currentKills") gg.clearResults() base = nil menu = gg.prompt({ "Enter Current Highscore", }, nil, {"number"}) gg.searchNumber(menu[1], gg.TYPE_FLOAT) gg.refineAddress("E5C", -1, gg.TYPE_FLOAT, gg.SIGN_EQUAL, 0, -1, 0) base = gg.getResults(1) base[1].name = "[6] Highscore" vPool[5] = base[1] gg.addListItems(base) _G.currentScore = {} currentScore[1] = { address = base[1].address - tonumber(0x4), flags = gg.TYPE_FLOAT, name = "[5] Current Score", } vPool[6] = currentScore gg.addListItems(currentScore) _G.multiplier = {} multiplier[1] = { address = base[1].address + tonumber(0x4), flags = gg.TYPE_DWORD, name = "[7] Multiplier", } vPool[7] = multiplier gg.addListItems(multiplier) --gg.alert("Preload Done, Preloaded Following Hacks:\n- Highscore\n- Current Score\n- Multiplier") gg.clearResults() base = nil --print(vPool) --breakpoint() finishPreload = true end function breakpoint() gg.alert("Breakpoint") os.exit() end main() while true do while gg.isVisible(true) do gg.setVisible(true) main() end end @ function mainMenu()

Look at function number 2 (selectconditions) and the last function (searchandrefine). When I run this and select some stuff, it says there is an attempt to index a nil value (encrypted) in function searchandrefine. But I clearly define encrypted as encrypted = gg.multiChoice in function selectconditions. Can someone please fix my code? Thanks! function wait_for_action() gg.setVisible(false) while true do gg.sleep(500) if gg.isVisible()then break end end end function selectconditions(encrypted) if encrypted == 1 then encrypted = gg.multiChoice({'Encrypted'},nil,'Is the value encrypted?') end signs = {gg.SIGN_EQUAL,gg.SIGN_NOT_EQUAL,gg.SIGN_GREATER_,gg.SIGN_LESS,gg.SIGN_GREATER_OR_EQUAL,gg.SIGN_LESS_OR_EQUAL} signchoice = gg.multiChoice({'=',' ≠','>','<',' ≥','≤'},nil,'What condition?') i = 0 while not signchoice[i] do i = i + 1 end sign = signs[i] end function selecttype() menu = gg.multiChoice({'Auto','Dword','Float','Double','Word','Byte','Qword','Xor'},nil,'What type to search?') if menu == nil then else if menu[1] then a = 1 type = gg.TYPE_AUTO end if menu[2] then a = 1 type = gg.TYPE_DWORD end if menu[3] then a = 1 type = gg.TYPE_FLOAT end if menu[4] then a = 1 type = gg.TYPE_DOUBLE end if menu[5] then a = 1 type = gg.TYPE_WORD end if menu[6] then a = 1 type = gg.TYPE_BYTE end if menu[7] then a = 1 type = gg.TYPE_QWORD end if menu[8] then a = 1 type = gg.TYPE_XOR end end while a == 0 do a = 0 menu = gg.multiChoice({'Auto','Dword','Float','Double','Word','Byte','Qword','Xor',},nil,'What type to search?') if menu == nil then else if menu[1] then a = 1 type = gg.TYPE_AUTO end if menu[2] then a = 1 type = gg.TYPE_DWORD end if menu[3] then a = 1 type = gg.TYPE_FLOAT end if menu[4] then a = 1 type = gg.TYPE_DOUBLE end if menu[5] then a = 1 type = gg.TYPE_WORD end if menu[6] then a = 1 type = gg.TYPE_BYTE end if menu[7] then a = 1 type = gg.TYPE_QWORD end if menu[8] then a = 1 type = gg.TYPE_XOR end end end end function selectranges() menu = gg.multiChoice({'Jh: Java heap','Ch: C++ heap','Ca: C++ alloc','Cd: C++ .data','Cb: C++ .bss','PS:PPSSPP','A: Anonymous','J: Java','S: Stack','A: Ashmen','V: Video','O: Other','B: Bad','Xa: Code app','Xs: Code system','Reset','All'},nil,"Select memory ranges. If you don’t know what this is, select “All”.") ranges = "" if menu[1] then ranges = ranges .. "gg.REGION_JAVA_HEAP | " end if menu[2] then ranges = ranges .. "gg.REGION_C_HEAP | " end if menu[3] then ranges = ranges .. "gg.REGION_C_ALLOC | " end if menu[4] then ranges = ranges .. "gg.REGION_C_DATA | " end if menu[5] then a = 1 type = gg.TYPE_WORD end if menu[6] then a = 1 type = gg.TYPE_BYTE end if menu[7] then a = 1 type = gg.TYPE_QWORD end if menu[8] then a = 1 type = gg.TYPE_XOR end gg.setRanges(ranges) end end function searchandrefine() gg.clearResults() selecttype() selectconditions(1) value = gg.prompt({[1] = 'What is the value?'}, {[1] = '0'}, {[1] = 'text'}) gg.searchNumber(value[1], type, encrypted[1], sign) while gg.getResultsCount() > 10 do gg.alert('Make the value change, then click the gameguardian icon.') wait_for_action() gg.refineNumber(value[1], type, encrypted[1], sign) value = gg.prompt({[1] = 'What has the value changed to?'}, {[1] = '0'}, {[1] = 'text'}) end continue = gg.multiChoice({'There are' .. gg.getResultsCount() .. 'results left. Would you like to continue refining?'},nil,'') while continue[1] or gg.getResultsCount() < 2 do gg.alert('Make the value change, then click the gameguardian icon.') wait_for_action() gg.refineNumber(value[1], type, encrypted[1], sign) value = gg.prompt({[1] = 'What has the value changed to?'}, {[1] = '0'}, {[1] = 'text'}) continue = gg.multiChoice({'There are' .. gg.getResultsCount() .. 'results left. Would you like to continue refining?'},nil,'') end end searchandrefine()

1 Dodge Dart GT 2 Audi R8 e-tron 3 Tesla Model S 4 Cadillac ATS 5 Cadillac XTS 6 Scion FR-S 7 Mini Cooper S Roadster 8 Alfa Romeo MiTo GTA 9 Audi S4 10 Nissan 370Z 11 Audi RS 3 Sportback 12 Mercedes-Benz SLS AMG Electric Drive 13 Audi TTS Coupe 14 Chevrolet Camaro GS 15 Ford Focus RS 16 Lamborghini Urus 17 Infiniti FX50 18 Lotus Exige S Coupe 19 Audi RS 4 Avant 20 Alfa Romeo 8C Competizione 21 DS Survolt 22 Aston Martin DB9 Coupe 23 Lamborghini Countach 25th Anniversary 24 Maserati GranTurismo Sport 25 Bentley Continental GT V8 26 Aston Martin V12 Zagato 27 Aston Martin V12 Vantage 28 Nissan GT-R (R35) 29 Ferrari 458 Italia 30 Ford Shelby GT500 31 Cadillac CTS-V Coupe Race Car 32 Mercedes-Benz SL 65 AMG Black Series 33 Dodge Viper SRT10 ACR-X 34 Chevrolet Corvette C7 35 McLaren 12C Spider 36 Pagani Zonda R 37 Ferrari F12berlinetta 38 Lamborghini Sesto Elemento 39 Marussia B2 40 RUF RT 12 S 41 Lamborghini Veneno 42 GTA Spano 43 RUF CTR 3 44 Ferrari FXX Evoluzione 45 Bugatti 16.4 Grand Sport Vitesse 46 Mercedes-Benz Silver Lightning 47 Koenigsegg Agera R 48 Ferrari 599XX 49 Lamborghini Gallardo LP 560-4 2013 50 Renault CLIO R.S. 200 EDC 51 BMW M6 52 Ferrari F430 53 Lotus Evora Enduro GT 54 Ferrari LaFerrari 55 W Motors Lykan HyperSport 56 Pagani Huayra 57 McLaren P1 58 SSC Tuatara 59 Ferrari Testarossa 60 SRT 2013 Dodge Challenger SRT8 61 Ford F-150 62 Hennessey Venom GT 63 Chrysler ME412 64 Ferrari FF 65 Ford 2006 GT 66 Mercedes-Benz SLS AMG GT Coupé Final Edition 67 2015 Ford Mustang 68 Jaguar C-X75 69 Mercedes-Benz CLK GTR AMG 70 Mercedes-Benz Biome 71 Peugeot Onyx 72 Jaguar F-Type R 73 Savage Rivale Roadyacht GTS 74 Mazda Furai 75 Nissan GT-R NISMO 76 SSC Ultimate Aero XT 77 Rimac Consept One 78 Savage Rivale GTR 79 Maserati MC12 80 Volkswagen W12 81 Koenigsegg One:1 82 9FF GT9 VMAX 83 Tramontana XTR 84 Felino cB7 85 Spada Codatronca 86 Arrinera Hussarya 87 Lucra L148 88 Acura NSX 2005 89 Renault DeZir 90 Ferrari F40 91 Ferrari Enzo Ferrari 92 Ferrari 612 Scaglietti 93 Ferrari F50 94 Ferrari 308 GTS 95 Ferrari 330 P4 96 Volkswagen Golf Design Vision GTI 97 BMW M3 Sedan 98 Audi R8 LMS Ultra 99 BMW M1 100 HTT Plethore LC 750 101 Lamborghini Aventador LP 700-4 102 Geely GC9 103 ONUK Sazan LM 104 Mitsubishi Lancer Evolution X 105 Chevrolet SS 106 AC 378 GT Z 107 Kepler Motion 108 McLaren 675LT 109 Bentley EXP10 Speed 6 110 McLaren P1 GTR 111 Camaro Z/28 112 Datsun 280Z 113 Shelby Cobra 427 114 SUBARU IMPREZA WRX STI 115 McLaren 570S 116 Lamborghini Huracan 117 Cadillac 16 Consept 118 McLaren F1 XP-5 119 DS 3 Racing 120 Honda S2000 121 Range Rover Evoque Coupe HSE Dynamic 122 Mercedes-Benz SLK 55 AMG 123 Toyota Supra RZ (Mark IV) 124 Nissan Skyline GT-R (R34) 125 Peugeot SR1 126 Lamgorghini Asterion 127 Mazzanti Evantra 128 Mosler GT3 129 Lamborghini Egoista 130 Renault Sport R.S. 01 131 TRION NEMESIS 132 ED Design Torq 133 Alfa Romeo 4C 134 Lamborghini Estoque 135 Rinspeed zaZen 136 Sbarro Alcador 137 Holden Coupe 60 138 Volkswagen Beetle Turbo 139 Lamborghini Miura 140 Cheverolet 2016 Camaro SS 141 Ferrari 458 Italia 142 Mosler Super GT 143 Mazda RX8 144 BMW 3.0 CSL Hommage 145 Honda Integra Type-R 146 Devel Sixteen Prototype 147 Mazda 6 148 Mitsubishi Eclipse 149 nanoFlowcell QUANT FE 150 Fenyr SuperSport 151 nanoFlowcell QUANTINO 152 Weber Faster One 153 Mercedes-AMG GT3 154 Nissan Juke Nismo 155 Jaguar XJ220S TWR Motorsport 156 Mercedes-AMG C 63 Couple 157 Jaguar F-TYPE Project 7 158 Aston Martin One-77 159 Donkervoort D8 GTO 160 Caddilac ATS-V Coupe 161 BXR Blade 162 MB GLC Coupe 163 2015 GTA Spano 164 Falcon F7 165 TVR Sagaris 166 Citroen GT 167 Icona Vulcano 168 Chevrolet Corvette C3 169 AlfaRomeo Quadrifoglio (Giulietta 2016 Veloce) 170 Mercedes CLA Racing 34 (CLA 45 AMG Racing Series) 171 McLaren M14A 172 McLaren Mercedes MP4-25 173 Arash AF10 174 Aston Martin Vulcan 175 Chevrolet Impala 176 2010 Bentley Continental Supersports 177 Mosler Land Shark 178 BMW M2 179 McLaren MP4/8 180 Renault Alpine Celebration 181 Lamborghini Aventador SV 182 Buick Avista Concept 183 Mercedes-Benz SLK 55 AMG Special Edition 184 McLaren MP4-31 185 Sbarro Sparta 186 Chevrolet Corvette Grand Sport 187 SIN R1 188 Ferrari GTC4Lusso 189 Lotus Evora Sport 410 190 Porshe Cayman GT4 191 Porshe 718 Boxster S 192 Porshe 959 193 Porshe 911 GT3 RS 194 Porshe 918 Spyder with Weissach Package 195 Suzuki Hayabusa 196 Suzuki GSX-R750 197 Peugeot RCZ R 198 KTM 1290 Super Duke R 199 Ducati SuperSport S 200 Ducati Monster 1200 S 201 Mercedes-Benz SLR McLaren 722 Edition 202 Kawasaki Z800 203 Aprilla Tuono V4 1100 RR my2017 204 Honda Civic Type-R 205 Renault Trezor 206 McLaren 650S GT3 207 Arrinera Hussarya GT 208 Villian Wheels 209 BMW S1000 RR 211 Bone Shaker 212 Rip Rod 213 Twin Mill 214 Pagani Huayra BC 210 BMV M2 Special Edition - C 215 Yamaha FZ-10 - C 216 Audi R8 e-tron Special Edition - A 217 Yamaha YZF-R6 - C 218 Ariel Atom V8 - D 219 Buick Riviera - C 220 Vanda Electrics Dendrobium - S 221 Zenvo ST1 222 Apollo Intensa Emozione 223 Apollo N 224 Vencer Sarthe 225 Kawasaki Ninja H2R 226 Ducati XDiavel S 227 Zenvo TS1 GT Anniversary Edition 228 Rimac Concept S 229 Sbarro GT1 230 Rezvani Beast Ailpha 231 Mazda RX8 Special Edition 232 2018 MacLaren X2 233 Mclaren 720S _______________________________________________ added 1 minute later wait 24hour wait 24 hour

Update cars codes: I haven't found Renault Trezor Code (code 206 not avaliable) Asphalt 8's Code Cars updated 1 Dodge Dart GT 2 Audi R8 e-tron 3 Tesla Model S 4 Cadillac ATS 5 Cadillac XTS 6 Scion FR-S 7 Mini Cooper S Roadster 8 Alfa Romeo MiTo GTA 9 Audi S4 10 Nissan 370Z 11 Audi RS 3 Sportback 12 Mercedes-Benz SLS AMG Electric Drive 13 Audi TTS Coupe 14 Chevrolet Camaro GS 15 Ford Focus RS 16 Lamborghini Urus 17 Infiniti FX50 18 Lotus Exige S Coupe 19 Audi RS 4 Avant 20 Alfa Romeo 8C Competizione 21 DS Survolt 22 Aston Martin DB9 Coupe 23 Lamborghini Countach 25th Anniversary 24 Maserati GranTurismo Sport 25 Bentley Continental GT V8 26 Aston Martin V12 Zagato 27 Aston Martin V12 Vantage 28 Nissan GT-R (R35) 29 Ferrari 458 Italia 30 Ford Shelby GT500 31 Cadillac CTS-V Coupe Race Car 32 Mercedes-Benz SL 65 AMG Black Series 33 Dodge Viper SRT10 ACR-X 34 Chevrolet Corvette C7 35 McLaren 12C Spider 36 Pagani Zonda R 37 Ferrari F12berlinetta 38 Lamborghini Sesto Elemento 39 Marussia B2 40 RUF RT 12 S 41 Lamborghini Veneno 42 GTA Spano 43 RUF CTR 3 44 Ferrari FXX Evoluzione 45 Bugatti 16.4 Grand Sport Vitesse 46 Mercedes-Benz Silver Lightning 47 Koenigsegg Agera R 48 Ferrari 599XX 49 Lamborghini Gallardo LP 560-4 2013 50 Renault CLIO R.S. 200 EDC 51 BMW M6 52 Ferrari F430 53 Lotus Evora Enduro GT 54 Ferrari LaFerrari 55 W Motors Lykan HyperSport 56 Pagani Huayra 57 McLaren P1 58 SSC Tuatara 59 Ferrari Testarossa 60 SRT 2013 Dodge Challenger SRT8 61 Ford F-150 62 Hennessey Venom GT 63 Chrysler ME412 64 Ferrari FF 65 Ford 2006 GT 66 Mercedes-Benz SLS AMG GT Coupe Final Edition 67 2015 Ford Mustang 68 Jaguar C-X75 69 Mercedes-Benz CLK GTR AMG 70 Mercedes-Benz Biome 71 Peugeot Onyx 72 Jaguar F-Type R 73 Savage Rivale Roadyacht GTS 74 Mazda Furai 75 Nissan GT-R NISMO 76 SSC Ultimate Aero XT 77 Rimac Consept One 78 Savage Rivale GTR 79 Maserati MC12 80 Volkswagen W12 81 Koenigsegg One:1 82 9FF GT9 VMAX 83 Tramontana XTR 84 Felino cB7 85 Spada Codatronca 86 Arrinera Hussarya 87 Lucra L148 88 Acura NSX 2005 89 Renault DeZir 90 Ferrari F40 91 Ferrari Enzo Ferrari 92 Ferrari 612 Scaglietti 93 Ferrari F50 94 Ferrari 308 GTS 95 Ferrari 330 P4 96 Volkswagen Golf Design Vision GTI 97 BMW M3 Sedan 98 Audi R8 LMS Ultra 99 BMW M1 100 HTT Plethore LC 750 101 Lamborghini Aventador LP 700-4 102 Geely GC9 103 ONUK Sazan LM 104 Mitsubishi Lancer Evolution X 105 Chevrolet SS 106 AC 378 GT Z 107 Kepler Motion 108 McLaren 675LT 109 Bentley EXP10 Speed 6 110 McLaren P1 GTR 111 Camaro Z/28 112 Datsun 280Z 113 Shelby Cobra 427 114 SUBARU IMPREZA WRX STI 115 McLaren 570S 116 Lamborghini Huracan 117 Cadillac 16 Consept 118 McLaren F1 XP-5 119 DS 3 Racing 120 Honda S2000 121 Range Rover Evoque Coupe HSE Dynamic 122 Mercedes-Benz SLK 55 AMG 123 Toyota Supra RZ (Mark IV) 124 Nissan Skyline GT-R (R34) 125 Peugeot SR1 126 Lamgorghini Asterion 127 Mazzanti Evantra 128 Mosler GT3 129 Lamborghini Egoista 130 Renault Sport R.S. 01 131 TRION NEMESIS 132 ED Design Torq 133 Alfa Romeo 4C 134 Lamborghini Estoque 135 Rinspeed zaZen 136 Sbarro Alcador 137 Holden Coupe 60 138 Volkswagen Beetle Turbo...............................................usado para cheat 139 Lamborghini Miura 140 Cheverolet 2016 Camaro SS 141 Ferrari 458 Italia 142 Mosler Super GT 143 Mazda RX8 144 BMW 3.0 CSL Hommage 145 Honda Integra Type-R 146 Devel Sixteen Prototype 147 Mazda 6 148 Mitsubishi Eclipse 149 nanoFlowcell QUANT FE 150 Fenyr SuperSport 151 nanoFlowcell QUANTINO 152 Weber Faster One 153 Mercedes-AMG GT3 154 Nissan Juke Nismo 155 Jaguar XJ220S TWR Motorsport 156 Mercedes-AMG C 63 Couple 157 Jaguar F-TYPE Project 7 158 Aston Martin One-77 159 Donkervoort D8 GTO 160 Caddilac ATS-V Coupe 161 BXR Blade 162 Mercedes-Benz GLC Coupe 163? (2015 GTA Spano )? 164 Falcon F7 165 TVR Sagaris 166 Citroen GT 167 Icona Vulcano 168 Chevrolet Corvette C3 169 AlfaRomeo Giulietta 2016 Veloce 170 Mercedes Benz CLA 45 AMG Racing Series 171 McLaren M14A 172 McLaren Mercedes MP4-25 173 Arash AF10 174 Aston Martin Vulcan 175 Chevrolet Impala 176 2010 Bentley Continental Supersports 177 Mosler Land Shark 178 BMW M2 179 McLaren MP4/8 180 Renault Alpine celebration 181 Lamborghini Aventador SV 182 Buick Avista Concept 183 Mercedes-Benz SLK 55 AMG Special Edition 184 McLaren MP4-31 185 Sbarro Sparta 186 Chevrolet Corvette Grand Sport 187 SIN R1 188 Ferrari GTC4Lusso? 189 Lotus Evora Sport 410 190 Porsche Cayman GT4 191 Porsche 718 Boxster S 192 Porsche 959 193 Porsche 911 GT3 RS? 194 Porsche 918 spider 195 bike huybusa 196 bike suzuki gsx-r750 197 peugeot rcz r 198 ducati super duke 199 ducati Super Sport S 200 ducati monster 1200 201 Mercedes-Benz SLR Mclaren 722 Edition? 202 Kawasaki Z800 203 Aprilia Tuono V4 1100 RR my 2017 204 Honda Civic Type-R 205 McLaren 650S GT3 206 ?? (Possibly Renault Trezor) 207 Arrinera Hussarya GT 208 Villain Wheels - Carro do filme "Meu Malvado Favorito" 209 BMW S1000 RR 210 BMW M2 Special Edition 211 Hot Wheels - Bone Shaker 212 Hot Wheels - Rip Rod 213 Hot Wheels - Twin Mill 214 Pagani Huayra BC 215 Yamaha FZ-10 216 Audi R8 e-tron Special Edition 217 Yamaha YZF R6 218 Ariel Atom V8 219 Buick Riviera 220 Vanda Eletrics Dendrobium

[ @_insidious ] --- For the last couple of days, I found Universal pattern to find most ID on Google Play. - Most UUID starts with "$" sign - Hash starts with "AB-" - Token starts with "CAMS" - Long unique string often carries ":" on the front - Cached memory usually starts with six "00", then the content comes after it. --- I've utilize most of that and come up with multiple pattern, save it as "tablet.lua" : patterns = { [1]= { [1]= { ["pattern"] = "h 24", ["init"] = 1, ["ended"] = 37 }, ["message"] = "Universal ID", ["regex"] = "^[a-zA-Z0-9-]*$", ["must"] = "", ["flags"] = true }, [2]= { [1]= { ["pattern"] = "h 41 42 2D", ["init"] = 0, ["ended"] = 204 }, ["message"] = "Universal Hash", ["regex"] = "^[a-zA-Z0-9-_]*$", ["must"] = "", ["flags"] = true }, [3]= { [1]= { ["pattern"] = "h 43 41 4D 53", ["init"] = 0, ["ended"] = 208 }, ["message"] = "Universal Header", ["regex"] = "^(.*=)", ["must"] = "^[a-zA-Z0-9-_=]*$", ["flags"] = true }, [4]= { [1]= { ["pattern"] = "h 63 6F 6D 2E 67 6F 6F 67 6C 65 2E 61 6E 64 72 6F 69 64 2E 67 6D 73", ["init"] = 29, ["ended"] = 65 }, [2]= { ["pattern"] = "h 67 6D 73", ["init"] = 10, ["ended"] = 46 }, ["message"] = "GMS UUID", ["regex"] = "^[a-zA-Z0-9-]*$", ["must"] = "-", ["flags"] = true }, [5]= { [1]= { ["pattern"] = "h 70 68 65 6E 6F 74 79 70 65 5F 73 65 72 76 65 72 5F 74 6F 6B 65 6E", ["init"] = 38, ["ended"] = 246 }, ["message"] = "Phenotype Server Token", ["regex"] = "^(.*=)", ["must"] = "^[a-zA-Z0-9-_=]*$", ["flags"] = false } } --- Now you can call the pattern from "tablet.lua" (save it on the same Directory!) into our main script: app = gg.getTargetInfo().packageName dofile("./tablet.lua") options = {} results = {} function is_unique(datas, parent, flags) unique = false gg.clearResults() gg.searchNumber(datas["pattern"], gg.TYPE_BYTE, false, gg.SIGN_EQUAL, 0, -1, 0) result_count = gg.getResultsCount() if result_count > 0 then bases = gg.getResults(result_count) for _ = 1, result_count do raw_init = const(bases[_].address, datas["init"]) raw_end = const(bases[_].address, datas["ended"]) deciph = hexdecode(raw_end:gsub(raw_init, "")) regex = deciph:match(parent["regex"]) must = false if regex ~= nil then if regex:match(parent["must"]) then must = true end end if regex ~= nil and must ~= false then unique = regex table.insert(results[parent["message"]], regex) if flags == true then break end end end end return unique end function const(addr, buffer) construct = "" current = {} for _ = 1, buffer do current[_] = {address = (addr - 1) + _, flags = gg.TYPE_BYTE} end for k, v in ipairs(gg.getValues(current)) do construct = construct .. string.format("%02X", v.value & 0xFF) end return construct end function hexdecode(hex) return (hex:gsub("%x%x", function(digits) return string.char(tonumber(digits, 16)) end)) end function looper(datas, flags) pattern = false results[datas["message"]] = {} for key, value in ipairs(datas) do if type(key) == "number" then for ___ = 1, 2 do pattern = is_unique(value, datas, flags) if pattern ~= false then break end end end if pattern ~= false then break end end end function printer() flags = false for k in pairs(results) do if flags == true then break end for v in pairs(results[k]) do print(results) choice = gg.alert(k .. ': ' .. results[k][v], 'OK', 'Exit') if choice == 2 then flags = true break end end end end for k, v in ipairs(patterns) do table.insert(options, v["message"]) end while true do choice = gg.choice({"Exit", "Search", "Printer"}, nil, "Selections:") if choice == 2 then choice = gg.choice(options, nil, "Patterns:") looper(patterns[choice], patterns[choice]['flags']) elseif choice == 3 then printer() else os.exit() end end --- Using Universal pattern can take a while (even long time), but it can captures all possible unique ID.

Introduction Starting as a legit player, I have been playing Brave Frontier for around 2 months. After that I got bored of the game and decided what exploits could be done to this game to get more fun out of it. Initially, I leeched off damage hacks and stats of my units. This made the game fun but there was never a mod that gave me exactly what I wanted, thus, I started to learn how to mod the game myself through tutorials. Learning ARM from scratch has been quite a challenge for me even with some programming knowledge. As I have seen motivated people wanting to learn how to mod as well as the lack of tutorials of how to get started, I decided to write this guide to help people out as well as get help from people that will eventually surpass me. While I started from scratch, I have been trying to tinker around with IDA Pro and might use some rather advanced terms, please notify me if you do not understand anything so I can make the tutorial easier to understand. Update: I can be found at trybeat.us, come join the community! More guides will be written there too! TL;DR Started Legit Got bored Leeched hacks Hacks not what I want Learnt to make own mod Now want to teach others how to mod Required Tools · IDA Pro 6.1 · HxD · WinRaR for extracting the apk file · ARM to ASM Converter Optional Tools Here are some extra files that are good for your reading reference/ modding reference · Original 1.1.6 Brave Frontier Global libgame.so · Book on ARM · Android Multi-tool (For non-rooted devices) Steps Now, let us get started to finally make your own mod for brave frontier with all the hacks that you yourself can customize! Step 1 (Preparation) 1. Install IDA Pro as well as HxD, how this works is you will look for the parts to edit in IDA Pro and edit the file using HxD. This will be explained later on 2. Download the latest Brave Frontier apk file 3. Open the apk with WinRar and go to lib>armeabi>libgame.so 4. This is the file which we will be going to mod, so extract it somewhere where you will be able to access it later on. We will need 2 copies, 1 file for viewing with IDA Pro and another for the main modding with HxD. Try to take note which one is which to prevent confusion. Step 2 (Opening the file to mod) 1. Right-click your libgame.so and open with “The Interactive Disassembler” A.K.A IDA Pro. 2. You will come across a “Load a new file” window, this is for IDA Pro to set up the program for you to do your viewing and editing. 3. Ensure “ELF for ARM (Shared object) [elf.Idw]” option is highlighted as well as the “Load resources” checkbox at the Options pane. 4. Click OK and wait for IDA Pro to load! This will take quite some time as the file is generally quite big 5. If you see this “ARM AND THUMB MODE SWITCH INSTRUCTIONS” window pop up, click okay and let IDA Pro continue its loading. 6. You can track the progress at the top where there is a coloured bar and arrows pointing to where in the file is being accessed, it is quite obvious when it is done, here is a screenshot of when the loading is completed. Step 3 (Getting Information for modding) 1. Finally! You have managed to load everything! Now is the time to start getting information to do the modding! But how to start? Everything looks so… alien D: 2. Don’t worry, let me start you off with some simple mods such as stats which can be found using simple keywords and experimenting: · Monster Stats -> MonsterUnit::getMaxHP() (set R0 <- you will know what this is for later) 3. You can search by clicking on the “Search” Tab up at the toolbar of IDA Pro or use ALT+T to search for the terms. To go to the next searched term, use CTR+T to go to the next term 4. Let’s set the monster’s HP to 1 in this tutorial as an example of how to mod. Search for the keyword “getMaxHp”, keep going through the search until you find “MonsterUnit::getMaxHP(void)”. This will be the method you will want to modify to edit the HP of the monsters (Look at the highlighted part). 5. Well, if you can “kind of” read the English, you can see there is some blue text that says “blabla…getBaseMaxHp…blabla”. Logically thinking and with some common sense, this should be some “magic” (Let’s call this a function) done to get the HP of the monster… right? 6. To put away some technicalities, this function stores the retrieved HP of the monster in this storage “R0. These registers stores a number up to 255 in value. This is known through reading further into the function and reading the codes. You can view these stuff by clicking on the function and scrolling down to see the whole thing although not really advisable due to its complexity. 7. Now, we know that this function gets the monster HP and stores it into the register R0, what if we forced R0 to always be 1…? That would be awesome right? 1HP Monsters all the way! But what do we need to know in order to edit? The codes look too hard to edit right? Here are some commonly used codes for ARM that is used for modding: · MOV <Target>, #<Value up to 255> (Setting the register R0 to 0 would be MOV R0, #0) · ADD/SUB/MUL/DIV <Target>, <First>, <Second> (For bigger numbers, e.g. MUL R0, #30, #30 makes R0 store the value of 900) · ADD/SUB/MUL/DIV <Target as First>, Second (Similar MUL R0, #30 will multiply the value in R0 by 30 and store it back into R0) 8. Now we want to set R0 to 1 in order to make the monsters HP 1, there are 3 things you need to know and confirm: · The address of where you are editing, which is on the left (In this case its: 00348A22) · What is your intended modifications (we want to set R0 to 1, so the instruction will be “MOV R0, #1”) and its direct translation modify the program (I will explain this later) · Is the modification the same length as the original? (Not in this case, I will show you some stupid remedies that can be done, Step 10. If it is the same length, you can directly replace. If it is shorter than the original, it is best to place it at the bottom of the whole function so that other codes will not affect your modded codes) 9. For step number 3 in part 9, you can check if the length is same in the Hex View-A tab just below the blue-ish bar at the top. This is what you see when you click on the function. To compare the length, usually the mod codes used is 4 alphanumberic characters, in this case it is twice the length of what we need, what I usually do is just repeat the command twice. This can be done as we are setting the R0 to 1. You can also use codes which does nothing, these can be done through NOP(No Operation), or you can put 00 00 to make it not do anything. Examples of alternatives that can be done: [ 01 20 ] MOVS R0, #1 [ C0 46 ] NOP or [ 01 20 ] MOVS R0, #1 [ 00 00 ] 10. Now we have 2 need-to-knows done, the last part is the translation which can be easily done using the program I have provided above. Use the ARM to ASM Converter program to convert the code to the 4 alphanumeric characters which can be used to replace the code later on. Here is the screenshot, hopefully it is self-explanatory: 11. We will use the 2-Byte translation. If you want to have a preview, you can edit the code in the Hex View-A by right clicking and pressing “Edit…” or F2, then typing in “0120” twice. This is what you should see after doing that In Hex View In IDA View 12. Note that if you want to set R0 to above 255, you will have to multiply them. Here is an example: MOV R0, #30 <- Making R0 set to 30 MUL R0, R0 <- Multiplying R0 by itself to total up to 900 and storing it into R0 (From command above) 13. Now we have confirmed that everything looks okay, we will finally do the real modding. A few more steps before our mod is done! Step 4 (Modding the real deal) 1. Now we have the 3 need-to-knows, you want to open the other libgame.so (Yes, the one you did not touch at all) with HxD. Here is what you should see 2. Yes, it looks confusing, you don’t need to know what is all these. It is actually the 4 character equivalent to what we saw in IDA PRO, however, we are able to edit the values directly in this program. So we need our address, the first need-to-know! Aha, 00348A22! 3. You can go to the address by pressing CTR+G or through the Search tab, search the address and it should bring you right onto it! 4. Now you are at that area, try not to use your arrow keys to navigate around as you don’t want to accidentally touch other parts of the code! The 2nd need-to-know, which is the length and intended modification will be needed to replace the original code (01 20 01 20). So go ahead and type it in. 5. Save and you have successfully modded your libgame.so, all that’s left is to copy in and ensure your brave frontier works with your mod! Congratulations for making it this far! Step 5 (Loading the Mod) 1. Hurrah! We have finally modded the libgame.so file! Now how do we loading it in? 5a (Rooted devices) 1. For rooted devices its easy, copy the libgame.so into your phone and move it to /data/data/sg.gumi.bravefrontier/lib/ directory 2. You might want to rename the original libgame.so in case there you screwed up the mod or want to revert back to the original. I have provided the original libgame.so for the version 1.1.6 in case you deleted the file. 5b (Non-Rooted Devices) 1. You are going to need to sign the apk before installing it back. 1. Once you are done with the libgame.so, move it back to the same place in the apk using WinRAR. 2. Extract the AndroidMulitiool folder into your C:Disk 3. Copy the .apk with the modified libgame.so into the files section of the AndroidMultitool (not needed but recommended) 4. Make sure the .apk doesn't have any spaces in the name of it. (Eg: BraveFrontierMod.apk) 5. Go back to the AndroidMultitool folder and run the AndroidMultitool.exe. 6. Go to Signing and click on the ellipses [...] and go to the location of your .apk with the modified libgame.so (C:\AndroidMultitool\Files ; if you moved it to the files section as recommended.) 7. Click sign. 8. Go to your C:\AndroidMultitools\Signed_apk and you should see name_signed.apk (Eg: BraveFrontierMod_signed.apk) 9. Rename it to whatever you like. 10. Move it to your device, install, and play. Conclusion While the guide is lengthy with lots of words, I have tried putting pictures to make it easier to understand for beginners. After all, I was once a beginner and learnt modding through tutorials and videos. I hope experienced modders can help make my guide easier to understand as well as help me out with more advanced stuff. (PM me!) For those that has managed to complete their very own first mod, here is a challenge for you. Can you find the function that will modify your stats (most of you guys like 2katk/4kdef mods)? J *Hint* You will need to use multipliers stated above to make your stats more than 255, thus needing at least 2 lines of instructions. This is my first contribution, I hope it isn’t as bad as I think it currently is :x I hope some of you learnt something from this guide! Thanks and Happy Modding! Credits I would like to thank Optimum for the steps to load the mod into your non-rooted devices and AnonThanatos for alternatives of filling up spaces with nothing instead of repeated codes to make it less confusing.

Name of Game: Summoner's War Sky Arena Game Version: 1.2.7 Name of Cheat: Maxed Skills and 6* from any 5* monster As of 1.2.9 this method may no longer work Steps: Open both Summoner's War, and GameGuardian. Open the Power-up Circle Place your Maxed 5* monster into the #1 position Place any monster (preferably a monster at the top of the list) into the first slot and search GG for the monster slot (Slots start at 0 and increment left to right top to bottom). Remove the first slot monster and place another one there (preferably a monster at the top of the list) and search GG for the new monster slot. Repeat Step 5 until two addresses remain (we want the first one 77xxxxxx80). Place any monsters into slots 2-5 Save this address to GG (I label it M1), switch to Memory View Tab (4th Tab in GG), search this memory address Scroll memory 70 hex values down (this is approximately 28 lines) until you see 2/3 consecutive lines 00000001, 000000??, 77XXXXXX (this value may change, but you cant miss it, M5 doesnt have this value anymore) Save the ?? line as the next monster slot (M2) Repeat Steps 9-10 until you label all slots (M1-M5) Go to the Saved Addresses Tab (3rd Tab in GG) and set all values M1-M5 to zero Save the addresses (save button top right hand corner of this tab) Look and see that your power-up circle has all of the same monsters Press Evolve Repeat for all 5* monsters, I recommend doing them in order they are in the first slot since memory already has the value 0 saved so you just have to click on the saved address and save 0 over it. Log out, log back in (load your saved memory values so you don't have to re-search them), repeat until your monster is lvl 40 with maxed skills Please be aware that this deletes your monster from the servers, however, you still get to keep your newly maxed out 6*. IF YOU DO THIS TO ANY MONSTER THAT IS NOT 5* AND MAXED, YOU WILL NEVER BE ABLE TO GET IT TO EVOLVE AGAIN Because your monsters are deleted from the servers you should not do this to anything less than a maxed out 5 star UNLESS YOUR INTENT IS TO DESTROY IT OR USE IT FOR LEVEL UPS. Please be aware that this means all of your currently equipped Runes are also deleted from the server, you still keep them but they cannot be removed. They can be replaced. You can awaken a monster after using this trick, so no worries about evolving an unawakened 5*. This trick applies to Rainbow Angelmon, so you can (once) make 1 4* anglemon take up 4 slots to evolve your 4*s into 5*s. This uses up the angelmon but it only uses 1 angelmon so is worth it. (same goes for Devilmon too, aka 1 devilmon will give 5 skillups if cloned to all 5 slots) Please be aware that this costs 100,000s of Mana, I went through ~400k and only leveled 3 5*s to 6*s of lvl 40, 38, and 37. This may get you banned, use at your own risk. Theoretically, the best way to exploit this and not get banned is to just use this a a monster duplication, so that you can use any monster in all 5 slots and when the server destroys it it is gone forever. I'll let you know if i get banned for this. For the best monster duplication experience, when you are saving the monster slots, also save the memory address above the slot which holds the value 1. Then you can freeze the 1 and the slot number (I pick the highest 1 star monster in my list). Then, all you have to do is press the mob to evolve and press evolve. Tutorial Video is here Please enjoy.

Hello I am new to this forum, but I would like to share my discoveries. I found the addresses to some of the values in the Stats page: Critical Chance - 7xxxxx94 (float - this is saved as a simple decimal, if you have 5% critical chance, just search for 0.05, changing this to 1 will gives you 100% critical chance) Min Critical Multiplier - 7xxxxx9C (encoded float) Max Critical Multiplier - 7xxxxxA4 (encoded float) These values are grouped together with the same offsets, so if you find one of the above addresses, you know the rest are just nearby. All Damage - 7xxxxx1C Hero Damage - 7xxxxx24 Melee Damage - 7xxxxx2C Ranged Damage - 7xxxxx34 Magic Damage - 7xxxxx3C Chesterson Gold Amount - 7xxxxx84 Chesterson Chance - 7xxxxx8C Gold Multiplier - 7xxxxxCC Titan HP - 7xxxx(x+1)7C Tap Damage Multiplier - 7xxxx(x+2)04 These values are all encoded float, I reversed engineered the encoding method, the formula below: To encode a value, take the following steps: 1. V1 = Floor(Log2(<value> / 2)) + 1 2. V2 = Floor(<V1> / 8) + 1 3. encoded = 2<V2> * ( 1 + ( MOD(<V1> - 1, 8) + <value> / 2<V1> - 1 ) / 8 ) To decode a memory value, take the following steps: 1. V1 = Floor(Log2(<value>)) 2. V2 = (<V1> - 1) * 8 + Floor((<value> - 2<V1>) / (2<V1> / 8)) + 1 3. decoded = 2<V2> * (1 + Mod( (<value> - 2<V1>) / (2<V1>/8), 1 ) ) The excel formula I use to enocde: =2^(FLOOR((FLOOR(LOG(<VALUE>/2,2),1)+1)/8)+1)*(1+(MOD(FLOOR(LOG(<VALUE>/2,2),1),8)+<VALUE>/(2^(FLOOR(LOG(<VALUE>/2,2),1)+1))-1)/8) this above formula has a mistake, the one below gives me the correct encoded values: =2^(FLOOR((FLOOR(LOG(<VALUE>/2,2),1))/8,1)+1)*(1+(MOD((FLOOR(LOG(<VALUE>/2,2),1)),8)+<VALUE>/(2^(FLOOR(LOG(<VALUE>/2,2),1)+1))-1)/8) just replace <VALUE> with the correct cell Sample values: Value -> Encoded 1 -> 1.875 1.1 -> 1.8875 (I just realized the float is not exact value, so it is actually stored as 1.88749992847) 0.5 -> 1.75 0.1 -> 1.45 2 -> 2 10 -> 2.5625 100 -> 3.390625 512 -> 4 So what I do is get some equipment or pets, say you have normally 1x All Damage Bonus, and have a Pet that give 1.1x All Damage Bonus, I would equip another Pet, then search for 1.875 (for 1x All Damage Bonus), then equip the 1.1x All Damage Pet, and the search for 1.8875 (for 1.1x All Damage Bonus), it should gives you a single address, that will be the address for All Damage Bonus, you can change its value to 1449.41, that will give you 1e23x bonus (it will show 1e25% in the Stats Page). Even if you change your equipment or pets, or prestige, it will only modify this value and not reset it, only if you quit the game and restart, it will then resets the value. I have tried multiple times and never got the teapot, given you prestige at reasonable stages (i.e. reaching stage 3500 within 5 prestiges is unreasonable, take your time to gain some equipments/pets/skill points/prestiges before pushing up stages). This will work for any of the values listed above. You could in theory change the Titan HP to 0.1x (1.45), and Gold Multiplier to 10x (2.5625), so you still get the same amount of Gold as before but Titans becomes much easier to kill. Hope someone find this helpful.

Here's how to dupe To dupe enemies: In your team you need to have a hero that's going to be replaced with the dupe (your shell hero) Hold-click the enemy to display it's area of danger. Do a search for a byte value of 237 (it may display as -19). Hold-click the enemy again to deselect it. Refine your search for a byte value of 229 (it may display as -27). Repeat until there's only one address left. Hold-click that address and choose Go to Address. Mark that address because we will need to find it later. Open a Hexadecimal calculator. Paste that address into the calculator and subtract -118 from it (still in Hex mode). In GG click the little arrow on the top-right (Go To Address) and paste the result from the calculator to search for it. Mark that value and keep marking every single value below it until you reach that old value that you have previously marked like I told you above. Save (floppy disc at the top) all those values (as Dword) EXCEPT the one you started with (the bottom-most one, the initial one) Go back to the game and select the Hero you're using as a shell for the dupe. At the top-left of the screen, click the (+) icon on the Hero's portrait to bring up the Hero's page. Find the Heart value of that Hero (as I have described in a previous tutorial) but you'll notice that you can't get down to a single address this time; you'll always have 2. So what to do? After you've refined your search to two, write down what those Heart values are. Go back to the game and move your hero so that it ends it's turn and gets greyed out. Now you'll notice that one of those 2 Heart values has changed. The one that's changed is the one we'll use. Repeat steps 5 through 10. Important: Go back into the game and make sure you're in the Stats screen of the hero you're using as shell. You will crash if you're not and you'll crash later if you're in another Hero's Stats screen. Now comes the fun part: You'll have to copy ALL of the values (as Dword) that I told you to save above to these addresses that you just marked from top to bottom (to copy an address you have to click to edit and then copy that value and to past it's the same thing: click to edit and then paste). Yes, every single one (except the bottom-most one of the new addresses because you didn't save the bottom-most one from before, remember?). A macro is highly recommended if you plan on doing this more than once. After messing something up multiple times and having to redo it, testing the limits of your sanity you finish copying all the Dword values, if your shell Hero has turned red that's a good sign. Now finish the battle and FOR GOD'S SAKE SYNC YOUR DAMN HERO BEFORE YOU DO ANYTHING ELSE. (you can sync by either leveling it up or changing your equipped Skills) Restart the game and pray to your favorite deity that everything worked perfectly and you won't ever have to copy a single memory value in GG again. I've noticed that memory addresses change after a while when you're in a battle so do not take your sweet time doing this as if you do the address values will change and you'll have to start from 0. Needless to say you can dupe any unit in the game like this, even arena enemies. (If anybody knows of a faster way to copy the addresses this community would greatly appreciate if you could share it) Edit: Do this at your own risk, I'm not responsible if you copied all the addresses 100 times and it still doesn't work. Edit 2: HEADS UP! I have just confirmed that there is an IV difference between units on Normal and Lunatic. So when you go dupe a unit, do it on Lunatic as it will have better stats. Edit 3: If you're crashing while copying the values try first going into the Detailed Hero Stats screen and only exiting after you're done editing. Edit: added this step to the tutorial. Edit 4: Don't dupe Veronica. You'll lose her/your hero after a restart. Learned that the hard way. Edit 5: I discovered it's possible to dupe without needing to have your shell unit in the team at the battle. Instead of finding out the enemy addresses first and saving them just find the shell unit's addresses first and save them, out of battle, and then when you're in battle copy the enemy's addresses to the saved ones.

BeyBlade v0.9.2b Requirements: Android 2.0.1 and up Overview: The first BeyBlade game on Android. Download - http://www.mediafire.com/?81g63cb9p55ucb7 More Info: Beyblade Battle Android Beyblade The first BeyBlade game on Android. Beyblade Android is a beta release so please note that there is still bugs, that have to be fixed. You can select many different parts and build your custom BeyBlades. Beyblade Battle Screenshots Android for Your Phone The game has fantastic graphics and visual effects. You will participate inmany tournaments and opponents for the championship each has its own unique Beyblade. Accumulate points per game and spend it on different things, like Beyblade parts, multiple rocket launchers ripcords more and more. Features: The game contains more than 20 playable beyblades based on toys Battle in more than 10 different stadiums Combine your own Beyblade only and use it in battle. This is a beta release so please note that there is still bugs, that have to be fixed. IMPORTANT: If you don't have 800x480 resolution, there will be some layout problems. Better support for different resolutions is coming. We are currently trying to fix the freeze issues that occur on some people. If you like to report a bug (and want answer to it), please use e-mail instead of Market comment. Battle against other BeyBlades. You can select many different parts and build your custom BeyBlades, and then battle with them in a quick match or maybe in a tournament. Control your BeyBlade with tilting the device and try to stop your opponents. Or with touch controls by swiping to the direction you want to go (a bit like joystick). With realtime physics the matches will never go same way, and the BeyBlades will behave realistically when they are hit. Features: *Good performance, over 50fps even on mid-range devices *Quality graphics *Realistic physics *Dynamic camera in matches *Soundtrack with almost 20 songs *Many BeyBlades and parts (more coming in the full version) *Many BeyBlade battle stadiums *No ads Requirements: *Android 2.0.1 or higher *800x480 resolution (works best), other resolutions should be playable but all features will not work, for some of the graphics misalign on other than 800x480 resolution. Better support is coming with updates. We are still fixing the bugs and adding more content in the game. If you find a bug you could tell us what happened, so we can try to fix it. And if the game doesn't work, instead of just giving a bad rating tell us the device you are using and did it crash or something else, and when it happened. A short description could help us solve issues with the game. Thank you all for downloading the game and giving nice comments and ratings! Notes: -The game is a bit slow to load on start so be patient. -If the BeyBlade doesn't get launched good, try to keep your finger on the rip cord a moment before swiping it to the right or try to launch it dragging the left side of it. And remeber to not grab it before "Let it rip" text. -Some parts don't fit yet right, so they get covered by each other. Tested on: (by team) -Archos A70 -Samsung Galaxy S -Samsung Galaxy Gio -Samsung Galaxy Mini (by users) -Samsung Galaxy SII -Sony Ericsson Xperia Arc (No freeze or crash on any of these devices) If you like the game please rate =). Latest Updates: version: 0.8.5b *As a request added touch-control for controlling BeyBlade, you can change control style from options. Touch control works by swiping to the direction you want to go in the bottom-right dotted-line box (a bit like joystick) (It could need maybe some adjustements still). *Reduced the lag on first launch *Some small changes *Some bugfixes version: 0.8.4.5b *Now fixed the size mistake that was in 0.8.4b. Galaxy Mini -and similar- can download again *Fixed long loading to options if music disabled *A bit faster loading time. version: 0.8.4b (Sorry, this update went in mistake too big to download on some samsung phones, fix is coming soon.) *Now workshop and market working on 480x320, 400x240 and 320x240 resolution (still stats out of screen) *Left-Handed launching mode added (changeable in settings) *Bigger restart and back buttons *Some small changes *Bugfixes version: 0.8.3b *Launching the BeyBlade should be now easier and it detects better fast swipes. *Reduced file size to under 25mb, some samsung devices that have 25mb limit are able to download it now.(if doesn't load for example on galaxy mini clear market cache before downloading). *Now new loading system on startup so it doesn't seem like freezed. (still a bit slow though but faster than before). *Bugfixes

Quick Notes: Low Registers (R0 to R7): Accessible by all instructions using general-purpose registers. High Registers (R8 to R12): Accessible by 32-bit instructions specifying a general-purpose register, not all 16-bit instructions. Stack Pointer (R13): Used as the Stack Pointer (SP). Autoaligned to a word, four-byte boundary, ignoring writes to bits [1:0]. Link Register (R14): Subroutine Link Register (LR). Receives return address from PC during Branch and Link (BL) or Branch and Link with Exchange (BLX). Also used for exception return. Treat as a general-purpose register. Program Counter (R15): PC. FPU (Floating Point Unit): Supports single-precision operations - add, subtract, multiply, divide, multiply and accumulate, and square root. Also handles conversions between fixed-point and floating-point formats, and floating-point constant instructions. FPU Registers: Sixteen 64-bit doubleword registers: D0-D15. Thirty-two 32-bit single-word registers: S0-S31. ->Source <- --------------------------------------------------------------------------------------------------------------------------------- In Arm Patching we are using only Low Registers and the FPU. True and false Editing. ~A MOV R0, #1 MOV means Move , by this instruction we are telling the proccessor to move the value 1 to register R0 similar when you assign a variable name : R0 = 1 in most programing languages the true statment always = 1 and the false statment = 0 so #1 = true and #0 = false ~A BX LR BX Means branch exit LR or in another way return the value we stored to the caller. Int Editing : we can use MOV R0, # aswell for the int value but you need to know the integral data types. • byte : Signed: From −128 to 127 ­ ­ ­ ­ ­ ­ ­ ­ ­: Unsigned: From 0 to 255 we can use MOV here if the int value we want is between -128 and 255 so the instruction will be : ~A MOV R0, #-128 or #255 at max • short : Signed: From −32,768 to 32,767 : Unsigned: From 0 to 65,535 in this case we use MOVW the W stands for Word so same as above the instruction will be : ~A MOVW R0, #−32,768 or #65,535 at max NOTE : • Don't forget to return (~A BX LR) • We can Use MVN which mean Move Negative so the Max Negative Value will be #255 for Byte and MVNW for Short #65,535 (Don't add "-" since we already telling the proccessor we are dealing with negative number) • #value will be converted automatically to hex value in the Register means #8 will be 0x00000008 and so on • Int 32 : Signed: From −2,147,483,648 to 2,147,483,647 : Unsigned: From 0 to 4,294,967,295 the typical DWORD in GG : here we move to the advanced Part of this guide: as I said in the Note above the values are converted in the register automatically to hex so the max value in short in hex will be 0x0000FFFF so we have 4 zero's we can't change in the int 32, in this case we use one more instructon MOVT T stands for Top example : MOVW R0, #22136 -> R0 will be : 0X00005678 MOVT R0 , #4660 -> R0 will be : 0x12345678 So in case of INT32 we need 2 things • Convert the value we want to change to hex value • 3 instruction in total the Same concept here work for QWORD aswell (64 bit) 0x0000000000000001 Note : MVN R0, #2 will change to 0xFFFFFFF2 in hex MOV R0, #2 or MOV R0, #0x2 are the same Float and Double: • Float and Double are IEEE 754 Floating-Point: We need the FPU here and things will get a little bit complicated, • we need 2 or 3 registers in this case R0 , R1 and S0(for float) or D0(for double) Suppose the hex value of this float 12.6 is : 0x4149999A same as the int 32 : ~A MOVW R0, #0x999A (R0 = 0x0000999A) ~A MOVT R0, #0x4149 (R0 now = 0x4149999A) now R0 is set but if we return the value (~A BX LR) the result will be : 1095342490 and we don't want that value we want 12.6 as float (This Doesn't Work Because we didn't tell the proccessor that is a float number) the right way is to use FPU VMOV S15, R0 ( VMOV is the instruction MOV in the FPU : by that instruction we mean move the register value of R0 to the FPU register R15 ) VMOV.F32 S0, S15 (here we are telling the FPU we are dealing with Float number (F32) and move the value from S15 to S0 ) for double we use the same concept except we use F64 instead and register D16 and D0 Float : so the final code will be : ~A MOVW R0, #0x999A (R0 = 0x0000999A) ~A MOVT R0, #0x4149 (R0 = 0x4149999A) ~A VMOV S15, R0 ~A VMOV.F32 S0, S15 ~A BX LR ----------------- Double : For double the hex value of 12.6 is : 0x4029333333333333 (Same Concept for Big Float Number) • Here we use R0, R1 , D0 and D16 • divide the hex value 0x4029333333333333 into 2 part 0x40293333 and 0x33333333 one goes for R0 and the other one goes for R1 Be carful of the placement of the hex value we start from the last 4 to the 1st 4 means we start with 0x3333 -> 0x4029 Use same concept of MOVW and MOVT to get the result. Result: ~A MOVW R0, #0x3333 (R0 = 0x00003333) ~A MOVT R0, #0x3333 (R0 = 0x33333333) ~A MOVW R1, # 0x3333 (R1 = 0x00003333) ~A MOVT R1, #0x4029 (R1 = 0x40293333) ~A VMOV D16, R0, R1 (Move value Of R0 and R1 to register D16 Be Careful here R0 last 8 hex 1st then R1 the top 8 hex) ~A VMOV.F64 D0, D16 (here we use F64 and D0 , and D16 instead of F32 , S0 and S15 because the hex value is 64 bit) ~A BX LR ------ This is How you arm patch bool / int / float / double NOTE : When it comes to function args and returns the only register that give return or args are R0,R1,R2,R3 (and SP) this is why we use R0 and VMOV S15/D16 to S0/D0 ARMv8 : In ARMv8, LSL stands for "Logical Shift Left". It is an instruction used to shift the bits in a register to the left by a specified number of bits, and the bits that are shifted off the left-hand end are discarded. LSL can be used with immediate values or with a register value. The immediate value specifies the number of bits to shift, which can be between 0 and 63. When using a register value, the bottom byte of the register specifies the number of bits to shift Example : Level 1 ) LSL X1, X2, #3 --> Shift the contents of X2 left by 3 bits and store the result in X1 -> In this example, X2 is being multiplied by 8 (since 8 is 2 to the power of 3), and the result is stored in X1. Level 2) MOV and LSL example: MOV X1, #0x10 -->Move the value 0x10 into register X1 LSL X1, X1, #3 --> Shift the contents of X1 left by 3 bits (multiply by 8 ) Level 3) Float Value : 3.14159 / Hex : 0x40490FD0 --Load the value 0x0FD00000 into bits 16-31 of W0 • MOVK W0, #0x0FD0, LSL #16 --> W0 = 0x00000FD0 -- Load the value 0x40490000 into bits 32-47 of W0 • MOVK W0, #0x4049, LSL #32 -> W0 = 0x40490FD0 -- Move the value of W0 into single-precision floating-point register S0 • FMOV S0, W0 --> S0 = 0x40490FD0 (interpreted as a floating-point value) Note : 4 bytes hex (32) value we use register W and for float we use S Level 4 ) Double value : 3.14159 / Hex : 0x400921F9F01B866E MOVK X0, #0xF01B866E, LSL #16 -->X0 = 0x00000000F01B866E MOVK X0, #0x400921F9, LSL #48 -->X0 = 0x400921F9F01B866E FMOV D0, X0 Note: 8 bytes hex (64) value we use register X and for Double we use D NOTE: SAME CONCEPT IN AARCH32 WITH (INT, BOOL, FLOAT, AND DOUBLE) LSL and MOV(Z/K) is the diffrences. PART II (LDR / STR): [STRING] ( NON UNITY GAMES ) Little-endian / Big-endians : LDR and STR are instructions used in ARMv7 and ARMv8 architectures to load and store data from memory. LDR stands for "Load Register" and is used to load a value from memory into a register. The syntax for LDR in ARMv7 and ARMv8 is LDR <Register>, [<Address>] STR stands for "Store Register" and is used to store a value from a register into memory. The syntax for STR in ARMv7 and ARMv8 is STR <Register>, [<Address>] where <Register> is the name of the register to load the value into, and <Address> is the memory address from which to load the value. In both cases, the square brackets around <Address> indicate that the value inside the brackets is a memory address, rather than a register. To load the string 'GG TESTING' into a register, you can use the LDR instruction. Assume the pointer to 'G' is 0x00000004 we can use this address as the base address for the LDR instruction. The instruction for loading the first four characters of the string into a 32-bit register (e.g., R1/X1) would be: • LDR R1/X1, [0x00000004] -- R1/X1 = 'GG T' This instruction loads the 32-bit value at memory address 0x00000004 into R1/X1. Note: Use the Move instructions above (PART I) to assign the value (address) to a register BEFOR USING LDR --> LDR R1/X1, [R0] -- R0 = 0x123456789 ( use MOV to assign the correct address to R0 or X0) To load the entire string into a register, you can use the LDR instruction with a register offset. Assuming the string is stored in consecutive memory locations, we can use the following instruction to load the entire string into a register (e.g., R1/X1) LDR R1/X1, [0x00000004], #10 This instruction loads the 32-bit value at memory address 0x00000004 into R1 and increments the base address by 10 (the length of the string). As a result, the entire string 'GG TESTING' will be loaded into R1. ADVANCED : If 'GG TESTING' is a half-word (i.e., each character is 2 bytes or 16 bits) and the pointer to 'G' is located at memory address 0x0000004 + 0x8, then the instructions for loading the string into a register would be different Dummy memory: 0x0000004 (<-- pointer )= 123 0x0000008 = 21 0x000000C = 9999999 0x0000010 = 'GG' 0x0000014 = ' T' -- with space at the start. 0x0000018 = 'ES' etc.. --> between every byte value ( character ) there is 0 [ example in memory 0x00000010 = 71 (G) <-- byte 0x00000011 = 0 <-- byte 0x00000012 = 71 (G) <-- byte 0x00000013 = 0 <-- byte 0x00000014 = 32 (space) <- byte ] To load the half-word 'GG' into a 32-bit register (e.g., R0/X0), we can use the LDRH instruction as follows: LDRH R0, [0x00000004, 0x8] This instruction loads the 16-bit value at memory address 0x00000010 into the lower 16 bits of R0/X0. Since we want to load the first two characters of the string, we add an offset of 0x8 to the base address. Read more about LDR To load the entire string into a register, we can use the LDRH instruction with a register offset as follows: LDRH R0, [0x00000004, 0x8], #0xC This instruction loads the 16-bit value at memory address 0x00000010 into the lower 16 bits of R1, and increments the base address by 0xC (or 12 bytes) to load the remaining characters of the string. The 'GG TESTING' string has a length of 10 characters, which corresponds to 20 bytes (11 characters x 2 bytes per character), so we need to load 12 bytes in addition to the first 2 bytes to load the entire string. AARCH64 : LDRH --> LDURH (Load Unsigned Halfword with a 64-bit offset) or LDSRH (signed) LDURH W0, [X1, #16] ; Load a halfword from the memory address X1 + 16 into W0 This loads a 16-bit unsigned halfword from the memory address X1 + 16 into the 32-bit register W0. Note that the offset value is added to the base register X1 to form the memory address. Also, because LDURH is an unsigned load instruction, the loaded halfword is zero-extended to 32 bits. NOTE: the LDURH instruction is specific to AArch64 architecture and is not available in AArch32 architecture. STR: STR is used to store the contents of a register into a memory location that is addressed using a base register and an optional offset. The contents of the register are written to the memory location, overwriting any previous data that was stored at that location. -->STR Rd, [Rn {, #offset}] where Rd is the source register whose contents will be stored in memory, Rn is the base register that points to the memory location where the data will be stored, and offset is an optional 32-bit offset that is added to the base register to form the memory address. Example of using the STR instruction to store the contents of R0 register into a memory location: --> STR R0/X0, [R1/X1, #4] ; Store the contents of R0/X1 into the memory location R1/X1 + 4. NOTE : STR Wd, [Xn, #offset], imm | the STR instruction with the imm option is only available in AArch64. |--> Wd/Xd, [Xn, #offset] The imm option allows you to add an immediate value to the offset to form the memory address. The immediate value is sign-extended to 64 bits, shifted left by the scale factor (which is determined by the size of the data being transferred), and then added to the offset. -> STR W0, [X1, #0x100], #0x20 -- This stores the contents of register W0 into the memory location pointed to by register X1 plus 0x100 plus 0x20, overwriting any previous data stored at that location. In AArch32, there is no imm option for the STR instruction. However, you can achieve a similar effect by adding the immediate value to the offset before using it in the instruction. Here's an example: ADD R2, R1, #0x120 --> R2 = R1 + 0x120 STR R0, [R2] --> Store R0 at address R2 Here, the ADD instruction adds the immediate value 0x20 to the base register R1, storing the result in R2. The STR instruction then stores the contents of register R0 into the memory location pointed to by register R2. Note: that the immediate value is added to the offset before using it in the instruction, rather than being added as a separate operand like the imm option in AArch64. --->FOR Using LDR / STR on values just LDR/STR R0/X0, [DESTINATION ADDRESS] Note : Unity games use pointers for the string ----------------------------------------------> Converting Float and Double to Hex <--------------------------------- This is mainly IEEE Standard for Floating-Point Arithmetic. (you can skip this part by using online converter) > You need : • Advanced Lua scripting Knowladge. • Math Knowladge. • Binary 32 and 64 Knowladge. --------------Please read--------------

Gameloft forums: there's an even bigger CANCER in this game that's called GG (game guardian) I think the reality is that 75% of the top 100 players are using GG. Game is completely ruined and has been for a long time. I quit because of GG and need to compete with other players in GW and tourney who use GG. If you want tourney gems you have to join a top guild and compete against the ten guys in that guild who are using GG to shoot up 250 trophies in the last 15 minutes. Its impossible otherwise. I agree the gem bug is small compared to GG. FIX THE "PLAGUE" WHICH IS GAME GUARDIAN I decided to test the game Guardian, famous mod already used by many players. A group of people which uses increases greatly. After checking my analysis are shocking, You acknowledge that 10% of bonuses in guilds to them compared to this. To begin with, that the mod modifies the speed of the game gives you infinite energy turns to statistical billion. In other words, we have EVERYTHING. With infinite energy we wanted to kill us points as time allows. Thanks to the billions raised statistics can include waypoint 60 easily and with greater speed we can do it in a few hours. With over statistics, we can destroy every castle. Legendary punching a matter of time. Not is only in WC, with this hack (game guardian) you can win any stronghold. game guardian and lots of free morale from level up does miracles .. UNIONFORCE WITH 12 VETERANS active is at 151000 points in Guild Wars. They still doing 10000+ points each war. Maybe is the non stop usage of GameGuardian that makes them so unstoppable plus the unlimited GEM bug. There are no cheaters in game. Your eyes just play games with you. GameGuardian 8.1 update with upgraded slowmotion doesn't exist. neither the Macedonian flag cheater horde on iOS. Trung's iOS R&D hack video is just after effects, and Windows leaderboards are not how you see it. Asphalt8-ModdedByS2Cancer doesn't exist. And the number of cheaters did not increase minute by minute. Before you even think of releasing a new update fix the d*** gameguardian hackers first and than you can come up with something new in game even if every update comes with new bugs ...i guess we are used to this been already 1 year . This hacking program ruined your game since few updates now and you fools arent doing nothing .the way i see it either you guys are truly incompetent or this denial of fixing gameguardian is being done on purpose . wake the hell up and give us a fair game ....not a BROKEN product . I would remove the word "apparently" Game Guardian sadly works too well... Scopely forums: Game guardian users sucks balls!! Ok, we know you cannot ban players for using "ghosting", but what about the players that use Game Guardian? You are very fast to delete the posts about Game Guardian, but are you very fast to ban this cheaters too? Game Guardian works still do not have it locked scopely! People use Game guardian to know in advance the events that you will do! it's too obvious the top factions are all gameguardian users... Hello staff scopely, I know that you have reset the people to hack the time, but you must know that this Hack GameGuardian still works you have not blocked completely! In fact people are now exploiting to know in advance what the competition will be next, going from a war to a single assaults! But you can not put the notifications with the date and time of these competitions and lock definitely GameGuardian? I do not think it is so hard to deliver a message to all players who let us know when a tournament begins, so ospostare inactive members and play at 100% without it being used Hack GG! GG does an awful lot more than just speed up your game. By speeding up the game, your SD resets faster, your building upgrades complete faster, your training is done in a blink and your farms are filled in an instant. > Those have been patched I Googled gg and every forum says the same thing. All hacks have been patched when the game reboots into normal time everything resets back. This is false, Game Guardian "Updates" every night at midnight, where the developers look at and holes that need reprogrammed. I know Game Guardian comes out with an update roughly twice a week to stay ahead of the curve. My only concern...that nothing can really be done. Cheaters and exploits will always be one step ahead, or will do just enough to not have their head above water. and yet the man who can get in and out of two raids in 16 seconds is refusing to show anyone how? wanna know why? because its impossible without GG! People in our region in a certain faction are using Game Guardian in our region to take the towers before the timer even runs out to start war, how? The get all 3 towers every war at the start of a certain player is in and their timers on the tower are offset with the actually way the timers should be set with the towers. Maybe Scopley is unaware of the fact GG keeps releasing new updates when Scopley figures out how to stop one of the previous ones.

**VERY LONG POST** Game Version: 2.1.7 Hello everyone. Just wanted to share the compilation of the game's IDs (tickets, jobs, equipments, facilities, skills) that I managed to easily search thanks to the methods of some people's previous comments on this post. I have been using GG for years now but I still considered myself a beginner. So credits to those fellas for helping me a lot. **IMPORTANT NOTES** - DO NOT edit values as it is. Instead, click the box "Add to values, do not replace", and add only up to 2 DIGITS MAXIMUM (1-99). You can keep repeating this process until you reach your desired amount. - Group Items are SAFE to change until 999 (use "add to values" and 2 digits max only every single time) - Tickets, Jobs, Items, Skills, Equipments and Facilities should be kept BELOW 99, and nothing more. (I am not sure which one of these exactly but I already got banned MULTIPLE times for going over 99 with these categories) So to be sure, keep them BELOW 99. - Don't worry even if you can only stock up to 99, you can freeze the values anyway so it won't decrease when you use it. - Not yet tried freezing the TICKETS, so be careful and do at your own risk. - You can add up to 9K diamonds in each of the daily quests. I am only looting maximum of 18K diamonds per day (2 quests, 9K each). I haven't tried going over 20K diamonds cause I read one comment here that below 20K is SAFE. - DO NOT try to unlock second generation classes via job ID search. (Possible soft ban) - DIRECT editing or hacking of resources (grass, wood, food, ore, mystic ore, energy) will lead to BAN. Instead, you can just build a lot of storehouses and use bounty bag and recovery energy to refill those resources. - Town hall level hack and Character stats hack will lead to ban. - I haven't tried hacking the stock values of chaos stones and town halls. And even eggs, and pet stats. *** I've restarted the game a thousand times already just to know the safety nets of this game. And after a lot of trial and errors, and by strictly implenting all these rules to myself, I am still able to play the game up until now without getting banned. Total of 4 towns, highest town level is 30, already unlocked some of the second generation classes (with 999 stats) via marriage. I can still access shop, can play pvp, can still add friends, join online rankings, literally still have the access to all the features this game has to offer. **Extra Tip for having UNLIMITED COINS: - Freeze the coins (copper, silver, or gold) in one of your towns to have an unlimited supply of coins. Use movers from different towns to collect those coins. My other 3 towns now have 11K-30K (and still counting) copper coins in the boxes just by using this method. **I have two questions: 1. Did someone here managed to hack the items and making the values permanent??? Cause by using the items, they become 0 after restart or they will just revert back to their original values when trying to change it. The items are the only ones I still didn't figure out. 2. Did someone here already tried to hack and edit the stats of pets or the eggs? Will it get your account banned? STRUCTURE EXAMPLE: -751,830,528 (sample flag) 0 0 (change to 1 to unlock) 0 (change to 1 to unlock. Becomes 65536 if already unlocked) 9 (sample ID) 0 (unknown number) 99 (sample quantity) **IMPORTANT NOTE: - Adding the specific number after the colons (::) on each group search for every category (e.g ::25) will lessen and give you accurate results. If you try to group search just by leaving only the colons (::) at the end, the search will automatically put "::512" and this will give you thousands or hundreds of results. I already included the needed specific numbers in each category. - ::25 for tickets, items and skills - ::29 for jobs and facilities - ::33 for equipments TICKETS: ticket_flag;0;0~1;0~~0;ticket_id;0~~0;quantity::25 Example: -751,830,528;0;0~1;0~~0;7;0~~0;0::25 Ticket ID: 7 - job ticket 8 - equipment ticket 9 - facility ticket 10 - item ticket 11 - friend ticket *#*#*#*#*#*#*#*#*#*#*#*#*#*#*# ITEMS: item_flag;0;0~1;0~~0;item_id;0~~0;quantity::25 Example: -757,448,704;0;0~1;0~~0;27;0~~0;0::25 Item ID: 26 - recovery energy 27 - recovery potion L 28 - recovery potion S 29 - mystic flute 30 - small flute 31 - holy herb 32 - sacred leaf 33 - energizing stew 34 - energy rice ball 35 - mystic elixir 36 - homeopathic elixir 37 - eternal candle 38 - awakening vessel 39 - royal gift 40 - kairo flan 41 - wairo flan 42 - kairo cake 43 - wairo cake 44 - hp orb 45 - mp orb 46 - vigor orb 47 - power orb 48 - resilience orb 49 - agility orb 50 - fortune Orb 51 - mallet 59 - bounty bag 60 - grass pouch 61 - wood pouch 62 - food pouch 63 - ore pouch 64 - gem pouch 65 - skill slots up 66 - bronze trophy 67 - silver trophy 68 - gold trophy 69 - kairo trophy 70 - crown *#*#*#*#*#*#*#*#*#*#*#*#*#*#*# JOBS: job_flag;0;0~1;0~~0;job_id;0~~0;0~~0;job_quantity::29 Example: -757,189,696;0;0~1;0~~0;119;0~~0;0~~0;0::29 LEGEND: rank S,A,B,C,D (in order) Job ID: Santa Claus - 133 Scholar - 132 Champion - 119, 118, 117, 116, 115 Pirate - 114, 113, 112, 111, 110 Viking - 109, 108, 107, 106, 105 Samurai - 104, 103, 102, 101, 100 Ninja - 99, 98, 97, 96, 95 Archer - 94, 93, 92, 91, 90 Gunner - 89, 88, 87, 86, 85 Paladin - 84, 83, 82, 81, 80 Mage - 79, 78, 77, 76, 75 Knight - 74, 73, 72, 71, 70 Guard - 69, 68, 67, 66, 65 Rancher - 64, 63, 62, 61, 60 Monk - 59, 58, 57, 56, 55 Doctor - 54, 53, 52, 51, 50 Blacksmith - 49, 48, 47, 46, 45 Artisan - 44, 43, 42, 41, 40 Cook - 39, 38, 37, 36, 35 Researcher - 34, 33, 32, 31, 30 Trader - 29, 28, 27, 26, 25 Mover - 24, 23, 22, 21, 20 Carpenter - 19, 18, 17, 16, 15 Farmer - 14, 13, 12, 11, 10 Merchant - 9, 8, 7, 6, 5 Monarch - 4, 3, 2, 1, 0 *#*#*#*#*#*#*#*#*#*#*#*#*#*#*# EQUIPMENTS: equipment_flag;0;0~1;0~~0;equipment_id;0~~0;0~~0;0~~0;0::33 Example: -757,447,680;0;0~1;0~~0;111;0~~0;0~~0;0~~0;0::33 Equipment ID: (S) = S rank equipment 5 - hammer 6 - pickaxe 7 - sickle 8 - garden hoe 9 - torch 10 - shovel 11 - net 12 - fishing net 13 - fishing rod 14 - axe 15 - watering can 16 - rake 17 - wooden staff 18 - metal ore staff 19 - sturdy staff 20 - magic staff 21 - diamond staff 22 - iron staff 23 - wooden wand 24 - spiked staff 25 - shining staff 26 - light staff 27 - green staff 28 - grief staff 29 - lightning staff 30 - thunder staff 31 - frosty rod 32 - red staff 33 - royal scepter 34 - ancient staff 35 - legendary staff 36 - mystic staff (S) 37 - wooden club 38 - sturdy club 39 - oak club 40 - elder club 41 - hero club 42 - gnarly club 43 - ladle 44 - club 45 - iron club 46 - red club 47 - mace 48 - cudgel 49 - morning star 50 - steel club 51 - golden club (S) 52 - prayer club 53 - holy club 54 - light club 55 - angelic club 56 - divine club (S) 57 - bludgeon 58 - tough club 59 - the spike 60 - artistic club 61 - emerald club 62 - wooden stick 63 - pokey stick 64 - spiked club 65 - folk art club 66 - tree branch 67 - wooden spear 68 - iron spear 69 - master's spear 70 - trident 71 - legendary spear 72 - fisherman's pike 73 - iron pike 74 - red spear 75 - steel spear 76 - fire spear (S) 77 - bronze spear 78 - paladin's spear 79 - commander's spear 80 - golden spear 81 - black spear 82 - tiny mallet 83 - mallet 84 - iron hammer 85 - big bad hammer 86 - fire hammer (S) 87 - basic hammer 88 - long hammer 89 - silver hammer 90 - master's hammer 91 - golden hammer (S) 92 - sword 93 - steel sword 94 - master's sword 95 - commander's sword 96 - artisanal sword 97 - fruit knife 98 - kitchen knife 99 - silver knife 100 - master's knife 101 - golden knife 102 - tiny knife 103 - scalpel 104 - silver scalpel 105 - lightning scalpel 106 - ice scalpel 107 - pirate sword 108 - cutlass 109 - tomato sword 110 - teardrop sword 111 - fire sword (S) 112 - infantry sword 113 - sabre 114 - silver sword 115 - destruction sword 116 - ancient sword 117 - ice knife 118 - ice sword 119 - ice greatsword 120 - frosty sword 121 - blizzard sword 122 - kunai 123 - ninja star 124 - giant ninja star 125 - flame ninja star 126 - giga ninja star 127 - simple katana 128 - samurai sword 129 - shogun's katana 130 - master's katana 131 - legendary katana 132 - bronze sword 133 - copper sword 134 - tempered sword 135 - lightweight sword 136 - honor sword 137 - longish sword 138 - ***** sword 139 - saint's sword 140 - sword of rage 141 - legendary sword (S) 142 - black sword 143 - darkness sword 144 - sword of the void 145 - royal sword 146 - conqueror's sword (S) 147 - normal sword 148 - courage sword 149 - hero sword 150 - immortal sword 151 - yggdrasil sword (S) 152 - novel 153 - research guide 154 - magnifying glass 155 - ancient tome 156 - paintbrush 157 - pistol 158 - rifle 159 - musket 160 - mighty rifle 161 - golden gun (S) 162 - bow 163 - infanrty bow 164 - hunting bow 165 - swift bow 166 - champion's bow (S) 167 - adze 168 - lumberjack's axe 169 - steel axe 170 - battle axe 171 - legendary axe (S) 172 - kairo sword 173 - kairo hammer 174 - kairo lance 175 - kairo bow 176 - kairo gun 177 - wooden shield 178 - leather shield 179 - infantry shield 180 - buckler 181 - iron shield 182 - noble shield 183 - hero shield 184 - crystal shield 185 - shell shield 186 - wairo shield (S) 187 - scholar's shield 188 - holy shield 189 - folk art shield 190 - sturdy shield 191 - nightmare shield 192 - legendary shield (blue color) 193 - green shield 194 - mirror shield (S) 195 - golden shield 196 - shining shield (S) 197 - demonic shield 198 - legendary shield (gold color) 199 - conqueror's shield 200 - kairo shield (S) 201 - loincloth 202 - linen garment 203 - common garment 204 - yellow garment 205 - durable garment 206 - stylish garment 207 - thick garment 208 - chain mail 209 - skirt 210 - dress 211 - pajamas 212 - fur coat 213 - coat 214 - robe 215 - fine robe 216 - men's kimono 217 - cape 218 - durable cape 219 - purple cape 220 - royal robe 221 - leather chest guard 222 - iron chest guard 223 - leather armor 224 - light mail 225 - bronze armor 226 - silver armor 227 - verdant armor 228 - heavy armor 229 - golden armor (S) 230 - black chainmail (S) 231 - bandana (green color) 232 - alice band 233 - headband 234 - turban 235 - hat (blue color) 236 - helmet 237 - hat (brown color) 238 - bandana (blue color) 239 - ninja headband 240 - forehead guard 241 - chef hat 242 - top hat 243 - hat (white color) 244 - holy hat 245 - angel's halo 246 - pirate hat 247 - director's beret 248 - winged bandana 249 - winged hat 250 - winged helm 251 - magic hat 252 - mage's hat 253 - wizard's hat 254 - legendary hat 255 - mystic hat 256 - mail coif 257 - shampoo hat 258 - kairo hat 259 - royal crown (S) 260 - tiara 261 - lookout hat 262 - guard helmet 263 - bronze headpiece 264 - helmet 265 - iron mask 266 - iron headpiece 267 - black headpiece 268 - golden headpiece (S) 269 - dragon headpiece 270 - robot helmet 271 - locket 272 - necklace 273 - amulet 274 - blue pendant 275 - red pendant 276 - golden pendant (S) 277 - magic pendant 278 - goden bracelet 279 - leather band 280 - wristband 281 - gold medal (S) 282 - scarf 283 - collar 284 - golden collar 285 - ring 286 - pearl ring 287 - silver ring 288 - light ring 289 - golden ring (S) 290 - gloves 291 - leather gloves 292 - silk gloves 293 - silver earrings 294 - golden earrings 295 - royal earrings (S) 296 - leather shoes 297 - wooden sandals 298 - loafers 299 - silver boots 300 - boots 301 - winged sandals 302 - candle 303 - charm 304 - golden bell 305 - red ribbon 306 - ribbon 307 - wooden carving 308 - cloth bag 309 - gold bag 310 - sally pin figure 311 - santa staff 312 - santa shield *#*#*#*#*#*#*#*#*#*#*#*#*#*#*# FACILITIES: **So far, these are the only facilities I already unlocked, I am pretty sure I am still missing a lot of things based on the missing ID numbers. But it's probably the town hall, chaos stones, shelves and crib. So that makes this list the only thing that isn't complete yet** facility_id;0;0~1;0~~0;facility_id;0~~0;0~~0;quantity::29 Example: -761,248,000;0;0~1;0~~0;35;0~~0;0~~0;5::29 Facility ID: 3 - gravel path 4 - road 6 - bridge 11 - small land 12 - medium land 13 - large land 14 - xl land 23 - wall fence 24 - wall wood 25 - defensive wall 26 - castle wall 28 - gate 29 - torch 30 - nighttime meeting place 31 - low watchtower 32 - turret 33 - grass storehouse 34 - food storehouse 35 - wood storehouse 36 - ore storehouse 37 - gem storehouse 38 - item storehouse 39 - energy storehouse 40 - treasure storehouse 42 - field 43 - plantation 44 - ranch 45 - ore mine 46 - mystic ore mine 47 - energy mine 67 - well 69 - wasteland guide 70 - stables 72 - outdoor treasure lab 73 - temporary shelter 74 - outdoor research lab 75 - rest stop 76 - simple stove 77 - bonfire 78 - thorny trap 79 - flower bed 80 - bushes 81 - seedlings 82 - fountain 83 - goddess statue 84 - rejuvenation spring 85 - monster statue 86 - monster repelling orb 87 - monster repelling sword 88 - monster repelling slate 89 - windmill 90 - monster feeds 91 - bench 92 - expedition hut 101 - double bed 106 - chair 119 - decorative plant 120 - tomato 121 - flowers 122 - pansy 123 - glittering stone 124 - dining table 125 - couch 126 - candle 127 - tree nursery 128 - decorative armor 129 - red carpet 130 - fluffy carpet 131 - black carpet 132 - training room 133 - shooting range 134 - magic training ground 135 - rejuvenating bath 136 - rainwater barrel 137 - fireplace 138 - tool workshop 139 - kitchen shelves 140 - bathtub 141 - chest of drawers 142 - stove 143 - flower vase 144 - animal figurine 145 - vanity mirror 146 - cooking counter 147 - shelf 148 - desk 149 - window 150 - bookshelf 151 - dresser 152 - ore workbench 153 - study desk 154 - friend bed 157 - monster room 160 - dragon stables 161 - pitfall 162 - monster stables 182 - ancestor statue 183 - copper storage 184 - silver storage 185 - gold storage 186 - kairo king statue 189 - daycare 194 - egg storage 206 - high grade grass storehouse 207 - high grade wood storehouse 208 - high grade food storehouse 209 - high grade ore storehouse 210 - high grade mystic ore storehouse 211 - high grade energy storehouse 212 - high grade treasure storehouse 213 - high grade item storehouse 214 - high grade egg storehouse 215 - reclaimed land 234 - cash register 238 - reindeer stable *#*#*#*#*#*#*#*#*#*#*#*#*#*#*# SKILLS: **Skills with question marks (?) have chinese characters in their description so I didn't let it stay inside my game. I immediately deleted them just to be safe** skill_flag;0;0~1;0~~0;skill_id;0~~0;quantity::25 Example: -761,320,960;0;0~1;0~~0;0~~0;0~~0;0~~0::25 LEGEND: I, II, III, IV, V (in order) Skill ID: 0 - normal attack 1 - bow attack 2 - gun attack 3 - critical hit 4 - arrow rain fire magic - 5, 6, 7, 8, 9 ice magic - 10, 11, 12, 13, 14 lightning magic - 15, 16, 17, 18, 19 20 - half reflect 21 - full reflect Hit Attack - 22, 23, 24, 25 26 - counter 27 - parry 28 - perfect dodge 29 - dodge up 30 - critical up Direct attack - 31, 32 Area attack - 33, 34, 35 36 - myriad arrows 37 - heal maddy 38 - heal M 39 - heal L 40 - revive 50 41 - revive 100 42 - agriculturist 43 - construction chief 44 - thief 45 - culinarian 46 - transport crops Research - 47, 48, 49, 50, 51 52 - ranch know how 53 - treasure analysis Craftsmanship - 54, 55, 56, 57, 58 59 - instant construction 60 - instant workshop 61 - insta move 62 - instant weeding 63 - instant treasure analysis 64 - move speed up 65 - all out sprint 66 - miner Deployment range - 67, 68 69 - de fogger Experience up - 70, 71, 72 Deployment discount - 73, 74 75 - auto recovery HP 76 - auto recovery MP 77 - auto recovery VIGOR 78 - facility rec HP 79 - facility rec VIGOR 80 - facility rec MP 81 - stubborn 82 - sword resistance 83 - staff resistance 84 - axe resistance 85 - spear resistance 86 - hammer resistance 87 - club resistance 88 - gun resistance 89 - bow resistance 90 - book resistance 91 - shield resistance 92 - stealth 93 - instinct 94 - strategic retreat 95 - battle maniac 96 - ?house sitter? 97 - round trip 98 - ?rambler? 99 - ?naturalistic? 100 - ?traveler? 101 - aid specialist 102 - domestic production 103 - ?countryside fanatic? 104 - ?well prepared? 105 - leading the charge 106 - daring charge 107 - backup 108 - critical up+ 109 - 6 hit attack 110 - 7 hit attack Skilled craftsman - 111, 112 Armor breaker - 113, 114, 115, 116 Sandman - 117, 118, 119 Skill (unknown) - 120, 121, 122, 123 Guerilla - 124, 125, 126 Art - 127, 128, 129, 130, 131 132 - capture Chat - 133, 134, 135 **I hope these lists will be helpful to everyone especially those who are trying to make a script. **I really appreciate those people in the previous comments for sharing their search methods. Thank you guys. **I am a BIG FAN of kairosoft games and I am merely hacking my game so I can see it through the end. **Please don't be greedy in this game to avoid ban. Have fun and just enjoy.

Bypassing XOR encryption in mobile games with Game Guardian In the last few months we noticed increased number of mobile games that uses some sort of encryption. Some of them are simple, like multiplying value with some random number (example: let’s say random number is 8 – in that case, 10 gold in our in-game inventory will be stored as 80 in memory). This simple kinds of encryption can’t trick anyone. But XOR encryption is different story. It is one of the simplest encryption methods, but in most cases it can’t be broken (if data and key have the same length). It is often used as a part in more advanced ciphers. But we will cover this latter. There are lot of tutorials that teach us how to bypass XOR encryption in mobile games, but most of them don’t show us process that lies behind. So before we start, we need to read some theory about the subject. If you learn this, you will be able to bypass XOR encryption with only basic memory editor, paper and pen. Of course, this is some sort of advanced tutorial – we assume that you are at least familiar with basics of memory editing. Cryptography 101 (logic for dummies) In the beginning, there was Boolean algebra. For those who haven’t overslept math and logic classes, you can skip this chapter. If you have overslept, read carefully. George Boole was mathematician, logician and philosopher who published his most famous notes in the middle of the 19th century. You probably asked yourself why are you reading about some dude who lived 100 years before ENIAC. This dude is father of all computers – every digital circuit on our planet works on his principles. For our story, it is important to notice that every algebra has own values and operations. Imagine that, in some sort of simple algebra, values are set of natural numbers from 1 to 10 [1,2,3,4,5,6,7,8,9], and only operations are addition(+), subtraction(-), multiplication(*), and division(/). From our knowledge of elementary algebra (math from school), you can tell that 1+1 =2, or 2*4=8. While elementary algebra deals with numbers, Boolean algebra use only two values – TRUEand FALSE. They are represented as 1(true) and 0(false). All operations are done on this two values. Of course, you can’t preform multiplication or subtraction on this values. We need some other operations that can be preformed on TRUE and FALSE. These operations are called bitwise operations. There are three basic operations in Boolean algebra – NOT(¬), AND (∧) and OR (∨), and they are really simple to understand. Take a look at this image, and everything will be clear. Source: Wikipedia Just kidding, forget this and let’s move on. Basic bitwise operations I know this will maybe be hard to understand, especially if this is your first time you read about logic. So I will try to make it simple. Boolean algebra (and any other logic) are made to teach us how to make correct conclusions. In elementary algebra, correct conclusion is when we write that 1+1=2. As we said, in Boolean algebra there are only two values, and we can only preform operations on them. Now imagine that we have a few true or false statements: Tom is a cat (TRUE or 1) Jerry is a mouse (TRUE or 1) Sky is green (FALSE or 0) NOT operator This is fairly simple examples. Let’s see our first operator, NOT(¬). “Tom in not a cat”, is this statement true or false? Of course, it is FALSE. Jerry is not a mouse = FALSE or 0. Sky is not green = TRUE or 1. This operator preforms logical negation on a given statement. 0 become 1, and 1 become 0. We can write it like this: ¬0 = 1 ¬1 = 0 AND operator AND(∧) operator takes two arguments, and returns TRUE only if both arguments are TRUE. Tom is a cat AND Jerry is a mouse = TRUE(1). Tom is a cat AND Sky is green = FALSE(0). You can easily remember this operator – just multiply two arguments and you have correct result. We can write it like this: 1 ∧ 1 = 1 1 ∧ 0 = 0 0 ∧ 1 = 0 0 ∧ 0 = 0 OR operator OR (∨) operator takes two arguments, and return FALSE only if both of the statements are FALSE. In every other case it returns TRUE. Tom is car OR Sky is green = TRUE(1). Sky is green OR Sky is red = FALSE(0). 1 ∨ 1 = 1 1 ∨ 0 = 1 0 ∨ 1 = 1 0 ∨ 0 = 0 Maybe you wonder why are we talking about Tom and Jerry. In computer world, everything is made in binary system. There are only two states in computer – there is current flow (1) and there isn’t current flow (0). So every information is stored in binary numeral system. Each digit (0 or 1) is called bit. Group of 8 bits are called byte. Any information can be translated into binary system. So our “tom” will be 01110100 01101111 01101101 in binary, and “sky” will be 01110011 01101011 01111001. Guess what? You can preform this bitwise operations on binary values. So, “tom” OR “sky”? 01110100 01101111 01101101 tom ∨ 01110011 01101011 01111001 sky ____________________________ 01110111 01101111 01111101 wo} If we want preform AND operator, this will be result: 01110100 01101111 01101101 tom ∧ 01110011 01101011 01111001 sky _______________________________ 01110000 01101011 01101001 pki Well, this was not very useful. But it is important to remember this, because now you will learn another bitwise operation – exclusive disjunction (exclusive OR, known as XOR). XOR (exclusive OR) bitwise operator I hope you understand these basic bitwise operators. There is also so-called “secondary operators or operations”, which can be derived from basic operators. One of these secondary operators is XOR, or exclusive OR. You will understand why is it called “exclusive OR” when you see the following table. 1 XOR 1 = 0 1 XOR 0 = 1 0 XOR 1 = 1 0 XOR 0 = 0 As you can see, if you perform XOR operation on two different values, it will return 1 or true. If values are the same, it will return 0 or false. So what is the catch? Why are XOR so special, and why is it used in cryptography? Now, look again our previous example, and you will see. From now on, we will preform XOR operation on original data (“tom” in our case) with the key (“sky” in our case). 01110100 01101111 01101101 tom XOR 01110011 01101011 01111001 sky _____________________________________ 00000111 00000100 00010100 //this can't be converted to meaningful text But what will happen if we XOR out new value (00000111 00000100 00010100) with the same key (sky or 01110011 01101011 01111001)? Let’s try it. 00000111 00000100 00010100 XOR 01110011 01101011 01111001 sky ___________________________________ 01110100 01101111 01101101 tom Right, we got our original data. But there is more -what if we don’t know the key (“sky”) 01110100 01101111 01101101 tom XOR 00000111 00000100 00010100 ___________________________________ 01110011 01101011 01111001 sky We have out original key. This is the reason why XOR operator is special. We can’t achieve this with other operators. XOR encryption in mobile games So let’s see some real world example – using XOR encryption in mobile games. Imagine that you have 1000 gold in some game. Developers implemented that all values are XOR-ed with the key 1337, and stored in memory. So look at the example. For conversion for decimal to binary you can use Windows calculator, or some online tools [BINARY TO DECIMAL CONVERTER] 0000001111101000 1000 XOR 0000010100111001 1337 _________________________ 0000011011010001 1745 This means that “1000” gold is stored as “1745” in memory. If you earn more gold (let’s say you got 1050 gold now), it will be stored in memory like this. 0000010000011010 1050 XOR 0000010100111001 1337 _________________________ 0000000100100011 291 So how we can bypass this sort of encryption? Bypassing XOR encryption with Game Guardian We already saw that: original value XOR key = encrypted value encrypted value XOR key = original value original value XOR encrypted value = key With this principle, we can bypass XOR encryption even if we don’t know that key developers used. So let’s start with practical work. If you aren’t familiar with fuzzy search, it will be useful to first read this tutorial [GAME GUARDIAN FUZZY SEARCH TUTORIAL]. We are going to use examples from previous paragraph. Our first step is to find address where the encrypted value is stored. This step is simple. First, scan for unknown starting value – this is done by selecting Fuzzy search from Game Guardian. As value type, you can choose DWORD (it was DWORD in all games that we cheated). Change the amount of gold in-game, then search for changed value. Repeat this step until only one address has left on the list. Now it is time to check if XOR encryption is used. Let’s say you got 1000 gold in game, but with fuzzy search you found value 1745. Preform XOR operation on this two values. 0000001111101000 1000 //Ingame gold XOR 0000011011010001 1745 //Value that you have found with fuzzy search _________________________ 0000010100111001 1337 //Key? --write it down Now change original value – earn or spend some gold. Let’s say you have 1050 gold now. Look at the address that you found with fuzzy search, and read the value. Again, preform XOR operation with in-game value and in-memory value. 0000010000011010 1050 //In-game value XOR 0000000100100011 291 //Value which is stored in memory _________________________ 0000010100111001 1337 //KEY!! If two keys are the same, XOR encryption is used and you have found the key. If they are not, XOR encryption is not used. Now, let’s change our gold (it was our primary goal, right?). We want 9999 gold. Again, preform XOR operation on it with key that you found (1337 in our case). 0010011100001111 9999 XOR 0000010100111001 1337 ___________________________ 0010001000110110 8758 Change the value that you found with fuzzy search – as new value set 8758. Open game again, and you should have 9999 gold. You can now cheat game using paper and pen, as we promised on the beginning. But it would be smarter if you use XOR calculator built in Game Guardian Second method to bypass XOR encryption Now, you will see the true power of Game Guardian. For this method, it is important to note that in most games, encrypted value and key are stored next to each other in memory – for DWORD type,one value occupies 4 bytes,so the key is usually 4 bytes away from encrypted value. Look at this picture. In Game Guardian, there is builtin method which automatically search for values, and XOR them with value which is X bytes away. That means that we don’t need to do fuzzy search, or calculate XOR values. Game Guardian can do it for us. Let’s get back to our previous example and imagine that encrypted value and key are 4 bytes away. If you have 1000 gold in-game, click on Known search, as type choose Dword (it can be some other types too, but it is usually dword.). As value, put in 1000X4, and click on search. In this example, first number “1000” is amount of currency that we want to change. Second part, “X4“, marks how many bytes away is the key. For dword values it can be X4,X8, X12, X16… Earn or spend some currency – let’s say that you have 900 gold now. Now input 900X4, and click on refine. Repeat previous step until you have only one address left (or few addresses if you want). Click on Edit, and as a value input 9999X4. And that’s it. Game Guardian will automatically search for encrypted values, and XOR them with key which is X bytes away. Pretty impressive feature. With this, our tutorial has finished. There will be reference links bellow, if you want to know more about this subject. Any suggestions are appreciated. Happy cheating. Reference links [Algebraic operation – Wikipedia article] [Binary numbers] [Boolean algebra] [Exclusive OR – XOR, Wikipedia] [NoFear’s tutorial – Xor search guide] [Binary to decimal online calculator]

1 Dodge Dart GT 2 Audi R8 e-tron 3 Tesla Model S 4 Cadillac ATS 5 Cadillac XTS 6 Scion FR-S 7 Mini Cooper S Roadster 8 Alfa Romeo MiTo GTA 9 Audi S4 10 Nissan 370Z 11 Audi RS 3 Sportback 12 Mercedes-Benz SLS AMG Electric Drive 13 Audi TTS Coupe 14 Chevrolet Camaro GS 15 Ford Focus RS 16 Lamborghini Urus 17 Infiniti FX50 18 Lotus Exige S Coupe 19 Audi RS 4 Avant 20 Alfa Romeo 8C Competizione 21 DS Survolt 22 Aston Martin DB9 Coupe 23 Lamborghini Countach 25th Anniversary 24 Maserati GranTurismo Sport 25 Bentley Continental GT V8 26 Aston Martin V12 Zagato 27 Aston Martin V12 Vantage 28 Nissan GT-R (R35) 29 Ferrari 458 Italia 30 Ford Shelby GT500 31 Cadillac CTS-V Coupe Race Car 32 Mercedes-Benz SL 65 AMG Black Series 33 Dodge Viper SRT10 ACR-X 34 Chevrolet Corvette C7 35 McLaren 12C Spider 36 Pagani Zonda R 37 Ferrari F12berlinetta 38 Lamborghini Sesto Elemento 39 Marussia B2 40 RUF RT 12 S 41 Lamborghini Veneno 42 GTA Spano 43 RUF CTR 3 44 Ferrari FXX Evoluzione 45 Bugatti 16.4 Grand Sport Vitesse 46 Mercedes-Benz Silver Lightning 47 Koenigsegg Agera R 48 Ferrari 599XX 49 Lamborghini Gallardo LP 560-4 2013 50 Renault CLIO R.S. 200 EDC 51 BMW M6 52 Ferrari F430 53 Lotus Evora Enduro GT 54 Ferrari LaFerrari 55 W Motors Lykan HyperSport 56 Pagani Huayra 57 McLaren P1 58 SSC Tuatara 59 Ferrari Testarossa 60 SRT 2013 Dodge Challenger SRT8 61 Ford F-150 62 Hennessey Venom GT 63 Chrysler ME412 64 Ferrari FF 65 Ford 2006 GT 66 Mercedes-Benz SLS AMG GT Coupé Final Edition 67 2015 Ford Mustang 68 Jaguar C-X75 69 Mercedes-Benz CLK GTR AMG 70 Mercedes-Benz Biome 71 Peugeot Onyx 72 Jaguar F-Type R 73 Savage Rivale Roadyacht GTS 74 Mazda Furai 75 Nissan GT-R NISMO 76 SSC Ultimate Aero XT 77 Rimac Consept One 78 Savage Rivale GTR 79 Maserati MC12 80 Volkswagen W12 81 Koenigsegg One:1 82 9FF GT9 VMAX 83 Tramontana XTR 84 Felino cB7 85 Spada Codatronca 86 Arrinera Hussarya 87 Lucra L148 88 Acura NSX 2005 89 Renault DeZir 90 Ferrari F40 91 Ferrari Enzo Ferrari 92 Ferrari 612 Scaglietti 93 Ferrari F50 94 Ferrari 308 GTS 95 Ferrari 330 P4 96 Volkswagen Golf Design Vision GTI 97 BMW M3 Sedan 98 Audi R8 LMS Ultra 99 BMW M1 100 HTT Plethore LC 750 101 Lamborghini Aventador LP 700-4 102 Geely GC9 103 ONUK Sazan LM 104 Mitsubishi Lancer Evolution X 105 Chevrolet SS 106 AC 378 GT Z 107 Kepler Motion 108 McLaren 675LT 109 Bentley EXP10 Speed 6 110 McLaren P1 GTR 111 Camaro Z/28 112 Datsun 280Z 113 Shelby Cobra 427 114 SUBARU IMPREZA WRX STI 115 McLaren 570S 116 Lamborghini Huracan 117 Cadillac 16 Consept 118 McLaren F1 XP-5 119 DS 3 Racing 120 Honda S2000 121 Range Rover Evoque Coupe HSE Dynamic 122 Mercedes-Benz SLK 55 AMG 123 Toyota Supra RZ (Mark IV) 124 Nissan Skyline GT-R (R34) 125 Peugeot SR1 126 Lamgorghini Asterion 127 Mazzanti Evantra 128 Mosler GT3 129 Lamborghini Egoista 130 Renault Sport R.S. 01 131 TRION NEMESIS 132 ED Design Torq 133 Alfa Romeo 4C 134 Lamborghini Estoque 135 Rinspeed zaZen 136 Sbarro Alcador 137 Holden Coupe 60 138 Volkswagen Beetle Turbo 139 Lamborghini Miura 140 Cheverolet 2016 Camaro SS 141 Ferrari 458 Italia 142 Mosler Super GT 143 Mazda RX8 144 BMW 3.0 CSL Hommage 145 Honda Integra Type-R 146 Devel Sixteen Prototype 147 Mazda 6 148 Mitsubishi Eclipse 149 nanoFlowcell QUANT FE 150 Fenyr SuperSport 151 nanoFlowcell QUANTINO 152 Weber Faster One 153 Mercedes-AMG GT3 154 Nissan Juke Nismo 155 Jaguar XJ220S TWR Motorsport 156 Mercedes-AMG C 63 Couple 157 Jaguar F-TYPE Project 7 158 Aston Martin One-77 159 Donkervoort D8 GTO 160 Caddilac ATS-V Coupe 161 BXR Blade 162 MB GLC Coupe 163 2015 GTA Spano 164 Falcon F7 165 TVR Sagaris 166 Citroen GT 167 Icona Vulcano 168 Chevrolet Corvette C3 169 AlfaRomeo Quadrifoglio (Giulietta 2016 Veloce) 170 Mercedes CLA Racing 34 (CLA 45 AMG Rcaing Series)

I can get maybe ?? 1 Dodge Dart GT 2 Audi R8 e-tron 3 Tesla Model S 4 Cadillac ATS 5 Cadillac XTS 6 Scion FR-S 7 Mini Cooper S Roadster 8 Alfa Romeo MiTo GTA 9 Audi S4 10 Nissan 370Z 11 Audi RS 3 Sportback 12 Mercedes-Benz SLS AMG Electric Drive 13 Audi TTS Coupe 14 Chevrolet Camaro GS 15 Ford Focus RS 16 Lamborghini Urus 17 Infiniti FX50 18 Lotus Exige S Coupe 19 Audi RS 4 Avant 20 Alfa Romeo 8C Competizione 21 DS Survolt 22 Aston Martin DB9 Coupe 23 Lamborghini Countach 25th Anniversary 24 Maserati GranTurismo Sport 25 Bentley Continental GT V8 26 Aston Martin V12 Zagato 27 Aston Martin V12 Vantage 28 Nissan GT-R (R35) 29 Ferrari 458 Italia 30 Ford Shelby GT500 31 Cadillac CTS-V Coupe Race Car 32 Mercedes-Benz SL 65 AMG Black Series 33 Dodge Viper SRT10 ACR-X 34 Chevrolet Corvette C7 35 McLaren 12C Spider 36 Pagani Zonda R 37 Ferrari F12berlinetta 38 Lamborghini Sesto Elemento 39 Marussia B2 40 RUF RT 12 S 41 Lamborghini Veneno 42 GTA Spano 43 RUF CTR 3 44 Ferrari FXX Evoluzione 45 Bugatti 16.4 Grand Sport Vitesse 46 Mercedes-Benz Silver Lightning 47 Koenigsegg Agera R 48 Ferrari 599XX 49 Lamborghini Gallardo LP 560-4 2013 50 Renault CLIO R.S. 200 EDC 51 BMW M6 52 Ferrari F430 53 Lotus Evora Enduro GT 54 Ferrari LaFerrari 55 W Motors Lykan HyperSport 56 Pagani Huayra 57 McLaren P1 58 SSC Tuatara 59 Ferrari Testarossa 60 SRT 2013 Dodge Challenger SRT8 61 Ford F-150 62 Hennessey Venom GT 63 Chrysler ME412 64 Ferrari FF 65 Ford 2006 GT 66 Mercedes-Benz SLS AMG GT Coupé Final Edition 67 2015 Ford Mustang 68 Jaguar C-X75 69 Mercedes-Benz CLK GTR AMG 70 Mercedes-Benz Biome 71 Peugeot Onyx 72 Jaguar F-Type R 73 Savage Rivale Roadyacht GTS 74 Mazda Furai 75 Nissan GT-R NISMO 76 SSC Ultimate Aero XT 77 Rimac Consept One 78 Savage Rivale GTR 79 Maserati MC12 80 Volkswagen W12 81 Koenigsegg One:1 82 9FF GT9 VMAX 83 Tramontana XTR 84 Felino cB7 85 Spada Codatronca 86 Arrinera Hussarya 87 Lucra L148 88 Acura NSX 2005 89 Renault DeZir 90 Ferrari F40 91 Ferrari Enzo Ferrari 92 Ferrari 612 Scaglietti 93 Ferrari F50 94 Ferrari 308 GTS 95 Ferrari 330 P4 96 Volkswagen Golf Design Vision GTI 97 BMW M3 Sedan 98 Audi R8 LMS Ultra 99 BMW M1 100 HTT Plethore LC 750 101 Lamborghini Aventador LP 700-4 102 Geely GC9 103 ONUK Sazan LM 104 Mitsubishi Lancer Evolution X 105 Chevrolet SS 106 AC 378 GT Z 107 Kepler Motion 108 McLaren 675LT 109 Bentley EXP10 Speed 6 110 McLaren P1 GTR 111 Camaro Z/28 112 Datsun 280Z 113 Shelby Cobra 427 114 SUBARU IMPREZA WRX STI 115 McLaren 570S 116 Lamborghini Huracan 117 Cadillac 16 Consept 118 McLaren F1 XP-5 119 DS 3 Racing 120 Honda S2000 121 Range Rover Evoque Coupe HSE Dynamic 122 Mercedes-Benz SLK 55 AMG 123 Toyota Supra RZ (Mark IV) 124 Nissan Skyline GT-R (R34) 125 Peugeot SR1 126 Lamgorghini Asterion 127 Mazzanti Evantra 128 Mosler GT3 129 Lamborghini Egoista 130 Renault Sport R.S. 01 131 TRION NEMESIS 132 ED Design Torq 133 Alfa Romeo 4C 134 Lamborghini Estoque 135 Rinspeed zaZen 136 Sbarro Alcador 137 Holden Coupe 60 138 Volkswagen Beetle Turbo 139 Lamborghini Miura 140 Cheverolet 2016 Camaro SS 141 Ferrari 458 Italia 142 Mosler Super GT 143 Mazda RX8 144 BMW 3.0 CSL Hommage 145 Honda Integra Type-R 146 Devel Sixteen Prototype 147 Mazda 6 148 Mitsubishi Eclipse 149 nanoFlowcell QUANT FE 150 Fenyr SuperSport 151 nanoFlowcell QUANTINO 152 Weber Faster One 153 Mercedes-AMG GT3 154 Nissan Juke Nismo 155 Jaguar XJ220S TWR Motorsport 156 Mercedes-AMG C 63 Couple 157 Jaguar F-TYPE Project 7 158 Aston Martin One-77 159 Donkervoort D8 GTO 160 Caddilac ATS-V Coupe 161 BXR Blade 162 MB GLC Coupe 163 2015 GTA Spano 164 Falcon F7 165 TVR Sagaris 166 Citroen GT 167 Icona Vulcano 168 Chevrolet Corvette C3 169 AlfaRomeo Giulietta 2016 Veloce 170 Mercedes Benz CLA 45 AMG Racing Series 171 McLaren M14A 172McLaren Mercedes MP4-25 173 Arash AF10 174 Aston Martin Vulcan 175 impala 176 bently 2010 177 Mosler land sark 178 bmw m2 179 Mclaren mp4-8 180 renault alpine 181 Lamborghini aventor sv 182 buick avista consept 183 mercedes 55 special 184 mclaren mp4-31 185 Sbarro sparta 186 Chevrolet Corvette Grand Sport 187 SIN R1 188 Ferrari GTC4Lusso 189 Lotus Evora Sport 410 190 Porshe cayman gt4 191 Porshe 718 192 Porshe 959 193 Porshe 911 194 Porshe 918

hltexx:/ $ su hltexx:/ # su hltexx:/ # getprop [audio.offload.buffer.size.kb]: [32] [audio.offload.gapless.enabled]: [true] [audio.offload.multiple.enabled]: [true] [audio.offload.pcm.16bit.enable]: [true] [audio.offload.pcm.24bit.enable]: [true] [av.offload.enable]: [true] [av.streaming.offload.enable]: [true] [camera2.portability.force_api]: [1] [dalvik.vm.appimageformat]: [lz4] [dalvik.vm.dex2oat-Xms]: [64m] [dalvik.vm.dex2oat-Xmx]: [512m] [dalvik.vm.dex2oat-swap]: [false] [dalvik.vm.heapgrowthlimit]: [192m] [dalvik.vm.heapmaxfree]: [8m] [dalvik.vm.heapminfree]: [2m] [dalvik.vm.heapsize]: [512m] [dalvik.vm.heapstartsize]: [16m] [dalvik.vm.heaptargetutilization]: [0.75] [dalvik.vm.image-dex2oat-Xms]: [64m] [dalvik.vm.image-dex2oat-Xmx]: [64m] [dalvik.vm.isa.arm.features]: [default] [dalvik.vm.isa.arm.variant]: [krait] [dalvik.vm.lockprof.threshold]: [500] [dalvik.vm.stack-trace-file]: [/data/anr/traces.txt] [dalvik.vm.usejit]: [true] [dalvik.vm.usejitprofiles]: [true] [debug.atrace.tags.enableflags]: [0] [debug.force_rtl]: [0] [debug.mdpcomp.logs]: [0] [debug.sensors]: [1] [debug.sf.hw]: [1] [dev.bootcomplete]: [1] [gsm.current.phone-type]: [1] [gsm.defaultpdpcontext.active]: [false] [gsm.network.type]: [LTE] [gsm.nitz.time]: [1513006906007] [gsm.operator.alpha]: [SingTel] [gsm.operator.iso-country]: [sg] [gsm.operator.isroaming]: [false] [gsm.operator.numeric]: [52501] [gsm.sim.operator.alpha]: [Singtel] [gsm.sim.operator.iso-country]: [sg] [gsm.sim.operator.numeric]: [52501] [gsm.sim.state]: [READY] [gsm.version.baseband]: [N9005DXUGBOK3] [gsm.version.ril-impl]: [Samsung RIL v3.0] [init.svc.adbd]: [running] [init.svc.adsprpcd]: [running] [init.svc.audiod]: [running] [init.svc.audioserver]: [running] [init.svc.bootanim]: [stopped] [init.svc.debuggerd]: [running] [init.svc.drm]: [running] [init.svc.gatekeeperd]: [running] [init.svc.healthd]: [running] [init.svc.installd]: [running] [init.svc.irsc_util]: [stopped] [init.svc.keystore]: [running] [init.svc.lmkd]: [running] [init.svc.logd]: [running] [init.svc.logd-reinit]: [stopped] [init.svc.macloader]: [stopped] [init.svc.magisk_pfs]: [stopped] [init.svc.magisk_pfsd]: [stopped] [init.svc.magisk_service]: [stopped] [init.svc.media]: [running] [init.svc.mediacodec]: [running] [init.svc.mediadrm]: [running] [init.svc.mediaextractor]: [running] [init.svc.netd]: [running] [init.svc.p2p_supplicant]: [running] [init.svc.perfprofd]: [running] [init.svc.qcamerasvr]: [running] [init.svc.qmuxd]: [running] [init.svc.qseecomd]: [running] [init.svc.rfs_access]: [running] [init.svc.ril-daemon]: [running] [init.svc.rmt_storage]: [running] [init.svc.servicemanager]: [running] [init.svc.surfaceflinger]: [running] [init.svc.sysinit]: [stopped] [init.svc.time_daemon]: [running] [init.svc.ueventd]: [running] [init.svc.vold]: [running] [init.svc.zygote]: [running] [keyguard.no_require_sim]: [true] [log.tag.WifiHAL]: [D] [logd.logpersistd.enable]: [true] [magisk.version]: [12.0] [media.aac_51_output_enabled]: [true] [media.sf.extractor-plugin]: [libffmpeg_extractor.so] [media.sf.omx-plugin]: [libffmpeg_omx.so] [media.stagefright.legacyencoder]: [true] [media.stagefright.less-secure]: [true] [mm.enable.smoothstreaming]: [true] [net.bt.name]: [Android] [net.change]: [net.dns1] [net.dns1]: [192.168.43.1] [net.dns2]: [165.21.100.88] [net.hostname]: [android-e0f984fca14f0860] [net.qtaguid_enabled]: [1] [net.rmnet0.dns1]: [] [net.rmnet0.dns2]: [] [net.rmnet0.dns3]: [] [net.rmnet0.dns4]: [] [net.tcp.default_init_rwnd]: [60] [net.tcp.delack.default]: [1] [net.tcp.delack.lte]: [8] [net.tcp.delack.wifi]: [20] [net.tcp.usercfg.default]: [0] [net.tcp.usercfg.lte]: [1] [net.tcp.usercfg.wifi]: [1] [persist.audio.fluence.speaker]: [true] [persist.audio.fluence.voicecall]: [true] [persist.audio.fluence.voicerec]: [false] [persist.data.netmgrd.qos.enable]: [true] [persist.data.qmi.adb_logmask]: [0] [persist.gps.qc_nlp_in_use]: [0] [persist.hwc.mdpcomp.enable]: [true] [persist.logd.logpersistd]: [] [persist.radio.add_power_save]: [1] [persist.radio.lte_vrat_report]: [1] [persist.radio.mode_pref_nv10]: [1] [persist.radio.plmnname_1]: [] [persist.radio.plmnname_2]: [] [persist.rild.nitz_long_ons_0]: [] [persist.rild.nitz_long_ons_1]: [] [persist.rild.nitz_long_ons_2]: [] [persist.rild.nitz_long_ons_3]: [] [persist.rild.nitz_plmn]: [] [persist.rild.nitz_short_ons_0]: [] [persist.rild.nitz_short_ons_1]: [] [persist.rild.nitz_short_ons_2]: [] [persist.rild.nitz_short_ons_3]: [] [persist.sys.camera-sound]: [0] [persist.sys.dalvik.vm.lib.2]: [libart.so] [persist.sys.dun.override]: [0] [persist.sys.gps.lpp]: [] [persist.sys.locale]: [en-US] [persist.sys.profiler_ms]: [0] [persist.sys.root_access]: [1] [persist.sys.timezone]: [Asia/Singapore] [persist.sys.usb.config]: [adb] [persist.sys.webview.vmsize]: [104857600] [persist.sys.xtra_time]: [1511788671078] [persist.timed.enable]: [true] [pm.dexopt.ab-ota]: [speed-profile] [pm.dexopt.bg-dexopt]: [speed-profile] [pm.dexopt.boot]: [verify-profile] [pm.dexopt.core-app]: [speed] [pm.dexopt.first-boot]: [interpret-only] [pm.dexopt.forced-dexopt]: [speed] [pm.dexopt.install]: [interpret-only] [pm.dexopt.nsys-library]: [speed] [pm.dexopt.shared-apk]: [speed] [qcom.audio.init]: [complete] [ril.ICC_TYPE]: [2] [ril.LoopbackCallFlag]: [false] [ril.RildInit]: [1] [ril.cs_svc]: [1] [ril.deviceOffRes]: [0] [ril.ecclist0]: [911,*911,#911,112] [ril.hasisim]: [0] [ril.hw_ver]: [MP 0.602] [ril.ims.ecsupport]: [2] [ril.ims.ltevoicesupport]: [1] [ril.initPB]: [1] [ril.modem.board]: [MSM8974] [ril.modem.lte.powercontrol]: [on] [ril.product_code]: [SM-N9005ZWEXSP] [ril.radiostate]: [10] [ril.rfcal_date]: [2013.11.20] [ril.sales_code]: [XSP] [ril.sw_ver]: [N9005DXUGBOK3] [ril.timezoneID]: [Asia/Singapore] [ril.wbamrstatus]: [0] [rild.libargs]: [-d /dev/smd0] [rild.libpath]: [/system/lib/libsec-ril.so] [ro.adb.secure]: [1] [ro.alarm_boot]: [false] [ro.allow.mock.location]: [0] [ro.baseband]: [msm] [ro.board.platform]: [msm8974] [ro.boot.baseband]: [msm] [ro.boot.boot_recovery]: [0] [ro.boot.bootdevice]: [msm_sdcc.1] [ro.boot.bootloader]: [N9005DXUGBOK3] [ro.boot.cp_debug_level]: [0x55FF] [ro.boot.debug_level]: [0x4f4c] [ro.boot.emmc]: [true] [ro.boot.emmc_checksum]: [3] [ro.boot.hardware]: [qcom] [ro.boot.nvdata_backup]: [0] [ro.boot.sec_atd.tty]: [/dev/ttyHSL0] [ro.boot.selinux]: [permissive] [ro.boot.serialno]: [d14352eb] [ro.boot.warranty_bit]: [1] [ro.bootimage.build.date]: [ven 21 apr 2017, 19.15.39, CEST][ro.bootimage.build.date.utc]: [1492794939] [ro.bootimage.build.fingerprint]: [samsung/lineage_hlte/hlte:7.1.2/N2G47E/a6b78badb0:userdebug/release-keys] [ro.bootloader]: [N9005DXUGBOK3] [ro.bootmode]: [unknown] [ro.bt.bdaddr_path]: [/efs/bluetooth/bt_addr] [ro.build.characteristics]: [default] [ro.build.date]: [ven 21 apr 2017, 19.15.39, CEST] [ro.build.date.utc]: [1492794939] [ro.build.description]: [hltexx-user 4.4.2 KOT49H N9005XXUENC2 release-keys] [ro.build.display.id]: [lineage_hlte-userdebug 7.1.2 N2G47E a6b78badb0 release-keys] [ro.build.fingerprint]: [samsung/hltexx/hlte:4.4.2/KOT49H/N9005XXUENC2:user/release-keys] [ro.build.flavor]: [lineage_hlte-userdebug] [ro.build.host]: [archimedes] [ro.build.id]: [N2G47E] [ro.build.selinux]: [1] [ro.build.tags]: [release-keys] [ro.build.type]: [userdebug] [ro.build.user]: [lord] [ro.build.version.all_codenames]: [REL] [ro.build.version.base_os]: [] [ro.build.version.codename]: [REL] [ro.build.version.incremental]: [a6b78badb0] [ro.build.version.preview_sdk]: [0] [ro.build.version.release]: [7.1.2] [ro.build.version.sdk]: [25] [ro.build.version.security_patch]: [2017-04-05] [ro.carrier]: [unknown] [ro.cm.build.version.plat.rev]: [0] [ro.cm.build.version.plat.sdk]: [7] [ro.com.google.clientidbase]: [android-google] [ro.config.alarm_alert]: [Hassium.ogg] [ro.config.notification_sound]: [Argon.ogg] [ro.config.ringtone]: [Resurrection.mp3] [ro.crypto.state]: [unencrypted] [ro.dalvik.vm.native.bridge]: [0] [ro.debuggable]: [1] [ro.device.cache_dir]: [/data/cache] [ro.device_owner]: [false] [ro.expect.recovery_id]: [0xbf077dc5f040e3482a684a8e12b8b5f22c225823000000000000000000000000] [ro.gps.agps_provider]: [1] [ro.hardware]: [qcom] [ro.hdcp2.rx]: [tz] [ro.hwui.drop_shadow_cache_size]: [6] [ro.hwui.gradient_cache_size]: [1] [ro.hwui.layer_cache_size]: [48] [ro.hwui.path_cache_size]: [32] [ro.hwui.r_buffer_cache_size]: [8] [ro.hwui.text_large_cache_height]: [1024] [ro.hwui.text_large_cache_width]: [2048] [ro.hwui.text_small_cache_height]: [1024] [ro.hwui.text_small_cache_width]: [1024] [ro.hwui.texture_cache_flushrate]: [0.4] [ro.hwui.texture_cache_size]: [72] [ro.modversion]: [RR-N-v5.8.3-20170421-hlte-Official] [ro.nfc.port]: [I2C] [ro.opa.eligible_device]: [true] [ro.opengles.version]: [196608] [ro.product.board]: [MSM8974] [ro.product.brand]: [samsung] [ro.product.cpu.abi]: [armeabi-v7a] [ro.product.cpu.abi2]: [armeabi] [ro.product.cpu.abilist]: [armeabi-v7a,armeabi] [ro.product.cpu.abilist32]: [armeabi-v7a,armeabi] [ro.product.cpu.abilist64]: [] [ro.product.device]: [hltexx] [ro.product.locale]: [en-US] [ro.product.manufacturer]: [samsung] [ro.product.model]: [SM-N9005] [ro.product.name]: [lineage_hlte] [ro.qc.sdk.audio.fluencetype]: [fluence] [ro.qc.sdk.izat.premium_enabled]: [0] [ro.qc.sdk.izat.service_mask]: [0x0] [ro.qualcomm.cabl]: [1] [ro.recovery_id]: [0x644fbea6d1f0bb3ba01b8818fef309ecc3dfacd9000000000000000000000000] [ro.revision]: [0] [ro.ril.svdo]: [false] [ro.ril.svlte1x]: [false] [ro.ril.telephony.mqanelements]: [6] [ro.rr.device]: [hlte] [ro.rr.display.version]: [RR-N-v5.8.3-20170421-hlte-Official] [ro.rr.version]: [RR-N-v5.8.3-20170421-hlte-Official] [ro.runtime.firstboot]: [1512973562428] [ro.secure]: [1] [ro.secwvk]: [144] [ro.serialno]: [d14352eb] [ro.sf.lcd_density]: [480] [ro.storage_manager.enabled]: [true] [ro.sys.sdcardfs]: [true] [ro.telephony.call_ring.multiple]: [0] [ro.telephony.ril_class]: [hlteRIL] [ro.vendor.extension_library]: [/vendor/lib/libqti-perfd-client.so] [ro.wifi.channels]: [] [ro.zygote]: [zygote32] [rr.build.type]: [Official] [rr.ota.version]: [20170421] [security.perf_harden]: [1] [service.bootanim.exit]: [1] [sys.boot_completed]: [1] [sys.cm_settings_secure_version]: [14] [sys.logbootcomplete]: [1] [sys.perf.profile]: [1] [sys.qseecomd.enable]: [true] [sys.sysctl.extra_free_kbytes]: [24300] [sys.sysctl.tcp_def_init_rwnd]: [60] [sys.usb.config]: [adb] [sys.usb.configfs]: [0] [sys.usb.state]: [adb] [tunnel.audio.encode]: [true] [use.voice.path.for.pcm.voip]: [true] [vold.has_adoptable]: [1] [vold.post_fs_data_done]: [1] [wifi.interface]: [wlan0] [wlan.driver.status]: [ok] [wrap.com.maingames.android.SPEN]: [LD_PRELOAD=/data/user/0/com.qwnx.jnhhdejehcwpisr/files/GG-1503979914/libh.so] hltexx:/ #

The rest of the elements depend on the selected tab. If the first tab (settings) is selected, the main part of the screen will be occupied by the list of settings. All other tabs will have two panels. Their content is slightly different and may depend on application settings. On the narrow top panel, the following is normally displayed (from left to right): the game pause button, the pid of the selected process and its name, the amount found (only on the search tab), the menu button (if the toolbar is disabled on this tab) and the list update button. By the name of the process, you can click - this will open the dialog for selecting the process. Click on the number of found opens the filter dialog. Below is the toolbar with quick action buttons. It can be hidden, through the settings of the application, for each tab separately. The rightmost button in the toolbar is the menu button. It shows a complete list of possible actions. The first actions are displayed on the toolbar itself. All that is not fit - hiding. In the application settings, you can specify the algorithm for filling the toolbar with buttons: from the right edge (default), from the left edge and from the center. If you do not know the purpose of any icon - press the menu button and see the text description for each icon. Under the toolbar is a list of items. For each tab, it has its own: search - search results, saved list - list items, memory editor - memory contents. Let's consider each tab in more detail. Let's start with the settings tab. Here is a list of all available settings for the application, as well as some actions. The list is regularly updated and expanded. There are such items: 1. Help. Runs the application's built-in help. 2. Donate. Opens the browser with a donation page on the official website. 3. Select process. Opens the game process selection dialog. Can be invoked by clicking on the process name or the game icon. 4. Exit. The application exit. 5. Kill the game. Kills the selected application by calling the system call 'kill'. Can lead to loss of game data, since this close is forced. 6. Select memory ranges. Opens the memory regions selection dialog. Memory in the processes of android is allocated by blocks, some of which are marked in a special way. In this dialog, you can select the categories of memory blocks that will be used when searching for values. Most regions have common names, so you can get more information by typing their name into a web search. Java heap - the main Java memory. C++ heap - main memory for native code. C++ alloc - dynamic allocation of memory in native code. C++ .data - pre-initialized memory in native code. C++ .bss - memory initialized by zeros in the native code. PPSSPP - PPSSPP emulator memory, which contains the game. Anonymous - regions of memory without description - there can be anything data. Java - system regions of Java memory, are usually not needed, since they do not contain user application data. Stack - memory of the native code stack. Usually not needed, because it contains very rapidly changing local data. Sometimes applications use this memory to store long-term values, but this is considered bad practice and is practiced very rarely. Ashmem - shared memory - can sometimes be used by applications for user data, but this happens rarely. Other (slow) - all other regions of memory that are available for reading and writing, but not in other regions. The use of these regions can help in certain situations, but in most cases they are not needed. In addition, they are quite large and some of them have slow access, which leads to a strong slowdown in search. If you find values in this group of regions, you need to write the region log when there are such values found, and send it to us so that we improve the definition of regions. Bad - "bad" regions of memory, which can not exactly contain useful data for hacking. For example, an accelerator video buffer, system fonts and so on. Can very slow down the search. On some firmware, the use of these regions can lead to freezes or reboots. Code app (dangerous) - the code of the application. Changing this memory can corrupt user data. Code system (dangerous) - the code of the system libraries. Changing this memory can corrupt user data. Regions that are marked as (slow) can greatly slow down the search. Changing the memory in (dangerous) regions can lead to application crashes and data corruption. 7. Autpause game. Automatic pausing of the game process when opening the GG interface. It can be useful in dynamic games, as well as to bypass simple defenses. If you hide the GG interface, the game will resume. 8. Freeze interval. Interval, in milliseconds, overwriting the values ??in the memory of the game when freezing. The whole point of freezing the value in the memory of the game comes down to the fact that GG very often rewrites the value in the memory of the game. There is no other way to freeze the value. Small values can lead to increased CPU usage, heat and battery consumption. 9. Saved list updates interval. The interval for updating the values ??in the saved list. Small values can lead to increased CPU usage, heat and battery consumption. 10. Data in RAM. Storage of search data in memory. You can select a specific amount of memory. All that more will be stored on the disk. Usually the best option is to choose Yes if you have enough memory. This does not mean that the entire device memory will be used. If there is a shortage of memory, the data will be flushed to disk, regardless of what is selected here. This option can greatly speed up the search, however, in x86 emulators, using RAM can, on the contrary, slow down the search. Usually the data is quite large, so the choice of 5-20 MB does not change anything. The difference, usually, can be seen from 100 MB and above. 11. Language (Language). Select the language of the application. This setting item always has an English version of the name so you can find it even if you select a language that you do not know or for which there is no font on your system. This setting requires the application to be restarted. If this is not done, then some of the dialogues will remain in the previous language. Almost all of the language options are available in the application. 12. Speedhack: Reset on exit. Reset speedhack when exiting from the application. If disabled, then when you exit from the application, the reset will not happen and the game will remain accelerated or slow. To change the speed in the game again, you will need to run GG again. 13. Speedhack: List of speeds. Edit speed list of the speedhack. It is at these speeds that the speedhead switches, when you press the left / right arrows. 14. Speedhack: List of speeds. Specifies the behavior when processing list of the speeds. Available options: Nothing - there is no processing, that is entered into the list, it will be. Sort - the list is sorted in ascending order. Sort and remove duplicates - the list is sorted in ascending order, and duplicate values are deleted.

What is this use for? ??????? for _FORV_3_ = 1, 0 do print(_FORV_3_ + ii + iii + iiii + iiii + iiiii + iiiiii + iiiiiii + iiiiiiii) for _FORV_7_ = 1, 1 do print(_FORV_3_ + _FORV_7_ + iii + iiii + iiii + iiiii + iiiiii + iiiiiii + iiiiiiii) for _FORV_11_ = 1, 2 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + iiii + iiii + iiiii + iiiiii + iiiiiii + iiiiiiii) for _FORV_15_ = 1, 3 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + iiiii + iiiiii + iiiiiii + iiiiiiii) for _FORV_19_ = 1, 4 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + _FORV_19_ + iiiiii + iiiiiii + iiiiiiii) for _FORV_23_ = 1, 5 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + _FORV_19_ + _FORV_23_ + iiiiiii + iiiiiiii) for _FORV_27_ = 1, 6 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + _FORV_19_ + _FORV_23_ + _FORV_27_ + iiiiiiii) for _FORV_31_ = 1, 7 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + _FORV_19_ + _FORV_23_ + _FORV_27_ + _FORV_31_) end end end end end end end end for _FORV_3_ = 1, 0 do print(_FORV_3_ + ii + iii + iiii + iiii + iiiii + iiiiii + iiiiiii + iiiiiiii) for _FORV_7_ = 1, 1 do print(_FORV_3_ + _FORV_7_ + iii + iiii + iiii + iiiii + iiiiii + iiiiiii + iiiiiiii) for _FORV_11_ = 1, 2 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + iiii + iiii + iiiii + iiiiii + iiiiiii + iiiiiiii) for _FORV_15_ = 1, 3 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + iiiii + iiiiii + iiiiiii + iiiiiiii) for _FORV_19_ = 1, 4 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + _FORV_19_ + iiiiii + iiiiiii + iiiiiiii) for _FORV_23_ = 1, 5 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + _FORV_19_ + _FORV_23_ + iiiiiii + iiiiiiii) for _FORV_27_ = 1, 6 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + _FORV_19_ + _FORV_23_ + _FORV_27_ + iiiiiiii) for _FORV_31_ = 1, 7 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + _FORV_19_ + _FORV_23_ + _FORV_27_ + _FORV_31_) end end end end end end end end for _FORV_3_ = 1, 0 do print(_FORV_3_ + ii + iii + iiii + iiii + iiiii + iiiiii + iiiiiii + iiiiiiii) for _FORV_7_ = 1, 1 do print(_FORV_3_ + _FORV_7_ + iii + iiii + iiii + iiiii + iiiiii + iiiiiii + iiiiiiii) for _FORV_11_ = 1, 2 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + iiii + iiii + iiiii + iiiiii + iiiiiii + iiiiiiii) for _FORV_15_ = 1, 3 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + iiiii + iiiiii + iiiiiii + iiiiiiii) for _FORV_19_ = 1, 4 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + _FORV_19_ + iiiiii + iiiiiii + iiiiiiii) for _FORV_23_ = 1, 5 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + _FORV_19_ + _FORV_23_ + iiiiiii + iiiiiiii) for _FORV_27_ = 1, 6 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + _FORV_19_ + _FORV_23_ + _FORV_27_ + iiiiiiii) for _FORV_31_ = 1, 7 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + _FORV_19_ + _FORV_23_ + _FORV_27_ + _FORV_31_) end end end end end end end end for _FORV_3_ = 1, 0 do print(_FORV_3_ + ii + iii + iiii + iiii + iiiii + iiiiii + iiiiiii + iiiiiiii) for _FORV_7_ = 1, 1 do print(_FORV_3_ + _FORV_7_ + iii + iiii + iiii + iiiii + iiiiii + iiiiiii + iiiiiiii) for _FORV_11_ = 1, 2 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + iiii + iiii + iiiii + iiiiii + iiiiiii + iiiiiiii) for _FORV_15_ = 1, 3 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + iiiii + iiiiii + iiiiiii + iiiiiiii) for _FORV_19_ = 1, 4 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + _FORV_19_ + iiiiii + iiiiiii + iiiiiiii) for _FORV_23_ = 1, 5 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + _FORV_19_ + _FORV_23_ + iiiiiii + iiiiiiii) for _FORV_27_ = 1, 6 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + _FORV_19_ + _FORV_23_ + _FORV_27_ + iiiiiiii) for _FORV_31_ = 1, 7 do print(_FORV_3_ + _FORV_7_ + _FORV_11_ + _FORV_15_ + _FORV_15_ + _FORV_19_ + _FORV_23_ + _FORV_27_ + _FORV_31_) end end end end end end end end _______________________________________________ added 4 minutes later ?The so-called can not be decoded??????? check_Hook() gg.alert([[ Checking(Main content) has already ended,the following script is just a test object to let people to test to hook. The following script is made by an unknown guy which he allowed that script to leaked. For recommand,i highly recommend that if you hooked the script and get the code,please dont post/leak due the fourm has pubg dev sniping. If you wanna post,please use 'xxxxxx' < example To hide the code.Please and thanks.]], "Contiue") function Main() menu = gg.choice({ "Anti-Ban(INSTA BAN IF USE)", "cham", "color", "some function", "insta hit", "gun skin", "exit" }, nil, (os.date("【health lock and invisible updated】"))) if menu == 1 then A() end if menu == 2 then B() end if menu == 3 then C() end if menu == 4 then D() end if menu == 5 then E() end if menu == 6 then F() end if menu == 7 then Exit() end XGCK = -1 end function A() menu1 = gg.multiChoice({ "防封防框架封号(在登录界面开，就是QQ与微信登录那个地方开启)【第一步】", "防封防追封(结算界面开一次就行)", "究极防封第一代(进入大厅之前开启)", "究极防封第二代(进入大厅之前开启)", "一键防封(大厅开启自动冻结)【第二步】", "防决赛圈封号(游戏内开启，在还有20人左右开一次10人开一次左右)【第三步】", "完美解决变态封号(进大厅之前开一次就行)玩一局要退出游戏重新进游戏不然第二局封", "一键2改9999(每一个毒圈都开一次)", "返回" }, nil, (os.date("Not gonna translate bc it's useless "))) if menu1 == nil then else if menu1[1] == true then F1() end if menu1[2] == true then F2() end if menu1[3] == true then F3() end if menu1[4] == true then F4() end if menu1[5] == true then F5() end if menu1[6] == true then F6() end if menu1[7] == true then F7() end if menu1[8] == true then F8() end if menu1[9] == true then

Ladies and Gentlemen of GameGuardian, I'm not sure if you're aware, but it IS possible to hack this game! Sadly, we can't alter the game while it is active, but we CAN edit the save file! I use Hex Editor, but if there is a hex reader/editor app that you prefer, it should work the same. Attached is a list of all the items in Final Fantasy Dimensions, as far as I could find. There ARE some missing, but that's most likely due to them being on an ID that's much further than I wanted to take time to find. These items are listed, so if you find them in-game, let me know, please! Without further ado, HOW to hack: Now, I take no credit for this info, just the list. All my infos came from Android Cheats. Newho... 1. Locate your file. It should be /data/data/com.square_enix.android_googleplay.ffl_gb/files. That's where mine is. The save.bin is the file in question. 2. Locate info you wish to modify. This is pretty easy if you use the first save slot. Your money should be really close to the top of the file, your inventory under that, then character stats under the inventory (the character names are spelled out if you're using Hex Editor, so even easier!!!) I find Sol's info at line 17d6. 3. Change what you want! Before you go gung-ho changing stuff, you should know that there's a checksum on the save. For those who don't know what that is, here's the simple explanation: In order to take, you must give. In order to give, you must take (Equivalent Exchange, eh? EH?! Maybe I'm just watching FMA too much recently...). Each byte is added up (in portions, I believe) to check the whole size of the file. If it's not the same as when the game last saved, it won't load. Trust me. There are two ways to get around that: shifting numbers and the give-and-take. Shifting: Lets use gil for an example. You start the game with 300 gil. So, at the top, you'll find "00 00 01 2c". Quite simply, you rearrange those numbers. So, "2C 01 00 00". That's usually sufficient for gil, but it can be applied elsewhere. Give-and-Take: Let's move to character stats. (For me,) Three lines under Sol's name you'll find his EXP, current Health, and current MP (actual stats are directly tied to level and class, so those don't even get recorded in the save file). At the beginning of the game, that's 97, 71, and 21, respectively. So, in the save file, you'll see 00 61 00 47 00 15. If you want to raise his EXP by 10 in hex, you'd change, say, HP to 37 and then you can raise EXP to 71. The easiest way to tell which numbers are which are by having a hex calculator handy and recording things before you close the game. EXP, HP, MP, AP, Job Levels, JP, all can easily be changed by taking from another (HP works best because you can easily heal that back in the game). Items I don't fully understand the inventory yet, so don't touch that. You can find the items themselves easily enough with the IDs I've provided, but the quantities are the problem. They're in a certain order, so unless you know what's what, it'll ***** you up. And just changing one item to another will break the item; you'll have 0 of the new item, so it'll be gone once you use it, and the old item won't be able to be used again, even if you get more of it. So, we go to character equipment! For Sol, shortly after the HP and MP, you'll see "00 14 00 00 00 00 01 3b 00 00". This, my friends, is where item babies are born. I MEAN, you can alter his equips! Yeah! every two bytes is an item. Respectively, you've got R. Hand, L. Hand, Head, Body, Accessory. The same laws still apply, so your best bet is to take from HP. So, say you want to change his current Short Sword (14) to a Greatsword (1a). The difference in hex is 6, so HP becomes 41 while R. Hand becomes 1a! Load game and... BAM! In this manner, you can do a force dual equip, even of items that are two handed (DUAL WIELDIN BOWS LIKE AH GOTS 4 ARMS!?), equip regular items then un-equip them to have them in your inventory (Secret Memory, I'm lookin at you... Can someone confirm if this works, actually? It's a memory that gives 30 to a Memorist stat!), and even, say, equip an accessory on your head (which I just checked. Hermes' Sandals and Miracle Shoes! HUZZAH!). Each character's layout is relatively the same model. You can even edit the temp characters, but I haven't so I can't say what will happen when you do. Since I've been using a brand new file to figure out all this (my legit file is on an unrootable device....), I haven't actually worked on any of the job-related stats, such as abilities, JP, AP, and Job Level, but it should be rather easy; someone else has modded AP, and the Job Levels are in a nice little row in the memory, which I DO plan on figuring out once I've got the jobs. I'll update this post once I've got that. Lastly, a few notes about the file. Again, there are a scant few items and equips that I haven't ID'd. If you find one, let me know. I'll update the file ASAP to reflect new info. Any colored items/equips simply denotes that it's an item out of numerical order in the memory. More for my knowledge than anything else, but it may help guide those who explore the memory. The list is currently: Weapons, Armor, Accessories, Items. I plan on adding Abilities once I know all the IDs. I'll also explain how to mod those then. If I can, I'll figure out Fusion Abilities, but I suspect that will be just a smidgen harder than I anticipate, so that will probably come last. I apologize for the length of the post, but I simply suck at "as little words as possible". Didn't do too well in that class... If someone wants to take the meat of this post and condense it, I won't be mad. Just, ya know, give credit where it's due, yeah? Oh, one final thing: if you mod your file and can't seem to fix what went wrong, remember the Resume function in the game: just Resume your game and re-Save. It's a pretty neat fail-safe, actually. Just be careful where you can, k? Happy Haxxing! -Arikaido FFD Item IDs.pdf

Disclaimer: This guide is for educational purposes only. The techniques explored here are intended for understanding the technical aspects of Android games. Users are advised to use this knowledge responsibly and within legal and ethical boundaries. I disclaim any liability for misuse or unauthorized activities. Use this information at your own risk. As you explore with me, remember it's all about learning, not mischief. If you decide to try out any of these tricks, make sure it's within the rules and plays nice with the devs. I'm not taking responsibility for any shenanigans, so be cool, and enjoy the learning ride. Cheers! Goals : • Identify server-side data from local data. • How to tamper server-side data . • bypass SSL encryption. Requirement : • You should be familiar with requests ( http ) . • You should have some level of knowledge about reverse-engeneering / Exploits / etc. Tools : • GameGuardian. • Frida. • IDA (Pro). • BurbSuite / any other proxy interceptor. • LUA Decryption and Encryption for cocos2dlua. Difficulty : 8/10 ----- Let's Dive IN -----First step is to collect information about the game start playing the game normally to get some information about it, it's concept and what data they have like items , coins , gems , vip , battlepass, etc and what they call it in game. Open GameGuardian or root explorer to know what engine the game use and it's libs, like libIl2cpp.so for Unity , Cocos2d for coco's 2d games , or a custom lib built on top of other games engines like libLotaApp. BurbSuite Start Intercepting traffic. Set Up Your Environment Install Burp Suite: Download and install Burp Suite from the official website. Configure Your Android Device: Connect your Android device to the same network as your computer. Go to Wi-Fi settings, find your connected network, and set the proxy to your computer's IP address and the port Burp Suite is running on (default is 8080). Step 2: Configure Burp Suite Start Burp Suite: Open Burp Suite and go to the "Proxy" tab. Configure Proxy Settings: Under the "Options" tab, go to "Proxy" settings. Ensure the proxy listener is running on the IP address and port you specified in your Android device's Wi-Fi settings. Install Burp's CA Certificate: In Burp Suite, go to "Proxy" > "Options" > "Import / export CA certificate." Click "Save CA Certificate" to save the certificate. Transfer the certificate to your Android device and install it. when Exporting the Certificate You should put the Extention of it .ctr Step 3: Configure Android Device Install and Configure Proxy on Android: Ensure the proxy listener is running on the IP address and port you specified in your Android device's Wi-Fi settings. For APN edit the Access point name : Install the Exported Certificate from burb to your Android phone Step 4: Start Capturing Traffic In the "Target" tab, you should see the target host(s) that your Android device has communicated with. Browse on Android Device: Open the browser on your Android device and start browsing. Burp Suite will capture the traffic, In the "Target" tab, you should see the target host(s) that your Android device has communicated with. Inspect and Manipulate Traffic: In the "Proxy" tab, you can intercept requests and responses, inspect them, and even manipulate them before forwarding. Use Other Burp Suite Tools: Explore other tools in Burp Suite, such as "Repeater" and "Intruder," to perform further analysis and testing. Hierarchy: The Site Map is organized in a hierarchical structure that represents the different hosts and paths your client has communicated with. Hosts and Paths: Hosts represent the web servers or domains that your client has interacted with. Paths represent specific URLs or routes within those hosts. HTTP Methods: Each entry in the Site Map includes information about the HTTP methods used (GET, POST, etc.). Status Codes: The status codes of the responses (e.g., 200 OK, 404 Not Found) are displayed, providing insights into the server's responses. Request and Response Details: Clicking on an entry in the Site Map reveals detailed information about the request and response for that specific interaction. This includes headers, parameters, and content. Filtering and Searching: You can filter and search for specific requests or hosts, making it easier to focus on relevant parts of the traffic. Context Menu: Right-clicking on an entry provides a context menu with various options, such as sending the request to other Burp Suite tools for further analysis. Interactivity: The Site Map is an interactive tool that allows you to manipulate and analyze the captured traffic in real-time. Use Cases: Analysis and Debugging: Identify patterns and anomalies in your web traffic for analysis and debugging purposes. Security Testing: Spot potential security issues, such as vulnerabilities or unusual behaviors. Mapping Application Flow: Understand how different paths in your application are accessed and interacted with. select all URLs and right click -> delete selected items ( we don't need them ) launch the app and watch what the app send when it execute I launched "Mythic Su*moner" and this traffic get captured But Most games use SSL pinning and they don't show the full trafic even when intercepting with them . in this case we need Frida to UnSSL it. ( u can use it to bypass root detection aswell ). SSL pinning, also known as certificate pinning or public key pinning, is a security mechanism employed in applications to enhance the security of SSL/TLS connections. It involves associating a specific SSL certificate or public key with a particular domain, and the application will only accept connections with that specific certificate or key. Normal SSL/TLS Connection: In a standard SSL/TLS connection, a client (e.g., a mobile app) connects to a server, and the server presents its digital certificate to the client during the handshake process. SSL Pinning Process: With SSL pinning, the client embeds a specific SSL certificate or public key within the application. When establishing a connection to the server, the client checks whether the server's presented certificate matches the embedded certificate or public key. Verification and Trust: If the presented certificate matches the pinned certificate or key, the connection is considered trusted, and the communication proceeds. If there's a mismatch or the server presents a different certificate, the connection is rejected, preventing potential man-in-the-middle attacks. Using Brbsuite To listen to the game traffic is man-in-the-middle attack. that's why Most of the trafic is rejected in the 1st capture FRIDA Connect your phone with ur pc via USB & and inject an Agent into the process to UNSSL Pinning : when You UNSSL the game you get More Trafic : With this traffic UNSSLed you can play with it, inspect it and modify it with the repeater ( this is how you hack the server-side ) this method called Tampering data. How to Identify Server Data and Local Data. Select the inapps.appflyer.com and watch it when you play every changement in data ( server side ) get registered by this url ( most cases ) it will send a gzip to server and save it there . any local data will be saved in your machine ( android device ) or memory and the inapps.appflyer.com won't send a request. Some games use SOCKET to connect the game and the server and keeps the connection open until the game get terminated or the server get shut down, with burb you can Intercept sockets aswell. TIP : while you intercepting traffic from burb open the lib with IDA pro to dissassemble it. IDA make sure IDA fully dissassemble the lib by showing idle on the buttom go to the functions menu hit ctrl + F to start searching for keywords I mentioned at the beginning ( gold , items name , coins , player stats etc ) when I search for the keywords no functions / methods found that mean the logic and the data proccess isn't in the lib nor in the traffic ( most of them ) that means the only way to store the logic is in the files in this example game. if you found functions your starting point start with frida, you can use Frida to hook it and track the pointers and afterword GG to create a script. Decrypt LUAC take the apk and unzip it ( open with rar / 7zip ) you'll end up with the game files and Done the logic is found in the game files , the game use lua to run with C and cocos2d. but the game won't leave the game logic and codes open and public the must use some sort of encryption to it , for that they use LUAC is the Lua compiler responsible for taking Lua source code and transforming it into Lua bytecode encrypted. try another file : notice : i0lzCcmB1Cjxk6DpvlmdPINybrXXeBA1 each file have this signature at the start ofthe it IDA & LUA Decryption and Encryption for cocos2dlua. copy the signature and search ida for it but this time in the string if found you should find the key aswell : I use IDA & LUA Decryption and Encryption for cocos2dlua to decrypt the files. after it's done every file will be unencrypted and easy to read : and with that data you can create anything you want / mod / script etc Why not just frida? to use frida you need a pc ( termux users isn't included because you just need a pc to use frida -_-) agents ( frida scripts ) isn't portable you always need your pc to use the script powerd with usb I mean too much pain that's why in my opinion GameGuardian is the best choice you can run the script anywhere anytime + lua much easier than js. not all libs work with libc and not all of them contain usefull resources like the example above. ---- tips : the data should be stored in -server -local machine ( your device ) the game files "apk" ( your device aswell ) look at these 3 places to find the game resource. game logic either in the files or in the lib ( like il2cpp ) android games can't afford Hosted Hypervisor for the logic processing. I can update this topic, comment out what you want to know more about ( exluding server-side hacks ) I won't provide tools all you need is your brain to outsmart devs.

i'm giving to u All latest codes u got 205 cars+bike Cars id: cars name 1 Dodge Dart GT + p 2;8;10;12;15;20;25;30:61 search in flot n edit into 2 Audi R8 e-tron + p 999,999,999 its for unlimited nitro works only in one race 3 Tesla Model S + p 4 Cadillac ATS + p 5 Cadillac XTS + p 6 Scion FR-S hidden car p 7 Mini Cooper S Roadster + p 8 Alfa Romeo MiTo GTA + p 9 Audi S4 + p 10 Nissan 370Z + p 11 Audi RS 3 Sportback + p 12 Mercedes-Benz SLS AMG Electric Drive + p 13 Audi TTS Coupe + p 14 Chevrolet Camaro GS + p 15 Ford Focus RS + p 16 Lamborghini Urus + p 17 Infiniti FX50 + p 18 Lotus Exige S Coupe + p 19 Audi RS 4 Avant + p 20 Alfa Romeo 8C Competizione + p 21 DS Survolt + p 22 Aston Martin DB9 Coupe + p 23 Lamborghini Countach 25th Anniversary p 24 Maserati GranTurismo Sport p 25 Bentley Continental GT V8 p 26 Aston Martin V12 Zagato p 27 Aston Martin V12 Vantage p 28 Nissan GT-R (R35) p 29 Ferrari 458 Italia p 30 Ford Shelby GT500 p 31 Cadillac CTS-V Coupe Race Car p 32 Mercedes-Benz SL 65 AMG Black Series p 33 Dodge Viper SRT10 ACR-X p 34 Chevrolet Corvette C7 p 35 McLaren 12C Spider p 36 Pagani Zonda R p 37 Ferrari F12berlinetta p 38 Lamborghini Sesto Elemento p 39 Marussia B2 p 40 RUF RT 12 S p 41 Lamborghini Veneno .. p 42 GTA Spano .. p 43 RUF CTR 3 hidden car p 44 Ferrari FXX Evoluzione p 45 Bugatti 16.4 Grand Sport Vitesse .. p 46 Mercedes-Benz Silver Lightning .. p 47 Koenigsegg Agera R .. p 48 Ferrari 599XX p 49 Lamborghini Gallardo LP 560-4 2013 p 50 Renault CLIO R.S. 200 EDC p 51 BMW M6 p 52 Ferrari F430 p 53 Lotus Evora Enduro GT p 54 Ferrari LaFerrari .. p 55 W Motors Lykan HyperSport p 56 Pagani Huayra .. p 57 McLaren P1 p 58 SSC Tuatara p 59 Ferrari Testarossa p 60 SRT 2013 Dodge Challenger SRT8 p 61 Ford F-150 p 62 Hennessey Venom GT .. p 63 Chrysler ME412 p 64 Ferrari FF p 65 Ford 2006 GT p 66 Mercedes-Benz SLS AMG GT Coupé Final Edition .. p 67 2015 Ford Mustang p 68 Jaguar C-X75 p 69 Mercedes-Benz CLK GTR AMG p 70 Mercedes-Benz Biome p 71 Peugeot Onyx p 72 Jaguar F-Type R p 73 Savage Rivale Roadyacht GTS p 74 Mazda Furai p 75 Nissan GT-R NISMO p 76 SSC Ultimate Aero XT p 77 Rimac Consept One p 78 Savage Rivale GTR p 79 Maserati MC12 p 80 Volkswagen W12 p 81 Koenigsegg One:1 p 82 9FF GT9 VMAX p 83 Tramontana XTR p 84 Felino cB7 p 85 Spada Codatronca TSS p 86 Arrinera Hussarya p 87 Lucra L148 p 88 Acura NSX 2005 p 89 Renault DeZir p 90 Ferrari F40 p 91 Ferrari Enzo Ferrari p 92 Ferrari 612 Scaglietti p 93 Ferrari F50 p 94 Ferrari 308 GTS p 95 Ferrari 330 P4 p 96 Volkswagen Golf Design Vision GTI p 97 BMW M3 Sedan p 98 Audi R8 LMS Ultra p 99 BMW M1 p 100 HTT Plethore LC 750 p 101 Lamborghini Aventador LP 700-4 p 102 Geely GC9 p 103 ONUK Sazan LM .. p 104 Mitsubishi Lancer Evolution X p 105 Chevrolet SS p 106 AC 378 GT Z p 107 Kepler Motion p 108 McLaren 675LT p 109 Bentley EXP10 Speed 6 p 110 McLaren P1 GTR p 111 Camaro Z/28 p 112 Datsun 280Z p 113 Shelby Cobra 427 p 114 SUBARU IMPREZA WRX STI p 115 McLaren 570S p 116 Lamborghini Huracan p 117 Cadillac 16 Consept p 118 McLaren F1 XP-5 p 119 DS 3 Racing p 120 Honda S2000 p 121 Range Rover Evoque Coupe HSE Dynamic + p 122 Mercedes-Benz SLK 55 AMG + p 123 Toyota Supra RZ (Mark IV) p 124 Nissan Skyline GT-R (R34) + p 125 Peugeot SR1 + p 126 Lamgorghini Asterion hidden car p 127 Mazzanti Evantra p 128 Mosler GT3 p 129 Lamborghini Egoista + p 130 Renault Sport R.S. 01 p 131 TRION NEMESIS p 132 ED Design Torq + p 133 Alfa Romeo 4C p 134 Lamborghini Estoque + p 135 Rinspeed zaZen p 136 Sbarro Alcador p 137 Holden Coupe 60 + p 138 Volkswagen Beetle Turbo + p 139 Lamborghini Miura + p 140 Cheverolet 2016 Camaro SS p 141 Ferrari 458 Italia + p 142 Mosler Super GT + p 143 Mazda RX8 + p 144 BMW 3.0 CSL Hommage hidden car p 145 Honda Integra Type-R p 146 Devel Sixteen Prototype + p 147 Mazda 6 p 148 Mitsubishi Eclipse p 149 nanoFlowcell QUANT FE p 150 Fenyr SuperSport not found me still hidden 151 nanoFlowcell QUANTINO p 152 Weber Faster One p 153 Mercedes-AMG GT3 p 154 Nissan Juke Nismo p 155 Jaguar XJ220S p 156 Mercedes-AMG C 63 Couple touring car 2014 hidden car p 157 Jaguar F-TYPE Project 7 p 158 Aston Martin One-77 p 159 Donkervoort D8 GTO p 160 Caddilac ATS-V Coupe p 161 BXR Blade p 162 M Benz GLC Coupe p 163 2015 GTA Spano p 164 Falcon F7 hidden car p 165 TVR Sagaris p 166 Citroen GT hidden car dought ful p 167 Icona Vulcano p 168 Chevrolet Corvette C3 p 169 AlfaRomeo Giulietta 2016 Veloce p 170 Mercedes Benz CLA 45 AMG Racing Series p 2;8;10;12;15;20;25;30:61 search in flot n edit into 171 McLaren M14A p 999,999,999 its for unlimited nitro 172 McLaren Mercedes MP4-25 p 173 Arash AF10 p 174 Aston Martin Vulcan p 175 Chevrolet Impala p 176 2010 Bentley Continental Supersports p 177 Mosler Land Shark p 178 BMW M2 p 179 McLaren/mp4-9 p 180 Renault Alpine Celebration p 181 Lamborghini Aventador SV p 182 Buick Avista Consept p 183 Mercedes-Benz SLK 55 AMG special edition (S).. p 184 McLaren mp4-31 p 185 sbbro spatra p 2;8;10;12;15;20;25;30:61 ........(down here......im discover personaly)...... search in flot n edit into 999,999,999 its for unlimited nitro 186 Chevrolet covette grand sports hidden car (S).. p 187 Sin R1 (A) .. p 188 Ferrari GTCLusoo .....(B)... p 189 lotus evora sport 410 (B)>... p 190 Porsche gayman GT4 (B).... p 191 Porsche 718 boxster S (C) Me discover p 192 Porsche 959 (D) Me discover p 193 Porsche 911 GT3 RS (A) Me discover p 194 porsche 918 spyder with ..... (S) Me dicover p 195. HAYBUSA p 196 Suzuki GSX-R750 (D) Me discover p 197 Peugeot RCZ R (D) ME discover p 198 KTM 1920 super duke R p 199 Ducati super sports p 200 Ducati monster 1200s p 201 Mercedes-benz SLR Mclaren 722 Edition (S) Me dicover p 202 kawasaki z800 p 203 Aprilia Tuono v4 1100RR MY2017 (S) Me dicover hidden bike p 204 honda civic type-R (C) ME p 205 not found me still hidden 206 McLaren 650S GT3 (A).... p 207 Arrinera Hussarya Gt (S).. p 208 Villain wheels 209

Lesson 1: GameGuardian Lesson - Getting Started Note: This article is re-shared because original author deleted it What is GameGuardian? GameGuardian is application for Android Operation System, which afford you to hack and modify memory, used by games and other software. Sounds complicated? Just look to screenshots below and you will quickly understand. So, GameGuardian allow you to modify any numeric value (and not only numeric, but graphics data, like HP/MP bars, too). As you can see GameGuardian designed to be your ultimate cheating and hacking solution. There few features, you should know or be aware of: You NEED ROOT. Sorry, non-rooted devices will not support GameGuardian. GameGuardian is completely free. There is no paid functions or features. Everything completely free. However, your donations will be very nice and hardly appreciate. =) The performance of the program are very heavy based on your device’s CPU and memory. In other word – better your phone is, better and faster your program will be. So, let’s move? GameGuardian official site and authors Official GameGuarding site is gameguardian.net. Beware, there are many scums in the Internet, who claimed that their ad-bloated sites are official residence of GameGuarding and they even asking money for this program! Assholes… GameGuarding made by and maintained by four people: d2dyno [Profile] – Owner, lead designer, project management. Enyby [Profile#1] & [Profile#2] – Lead coder, project management. Trasd [Profile] – Technical consultant, project management. Aqua [Profile] – Creator (retired). GameGuardian Download Move on official GameGuarding’s site: gameguardian.net/download and follow this instruction to download: 1. Click on “Download this file”; 2. Agree with Terms; 3. Wait until download is end. You can find latest version of GameGuarding on this link: gameguardian.net/download GameGuardian Install 1. Now transfer installation file on your phone and tap on it to install. 2. Giving root access. One more time – you NEED ROOT to this APP works properly. You need grand root access few times. NOTE: This is okay that name of GameGuardian changed from “GameGuardian” to some random gibberish like “yelbplyqvsly”. This made in a order to bypass anti-cheat mechanism of some games. Nowdays games are searching for “GameGuardian” in your APP list and when they found “GameGuardian” they stop to work, telling you to delete this APP before playing the game. But if GameGuardian installed on your device with different absurd name like you see on screenshots below, anti-cheat mechanism of game will not work properly and you cheat freely. 3. That’s all. Now you have GameGuardian properly installed. You can find shortcut on your homepage. NOTE: if, you have this message during the installation “For security, your phone is set to block installation of apps obtained from unknown sources”, this means your device’s security settings are blocking installation APK not from Google Marker. You can disable it, by going into “Settings” – “Security” – “Unknown Sources: ON” GameGuardian Update If you installing newer GameGuardian over previous version installer will ask you to delete previous version from your device. GameGuardian Uninstall You can delete GameGuardian freely without any problem. Go in you APP list Find GameGuarding icon (in may names different, like some gibberish , it is okay) Delete it as any other program from your android. No restart or reboot needed. Credit: greatestmeow Lesson 2: GameGuardian Lesson - Searching “known” value Note: This article is re-shared because original author deleted it Let’s do our first hack in this GameGuardian manual. For our first hack we will try something simply. I recommend Tap Counter [Link]. Only 80 KB, no special permission required. Try this one for practice. Step #1. Launch GameGuardian and select “Tap Counter” as your target application. After that press on “cross” icon in top-right corner Step #2. Now launch Tap Counter and tap it few times. Remember number 3 (three). Go back to GameGuardian and tap “known” button. Step #3. Here we go. This is our search window. Input: value is “3” and type is “auto”. Start searching and wait. Let me explain a little. In “value” text field you should input value you would like to search, for example 3 (three) as you see in our game/app. In “type” text field you should select one of the type you are looking for: Byte – if your value is from 0 to 255; Word – if your value is from 0 to 65,535; Dword – if your value is from 0 to 4,294,967,295; Xor – if your value is from 0 to 4,294,967,295; Float – if your value has decimals, like 9.3335 or 12.2 or 76.705 Auto – all above in the single run. Note: use “auto” everytime you want to hack game – this is a little slowly, but guaranteed you will find value. Step #4. You see, you have 170,504 values (they named addresses) in the game, that have “3” in it. This is too much. Go back to the game and tap one more time. Now you have “4” (four) taps. Now, go back to GameGuardian and input value “4” in searching. Step #5. Now you have 843 addresses with 4 in it, which has 3 while ago. Try to increase your tap counter one more time, up to 5 (five) and do search one more time. Ideally, you should do this step as many times as you want to get only 1-10 addresses to check. Step #6. Wonderful, you have only 3 addresses to check, but look closely, they all share same address (22D338C8). but they differ in a type of data they store in. See this “B”, “W”, “D” at the right? You can modify any of this address in anyway you would like, but if you will hack “22D338C8” address with “B”-letter, you should input number from 0 to 255 (B stands for “Byte”), from 0 to 65,535 in W-letter (W stands for “Word “), from 0 to 4,294,967,295 in D-letter (D stands for “Dword “). Tap on “22D338C8” with D-letter and change its value to any number you want (like 987,654,321) and tap “yes”. Now, go back to game and tap on it one more time to see results. Awesome! ^_^ Step #7. We have found value that can change tap counter. Now, we need to save it. Go back to GameGuardian and uncheck “W”-letter and “B”-letter values (since we don’t need them – “D”-letter accept more values). Tap on content-menu and tap on “Save Selected”. Now you can find your value on “Save list” tab. Now you may change this value in whatever way you want, even decreasing. Or freezing value. What is freezing? Well, in GameGuardian you can “stop” any value from increasing or decreasing. This way you can have maximum HP, MP or money every time in android game, no matter how many times you have been hit by enemies or items you bought. Just tap one more time on value and check “freeze” value. By the way, you may tap on “normal” test string and this way change it to “may increase”, “may decrease” or “may stay in range”. After that you will found “equal” sign near your value. Tap on it to quickly unfreeze your value. Congratulation! Now you know how to hack android game. You should know, that many games are not so easy to break and you need to know some tricks and hints to mod game properly. Keep reading to known more. Next lesson is “grouped” search and hack. Credit: greatestmeow Lesson 3: Searching encrypted “known” value Now you should be able to hack or modify any game, right? Let’s try to hack score value in “300: Seize Your Glory” game. This is promo-game, based on “300:Rise of an Empire” movie. Download GameGuardian APK: https://gameguardian.net/download and install it on your Android device Okay, our score is 200 right now. Go find it in GameGuardian (known search -> type: auto, value: 200). We have found – 198,659 address. Well, too much. Go back to game and increase our score a little, up to 1,550. Go back to GameGuarding and try new search with value “1,550”. Wait, what? Nothing have found? How this can be? Yes, this can be. Modern game developers trying to do everything to make their games harder to hack or modify. For example, you may see number 3,006 in your game, but this number may be actually stored as: · Sum of two different number (700 + 2306 or 1402 + 1604) · Multiply of three differnt number (501 * 3* 2) · Floated number (300.6 or 0.003006) · as number 62,530 (65,536 – 3,006) · as any other number at all (33,584), e.t.c. In this cases we can say that value in our game is encrypted and we should use special switch, see this: Now try to do search with encrypted switch on. wow. 174,228,480 addresses! This is much more then 198,659 address we had in first “not-encrypted” try! Now, you need to make few iteration with new values. 1,750 points 5,000 points 24050 points After few iterations we stuck with eight addresses, four of them share same address – 94B06338, but with different letters (F-letter, X-letter, D-letter, W-letter) and same story with 9E621920. One of this address should store our score, but which of two. Let’s play a game, called Russian Roulette and try to change 94B06338 with D-letter. And go back to the game Holy moly! We found it! As you can see, you should try use regular “non-encrypted” search first in order to get value you are looking for. And only if this failed – try “encrypted” search. Awesome. You are almost pro, you only need to check one last lesson – unknown search. Credit: greatestmeow

Walkthrough 100 Floors Level 1 Tap the green arrow to open the door. 100 Floors Level 2 Move the garbage can aside and take the green arrow behind it. Place the green arrow in the elevator empty up button slot. Tap the green arrow to open the door. 100 Floors Level 3 Shake your phone to open the door. 100 Floors Level 4 Use two fingers to slide both doors open at the same time. 100 Floors Level 5 Shake your phone to make the ladder drop. 100 Floors Level 6 Move the plant on the right away. Tap the sun symbol behind it and the 3 sun symbols on the door to open it. 100 Floors Level 7 Tilt the phone to slide the rock on top of the red button. 100 Floors Level 8 Move the fruits aside until you get the banana. Feed the banana to the gorilla. 100 Floors Level 9 Tap the 4 small round button in the 4 corners to match the big circles in the centre. Match the inner and outer colours. 100 Floors Level 10 Shake your phone to make the snake disappear. Slide your finger along the arrow to open the door. 100 Floors Level 11 Tilt the phone to make the balls move. Align both balls in the centre hole, hold it there till the three lights turn on. 100 Floors Level 12 Tap the red buttons on the floor to make the ball jump up. Tap the red buttons till the ball reaches the top and turn the lights green. Switch on both the lights. 100 Floors Level 13 Shake the phone until the hammer drops down. Take the hammer and use it to break the wall. 100 Floors Level 14 Tap and hold your finger on the green hand print scanner on the right until all the lights turn on. 100 Floors Level 15 Find the code from the symbols on the top. (Look for the empty spaces in the symbols.) Code: 1643 100 Floors Level 16 Take the *****driver on the left and use it to remove the 4 *****s. Take the metal plate. Turn the phone upside down to open the door. 100 Floors Level 17 Tilt the phone to slide the ball over the blue button to press the button. The bars on the door indicates the sequence to press the buttons. (Left, Right, Right, Left, Left, Left, Right, Right) 100 Floors Level 18 Tap the blue cube to turn it on. Turn on all 5 at the same time. Try tapping all the ones on the left first before starting the ones on the right. 100 Floors Level 19 Take the rag on the floor and use it to clean off the cobweb on the right door. Continue using the rag to clean both doors. 100 Floors Level 20 Take the ***** on the floor. Move the yellow signboard aside. Put the ***** into the hole behind signboard. Use the *****driver to tighten the *****. 100 Floors Level 21 Hold the phone upright until all the lights turn on. 100 Floors Level 22 Use the hammer to smash the statue on the right. North, East, West, South. Slide the door up, right, left then down. 100 Floors Level 23 Tap the green light to switch on the lights. Put the metal plate on the door. According to the arrow on the door, tap the flowers from right to left. 100 Floors Level 24 Use two fingers to slide and hold the door up. Use another finger to tap on the green arrow. 100 Floors Level 25 Arrange the dots on the door to match the circles on the floor. Lowest, Highest, High, Low 100 Floors Level 26 Rearrange the batteries so that it provides 100 V. Put one 5V and 1V in the left slots. Put the 20V and 1V in the centre slots. Put the 5V and 20V in the right slots. 100 Floors Level 27 Slide the right silver box to the right. Use the hammer to smash the crack on the wall. Take the crank and insert it into the hole in the centre of the door. Turn the crank until all the lights turn green. 100 Floors Level 28 The dots on top of the door are instructions to open the door. Tap the door according to the pattern of the dots. Wait for the rainbow colours to disappear before tapping again. Tap the door twice, thrice, once and twice. 100 Floors Level 29 The sign on top of the door means no movement. Put the phone flat down on a table for the bomb to start counting down and blow up the door. 100 Floors Level 30 Check the current time on your phone. Adjust the clock to match the current time and pull the lever. 100 Floors Level 31 Use the *****driver to remove the 2 *****s on the signboard. Flip the signboard 180 degrees to get F31. 100 Floors Level 32 There are 12 dots above the door. Adjust the mahjong tiles so that all of them sums up to 12. Put 4 in the center. 543,4642, 741 100 Floors Level 33 Tap the matching colored button with the image on the door. Fire = red, Cloud = white, Banana = yellow, Cherry = red, Pear = yellow, snow flake = white. 100 Floors Level 34 Highlight the following tiles: IOOFLOORS 100 Floors Level 35 Plug in the power cord. Remove the lights on the door by tapping on it. Convert 88 to 35. 100 Floors Level 36 Tap the tiles in the following sequence: Fish, Dog, Apple, Plane, Moon. 100 Floors Level 37 Slide the tile on the top left hand corner down to reveal a iron ball. Take the iron ball to reveal the first green button. Slide the barrel away to reveal the 2nd green button. Turn the phone upside down to reveal the last green button. 100 Floors Level 38 Tap the hand in the circle to let the hands meet in the green region together: Biggest > Smallest > Medium 100 Floors Level 39 Draw the line starting from the top left diagonally downwards. Continue all the way up. Continue diagonally down the left all the way than draw a straight line to the right. 100 Floors Level 40 Adjust the volume to silent mode. 100 Floors Level 41 Tap the ants to make it move. Try to make out the shape that the ant is trying to draw. Change the picture on the door to match the shape of the ant's path. (Top Row: Triangle, Line Bottom Row: 2 triangles) 100 Floors Level 42 Tap the switch on the bottom right corner to see the two shapes on the door. Slide the door left, right, up and down to open the door. Tap on shapes on the door to change it. Rotate the order of the shapes so that they will match the two shapes you saw on the door. (triangle, square, circle, inverted square) 100 Floors Level 43 Move away the two plants. Put the metal ball into the slot on the left. Rotate your phone to navigate the metal ball to the other end. 100 Floors Level 44 Slide away the plant. you see 1G 2W 3B 4W. 1 Gray, 2 White, 3 Black and 4 White. Match them with colours on the door. 100 Floors Level 45 Use the hammer to break the blower on top of the door. Take the knife at the bottom left and use it to releases the balloon. Tilt your phone to navigate the balloon to touch the button. Retry if the balloon blow up. 100 Floors Level 46 Match the image on the door to the ones on the floor. 100 Floors Level 47 Adjust the tiles on the door to close the circuit. 100 Floors Level 48 Use the knife to remove the vines on the door. Count the number white, yellow and pink flowers. Light up the same number of lights in the column. W=5, Y=5, P=4 100 Floors Level 49 Tap the tiles: Pa, S, S, W, O, Rd 100 Floors Level 50 Keep tapping on the door to build up the green bar on top of the door. Trying using two fingers. 100 Floors Level 51 Draw a sword on the door. Q = white, X = black QXQQ *****X QXQQ 100 Floors Level 52 Enter the date for Christmas. 1225. 100 Floors Level 53 Drag the chain on the right down to lift up the box. Unplug the power supply. Take the wire cutter and use it to cut away the wire fence. 100 Floors Level 54 A=01, B=02, C=03... CODE = 03150405 100 Floors Level 55 Put your phone on the table. Start turning your phone top down and sidewards while facing down. You should see some blocks coming out from the sides of the screen. Tilt your phone to adjust the blocks into space to form a square. (It is like guiding a droplet of water on the leaf to the centre without knowing the position of the droplet.) 100 Floors Level 56 This level is pretty similar to mine sweeper if you guys are familiar with the old window game. Count the number of adjacent flags touching each of the tiles with numbers. (including those diagonal ones) From top down: 4, 3, 5, 5,2,4 100 Floors Level 57 Tap and hold the red button to move the hook on the roof. Move it above the metal ball, slide the hook down to lift up the ball. Move the hook to the centre of the door. Swipe the ball to use it to break down the door. 100 Floors Level 58 There is only 3 Hz on the door: 329.6, 293.7, 261.6. Matching them to the keyboard smallest on the left, play the notes according to the Hz on the door. Keys: 3, 2, 1, 2, 3, 3, 3, 1, 2, 2, 3, 2, 1 100 Floors Level 59 Pick up the wooden rod and rock from the floor. Use the rock to break the window glass on the left. Adjust the mirror to the fire woods to light it up. Light the wooden rod and use it to melt the ice on the handle. Pull the handle down to open the door. 100 Floors Level 60 Light the two candles on the side of the door. Tap the drum according to the number of matching colours on the door. 4, 2, 1, 4 100 Floors Level 61 Move the white letters and symbols to the empty space above the door to make 1830. 100 Floors Level 62 Use the knife to cut the red wire on the left. Use the two arrows to move the last green line above the door. 100 Floors Level 63 Slide the rock to the left to press the button down. Look at the dots on the roof, match the tiles on the door to make a reflection of the dots on the roof. 100 Floors Level 64 Spin the eye in circles as fast as possible to fill the whole bar green. (I spin it anti-clockwise, both side works but I managed to spin faster anti-clockwise.) 100 Floors Level 65 Take the ball and put it into the tube on the right. Use the lighted fire stick on the fire detector above the door. 100 Floors Level 66 Pick up the rod on the right of the floor. Use the rod to take the hook on the left of the door. Attach the hook on the ring and pull down the door. 100 Floors Level 67 Tap the flower on the right to make the flower petal fly down. Slide the flower pot to catch it, slide the pot under the water tap and turn on the tap to water the flower. Slide the pot under the sunlight to make the flower grow. 100 Floors Level 68 Pick up the shuriken from the floor. Tap and hold the lever down to raise the box all the way up. Pick up the square panel and replace it with the shuriken. 100 Floors Level 69 Tap the light above the door to make it fall. Tap nemo on the right to make it swim to the left. Time it so both will collide and knock the octopus away. Use the knife to cut off the weeds blocking the door. 100 Floors Level 70 You need to find room 6 and guide the alien back to his spaceship. Tap the arrows in the following sequence: left, right, left, left, right, left, right, right.