XOR search Guide - GG 8.29.0+

[NoFear]

XOR SEARCH:
This method of search is very unique and not intended for you to try as a first method. Once you've tried all memory types, all ranges,  unknown increased and unknown decreased and all fail, this method might be what you want to do last.
XOR is a simple encryption method, but without the key, you can't know the value. And games lately (not all) will have a key that changes on value change, making finding these types of values EXTREMELY difficult if not impossible... Until now. HUGE thanks to @Enyby

The search

All the games I've come across that use this method have all been dword, so I'll stick to dword. Also most games (except For Emblem Heroes and some parts in GunPie) the XOR key and XOR value are 4bytes apart. 
Let's say you have 25 gold. To search 25 with xor key 4 bytes away
25X4
If you know your value is within a range but not 100% on value, so you know you collected about 40 to 45 gold, your search can be
38~50X4
Then when you collect 10 more
48~60X4
During these searches, if you want to eliminate many results that are most likely not it, you can do a does not equal 0 and does not equal the value. 
You search 500X4
Followed by
≠0
≠500
Then you can resume the XOR method.

This search cannot be done with a group search. 
If done properly, can do unknown changed/unchanged. 

Editing
You have a couple ways you can edit values. 
Edit results and if you want to edit to 12345
Put 12345X4
If you want to edit multiple values keeping xor and doing a different value for each. If you have 3 results from searching 500X4
Edit results
100;5000;15000X4
First value week be edited to 100
2nd 5000 and 3rd to 15000.
The other option ,goto address, copy value above (xor key) using the xor calculator built into GG, calculate value and got can type values and re-encrypt with proper xor key. 

 

Increment edit

If you have 5 results and want each to be different, separate each edit with a ;. So for 5 results

5;10;15;20;25X4

Value 1 will be 5, 2 will be 10.....

Then you can figure out the correct value, revert and remove the wrong values and continue with editing that one value. 

List of known games using XOR protected values. 
Tiny Miners
Bullet Force
Gunpie
Super Mario Run
Fire Emblem Heroes (SP: 8 is xor offset. Level: 24 is xor offset) 
Touch Tank
Target Acquired
Futurama: Worlds of Tomorrow
Pokémon: Magikarp Jump 
Skychamp
HAWK: Freedom Squadron
Candy Crush

Heroes Infinite

Stickman Legend (XOR offset 8)

Zombie Pandemic Survivor

[Logic11211]

Your the man!!!.... Thanks a lot for this ... Really appreciated @NoFear

[Zaidos]

Thank you for your contributions @NoFear!!

[NoFear]

Updated : provided a couple xor offsets for Fire Emblem Heroes. 

[NightHawwwk]

Any chance of a video tutorial explaining this please?

Im having trouble understanding this.

Thank you!

Didnt see [video to come soon] part. My bad...

Will be waiting!

Edited July 24, 2017 by NightHawwwk

[NoFear]

Video added

And write up added information on how to increment edit

[Enyby]

Video added: https://gameguardian.net/forum/gallery/image/283-xor-search-guide-gameguardian/

 

[Logic11211]

In pokemon magikarp jump I'm able to do increment edit...works flawlessly... I'm having problems with coins... The value still reverts even after editing... Is there a max amount of coins????

[NoFear]

1 hour ago, Logic11211 said:

In pokemon magikarp jump I'm able to do increment edit...works flawlessly... I'm having problems with coins... The value still reverts even after editing... Is there a max amount of coins????

Don't edit balance.... 

Edit rewards, prices etc etc. 

[EichZen]

@NoFearThank you for the basics of the guide!

I've been trying to hack Realm Defense TD but I keep failing. I'm guessing the XOR key are really far apart?

Is it possible to use odd numbers as xor keys? so far the examples I've seen are X4 X8 X16 X24 and so on

[Logic11211]

27 minutes ago, NoFear said:

Don't edit balance.... 

Edit rewards, prices etc etc. 

Thanks dude.. Your really good at this !!

[NoFear]

30 minutes ago, EichZen said:

@NoFearThank you for the basics of the guide!

I've been trying to hack Realm Defense TD but I keep failing. I'm guessing the XOR key are really far apart?

Is it possible to use odd numbers as xor keys? so far the examples I've seen are X4 X8 X16 X24 and so on

Only even in increments if 4 (essentially dword/float only)  (for now) 

3 minutes ago, Logic11211 said:

Thanks dude.. Your really good at this !!

Heh. thank you. Been doing this type of hacking for a while (few years?) and the more I help others hack 'everything' the better I get and the more I learn as developers try to protect their games.

[EichZen]

I was about to edit my post. I managed to make it work by changing to DOUBLE.

 

Thank you! @NoFear

[SoNik]

Thank you @NoFear very helpful thread good job!

Credits goes to developers too!

[diksha]

can you do this on server side games?