Jump to content
  • 1

Edited values revert back to original | Portable Dungeon II


PAF13
 Share

Question

Hello,

I have been using GG on some easy, small apps for about two weeks now just to learn how it works. A few days ago I tried editing my gold in PD (Portable Dungeon II). First I used the exact search and the encrypted exact search to find the gold. After doing that I end up with these values;

(Exact) Search

Due to problems that I will talk about later I switched to fuzzy search and found these values;

(Fuzzy) Search 1

Screenshot_2017-11-24-00-26-02.thumb.png.5cacd15603081a0440827a410bde3419.png

With fuzzy search, I could only narrow the results down to 488 so I looked through all the numbers until I found values that seemed to be of use.

 

Now my problem is that every time I try to edit my coins and go back to the game I see the number has changed to what I want but ends up going back to what I had before. I noticed that the searched always come up with multiple value types with the same number and an XOR value. With that in mind, I tried editing all the values (W,B,D and Q) at the same time thinking that having all of them change would possibly take out the possibility of the app checking back up values to reset itself.

 

With all this being said I have a few questions:

1) How is it possible for values to have the same address?

2) Are there some techniques that developers use to make sure values stay unmodified?

3) What is the use of XOR values? I have already read a lot about XOR encryption/decryption and understand it but when I find XOR values in searches I am never sure how or if I can use them to assist me in cracking a game.

 

Any information to point me in the right direction would be awesome.

Thanks

 

Edited by PAF13
There was a picture at the end that was not supposed to be there.
Link to comment
Share on other sites

9 answers to this question

Recommended Posts

  • 1
  • Administrators
2 minutes ago, PAF13 said:

How is it possible for values to have the same address?

The address points to the bytes in the memory. They can be understood in different ways. GG shows you different interpretations for the same address.

2 minutes ago, PAF13 said:

Are there some techniques that developers use to make sure values stay unmodified?

Yes, there are different ways to detect unauthorized changes.

2 minutes ago, PAF13 said:

What is the use of XOR values?

Differently. If protection is based on XOR with an address, then this can be useful.

Link to comment
Share on other sites

  • 0

Thank you Enyby for the answers. 

So I have been working more on the game and looked into why there might be multiple results for my gold and everything else. It seems like one value controls the displayed value and the other is the background value if that makes sense. 

I went to the address of both values to see how the numbers are represented and see if there are bytes around it that might affect them. When I went into settings to changed the number view to hex I found something weird. One of the hex values showed 0000003Eh which would make sense because I have 62 gold in the game but when looking at the other hex value it showed 000000320000003Eh which to me makes no sense to me. Does someone know what the first 8 bites could mean? could it be some reference to something else like a pointer or some kind of mathematical number correction thing?

also other values such as skill points have the same system but the first 8 bites are different from each other.

Link to comment
Share on other sites

  • 0

I am not sure how to change that. 

this is what I have.

First I used group search and used the values of my gold and skill points. the results are only 4 dword values in the second picture. The in the address area this is what I have now.

Screenshot_2017-11-25-16-51-11.thumb.png.251166149ecb98b9c61a6d36222e1550.pngScreenshot_2017-11-25-16-51-34.thumb.png.47bb298c5533f0006efdec470d3926f8.pngScreenshot_2017-11-25-16-52-41.thumb.png.0229c7938b5c48c9d186b4e1fbf27416.png

@Enyby

Link to comment
Share on other sites

  • 0

So I think I am close to finding the solution but I am currently stuck.

 

I used a fuzzy search instead of group search this time and found more values that seem to be connected to my gold.

Here are the screenshots.

Screenshot_2017-11-26-18-43-17.thumb.png.2674b0cacca337959ae8f38e4a12f02e.pngScreenshot_2017-11-26-19-27-44.thumb.png.402475193033052b8cd1b37af860abb7.png

Besides the first two values in the first picture, I found some values I really do not understand.

Firstly, the values that are highlighted have a second value that is always 8 bytes away (ex. second picture - 7E0FC164 and 7E0FC16C). That being said I feel that could be the XOR key but when I use the calculator it does not change to anything that seems useful.

Secondly, the value (address: 7DB36FF4) in the first picture does not have a value that is 8 bytes away so I am not sure what it does. Maybe the app checks this number to see if a value has been modified.

So now I played around in the game to change how much gold I had and would keep track of 4 of the values to see if something interesting would happen. I made a spreadsheet of what I found.

5a1b10a8c44a0_Screenshotfrom2017-11-2620-05-21.thumb.png.aac0c73db2fbe9716fa95f45ac3cffc0.png

 

 

Sorry that the picture is so small but the values(The numbers that are highlighted) have a cycle of 10 numbers that they go through.

There is more info that I found but it is too much information to type at once. That aside could someone kindly give me some hints or tips that I could try because right now I am not really sure how these numbers interact with each other. 

Thanks

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.