Jump to content
fateonlyzero

Anti-peeping mechanism

Recommended Posts

23 hours ago, Enyby said:

No.

Enyby, I have a question I would like to ask you, how to modify the memory of a specified process in Android?

Share this post


Link to post
Share on other sites

On 3/6/2019 at 8:45 PM, Enyby said:

Here is an example of the simplest code:


gg.clearResults()
gg.searchNumber('111', gg.TYPE_DWORD)
gg.getResults(10)
gg.editAll('222', gg.TYPE_DWORD)
gg.clearResults()
gg.searchNumber('333', gg.TYPE_DWORD)
gg.getResults(10)
gg.editAll('444', gg.TYPE_DWORD)
gg.clearResults()
gg.searchNumber('555', gg.TYPE_DWORD)
gg.getResults(10)
gg.editAll('666', gg.TYPE_DWORD)
gg.clearResults()

It is easy to steal it by logging:


gg.clearResults()
gg.searchNumber("111", gg.TYPE_DWORD)
gg.getResults(10)
gg.editAll("222", gg.TYPE_DWORD)
gg.clearResults()
gg.searchNumber("333", gg.TYPE_DWORD)
gg.getResults(10)
gg.editAll("444", gg.TYPE_DWORD)
gg.clearResults()
gg.searchNumber("555", gg.TYPE_DWORD)
gg.getResults(10)
gg.editAll("666", gg.TYPE_DWORD)
gg.clearResults()

And now I wrote the same script like this:


gg.clearResults()
gg.searchNumber('111', gg.TYPE_DWORD)
t1 = gg.getResults(10)
gg.clearResults()
gg.searchNumber('333', gg.TYPE_DWORD)
t2 = gg.getResults(10)
gg.clearResults()
gg.searchNumber('555', gg.TYPE_DWORD)
t3 = gg.getResults(10)
for i,v in ipairs(t1) do v.value = '222' end
for i,v in ipairs(t2) do v.value = '444' end
for i,v in ipairs(t3) do v.value = '666' end
gg.setValues(t1)
gg.setValues(t2)
gg.setValues(t3)
gg.clearResults()

Here is the log of its execution:


gg.clearResults()
gg.searchNumber("111", gg.TYPE_DWORD)
gg.getResults(10)
gg.clearResults()
gg.searchNumber("333", gg.TYPE_DWORD)
gg.getResults(10)
gg.clearResults()
gg.searchNumber("555", gg.TYPE_DWORD)
gg.getResults(10)
gg.clearResults()
gg.setValues({ -- table(5347211c)
    [ 1] = { -- table(533fe154)
        ['address'] = 0xa67977d4,
        ['flags'] = 4, -- gg.TYPE_DWORD
        ['value'] = 666,
    },
    [ 2] = { -- table(533f8d04)
        ['address'] = 0xa6799900,
        ['flags'] = 4, -- gg.TYPE_DWORD
        ['value'] = 666,
    },
    [ 3] = { -- table(533f48bc)
        ['address'] = 0xa679aec8,
        ['flags'] = 4, -- gg.TYPE_DWORD
        ['value'] = 666,
    },
    [ 4] = { -- table(533f41f4)
        ['address'] = 0xa679c8b8,
        ['flags'] = 4, -- gg.TYPE_DWORD
        ['value'] = 666,
    },
    [ 5] = { -- table(533f1c04)
        ['address'] = 0xa67a252c,
        ['flags'] = 4, -- gg.TYPE_DWORD
        ['value'] = 666,
    },
    [ 6] = { -- table(533eea74)
        ['address'] = 0xa67a4278,
        ['flags'] = 4, -- gg.TYPE_DWORD
        ['value'] = 666,
    },
    [ 7] = { -- table(533ee8b0)
        ['address'] = 0xa67bf908,
        ['flags'] = 4, -- gg.TYPE_DWORD
        ['value'] = 666,
    },
    [ 8] = { -- table(533ecf4c)
        ['address'] = 0xa67e2fdc,
        ['flags'] = 4, -- gg.TYPE_DWORD
        ['value'] = 666,
    },
    [ 9] = { -- table(533e0e24)
        ['address'] = 0xa6804924,
        ['flags'] = 4, -- gg.TYPE_DWORD
        ['value'] = 666,
    },
    [10] = { -- table(533e01c0)
        ['address'] = 0xa680e8f4,
        ['flags'] = 4, -- gg.TYPE_DWORD
        ['value'] = 666,
    },
})
gg.setValues({ -- table(534751bc)
})
gg.setValues({ -- table(534b5408)
})

Did he help you to understand what the script is doing?
And after all I could make only one call setValues, having united three tables.

Also, this log can not be run and use as a script. Unlike the first option.

So instead of complaining that everything is bad, write scripts so that they cannot be stolen through logging. And no checks will be needed.

Appears it only disguises the edit, not the search.

Half the battle with gg is what to find, not how to edit. If value is Encrypted and unique and your search gives it away, editing can easily be figure out without logging.

Share this post


Link to post
Share on other sites

Search in a complicated way, not a simple one. Since the code can be hidden and it is much more difficult to get to it - look for several things, read offsets from them, and then edit through setValues. Also use getValues. This will not allow tracking logic to repeat it. For example, I do three searches, then from one of the results I take an offset of 100, read the value from it, and so on. In the log it will be a jumble.

Share this post


Link to post
Share on other sites

You can download a couple of pages of memory and find what you need on lua. There will be nothing in the logs.

Approximately find what you need, and then filter the rest on lua.

Share this post


Link to post
Share on other sites
1 hour ago, Enyby said:

Search in a complicated way, not a simple one. Since the code can be hidden and it is much more difficult to get to it - look for several things, read offsets from them, and then edit through setValues. Also use getValues. This will not allow tracking logic to repeat it. For example, I do three searches, then from one of the results I take an offset of 100, read the value from it, and so on. In the log it will be a jumble.

Ahhhh. Gotcha.

Basically have multiple searches, only 1 search is the legit search.

As it is, the scripts, I have badcase do, we rarely to never search the real value. And the real value is no where near it either. 

Share this post


Link to post
Share on other sites

This is a basic idea. It can be developed further. But the main point is this.

And logging cannot help bypass such protection. It is fundamentally impossible.

Even in the simplest version, such protection is enough to stop most fans to copy pieces of code from the logs.

Share this post


Link to post
Share on other sites
4 minutes ago, Enyby said:

This is a basic idea. It can be developed further. But the main point is this.

And logging cannot help bypass such protection. It is fundamentally impossible.

Even in the simplest version, such protection is enough to stop most fans to copy pieces of code from the logs.

Just too bad GG can't implement some type of protection against the ability to see searches/edits...

Guess as always, takes a few to ruin it for all.

Share this post


Link to post
Share on other sites
Posted (edited)

I've been using this technique for a long time, and undococumented api inside gg.
Someone with good brain will know how to surpasses this.

Edited by saiaapiz

Share this post


Link to post
Share on other sites

Undocumented api can disappear in one good day. You lucky. Currently I decide keep it, but I do not have need on it anymore. If it interfere with smth it will be killed and all your scripts stop work.

Share this post


Link to post
Share on other sites
On 3/7/2019 at 9:06 AM, Enyby said:

You want? you get:

After all bull****.


io.open("/data/data/catch_.me1.if_.you_.can_/files/BCLDR.pb", "r")
gg.choice({ -- table(533f68d4)
	[1] = '  Run the Angry Birds Star Wars II script again.',
	[2] = '  Load script selection menu.',
	[3] = '  Exit',
}, nil, " BadCase's Script Loader ")
--[[ return: 1 ]]
gg.makeRequest("https://badcase.org/script.php?script=Angry_Birds_Star_Wars_II")
gg.toast("33%")
gg.toast("66%")
gg.toast("100%")
gg.setVisible(false)
gg.choice({ -- table(534ad9dc)
	[1] = ' Fix Permanent Character Store Prices',
	[2] = ' Donate',
	[3] = ' Exit',
}, nil, " Angry Birds Star Wars 2 Script by BadCase ")
--[[ return: 1 ]]
gg.clearResults()
gg.setRanges(gg.REGION_C_HEAP | gg.REGION_C_ALLOC | gg.REGION_ANONYMOUS)
gg.searchNumber("2500;3D;4D;0D::17", gg.TYPE_FLOAT)
gg.searchNumber("2500", gg.TYPE_FLOAT)
gg.getResults(1000)
gg.addListItems({ -- table(53461990)
})
gg.setValues({ -- table(53461990)
})
gg.clearResults()
gg.setRanges(gg.REGION_C_HEAP | gg.REGION_C_ALLOC | gg.REGION_ANONYMOUS)
gg.searchNumber("2000;3D;4D;0D::17", gg.TYPE_FLOAT)
gg.searchNumber("2000", gg.TYPE_FLOAT)
gg.getResults(1000)
gg.addListItems({ -- table(53420f40)
})
gg.setValues({ -- table(53420f40)
})
gg.clearResults()
gg.setRanges(gg.REGION_C_HEAP | gg.REGION_C_ALLOC | gg.REGION_ANONYMOUS)
gg.searchNumber("2200;3D;4D;0D::17", gg.TYPE_FLOAT)
gg.searchNumber("2200", gg.TYPE_FLOAT)
gg.getResults(1000)
gg.addListItems({ -- table(535f1a58)
})
gg.setValues({ -- table(535f1a58)
})
gg.clearResults()
gg.setRanges(gg.REGION_C_HEAP | gg.REGION_C_ALLOC | gg.REGION_ANONYMOUS)
gg.searchNumber("2250;3D;4D;0D::17", gg.TYPE_FLOAT)
gg.searchNumber("2250", gg.TYPE_FLOAT)
gg.getResults(1000)
gg.addListItems({ -- table(5340bb60)
})
gg.setValues({ -- table(5340bb60)
})
gg.clearResults()
gg.setRanges(gg.REGION_C_HEAP | gg.REGION_C_ALLOC | gg.REGION_ANONYMOUS)
gg.searchNumber("1500;3D;4D;0D::17", gg.TYPE_FLOAT)
gg.searchNumber("1500", gg.TYPE_FLOAT)
gg.getResults(1000)
gg.addListItems({ -- table(5342fc88)
})
gg.setValues({ -- table(5342fc88)
})
gg.clearResults()
gg.setRanges(gg.REGION_C_HEAP | gg.REGION_C_ALLOC | gg.REGION_ANONYMOUS)
gg.searchNumber("3750;3D;4D;0D::17", gg.TYPE_FLOAT)
gg.searchNumber("3750", gg.TYPE_FLOAT)
gg.getResults(1000)
gg.addListItems({ -- table(5360e564)
})
gg.setValues({ -- table(5360e564)
})
gg.clearResults()
gg.setRanges(gg.REGION_C_HEAP | gg.REGION_C_ALLOC | gg.REGION_ANONYMOUS)
gg.searchNumber("3500;3D;4D;0D::17", gg.TYPE_FLOAT)
gg.searchNumber("3500", gg.TYPE_FLOAT)
gg.getResults(1000)
gg.addListItems({ -- table(534068a0)
})
gg.setValues({ -- table(534068a0)
})
gg.clearResults()
gg.setRanges(gg.REGION_C_HEAP | gg.REGION_C_ALLOC | gg.REGION_ANONYMOUS)
gg.searchNumber("3350;3D;4D;0D::17", gg.TYPE_FLOAT)
gg.searchNumber("3350", gg.TYPE_FLOAT)
gg.getResults(1000)
gg.addListItems({ -- table(53418040)
})
gg.setValues({ -- table(53418040)
})
gg.clearResults()
gg.setRanges(gg.REGION_C_HEAP | gg.REGION_C_ALLOC | gg.REGION_ANONYMOUS)
gg.searchNumber("3000;3D;4D;0D::17", gg.TYPE_FLOAT)
gg.searchNumber("3000", gg.TYPE_FLOAT)
gg.getResults(1000)
gg.addListItems({ -- table(53416338)
})
gg.setValues({ -- table(53416338)
})
gg.clearResults()
gg.setRanges(gg.REGION_C_HEAP | gg.REGION_C_ALLOC | gg.REGION_ANONYMOUS)
gg.searchNumber("1800;3D;4D;0D::17", gg.TYPE_FLOAT)
gg.searchNumber("1800", gg.TYPE_FLOAT)
gg.getResults(1000)
gg.addListItems({ -- table(535fcc5c)
})
gg.setValues({ -- table(535fcc5c)
})
gg.clearResults()
gg.setRanges(gg.REGION_C_HEAP | gg.REGION_C_ALLOC | gg.REGION_ANONYMOUS)
gg.searchNumber("1200;3D;4D;0D::17", gg.TYPE_FLOAT)
gg.searchNumber("1200", gg.TYPE_FLOAT)
gg.getResults(1000)
gg.addListItems({ -- table(53486db0)
})
gg.setValues({ -- table(53486db0)
})
gg.clearResults()
gg.setRanges(gg.REGION_C_HEAP | gg.REGION_C_ALLOC | gg.REGION_ANONYMOUS)
gg.searchNumber("1000;3D;4D;0D::17", gg.TYPE_FLOAT)
gg.searchNumber("1000", gg.TYPE_FLOAT)
gg.getResults(1000)
gg.addListItems({ -- table(533eec00)
})
gg.setValues({ -- table(533eec00)
})
gg.clearResults()
gg.setRanges(gg.REGION_C_HEAP | gg.REGION_C_ALLOC | gg.REGION_ANONYMOUS)
gg.searchNumber("1600;3D;4D;0D::17", gg.TYPE_FLOAT)
gg.searchNumber("1600", gg.TYPE_FLOAT)
gg.getResults(1000)
gg.addListItems({ -- table(533dfaf8)
})
gg.setValues({ -- table(533dfaf8)
})
gg.alert("Permanent prices have been set to -10,000 each")
--[[ return: 1 ]]

 

https://badcase.org/script.php?script=Angry_Birds_Star_Wars_II >> this a encypt by luabase64 ?
it's useless to encrypt, the latest compiler can decompiler

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...