Jump to content
  • 0

Lua script error can't figure out.


Question

Posted

I've been working on this script where I do a group search with static values and a specific offset to get the address of that one hack value whose address changes after restart . Something like this:

gg.setRanges(gg.REGION_CODE_APP)
function Zoom()
gg.searchNumber('36;0~~0::377', gg.TYPE_DOUBLE)
gg.refineNumber('1;0~~0::265', gg.TYPE_DOUBLE)
local t = gg.getResults(67)
t[14].value = '9' print('done',gg.setValues(t))
end
local a = gg.choice({'Zoom','exit'})
if a == 1 then Zoom() end
if a == 2 then os.exit() end

So basically I want the 14th value of the table to be 9 (value type double) but unfortunately it's not changing when I launch the script. When I manually edit the value (without script) it works like a charm. Can anyone please tell me where I went wrong:(

Recommended Posts

  • 0
Posted
4 hours ago, CoyFanatic said:

gg.setRanges(gg.REGION_CODE_APP)

If its in Xa region(code app), you can use easily lib + offset!

No need to search value. 

When you get the address of that value,save it. And check lib and offset in saved file(.txt). 

  • 0
Posted
8 hours ago, Lover1500 said:

If its in Xa region(code app), you can use easily lib + offset!

No need to search value. 

When you get the address of that value,save it. And check lib and offset in saved file(.txt). 

So you mean I can just add the offset to the address of that one static value to get the address of the hack value? But I have no idea how that will be implemented in a script. Will it be like this?

r=gg.getResults(4)

Local t = r[1].address + 377

t.value= '9' -- hack value

Is this possible? If r[1] is the static value and 377 is the offset ? This might look dumb I'm sorry but I'm just learning lua

Also

Why can't I edit the value tho? In my first post the script that I published. I still couldn't understand why the won't value change.

Thanks for your help:)

 

  • 0
Posted
14 hours ago, CoyFanatic said:

t[14].value = '9' print('done',gg.setValues(t))

If want change,you used wrong. 

It should be like this

t[14].value = 9
gg.setValues(t)
print('Done')

As i say you can check saved file. Not to save only address!

Check below photo. 

 

USER_SCOPED_TEMP_DATA_orca-image--1212368861.thumb.jpeg.221f56f6d7604336b9ae43616d21f42a.jpeg

 

 

 

 

 

 

 

 

Address are always changed ever restart game. But Arrangement in lib are same whenever. 

Starter address may be started from address 0 or adress blah blah. But same arrangement. 

So you can use lib + offset. 

Idk your lib and offset. For my case,lib is libunity.so and offset 6ae934.

Always check before code. print(gg.getRangesList(your lib))

I will code like this for printing the value. 

start = gg.getRangesList(blah blah)
lol = start[depend  info of lib] + 0x6ae934

lol.flags = 4
lol=gg.getValues(lol)
print(lol.value)

Do as you wish!

  • 0
Posted (edited)
49 minutes ago, Lover1500 said:

If want change,you used wrong. 

It should be like this


t[14].value = 9
gg.setValues(t)
print('Done')

As i say you can check saved file. Not to save only address!

Check below photo. 

 

USER_SCOPED_TEMP_DATA_orca-image--1212368861.thumb.jpeg.221f56f6d7604336b9ae43616d21f42a.jpeg

 

 

 

 

 

 

 

 

Address are always changed ever restart game. But Arrangement in lib are same whenever. 

Starter address may be started from address 0 or adress blah blah. But same arrangement. 

So you can use lib + offset. 

Idk your lib and offset. For my case,lib is libunity.so and offset 6ae934.

Always check before code. print(gg.getRangesList(your lib))

I will code like this for printing the value. 


start = gg.getRangesList(blah blah)
lol = start[depend  info of lib] + 0x6ae934

lol.flags = 4
lol=gg.getValues(lol)
print(lol.value)

Do as you wish!

I see this is an interesting approach towards changing addresses and I will use it. But you see I'm afraid that that's not the problem I can specify the address using any method. But at the end when I ultimately have to edit and change the value, it doesn't appear to change and I have no clue as to why this is happening.

I changed the code as to your suggestion and I run the script but the problem is still there. The value isn't changing. When I edit the value manually it does change and it remains that way so I know it's not necessary to freeze it. And just to be sure that I was specifying the right value in the script, I just for the sake of doubt did this

local r = gg.getResults(67)

r = gg.getValues(t)

print( r[14].value)

So when I execute this script I get the same value as the hacking value and this proves that I am targeting the right value. But again when I try to change the value by using

r[14].value = 9

gg.setValues(r)

 It doesn't work and I have no clue why.

Edited by CoyFanatic
Typo
  • 0
Posted (edited)
15 hours ago, CoyFanatic said:

gg.searchNumber('36;0~~0::377', gg.TYPE_DOUBLE)
gg.refineNumber('1;0~~0::265', gg.TYPE_DOUBLE)

You searched 36 and 0~~0.

But refine 1 and 0~~0.its nonsense. Refining is taking from search. Not new search itself!

If in Xa, its better to use type dword than type double. More simple!

Edit-->

And yes i was wrong too. 

you edited double. But i did you use printing dword. 

Instead of

lol.flags = 4

lol=gg.getValues(lol)

print(lol.value)

 

Use below

lol.flags = 64 -- you changed double. Not dword

lol=gg.getValues(lol)

print(lol.value)

Edited by Lover1500
  • 0
Posted
9 minutes ago, Lover1500 said:

But refine 1 and 0~~0.its nonsense. Refining is taking from search. Not new search itself!

When I first made a group search using 36;0~~0::377

I got 380 results so then I thought I would use another refine search with another static value and different offset

1;0~~0::265 

Then I got 67 results, was this wrong? I mean when I checked the results I got the hack address like I wanted it was at 14th and hence I used r[14] . 

You think this is where I went wrong? Pls can you help me understand what I did wrong. 

  • 0
Posted (edited)
25 minutes ago, CoyFanatic said:

When I first made a group search using 36;0~~0::377

0~~0 means whatever number.Its in Xa. You can directly approach to what you want. 

As example if you want search 456(double type)

Then search it. Single search is more more faster then group search. 

gg.searchNumber('456', 64)

64 is double .4 is dword etc.Then you might find 123 results.you can choose now what the number of results is what you want. Codes in Xa are never changed themself normally. But you can. 

And you can check its offset. They are in lib. So its addresses whenever restart will be like below

-BC24DF04(first restart)

-D769BF04(second restart)

-9ADC7F04(third restart)

Every restart you can see its last 3 (may be 4 for some) is always the same. Thats why i told you can approach directly by lib + offset. 

Here is full example for you according to my case. Try use this code. (Replace your codes)

gg.searchNumber('456', 64)
lol = gg.getResults(gg.getResultCount())
lol = gg.getValues(lol)

-- if the twelfth is what you want!
check1 = lol[12].value

-- Lets edit now
lol[12].flags = 64
lol[12].value = 789
gg.setValues(lol)

--now we edited
check2 = lol[12].value

print('This is before edit: '..check1..'\nThis is after edit: '..check2)

 

Edited by Lover1500
  • 0
Posted
19 minutes ago, Lover1500 said:

0~~0 means whatever number.Its in Xa. You can directly approach to what you want. 

As example if you want search 456(double type)

Then search it. Single search is more more faster then group search. 

gg.searchNumber('456', 64)

64 is double .4 is dword etc.Then you might find 123 results.you can choose now what the number of results is what you want. Codes in Xa are never changed themself normally. But you can. 

And you can check its offset. They are in lib. So its addresses whenever restart will be like below

-BC24DF04(first restart)

-D769BF04(second restart)

-9ADC7F04(third restart)

Every restart you can see its last 3 (may be 4 for some) is always the same. Thats why i told you can approach directly by lib + offset. 

Here is full example for you according to my case. Try use this code. (Replace your codes)


gg.searchNumber('456', 64)
lol = gg.getResults(gg.getResultCount())
lol = gg.getValues(lol)

-- if the twelfth is what you want!
check1 = lol[12].value

-- Lets edit now
lol[12].flags = 64
lol[12].value = 789
gg.setValues(lol)

--now we edited
check2 = lol[12].value

print('This is before edit: '..check1..'\nThis is after edit: '..check2)

 

This is so helpful and I just understood that the value that I thought was changing is not actually changing I just assumed it was changing haha I am so sorry. However, when I just search for the hack value I got a lot of results more than 7k but yes I took your advice and kept the hack value instead of 0~~0 and then I got 8 results and when I updated the script it's working now. I really can't thank you enough. Thanks for taking so much time out of your day to help me I really appreciate it:))

 

  • 0
Posted
l = gg.getRangesList('libil2cpp.so')
if (l[1] ~= nil) then libaddres = string.format( "0X%8.8X", t[1]['start'] ) end

function haxx(offsethax,valuehax,type)
	_address = libaddres + offsethax
	local _value = {}
	_value[1] = {}
	_value[1].address = _address
	_value[1].flags = type
	_value[1].value = valuehax
	gg.setValues(_value)
end

function main()
  gg.alert("begin hack abc at xyz")
  haxx(0xABCDEF01, 9999, 16)
end

You can use this code to hack the Xa region (code app) directly without finding anything.

  • 0
Posted
On 10/24/2020 at 1:41 PM, Lover1500 said:

If want change,you used wrong. 

It should be like this


t[14].value = 9
gg.setValues(t)
print('Done')

As i say you can check saved file. Not to save only address!

Check below photo. 

 

USER_SCOPED_TEMP_DATA_orca-image--1212368861.thumb.jpeg.221f56f6d7604336b9ae43616d21f42a.jpeg

 

 

 

 

 

 

 

 

Address are always changed ever restart game. But Arrangement in lib are same whenever. 

Starter address may be started from address 0 or adress blah blah. But same arrangement. 

So you can use lib + offset. 

Idk your lib and offset. For my case,lib is libunity.so and offset 6ae934.

Always check before code. print(gg.getRangesList(your lib))

I will code like this for printing the value. 


start = gg.getRangesList(blah blah)
lol = start[depend  info of lib] + 0x6ae934

lol.flags = 4
lol=gg.getValues(lol)
print(lol.value)

Do as you wish!

Hey can I use this method in region anonymous as well? The lib + offset? If yes then can you please help me understand how to get the information about lib. I tried googling this but couldn't find anything

  • 0
Posted

If in anonymous,no way. You cant. Anonymous region is just usage of ram. Every restart of game or play new level changes its position. But they are structured systematically by pointers. (if not java heap)

Normally, lib.so includes Cd,Cb,Xa region(others also may be). So only values included in those region can be found directly by lib + offset. 

But if you know pointer chain, you still have chance. But it wont be easy by only android. pc can done them all. 

 

  • 0
Posted
9 minutes ago, Lover1500 said:

If in anonymous,no way. You cant. Anonymous region is just usage of ram. Every restart of game or play new level changes its position. But they are structured systematically by pointers. (if not java heap)

Normally, lib.so includes Cd,Cb,Xa region(others also may be). So only values included in those region can be found directly by lib + offset. 

But if you know pointer chain, you still have chance. But it wont be easy by only android. pc can done them all. 

 

Then I guess i gotta do some research about pointers now. Also how about group search? I mean I have seen some static values in anonymous. Maybe I can use group search and refine to get that hack value? Is it possible? 

  • 0
Posted
38 minutes ago, CoyFanatic said:

Then I guess i gotta do some research about pointers now. Also how about group search? I mean I have seen some static values in anonymous. Maybe I can use group search and refine to get that hack value? Is it possible? 

Yes. Many scriptors also use group search. 

Most use group search directly. Few search single value and check around with offset. 

Same results but different run time. 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.