Jump to content

Recommended Posts

Posted

Thank you to whoever is reading this and sorry for the long question. I have extremely limited hacking knowledge but am nonetheless curious whether the following can be done (in a realistic way for someone like myself).

The game I am trying to hack is consisted of various dungeons in which the player needs to solve orb-matching puzzles. The orb-matching puzzles are similar to Candy Crush except the user can move a piece more than one space at a time. Instead, movement is limited by time - i.e., you can move a piece as many spaces as you want to do multiple 3-matches within a number of seconds.

The game is consisted of all your typical resources (e.g., gold, stamina, etc.), including IAP currency (gems). I am NOT interested in modifying any of these typical currencies (and I know they are all stored server-side). I am, however, very curious to know whether it is possible to modify the game so that when in a dungeon, the player can have "unlimited" movement time when solving a puzzle.

The way the puzzle works is that once the user (1) picks up one orb, and (2) moves that orb at least one space in any direction (without releasing), a countdown begins. When the user drops the orb, or if the countdown reaches 0, the turn ends and all 3-orb matches are calculated/resolved. You repeat until the end of the dungeon.

I know that the game communicates with the server when (1) starting any dungeon and (2) at the end of every dungeon, when rewards are given. However, I know for a fact that no internet connection is required DURING the dungeon (when puzzles are being solved). This makes me think that it is possible to change the mechanics of the puzzle so that a player can cheat by having "unlimited movement time" when moving the orbs. Given the nature of the variable, I think it is very difficult to find...

This is just a PvE game (no PvP element) and the question does not target any in-game currencies. I am just curious if anyone may have an idea on whether / how this could be done.

The game is Puzzles and Dragons by the way. Highly doubt anyone is aware of this game though.

Thanks!

  • Moderators
Posted

Not sure if it was this game or another very very similar, I managed to modify the base dmg or multiplier to help with 1 hit kills.

I might check this one out if no one else does. 

Posted
16 minutes ago, NoFear said:

Not sure if it was this game or another very very similar, I managed to modify the base dmg or multiplier to help with 1 hit kills.

I might check this one out if no one else does. 

Thank you very much NoFear, any guidance or help would be very much appreciated! I think things like damage / time control are all not kept server-side since the dungeons themselves are offline. I think the time variable would be very hard to find though...

  • Moderators
Posted
5 hours ago, FanningPanda said:

Thank you very much NoFear, any guidance or help would be very much appreciated! I think things like damage / time control are all not kept server-side since the dungeons themselves are offline. I think the time variable would be very hard to find though...

Should be easy 🙂

Posted
On 3/7/2021 at 4:13 AM, NoFear said:

Should be easy 🙂

After hours upon hours of being stupid I finally got the phone rooted and GG downloaded... I tried to run GG on Puzzles and Dragons but have encountered a number of issues:

  1. Should I be running HW or SW? Might be a stupid question...
  2. In process selection, I always see two instances of P&D, one has #[xxxxx] ahead of it and is 200+MB and the other has ![xxxxx] ahead of it and is 40+MB - not sure which one I should choose here? I tried the one with # ahead of it for now
  3. The game seems to crash quite frequently during a value search and I can't seem to fix it
  4. You mentioned that you previously found the base ATK multiplier but since that value is not explicitly listed in a dungeon I am not sure how to find it... could you please give me a hint?

Would appreciate any and all help 🙂

Thank you!

  • Moderators
Posted
1 hour ago, FanningPanda said:

After hours upon hours of being stupid I finally got the phone rooted and GG downloaded... I tried to run GG on Puzzles and Dragons but have encountered a number of issues:

  1. Should I be running HW or SW? Might be a stupid question...
  2. In process selection, I always see two instances of P&D, one has #[xxxxx] ahead of it and is 200+MB and the other has ![xxxxx] ahead of it and is 40+MB - not sure which one I should choose here? I tried the one with # ahead of it for now
  3. The game seems to crash quite frequently during a value search and I can't seem to fix it
  4. You mentioned that you previously found the base ATK multiplier but since that value is not explicitly listed in a dungeon I am not sure how to find it... could you please give me a hint?

Would appreciate any and all help 🙂

Thank you!

1. HW + SW

Pick one or the other, doesn't matter unless one seems to not function.

2. Ptrace protection. You can try in settings at very bottom disable protection for all apps (disable magisk hide to apply and then re enable.

Or, kill game with gg. Select, "restart without protection".

3. You'll need to mess with gg hide options. (1 through 4) and ptrace protection method to find a good combination to counter the protection.

4. This is different game then I thought. But I still managed atk/move time and possibly much more. I did debug the game, but something is definitely watching lib in RAM, any editing to lib in RAM instantly crashes game.

Posted
29 minutes ago, NoFear said:

1. HW + SW

Pick one or the other, doesn't matter unless one seems to not function.

2. Ptrace protection. You can try in settings at very bottom disable protection for all apps (disable magisk hide to apply and then re enable.

Or, kill game with gg. Select, "restart without protection".

3. You'll need to mess with gg hide options. (1 through 4) and ptrace protection method to find a good combination to counter the protection.

4. This is different game then I thought. But I still managed atk/move time and possibly much more. I did debug the game, but something is definitely watching lib in RAM, any editing to lib in RAM instantly crashes game.

Thank you NoFear! Very helpful.

Could you please explain a bit what you meant in your #4 (as you can tell I'm very new to this)? How could I find / change / edit attack and movement time? I have been trying but still not sure how to find the variables (also not sure what debugging / watching lib means XD). Thanks!

 

Posted
7 hours ago, NoFear said:

1. HW + SW

Pick one or the other, doesn't matter unless one seems to not function.

2. Ptrace protection. You can try in settings at very bottom disable protection for all apps (disable magisk hide to apply and then re enable.

Or, kill game with gg. Select, "restart without protection".

3. You'll need to mess with gg hide options. (1 through 4) and ptrace protection method to find a good combination to counter the protection.

4. This is different game then I thought. But I still managed atk/move time and possibly much more. I did debug the game, but something is definitely watching lib in RAM, any editing to lib in RAM instantly crashes game.

Hi NoFear / anyone else interested - so I spent the day doing a bunch more experimenting around with Puzzles and Dragons and wanted to share my findings. The TLDR: I could not manage to get anything to work properly...

There are only a few items that I think are worth exploring in-dungeon (focusing only on in-dungeon since that is the period when the game is not connected to the server):

  1. Attack / damage / 1-shot
  2. Player's health ([current / max])
  3. Time to move orbs

On attack / damage 1-shot

The damage calculation for PAD is quite complicated. Essentially each team is consisted of cards (up to 6), of which 2 are "leaders" and 4 are "subs". Each card has one or two elements (colors) and does damage when orbs of that color are matched in-dungeon. During a dungeon level, once orbs are matched, the calculation of damage factors in the following (not an exhaustive list):

  1. Each card's base attack damage stat
  2. Each card's unique properties
  3. The multipliers granted by the "leader skill"
  4. The number of combos made during each turn
  5. The colors of the orbs matched
  6. Elements of each card vs. element of the enemy
  7. Any use of "active skills"
  8. A number of other things...

Each card's damage is calculated separately and each card attacks the enemy's overall health pool during each turn. The challenge is that a lot of the calculation elements here (such as base multiplier, each card's attack stat, etc.) are static, so I could not figure out a way to find the variables to make my team 1-shot the enemy.

Player's Health

So this is an interesting one that I thought would have been easy to do, since both the max health and the current health are shown, and the numbers always change. I was able to use GG to find the health variable and change / freeze the values. Here is the interesting part: the freeze / value change seems to impact the display only, and not the actual underlying health. When I get hit enough times that I should die, I don't actually die, but instead the solving board is frozen and I can no longer match the orbs anymore. The display still shows the values that I froze the variables at, but the dungeon becomes unplayable. Now, if I use an "active skill" to heal back to above 0 health, the orbs becomes movable again, and the game is able to continue. I tried both direct search and encrypted value search, but still can't seem to make myself "truly invincible" - when the "background health" figure reaches 0 the orbs become frozen and I can no longer continue...

Time to Move Orbs

The time to move orbs per turn is dependent on the cards you bring to the dungeon, so once you enter a dungeon, the time becomes fixed (for example, 8 seconds). However, there are active sills that the player can use to change the time to move per turn temporarily, so I used that to search for the movement time variable. However, no matter how many times I refine the results, I just cannot seem to pinpoint that variable, and my time to move orbs still remains at the default amount...

 

Sorry for the long report - I just found it quite interesting. I saw a bunch of old posts here where people tried to hack PAD (many years ago) and couldn't find success. I wonder if anyone is interested in giving this a shot out of curiosity 🙂

Thanks!

  • Moderators
Posted

I'll share guide later... Pretty much will cover everything you want and possibly more

  • Moderators
Posted

 

 

Base move time is 5. So anything "extra" it's what you'll be looking for. As for all those float values nearby..... No idea. You would have to check each and find what its effect is. If a character has like reward boost, maybe equip them and edit all the float value? I know I edit like 3 of the float values, only 1 is needed (I think directly under time) for modifying atk multiplier or something....

This is very basic video....  Don't really have the time to trial and error and find what everything does.

Posted
51 minutes ago, NoFear said:

 

 

Base move time is 5. So anything "extra" it's what you'll be looking for. As for all those float values nearby..... No idea. You would have to check each and find what its effect is. If a character has like reward boost, maybe equip them and edit all the float value? I know I edit like 3 of the float values, only 1 is needed (I think directly under time) for modifying atk multiplier or something....

This is very basic video....  Don't really have the time to trial and error and find what everything does.

Holy... this is pure magic! I am replaying your video on 0.25x speed to try to figure out what you did. Could you please explain what you were searching for with the array 5;1;0;1;1::17?

Really appreciate you spending the time!

  • Moderators
Posted
1 hour ago, FanningPanda said:

Holy... this is pure magic! I am replaying your video on 0.25x speed to try to figure out what you did. Could you please explain what you were searching for with the array 5;1;0;1;1::17?

Really appreciate you spending the time!

I haven't played enough to fully understand what the values are nearby and if they change later in the game.... 

Posted
2 hours ago, NoFear said:

I haven't played enough to fully understand what the values are nearby and if they change later in the game.... 

Thank you again NoFear - I've got it to work on my end. I am just amazed that you knew exactly what array of values to search for without even knowing the game at all. Through some experimentation, I realized that the first number of the five (in your case the "5") is the "combined flat time extension offered through leader skills of both leaders on a team", and the second number affects the ATK multiplier (for all cards, for some reason, even though every card's multiplier is calculated separately). Incredibly helpful - I will do my own experimentation to find the health multiplier. Thank you very much!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.