Converting Hex to Arm (lib scripting) (pixel force 3)

[Crystal_Mods100x]

Hi. i want to convert these hex to arm like the original into replaced! 

Game: Pixel Force 2

lib dumped: il2cpp.so

example offsets: (real ones from the C# functions)

public bool poison: 0x58

public bool electric: 0x59

public bool slowdown: 0x5A

public bool lead: 0x58

class : improve stats

public float multip_weaponCooldown: 0x58

public float add_weapon damage: //0x5C

public float mult_spray: 0x64

How do i convert these to arm and do the original and replace script? also does this need a rooted device? Thanks!

 

 

[Jyxz]

Are you sure those are offsets? 

 

 

[Crystal_Mods100x]

56 minutes ago, Jyxz said:

Are you sure those are offsets? 

 

 

these are functions that trigger something when u edit them they are offsets 

btw my device is Arm64

[Jyxz]

hmmmmmm.Isnt offset need to be much longer? such as  0x2ebb368 

[MrKendom]

Actually I'm professional on this , no it's doesn't need root to edit , it's enough to use hex editor to edit & using IDA for values ARM & Thumb penetration , well to import these values you must do this code

print(gg.getRangesList("libil2cpp.so")[1]["start"]) -- Gives Offset of Library

After you get the offset of the Library , convert it to hex , or use Hex Calculator or use the next Scheme Scheme :

offset = 0x27 -- These kind of Offset can't be used , use Methods & Voids or larger offsets , if you find like this Offset ignore it , just because it's on other field and not final offset , this is just example for showing
print(gg.getRangesList("libil2cpp.so")[1]["start"] + offset)

• EDIT : 

for original , it's always "7F 45 4C 46 01 01 01 00" , offset it's what offset you found in Dump ( don't use such tiny numbers like 0x37 , use bigger one like 0x726252 , mean just ignore NON-Methods & Voids offsets ) , for replaced , you need to explore the Instruction of ARM using hex editor or something like it , you will understand the arm what does it mean & then make your arm , convert it to hex ARM x86 , put it in replaced , and you are done !

[Jyxz]

Heyh mr kendom.does this apply to libUE4 game??. I attach ny code here.This method i see people used in pubg.I already dumped my ue4 and already have the offset of the recoil.But still i failed.Is there anything wrong?

 

Quote

function PS()
end
function setvalue(address,flags,value) PS('Modify address value(Address, value type, value to be modified)') local tt={} tt[1]={} tt[1].address=address tt[1].flags=flags tt[1].value=value gg.setValues(tt) end
so=gg.getRangesList('libUE4.so')[1].start
py=0x2ebb368 
setvalue(so+py,16,0)
py=0x2ebb334
setvalue(so+py,16,0)
py=0x2ebb300
setvalue(so+py,16,0)
py=0x2ebb2cc
setvalue(so+py,16,0)
gg.toast("⟦No recoil")

 

 

[MrKendom]

You Probably didn't get error when editing the results , check this results & check if they are edited to 0 & doesn't changing , if they are trying to back to old values , you probably have done mistake in finding right offsets , + This method of PUBG is editing instructions , mean offset you find in dumped LibUE4.so is the value of srart of each method , you have to go to that offset & explore Instruction , once you understand that there's motivation of Instruction there , start adding 0x4 to jump between Instructions as example :

offSet_of_dump = 0x947262

instructionNumber = 1 -- Put Instruction You find in GG Viewer ( Not "0" , that's means you are editing function or method it's self )

valueToEdit = gg.getRangesList("libUE4.so")[1]["start"] + offset_of_dump + (0x4*instructionNumber)

-- Here you edit the valueToEdit

8 hours ago, Jyxz said:

Heyh mr kendom.does this apply to libUE4 game??. I attach ny code here.This method i see people used in pubg.I already dumped my ue4 and already have the offset of the recoil.But still i failed.Is there anything wrong?

 

 

 

[Crystal_Mods100x]

1 hour ago, MrKendom said:

You Probably didn't get error when editing the results , check this results & check if they are edited to 0 & doesn't changing , if they are trying to back to old values , you probably have done mistake in finding right offsets , + This method of PUBG is editing instructions , mean offset you find in dumped LibUE4.so is the value of srart of each method , you have to go to that offset & explore Instruction , once you understand that there's motivation of Instruction there , start adding 0x4 to jump between Instructions as example :

offSet_of_dump = 0x947262

instructionNumber = 1 -- Put Instruction You find in GG Viewer ( Not "0" , that's means you are editing function or method it's self )

valueToEdit = gg.getRangesList("libUE4.so")[1]["start"] + offset_of_dump + (0x4*instructionNumber)

-- Here you edit the valueToEdit

 

can you explain more?

so first that line of code presents the lib file of the ranges.

next i have to convert that into offset

if i can't use methods or functions and the offsets are larger i think in the dump.cs file but idk if they are the Name spaces or the actually class functions.

sorry lol and if we are editing we have to get the ranges then add the offset of the file plus a bigger number?

[Jyxz]

10 hours ago, MrKendom said:

You Probably didn't get error when editing the results , check this results & check if they are edited to 0 & doesn't changing , if they are trying to back to old values , you probably have done mistake in finding right offsets , + This method of PUBG is editing instructions , mean offset you find in dumped LibUE4.so is the value of srart of each method , you have to go to that offset & explore Instruction , once you understand that there's motivation of Instruction there , start adding 0x4 to jump between Instructions as example :

offSet_of_dump = 0x947262

instructionNumber = 1 -- Put Instruction You find in GG Viewer ( Not "0" , that's means you are editing function or method it's self )

valueToEdit = gg.getRangesList("libUE4.so")[1]["start"] + offset_of_dump + (0x4*instructionNumber)

-- Here you edit the valueToEdit

 

Wait.What is gg viewer