Jump to content
  • 0

How to dump custom lib file with gg?


Arshu_zeus
 Share

Question

Currently i am trying to hack/mod asphalt 9. While hacking it i found out that asphalt 9 doesn't use il2cpp or ue4 libs they have custom lib named as libAsphalt9.so and i tried to find metadata.dat file but unable to find it. I thought that libAsphalt9.so could be dump by ill2cpp dumper but without metadata file i can't do it. If anyone knows please help me. It would be great way to increase our knowledge. @NoFear

Link to comment
Share on other sites

10 answers to this question

Recommended Posts

  • 0
On 10/23/2022 at 10:35 AM, Arshu_zeus said:

Currently i am trying to hack/mod asphalt 9. While hacking it i found out that asphalt 9 doesn't use il2cpp or ue4 libs they have custom lib named as libAsphalt9.so and i tried to find metadata.dat file but unable to find it. I thought that libAsphalt9.so could be dump by ill2cpp dumper but without metadata file i can't do it. If anyone knows please help me. It would be great way to increase our knowledge. @NoFear

Well bro try ida app which is used for disassembling libs 

This app can be used only in pc

Link to comment
Share on other sites

  • 0

 

On 10/24/2022 at 9:49 PM, DARK_DEMON_SCRIPTER said:

Well bro try ida app which is used for disassembling libs 

This app can be used only in pc

I already tried ida app but it was so complicated and i didn't able to find offsets 

Edited by Arshu_zeus
Link to comment
Share on other sites

  • 0
11 hours ago, Arshu_zeus said:

 

I already tried ida app but it was so complicated and i didn't able to find offsets 

Hi! IDA by default only dissasembling bytecode into set of instruction, this is harder for starters because they also need to learn assembly language. For easier read, you can use Pseudo-code plugin on IDA.

  • - If you're using IDA Pro crack version, you need to find IDA that has Hex-Rays feature to able use Pseudo-code.
  • - Use CTRL+Enter to open a new Pseudo-code window in IDA
  • - You can search IDA 7.0/7.2 (I forgot) that has Hex-Rays feature.

Alternatively, you can use Ghidra. It's a similar app to IDA and it's Free. I think they also have some Decompiler that able to create a Pseudo-code from plain library (I haven't test it yet, so IDK). Or you can learn Assembly itself, usually concatenate MOV, JMP, BL Instruction would lead to an Offset. Anyway here's some Reference related to Assemblies:

Link to comment
Share on other sites

  • 0
4 hours ago, MainC said:

Hi! IDA by default only dissasembling bytecode into set of instruction, this is harder for starters because they also need to learn assembly language. For easier read, you can use Pseudo-code plugin on IDA.

  • - If you're using IDA Pro crack version, you need to find IDA that has Hex-Rays feature to able use Pseudo-code.
  • - Use CTRL+Enter to open a new Pseudo-code window in IDA
  • - You can search IDA 7.0/7.2 (I forgot) that has Hex-Rays feature.

Alternatively, you can use Ghidra. It's a similar app to IDA and it's Free. I think they also have some Decompiler that able to create a Pseudo-code from plain library (I haven't test it yet, so IDK). Or you can learn Assembly itself, usually concatenate MOV, JMP, BL Instruction would lead to an Offset. Anyway here's some Reference related to Assemblies:

Thanks sir i will try your method but can you please try to examine the Asphalt9 for me. Earlier tried many games with il2cpp lib and dump them to find offsets like freefire but in asphalt9  i wasn't able to find global metadata. So I wasn't able to know how to dump.cs it. Please can you do it for me?

Link to comment
Share on other sites

  • 0
12 hours ago, MainC said:

Hi! IDA by default only dissasembling bytecode into set of instruction, this is harder for starters because they also need to learn assembly language. For easier read, you can use Pseudo-code plugin on IDA.

  • - If you're using IDA Pro crack version, you need to find IDA that has Hex-Rays feature to able use Pseudo-code.
  • - Use CTRL+Enter to open a new Pseudo-code window in IDA
  • - You can search IDA 7.0/7.2 (I forgot) that has Hex-Rays feature.

Alternatively, you can use Ghidra. It's a similar app to IDA and it's Free. I think they also have some Decompiler that able to create a Pseudo-code from plain library (I haven't test it yet, so IDK). Or you can learn Assembly itself, usually concatenate MOV, JMP, BL Instruction would lead to an Offset. Anyway here's some Reference related to Assemblies:

I installed ida pro 7.0 it has hex rays decompiler. I opened libAsphalt9.so file in ida pro then after fully disassemble of lib i opened subiew with strings. And found some strings on searching like Nitro, top speed, etc then i graph view the function in which the string was present the generate psuedo code of that function. But I was confuse where is the offsets.

Link to comment
Share on other sites

  • 0
10 hours ago, Arshu_zeus said:

I installed ida pro 7.0 it has hex rays decompiler. I opened libAsphalt9.so file in ida pro then after fully disassemble of lib i opened subiew with strings. And found some strings on searching like Nitro, top speed, etc then i graph view the function in which the string was present the generate psuedo code of that function. But I was confuse where is the offsets.

Hi! Pseudo-code views doesn't convert offset into literal bytes, it shows as a function name . Usually it named as sub_5678, unk_5678, etc. You can simply click on that function and takes note on the address. Sometimes it's also include encrypted string, so you need to xored that. To view it very clearly, you need to dump the SDK instead of using Disassemblers. Sorry that I can't give a visual example, I don't have much time to do that. Typed this on my mobile phone xD

Link to comment
Share on other sites

  • 0
1 hour ago, MainC said:

Hi! Pseudo-code views doesn't convert offset into literal bytes, it shows as a function name . Usually it named as sub_5678, unk_5678, etc. You can simply click on that function and takes note on the address. Sometimes it's also include encrypted string, so you need to xored that. To view it very clearly, you need to dump the SDK instead of using Disassemblers. Sorry that I can't give a visual example, I don't have much time to do that. Typed this on my mobile phone xD

It's ok at least you are replying to my problem. This makes me to learn new things by getting hurdles. I will to dump SDK after I learn what that means 😁

Link to comment
Share on other sites

  • 0
On 10/29/2022 at 10:13 AM, MainC said:

Hi! Pseudo-code views doesn't convert offset into literal bytes, it shows as a function name . Usually it named as sub_5678, unk_5678, etc. You can simply click on that function and takes note on the address. Sometimes it's also include encrypted string, so you need to xored that. To view it very clearly, you need to dump the SDK instead of using Disassemblers. Sorry that I can't give a visual example, I don't have much time to do that. Typed this on my mobile phone xD

I haven't found any tutorial on SDK dump. Please help me to find hack or offset or to find nitro value in Asphalt 9 legends.

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.