How to dump custom lib file with gg?

Arshu_zeus · October 23, 2022

Currently i am trying to hack/mod asphalt 9. While hacking it i found out that asphalt 9 doesn't use il2cpp or ue4 libs they have custom lib named as libAsphalt9.so and i tried to find metadata.dat file but unable to find it. I thought that libAsphalt9.so could be dump by ill2cpp dumper but without metadata file i can't do it. If anyone knows please help me. It would be great way to increase our knowledge. @NoFear

DARK_DEMON_SCRIPTER · October 24, 2022

On 10/23/2022 at 10:35 AM, Arshu_zeus said:

Currently i am trying to hack/mod asphalt 9. While hacking it i found out that asphalt 9 doesn't use il2cpp or ue4 libs they have custom lib named as libAsphalt9.so and i tried to find metadata.dat file but unable to find it. I thought that libAsphalt9.so could be dump by ill2cpp dumper but without metadata file i can't do it. If anyone knows please help me. It would be great way to increase our knowledge. @NoFear

Well bro try ida app which is used for disassembling libs

This app can be used only in pc

Arshu_zeus · October 27, 2022

On 10/24/2022 at 9:49 PM, DARK_DEMON_SCRIPTER said:

Well bro try ida app which is used for disassembling libs

This app can be used only in pc

I already tried ida app but it was so complicated and i didn't able to find offsets

Edited October 27, 2022 by Arshu_zeus

DARK_DEMON_SCRIPTER · October 28, 2022

9 hours ago, Arshu_zeus said:

I already tried ida app but it was so complicated and i didn't able to find offsets

Watch some tutorial videos of ida on yt

MC189 · October 28, 2022

11 hours ago, Arshu_zeus said:

I already tried ida app but it was so complicated and i didn't able to find offsets

Hi! IDA by default only dissasembling bytecode into set of instruction, this is harder for starters because they also need to learn assembly language. For easier read, you can use Pseudo-code plugin on IDA.

- If you're using IDA Pro crack version, you need to find IDA that has Hex-Rays feature to able use Pseudo-code.
- Use CTRL+Enter to open a new Pseudo-code window in IDA
- You can search IDA 7.0/7.2 (I forgot) that has Hex-Rays feature.

Alternatively, you can use Ghidra. It's a similar app to IDA and it's Free. I think they also have some Decompiler that able to create a Pseudo-code from plain library (I haven't test it yet, so IDK). Or you can learn Assembly itself, usually concatenate MOV, JMP, BL Instruction would lead to an Offset. Anyway here's some Reference related to Assemblies:

- Hex-Patching
- Libil2cpp.so Editing

Arshu_zeus · October 28, 2022

4 hours ago, MainC said:

Hi! IDA by default only dissasembling bytecode into set of instruction, this is harder for starters because they also need to learn assembly language. For easier read, you can use Pseudo-code plugin on IDA.

- If you're using IDA Pro crack version, you need to find IDA that has Hex-Rays feature to able use Pseudo-code.

- Use CTRL+Enter to open a new Pseudo-code window in IDA

- You can search IDA 7.0/7.2 (I forgot) that has Hex-Rays feature.

Alternatively, you can use Ghidra. It's a similar app to IDA and it's Free. I think they also have some Decompiler that able to create a Pseudo-code from plain library (I haven't test it yet, so IDK). Or you can learn Assembly itself, usually concatenate MOV, JMP, BL Instruction would lead to an Offset. Anyway here's some Reference related to Assemblies:

- Hex-Patching

- Libil2cpp.so Editing

Thanks sir i will try your method but can you please try to examine the Asphalt9 for me. Earlier tried many games with il2cpp lib and dump them to find offsets like freefire but in asphalt9 i wasn't able to find global metadata. So I wasn't able to know how to dump.cs it. Please can you do it for me?

Arshu_zeus · October 28, 2022

12 hours ago, MainC said:

Hi! IDA by default only dissasembling bytecode into set of instruction, this is harder for starters because they also need to learn assembly language. For easier read, you can use Pseudo-code plugin on IDA.

- If you're using IDA Pro crack version, you need to find IDA that has Hex-Rays feature to able use Pseudo-code.

- Use CTRL+Enter to open a new Pseudo-code window in IDA

- You can search IDA 7.0/7.2 (I forgot) that has Hex-Rays feature.

Alternatively, you can use Ghidra. It's a similar app to IDA and it's Free. I think they also have some Decompiler that able to create a Pseudo-code from plain library (I haven't test it yet, so IDK). Or you can learn Assembly itself, usually concatenate MOV, JMP, BL Instruction would lead to an Offset. Anyway here's some Reference related to Assemblies:

- Hex-Patching

- Libil2cpp.so Editing

I installed ida pro 7.0 it has hex rays decompiler. I opened libAsphalt9.so file in ida pro then after fully disassemble of lib i opened subiew with strings. And found some strings on searching like Nitro, top speed, etc then i graph view the function in which the string was present the generate psuedo code of that function. But I was confuse where is the offsets.

MC189 · October 29, 2022

10 hours ago, Arshu_zeus said:

I installed ida pro 7.0 it has hex rays decompiler. I opened libAsphalt9.so file in ida pro then after fully disassemble of lib i opened subiew with strings. And found some strings on searching like Nitro, top speed, etc then i graph view the function in which the string was present the generate psuedo code of that function. But I was confuse where is the offsets.

Hi! Pseudo-code views doesn't convert offset into literal bytes, it shows as a function name . Usually it named as sub_5678, unk_5678, etc. You can simply click on that function and takes note on the address. Sometimes it's also include encrypted string, so you need to xored that. To view it very clearly, you need to dump the SDK instead of using Disassemblers. Sorry that I can't give a visual example, I don't have much time to do that. Typed this on my mobile phone xD

Arshu_zeus · October 29, 2022

1 hour ago, MainC said:

Hi! Pseudo-code views doesn't convert offset into literal bytes, it shows as a function name . Usually it named as sub_5678, unk_5678, etc. You can simply click on that function and takes note on the address. Sometimes it's also include encrypted string, so you need to xored that. To view it very clearly, you need to dump the SDK instead of using Disassemblers. Sorry that I can't give a visual example, I don't have much time to do that. Typed this on my mobile phone xD

It's ok at least you are replying to my problem. This makes me to learn new things by getting hurdles. I will to dump SDK after I learn what that means

Arshu_zeus · October 31, 2022

On 10/29/2022 at 10:13 AM, MainC said:

Hi! Pseudo-code views doesn't convert offset into literal bytes, it shows as a function name . Usually it named as sub_5678, unk_5678, etc. You can simply click on that function and takes note on the address. Sometimes it's also include encrypted string, so you need to xored that. To view it very clearly, you need to dump the SDK instead of using Disassemblers. Sorry that I can't give a visual example, I don't have much time to do that. Typed this on my mobile phone xD

I haven't found any tutorial on SDK dump. Please help me to find hack or offset or to find nitro value in Asphalt 9 legends.

Sign In

How to dump custom lib file with gg?

Question

Link to comment

Share on other sites

9 answers to this question

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Similar Content

Important Information