Yo-Kai watch : punipuni value question

[Lizzo]

Hi, i am a ykwpp (yokaiwatch punipuni) player and i found alot of values on the game (damage,utilities,ect...) as it is online game,coins and other consumables are server side. 

Recently, the game implemented an anti-cheat system for specific events (slingshot and golf event) the values of these events are simple, 0.1(FLOAT XA) for the two before. Some people found the solution, it was to find 3 values (one that pointed to the true value, a 0.0, and the other a value that had to be frozen for it to work)

 

It had to be activated and then deactivated for it to work and it was quickly corrected and became a ban. Here is my question:

how can we find this kind of values, what's more 2 hours after it's been corrected... there, it's the golf event that begins and no one shares the technique anymore (Japanese people who know all about the game). Using pointers? or a particular GameGuardian option? Or even a dumb lib? I also did it and I was able to recover an offset which a priori is the value of the damage but I still haven't found anything.

lua script activate cheat (exemple)

function BY()
gg.setRanges(gg.REGION_CODE_APP)
gg.searchNumber("0;8.05708312988::", gg.TYPE_FLOAT,false , nil, 0, -1)
gg.refineNumber("0", 
gg.TYPE_FLOAT,false, gg.SIGN_EQUAL, 0, -1)
gg.getResults(100)
gg.editAll("-700000", gg.TYPE_FLOAT)
gg.clearResults()
.toast("おはじきon")

Dump lib golf data.

 

[MC874]

Hi @Lizzo, you can still find out the Previous Patched value in current version with some caveats:

• - Is the cheat still findable in current version? If not, perhaps you need to use Previous Version where's the cheat works.
• - When the game Update, big games often force you to Update and make the previous version unplayable. However, you can try to bypass the Update Check and atleast reach the game lobby to properly find the 3 values you're looking for. You can try to Disable the Updater via Patching the Game Library or Internet Blocking.
• - Tho, you can also still always do the traditional ways and checking each Game Library (or dumping each lib) but it might time consuming.

[ Recovering ]
After reaching the game lobby, just try to scan these 3 values (Servers is not playable in Old version but the game itself still playable). After getting all this values, try the following things:

• - The True values is easy to find. Once you get the address, in Game Guardian Memory Editor, click on the address and press it. Some menu will shows and just press "go to address". It will brings you to Game Guardian Memory Viewer where you can press on the Address and copy it's Hex value.
• - For the Float value one, repeat the same step until you get into Memory Viewer. Now since it's a Floats value, you can try the same step again as before or find some debug symbols from your floats address. Scroll Up and Down, you can find some some strings (example: ;this_is_string) or you can also copy neighboring address hex value.

[ Reversing ]
With those above, you can find the 3 values yourself. You can try dumping the lib once again and use some Decompiler like IDA Pro or Ghidra. Tho decompilers requires PC. However, it will make the Reversing process more easier since the Library are now readable with it's Functions name and Instruction.

• 1) On IDA Pro, you can open the lib and set the Processor into ARM Little Endian. Just click OK on any popups
• 2) Inside IDA's interface, you can wait the colored bar above to turns Blue or straight away go to Hex Viewe
• 3) Inside Hex Viewer, you can go to Search section above and select "Sequence Bytes".
• 4) Paste your Hex in there and make sure to enable "Find All Occurences" so it ables to find Function with duplicated Hexes.
• 5) After you find the Hexes, hightlight it and jump into IDA View. There, you can find the Function associated with the value. You can also see the Instruction and how the Function works (such as calling other function, etc).
• 6) From there you can try to note the Function name or it's structure so you can find it on the Latest version of the game.

If you're solely on Android: You can try to find the Class or Function based on your values using some Class Finders script (If it's Unity games). The Classname or the function name can be used to find the same value on the latest version.

[ Notes ]
All the steps above is intended to locate where the values are located. Obtain it's function name or class name for future references. You can also try to understand how the function works so you will get a better grasp on why the values are related to Anti-Cheats or etc.