Jump to content
  • 0

Speed hack doesn't work on Galaxy S21 Android 12


LITTLETIMMYWANTWIN

Question

4 answers to this question

Recommended Posts

Hi @LITTLETIMMYWANTWIN, this thread is need more additional information to trace the problems:

  • - Mention Android version from both devices
  • - Provides Game Guardian logcat from troubled device
  • - If possible, also mention the Game Guardian Package Name (random name on /data/app) along with Device Logcat. To do this use Termux and put command belows:
su
logcat -d > device_logcat.txt

In the meantime, you could take your time to read some similar issue, since it's commonly happen recently (Mostly on Android 12-13 platform):

Link to comment
Share on other sites

22 hours ago, MC189 said:

Hi @LITTLETIMMYWANTWIN, this thread is need more additional information to trace the problems:

  • - Mention Android version from both devices
  • - Provides Game Guardian logcat from troubled device
  • - If possible, also mention the Game Guardian Package Name (random name on /data/app) along with Device Logcat. To do this use Termux and put command belows:
su
logcat -d > device_logcat.txt

In the meantime, you could take your time to read some similar issue, since it's commonly happen recently (Mostly on Android 12-13 platform):

Hi, thanks for replying. The old device had android 11, this one has android 12. Tested in V8 sandbox on my new phone and it works. The package name is com.tahnvmurzdvgulhgxdet, the app name is Sk Mselhh. Logs from new phone provided below:

GG_logcat_r101.1_16142_12_31.rar

Link to comment
Share on other sites

Hi @LITTLETIMMYWANTWIN, I've seen some similarities from the thread that I mentioned earlier.

[ SpeedHack ]
Do note that SpeedHack is emulating Global Timers which involve Floating Point. It will access time() function in the kernel. It's often called as Float SpeedHack which will speed-up your Entire Game. Let's see it in action at line 242126

elf_hook64 Find 0 26 :744843b238:2496238 '0x645b818e36': b8056, 0
create shell code: 14 268 9c; 3b 59

This is an initial Hooking/Debugging moment when Game Guardian attach itself into the Target Process. Then create a shell payload, assuming this is the value for the Global SpeedHack.

SS 0: status(57f) WIFSTOPPED(1) WIFEXITED(0) WIFSIGNALED(0) WTERMSIG(127) WEXITSTATUS(5), WCOREDUMP(0) WSTOPSIG(5)
aarch64: x0: 792fc09000, x1: 1000, x2: 5, x3: 22, x4: ffffffffffffffff, x5: 0, x6: 0, x7: 76234104a8, x8: de, x9: 9, x10: 3b9aca00, x11: 0, x12: 173fee, x13: 1280d63792, x14: 3504ddacf54e04, x15: 26762762, x16: 762320f398, x17: 7924d335c0, x18: 75af176000, x19: b4000076447dc390, x20: b4000077947c0140, x21: b4000076447dc3a0, x22: 2, x23: b4000076547f36a4, x24: 1, x25: 2, x26: b4000076547f3690, x27: 1, x28: 7604742000, x29: 76047415e0, x30: 7622e83800, sp: 7604741560, pc: 722a7004, pstate: 1000

This line if often refered as a problem because of WIFSTOPPED(1) with True value. The reason of WIFSTOPPED defined at WSTOPSIG(5) that returns signal 5 status or SIGTRAP. The reason this is not a problem, or not causing the Game to crash is because: SIGTRAP is ONLY a Signal and won't make the Game exit since it's being Hooked.

RP: 722a7004; 722a7000
PTRACE_SETREGS diff:
aarch64: x0: b4000076447dc3a0, x1: 80, x2: 2, x3: 7604741588, x4: 0, x5: 0, x6: 0, x7: 76234104a8, x8: 62, x9: 9, x10: 3b9aca00, x11: 0, x12: 173fee, x13: 1280d63792, x14: 3504ddacf54e04, x15: 26762762, x16: 762320f398, x17: 7924d335c0, x18: 75af176000, x19: b4000076447dc390, x20: b4000077947c0140, x21: b4000076447dc3a0, x22: 2, x23: b4000076547f36a4, x24: 1, x25: 2, x26: b4000076547f3690, x27: 1, x28: 7604742000, x29: 76047415e0, x30: 7622e83800, sp: 7604741560, pc: 7924d335dc, pstate: 1000
aarch64: x0: b4000076447dc3a0, x1: 80, x2: 2, x3: 7604741588, x4: 0, x5: 0, x6: 0, x7: 76234104a8, x8: 62, x9: 9, x10: 3b9aca00, x11: 0, x12: 173fee, x13: 1280d63792, x14: 3504ddacf54e04, x15: 26762762, x16: 762320f398, x17: 7924d335c0, x18: 75af176000, x19: b4000076447dc390, x20: b4000077947c0140, x21: b4000076447dc3a0, x22: 2, x23: b4000076547f36a4, x24: 1, x25: 2, x26: b4000076547f3690, x27: 1, x28: 7604742000, x29: 76047415e0, x30: 7622e83800, sp: 7604741560, pc: 7924d335dc, pstate: 201000

Then, Game Guardian receives the Signal and causes PTRACE_SETREGS, which Modify the Floating-Point Registers (Float) from initial Register on aarch64 line. Assuming the target address is the emulated time() function made by Game Guardian.

[ Problems ]

Load shell: 9c
Change registers
breakpoint: status(77f) WIFSTOPPED(1) WIFEXITED(0) WIFSIGNALED(0) WTERMSIG(127) WEXITSTATUS(7), WCOREDUMP(0) WSTOPSIG(7)
aarch64: x0: 792fc09060, x1: 2, x2: 2, x3: b8056, x4: 0, x5: 7619873000, x6: 0, x7: 76234104a8, x8: 62, x9: 9, x10: 3b9aca00, x11: 0, x12: 173fee, x13: 1280d63792, x14: 3504ddacf54e04, x15: 26762762, x16: 762320f398, x17: 7924d335c0, x18: 75af176000, x19: 792fc0902c, x20: b4000077947c0140, x21: b4000076447dc3a0, x22: 2, x23: b4000076547f36a4, x24: 1, x25: 2, x26: b4000076547f3690, x27: 1, x28: 7604742000, x29: 76047415e0, x30: 7619873004, sp: 7604741560, pc: b8056, pstate: 1000
Stop, but not a breakpoint!, WIFSTOPPED(1) at b8056
VM_FAIL 2: -1 b8036, 80, 14, Bad address

The actual problems starts at Line 242141, where the PC Register changed while carrying Loaded Shell. The clear problems mentioned in Bad Address line. The WSTOPSIG(7) now returns signal 7 or SIGBUS. This means that: One of your CPU accessed an Invalid Address that caused SIGSEGV (Fault Error). As you can see the Previous Register is 7924d335dc, the changed one is b8056. This happen multiple times, so I assume that it is because you're trying the SpeedHack multiple times.

SemDvfsHyPerManager: acquire hyper - com.samsung.android.game.gos/18047@12, type = -999
HYPER-HAL: [RequestManager.cpp]acquire(): Acquired ID : 163072782  [18047 / 12]    HINT :      list : [GPUMaxFreq / 403000] 

It is suspicious that Samsung GameOptimization Services (com.samsung.android.game.gos) jumped right in, after the first SpeedHack failure.

android-daemon: Copy lib cp: 13, Permission denied; /data/app/~~28ifrxEZ87DGg4V1HuXgFA==/com.autumn.skullgirls-EadASe0uFmOffS1opmzJxw==/lib/arm64/_lib6.so; /data/user/0/com.tahnvmurzdvgulhgxdet/files/GG-E9lq/lib6.so

The thing to notice is that the Game runs on ARM64 Architecture. The Daemon have some Permission difficulty where it can't access the lib6.so. I'm not sure if it's explain the SpeedHack failure or because of Game Optimiziation Services. The lib6.so is somewhat important since it's involve glibc which include Process Linker and Build

Time.EdgeLightingManager: isCallingUserSupported : callingUserId=0, mUserId=0, isDualAppId=false, isKnoxId=false
EdgeLightingManager: hideForNotification : packageName = com.tahnvmurzdvgulhgxdet
EdgeLightingPolicyManager:NotificationGroup: remove : sbn : StatusBarNotification(pkg=com.tahnvmurzdvgulhgxdet user=UserHandle{0} id=1 tag=null key=0|com.tahnvmurzdvgulhgxdet|1|null|10332: Notification(channel=null shortcut=null contentView=com.tahnvmurzdvgulhgxdet/0x10900b7 vibrate=null sound=null defaults=0x0 flags=0x62 color=0x00000000 actions=1 vis=PRIVATE semFlags=0x0 semPriority=0 semMissedCount=0))

Also, as Game Guardian is inherited to Samsung Knox. It might be that: both Devices have different Security Patches related to Knox.

[ Thoughts ]

  • - Tried to override the Game to runs on ARM32. In /data/app/com.autumn.skullgirls/lib/, if there's 2 folder inside, remove the arm64/arm64-v8a one, so it's only arm/armeabi-v7a. Otherwise redownload the game from: Skull Girls
  • - Perhaps temporarily disable Samsung GameOptimization Service? If it's not a problem, you can still enable them back.
  • - Otherwise, Sandbox is the only way to go. Perhaps you can jump into more advanced one such as using Custom OS / Samsung OS with Android 11 (If its compatible with your Device Model), or Rollback Security Patches.

[ Conclusion ]
I can only offers some Log Analysis, the true reason of 'Why PC Register are changing' is still Unknown. This is exactly the same as:

Link to comment
Share on other sites

23 hours ago, MC189 said:

Hi @LITTLETIMMYWANTWIN, I've seen some similarities from the thread that I mentioned earlier.

[ SpeedHack ]
Do note that SpeedHack is emulating Global Timers which involve Floating Point. It will access time() function in the kernel. It's often called as Float SpeedHack which will speed-up your Entire Game. Let's see it in action at line 242126

elf_hook64 Find 0 26 :744843b238:2496238 '0x645b818e36': b8056, 0
create shell code: 14 268 9c; 3b 59

This is an initial Hooking/Debugging moment when Game Guardian attach itself into the Target Process. Then create a shell payload, assuming this is the value for the Global SpeedHack.

SS 0: status(57f) WIFSTOPPED(1) WIFEXITED(0) WIFSIGNALED(0) WTERMSIG(127) WEXITSTATUS(5), WCOREDUMP(0) WSTOPSIG(5)
aarch64: x0: 792fc09000, x1: 1000, x2: 5, x3: 22, x4: ffffffffffffffff, x5: 0, x6: 0, x7: 76234104a8, x8: de, x9: 9, x10: 3b9aca00, x11: 0, x12: 173fee, x13: 1280d63792, x14: 3504ddacf54e04, x15: 26762762, x16: 762320f398, x17: 7924d335c0, x18: 75af176000, x19: b4000076447dc390, x20: b4000077947c0140, x21: b4000076447dc3a0, x22: 2, x23: b4000076547f36a4, x24: 1, x25: 2, x26: b4000076547f3690, x27: 1, x28: 7604742000, x29: 76047415e0, x30: 7622e83800, sp: 7604741560, pc: 722a7004, pstate: 1000

This line if often refered as a problem because of WIFSTOPPED(1) with True value. The reason of WIFSTOPPED defined at WSTOPSIG(5) that returns signal 5 status or SIGTRAP. The reason this is not a problem, or not causing the Game to crash is because: SIGTRAP is ONLY a Signal and won't make the Game exit since it's being Hooked.

RP: 722a7004; 722a7000
PTRACE_SETREGS diff:
aarch64: x0: b4000076447dc3a0, x1: 80, x2: 2, x3: 7604741588, x4: 0, x5: 0, x6: 0, x7: 76234104a8, x8: 62, x9: 9, x10: 3b9aca00, x11: 0, x12: 173fee, x13: 1280d63792, x14: 3504ddacf54e04, x15: 26762762, x16: 762320f398, x17: 7924d335c0, x18: 75af176000, x19: b4000076447dc390, x20: b4000077947c0140, x21: b4000076447dc3a0, x22: 2, x23: b4000076547f36a4, x24: 1, x25: 2, x26: b4000076547f3690, x27: 1, x28: 7604742000, x29: 76047415e0, x30: 7622e83800, sp: 7604741560, pc: 7924d335dc, pstate: 1000
aarch64: x0: b4000076447dc3a0, x1: 80, x2: 2, x3: 7604741588, x4: 0, x5: 0, x6: 0, x7: 76234104a8, x8: 62, x9: 9, x10: 3b9aca00, x11: 0, x12: 173fee, x13: 1280d63792, x14: 3504ddacf54e04, x15: 26762762, x16: 762320f398, x17: 7924d335c0, x18: 75af176000, x19: b4000076447dc390, x20: b4000077947c0140, x21: b4000076447dc3a0, x22: 2, x23: b4000076547f36a4, x24: 1, x25: 2, x26: b4000076547f3690, x27: 1, x28: 7604742000, x29: 76047415e0, x30: 7622e83800, sp: 7604741560, pc: 7924d335dc, pstate: 201000

Then, Game Guardian receives the Signal and causes PTRACE_SETREGS, which Modify the Floating-Point Registers (Float) from initial Register on aarch64 line. Assuming the target address is the emulated time() function made by Game Guardian.

[ Problems ]

Load shell: 9c
Change registers
breakpoint: status(77f) WIFSTOPPED(1) WIFEXITED(0) WIFSIGNALED(0) WTERMSIG(127) WEXITSTATUS(7), WCOREDUMP(0) WSTOPSIG(7)
aarch64: x0: 792fc09060, x1: 2, x2: 2, x3: b8056, x4: 0, x5: 7619873000, x6: 0, x7: 76234104a8, x8: 62, x9: 9, x10: 3b9aca00, x11: 0, x12: 173fee, x13: 1280d63792, x14: 3504ddacf54e04, x15: 26762762, x16: 762320f398, x17: 7924d335c0, x18: 75af176000, x19: 792fc0902c, x20: b4000077947c0140, x21: b4000076447dc3a0, x22: 2, x23: b4000076547f36a4, x24: 1, x25: 2, x26: b4000076547f3690, x27: 1, x28: 7604742000, x29: 76047415e0, x30: 7619873004, sp: 7604741560, pc: b8056, pstate: 1000
Stop, but not a breakpoint!, WIFSTOPPED(1) at b8056
VM_FAIL 2: -1 b8036, 80, 14, Bad address

The actual problems starts at Line 242141, where the PC Register changed while carrying Loaded Shell. The clear problems mentioned in Bad Address line. The WSTOPSIG(7) now returns signal 7 or SIGBUS. This means that: One of your CPU accessed an Invalid Address that caused SIGSEGV (Fault Error). As you can see the Previous Register is 7924d335dc, the changed one is b8056. This happen multiple times, so I assume that it is because you're trying the SpeedHack multiple times.

SemDvfsHyPerManager: acquire hyper - com.samsung.android.game.gos/18047@12, type = -999
HYPER-HAL: [RequestManager.cpp]acquire(): Acquired ID : 163072782  [18047 / 12]    HINT :      list : [GPUMaxFreq / 403000] 

It is suspicious that Samsung GameOptimization Services (com.samsung.android.game.gos) jumped right in, after the first SpeedHack failure.

android-daemon: Copy lib cp: 13, Permission denied; /data/app/~~28ifrxEZ87DGg4V1HuXgFA==/com.autumn.skullgirls-EadASe0uFmOffS1opmzJxw==/lib/arm64/_lib6.so; /data/user/0/com.tahnvmurzdvgulhgxdet/files/GG-E9lq/lib6.so

The thing to notice is that the Game runs on ARM64 Architecture. The Daemon have some Permission difficulty where it can't access the lib6.so. I'm not sure if it's explain the SpeedHack failure or because of Game Optimiziation Services. The lib6.so is somewhat important since it's involve glibc which include Process Linker and Build

Time.EdgeLightingManager: isCallingUserSupported : callingUserId=0, mUserId=0, isDualAppId=false, isKnoxId=false
EdgeLightingManager: hideForNotification : packageName = com.tahnvmurzdvgulhgxdet
EdgeLightingPolicyManager:NotificationGroup: remove : sbn : StatusBarNotification(pkg=com.tahnvmurzdvgulhgxdet user=UserHandle{0} id=1 tag=null key=0|com.tahnvmurzdvgulhgxdet|1|null|10332: Notification(channel=null shortcut=null contentView=com.tahnvmurzdvgulhgxdet/0x10900b7 vibrate=null sound=null defaults=0x0 flags=0x62 color=0x00000000 actions=1 vis=PRIVATE semFlags=0x0 semPriority=0 semMissedCount=0))

Also, as Game Guardian is inherited to Samsung Knox. It might be that: both Devices have different Security Patches related to Knox.

[ Thoughts ]

  • - Tried to override the Game to runs on ARM32. In /data/app/com.autumn.skullgirls/lib/, if there's 2 folder inside, remove the arm64/arm64-v8a one, so it's only arm/armeabi-v7a. Otherwise redownload the game from: Skull Girls
  • - Perhaps temporarily disable Samsung GameOptimization Service? If it's not a problem, you can still enable them back.
  • - Otherwise, Sandbox is the only way to go. Perhaps you can jump into more advanced one such as using Custom OS / Samsung OS with Android 11 (If its compatible with your Device Model), or Rollback Security Patches.

[ Conclusion ]
I can only offers some Log Analysis, the true reason of 'Why PC Register are changing' is still Unknown. This is exactly the same as:

Thanks for all the help. I look forward to a solution.

 

 

 

P.S. the game only has arm64 architecture and disabling game booster didn't do much. Also i don't know if it's related or not but now when i turn on the speedhack i don't get the "Loading speedhack..." toast message at the bottom

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.