Speedhack and Android 13

[PaoloBello]

Hi!

I'm trying to use speedhack on fate grand order. It used to work fine on my old phone with android 11 and it worked fine in f1 sandbox on my new phone. Now i just rooted the phone but i can't get it to work, it just doesn't do anything. What could be the problem? This is the logcat. Thanks in advance!

GG_logcat_r101.1_16142_13_33.log

[MC874]

Hi @PaoloBello,  here's my findings about your log file.

[ Problem ]

Quote

02-21 01:07:43.728 25729 25729 I android-daemon: VM_FAIL 2: -1 72956000, 4, 14, Bad address
02-21 01:07:43.728 25729 25729 I android-daemon: call_point: 733a8e6000
02-21 01:07:43.729 25729 25729 I android-daemon: Stop, but not a breakpoint!, WIFSTOPPED(1) at 733a8e6000

I have no idea why Game Guardian starts Hooking at Bad Address. The problematic address 72956000 could be non-existent and result in such.

Quote

02-21 01:07:43.729 25729 25729 I android-daemon: breakpoint: status(47f) WIFSTOPPED(1) WIFEXITED(0) WIFSIGNALED(0) WTERMSIG(127) WEXITSTATUS(4), WCOREDUMP(0) WSTOPSIG(4)
02-21 01:07:43.729 25729 25729 I android-daemon: aarch64: x0: 73de7a2060, x1: 2, x2: 5, x3: eea20, x4: 0, x5: 733a8e6000, x6: 0, x7: 7f7f7f7f7f7f7f7f, x8: 62, x9: 9, x10: 3b9aca00, x11: 0, x12: 36, x13: a40, x14: d, x15: 0, x16: 734500f398, x17: 73cb917d90, x18: 72d5172000, x19: 73de7a202c, x20: b400007322129800, x21: b4000073220d6d90, x22: 5, x23: b400007347522644, x24: 1, x25: 2, x26: b400007347522630, x27: 1, x28: 73319e7000, x29: 73319e65e0, x30: 7344c83800, sp: 73319e6560, pc: 733a8e6000, pstate: 1400

It is being said that the 'Bad Address' are categorized as X5 Register which responsible for Arguments and Returning values. The erros is defined more at WSTOPSIG(4) which returns Signal 4 that means SIGILL or Illegal Instruction. 

Quote

x7: 7f7f7f7f7f7f7f7f

Funny enough, X7 Register is also likely to be Invalid. Since the call point is Invalid, its causing X7 Register to displace into default / undefined address.

[ Notes ]

Quote

02-21 01:07:43.728 25729 25729 I android-daemon: elf_hook64 Find 0 '0x5e83845e36': 0, 0, 0, 2, 1
02-21 01:07:43.728 25729 25729 I android-daemon: elf_hook64 Find 0 19 :715024b7c8:f67c8 '0x5e83845e36': eea20, 0
02-21 01:07:43.735 25729 25729 I android-daemon: Copy lib: /data/app/~~xIZ3y_YJoIbDECfdZ7i0nQ==/com.aniplex.fategrandorder.en-dOdkiKO3fDaTSo8wtEDQ4A==/lib/arm64/_lib6.so, /data/user/0/com.yvgdrncu/files/GG-mBAC/lib6.so

• Mentioned here, the Game uses ARM64 Library. Perhaps you should enforce the game to run on ARM32. You can check the Game Library at /data/app/com.aniplex.fategrandorder.en/lib. If the game has ARM32 / Armeabi-v7a, you can try to delete or move to other path the ARM64 / Arm64-v8a folder. If it's doesn't have both folder, redownload the game from: Fate Grand Order, then you can try to copy the Armeabi-v7a library from the APK to previous /data/app folder.
• Since you're on Android 13, perhaps it's caused from New Phantom Processes. Check this documentation on how to disable it: Phantom: Cached and Empty Processes. Make sure you're enable them again before rebooting the Android, so you won't face any weird behaviour.

[PaoloBello]

Hi!

Thanks for answering. I tried both the methods you suggested but i can't get it to work. The phantom process killer didn't change anything and copying the armv7 library makes the game crash. Anyway, I don't think it's something related to ARM64. My previous phone had the same game with only the ARM64 lib but the speedhack was working fine.

Just for testing i tried the GG tester app and it's working fine (i attached a logcat taken when gg tester was running just for comparison).

I also tried the memory edit function and it's working fine on every app/game.

I'm using Magisk Delta with Magisk Hide enabled instead of the official release, could it cause any problems to game guardian?

gg_tester.log

[MC874]

Hi @PaoloBello, There's not many to compare from GG_Tester log and your Previous LogCat.

[ Answer ]

Quote

android-daemon: Libs path: /data/app/~~iQWQzCSAZ-366BLfcLvO4g==/gg.tester-KudgyWiU8BCmiMWHE7yAQw==/lib/arm

One thing to Note, gg.tester is infact using 32-Bit Architecture (Arm / Armeabi-v7a). Game Guardian SpeedHack are intended for 32-Bit Apps even in some cases could also work on 64-Bit version of the game.

Quote

Arm:
android-daemon: get sel: Permissive
android-daemon: sel set: 1 0 0
android-daemon: elf_hook32 Find 0 '0x5f7c816459': d2ef0bc0, 0, 29bc0, 155, 1
android-daemon: elf_hook32 Find 1 '0x5f7c816461': d2eef010, 0, 28010, 5, 1
android-daemon: find all
android-daemon: _reader: d2ef0bc0, _config: d2eef010; _reader: 0, _config: 0;

Arm64:
android-daemon: _reader: 0, _config: 0; _reader: 0, _config: 0;
android-daemon: Send code: 10
android-daemon: VM_FAIL 2: -1 72956000, 4, 14, Bad address
android-daemon: VM_FAIL 2: -1 ebad6000, 4, 14, Bad address
android-daemon: elf_hook64 Find 0 '0x5e83845e36': 0, 0, 0, 2, 1
android-daemon: elf_hook64 Find 0 19 :715024b7c8:f67c8 '0x5e83845e36': eea20, 0
android-daemon: find all
android-daemon: call_point: 733a8e6000
android-daemon: create shell code: 14 268 90; 2f 47

Game Guardian uses different approach for each Architecture Bits, on x64 it's create a shell code (assuming because of empty _reader or different Hook).

Quote

72956000
ebad6000
733a8e6000

Interesting to note that the Problematic Logcat contains 3 address that has '6000' suffix number but end up using 733a8e6000 instead on the call_point.

Quote

I'm using Magisk Delta with Magisk Hide enabled instead of the official release, could it cause any problems to game guardian?

I don't think Magisk is the root cause here, it's more likely because of Android itself since it's newer version of Android. Even most Virtual Machine aren't working properly in this Android Version. Android 12-13 implements a ground breaking (literally breaks any) feature related to App Processes such as Per-App Rootspaces, Phantom Watcher, and more.

[ Notes ]

• - Can you check if the app has Architecture.apk inside /data/app/com.aniplex.fategrandorder.en (Arm64-v8a.apk) to make sure it wasn't a Split APK's
• - Perhaps you should stay using F1 Sandbox since it has Older Version of Android (Atleast not Android 12-13) and it's being based a Virtual Machine, it should be based on 32-Bit Architecture (64-Bit are emulated in most Virtual Machine / Emulator)

[ Similar Topic ]
There's many SpeedHack issue related to Newer Version of Android, but this thread is kind of different from others:

• SpeedHack doesnt work on Samsung S21 Android 12
• SpeedHack not working Android 12
• SpeedHack Diagnostics: Android 13
   

[PaoloBello]

Hi!

I just checked and i have a "base.apk" inside that folder. I'm 100% sure it's not a split apk because i download it from apkpure.

I did more testing and all x64 apps doesn't work, so it's probably something related to android 13 like you were saying. I don't think it's something i can fix by myself, a new update of gameguardian is probably needed.

For the moment i'm using a different approach, i found out that the app is using unity, so the Auto Speed Hack unity script is working fine, it's not easy and 100% working like the gg speedhack but it's ok for the time being.

Thanks for your help!

[MC874]

Quote

I did more testing and all x64 apps doesn't work, so it's probably something related to android 13 like you were saying

Hi @PaoloBello, beside Android 13, it's also dependent on Architecture. If you have found other alternative or Virtual Machine that works on Android 13, please let me know, so that other games can again be playable other than Specificly aimed towards Unity.

Quote

i found out that the app is using unity, so the Auto Speed Hack unity script is working fine

Clever, I'm glad that you have found the solution. I will also suggest other people to use this in the future if there's someone that also struggle with SpeedHack.

Quote

Thanks for your help!

You are always be welcomed in the forum