Advice for bin file

bue · December 24, 2023

Hi guys,I got bin files from the game by dumping memory in gg.But I don't know what next can I do.Can Bin files I got help game hacking?I am so confused.I tried everything.Dumping lib file,dex file and finding values that is so challenging.So what can I do next with that bin file?My mission is to get offset.

kiynox · December 24, 2023

[ @bue ]
---

Quote

Can Bin files I got help game hacking?I I tried everything.Dumping lib file,dex file and finding values that is so challenging

All games component is inside library (.so) or OBB, not dex file.
---

Quote

Hi guys,I got bin files from the game by dumping memory in gg.But I don't know what next can I do

What's your point of dumping? It is just saving raw memory into a file. It is pointless if you don't know the way to read it. You can however 'try' to read it by dissasembling the dumped datas using some tools like: IDA Pro, Ghidra, x64dbg, etc; but you need to have some experience in reading assembly (architectural language: ARM, x86, RISC, etc)
---

Quote

My mission is to get offset.

Offset is not obtained by dumping. Did you know what "offset" is? Offset is just basically a diplacement from base address, it is just the way to get our final address, it is like: base + offset = final (1 + 2 = 3). If you're talking about libil2cpp dumper / ue4 dumper, then you're missing the point by dumping raw data from memory. Those 'dumpers' tools is reading the game memory structure from metadata/pattern, read the string references, and then saving it to a file (cs/json file), thus making it readable.
---
So how to get Offset?

- Finds your hack manually using Game Guardian -> copy the 'hack' address -> find out the memory range of our address -> copy the first address of our memory range -> now calculate: hack address - first address of our memory range = offset. You can do all these inside Game Guardian or do some calculation online: Hex Calculator
- Dissasemble our library using tools I mentioned earlier -> find strings related to our hacks (ex: emulator) -> find any references to our string (xref) -> your offset is the address of any function that referenced by our string.

I made alot of simplification here, it might sounds hard, but it is easy once you understand it.

Edited December 24, 2023 by kiynox

kiynox · December 25, 2023

[ @bue ]
---

Quote

Can I use hex editor instead ida,ghidra?

Unfortunately you can't. Your only option on the phone is to use Game Guardian. Hex editor cannot translate hex into readable assembly instruction, it is pretty much useless.
---

Quote

For example,I find 'diamond' in dump lib file by searching 'diamond' in search bar in MT manager. Am I right or worng?

You are wrong. You're only finding string/text that has nothing to do with diamond values. If you want to find diamond values using only string/text, you need to use IDA/ any dissasembler apps that can do string reference. Also, diamond values are usually server sided, meaning that you can't change it only trough memory / library.
---
I've seen alot of people trying to hack 'myid'. Looking at it, it is some kind of internet provider app isn't it? It must have been online games. If that's the case, then you can't hack it. It is the same as browser games, where the games is preloaded from server and has nothing to do with the app itself. Meaning that the values are not stored inside the app but rather server sided.

bue · December 24, 2023

1 hour ago, kiynox said:

[ @bue ]
---

All games component is inside library (.so) or OBB, not dex file.
---

What's your point of dumping? It is just saving raw memory into a file. It is pointless if you don't know the way to read it. You can however 'try' to read it by dissasembling the dumped datas using some tools like: IDA Pro, Ghidra, x64dbg, etc; but you need to have some experience in reading assembly (architectural language: ARM, x86, RISC, etc)
---

Offset is not obtained by dumping. Did you know what "offset" is? Offset is just basically a diplacement from base address, it is just the way to get our final address, it is like: base + offset = final (1 + 2 = 3). If you're talking about libil2cpp dumper / ue4 dumper, then you're missing the point by dumping raw data from memory. Those 'dumpers' tools is reading the game memory structure from metadata/pattern, read the string references, and then saving it to a file (cs/json file), thus making it readable.
---
So how to get Offset?

- Finds your hack manually using Game Guardian -> copy the 'hack' address -> find out the memory range of our address -> copy the first address of our memory range -> now calculate: hack address - first address of our memory range = offset. You can do all these inside Game Guardian or do some calculation online: Hex Calculator

- Dissasemble our library using tools I mentioned earlier -> find strings related to our hacks (ex: emulator) -> find any references to our string (xref) -> your offset is the address of any function that referenced by our string.

I made alot of simplification here, it might sounds hard, but it is easy once you understand it.

Hey I know you.Do you have some kind of social media like telegram?I want to ask something specific.Thanks for your reply.

kiynox · December 24, 2023

[ @bue ]
---

Quote

Do you have some kind of social media like telegram?

I do have: @kiynox
---

Quote

I want to ask something specific

Just dm me here
---

bue · December 24, 2023

4 hours ago, kiynox said:

Just dm me here

So I got the bin file like this.

How can I know what I wanted?Can I use hex editor instead ida,ghidra?I also used dumping lib file.But it does not give what I wanted.I have other lib file not ill2cpp.In dumping lib file,most used with metadata.But I have not.So I dump lib file which is large in size with termux.There are many lib file.So I do one by one.And I find things what I wanted by strings.For example,I find 'diamond' in dump lib file by searching 'diamond' in search bar in MT manager.Am I right or worng?Anyway gg doesn't show associated lib file for game.

So I tried all the methods I can.Any advice.

bue · December 25, 2023

23 minutes ago, kiynox said:

[ @bue ]
---

Unfortunately you can't. Your only option on the phone is to use Game Guardian. Hex editor cannot translate hex into readable assembly instruction, it is pretty much useless.
---

You are wrong. You're only finding string/text that has nothing to do with diamond values. If you want to find diamond values using only string/text, you need to use IDA/ any dissasembler apps that can do string reference. Also, diamond values are usually server sided, meaning that you can't change it only trough memory / library.
---
I've seen alot of people trying to hack 'myid'. Looking at it, it is some kind of internet provider app isn't it? It must have been online games. If that's the case, then you can't hack it. It is the same as browser games, where the games is preloaded from server and has nothing to do with the app itself. Meaning that the values are not stored inside the app but rather server sided.

So there is no hope.But I saw the video that someone play that game in hack mode but I didn't see game guardian icon.Is there any powerful memory editor?The video I saw perform the different playstyle of game not changing items.Unfortunately,I can't upload videos on this site to show you.Different play style I mean is they change the reward time,damage the enemy directly hp.For example,the reward time is arrived after we completed one wave.But they did reward time at all time.Completing one wave is difficult and take time.Suprisingly,they did come the reward time one after one.No waiting for wave.It is hard to explain because necessity of language.

kiynox · December 25, 2023

[ @bue ]
---

Quote

Is there any powerful memory editor?

Game Guardian is already really powerful. Nothing else can't beat it unless Cheat Engine.
---

Quote

It is hard to explain because necessity of language.

You're doing a good job explaining alat. It does make sense judging from your explanation. Online games partially store some values on the client, for example cache data or temporary value. In this case, the reward / item values are stored inside your game, thus making it modifiable. It is considered a workaround to hack server-sided value using client-sided value.
---
You might want to create another topic at: requests section. You can ask other people to hack your game. Hopefully, one of our Contributor can assist you.

bue · December 26, 2023

On 12/24/2023 at 10:17 PM, SYLVIA said:

Use ida /ghidra because ida/ghidra can decompile file.so

Hey is IDA free?The official download website does not respond when I try to download everytime.I downloaded ghidra.In youtube,ghidra is installed with JDK.Which JDK do you use?Thanks for reply.

kiynox · December 26, 2023

[ @bue ]
---

Quote

Hey is IDA free?

IDA is a paid program. There's a free version with limited features but I would suggest using cracked/pirated version of IDA Pro. Check it on: ThePirateBay
---

Quote

ghidra is installed with JDK

The minimum requirement is to use JDK 17 or above. See: Ghidra Installation Guide. You can use JDK from Oracle itself: Java17
---

bue · December 27, 2023

20 hours ago, kiynox said:

There's a free version with limited features but I would suggest using cracked/pirated version of IDA Pro. Check it on: ThePirateBay

Can you send me another link?The link you gave me redirect the ads web every time I register.I can't download.Or you can send me your ida through link.

I have no credit card to register.

Edited December 27, 2023 by bue

bue · December 27, 2023

21 hours ago, kiynox said:

[ @bue ]
---

IDA is a paid program. There's a free version with limited features but I would suggest using cracked/pirated version of IDA Pro. Check it on: ThePirateBay
---

The minimum requirement is to use JDK 17 or above. See: Ghidra Installation Guide. You can use JDK from Oracle itself: Java17
---

Anyhow I got IDA freeware 8.3.But I can't upload bin file.It says 'This version can only disassemble the PE file'.

kiynox · December 28, 2023

[ @bue ]
---

Quote

Can you send me another link?The link you gave me redirect the ads web every time I register.I can't download.Or you can send me your ida through link.

You can visit: ThePirateBays then search for IDA. Reminder that it is a torrent site, which you need: UTorrent to download the file.
---

Quote

I have no credit card to register.

You dont need a credit card. It is free after all. You got the wrong site probably.
---

Quote

'This version can only disassemble the PE file'.

That's the limitation of using IDA Free, you need IDA Pro to do all things.
---

bue · January 1

On 12/25/2023 at 12:14 PM, kiynox said:

It is considered a workaround to hack server-sided value using client-sided value.

Alright I got IDA pro.What shoul I do next?How am I do it about what you said?

kiynox · January 1

[ @bue ]
---

Quote

How am I do it about what you said?

Just open your dumper datas in IDA, file -> open -> your dumped datas -> set the 'processor type' to 'ARM' -> ok. I recommend to learn assembly first.
---

bue · January 5

On 1/1/2024 at 4:38 PM, kiynox said:

I recommend to learn assembly first

Can you do that for me?I will send you lib file.There will be 8 lib files.I am trying to learn assembly language.Please can you do it?

Sign In

Advice for bin file

Question

bue

17 answers to this question

Recommended Posts

kiynox

kiynox

bue

kiynox

bue

bue

kiynox

bue

kiynox

bue

bue

kiynox

bue

kiynox

bue

Create an account or sign in to comment

Create an account

Sign in

Similar Content

File Check login Help

Can't open file in Nox

Error while uploading files.

Failed to read file list

How to dump protected libil2cpp.so file?

Downloads

Activity

My Activity Streams

Important Information