Jump to content
  • 0

Can a group search be done for encrypted value or any other way to speed up the process?


Question

Posted (edited)

Hello,

The value I need is encrypted.  So I perform a search on the exact value and I check the "value is encrypted" option. Then I do the usual decrease, refine....etc until I find the correct value. I know it's encrypted because if I don't use the "value is encrypted" option I can't find it.  My question is, how can I speed up or automate the process? Normally for a non-encrypted value I would perform a group search and then create a script and done. But unfortunately in this case the value is encrypted and once I type in my group search the "value is encrypted option" disappears. And no matter what I use for a group search does not find the value. So when I close and reopen the game I am forced to repeat the whole search then decrease then refine process every time which is time consuming. Any trick to speed up or automate this situation?  Thank you very much

Edited by Sami1982

Recommended Posts

  • 1
Posted
5 hours ago, Sami1982 said:

Okay but the value is never the same after I restart the game. The screenshots are attached. I can also share a quick video of me finding the encrypted health value and demonstrating that it works if this helps. I just need a telegram or some other means of sharing as I tried posting a youtube link to an unlisted video here but it wouldn't allow me to do it.

Dead Trigger2(a).jpg

Dead Trigger 2(b).jpg

Dead Trigger 2(c).jpg

The video would be helpful. In fact, when you find your health value can you run @Lover1500 his script:

Class name and Field offset searcher (#4udgq21d)

And send a screenshot of the prompt.

  • 1
Posted (edited)
26 minutes ago, Sami1982 said:

Okay the screenshot is attached.  I sent you a youtube link to an unlisted video in a private message because when I tried to post the link here it wouldn't allow me to do it. 

Thanks

capture2.jpg

It's not on unlisted. It's on private. Ok thanks for providing the screenshot.

Edited by nok1a
  • 1
Posted (edited)
1 hour ago, Sami1982 said:

Oops. Sorry about that. I changed it to unlisted.  No thank YOU for trying to help me. 🤝

Weird. Installed the mod APK which was behaving really weird. I still could not find the value as you did using encrypted search. Do i have to search the value when i am in increasing my health with a medkit instead of when my health goes down? I found a health value using unknown search, it's possible the same as yours but if i edit it as you did "-9,999,999.0" the health value changes to 1. Do you always get a high health when you edit to 9999999 ?

Can you check if you go the address of the health value it looks like this? Are the pointers at the same distance from where the health value is located as the in the screenshots?

Screenshot_2024-01-03-13-12-01-174_com.x8zs.sandbox.jpg

Edited by nok1a
added more info
  • 1
Posted (edited)

When changing last byte of the health value to -127 i get high health value.

Screenshot_2024-01-03-13-28-35-912_com.x8zs.sandbox.jpg

Screenshot_2024-01-03-13-28-33-638_com.x8zs.sandbox.jpg

"Personally i don't think it looks that simple to automate the process". Group search perhaps won't work.

Edited by nok1a
Wrong info
  • 1
Posted

I was thinking about pointer search. But not sure. Can you search the health value and select the 3 bytes and send a screenshot of the xor result. Like this.

Screenshot_2024-01-03-13-42-20-447_com.x8zs.sandbox.jpg

Screenshot_2024-01-03-13-42-03-617_com.x8zs.sandbox.jpg

  • 1
Posted (edited)
9 minutes ago, Sami1982 said:

Okay, whether I search with or without the pause menu visible doesn't seem to have any bearing on whether or not I find results. The only thing that seems to determine whether or not I get results is what group size I use. If I use ::13 I get nothing (again with or without the pause menu visible) for both the 256 and 257. Whereas if I use ::65536  I get thousands of results for the 257 and 5 to 7 results for the 256. I did a "goto" on all 7 results and randomly messed with the nearby negative values but unfortunately none were the correct health value.

The funny thing is that having the "autopause game" setting in GG on "no" VS "yes" seems to make no difference at all.  While actively in a mission, if you tap on GG's icon, you can perform your search without the pause menu visible regardless of what the setting says.  If you want to perform the search WITH the pause menu visible all you have to do is tap on the X of GG's upper left and you'll immediately be brought to the pause menu and then you can tap on GG's icon again to perform your search with the pause menu visible. 

Oke and what about the group search 327,684D;22D;28D;0D;33,554,931D? When you enable all regions and go in match and search. No result?

The thing is, the group search and script i have tried on emulator and mobile phone and on both worked. And the values remain same even after restart of the game. So perhaps you have to find your health value and then you have to execute a script i can give you. And then we perhaps find out what for values are at the location of which your supposed to have: 327,684D;22D;28D;0D;33,554,931D. Possible it will be static for you as well. But first check if this group search works when enabling all regions.

Edited by nok1a
  • 1
Posted (edited)
1 minute ago, Sami1982 said:

Sorry this may have been an oversight on my part.....I just now re-confirmed this, and with all regions enabled, the 327,684D;22D;28D;0D;33,554,931D::65 search yields the following restuls:

But again none of the negative values around those results are the correct ones

GG.jpg

GG1.jpg

Execute the script i gave you, and send screenshot of the prompt.

Edited by nok1a
request scr
  • 1
Posted (edited)
5 hours ago, Sami1982 said:

FYI I've reached my maximum posts for today. So if you reply to me and I can't reply until tomorrow you know why lol

Got it.

5 hours ago, Sami1982 said:

It worked!

Glad to hear. Thank you to for continuing with it instead of dropping out halfway. Finding group searches for other members through communication of a forum takes time. Requires a bit of Forward and Back communication. People can get demotivated. You pulled through.

5 hours ago, Sami1982 said:

how you came up with that group search or even how the pointer search is working

Group search was possible to find using my emulator and phone. When searching group search for other person or for your self you need to at least have the game on 2 different devices or virtuals to have some confirmation that your group search is possibly a static one.

As far i know in gameguardian a pointer is a value that points to an address in the virtual memory of the process. I don't want to tell you wrong info so i keep it with this link: https://en.wikipedia.org/wiki/Pointer_(computer_programming)#:~:text=Pointers are used to store,which objects are dynamically allocated.

GameGuardian highlights possible pointers with a colour: https://gameguardian.net/help/help.html#help_hex_colors

Pointers are more clear in 64bit games. On 32bit games to many values are highlighted but they aren't all pointers...after some practise you can quickly filter out the none pointers from actual pointers.

The pointer represents some object. 

If you can't find a group search around the value of interest you can follow the pointers which usually will lead to some static values. In lot's of cases the game needs to uses pointer references from an object in order to update for example your health value when you take damage.

In GG i used the nearest pointer that had the same distance from the health value on both devices. And kept using "go to pointer" till i saw a block of values that is the same on both devices so i could use it to make a group search. Then what you have to do in the script is use "gg.searchPointer(0)" and this will do the opposite. Instead of going to pointer you will be get all addresses that have a pointer that points to your address.

I advice you to check some scripts that uses pointer search and combine it with your manual knowledge on how to use the GG pointer feature.

Use the print() feature in the script to slowly debug the script. And use --[[ ]] to ignore code so that you can see line by line what happens.

Edited by nok1a
  • 1
Posted (edited)
1 hour ago, Sami1982 said:

why did you refine "0" in your group search?

Because the address i needed to perform pointer search on was closest (4 bytes) from it.

imagen.thumb.png.cd3eaf921bd326bbf32758560b11e6bb.png

I could use any value of the group search and increment it with the distance to the desired address (0x9865E5B4). Actually i should not have done the refine, it's useless in this case since the group search is accurate.

 

 

 

Edited by nok1a
  • 1
Posted (edited)
4 hours ago, Sami1982 said:

But I'm a bit hazy on the "gg.searchPointer(0)" part.

It finds all pointers pointing to your address. To use it you need to load the address(es) you want to perform the pointer search on in the result list.

gg.loadResults({{address = grp[1].address + 0x4, flags = gg.TYPE_DWORD}})

Adds 4 bytes to the address, 0x9865E5B0 + 0x4 = 0x9865E5B4 and then loads it in the result list in data type dword.

pointerscr.thumb.png.bd7bc2cd63800793fc5d1ed730388bbf.png

gg.searchPointer(0)

Does the pointer search in the given ranges. Basically it's like doing: gg.searchNumber(9865E5B4h, gg.TYPE_DWORD)

205218492_Capturadepantalla2024-01-04235552.thumb.png.3b5db7a9c96c5e4576c1861c56511a72.png

You get a few results.

I dunno how gameguardian does it behind the hood but now i use gg.searchPointer(0) again because i want to perform pointer search on each of those addresses...that's why a second time.

1604062261_Capturadepantalla2024-01-04235929.thumb.png.bfa774e185208e9042498ff9acb5fe2e.png

I have now more results because there are a lot of pointers pointing to those few addresses from previous screenshot. Now i need to filter them out because the health value was one more pointer search away, and the address to pointer search is in this result list. One of those addresses had 4 bytes above it a value 1.0F. That's the same value i asked you to search using 256F;1.0F::16. Sadly it returned no results for you. But the 1.0F value is located 4 bytes above one of those addresses in the result list. So i used that for filter out all these values and to get only 1 address left.

local t = gg.getResults(gg.getResultsCount())
local sensitivity = {}
for i, v in ipairs(t) do
  sensitivity[i] = {address = v.address - 0x4, flags = gg.TYPE_FLOAT}
end
sensitivity = gg.getValues(sensitivity)

subtracted 0x4 from all the addresses in the result list and stored it in a new table(sensitivity) with data type float.

local healthPointer = {}
for i = 1, #sensitivity do
  if sensitivity[i].value == 1.0 then
    healthPointer[i] = {address = t[i].address, flags = gg.TYPE_DWORD}
  end
end

Checked which address of the table sensitivity contained the value 1.0F using iteration and if it found it should store the address that is 4 bytes under it in the table healthPointer and then load it in the result list using:

gg.loadResults(healthPointer)

1795071831_Capturadepantalla2024-01-05001406.thumb.png.6e6223b5eddcd534be32ce868e228465.png

It found a match and loaded the address in result list:

281135382_Capturadepantalla2024-01-05001620.thumb.png.6edc67960a19fcde9a1171e192be430a.png

Script performs pointer search again.

local res = gg.getResults(1)
local health = {[1] = {address = res[1].address + 0x4, flags = gg.TYPE_FLOAT, name = "Health"}}

Will get 1 result, the health value is 4 bytes under that address...so i add 4 bytes to the address and store in the table health and gave it a name.

1939784903_Capturadepantalla2024-01-05001916.thumb.png.c519f3305f734f9abbb45c31d542adcc.png

44654860_Capturadepantalla2024-01-05002017.thumb.png.9a9adbcb06bb8a519547bce8267470e6.png

gg.addListItems(health)
gg.loadResults(health)

Add the table health in the saved list.

And loads it as well in the result list.

Adviced to check out the Lua scripting documentation.

Edited by nok1a
correction of type comparison at line 19.
  • 0
Posted
On 12/27/2023 at 11:02 AM, Sami1982 said:

Hello,

The value I need is encrypted.  So I perform a search on the exact value and I check the "value is encrypted" option. Then I do the usual decrease, refine....etc until I find the correct value. I know it's encrypted because if I don't use the "value is encrypted" option I can't find it.  My question is, how can I speed up or automate the process? Normally for a non-encrypted value I would perform a group search and then create a script and done. But unfortunately in this case the value is encrypted and once I type in my group search the "value is encrypted option" disappears. And no matter what I use for a group search does not find the value. So when I close and reopen the game I am forced to repeat the whole search then decrease then refine process every time which is time consuming. Any trick to speed up or automate this situation?  Thank you very much

Encrypted search:


-- encrypted search
gg.searchNumber('-10', gg.TYPE_DWORD, true)

https://gameguardian.net/help/classgg.html#a14685d871e664a2f8ea74dc3293e428e

  • 0
Posted (edited)
3 hours ago, nok1a said:

Encrypted search:


-- encrypted search
gg.searchNumber('-10', gg.TYPE_DWORD, true)

https://gameguardian.net/help/classgg.html#a14685d871e664a2f8ea74dc3293e428e

Thank you so much for replying but I need to perform an encrypted group search. You provided an example of an encrypted search for a single number. I have already tried to use the word "true" instead of "false" after my group search and unfortunately I get no results. In other words, nothing happens except I am immediately prompted to restart the script. Either I am doing something wrong or I think the encryption key is changing with every restart of the game in which case I might be out of luck LOL. Oh well! 😒 

Edited by Sami1982
  • 0
Posted (edited)

maybe you can share the game name and what you are trying to find?

so that people can look for a way to find it.

Edited by MonkeySAN
  • 0
Posted (edited)

Hi, thanks for the reply.  It's an old offline version of Dead Trigger 2 (version 1.5.1). Am I allowed to post a link here? If so I would link it.  What I need is a way to speed up/automate finding the health value. It's encrypted and I can find it fairly easily by checking the "this value is encrypted" option and then taking damage, decrease, refine...etc.  But I was hoping for a quicker way to re-find it once I restart the game so that I don't have to repeat this process all over every time I restart the game.  I can't find any unique/non-changing values above or below my main value.  I went all over the list of values and recorded videos and compared the values but they are always changing when the game restarts. I tried dozens of values but none of them give any results in the search once the game restarts.  I also tried the offsets method, finding xor key, pointer search..... but again once the game restarts sadly nothing works. I get no results whatsoever. Is it possible the encryption key is always changing when the game restarts and as such there is no way to accomplish what I want? 😞

Edited by Sami1982
  • 0
Posted
On 1/1/2024 at 2:05 PM, MonkeySAN said:

maybe you can share the game name and what you are trying to find?

so that people can look for a way to find it.

Sorry I meant to reply to you with a quote, but instead I did it without a quote. Not sure if you got notified of my reply or not. But anyway, here it is:

Hi, thanks for the reply.  It's an old offline version of Dead Trigger 2 (version 1.5.1). Am I allowed to post a link here? If so I would link it.  What I need is a way to speed up/automate finding the health value. It's encrypted and I can find it fairly easily by checking the "this value is encrypted" option and then taking damage, decrease, refine...etc.  But I was hoping for a quicker way to re-find it once I restart the game so that I don't have to repeat this process all over every time I restart the game.  I can't find any unique/non-changing values above or below my main value.  I went all over the list of values and recorded videos and compared the values but they are always changing when the game restarts. I tried dozens of values but none of them give any results in the search once the game restarts.  I also tried the offsets method, finding xor key, pointer search..... but again once the game restarts sadly nothing works. I get no results whatsoever. Is it possible the encryption key is always changing when the game restarts and as such there is no way to accomplish what I want? 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.