Jump to content
  • 0

Can a group search be done for encrypted value or any other way to speed up the process?


Question

Posted (edited)

Hello,

The value I need is encrypted.  So I perform a search on the exact value and I check the "value is encrypted" option. Then I do the usual decrease, refine....etc until I find the correct value. I know it's encrypted because if I don't use the "value is encrypted" option I can't find it.  My question is, how can I speed up or automate the process? Normally for a non-encrypted value I would perform a group search and then create a script and done. But unfortunately in this case the value is encrypted and once I type in my group search the "value is encrypted option" disappears. And no matter what I use for a group search does not find the value. So when I close and reopen the game I am forced to repeat the whole search then decrease then refine process every time which is time consuming. Any trick to speed up or automate this situation?  Thank you very much

Edited by Sami1982

Recommended Posts

  • 0
Posted
23 minutes ago, nok1a said:

Weird. Installed the mod APK which was behaving really weird. I still could not find the value as you did using encrypted search. Do i have to search the value when i am in increasing my health with a medkit instead of when my health goes down? I found a health value using unknown search, it's possible the same as yours but if i edit it as you did "-9,999,999.0" the health value changes to 1. Do you always get a high health when you edit to 9999999 ?

Can you check if you go the address of the health value it looks like this? Are the pointers at the same distance from where the health value is located as the in the screenshots?

 

No, you don't need to increase your health with a medkit. You can decrease your health too if you want and it works as long as you don't die before you reach 10 or less values. But obviously if you're about to die and you still have a ton of results then you would naturally need to increase your health to be able to continue filtering for the correct value. By the way when taking damage, the value sometimes increases even though it should logically decrease and the opposite is true.  As such I only execute a "changed" scan.  Sometimes it gets glitchy and the only way I can find it is with an unknown search as you did.  You don't need to use -9,999,999.0.  You can simply freeze it.  No, I don't always get a high health when editing to -9,999,999.0.  Sometimes it randomly changes to 1 for me too as it did with you, in which case I simply just change it to -0.5 and that gives a high health.  And yes the pointers are at the same distance from the health value for me too.

8 minutes ago, nok1a said:

When changing last byte of the health value to -127 i get high health value.

 

 

"Personally i don't think it looks that simple to automate the process". Group search perhaps won't work.

Yeah unfortunately I had a feeling this would be the case. After my original post, the more I explored and the deeper I dug, the more evident it became to me that this wasn't going to be easily done through GG, if even at all possible.  I truly do appreciate your efforts and the time you have put into this to try to help me. Thanks a lot.

  • 1
Posted

I was thinking about pointer search. But not sure. Can you search the health value and select the 3 bytes and send a screenshot of the xor result. Like this.

Screenshot_2024-01-03-13-42-20-447_com.x8zs.sandbox.jpg

Screenshot_2024-01-03-13-42-03-617_com.x8zs.sandbox.jpg

  • 0
Posted (edited)
23 minutes ago, nok1a said:

I was thinking about pointer search. But not sure. Can you search the health value and select the 3 bytes and send a screenshot of the xor result. Like this.

 

 

Gladly!  I've attached them.  I was confused because you said "xor" but your screenshot was offset (or at least I felt that it was lol), so I took a screenshot of both just to be safe.

Capture3.jpg

capture4.jpg

Edited by Sami1982
  • 0
Posted

Have you tried doing a search in xor format? example the number of projectiles, health, stamina followed by "X12, X16...

150X12...

usually the encryption is found close to the key this way.

  • 0
Posted (edited)
2 hours ago, Sami1982 said:

Gladly!  I've attached them.  I was confused because you said "xor" but your screenshot was offset (or at least I felt that it was lol), so I took a screenshot of both just to be safe.

Capture3.jpg

capture4.jpg

Ok, i can't work with that. Also i am experiencing problems with the modded APK. Like while i am searching values gameguardian can't find the process anymore.

Aside from that i installed the latest APK and finding health value was way more easy and more making it in a script should not be an issue. I just tested it and it works fine, even if it is encrypted because it has a metadata and libil2cpp.so.
The version 1.5.1 doesn't has a libil2cpp and still uses libmono and that's why it will be a struggle finding the right pointers. The pointers point to their own address instead of a metadata.

Does the modded APK gives you any type of benefits that the latest version does not give you?

Edited by nok1a
  • 0
Posted (edited)
2 hours ago, Lenn1 said:

Have you tried doing a search in xor format? example the number of projectiles, health, stamina followed by "X12, X16...

150X12...

usually the encryption is found close to the key this way.

In the new version there is a class named "CipherProvider".
imagen.thumb.png.97b35a8e98d8a4014d9f621e5a005871.png

I am using this class as pointer reference for the script.

The health value it self is part of the class Float:
imagen.thumb.png.e91e77816b01961286f969df67aaa8ff.png

I am not sure but i think in order to find out how the value works in the old version you have to investigate that class CipherProvider. To be honest madfinger games isn't really known to change anything to their encryption and normally they don't care.

Edited by nok1a
added more info and corrected screenshots
  • 0
Posted
27 minutes ago, nok1a said:

Ok, i can't work with that. Also i am experiencing problems with the modded APK. Like while i am searching values gameguardian can't find the process anymore.

Aside from that i installed the latest APK and finding health value was way more easy and more making it in a script should not be an issue. I just tested it and it works fine, even if it is encrypted because it has a metadata and libil2cpp.so.
The version 1.5.1 doesn't has a libil2cpp and still uses libmono and that's why it will be a struggle finding the right pointers. The pointers point to their own address instead of a metadata.

Does the modded APK gives you any type of benefits that the latest version does not give you?

Wow, that's really awesome to hear!   

Being offline, the modded APK has the possibility to hack the gold so that I can instantly unlock any weapon without risking a ban.  With the latest version, it takes a long time to collect gold to unlock weapons.  I've already gradually unlocked all these weapons over the years legitimately using my good account and I don't want to risk a ban if I use GG.

  • 0
Posted (edited)
3 hours ago, nok1a said:

In the new version there is a class named "CipherProvider".
 

I am using this class as pointer reference for the script.

The health value it self is part of the class Float:
 

I am not sure but i think in order to find out how the value works in the old version you have to investigate that class CipherProvider. To be honest madfinger games isn't really known to change anything to their encryption and normally they don't care.

Okay those screenshots look like a foreign language to me LOL. Is this DNS spy or something?  

 

Edited by Sami1982
  • 0
Posted
4 hours ago, Lenn1 said:

Have you tried doing a search in xor format? example the number of projectiles, health, stamina followed by "X12, X16...

150X12...

usually the encryption is found close to the key this way.

              

Thanks for replying. I just tried this but did not succeed, unfortunately 😞

  • 0
Posted (edited)
10 hours ago, Sami1982 said:

Okay those screenshots look like a foreign language to me LOL. Is this DNS spy or something?  

 

                "Have you tried doing a search in xor format? example the number of projectiles, health, stamina followed by "X12, X16...

                   150X12..."

                   usually the encryption is found close to the key this way."

I tried this but did not succeed, unfortunately 😞

Just connecting dods that perhaps is useful for others.

Btw can you try as shown in the video?:

And on top of that also try this group search, its in region A, Ca or Cb...ranges changes at restart...could also be ranges Other actually: 327,684D;22D;28D;0D;33,554,931D::65

Edited by nok1a
Added the right ranges
  • 0
Posted (edited)

If works test out the script:

gg.setRanges(gg.REGION_ANONYMOUS | gg.REGION_C_BSS | gg.REGION_C_ALLOC)
gg.searchNumber("327,684D;22D;28D;0D;33,554,931D::65", gg.TYPE_DWORD)
gg.refineNumber("0", gg.TYPE_DWORD)
print("Group search: ", gg.getResultsCount())
local grp = gg.getResults(1)
gg.loadResults({{address = grp[1].address + 0x4, flags = gg.TYPE_DWORD}})
gg.searchPointer(0)
print("First Pointer search: ", gg.getResultsCount())
gg.searchPointer(0)
print("Second Pointer search: ", gg.getResultsCount())
local t = gg.getResults(gg.getResultsCount())
local sensitivity = {}
for i, v in ipairs(t) do
  sensitivity[i] = {address = v.address - 0x4, flags = gg.TYPE_FLOAT}
end
sensitivity = gg.getValues(sensitivity)
local healthPointer = {}
for i = 1, #sensitivity do
  if sensitivity[i].value == 1.0 then
    healthPointer[i] = {address = t[i].address, flags = gg.TYPE_DWORD}
  end
end
gg.loadResults(healthPointer)
print("Results healthPointer: ", gg.getResultsCount())
gg.searchPointer(0)
print("Third Pointer search: ", gg.getResultsCount())
local res = gg.getResults(1)
local health = {[1] = {address = res[1].address + 0x4, flags = gg.TYPE_FLOAT, name = "Health"}}
gg.addListItems(health)
gg.loadResults(health)

 

Edited by nok1a
correction of type comparison at line 19.
  • 0
Posted (edited)
8 hours ago, nok1a said:

Just connecting dods that perhaps is useful for others.

Btw can you try as shown in the video?:

And on top of that also try this group search, its in region A, Ca or Cb...ranges changes at restart...could also be ranges Other actually: 327,684D;22D;28D;0D;33,554,931D::65

Okay the search of 257;1.0F::13 in the video worked but refining to 256;1.0F::13 produced no results for me.

                 

But this search didn't produce any results at all.

                   And on top of that also try this group search, its in region A, Ca or Cb...ranges changes at restart...

                     could also be ranges Other actually: 327,684D;22D;28D;0D;33,554,931D::65

 

Do I need to be in the same mission as you?

 

 

Edited by Sami1982
  • 0
Posted (edited)
18 minutes ago, Sami1982 said:

Okay the search of 257;1.0F::13 in the video worked but refining to 256;1.0F::13 produced no results for me.

                 

But this search didn't produce any results at all.

                   And on top of that also try this group search, its in region A, Ca or Cb...ranges changes at restart...

                     could also be ranges Other actually: 327,684D;22D;28D;0D;33,554,931D::65

 

Do I need to be in the same mission as you?

 

 

You don't need to be in same mission. search 256;1.0 when the pause menu is visible. And search 257;1.0 when the pause menu is hidden.

Edited by nok1a
  • 0
Posted
41 minutes ago, Sami1982 said:

But this search didn't produce any results at all.

                   And on top of that also try this group search, its in region A, Ca or Cb...ranges changes at restart...

                     could also be ranges Other actually: 327,684D;22D;28D;0D;33,554,931D::65

Enable all regions

  • 0
Posted (edited)
36 minutes ago, nok1a said:

You don't need to be in same mission. search 256;1.0 when the pause menu is visible. And search 257;1.0 when the pause menu is hidden.

Okay, whether I search with or without the pause menu visible doesn't seem to have any bearing on whether or not I find results. The only thing that seems to determine whether or not I get results is what group size I use. If I use ::13 I get nothing (again with or without the pause menu visible) for both the 256 and 257. Whereas if I use ::65536  I get thousands of results for the 257 and 5 to 7 results for the 256. I did a "goto" on all 7 results and randomly messed with the nearby negative values but unfortunately none were the correct health value.

The funny thing is that having the "autopause game" setting in GG on "no" VS "yes" seems to make no difference at all.  While actively in a mission, if you tap on GG's icon, you can perform your search without the pause menu visible regardless of what the setting says.  If you want to perform the search WITH the pause menu visible all you have to do is tap on the X of GG's upper right corner and you'll immediately be brought to the pause menu and then you can tap on GG's icon again to perform your search with the pause menu visible. 

11 minutes ago, nok1a said:

Enable all regions

Way ahead of you Lol.  Had already done it on my own but forgot to mention it 🙂

EDIT:  Sorry this may have been an oversight on my part.....I just now re-confirmed this, and with all regions enabled, the 327,684D;22D;28D;0D;33,554,931D::65 search yields the following restuls:

But again none of the negative values around those results are the correct ones

GG.jpg

GG1.jpg

Edited by Sami1982

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.