Jump to content

Recommended Posts

  • Moderators
Posted

Without checking dump or going into ida, just simple debug to find what's reading gems. 

Armv8

Offset: 11A6C34

Edit to

B [PC,#0x80]

This will skip the area that would trigger ban. 

Then this

Offset: 113DD74

Mov w22 (large value).

This is what writes value after it does a check. So you can force it to write something excessive after it checks value (I don't think you have limit since the check will never branch to ban, see attached image).

 

You could apply this same concept to any value, just set read watch to see what is checking it, then bypass the ban. Could check dump or something to see what the offset is part of or maybe what it branches to.

 

Screenshot_2024-04-09-21-10-35-91_840f46991cfe9dcda4349eb782ec801c.jpg

Posted
5 hours ago, NoFear said:

Without checking dump or going into ida, just simple debug to find what's reading gems. 

Armv8

Offset: 11A6C34

Edit to

B [PC,#0x80]

This will skip the area that would trigger ban. 

Then this

Offset: 113DD74

Mov w22 (large value).

This is what writes value after it does a check. So you can force it to write something excessive after it checks value (I don't think you have limit since the check will never branch to ban, see attached image).

 

You could apply this same concept to any value, just set read watch to see what is checking it, then bypass the ban. Could check dump or something to see what the offset is part of or maybe what it branches to.

 

Screenshot_2024-04-09-21-10-35-91_840f46991cfe9dcda4349eb782ec801c.jpg

All was good but i tried unlocking legendary hero with 20 epic heros and boom instant ban

Screenshot_2024-04-10-12-30-44-401_com.pixelstar.gsm.jpg

  • Moderators
Posted
3 hours ago, imperialx said:

All was good but i tried unlocking legendary hero with 20 epic heros and boom instant ban

Screenshot_2024-04-10-12-30-44-401_com.pixelstar.gsm.jpg

Offset was for gems. But I think eventually ban will occur unless the anti ban (for each item) needs to remain modified.

Posted
11 hours ago, NoFear said:

is will skip the area that woul

 

12 hours ago, NoFear said:

Without checking dump or going into ida, just simple debug to find what's reading gems. 

Armv8

Offset: 11A6C34

Edit to

B [PC,#0x80]

This will skip the area that would trigger ban. 

Then this

Offset: 113DD74

Mov w22 (large value).

This is what writes value after it does a check. So you can force it to write something excessive after it checks value (I don't think you have limit since the check will never branch to ban, see attached image).

 

You could apply this same concept to any value, just set read watch to see what is checking it, then bypass the ban. Could check dump or something to see what the offset is part of or maybe what it branches to.

 

Screenshot_2024-04-09-21-10-35-91_840f46991cfe9dcda4349eb782ec801c.jpg

Interesting, this technique could be also useful with my other project, which tool you use to monitor memory access ?

  • Moderators
Posted
22 minutes ago, MAARS said:

 

Interesting, this technique could be also useful with my other project, which tool you use to monitor memory access ?

Gdb, rwatch on value.  If editing value with GG triggers a ban or local error, just rwatch value to see everything reading it. Sometimes you'll get many results, just have to go through and find the one that triggers ban. Ideally, it'd be a branch to one anti cheat function. Then you could xref that function, NOP all the branches to it, or RET the function.

Posted (edited)
2 hours ago, NoFear said:

Gdb, rwatch on value.  If editing value with GG triggers a ban or local error, just rwatch value to see everything reading it. Sometimes you'll get many results, just have to go through and find the one that triggers ban. Ideally, it'd be a branch to one anti cheat function. Then you could xref that function, NOP all the branches to it, or RET the function.

Thanks, gotta get my hands on gdb tho, never used it

Edited by MAARS
  • Moderators
Posted
4 hours ago, MonkeySAN said:

yup.

nothing happen when changing the gems directly while/after the offsets are modified.

but it need to remain modified after restart.

otherwise it trigger the ban.

Screenshot_2024_0411_013610.thumb.png.870d3aa4245510499c58aee4c1fe3342.png

Kinda figured.  Curious if gems set back to 0 when done, if restart would still get banned...

Posted
On 4/10/2024 at 10:15 PM, NoFear said:

Gdb, rwatch on value.  If editing value with GG triggers a ban or local error, just rwatch value to see everything reading it. Sometimes you'll get many results, just have to go through and find the one that triggers ban. Ideally, it'd be a branch to one anti cheat function. Then you could xref that function, NOP all the branches to it, or RET the function.

Hello NoFear, I'm now very interested in cracking games with gdb. I know you're an expert in this area, and I was hoping you could help me out.  I'm not sure if you have a discord group, but if you do, I would be very grateful if you could add me. I'm eager to learn more about gdb cracking and I'm confident that I could contribute to the group.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.