sagorksd Posted March 28 Posted March 28 (edited) Please sir help me this game.i can't find level value tried dword,encrypted,word,xor but value Didn't find https://play.google.com/store/apps/details?id=com.CashGames.watersort Help me please @nok1a @MonkeySANMonkeySAN @THETWINSOFFICIAL Edited March 28 by sagorksd 1
MAARS Posted March 30 Posted March 30 (edited) I managed to do it using frida but using GG it seem like an impossible task or a skill issue the game is using some kind of encryption. So far this is class and offset public class levelSelection : MonoBehaviour { public bool unlockalllevel; } Edited March 30 by MAARS 1
nok1a Posted March 31 Posted March 31 On 3/30/2024 at 5:33 AM, MAARS said: I managed to do it using frida but using GG it seem like an impossible task or a skill issue the game is using some kind of encryption. So far this is class and offset public class levelSelection : MonoBehaviour { public bool unlockalllevel; } I don't see any protection though. But thanks for posting the class. It avoided me dumping the game and made it no struggle for find. I dunno why field offset finder doesn't work, perhaps a script needs to be made. Offset 0x20
MAARS Posted April 2 Posted April 2 On 3/31/2024 at 9:22 PM, nok1a said: I don't see any protection though. But thanks for posting the class. It avoided me dumping the game and made it no struggle for find. I dunno why field offset finder doesn't work, perhaps a script needs to be made. Offset 0x20 I don't know if encryption is the right word but. The memory is not disposed how it should be for a il2cpp game. Address are weird. That why any field offset finder won't work. I did manual search like for 3pmon until I gave up. Note since I had also Frida I used the exact runtime address with the goto tool with gg but that did not help at all the address lead somewhere that not the field offset 1
nok1a Posted April 2 Posted April 2 48 minutes ago, MAARS said: I don't know if encryption is the right word but. The memory is not disposed how it should be for a il2cpp game. Address are weird. That why any field offset finder won't work. I did manual search like for 3pmon until I gave up. Note since I had also Frida I used the exact runtime address with the goto tool with gg but that did not help at all the address lead somewhere that not the field offset So your not just performing pointer search on the class and then search the offset of the field?
HorridModz Posted April 2 Posted April 2 On 3/30/2024 at 12:33 AM, MAARS said: I managed to do it using frida but using GG it seem like an impossible task or a skill issue the game is using some kind of encryption. So far this is class and offset public class levelSelection : MonoBehaviour { public bool unlockalllevel; } Unrelated, but I'm trying to learn Frida myself. I know you have posted some youtube videos on the subject; is there any description you could give me or tutorial you could link to show me just how you did this? Props!
HorridModz Posted April 2 Posted April 2 (edited) 1 hour ago, MAARS said: I don't know if encryption is the right word but. The memory is not disposed how it should be for a il2cpp game. Address are weird. That why any field offset finder won't work. I did manual search like for 3pmon until I gave up. Note since I had also Frida I used the exact runtime address with the goto tool with gg but that did not help at all the address lead somewhere that not the field offset I don't understand. What does disposing memory have to do with the memory layout? Also, I have an idea for dynamically finding out the address, though I don't quite know how to do it myself. If you know the field offset, perhaps you could find a method that references the field by using a hex search or offset calculation, then navigate to the instruction that references the field? From that point, I believe that you could extract the offset from the assembly instruction - it would be relative to something, maybe an ldr or an instruction of the like - and then determine the field's address in memory. Just a suggestion; again, I don't have the experience to know if that would work. 1 hour ago, MAARS said: The memory is not disposed how it should be for a il2cpp game. Address are weird. Have you tried poking around in the dump using dnspy to find anything peculiar, such as an anticheat? Edited April 2 by HorridModz
sagorksd Posted April 11 Author Posted April 11 On 3/30/2024 at 10:33 AM, MAARS said: I managed to do it using frida but using GG it seem like an impossible task or a skill issue the game is using some kind of encryption. So far this is class and offset public class levelSelection : MonoBehaviour { public bool unlockalllevel; } Thanks
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now