[DISCUSSION] Castle Clash Hack

[Cebrailefee]

I put the quote wich I found really useful here :

 

 

I've been lookin for some mods out there and came across the following on *astebin:  Note, these are for 1.2.28, so they may be a bit outdated.  Thank you google search

 

1. Castle Clash 1.2.28 mods
2. ------------------------------------------------------------------------------------------------------------------------------------------------------
3. Hero attack //PATCHED
4. -
5. -
6. -
7. -
8. -
9. ------------------------------------------------------------------------------------------------------------------------------------------------------
10. Hero HP //PATCHED
11. -
12. -
13. -
14. -
15. -
16. ------------------------------------------------------------------------------------------------------------------------------------------------------
17. Insta-Skill
18. Func["MagicManager::HeroCastSkill(srt_BattleVar *,uint)"]
19. @ 001BA750  -  instruction: BLS locret_0x1B1DB2
20. Change 22D9 -> C046
21. ------------------------------------------------------------------------------------------------------------------------------------------------------
22. Boss One Shot Kill
23. Func[battleOperation::BearAttackDamage(srt_BattleVar *,srt_BattleVar *)]
24. @ 001AAAC8  -  instruction: PUSH    {R0-R2,R4-R7,LR}
25. Change F7B5 -> 7047
26. ------------------------------------------------------------------------------------------------------------------------------------------------------
27. No hero loss for ATTACKER
28. Func["GameBattleProcessor::FightLossTotal(srt_BattleVar *)"]
29. @ 001B3882  -  instruction: BEQ loc_1AB066    -   change 00 D0 -> C0 46
30. @ 001B3A42  -  instruction: ADDS R3, #0xFC    -   change FC 33 -> C0 46
31. ------------------------------------------------------------------------------------------------------------------------------------------------------
32. No troops loss for DEFENDER //Discontinued
33. -
34. -
35. -
36. ------------------------------------------------------------------------------------------------------------------------------------------------------
37. Monster siege farm (attacker cannot attack)
38. Func [GameBattleProcessor::attackerRun(std::map<srt_BattleVar *,Building *,std::less<srt_BattleVar *>]
39. @ 001B5EC0  -  instruction:  BLS     loc_1B5EC4
40. change 00D9 -> C046
41. ------------------------------------------------------------------------------------------------------------------------------------------------------
42. Dungeon Solo (Defender not attacking)
43. Func[GameBattleProcessor::fortification]
44. @ 001B6668  -  instruction: PUSH    {R4-R7,LR}
45. change F0B5 -> 7047
46.  
47. Func [GameBattleProcessor::defenderRun(srt_BattleVar *,std::map<srt_BattleVar *,Building *,std::less<srt_BattleVar *>]
48. @ 001B57CC  -  instruction: BLS     loc_1AAE7C //
49. change 00D9 -> C046
50. ------------------------------------------------------------------------------------------------------------------------------------------------------
51. Online attack with "Recording Failed"
52. Func[VideoFileManager::SetVideoName]
53. @ 001BBC6C  -  instruction: PUSH    {R4-R7,LR}
54. Change F0B5 -> 7047
55. ------------------------------------------------------------------------------------------------------------------------------------------------------
56. Replace version info
57. 004A0646
58. ------------------------------------------------------------------------------------------------------------------------------------------------------
59. Attacker no talent use (no self destruct etc)
60. Func[MagicManager::HeroCastTalent(srt_BattleVar *,E_Battle_State,uint)]
61. @ 001BA71C  -  instruction: PUSH    {R0,R1,R4-R6,LR}
62. Change FF F7 99 FF -> C0 46 C0 46
63.  
64. ------------------------------------------------------------------------------------------------------------------------------------------------------
65. Unlimited Range (hero+spells)
66. Func[getPointMaxRange(cocos2d::CCPoint *, cocos2d::CCPoint *)]
67. @ 001AAC9A - instruction: ADDS    R0, R4, R5
68. Change 60 19 -> 601B

 

The adresses aren't the same but the functions are.
So just search for the functions

[Cebrailefee]

I modified lot of things but now I have that .i64 file that I have to convert into .so file ..
How and what to do ?

[piroy1337]

Dont you have to recompile it ??

Try this out:
 

How to build decoded files:
Just type

Quote

Example - apktool b D:\castleclash
Done!
apktool b [directory in which you have decoded the files]

 

 

and after that you have to sign:

 

First download the SignAPK tool.
Extract them to a directory you will remember. I have put them in C:\SignApk

Now just open cmd and type -

Quote

cd C:\SignApk
java -jar signapk.jar certificate.pem key.pk8 your-app.apk  your-app-signed.apk

 

 

 

credits goes to DSM_ from madteam

[Cebrailefee]

Dont you have to recompile it ??

Try this out:

 

How to build decoded files:

Just type

Quote

Example - apktool b D:\castleclash

Done!

apktool b [directory in which you have decoded the files]

 

 

and after that you have to sign:

 

First download the SignAPK tool.

Extract them to a directory you will remember. I have put them in C:\SignApk

Now just open cmd and type -

Quote

cd C:\SignApk

java -jar signapk.jar certificate.pem key.pk8 your-app.apk  your-app-signed.apk

 

 

 

credits goes to DSM_ from madteam

What you wrote is recompiling + signing so : Yes we need to recompile decompiled APKs in order to install them

But, VTS does it without any trouble and I'm not sure but it seems like it signs it too ..

[Donquixote]

Yes , you can use Virtuous Ten Studio ( topic here )

Yes , you have to select "Build all" and your apk recompiled is in "Binary" ( Binary is in : Virtuous Ten Studio / Projects / Name of Solution / Name of the APK )

 

Question, the original libgame is in .so extension

IDA Pro saves it in IDB format. how to get it to save in .so extension?

 

thanks

What you wrote is recompiling + signing so : Yes we need to recompile decompiled APKs in order to install them

But, VTS does it without any trouble and I'm not sure but it seems like it signs it too ..

 

thanks to that post from wookie42 hehe, i think we're at the edge of a successful modded apk already.

all that's left is to save libgame in .so extension somehow

[Cebrailefee]

Question, the original libgame is in .so extension

IDA Pro saves it in IDB format. how to get it to save in .so extension?

 

thanks

 

thanks to that post from wookie42 hehe, i think we're at the edge of a successful modded apk already.

all that's left is to save libgame in .so extension somehow

It saves as an .i64 file .. We have to change it into .so file :/

[Donquixote]

It saves as an .i64 file .. We have to change it into .so file :/

 

i'm using IDA Pro and it saves into IDB extension, which program u use to edit libgame?

[Cebrailefee]

i'm using IDA Pro and it saves into IDB extension, which program u use to edit libgame?

I use IDA Pro.

when you exit it saves it in i64 !

[MrProper]

IDA users - dif files help you  =)

 

patcher in attach

IDA easy .dif patcher v1.0.zip

[Cebrailefee]

Hello MrProper
Can you tell me more about that tool ?
What is it used for and how could it help us ?

[MrProper]

Hello MrProper

Can you tell me more about that tool ?

What is it used for and how could it help us ?

no problem =)

i record video watch in attach

 

FLV or zipped EXE /// welcome =)

how to edit libgame.so file .zip

FLVhow to edit libgame.so file.zip

[Cebrailefee]

no problem =)

i record video watch in attach

 

FLV or zipped EXE /// welcome =)

YOU   ARE   AWESOME !

[MrProper]

YOU   ARE   AWESOME !

important use is the file that you edited in the IDA, there will be no errors in the patch. 

[piroy1337]

So Cebrail, did we finish our project so fast alrdy, haha , m8 ur awesome

[Donquixote]

important use is the file that you edited in the IDA, there will be no errors in the patch. 

 

thanks a lot for the patcher!

 

though even with the 4 NOP, game still crashes