Why is "operation not permitted" shown only on Tsum Tsum?

[rarudo328]

Hello.I'm a japanese who is not good at english, so  sorry for bad english.

 

I'm  using  game guardian  for many  games,  and  it'sworking.

But when  I  use it for  Line  Disney  Tsum  Tsum,  the error  is shown.

please help me !!

 

My phone is Xperia Z1  Android 5.1.1 14.6.A.1.246

[iAndroHacker]

can it be done by debug cloned pid of the same game?

 

Edited January 21, 2016 by iAndroHacker

[Enyby]

You can debug it, but for disable defend you need inject shell code to this pid and run ptrace_detach in it. After that need stop this pid (kill -s STOP). If you do not stop it it kill main process after any pause on it.

After that you can hack main process in usual way.

[iAndroHacker]

14 hours ago, Enyby said:

You can debug it, but for disable defend you need inject shell code to this pid and run ptrace_detach in it. After that need stop this pid (kill -s STOP). If you do not stop it it kill main process after any pause on it.

After that you can hack main process in usual way.

it sounds useful for DLL decryption. how can i run ptrace_detach?

[Enyby]

Youn need inject asm code equal to next C call:

ptrace(PTRACE_DETACH, mPID, NULL, NULL);

 

[iAndroHacker]

7 hours ago, Enyby said:

Youn need inject asm code equal to next C call:

ptrace(PTRACE_DETACH, mPID, NULL, NULL);

 

i don't have any tools to inject asm code. can it be done in IDA pro?

[Enyby]

It does not make it easy. IDA can help in some way, but do not do it for you.

[iAndroHacker]

ok. why not explain how to run ptrace_detach like other peoples do? i hope this can be done in Terminal. detech is important for DLL decryption

Edited January 23, 2016 by iAndroHacker

[Enyby]

1. I have already explained everything. This is complicated stuff.
2. This can not be done at the terminal or something else. This injection of shell code into the address space of other process. Without special knowledge, you will not be able to do so.
3. You often mention DLL and decrypt them that I have vague doubts that you have something to confuse. The android is no DLL. They are in Windows.
The android has .so - shared object (library). This is not the DLL.

[iAndroHacker]

8 hours ago, Enyby said:

1. I have already explained everything. This is complicated stuff.
2. This can not be done at the terminal or something else. This injection of shell code into the address space of other process. Without special knowledge, you will not be able to do so.
3. You often mention DLL and decrypt them that I have vague doubts that you have something to confuse. The android is no DLL. They are in Windows.
The android has .so - shared object (library). This is not the DLL.

yes this is DLL. Unity3D games contains DLL files in the APK file, and .so files for runtime. some game companies encrypt the DLL file to prevent modding but it can be decrypted via the Terminal, but a problem is some games does not allow GDB debugging

[rarudo328]

Thanks for many replies.

But I suppose the way u showed is difficult for me...

 

By the way, that error is occured on Android 5.1(included Xposed then)

and I downgrade my phone to 4.4, and uninstall Xposed, I can use GG as usual.

 

And one more thing I know is, the error is showed only when I start Tsumtsum after started GG. 

so maybe, pid? u said, can be bypassed by this way(Start GG after start Tsumtsum).

 

[Enyby]

No. This defend can not be bypassed by change order of start.

 

Xposed:

Developers work for fix this bug. You can download test build with fix: https://github.com/rovo89/android_art/issues/25#issuecomment-173343597

[rarudo328]

I see.

But, though it cannot be bypassed,  I can search on tsumtsum now!

I don't know why...