Infamous-Ash

nice

noiceee

i am in

https://androidmtk.com/root-samsung-galaxy-s5-mini-sm-g800f

Modded Game Name: Hill Climb Racing 2 Google Play Store Link:https://play.google.com/store/apps/details?id=com.fingersoft.hcr2&hl=en Rooted Device: Not Required. Mod Features: - Increase Gems While spending - Increase Coins While spending Hack Download Link: [Hidden Content] Installation Instructions: Step 1: Download the Modded APK file above using your favorite browser or a download manager of your choice. Step 2: Copy the file over to your Android device via USB or wirelessly. Skip this step if you're using your Android device to download the mod. Step 3: Browse to the location where the hacked APK is stored using a file manager of your choice. Step 4: Tap on the .APK file then tap 'Install' and the installation should begin. Step 5a: If the mod contains an OBB file, extract it if it's archived and copy the folder to /Android/obb. Step 5b: If the mod contains a DATA file/folder, extract it if it's archived and copy the folder to /Android/data. Step 6: Once the installation is complete, everything should be ready. Enjoy! Note: Make sure you have enabled 'Unknown Sources' in settings before installing the Modded APK. If you encounter issues, our Frequently Asked Questions topic may help you. Credits: -@ Mod Video/Screenshots: N/A

nice fells so good to see you hacking again

nice

i havent taken any credit

Intro: There's a bunch of tries to to decrypting lua but none of it isnt clear enough how to do it. I'm aware that this approach isnt good enough, because too much step that you'll not need to do but i'm still write it instead. Code in this tutorial ofcourse just bunch of copy-pasta stackoverflow. Prerequisites 1. Frida (optional) 2. Disassembler (IDA, r2, ..) 3. Python (optional) (I'll use python in this tutorial) 4. A little knowledge about this What will you need to do? 1. Get the KEY for decryption, 2. Write a script for decryption, 3. Edit the lua (Self explanation), 4. Encrypt back the file (Self explaination) (Same as step 2, but you'll encrypt instead of decrypt), 5. PROFIT. ---- Step by step ---- Get the KEY for decryption There's bunch of way to do it, some of them: 1. XREFS for XXTeaLuaLoader::setXXTeaKey(string), and you can see it clearly. Most used methods among many games. 2. Use Frida. I'll explain it on 2nd post. 3. http://forum.xda-developers.com/showthread.php?p=12853986#post12853986 4. etc.. You get the idea. Write a script for decryption This is an example of use for XXTEA encryption, requirements(xxtea-py) Code (Text): #!/usr/bin/env python import xxtea chiper = open("assets/script/fund.lua", "rb").read() out = open("out.lua", "wb") key = b'mrgj' out.write(xxtea.encrypt(chiper, key)) out.close()END Example of use of frida (https://github.com/antojoseph/frida-android-hooks) As described here, Opening the lua files with hex editor reveals that they use XXTEA block cipher. Analyze libjinqu.so and it blatantly shows the following decryption subroutines: xxtea_decrypt cocos2d::extra::CCCrypto::decryptXXTEA Get a pseudocode generator and copy the program in C++. . We need to put a hook either at xxtea_decrypt or cocos2d::extra::CCCrypto::decryptXXTEA. Then prints out the arguments passed. We know that args[2] is the one holding the pointer to key from decompile xxtea_decrypt lib.so Explaination, v9 is the one holding the chiper text, v30 chipertext len(?), v13 pointer to key, v14 is key.length. Its obvious if we want to leak the key we need to print args[3] bytes at args[2]. This is an example of use for it. #!/usr/bin/env python import frida import sys package_name = "com.gamebau.pq" def get_messages_from_js(message, data): print(message) jsc = """ Interceptor.attach (Module.findExportByName( "libgame.so", "xxtea_decrypt"), { onEnter: function (args) { console.log("----------------BEGIN----------------"); console.log(hexdump(Memory.readByteArray(args[2], 12),{ offset: 0, length: 12, header: true, ansi: true })); }, onLeave: function (retval) { console.log("Decrypt:"); console.log(hexdump(Memory.readByteArray(retval, 16),{ offset: 0, length: 16, header: true, ansi: true })); console.log("-----------------END-----------------"); } }); """ process = frida.get_usb_device().attach(package_name) script = process.create_script(jsc) script.on('message',get_messages_from_js) script.load() sys.stdin.read() profit, --Update, forgot to mention about this. Another note, some games tries to pack the assets with common file compressor. While loading it, it tries to unpack the assets on stream. As you can see on the image, its PK file header. With simple google search you can deduce its a zip alike compression. Try to extract the decrypted file with 7zip/Winrar/etc.. and you could see the unpacked file. Image: Credits: Wobm And Stack Overflow

Wel done

Noice joka keep it up

Zahir on fire

Lets see

Show the so files and what game u are going to mod

Holy cow

Thanks homie

Noice amuyea

Noice

Lets see

Lets see if all features work or not