bR34Kr

On 1/12/2021 at 10:25 AM, Ahmedoo94 said:

@bR34Kr risk of being banned with this hack I think?

This was posted 3 years ago. I'm pretty sure the game got updated since then

The address will always change because it's allocated randomly in memory. The only way to save it is to have a static route to your value, so to do that use LLDB to search the base of your value, then finding an pointer to that base, then repeating this process until you end up with a static address. Once you do that just add, dereference, again and again and you'll be able to change your value

Open the binary in IDA, find fopen calls and try to see where it freads this file. From that you can see how it decrypts the JSON into actual JSON. Good luck!

Something you could do is search for your negative money value, play the game, research to narrow it down and then manually changing everyone until it works. Although this may crash/corrupt your game so I suggest you make a backup first.

4 hours ago, D red said:

i answer here because i’m trying to do the same thing. 

so i have a few questions :

-by « debuging » the game you mean remove ASLR from it ?

-and how to search the cooldown ? by using GameGem/iGameGod ? or (example : Ak-47 = 2 sec reload) so i search into IDA a string with

2seconds/2sec/*similar words* ? 

 

Thanks a lot for theses answer ! 

Debugging is the process of adding breakpoints / watchpoints and see how the game actually goes and does stuff.

For the reload I'd search for the Gun class (with ammo for example), and search closeby memory for constant floats or ints representing the cooldown time. Then you're in business

On 10/20/2020 at 2:29 AM, Thekidiacs101 said:

Okay Thanks. On lldb is it called a WatchPoint or is it some other functionality with the debugger?

Yes a watchpoint will "watch" an address for r/w and will tell you where that happens :)

Right now you are looking for a string and finding a function which references that string, after you search all the binary for the first FMOV instruction so you're deemed to fall on something completely random. What you should do is debug the game and find the value for the cooldown while searching by difference (cooldown increased / decreased etc.) and then finding which instruction actually edits the value and then patching it. Hope this helped

Here's a brief rundown of integer types:

Signature represents if a number has sign bit. If it's unsigned then all the bits of the bytes are used to represent your integer and the value will be positive. If the value is signed then the first bit will be used to check wheter an integer is positive or negative.

So the 'S' or 'U' in front of the type represents if you want to search for unsigned or signed values

1 byte - char
	Represented by 1 byte in memory
    Goes from 0 to 255 (unsigned)
    Goes from -128 to 127 (signed)

2 bytes - short
	Represented by 2 bytes in memory
    Goes from 0 to 65535 (unsigned)
    Goes from -32768 to 32767 (signed)

4 bytes - int
	Represented by 4 bytes in memory
    Goes from 0 to 42949672955 (unsigned)
    Goes from -2147483648 to 2147483647 (signed)

8 bytes - int
	Represented by 8 bytes in memory
    Goes from 0 to 18446744073709551615 (unsigned)
    Goes from -9223372036854775808 to 9223372036854775807 (signed)
    

So to answer your question more clearly: UInt is an unsigned 4 byte integer and SInt is a signed 4 byte integer

More detailed explanation here: https://en.cppreference.com/w/c/language/type

Any should do fine.

Awesome

That's pretty cool...

1 hour ago, Rook said:

If your binary is thinned, the IDA file offset may be off. You can just use the hex bytes and search them on the file to find the offset.

Also make sure the binary is the cracked version. I just tried with an iOS binary and the offset pointed to by IDA is correct if you jump to it in a hex editor (I used HxD). Maybe IDA changes the endianness? But just make sure you bin is cracked. That's about it.

7 minutes ago, USSRReaper said:

So basically you guys edit small tiny parts of the original code?

Yes

Edit the coding at a lower level (the assembly) or by hooking to functions (so the game calls our version of it rather than the original)

Been a while since I've seen ya post. Good job

Good job

1: Knock knock
2: Who's there?
1: Knock
2: Knock who?
1: Knock knock

Congrats! You understood recursion through a knock knock joke :p

21 minutes ago, bussn said:

Nope im a very social human being i need to be or ill feel alone and meeting new ppl is a hobby like i still go out and hang with the homies but like school is different.

And also i can’t learn online i just can’t especially at home like i have other things to do but i gotta tough it out ill just ask my mom to help me and what i mean by that is like she answers all the question and i just watch yk

Use Discord to chat with your friends during class

Edit: I’m not responsible if you fail or anything of the sort if you do this method

That offset is based on the class. So it's not literally 0x2ECF56 in memory, it's PlayerOffset+0x2ECF56. So yes, you need to find a way to get your player instance and then to read it you read the float stored 0x2ECF56 after that base address.

Remove the 10 before the offset.

^ for future reference

What OS are you on? Version and all

3 minutes ago, Rook said:

Scratch and sniff

Makes sense

Only scratch. Not giving intentional pain to that area

2 minutes ago, Zahir said:

big sip

no u