-
Posts
1,323 -
Joined
-
Last visited
Posts posted by bR34Kr
-
-
The address will always change because it's allocated randomly in memory. The only way to save it is to have a static route to your value, so to do that use LLDB to search the base of your value, then finding an pointer to that base, then repeating this process until you end up with a static address. Once you do that just add, dereference, again and again and you'll be able to change your value
-
Open the binary in IDA, find fopen calls and try to see where it freads this file. From that you can see how it decrypts the JSON into actual JSON. Good luck!
-
Something you could do is search for your negative money value, play the game, research to narrow it down and then manually changing everyone until it works. Although this may crash/corrupt your game so I suggest you make a backup first.
-
4 hours ago, D red said:
i answer here because i’m trying to do the same thing.
so i have a few questions :
-by « debuging » the game you mean remove ASLR from it ?
-and how to search the cooldown ? by using GameGem/iGameGod ? or (example : Ak-47 = 2 sec reload) so i search into IDA a string with
2seconds/2sec/*similar words* ?
Thanks a lot for theses answer !
Debugging is the process of adding breakpoints / watchpoints and see how the game actually goes and does stuff.
For the reload I'd search for the Gun class (with ammo for example), and search closeby memory for constant floats or ints representing the cooldown time. Then you're in business
- 1
-
On 10/20/2020 at 2:29 AM, Thekidiacs101 said:
Okay Thanks. On lldb is it called a WatchPoint or is it some other functionality with the debugger?
Yes a watchpoint will "watch" an address for r/w and will tell you where that happens :)
-
Right now you are looking for a string and finding a function which references that string, after you search all the binary for the first FMOV instruction so you're deemed to fall on something completely random. What you should do is debug the game and find the value for the cooldown while searching by difference (cooldown increased / decreased etc.) and then finding which instruction actually edits the value and then patching it. Hope this helped
- 1
-
Here's a brief rundown of integer types:
Signature represents if a number has sign bit. If it's unsigned then all the bits of the bytes are used to represent your integer and the value will be positive. If the value is signed then the first bit will be used to check wheter an integer is positive or negative. So the 'S' or 'U' in front of the type represents if you want to search for unsigned or signed values 1 byte - char Represented by 1 byte in memory Goes from 0 to 255 (unsigned) Goes from -128 to 127 (signed) 2 bytes - short Represented by 2 bytes in memory Goes from 0 to 65535 (unsigned) Goes from -32768 to 32767 (signed) 4 bytes - int Represented by 4 bytes in memory Goes from 0 to 42949672955 (unsigned) Goes from -2147483648 to 2147483647 (signed) 8 bytes - int Represented by 8 bytes in memory Goes from 0 to 18446744073709551615 (unsigned) Goes from -9223372036854775808 to 9223372036854775807 (signed)
So to answer your question more clearly: UInt is an unsigned 4 byte integer and SInt is a signed 4 byte integer
More detailed explanation here: https://en.cppreference.com/w/c/language/type
- 1
- 1
-
Any should do fine.
-
-
That's pretty cool...
-
1 hour ago, Rook said:
If your binary is thinned, the IDA file offset may be off. You can just use the hex bytes and search them on the file to find the offset.
Also make sure the binary is the cracked version. I just tried with an iOS binary and the offset pointed to by IDA is correct if you jump to it in a hex editor (I used HxD). Maybe IDA changes the endianness? But just make sure you bin is cracked. That's about it.
- 1
-
7 minutes ago, USSRReaper said:
So basically you guys edit small tiny parts of the original code?
Yes
-
Edit the coding at a lower level (the assembly) or by hooking to functions (so the game calls our version of it rather than the original)
-
Been a while since I've seen ya post. Good job
- 2
- 1
- 1
-
Good job
-
1: Knock knock 2: Who's there? 1: Knock 2: Knock who? 1: Knock knock
Congrats! You understood recursion through a knock knock joke :p
-
21 minutes ago, bussn said:
Nope im a very social human being i need to be or ill feel alone and meeting new ppl is a hobby like i still go out and hang with the homies but like school is different.
And also i can’t learn online i just can’t especially at home like i have other things to do but i gotta tough it out ill just ask my mom to help me and what i mean by that is like she answers all the question and i just watch yk
Use Discord to chat with your friends during class
Edit: I’m not responsible if you fail or anything of the sort if you do this method
-
That offset is based on the class. So it's not literally 0x2ECF56 in memory, it's PlayerOffset+0x2ECF56. So yes, you need to find a way to get your player instance and then to read it you read the float stored 0x2ECF56 after that base address.
- 1
-
Remove the 10 before the offset.
^ for future reference
- 1
-
-
What OS are you on? Version and all
-
3 minutes ago, Rook said:
Scratch and sniff
Makes sense
-
Only scratch. Not giving intentional pain to that area
- 1
-
2 minutes ago, Zahir said:
big sip
no u
[Offset] My Café Gems
in Coding Center
Posted
This was posted 3 years ago. I'm pretty sure the game got updated since then