- Ruby Red
- Matte Black
123 posts in this topic
A tutorial on how to hack most online games with WPE Pro. Currently tested with Avabel.
WPE Pro (PC)
1. Download WPE Pro and CCProxy 7.2 (version is important) to your PC. Google Search will help you find both.
2. Have your rooted android and download ProxyDroid
3. Open CCProxy, allow firewall and admin permission
4. Open WPE Pro AS ADMIN and Attach to CCProxy
5. On your Android, Open ProxyDroid and input the ip of your pc (local) and port for SOCKS (default is 1080)
6. Open your game, and when you want to capture packets, press play in WPE, and send the packet (e.g. get hit by somthing or use a skill). You can modify packets in wpe for when they are next sent, you can stop packets from being sent (example the defense packet when u get hit in Avabel) and you can even send the same packet multiple times (e.g. attack packet to hit an enemy without actually doing anything)
There are lots of possibilities.
Have fun hacking!
Me: working on this with Avabel
Me: Writing the tutorial
Me: Finding which version of CCProxy is compatible
My wife Charlene: Being amazingly beautiful and supportive in every way in almost everything i do and never giving up.
Disclaimer: I didn't make CCProxy or WPE Pro, they are not my tools.
Hello dear community,
Today, i will teach you how to mod x86 libs. x86 is not that hard to understand because the instruction are almost the same as ARM. In this tutorial, i mod the game called The Sandbox 2.
You don't really need to mod x86 at all since I never heard any problem with ARM translating to x86, and it's too hard to change instruction without code caving. Just wanna make tutorial lol
Now let's start modding.
In this tutorial, I'll show you how to mod The Sandbox Evolution very easy in x86.
First of all, you need IDA PRO and Hex Workshop installed on your computer. If you already have them installed, go to next step
Open the APK file with WinRar and extract the lib folder (In case you want to mod both x86 and ARM)
Open the x86 .so file in IDA. You will see the dialog box similar to the following:
In x86, you don't need to change anything. MetaPC is fine. Click OK to disassemble the lib file, and let it fully load. After that, press CTRL + F, search "isElementUnlocked" and double click on the function to open it
Remember the offset (9869E0) of first instruction. we need to use it later.
Note: The offset will change each update.
Open Hex Workshop or other hex editing program, and search the offset. I'm using Hex Workshop
Here is the offset of isElementUnlocked
The function isElementUnlocked is a boolean function, which means it can return true or false. If you want unlock everything, replace it with b8 01 00 00 00 c3, which will return true.
b8 01 00 00 00 (mov eax, 1) False is:
b8 00 00 00 00 (mov eax, 0) And return is:
When you open the modded .so file in IDA, your modded instruction will look like:
Isn't that easy?
You can also do the same on hasBoughtPromoPack to unlock premium
If you want to hack mana like 9999999, search getManaBalance and giveMana, and replace it with any values you want
b8 7f 96 98 00 (mov eax, 9999999) c3 (ret) You can use online x86 Assembly to get raw hex
Open the APK with WinRAR and replace the modded .so file. Re-sign the APK, install it and run the game.
Tutorial updated (May 2018)
Since many users dont know where to get the OBB From and i personally dont wanna link the obb download to a sh!tty website so i thought i would make this tutorial and drop it by on the mod page whenever the mod needs an OBB File.
I saw that people commented in the request of the game about the fact they weren't able to play the game due the Beta Limited.
I was pretty sure it was just a simple license check, so I thought let's show you guys how to disable it
- Apktool (or any tool where you can decompile the apk with)
- A text editor which can read smali files (sublime, notepad++ etc)
Alright so it's pretty simple & is always the same file (from my experience)
/smali_classes2/com/google/android/vending/licensing/LicenseValidator.smali --> Some apps have 2 classes.dex files nowadays
Open that file in your text editor.
Search for 'handleRespone' as a method:
Now inside this method, 'mPolicy' & under that you see 'allowAcces()Z' --> ()Z means BOOLEAN in smali
Now you can bypass the license check in two ways:
1. Return allowAccess to true (0x1)
2. comment out the jump (if-eqz v0, :cond_0)
I prefer option two, since I don't have to type 2 lines of code
How it should look like after patch:
Hope you learned something
Recently Browsing 0 members
No registered users viewing this page.
- Administrator |
- Global Moderator |
- Moderator |
- ViP Plus |
- ViP |
- Cheater |
- Modder |
- Novice Cheater |
- Rookie Modder |
- Contributor |
- Senior Member |
- Member |