Jump to content
  • Sky
  • Mint
  • Azure
  • Indigo
  • Blueberry
  • Blackcurrant
  • Watermelon
  • Strawberry
  • Pomegranate
  • Ruby Red
  • Orange
  • Banana
  • Apple
  • Emerald
  • Teal
  • Chocolate
  • Slate
  • Midnight
  • Maastricht
  • Charcoal
  • Matte Black
iAndroHacker

Android Tutorial GameGuardian – Searching encrypted “known” value.

73 posts in this topic

Recommended Posts

Now you should be able to hack or modify any game, right?

 

Let’s try to hack score value in “300: Seize Your Glory” game. This is promo-game, based on “300:Rise of an Empire” movie.

 

Hidden Content

    React or reply to this topic to see the hidden content. More info




Edited by evildog1
  • Like 28
  • Thanks 13
  • Haha 6
  • Upvote 81
  • Agree 4
  • Informative 2
  • Winner 4

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Similar Content

    • By LifeElevated
      Hacking Android Apps 101
      This Tutorial will teach you how to :
      -Edit .xml files to many games
      -That's about it with this first tutorial
      Some games you can hack with this :
      -Piano Tiles
      -Piano Tiles 2
      -The Battle Cats
      -Bowmasters
      -Temple Run
      -Temple Run 2
      -And MANY MANY more!
       
      Required: 
      Rooted device
      My Android Tools Pro (link for Pro down below)
       

      1. Download this app: My Android Tools (Pro) Download Link
      2. When you open the app make sure to allow superuser access
      3. Download an app that has an .xml file in the files ( use one listed above or find one and experiment)
      4.  When prompted to this screen, tap Shared Preferences

      5. When your list of apps pops up, choose your app of choice
      6. Open the .xml file and look through the possibilities 
      (often coins, levels, or unlockables)
      7. Edit the integer either to your chosen number (ex. Coins = 1000 to Coins = 999999) or a Boolean (ex. Unlockable = false to Unlockable = true)
      If not true/false may also be 0/1  (1 being true and 0 being false)
      8. Save the edited file and reopen your app.
      9. Make sure it worked if the app crashed then was probably because you edited something you shouldn't've 
      10. Good luck and have fun!
       
       Credits: -FatherOfLies
    • By Jbro129
      Background
      I created a unity project on my computer and wrote simple C# to then convert to Arm through Unity's Il2cpp compiler.  I have more complicated conversions but they would be pretty hard to explain.  If you do want those conversions then make sure to comment below
      Example Conversions
      Force True: C#
      private bool True() { return true; } Force True: IDA Arm
      MOV R0, #1 BX LR hex -> 01 00 A0 E3 1E FF 2F E1  
       
      Force False: C#
      private bool False() { return false; } Force False: IDA Arm
      MOV R0, #0 BX LR hex -> 00 00 A0 E3 1E FF 2F E1  
       
      Force positive int: C#
      private int pInt() { return 999; } Force positive int: IDA Arm
      MOV R0, #999 BX LR hex -> E7 03 00 E3 1E FF 2F E1  
       
      Force Float: C#
      private float pFloat() { return 999f; } Force Float: IDA Arm
      MOV R0, #0x447A BX LR hex -> 7A 04 04 E3 1E FF 2F E1 // 447A <= 447A0000 Float Hexadecimal // Convert Int to Float here - https://babbage.cs.qc.cuny.edu/IEEE-754.old/Decimal.html // Convert Float to Int here - https://babbage.cs.qc.cuny.edu/IEEE-754.old/32bit.html You CANNOT use hexadecimals longer than 4 character long
      Working example => Movt r0, #447A (1000 int)
      Not-Working Example => Movt r0, #4479C (999 int)
      There is a way to use longer hexadecimal floating points with MOV and I plan on adding it in the future.
       
       
      Force Int or Float into a field: C#
      //float private void setFieldF() { fieldF = 1000F; } public float fieldF; //int private void setFieldI() { fieldI = 1000; } public int fieldI; Force Int or Float into a field: IDA Arm
      Get your field offset from your generated dump.cs from Il2CppDumper by Prefare.
      //float field MOV R1, #0x447A STR R1, [R0,#0x10] // replace "0x10" with your field offset inside of dump.cs BX LR hex -> 7A 14 04 E3 10 10 80 E5 1E FF 2F E1 //int field MOV R1, #1000 STR R1, [R0,#0x14] // replace "0x14" with your field offset inside of dump.cs BX LR hex -> FA 1F A0 E3 14 10 80 E5 1E FF 2F E1  
       
      Force Return with Parameters:  C#
      // 1 Parameter private string Param1(string one) { return one; } //2 Parameters private int Param2(int one, int two) { return two; } //3 Parameters private int Param2(float one, float two, float three) { return three; } Force Return with Parameters:  IDA Arm
      It does not matter if the function is string, int, or float, if the function is the same type as the parameter then it will be the same arm code regardless.
      //1 Parameter MOV R0, R1 BX LR hex -> 01 00 A0 E1 1E FF 2F E1 //2 Parameters MOV R0, R2 BX LR hex -> 02 00 A0 E1 1E FF 2F E1 //3 Parameters MOV R0, R3 BX LR hex -> 03 00 A0 E1 1E FF 2F E1 //if the function has more than 3 parameters then reolace the second "R" with said parameter number Example: 7 Parameters MOV R0, R7 BX LR hex -> 07 00 A0 E1 1E FF 2F E1 Example: 5 Parameters MOV R0, R5 BX LR hex -> 05 00 A0 E1 1E FF 2F E1  
       
      Force end an IEnumertor/IEnumerable: C#
      private IEnumerator setYielEnumerator() { yield break; } private IEnumerable setYieldEnumerable() { yield break; } Force end an IEnumertor/IEnumerable: IDA Arm
      Using BX LR to end an IEnumertor or IEnumerable is wrong.  Go to dump.cs and find the IEnumertor or IEnumerable function
      Say for example dump.cs says this
      private IEnumerator setYielEnumerator(); // 0xOFFSET or
      private IEnumerable setYieldEnumerable(); // 0xOFFSET Find the "sealed class" that has the function name in the class name
      Example
      // Namespace: private sealed class <setYielEnumerator>c__Iterator0 : IEnumerator, IDisposable, IEnumerator`1<object> // TypeDefIndex: 1446 { // Fields internal object $current; // 0x8 internal bool $disposing; // 0xC internal int $PC; // 0x10 // Methods public void .ctor(); // 0xOFFSET public bool MoveNext(); // 0xOFFSET private object System.Collections.Generic.IEnumerator<object>.get_Current(); // 0xOFFSET private object System.Collections.IEnumerator.get_Current(); // 0xOFFSET public void Dispose(); // 0xOFFSET public void Reset(); // 0xOFFSET } // Namespace: private sealed class <setYieldEnumerable>c__Iterator1 : IEnumerable, IEnumerable`1<object>, IEnumerator, IDisposable, IEnumerator`1<object> // TypeDefIndex: 1447 { // Fields internal object $current; // 0x8 internal bool $disposing; // 0xC internal int $PC; // 0x10 // Methods public void .ctor(); // 0xOFFSET public bool MoveNext(); // 0xOFFSET private object System.Collections.Generic.IEnumerator<object>.get_Current(); // 0xOFFSET private object System.Collections.IEnumerator.get_Current(); // 0xOFFSET public void Dispose(); // 0xOFFSET public void Reset(); // 0xOFFSET private IEnumerator System.Collections.IEnumerable.GetEnumerator(); // 0xOFFSET private IEnumerator`1<object> System.Collections.Generic.IEnumerable<object>.GetEnumerator(); // 0xOFFSET } Go to the offset of MoveNext()
      public bool MoveNext(); // 0xOFFSET And write this in hex editor
      MOV R1, #0xFFFFFFFF STR R1, [R0,#0x10] MOV R0, #0 BX LR hex -> 00 10 E0 E3 10 10 80 E5 00 00 A0 E3 1E FF 2F E1 //same hex for both IEnumertor and IEnumerable Credits
      @Jbro129 for the tutorial
      Prefare for Il2CppDumper
      - Kienn, @Valeschi ,  @Earthiest and @DiDA for Armconverter.com
    • By iAndroHacker
      Why unsigned APK, and why is it recommended for most games? With an unsigned APK, you can install the APK over the original. You can login with your Google+ account without signature error, and login with your Facebook account without uninstalling Facebook app. No more login not working complains!

      What are the difference between unsigned APK and signed APK?
      Unsigned APK is an APK that was been modded but the modders kept the original signature by developer to make Google login working. SIgned APK is an APK which was been re-signed by modders with APKtool's signature, dated 29-02-2008. Google or other social medias may not work due to signature that was been changed.




      You can only install an unsigned APK on your rooted device because it require the signature to be disabled using Lucky Patcher. If your phone is not rooted, please saerch on Google about how to root your phone.

      Note from Xtreme Myst:
      By using the method described, consider to NOT add new files or remove existing files on the APK. For example, along with your mod you need to add a file into the APK, let say in "assets/myfile.dat". It won't work and lead to failure during APK installation. Another example, let say you've successfully remove XC protection and been thinking it's okay to pull the "lib/armeabi/libxigncode.so" out of the APK. Again, it causing installation failure.

      This is because all file structures in the APK was mapped and their info was stored in "META-INF/CERT. SF" file. The solution is you need to put all your mods along with expected APK file structures in the compiled APK, sign it (with any desired key), then pull the "META-INF/CERT.SF" from this newly signed APK to be used as replacement for the old one at your working APK.

      Let's start modding.

      First, we need to change another apps. 7zip or Winrar

      1. Right click on the APK file -> Open With -Z Choose Another App



      2. Click on "More apps" and tick "Always use this app to open .APK files"



      3. Click "Look for another app on this PC"



      4. To go program files and select any program to open with APK. I'd recommended 7zip or Winrar



      5. The program will open



      6. Drag and replace the modded file in the .APK file



      That's it. You are done


      Smali and XML modding

      If you were modding Smali or XML and you have recompiled it and signed it, you can do it

      1. Compile the APK (Resigning an APK is optional)

      2. Drag and replace a modded file from a signed APK to an original APK, and the APK will become an unsigned APK.



      3. Simply close the program, and you are done!

      Replace signatures in META-INF (Second method)

      You can delete the modified signatures and add the original signatures in META-INF folder but it may not work for some apps

      1. Open signed APK

      2. Open META-INF folder



      3. Delete all signatures and add original signatures by game developer in META-INF folder. This will make APK into unsigned APK



      Credit:
      iAndroHacker
    • By iAndroHacker
      Hello dear community,
       
      I will show you how to hack in-app purchases using Lucky Patcher app without root.
       
      Make sure you have backup your savedata before install modded APK
       

      Hidden Content
      React or reply to this topic to see the hidden content. More info  
      Credits:
      iAndroHacker
      This in-app hack is not applicable in all Android Games. I don't take any requests!
    • By Jbro129
      Requirements:
      1.  Apktool (Any type of apktool)
      2. Text editor (Sublime Text/Notepad++)
      3. The Zip File Linked below
       
      End Result :
       
      Download Code:

      Hidden Content
      React or reply to this topic to see the hidden content. More info  
      Instructions:
      Step 1: Decompile your Apk using Apktool (In cmd on windows do "apktool d YourApk.apk") course replace "YourApk.apk" with the apk of your choice.
      Step 2: Open AndroidManifest.xml and find the lines that look similar to this
      <activity android:configChanges="locale|fontScale|keyboard|keyboardHidden|mcc|mnc|navigation|orientation|screenLayout|screenSize|smallestScreenSize|touchscreen|uiMode" android:label="@string/app_name" android:launchMode="singleTop" android:name="com.unity3d.player.UnityPlayerActivity" android:screenOrientation="landscape">   <intent-filter>     <action android:name="android.intent.action.MAIN"/>     <category android:name="android.intent.category.LAUNCHER"/>   </intent-filter> </activity> Step 3: search for the text .method protected onCreate(Landroid/os/Bundle;)V inside of the file and insert this line under where it says .locals 
      Code:
      invoke-static {p0}, Lcom/gbo/banner;->gboCustomImage(Landroid/content/Context;)V Example use of code - 
      .method protected onCreate(Landroid/os/Bundle;)V .locals 2 invoke-static {p0}, Lcom/gbo/banner;->gboCustomImage(Landroid/content/Context;)V Step 4: Download the above below "CustomImageJbro.zip" and extract the 3 smali files. Put them inside of this directory of your decompiled apk
       
      YourDecompiledAPK \---smali \---com \---gbo |---popup$1.smali |---popup$2.smali |---popup.smali Step 5: Open banner$2.smali and go to line 45 and replace the url to one of your choice.
      "https://www.youtube.com/Jbro129"  to  "https://iosgods.com"
      Then open banner.smali and go to line 99 and replace the text with one of your choice.
      "Subscribe" to "Visit iOSGods"
      Step 6: Still inside of banner.smali, go to line 25 and replace the text with one of your choice. This text is a toast that pops up open opening.
      "Mod By Jbro129" to "Mod For iOSGods"
      Step 7: If you got this far then you most likely saw line 48. Basically what is happening, the app is taking an image from within the assets folder and displaying it upon startup. So go back to your decompiled apk and go to /assets and paste the image of your choice there. Make sure it is a .PNG and then rename your image to config.png.
      "picture.png" to "config.png"
      YourApk \---assets |---config.png \---..... Step 8: Go back to banner.smali and go to line 75. This is the images background color, so if it set to "#0000ff" then it will be blue or if it is "#ff0000" it will be red. Mine was set to "#373fe8" so it is a variant of blue. Take the hex color of your choice and replace "#373fe8" with "#YourColor"
      Example = "#373fe8" <= "#ff8000"
      Step 9: Apply all changes and then recompile apk. As you will see, the toast will be the one you typed as well as the image you put into /assets etc when you open the app.

      Credits:
      - @Jbro129
  • Recently Browsing   0 members

    No registered users viewing this page.


    • Administrator |
    • Global Moderator  |
    • Moderator  |
    • ViP Plus |
    • ViP |
    • Cheater |
    • Modder  |
    • Novice Cheater |
    • Rookie Modder |
    • Contributor |
    • Senior Member |
    • Member |
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.