Indlæg

Viser indlæg fra december, 2017

Il2CppInspector pre-release (Windows/Linux/macOS)

Billede
I complied Il2CppInspector for other platforms so modders can use it on Linux or macOS without having to use Windows. Il2CppInspector does work on latest OS versions, Win10 x64, Mint 18.3 etc...
Download: https://usersdownload.com/users/iandrohacker/747/Il2CppInspector
https://www.dropbox.com/sh/q0ubgtzrx4bsws1/AACBHRg8vlFojvQBfBccMV_Ra?dl=0

If you are using Windows, better use Perfare's il2CppDumper with 64-bit binary support: Official console version: https://github.com/Perfare/Il2CppDumper/releases
GUI version: http://www.iandrohacker.net/2017/12/il2cppdumper-gui-10.html
Tutorial: http://www.iandrohacker.net/2017/04/how-to-dump-and-mod-il2cpp-games.html
64-bit binaries: Il2CppInspector does not currently support 64-bit IL2CPP binaries. 64-bit Mach-O files will be parsed without crashing but there is currently no support for 64-bit CPU architectures so automatic inspection will fail.
Il2CppInspector. Extract types, methods, properties and fields from Unity IL2CPP binaries. ·Supports ELF (An…

Rooting unprotected Android device using ADB script

I found out my crappy Denver tablet had privileged shell enabled by default (ro.secure=0 in default.prop) which means I can remount /system as rw and push SuperSU binaries into my tablet. And of cource, it's made by china, ROM made by china and kernel made by china. In build.prop, the data was written like this
ro.build.date=2016年 12月 21日星期三 19:08:23 CST
This method will not work if ro.secure is set to 1 but there is always a change that any crappy chinese devices can be easly rooted like this. All crappy Denver tablets I had are vulnerable even adb privileged shell is disabled.
I have written a simple CMD script that pushes SuperSU binaries, change permission and symlink files. Only tested in ARM device running Android 5.1.1. If you have a device running other OS and architectures, get SU binaries from SuperSU flashable.zip and customize the script by yourself. I only have ARM devices.
Download script with required files here: https://drive.google.com/open?id=1q4UsrLbW3Z2NELqSrHWx2S4…

How to jailbreak iOS 11 - 11.1.2 using LiberiOS

Billede
iOS 11 jailbreak has been released by @Morpheus______ for all 64-bit devices, including iPhone X and iPhone 8/8 Plus, running iOS 11.0 through 11.1.2.
Please note, Cydia and Cydia substrate is not installed by default. Due to iOS 11 changes, they need to be rewritten from scratch. Give Saurik some time and be patient.
So let's get started Jailbreaking.
1. Install iTunes if not installed. Connect your 64-bit iOS 11.1.x device to your computer using a Lightning cable. Create a full backup just in case anything goes wrong during the jailbreak proces
2. Launch Cydia Impactor on your computer and drag the LiberiOS jailbreak IPA file into its UI. Enter your Apple ID credentials when prompted and wait for Cydia Impactor to sideload the signed app on your connected device.
3. Once the app is sideloaded, launch Settings > General > Profile(s) & Device Management (on some iOS versions it could just be General > Device Management) and tap the profile associated with the jailbreak app…

Always load all DLLs. Useful functions can be hidden in other DLL file

Billede
It was been long time I modded a protected PRG game. Last year it was protected by packer and it did detect emulator, root and memory editor. Today I looked into the game again and realized the developer dropped the packer protection and detection but .dll still protected. Hmm… don't know why. The game worked perfectly on rooted emulator with GameGuardian running. No fake crashes.
There is something wrong with the game. I couldn't find anything useful in Assembly-CSharp.dll file, just some useless behavior designer, effects etc, and dnSpy failed to decompile the code. I opened Assembly-CSharp-firstpass.dll but it also failed to decompile the code. I gave up and went to sleep cause I wasted my time

Next day, I had an idea. Load all DLLs into dnSpy and search and search. I finally found something useful functions that are not protected, MessageCS.dll. what the!?!? why is dev hiding useful functions in that file?

Tested the mod, it worked perfectly

So if you do not want to waste you…

GameGuardian Lesson - Getting Started

Note: This article is re-shared because original author deleted it
What is GameGuardian? GameGuardian is application for Android Operation System, which afford you to hack and modify memory, used by games and other software. Sounds complicated? Just look to screenshots below and you will quickly understand. So, GameGuardian allow you to modify any numeric value (and not only numeric, but graphics data, like HP/MP bars, too).
As you can see GameGuardian designed to be your ultimate cheating and hacking solution.
There few features, you should know or be aware of: You NEED ROOT. Sorry, non-rooted devices will not support GameGuardian.GameGuardian is completely free. There is no paid functions or features. Everything completely free. However, your donations will be very nice and hardly appreciate. =)The performance of the program are very heavy based on your device’s CPU and memory. In other word – better your phone is, better and faster your program will be.So, l…

GameGuardian Lesson - Searching “known” value

Note: This article is re-shared because original author deleted it
Let’s do ourfirst hackin this GameGuardian manual.
For our first hack we will try something simply. I recommend Tap Counter [Link]. Only 80 KB, no special permission required. Try this one for practice.
Step #1.LaunchGameGuardian andselect“Tap Counter” as your target application. After thatpresson “cross” icon in top-right corner
Step #2.NowlaunchTap Counter and tap it few times.Remember number 3 (three). Go back to GameGuardian andtap“known” button.
Step #3.Here we go. This is our search window.Input: value is “3” and type is “auto”. Start searching and wait.
Let me explain a little.
In “value” text fieldyou should input value you would like to search, for example 3 (three) as you see in our game/app.In “type” text field you should selectone of the type you are looking for:Byte – if your value is from 0 to 255;Word – if your value is from 0 to 65,535;Dword – if your value is from 0 to 4,294,9…

GameGuardian Lesson - Searching encrypted “known” value.

Billede
Note: This article is re-shared because original author deleted it
Now you should be able to hack or modify any game, right?

Let’s try to hack score value in “300: Seize Your Glory” game. This is promo-game, based on “300:Rise of an Empire” movie.

Download GameGuardian APK: https://gameguardian.net/download and install it on your Android device

Okay, our score is 200 right now.




Go find it in GameGuardian (known search -> type: auto, value: 200).




We have found – 198,659 address. Well, too much.




Go back to game and increase our score a little, up to 1,550.




Go back to GameGuarding and try new search with value “1,550”.




Wait, what? Nothing have found? How this can be?

Yes, this can be.

Modern game developers trying to do everything to make their games harder to hack or modify. For example, you may see number 3,006 in your game, but this number may be actually stored as:

· Sum of two different number (700 + 2306 or 1402 + 1604)

· Multiply of three differnt number (501 * …

GameGuardian Lesson - Searching grouped “known” value.

Billede
Note: This article is re-shared because original author deleted it
What is a group search? It is a special mode, where you are searching for multiply values in same time with thing in mind that this values located near each other.
What does this mean? Let’s check example.
This is a game named Greedy Cave – roguelike, with design borrowed from Don’t Starve.





Let’s make infinity HP and MP in Greedy Cave, shall we?
First open GameGuardian dashboard and select Greedy Cave as target application.
Now, open in-game menu and check your current HP and MP. 3,418 HP and 279 MP.Open GameGuarding and input this values through semicolon, like this: “3418;279” and start searching with “auto” mode selected.