Search results

Just dereference it, gonna assume you want to set it to a number. Should work. *reinterpret_cast<int*>(getAbsoluteAddress(0x69BD50)) = 1000000;

iirc the b instruction is similar to jump, it branches to the given address, so the what that does is move to register 0 the value of register 1 then branch into the address 0x??????, So 13846E is the address to where it branches, and if you change it a bit it branches to another one which might...

The message duplicated but they're the same.

Make a function pointer to isEnemy, try looking around CCharacterBattle to see if you can find the CCharacter of it which is taken by isEnemy, if it is there then dereference it to obtain it from the _Attacker argument of CalcDamage, pass it to isEnemy and if isEnemy returns false then do...

Make a function pointer to isEnemy, try looking around CCharacterBattle to see if you can find the CCharacter of it which is taken by isEnemy, if it is there then dereference it to obtain it from the _Attacker argument of CalcDamage, pass it to isEnemy and if isEnemy returns false then do...

Roblox is a Native game you need reverse engineering and c++ skills to actually be able to mod it and depending on what you wanna do you might need to know more. Also it's not obfuscated so no need to memdump it.

libfwazyd, the strings you mostly seee are from the other libs and imports, search JNI_OnLoad then go to it's XREF which should be a LOAD, and go to the sub_ on that same line then just decompile it and you'll begin to see obfuscated strings, and right below them is the decryption. So far I've...

All of the strings of the library are encrypted with a XOR which makes it hard to find things Inside the JNI OnLoad function you can find all of this. It might be better to use a debugger and find what function is called when you get the Lucky patcher alert and start reversing from there, sadly...

Dumping the game from memory works and isn't detected.

I protected an APK using it and i got the same files except for the .dex in assets/ It also seems to encrypt strings and names ( functions, variables and more ) in it's Liapp directory and in the game's directory, except for the game it doesn't encrypt any strings.

I don't think I'll be able to bypass it but if possible i will at least try to get as much information as possible so if another person with more experience than me happens to encounter this thread they can also try

After some testing i found how it protects the app, it makes a new classes.dex for handling Java stuff and a new Native Lib for handling JNI Stuff I'm pretty sure the native lib is what contains all the protections while the classes.dex has the dialogs, I'll check it out later tomorrow and see...

That's super interesting, what is the name of the game?

Seems interesting, guess I'll look into it.

I have never heard of the module one, where may i find more info about it?

It could be due to something inside the game such as a kind of protection, you should try debugging the issue by watching the memory address you are hooking and seeing it if changes. If it does change then check if it's being called by any address because for the hook to actually do something...

I'm not really sure as to why the hooks don't work since it looks pretty correct to me, maybe it could be caused if you are hooking both offsets at the same time ( which i don't think you are ) It could maybe be an issue with the game itself or some kind of protection.

To be honest there's more il2cpp/dll games than there are native games so start with il2cpp/dll games which are also a good start and don't need much knowledge on C/C++ ( unless you wanna do some more advanced stuff ofc ) If you still wanna do native games then you're gonna need a lot of C...

I guess the offsets are different due to Ghidra rebasing them to 0x100000 You can just subtract that amount off of Ghidra's offset to get a good one. Now as to why your hooks might not be working, i have no idea if you can't provide your code.

If you are using a 32 bits only lib which it seems you are then it won't work on Android 12. This is because Android 12 dropped 32 bits support and is now only 64 bits so if you wanna support Android 12, you need to mod the 64 bits versión too.

Probably the game has signature check

Try setting min to something like -10 and see if that allows you to use negative numbers, if so then change min to something higher as ig it is the minimum value

The normal offset is a location in the memory, it can be a global variable, a function, or just a location inside a function. In most cases in modding it is a function which you can point to ( Function Pointers ) or hook. The ones like 0x28 are fields, they usually are found inside structures...

You might wanna check that the field offset ( Basically the + 0x300 ) is correct as it could be a null pointer dereference.

Hook gettop or make a new one if you don't care about game specific functions.

I meant the Lua source on the site which helped a lot on getting an understanding and sources from GitHub such as old Roblox Executors ( old since that's when Roblox wasn't as different as it now is because of Luau ) or games with Lua such as prison architect

You can just call it with a function pointer and observe if it works

I learned by practicing and looking at source codes and also getting help from other devs, what you could do is look at the Lua source to find functions such as loadstring.

I actually pretty much figured it out, just get the Luastate or make a new one and use the game's own loadstring function to execute things, for Roblox just execute things using their Deserializer function and a Luau Compiler such as the one from GitHub which is literally 1:1 with Roblox's.

The value for inputtext is str. Player_name = str;