Solved How to hook Obscured lgl mod menu

[Khoacntt2020]

Hello, can anyone tell me how to hook this method:
// RVA: 0x1846724 Offset: 0x1846724 VA: 0x1846724
public static ObscuredInt get_Coin() { }.

i searched a lot but there is not a method to do hook for it. hope anyone can help me thanks

 

[·҉ dollaz·҉. .]

Heres the way I do it:

int GetObscuredIntValue(uint64_t location){
    int cryptoKey = *(int *)location;
    int obfuscatedValue = *(int *)(location + 0x4);

    return obfuscatedValue ^ cryptoKey;
}

/*
Set the real value of an ObscuredInt.

Parameters:
    - location: the location of the ObscuredInt
    - value: the value we're setting the ObscuredInt to
*/
void SetObscuredIntValue(uint64_t location, int value){
    int cryptoKey = *(int *)location;

    *(int *)(location + 0x4) = value ^ cryptoKey;
}

void(*old_UpdateHook)(void *instance);
void UpdateHook(void *instance) {

    if(toggle) {
    //0x177 is the field offset, and 999 is the value you return
       SetObscuredIntValue((uint64_t)instance + 0x177, 999);
    }
   return old_UpdateHook(instance);
}

also im guessing ur modding armv7, just change uint64_t to uint32_t

 

[Khoacntt2020]

I want to hook with method not field

 

[CHEATS GAMES]

Heres the way I do it:

int GetObscuredIntValue(uint64_t location){
    int cryptoKey = *(int *)location;
    int obfuscatedValue = *(int *)(location + 0x4);

    return obfuscatedValue ^ cryptoKey;
}

/*
Set the real value of an ObscuredInt.

Parameters:
    - location: the location of the ObscuredInt
    - value: the value we're setting the ObscuredInt to
*/
void SetObscuredIntValue(uint64_t location, int value){
    int cryptoKey = *(int *)location;

    *(int *)(location + 0x4) = value ^ cryptoKey;
}

void(*old_UpdateHook)(void *instance);
void UpdateHook(void *instance) {

    if(toggle) {
    //0x177 is the field offset, and 999 is the value you return
       SetObscuredIntValue((uint64_t)instance + 0x177, 999);
    }
   return old_UpdateHook(instance);
}

also im guessing ur modding armv7, just change uint64_t to uint32_t

if it's float,long,double just change the name?

 

[·҉ dollaz·҉. .]

if it's float,long,double just change the name?

Here is float

/*

    location = the location of the ObscuredFloat
    value = the value we're setting the ObscuredFloat to
*/
void SetObscuredFloatValue(uint64_t location, float value){
    int cryptoKey = *(int *)location;
   
    union intfloat {
        int i;
        float f;
    };
   
    /* use this intfloat to get the integer representation of our parameter value */
    intfloat IF;
    IF.f = value;
   
    /* use this intfloat to generate our hacked ObscuredFloat */
    intfloat IF2;
    IF2.i = IF.i ^ cryptoKey;
   
    *(float *)(location + 0x4) = IF2.f;
}

while testing this, the float code works on double and int works on long

 

[CHEATS GAMES]

Heres the way I do it:

int GetObscuredIntValue(uint64_t location){
    int cryptoKey = *(int *)location;
    int obfuscatedValue = *(int *)(location + 0x4);

    return obfuscatedValue ^ cryptoKey;
}

/*
Set the real value of an ObscuredInt.

Parameters:
    - location: the location of the ObscuredInt
    - value: the value we're setting the ObscuredInt to
*/
void SetObscuredIntValue(uint64_t location, int value){
    int cryptoKey = *(int *)location;

    *(int *)(location + 0x4) = value ^ cryptoKey;
}

void(*old_UpdateHook)(void *instance);
void UpdateHook(void *instance) {

    if(toggle) {
    //0x177 is the field offset, and 999 is the value you return
       SetObscuredIntValue((uint64_t)instance + 0x177, 999);
    }
   return old_UpdateHook(instance);
}

also im guessing ur modding armv7, just change uint64_t to uint32_t

No work

 

[CHEATS GAMES]

why do i have this error? I have already disabled all anti cheats

 

[zeropro]

how to disable anti cheat

 

[CHEATS GAMES]

how to disable anti cheat

add NOP in all

 

[Kizarus]

thx

 

[Meepoooo]

Here is float

/*

    location = the location of the ObscuredFloat
    value = the value we're setting the ObscuredFloat to
*/
void SetObscuredFloatValue(uint64_t location, float value){
    int cryptoKey = *(int *)location;
  
    union intfloat {
        int i;
        float f;
    };
  
    /* use this intfloat to get the integer representation of our parameter value */
    intfloat IF;
    IF.f = value;
  
    /* use this intfloat to generate our hacked ObscuredFloat */
    intfloat IF2;
    IF2.i = IF.i ^ cryptoKey;
  
    *(float *)(location + 0x4) = IF2.f;
}

while testing this, the float code works on double and int works on long

Plz tell me how to find location??? that is Struct ObscuredInt .ctor offset

 

[NullCoder]

why do i have this error? I have already disabled all anti cheats

So not everything was turned off. Games can use ObscuredInt code in separate methods to protect memory.

 

[Meepoooo]

Plz tell me how to find location??? that is Struct ObscuredInt .ctor offset

PLZ help me with this

{

    // Token: 0x02000017 RID: 23

    [Token(Token = "0x2000012")]

    [Serializable]

// dumpcs   

public struct ObscuredInt : IObscuredType, IFormattable, IEquatable<ObscuredInt>, IComparable<ObscuredInt>, IComparable<int>, IComparable

    {

        // Token: 0x0600016F RID: 367 RVA: 0x0000212A File Offset: 0x0000032A

        [Token(Token = "0x6000159")]

        [Address(RVA = "0x28F8AD4", Offset = "0x28F8AD4", VA = "0x28F8AD4")]

        private ObscuredInt(int value)

        {

        }

// field offset

protected ObscuredInt _currentRoomID; // 0x18

// code   

  

int GetObscuredIntValue(uint32_t location){

    int cryptoKey = *(int *)0x28F8AD4;

    int obfuscatedValue = *(int *)(0x28F8AD4 + 0x4);



    return obfuscatedValue ^ cryptoKey;

}

void SetObscuredIntValue(uint32_t location, int value){

    int cryptoKey = *(int *)0x28F8AD4;



    *(int *)(0x28F8AD4 + 0x4) = value ^ cryptoKey;

}

bool istele;

int teleValue;

void(* old_UpdateRoom)(void * instance);

void UpdateRoom(void*instance) {

    if(instance != NULL) {

        if(istele) {

            istele = false;

            SetObscuredIntValue((uint32_t ) instance + 0x18, teleValue);

        }

    }

    old_UpdateRoom(instance);

}

MSHookFunction((void *) getAbsoluteAddress("libil2cpp.so", 0x1113008),  (void*)UpdateRoom, (void**)&old_UpdateRoom);

 

[Kaorin333]

Is it always necessary to change the apk (the smali code) to work?

 

[ArmorTage]

Is it always necessary to change the apk (the smali code) to work?

What you need to change in smali?

 

[Kaorin333]

@ArmorTage my question is, do i need change the smali file from the APK of the game to hook a function in the il2cpp.so.
doesnt it exist any other method where you can just hook the il2cpp.so without modifying the apk at all?
cause im only interested in the hooking not in any ugly menu. but i cannot simply find anything working without changing the apk.

im talking about the UnityActivity.smali you decompile from the game I ADDED A TIMESTAMP TO IT !!!

 

[·҉ dollaz·҉. .]

@ArmorTage my question is, do i need change the smali file from the APK of the game to hook a function in the il2cpp.so.
doesnt it exist any other method where you can just hook the il2cpp.so without modifying the apk at all?
cause im only interested in the hooking not in any ugly menu. but i cannot simply find anything working without changing the apk.

im talking about the UnityActivity.smali you decompile from the game I ADDED A TIMESTAMP TO IT !!!

Im guessing you want to tweak the apk without a menu. You could make your own android studio project that has no menu, and you could hook just by including the macros file and inline hook lgl has. Also you will need to load the library from smali, I dont know why you are trying to find a different method as it is very easy to do

note: im not gonna give you an example of such project, I think you will learn more by doing it by yourself

You can also just patch the lib with out hooking anything to make it more simple

 

[Kaorin333]

@·҉ dollaz·҉. . what i want is my native build to hook the il2cpp and return me value of my need. no need for any menu nor wanna i touch and tweaking any apk. i dont care about how easy or hard i just wanna know what direction i need to go.

But here again you said smali, is it necessary for the MSHOOKFUNCTION to be inluced in the apk of the target?

And patching or hex editing is the last of my wishes and goals.

thank you for answering.

 

[Kaorin333]

btw i guess you missunderstand me a tiny bit everything is okay with my application. i just need to hook. And i thought i could accomplish it with the MsHookFunction, but it seems not to work for me.

 

[Raebydett]

no need for any menu nor wanna i touch

Using hook u still need to touch the apk files, use direct patching lib if u that lazy