This is the AMP version of this page.
If you want to load the real page instead, click this text.

Help! Need help on codestage anticheat on a il2cpp encrypted game.

G

ghostroy12

Platinian
Hello,

I was told to post the question here.
I have been following tutorials and modded some games using C#, but now i am looking into il2cpp encrypted games.
Game in example is archero.
I used dnspy to find the methods that i want to change, but they are encrypted with obscured values from the codestage anticheat kit.

Questions:
- The methods (eg. health) refer to an anticheat instruction, which turns the value into an obscured value. How do change or reverse this value?
Code: 
// Token: 0x1700015B RID: 347
    // (get) Token: 0x060018EF RID: 6383 RVA: 0x00005940 File Offset: 0x00003B40
    // (set) Token: 0x060018F0 RID: 6384 RVA: 0x00002053 File Offset: 0x00000253
    [Token(Token = "0x17000109")]
    public ObscuredLong CurrentEnergy
    {
        [Token(Token = "0x60015D5")]
        [Address(RVA = "0x893FD8", Offset = "0x893FD8", VA = "0x893FD8")]
        get
        {
            return default(ObscuredLong);
        }
        [Token(Token = "0x60015D6")]
        [Address(RVA = "0x893FF8", Offset = "0x893FF8", VA = "0x893FF8")]
        set
        {
        }
    }
- I've tried decompiling and then recompiling the apk, but it got stuck on a white screen (without changing any files)
Would there be some kind of function in anti cheat that is causing this?

I'm sorry if this sounds like a noob question, but i've been stuck here for several days and i really want to learn modding these kind of games.
Thanks in advance!
 
Sort by date Sort by votes
ghostroy12 said:
@Yaskashije i believe you said to reverse the function in ida?
Click to expand...
Yes

ghostroy12 said:
I've tried decompiling and then recompiling the apk, but it got stuck on a white screen (without changing any files)
Would there be some kind of function in anti cheat that is causing this?
Click to expand...
Never tried that game myself, but good chances your assumption is correct.
 
Upvote 0 Downvote
Yaskashije said:
Yes
Click to expand...

So, for example if i would find a method that RemovesEnergy from the player object; I would only need to get the offset, hex search it in hxeditor and change it to false?
(Would it be unlikely that the anti cheat system compares values afterwards?)

Never tried that game myself, but good chances your assumption is correct.
Click to expand...
After some more trial and error i found out that the white screen was caused because a certificate was lost during decompiling and recompiling/signing the apk. I finally got it to work by extracting and zipping the apk instead.

Thanks for the help, by the way.
 
Upvote 0 Downvote
ghostroy12 said:
So, for example if i would find a method that RemovesEnergy from the player object; I would only need to get the offset, hex search it in hxeditor and change it to false?
(Would it be unlikely that the anti cheat system compares values afterwards?)
Click to expand...
Codestage Anticheat is a joke and I'd not be surprised if that were to work.
Test and try stuff, thats how you learn new things when modding.
If nothing ends u working, you can always use ida.
 
Upvote 0 Downvote
A long should be an integer but more longer, so you could try to use this function:
C++: 
Parameters:
    - location: the location of the ObscuredInt
    - value: the value we're setting the ObscuredInt to
*/
void SetObscuredIntValue(uint64_t location, int value){
    int cryptoKey = *(int *)location;
    
    *(int *)(location + 0x4) = value ^ cryptoKey;
}

This should work fine and you will get the value that you want.
 
Upvote 0 Downvote
I have found with codestage, a basic 0 return on activate anticheat helped with a couple if games on the checksum, it was a stab in the dark when I tried it but worked, good work on finding and pinpointing Ur own question
 
Upvote 0 Downvote


I actually tested this method to get the GET or to do a SET, but each time the game crashes when I activate the toogle in my menu, there are functions specific to NOP?
 
Upvote 0 Downvote
ziz59 said:
I actually tested this method to get the GET or to do a SET, but each time the game crashes when I activate the toogle in my menu, there are functions specific to NOP?
Click to expand...
try to use this function instead:

C++: 
/*
Set the real value of an ObscuredFloat.
Parameters:
    - location: the location of the ObscuredFloat
    - value: the value we're setting the ObscuredFloat to
*/
void SetObscuredFloatValue(uint64_t location, float value){
    int cryptoKey = *(int *)location;

    /* use this intfloat to get the integer representation of our parameter value */
    intfloat IF;
    IF.f = value;
    
    /* use this intfloat to generate our hacked ObscuredFloat */
    intfloat IF2;
    IF2.i = IF.i ^ cryptoKey;
    
    *(float *)(location + 0x4) = IF2.f;
}

this should work as intended, since float is more longer than an int.
 
Upvote 0 Downvote
You must log in or register to reply here.
Menu
Log in
Register