Changing float values permanently in an apk? - General Questions and Answers

I have an old offline game that's discontinued that I still play. I use another app called Game Guardian that can search codes like float, word, d-word, byte format but some can't be changed permanently (have to change the float values everytime i open the game).
I just discovered someone actually managed to do it but they're not teaching how they did it and the float values they changed are different from what I want to change but the know how seems to be the same logic.
It involves replacing/editing/adding (i think they replaced/added because this guy isn't a programmer so editing is not likely) the library files (.so files) inside the apk
Can anyone teach me how to do this?

Related

any way to edit save games?

hey does any one know how to edit save games of dungeon hunter,zenonia 2 and any rpg type games ...im soo waiting for this...i tried GAMECIH but its of no use on these games..i tried it with many games none of them worked ...is there some way to edit saves or use some trainers?
smackdownn said:
hey does any one know how to edit save games of dungeon hunter,zenonia 2 and any rpg type games ...im soo waiting for this...i tried GAMECIH but its of no use on these games..i tried it with many games none of them worked ...is there some way to edit saves or use some trainers?
Click to expand...
Click to collapse
Hex editor like any other saved game. Dungeon Hunter you can directly modify your gold and experience, as far as I can tell you can't directly change anything else. I fiddled with it for a while the first time I played it.
As for both, you search the savegame file like any other binary file. If you have 4312 gold, search for d810 in hex, which is of course little endian. ie: The hex pairs are backwards.. 4312 decimal = 10d8 in hex, so you have to search for d810
Same for experience. Just make it larger than your required experience at the end of each quest and next time you gain experience you'll gain a level. If you really want to level up, you can go back and forth between levels and modify each time.
Back up your files, it's easy to screw up.
khaytsus said:
Hex editor like any other saved game. Dungeon Hunter you can directly modify your gold and experience, as far as I can tell you can't directly change anything else. I fiddled with it for a while the first time I played it.
As for both, you search the savegame file like any other binary file. If you have 4312 gold, search for d810 in hex, which is of course little endian. ie: The hex pairs are backwards.. 4312 decimal = 10d8 in hex, so you have to search for d810
Same for experience. Just make it larger than your required experience at the end of each quest and next time you gain experience you'll gain a level. If you really want to level up, you can go back and forth between levels and modify each time.
Back up your files, it's easy to screw up.
Click to expand...
Click to collapse
thanks for ur reply ..wat else does this trick work for??
and hey where are the savegames stored?
khaytsus said:
Hex editor like any other saved game. Dungeon Hunter you can directly modify your gold and experience, as far as I can tell you can't directly change anything else. I fiddled with it for a while the first time I played it.
As for both, you search the savegame file like any other binary file. If you have 4312 gold, search for d810 in hex, which is of course little endian. ie: The hex pairs are backwards.. 4312 decimal = 10d8 in hex, so you have to search for d810
Same for experience. Just make it larger than your required experience at the end of each quest and next time you gain experience you'll gain a level. If you really want to level up, you can go back and forth between levels and modify each time.
Back up your files, it's easy to screw up.
Click to expand...
Click to collapse
thanks for info.
can you teach me how to do it with .so file type??

[Q]how to use ShellExecute() in wp7RootToolsSDK 0.2.1.0 alpha

hi.Heathcliff74 released the wp7RootToolsSDK 0.2.1.0 alpha,i want to test ShellExecute(string a).i post the GUID of App (or the name of app )to the argument,but it doest work.
SO anybody konws the meanings of ShellExecute or the
use of it?
ShellExecute is usually used to "open" a file. Basically, if the HKEY_CLASSES_ROOT defines a way to handle a given filetype (for example, .PDF files or HTTP: URIs), ShellExecute can be used to invoke the defalt action on that file or URI or whatever.
It's possible to use it for launching apps, but it's not so easy as what you're trying. There's another API (CreateSession, I think) which is specifically for launching built-in or third-party tasks (apps, essentially).
sorry,there isn't a API named CreateSession ~~~~
You're right, it's actually SHLaunchSessionByUri. It's in aygshell (like many things). It appears to be totally undocumented, but it's what the DllImport project uses.
Of course, I could probably easily enough write an app that handles the "app://" URI scheme; the app would get started and then it would use LaunchSessionByUri to start whatever you were trying to call in the first place. This would also be a way to launch apps from the browser...

[Q] Unknown library libverde.so

Hi,
I'm trying to work through a hardware detection problem running an app (Osmos, purchased in the Humble bundle for Android). It seems that maybe there's something weird about how my Chinese tablet reports its multitouch or something, I figured I'd just hack the apk to remove the multitouch check and be done with it.
The problem is that the error string isn't in the application itself, it's part of a support library and occurs during initialisation, there's no obvious call to the library to ask for multitouch though I'm sure something flags it as required somewhere along the line but probably in one of a couple of parameter values that are long, undocumented integers.
The support library is called libverde.so and appears in the apk's lib directory when decompiled (apktool, dex2jar, JD are the tools I'm using). There's almost no information about it on the net, only a reference on a pirate site about patching it to remove a check for screen size (similar to what I want to do).
Has anyone heard of this library? Can provide any information on it?
bp.

How does WeChat store animated emojis (stickers)?

Hi,
I hope this is the right section for app-specific questions (if not, please move the thread)...
My wife recently got into that sticker/emoji-collecting-thing on WeChat (god knows why) and she would like to use the WeChat stickers on other messengers like Whatsapp (or have access to the image files in general). There are millions of tutorials how to make your own animated stickers for WeChat, but unfortunately there is zero information how to get them out of WeChat... Apparently everything is stored in the folder "Phone\tencent\MicroMsg\--some-md5-like-number--\emoji". Therein are subfolders like "com.tencent.xin.emoticon.NAME", I guess for each sticker creator, and the image files themselves have cryptic filenames like "fd0476f63c51690b88dd17d9be63af1c" without any extension. The good news is that PNGs and JPGs are saved "natively" - such files can be easily recognized by any image viewer via the header. However, animated stickers (typically discernible by the much larger file size) are apparently stored in a kind of proprietary format. It's not GIF or any image format I know of (or rather tried it with), it's also not a common compressed container, and the hex editor doesn't reveal anything useful, just densely packed gibberish...
Is there any kind of documentation on how WeChat stores animated images and how they can be converted back into something useful like GIF?
I was wondering this as well. I did the same digging as the OP, with one thing to add. I took a look at one of the said files – this one is 13Kb and about 1kb from the beginning there is a 648-byte xml rdf metadata tag. It shows that whatever this thing is, it was made with Photoshop. I took out the id's and hashes:
Code:
<rdf:Description rdf:about="" xmlns:xmpMM="http ://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http ://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http ://ns.adobe.com/xap/1.0/" xmpMM:eek:riginalDocumentID="xmp.did:…" xmpMM:DocumentID="xmp.did:…" xmpMM:InstanceID="xmp.iid:…" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:…" stRef:documentID="adobe:docid:photoshop:…"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
Looking for the same answer
It's been forever since this question was posted, but I still kinda want to know. I don't think anyone's figured out how. XD;;
Nope, I gave up and urged my wife to find a new hobby
Drats, the stickers are so adorable tho... iiOTL
The files are stored in the WXAM format (an in-house proprietary format). The most I found was this post detailing an exploit for WXGF (that's the name of the format), which includes POC code in Python (see zip at end of post) that encrypts a file to WXGF. In it, you can see the code calculating the encryption key - which, I imagine the way to decrypt them would be to do the opposite (obviously)
Python:
imei = '358035085174146'
key = hashlib.md5(imei).hexdigest()[0:16]
cipher = AES.new(key, AES.MODE_ECB)
result[0:1024] = cipher.encrypt(buffer[0:1024])
As for converting the unencrypted file - whether Android or Windows, it's contained in a dll or so file.
On Windows, the decompilation code can be found at
Code:
C:\Program Files (x86)\Tencent\WeChat\WXAMDecoder.dll
, while on Android it can be found at
Code:
libwechatcommon.so
Particularly on Android, the Java class located in
Code:
com.tencent.mm.plugin.gif.MMWXGFJNI
contains the java -> native implementation, with functions such as
Code:
nativePic2Wxam()
As for documenting the internal native code -> It's too much past my ability / time at the moment. Maybe this can be for someone for another day~ That being said, decryption isn't impossible as you saw above, related to IMEI and AES keys.
The particular function you were looking for was - sadly, using it would be a bit hard. But I imagine that you could take the so file, wire it up to an Android app with the same declarations here, and pass in the Wxam file in a byte[] array to get the result back -> You wouldn't have to know the internal code for that either, and since the type is byte[], we don't need to even reverse engineer the code to see what it supplied. Clearly it is a byte[] array of the files contents.
Code:
public static native byte[] nativeWxamToGif(byte[] bArr);
In fact, now that I think about it, I'd like to try it myself now and see what happens lol.
Edit: Yup, it works. I just decoded a few files. Working on decryption now. Sorry, I can't share it since I don't wanna get in trouble. But there's the information above ^^ If you can make Android apps and know enough, it's not hard
BBRecon said:
The files are stored in the WXAM format (an in-house proprietary format). The most I found was this post detailing an exploit for WXGF (that's the name of the format), which includes POC code in Python (see zip at end of post) that encrypts a file to WXGF. In it, you can see the code calculating the encryption key - which, I imagine the way to decrypt them would be to do the opposite (obviously)
Python:
imei = '358035085174146'
key = hashlib.md5(imei).hexdigest()[0:16]
cipher = AES.new(key, AES.MODE_ECB)
result[0:1024] = cipher.encrypt(buffer[0:1024])
As for converting the unencrypted file - whether Android or Windows, it's contained in a dll or so file.
On Windows, the decompilation code can be found at
Code:
C:\Program Files (x86)\Tencent\WeChat\WXAMDecoder.dll
, while on Android it can be found at
Code:
libwechatcommon.so
Particularly on Android, the Java class located in
Code:
com.tencent.mm.plugin.gif.MMWXGFJNI
contains the java -> native implementation, with functions such as
Code:
nativePic2Wxam()
As for documenting the internal native code -> It's too much past my ability / time at the moment. Maybe this can be for someone for another day~ That being said, decryption isn't impossible as you saw above, related to IMEI and AES keys.
The particular function you were looking for was - sadly, using it would be a bit hard. But I imagine that you could take the so file, wire it up to an Android app with the same declarations here, and pass in the Wxam file in a byte[] array to get the result back -> You wouldn't have to know the internal code for that either, and since the type is byte[], we don't need to even reverse engineer the code to see what it supplied. Clearly it is a byte[] array of the files contents.
Code:
public static native byte[] nativeWxamToGif(byte[] bArr);
In fact, now that I think about it, I'd like to try it myself now and see what happens lol.
Edit: Yup, it works. I just decoded a few files. Working on decryption now. Sorry, I can't share it since I don't wanna get in trouble. But there's the information above ^^ If you can make Android apps and know enough, it's not hard
Click to expand...
Click to collapse
I'm using nativeWxamToGif(), but I keep getting a return value of null. Do you know if it is still supposed to work? I tried the libwechatcommon.so in wechat versions 7 and 8 and still no luck.
My decryption code is almost the same as the encryption code. The only difference is that I strip off the trailing 0-pad and then reuse the imei-generated (using my own imei) key to decrypt.
Were you able to use nativePic2Wxam? The signature is too complex so it's too hard for me to guess what parameters to pass in.
Code:
private static native int nativePic2Wxam(String paramString1, String paramString2, int paramInt1, int paramInt2, int paramInt3, int paramInt4, int paramInt5);
Since I don't know how to use nativePic2Wxam, I'm just blindly trusting you that I should be able to decrypt one of the wxgf into wxam and then use nativeWxamToGif() to convert it to a gif. But I'm not sure why my gifs are always null.
I think I do have the libwechatcommon.so lib working because I am able to use other simple functions such as the following:
Code:
public static native int nativeRewindBuffer(long paramLong);
public static native int nativeUninit(long paramLong);
Does nativeWxamToGif() return null if the input byte array is invalid wxam or something?

Recompiling with additional resources and activities

Hello All,
I have an application that I want to add some features to in the form of an additional activity. I have decompiled it with APK tool and attempted to add my own smali files (from the decompiled 2nd app that I developed). I immediately run into problems with the dependencies of my app being different than those of the original app. For example, my app uses the google Easy Permissions lib to ask for permissions. What is the right strategy to help de-conflict the res/values/*.xml files between two apps that both have their own resources? Are there any tools that can assist in this? What about layout and drawable resources?
I started writing a python script to merge public.xml and the others, re-map the ID's for those resources, and then search the smali files to change the values there. That seems error-prone, and I am not even sure if that is the right thing to do.
I had a second thought that perhaps aapt2 compilation of resources could perhaps be modified to give me a different package ID for the app I created and control source to (such as 0x80... instea of 0x7f...) but I am not sure exactly how to go about that, or if that would even work either
Any advice or tools I should be looking at?

Categories

Resources