- Gender
- Male
- Country
- Canada
I'm new to the Android hacking scene. I used to play around with Cheat Engine and decompiling flash games. My current challenge is hacking Solarmax 3 on Android. What I'm looking to get is unlimited credits (gold, money, whatever you want to call it).
My current process has been a lot of playing around with IDA, dnSpy and HxD. Apologies for the spaghetti of thoughts. I would love if someone could point me in the right direction.
What I want to achieve: unlimited money
What I've done so far:
Changing the UserData get_gold seems relatively straight forward:
I change the LDR instruction to a mov r0, #0xFFFFFF. This results in my gold seemingly being updated. The main menu lists gold as the new 0xFFFF number. BUT when I go to buy something it seems it isn't polling the get_gold function.
-----
Looking at the set_gold function... I know that R1 is being stored into the address of R0 offset by #0x40. I'm not sure how I would edit this instruction to give more gold (I don't think it's possible in one line, is it?)
I think that if I can find the value of R0 and modify the actual value that R0 #0x48 points to, I could successfully change the gold. But how do I get that value?
---
Looking at ChangeMoney() (I'm pretty sure sometimes gold and money are used interchangeably by the dev)
There's a lot going on and I just don't know what to make of it. (I tried to put it in thumbnail, but it didn't for some reason)
------
I also do know there's some sort of server side storage/verification. I have no idea to what extent. You can create a profile on one device, and it'll back up through your FB. I have successfully (but unintentionally) prevented my gold increasing client side. This gives me hope that I can also increase my gold client side. That being said, with the current get_gold hack, it gets reset to its correct value as soon as I earn some more gold.
Other avenues of hacking:
Thanks for sticking around! If anyone can give some guidance as to what to try, I would very much appreciate it! I've been playing around with this on and off for 3 days now.
~Big Confusion
My current process has been a lot of playing around with IDA, dnSpy and HxD. Apologies for the spaghetti of thoughts. I would love if someone could point me in the right direction.
What I want to achieve: unlimited money
What I've done so far:
- Dumped all of the APK data using Il2cpp, extracted function names, used scripts to port this data in IDA
- I'm able to edit the libil2cpp.so file and see changes reflected in the APK when testing
- It's just not working!
- I've played around with changing a lot of variables one by one
- LocalPlayer ChangeMoney() -> playing around with this, and setmoney resulted in no money being added upon completion of levels
- LocalPlayer SetMoney()
- NetMessage get_curMoney()
- NetMessage get_delta
- UserData get_gold() (address 0x58F048)
- UserData set_gold()
Changing the UserData get_gold seems relatively straight forward:
Code:
Int32 get_gold()
UserData_get_gold
LDR R0, [R0,#0x48]
BX LR
-----
Looking at the set_gold function... I know that R1 is being stored into the address of R0 offset by #0x40. I'm not sure how I would edit this instruction to give more gold (I don't think it's possible in one line, is it?)
Code:
; Void set_gold(Int32)
UserData_set_gold
STR R1, [R0,#0x48]
BX LR
---
Looking at ChangeMoney() (I'm pretty sure sometimes gold and money are used interchangeably by the dev)
There's a lot going on and I just don't know what to make of it. (I tried to put it in thumbnail, but it didn't for some reason)
------
I also do know there's some sort of server side storage/verification. I have no idea to what extent. You can create a profile on one device, and it'll back up through your FB. I have successfully (but unintentionally) prevented my gold increasing client side. This gives me hope that I can also increase my gold client side. That being said, with the current get_gold hack, it gets reset to its correct value as soon as I earn some more gold.
Other avenues of hacking:
- I've tried playing around with the lottery system (no luck). The only thing I really have successfully changed in all of this is locking the number of 'free ad spins' you have every day for the lottery system. At the minimum, if I could make the lottery spin for free (instead of costing 50 credits), I'd be happy with my hack job. But even that seems to be a challenge.
- If you watch an ad you get a reward multiplier for gold. 'Watch this ad and earn 6x reward' If I could bump that factor up by 1000, that would serve the same purpose
- You get gold through the 'sign in month' system/completing challenges.
Thanks for sticking around! If anyone can give some guidance as to what to try, I would very much appreciate it! I've been playing around with this on and off for 3 days now.
~Big Confusion