Castle Clash - Dungeon Hack (Hbm )

faker6969 · 08/25/2014, 02:17

Quote:

Originally Posted by Xavierbot

Lol ... Be patient or create your own hack ...
This hack is free, so, respect the creator and there vacation --'

i dont think he created any hacks for CC, with the .48 mod, after patching with lucky patcher, it says by dwan46, if it was hacker.trio, it would have his signature on it. Plus after the .49 update he claim he was going to release it last month after he come back on vacation, i guess he is on vacation again and claiming he'll release another mod hack for .52. I think he's just stealing peoples mod and releasing it for free, but i guess you cant compliant much since its free to start with.

jajarem64 · 08/25/2014, 06:51

Quote:

Originally Posted by nexxen4205

I cant understand the 4th step!
I found the address and save it, reset the sb and after that when I searched for 1074737971, sb found around 153 result and ask to change the 1074737971 and search again!
would you please explain step 4 and after that?

If you don't see a "List" button then you need to either upgrade to 3.1, or you need to downgrade to 2.6 if you're on Bluestacks or any other emulator because the guy who is keeping up with the SBGH project has messed up some things in the code with the past few releases. Supposedly 3.2 will resolve these issues and allow you to write again in x86 arch (emulators). I use GenyMotion, as it doesn't give BSoD, you need ARM Translator 1.1 (only supports arm translation up to 4.3 on x86 emulators) and signed Gapps flash for 4.3.

Enjoy, put some effort into it. This shows you how you can use the mod provided here to create your own hotfix (proper term) for v52. If you don't understand what I'm talking about after you've decompiled the libs in IDA then don't bother to proceed any further, from that though, it's an easy task as long as you use AppUse for direct assembly modification via GEdit. Thanks, have a good day.

Also, Hacker.Trio might have compiled his own hotfix for v48 lib. But he didn't compile the Lucky Patcher mod, Dwan46 (LoveCC) did. Don't read that wrong either, ChelpuS coded Lucky Patcher. Why is everyone taking his words out of context? Go back to English class.

LordVanDooM · 08/25/2014, 12:22

Quote:

Originally Posted by jajarem64

If you don't see a "List" button then you need to either upgrade to 3.1, or you need to downgrade to 2.6 if you're on Bluestacks or any other emulator because the guy who is keeping up with the SBGH project has messed up some things in the code with the past few releases. Supposedly 3.2 will resolve these issues and allow you to write again in x86 arch (emulators). I use GenyMotion, as it doesn't give BSoD, you need ARM Translator 1.1 (only supports arm translation up to 4.3 on x86 emulators) and signed Gapps flash for 4.3.

Enjoy, put some effort into it. This shows you how you can use the mod provided here to create your own hotfix (proper term) for v52. If you don't understand what I'm talking about after you've decompiled the libs in IDA then don't bother to proceed any further, from that though, it's an easy task as long as you use AppUse for direct assembly modification via GEdit. Thanks, have a good day.

Also, Hacker.Trio might have compiled his own hotfix for v48 lib. But he didn't compile the Lucky Patcher mod, Dwan46 (LoveCC) did. Don't read that wrong either, ChelpuS coded Lucky Patcher. Why is everyone taking his words out of context? Go back to English class.

i dont really understand something like this, but trying to follow you.
using v48 lib and copy to v52 lib right.?
dont know what to mod, where to start LoL
so can u make lib that can farm dungeon and expedition.?
sorry if i cant follow u to far, im still newbie with this mod thing ^^
and my english not really good

anyway what code still working now.?
please share ^^
thanks alot

jajarem64 · 08/25/2014, 12:52

Quote:

Originally Posted by LordVanDooM

i dont really understand something like this, but trying to follow you.
using v48 lib and copy to v52 lib right.?
dont know what to mod, where to start LoL
so can u make lib that can farm dungeon and expedition.?
sorry if i cant follow u to far, im still newbie with this mod thing ^^
and my english not really good

anyway what code still working now.?
please share ^^
thanks alot

The modified functions within the assembly code of the modified libs from version 1.2.48 Hacker.Trio has made available are still the same assembly code modifications required to achieve the results of HBM and HT hack on version 1.2.52. All you need to do is locate the modified functions, which I have explained how to do so, overwrite the version 1.2.52 functions that you have found from 1.2.48 with the functions that allowed you to hack in HBM and HT. I have provided most of them already in a text file on my post, but I would expect you to check it (compare libgamc.so against libgamd.so and libgamb.so) yourself using IDA with the plugin titled, "PatchDiff2" available online from the open-source Google Code Repository. That way you can ensure you have found all of the unmatched functions, a few out of thousands of those functions (which I listed 3 already one of which has been patched and I said how to patch the CheckHack() function in my post as well) will be the ones used to achieve the HBM and HT hack. Apply those functions from libgamc.so to libgame.so (original version 1.2.52 lib) after you've done that I recommend for you to still use Lucky Patcher to fix your dalvik-cache on Castle Wars for the libgamc.so in your system/lib folder. Take your patched/modded/hotfixed version 1.2.52 lib and place it in the system/lib folder, just as you would have with the old mod. I have already shared, everything is there for you. It's all there. It's there for everyone.

mzee9 · 08/25/2014, 18:13

Quote:

Originally Posted by Tenth10

Why are the wave enemies in HBM getting the skill hack when I use SBhacker (i.e. I change my heroes skill to PD's celebrate and then try HBM and when the enemies proc, they also have PD's celebrate)... How do I fix that?

dont use same hero as hbm wave always switch your heros also never use legendary with hack you cant complete ht.

fairylovehn127 · 08/25/2014, 20:08

lib version 52
easy to make

~~Marius™~~ · 08/25/2014, 20:14

Quote:

Originally Posted by jajarem64

The modified functions within the assembly code of the modified libs from version 1.2.48 Hacker.Trio has made available are still the same assembly code modifications required to achieve the results of HBM and HT hack on version 1.2.52. All you need to do is locate the modified functions, which I have explained how to do so, overwrite the version 1.2.52 functions that you have found from 1.2.48 with the functions that allowed you to hack in HBM and HT. I have provided most of them already in a text file on my post, but I would expect you to check it (compare libgamc.so against libgamd.so and libgamb.so) yourself using IDA with the plugin titled, "PatchDiff2" available online from the open-source Google Code Repository. That way you can ensure you have found all of the unmatched functions, a few out of thousands of those functions (which I listed 3 already one of which has been patched and I said how to patch the CheckHack() function in my post as well) will be the ones used to achieve the HBM and HT hack. Apply those functions from libgamc.so to libgame.so (original version 1.2.52 lib) after you've done that I recommend for you to still use Lucky Patcher to fix your dalvik-cache on Castle Wars for the libgamc.so in your system/lib folder. Take your patched/modded/hotfixed version 1.2.52 lib and place it in the system/lib folder, just as you would have with the old mod. I have already shared, everything is there for you. It's all there. It's there for everyone.

This helps many newbis, nice Therad.

matt085 · 08/26/2014, 06:23

Quote:

Originally Posted by fairylovehn127

lib version 52
easy to make

wats this suppose to be ?

jajarem64 · 08/26/2014, 06:25

Quote:

Originally Posted by Hacker.Trio

This helps many newbis, nice Therad.

Thanks, I enjoy keeping the flow of information free as it has always been meant to be in order to progress humankind as a whole and not a singular, across any subject I can. I try to encourage people to be more independent and take the time to educate themselves, especially when it comes to matters of reverse engineering, because anyone could just reallocate some memory and add some malicious shell code to a modified lib, sure it may give you HBM and HT hack but at the same time you could (high probability due to the chances of someone knowing how to mod and selling them, shows the need for more money, in that sense you could assume they'd be willing to give it a try) have someone with the capabilities of privilege escalation gaining root access to your device remotely. Now a days you have plenty of tools that will do it for you with the click of a button, without having to do it manually and they're all readily available on the public domain. With that being said, you could consider it as more of an increasing threat on a day by day basis due to the free flow of information but when we face a threat we adapt and if that means reverse engineering for our own needs, then so be it.

Quote:

Originally Posted by matt085

wats this suppose to be ?

I'm disassembling it now to see. It appears to be 2 copies of the original 52 lib. Running code comparison and checksums.

Code:

.plt:0020518C ; Input MD5   : 3CA3DE375C666E22CFB7B8400E690D52
.plt:0020518C ; Input CRC32 : CF779282
.plt:0020518C
.plt:0020518C ; ---------------------------------------------------------------------------
.plt:0020518C ; File Name   : C:\*\libgamhbmn52\libgam2.so
.plt:0020518C ; Format      : ELF for ARM (Shared object)
.plt:0020518C ; Needed Library 'libGLESv2.so'
.plt:0020518C ; Needed Library 'liblog.so'
.plt:0020518C ; Needed Library 'libz.so'
.plt:0020518C ; Needed Library 'libstdc++.so'
.plt:0020518C ; Needed Library 'libm.so'
.plt:0020518C ; Needed Library 'libc.so'
.plt:0020518C ; Needed Library 'libdl.so'
.plt:0020518C ; Shared Name 'libgame.so'
.plt:0020518C ;
.plt:0020518C ; EABI version: 5

Code:

.plt:0020518C ; Input MD5   : 3CA3DE375C666E22CFB7B8400E690D52
.plt:0020518C ; Input CRC32 : CF779282
.plt:0020518C
.plt:0020518C ; ---------------------------------------------------------------------------
.plt:0020518C ; File Name   : C:\*\libgamhbmn52\libgam5.so
.plt:0020518C ; Format      : ELF for ARM (Shared object)
.plt:0020518C ; Needed Library 'libGLESv2.so'
.plt:0020518C ; Needed Library 'liblog.so'
.plt:0020518C ; Needed Library 'libz.so'
.plt:0020518C ; Needed Library 'libstdc++.so'
.plt:0020518C ; Needed Library 'libm.so'
.plt:0020518C ; Needed Library 'libc.so'
.plt:0020518C ; Needed Library 'libdl.so'
.plt:0020518C ; Shared Name 'libgame.so'
.plt:0020518C ;
.plt:0020518C ; EABI version: 5

Confirmed, both identical copies of the same v52 Libs but with some modifications to the functions here.

Code:

File Function name                                                       Function address Sig      Hash     CRC     
---- -------------                                                       ---------------- ---      ----     ---     
2    SceneBattleOperation::BearAttackDamage(CBaseObject *,CBaseObject *) 30EB88           00000105 F8DFBEFB 776AD718
2    Hero::GetTalentSkillId(void)                                        24AE48           00000007 00080043 9E1E5401

If you guys don't know how to obtain a v52 Original Lib they will help you, though you can get it from the APK which you can download online and extracting it, or from data/app-lib/com.igg.castleclash-1/"libgame.so". Feel free to use his copies if you're feeling lazy lol.

fairylovehn127 · 08/26/2014, 06:44

zzzzzzzzzzzzzzzz
i dont know which script you use
i just put 2 file libgam2 and libgam5.so to this folder
2 files are the same

open folder luckypatcher
open file HBM and see 04 67 61 6d ?? 00
if ?? = 32 this means you can use libgam2.so
if ?? = 35 you can use libgam5.so
.......
i suggest you edit some function bearattackdamage attackerrun ....... to mod

I'm fairy from gameguardian, AGH and androidrepublic

Confirmed, both identical copies of the v52 Original Lib. If you guys don't know how to obtain a v52 Original Lib they will help you, though you can get it from the APK which you can download online and extracting it, or from data/app-lib/com.igg.castleclash-1/"libgame.soel free to use his copies if you're feeling lazy lol.

you are so stupid =))

i can teach you some function to mod

Use IDA decompile it

function bearattackdamage return it 70 47 -> 1 hit to die all
can use hex workshop to edit
function getobjectrange you look this line add .... see the hex change 18 to 1b it means max range lol
.................

jajarem64 · 08/26/2014, 06:53

Quote:

Originally Posted by fairylovehn127

zzzzzzzzzzzzzzzz
i dont know which script you use
i just put 2 file libgam2 and libgam5.so to this folder
2 files are the same

open folder luckypatcher
open file HBM and see 04 67 61 6d ?? 00
if ?? = 32 this means you can use libgam2.so
if ?? = 35 you can use libgam5.so
.......
i suggest you edit some function bearattackdamage attackerrun ....... to mod

I'm fairy from gameguardian, AGH and androidrepublic

Thanks for the input, Fairy. It's good to have your eyes here. I use PatchDiff2 for IDA for function analysis, it's available from the Google Open-Source Project Repository i.e. code.google. I'm also well aware of Hex to ASCII conversion. I've also got the latest version of IDA Professional, I prefer hex modification through IDA over Hex Workshop or Hex Edit. You can also use AppUse and write to the assembly directly in ASCII format. This is to help everyone, insulting members of the forum isn't called for, especially over a misinterpretation. You're still welcome to contribute to the thread though, so feel free to do so.

The CheckHack(void) has to be modified as well

Code:

 ; CheckHack(void)
.text:0020D76C                 EXPORT _Z9CheckHackv
.text:0020D76C _Z9CheckHackv                           ; CODE XREF: StaticDB::CheckBuildLvlInfo(T_BuildLvlInfo *)+5AEp
.text:0020D76C                                         ; StaticDB::CheckBuildingBindHeroLevelInfo(T_BuildingBindHeroLevelInfo *)+184p ...
.text:0020D76C                 PUSH    {R3,LR}
.text:0020D76E                 LDR     R3, =(g_IsHack_ptr - 0x20D774)
.text:0020D770                 ADD     R3, PC ; g_IsHack_ptr
.text:0020D772                 LDR     R3, [R3] ; g_IsHack
.text:0020D774                 LDRB    R3, [R3]
.text:0020D776                 CMP     R3, #0
.text:0020D778                 BEQ     locret_20D782
.text:0020D77A                 BL      _ZN9GameLogic8InstanceEv ; GameLogic::Instance(void)
.text:0020D77E                 BL      _ZN9GameLogic4ExitEv ; GameLogic::Exit(void)
.text:0020D782
.text:0020D782 locret_20D782                           ; CODE XREF: CheckHack(void)+Cj
.text:0020D782                 POP     {R3,PC}
.text:0020D782 ; End of function CheckHack(void)
.text:0020D782
.text:0020D782 ; ---------------------------------------------------------------------------
.text:0020D784 off_20D784      DCD g_IsHack_ptr - 0x20D774 ; DATA XREF: CheckHack(void)+2r

to the following code:

Code:

; CheckHack(void)
.text:001A17D8                 EXPORT _Z9CheckHackv
.text:001A17D8 _Z9CheckHackv                           ; CODE XREF: StaticDB::CheckBuildLvlInfo(T_BuildLvlInfo *)+5B6p
.text:001A17D8                                         ; StaticDB::CheckBuildingBindHeroLevelInfo(T_BuildingBindHeroLevelInfo *)+184p ...
.text:001A17D8                 BX      LR
.text:001A17D8 ; End of function CheckHack(void)
.text:001A17D8
.text:001A17D8 ; ---------------------------------------------------------------------------
.text:001A17DA                 ALIGN 4

Disregard the addresses aligned on the left side of code.

fairylovehn127 · 08/26/2014, 07:29

edit function checkhack for what

renzjake231 · 08/26/2014, 07:39

How? I dont know how to..pls teach me

EGYPT_2010 · 08/26/2014, 07:42

mea too plzzzzzzzzzzzzzzzzzzzzz man Video

jajarem64 · 08/26/2014, 09:40

Quote:

Originally Posted by fairylovehn127

edit function checkhack for what

For bypass. Did you finish the mod for Android Republic or was it UB?