Sharing my thoughts, discussing my projects, and traveling the world.
Contact: @borz
Last updated 5 days, 20 hours ago
Telegram stands for freedom and privacy and has many easy to use features.
Last updated 2 months, 2 weeks ago
Official Graph Messenger (Telegraph) Channel
Download from Google Play Store:
https://play.google.com/store/apps/details?id=ir.ilmili.telegraph
Donation:
https://graphmessenger.com/donate
Last updated 4 months ago
// SFG 3 v1.4.5 UE4.27.2
GEngine: 0xC4A2AE8
GWorld: 0xC4A69D8
GUObjectArray: 0xC32E718
FNamePool: 0xC2EA440
GNativeAndroidApp: 0xC193EC0
CanvasMap: 0xC476DE8
LineOfSightTo: 0x9DB501C
ProcessEvent:
- AActor: 0x9B1F860
- UObject: 0x7ED3A00
@gpxmods
SIMPLE Unity Il2Cpp Api Wrapper
(Header Only)
Depends on KittyMemory
Example:
```
#include "MiniIl2Cpp.hpp"
int main_example()
{
// LoadClass("Namespace.Class")
LoadClass clsPlayerController = LoadClass("PlayerScript.PlayerController");
// GetMethodPtr("Method", parametersCount);
void *updateMethod = clsPlayerController.GetMethodPtr("Update", 0);
HOOK(updateMethod, hook_Update, orig_Update);
return 0;
}
```
ADR/ADRP and ADD/SUB decode function
(aarch64)
uintptr\_t DecryptInsn\_ADRP\_ADD(uintptr\_t ins\_addr, uint32\_t add\_off = 4)
{
uintptr\_t page\_off = ((uintptr\_t)ins\_addr & ~(uintptr\_t)(4096 \- 1));
int64\_t adrp\_pc\_rel = 0, add\_pc\_rel = 0;
uint32\_t adrp\_insn = 0, add\_insn = 0;
driver\->read((ins\_addr), &adrp\_insn, sizeof(uint32\_t));
driver\->read((void*)(ins\_addr + add\_off), &add\_insn, sizeof(uint32\_t));
if (!adrp\_insn || !add\_insn) {
printf("failed to read insn addr\n");
return 0;
}
// decode adrp/adrl
if ( (adrp\_insn & 0x9F000000) == 0x10000000
|| (adrp\_insn & 0x9F000000) == 0x90000000
) {
int64\_t imm\_val = ((int32\_t)((adrp\_insn >> 5) & ((1 << 19) \- 1))) << 2; // immhi
imm\_val |= (int32\_t)((adrp\_insn >> 29) & ((1 << 2) \- 1)); // immlo
if ((adrp\_insn & 0x9F000000) == 0x90000000) {
uint64\_t msbt = (imm\_val >> 20) & 1;
imm\_val <<= 12;
adrp\_pc\_rel = ((((uint64\_t)(1) << 32) \- msbt) << 33) | imm\_val;
} else {
if (imm\_val & (1 << (21 \- 1)))
imm\_val |= ~((1LL << 21) \- 1);
adrp\_pc\_rel = imm\_val;
}
}
if (!adrp\_pc\_rel) {
printf("failed to decode adrp/adrl imm\n");
return 0;
}
// decode add/sub
int32\_t addimm12 = (int32\_t)((add\_insn >> 10) & ((1 << 12) \- 1));
auto shift = ((1 << 22) & add\_insn) >> 22;
if (shift)
addimm12 <<= 12;
add\_pc\_rel = addimm12;
if (!add\_pc\_rel) {
printf("failed to decode add uimm\n");
return 0;
}
return page\_off + adrp\_pc\_rel + add\_pc\_rel;
}
ADR/ADRP and LDR/STR decode function
(aarch64)
```
uintptr_t DecryptInsn_ADRP_LDR(uintptr_t ins_addr, uint32_t ldr_off = 4)
{
uintptr_t page_off = ((uintptr_t)ins_addr & ~(uintptr_t)(4096 - 1));
int64_t adrp_pc_rel = 0, ldr_pc_rel = 0;
uint32_t adrp_insn = 0, ldr_insn = 0;
driver->read(ins_addr, &adrp_insn, sizeof(uint32_t));
driver->read(ins_addr + ldr_off, &ldr_insn, sizeof(uint32_t));
if (!adrp_insn || !adrp_insn) {
printf("failed to read insn addr\n");
return 0;
}
// decode adrp/adrl
if ( (adrp_insn & 0x9F000000) == 0x10000000
|| (adrp_insn & 0x9F000000) == 0x90000000
) {
int64_t imm_val = ((int32_t)((adrp_insn >> 5) & ((1 << 19) - 1))) << 2; // immhi
imm_val |= (int32_t)((adrp_insn >> 29) & ((1 << 2) - 1)); // immlo
if ((adrp_insn & 0x9F000000) == 0x90000000) {
uint64_t msbt = (imm_val >> 20) & 1;
imm_val <<= 12;
adrp_pc_rel = ((((uint64_t)(1) << 32) - msbt) << 33) | imm_val;
} else {
if (imm_val & (1 << (21 - 1)))
imm_val |= ~((1LL << 21) - 1);
adrp_pc_rel = imm_val;
}
}
if (!adrp_pc_rel) {
printf("failed to decode adrp/adrl imm\n");
return 0;
}
// decode ldr/str
if ((ldr_insn & 0x3B000000) == 0x39000000) {
ldr_pc_rel = (int32_t)((ldr_insn >> 10) & ((1 << 12) - 1));
ldr_pc_rel <<= (int32_t)(((ldr_insn >> 30) & ((1 << 2) - 1)));
}
if (!ldr_pc_rel) {
printf("failed to decode ldr/str uimm\n");
return 0;
}
return page_off + adrp_pc_rel + ldr_pc_rel;
}
```
References:
- AArch64-Decoding
- GDB
- CAPSTONE- QEMU
- getting address by reading adrp and add instruction values
- adrp and adrl instructions in arm assembly
https://github.com/FSpaceCore/SpaceCore
GitHub
GitHub - FSpaceCore/SpaceCore: SpaceCore is a virtual Android system engine that can engage users clone and run dual applications,this…
SpaceCore is a virtual Android system engine that can engage users clone and run dual applications,this engine can also support device simulation, fake GPS and many other features.SpaceCore是一个虚拟引擎...
IDA Pro 8.3 by BGSPA
Decompiler: x86, x86_64
Arm and Arm64 decompiler aren't supported
SRC: https://breachforums.is/Thread-IDA-Pro-8-3
Sharing my thoughts, discussing my projects, and traveling the world.
Contact: @borz
Last updated 5 days, 20 hours ago
Telegram stands for freedom and privacy and has many easy to use features.
Last updated 2 months, 2 weeks ago
Official Graph Messenger (Telegraph) Channel
Download from Google Play Store:
https://play.google.com/store/apps/details?id=ir.ilmili.telegraph
Donation:
https://graphmessenger.com/donate
Last updated 4 months ago