There are lot of tutorials that teach us how to bypass XOR encoding in mobile games, but most of them don ’ deoxythymidine monophosphate show us process that lies behind. sol before we start, we need to read some theory about the subject. If you learn this, you will be able to bypass XOR encoding with only basic memory editor program, paper and penitentiary.
Of course, this is some screen of advance tutorial – we assume that you are at least familiar with basics of memory edit .
Cryptography 101 (logic for dummies)
In the beginning, there was Boolean algebra. For those who haven ’ metric ton overslept mathematics and logic classes, you can skip this chapter. If you have overslept, read carefully.
George Boole was mathematician, logician and philosopher who published his most celebrated notes in the in-between of the nineteenth century. You probably asked yourself why are you reading about some dandy who lived 100 years before ENIAC. This fellow is father of all computers – every digital circumference on our planet works on his principles. For our story, it is important to notice that every algebra has own values and operations. Imagine that, in some kind of simple algebra, values are set of natural numbers from 1 to 10 [ 1,2,3,4,5,6,7,8,9 ], and only operations are addition(+), subtraction(-), multiplication(*), and division(/). From our cognition of elementary algebra ( mathematics from school ), you can tell that 1+1 =2, or 2 * 4=8.
While elementary algebra deals with numbers, Boolean algebra use only two values – TRUE and FALSE. They are represented as 1 ( true ) and 0 ( false ). All operations are done on this two values. Of course, you can ’ triiodothyronine preform multiplication or subtraction on this values. We need some other operations that can be preformed on TRUE and FALSE. These operations are called bitwise operations. There are three basic operations in Boolean algebra – NOT(¬), AND (∧) and OR (∨), and they are in truth elementary to understand. Take a front at this prototype, and everything will be clear . just kid, forget this and let ’ s act on .
Basic bitwise operations
I know this will possibly be hard to understand, particularly if this is your first base time you read about logic. So I will try to make it simple. boolean algebra ( and any other logic ) are made to teach us how to make right conclusions.
In elementary algebra, chastise termination is when we write that 1+1=2. As we said, in Boolean algebra there are only two values, and we can only preform operations on them. now imagine that we have a few truthful or false statements :
- Tom is a cat (TRUE or 1)
- Jerry is a mouse (TRUE or 1)
- Sky is green (FALSE or 0)
This is reasonably elementary examples. Let ’ s see our first hustler, NOT(¬). “ Tom in not a cat ”, is this statement true or delusive ? Of course, it is FALSE.
Jerry is not a mouse = FALSE or 0.
Sky is not greens = TRUE or 1. This operator preforms legitimate negation on a given instruction. 0 become 1, and 1 become 0. We can write it like this :
- ¬0 = 1
- ¬1 = 0
AND(∧) operator takes two arguments, and returns TRUE entirely if both arguments are TRUE. Tom is a cat AND Jerry is a sneak = TRUE(1). Tom is a vomit AND Sky is green = FALSE(0).
You can easily remember this hustler – barely multiply two arguments and you have discipline leave.
We can write it like this :
- 1 ∧ 1 = 1
- 1 ∧ 0 = 0
- 0 ∧ 1 = 0
- 0 ∧ 0 = 0
OR (∨) operator takes two arguments, and return FALSE only if both of the statements are FALSE. In every other subject it returns TRUE.
Tom is car OR Sky is green = TRUE(1). Sky is green OR Sky is crimson = FALSE(0).
- 1 ∨ 1 = 1
- 1 ∨ 0 = 1
- 0 ∨ 1 = 1
- 0 ∨ 0 = 0
possibly you wonder why are we talking about Tom and Jerry. In computer worldly concern, everything is made in binary system. There are only two states in calculator – there is current flow ( 1 ) and there international relations and security network ’ thyroxine current flow ( 0 ). indeed every information is stored in binary numeral system. Each finger ( 0 or 1 ) is called bit. Group of 8 bits are called byte. Any information can be translated into binary system.
so our “ turkey cock ” will be 01110100 01101111 01101101 in binary, and “ sky ” will be 01110011 01101011 01111001. Guess what ? You can preform this bitwise operations on binary star values.
so, “ tom ” OR “ flip ” ?
01110100 01101111 01101101 tom ∨ 01110011 01101011 01111001 sky ____________________________ 01110111 01101111 01111101 wo}
If we want preform AND operator, this will be result :
01110100 01101111 01101101 tom ∧ 01110011 01101011 01111001 sky _______________________________ 01110000 01101011 01101001 pki
well, this was not very utilitarian. But it is important to remember this, because now you will learn another bitwise operation – exclusive disjunction ( exclusive OR, known as XOR ).
XOR (exclusive OR) bitwise operator
I hope you understand these basic bitwise operators. There is besides alleged “ secondary operators or operations ”, which can be derived from basic operators. One of these secondary operators is XOR, or exclusive OR. You will understand why is it called “ exclusive OR ” when you see the following table .
- 1 XOR 1 = 0
- 1 XOR 0 = 1
- 0 XOR 1 = 1
- 0 XOR 0 = 0
As you can see, if you perform XOR operation on two unlike values, it will return 1 or true. If values are the like, it will return 0 or false. So what is the catch ?
Why are XOR so special, and why is it used in cryptanalysis ? nowadays, look again our former example, and you will see. From immediately on, we will preform XOR operation on original data ( “ tom ” in our case ) with the winder ( “ flip ” in our character ) .
01110100 01101111 01101101 tom XOR 01110011 01101011 01111001 sky _____________________________________ 00000111 00000100 00010100 //this can't be converted to meaningful text
But what will happen if we XOR out newly value ( 00000111 00000100 00010100 ) with the like key ( sky or 01110011 01101011 01111001 ) ?
Let ’ s test it .
00000111 00000100 00010100 XOR 01110011 01101011 01111001 sky ___________________________________ 01110100 01101111 01101101 tom
right, we got our original data. But there is more -what if we don ’ metric ton know the key ( “ flip ” ) ?
01110100 01101111 01101101 tom XOR 00000111 00000100 00010100 ___________________________________ 01110011 01101011 01111001 sky
We calculated our original winder. This is the reason why XOR hustler is particular. We can ’ triiodothyronine achieve this with early operators.
XOR encryption in mobile games
indeed lease ’ s see some real world example – using XOR encoding in mobile games. imagine that you have 1000 gold in some crippled. Developers implemented that all values are XOR-ed with the key 1337, and stored in memory. sol search at the case. For conversion for decimal to binary you can use Windows calculator, or some on-line tools [ BINARY TO DECIMAL CONVERTER ] .
0000001111101000 1000 XOR 0000010100111001 1337 _________________________ 0000011011010001 1745
This means that “ 1000 ” gold is stored as “ 1745 ” in memory. If you earn more gold ( let ’ s say you got 1050 gold now ), it will be stored in memory like this .
0000010000011010 1050 XOR 0000010100111001 1337 _________________________ 0000000100100011 291
so how we can bypass this kind of encoding ?
Bypassing XOR encryption with Game Guardian
We already saw that :
- original value XOR key = encrypted value
- encrypted value XOR key = original value
- original value XOR encrypted value = key
With this rationale, we can bypass XOR encoding even if we don ’ triiodothyronine know that keystone developers used. sol let ’ s start with virtual work. If you aren ’ triiodothyronine familiar with fuzzed search, it will be useful to first read this tutorial [ GAME GUARDIAN FUZZY SEARCH TUTORIAL ]. We are going to use examples from former paragraph. Our beginning measure is to find address where the code value is stored.
This tone is childlike. First, scan for unknown starting rate – this is done by selecting Fuzzy search from Game Guardian. As value type, you can choose DWORD ( it was DWORD in all games that we cheated ) . Change the amount of gold in-game, then search for changed value. Repeat this step until merely one address has left on the list. now it is clock to check if XOR encoding is used. Let ’ s say you got 1000 aureate in game, but with bleary search you found value 1745.
Preform XOR mathematical process on this two values .
0000001111101000 1000 //Ingame gold XOR 0000011011010001 1745 //Value that you have found with fuzzy search _________________________ 0000010100111001 1337 //Key? --write it down
now change original value – earn or spend some gold. Let ’ s say you have 1050 gold now. Look at the address that you found with fuzzy search, and read the value.
Again, preform XOR mathematical process with in-game prize and in-memory value .
0000010000011010 1050 //In-game value XOR 0000000100100011 291 //Value which is stored in memory _________________________ 0000010100111001 1337 //KEY!!
If two keys are the same, XOR encoding is used and you have found the key. If they are not, XOR encoding is not used.
immediately, let ’ s change our aureate ( it was our primary goal, correct ? ). We want 9999 gold. Again, preform XOR operation on it with key that you found ( 1337 in our character ) .
0010011100001111 9999 XOR 0000010100111001 1337 ___________________________ 0010001000110110 8758
Change the value that you found with bleary search – as new value set 8758. receptive game again, and you should have 9999 amber. You can nowadays cheat game using composition and pen, as we promised on the beginning. But it would be fresh if you use XOR calculator built in Game Guardian 🙂
Second method to bypass XOR encryption
nowadays, you will see the true might of Game Guardian. For this method acting, it is important to note that in most games, encrypted value and key are stored next to each early in memory – for DWORD type, one value occupies 4 bytes, so the key is normally 4 bytes away from encrypted rate. Look at this photograph. In Game Guardian, there is builtin method acting which mechanically search for values, and XOR them with value which is X bytes away.
That means that we don ’ t need to do fuzzy search, or calculate XOR values. Game Guardian can do it for us. Let ’ s get back to our former exercise and think that encrypted respect and key are 4 bytes away.
Read more: How To Mod GTA 5 Xbox One? – Wealth Quint
- If you have 1000 gold in-game, click on Known search, as type choose Dword (it can be some other types too, but it is usually dword.). As value, put in 1000X4, and click on search. In this example, first number “1000” is amount of currency that we want to change.
Second part, “X4“, marks how many bytes away is the key. For dword values it can be X4, X8, X12, X16…
- Earn or spend some currency – let’s say that you have 900 gold now. Now input 900X4, and click on refine.
- Repeat previous step until you have only one address left (or few addresses if you want).
- Click on Edit, and as a value input 9999X4.
And that ’ s it. Game Guardian will automatically search for code values, and XOR them with winder which is X bytes away. Pretty impressive feature. With this, our tutorial has finished. There will be reference links bellow, if you want to know more about this submit.
any suggestions are appreciated. happy cheat .
[ Algebraic operation – Wikipedia article ]
[ Binary numbers ]
[ Boolean algebra ]
[ Exclusive OR – XOR, Wikipedia ]
[ NoFear ’ s tutorial – Xor search lead ]
[ Binary to decimal on-line calculator ]
[ Hack games on not rooted phones with bet on Guardian ]