Please open Telegram to view this post
VIEW IN TELEGRAM
❤🔥13❤6👀6
The Challenge of Changing Text in Android App
When modifying an Android app’s native library
You want to replace a small string like
But the original memory space for
How Text Is Stored
Strings like
Instead, the code holds a memory address (pointer) to where that text actually lives
Example :)
That means
So,
You can’t just write a longer string in the same place but you can redirect the program to another location with more space. This is called static patching
Find a New Home :)
Inside the
message, debug string, or readme text that the app never uses Let’s say you find a big help text at
This will be your new home for the custom text
Reroute the Pointer
In the original code
Change that instruction so it points to your new offset
Now the program will look for the string at 0x7788 instead of 0x8334
Open your so file in a hex editor and go to address 0x7788
Replace the old text (
After your new string, you must add a null terminator (
That final
By - @aantik_mods
Alternative --> write replacement string to .rodata and use LineHook to redirect the existing pointer to the new location -- required c++ library <utf8.h>
✅ #RevDex
lib.soWhen modifying an Android app’s native library
lib.so, one of the most common problems you face is this:You want to replace a small string like
"Hello" with a much longer one like "Welcome to Antik’s Mod"But the original memory space for
"Hello" is very limited so if you just overwrite it, the new text overflows into other data and crashes the programHow Text Is Stored
Strings like
"Hello" aren’t stored directly inside the code.Instead, the code holds a memory address (pointer) to where that text actually lives
Example :)
asm
LDR R0, =0x8334
BL printf
That means
“When showing the message, go read the string stored at address 0x8334.”So,
"Hello" is actually stored at lib location 0x8334You can’t just write a longer string in the same place but you can redirect the program to another location with more space. This is called static patching
Find a New Home :)
Inside the
.so file, you can often find large, unused or unimportant text areas called data caves a long helpmessage, debug string, or readme text that the app never uses Let’s say you find a big help text at
Offset : 0x7788 --> "App is Good app for You..."
This will be your new home for the custom text
Reroute the Pointer
In the original code
asm
LDR R0, =0x8334
Change that instruction so it points to your new offset
asm
LDR R0, =0x7788
Now the program will look for the string at 0x7788 instead of 0x8334
Open your so file in a hex editor and go to address 0x7788
Replace the old text (
App is Good app...) with your new oneWelcome to Antik’s Mod
After your new string, you must add a null terminator (
00) Example in hex57 65 6C 63 6F 6D 65 20 74 6F 20 41 6E 74 69 6B 27 73 20 4D 6F 64 00
That final
00 tells the programBy - @aantik_mods
Alternative --> write replacement string to .rodata and use LineHook to redirect the existing pointer to the new location -- required c++ library <utf8.h>
✅ #RevDex
1❤13🤯6🥰4
Antik Mods ESP C++.rar
6 MB
DirectX 9 draw
https://github.com/naxl/directx12offline/releases/tag/v0.1.0
LocalPlayer [ac_client.exe + 0x0017E0A8]
Entity List [ac_client.exe + 0x18AC04]
FOV [ac_client.exe + 0x18A7CC]
PlayerCount [ac_client.exe + 0x18AC0C]
Position X [0x2C]
Position Y [0x30]
Position Z [0x28]
Head Position X [0x4]
Head Position Y [0xC]
Head Position Z [0x8]
Player Camera X [0x34]
Player Camera Y [0x38]
Assault Rifle Ammo [0x140]
Submachine Gun Ammo [0x138]
Sniper Ammo [0x13C]
Shotgun [0x134]
Pistol Ammo [0x12C]
Grenade Ammo [0x144]
Fast fire Assault Rifle [0x164]
Fast fire Sniper [0x160]
Fast fire Shotgun [0x158]
Auto shoot [0x204]
Health Value [0xEC]
Armor Value [0xF0]
Player Name [0x205]
https://github.com/naxl/directx12offline/releases/tag/v0.1.0
LocalPlayer [ac_client.exe + 0x0017E0A8]
Entity List [ac_client.exe + 0x18AC04]
FOV [ac_client.exe + 0x18A7CC]
PlayerCount [ac_client.exe + 0x18AC0C]
Position X [0x2C]
Position Y [0x30]
Position Z [0x28]
Head Position X [0x4]
Head Position Y [0xC]
Head Position Z [0x8]
Player Camera X [0x34]
Player Camera Y [0x38]
Assault Rifle Ammo [0x140]
Submachine Gun Ammo [0x138]
Sniper Ammo [0x13C]
Shotgun [0x134]
Pistol Ammo [0x12C]
Grenade Ammo [0x144]
Fast fire Assault Rifle [0x164]
Fast fire Sniper [0x160]
Fast fire Shotgun [0x158]
Auto shoot [0x204]
Health Value [0xEC]
Armor Value [0xF0]
Player Name [0x205]
1❤🔥2
How to Connect Weapon Class to Player Class Complete Guide
Weapon Class Explained
The Weapon class handles gun bullet count
class Weapon {
private:
int ammo; // Hidden variable
public:
// Setter method to change ammo
void setAmmo(int value) {
ammo = value;
}
// Getter method to read ammo
int getAmmo() const {
return ammo;
}
};
Player Class Connection
Player class contains weapon directly
class Player {
private:
Weapon weapon; // Player OWNS this weapon 0x2C
public:
// Returns weapon's address
Weapon* getWeapon() {
return &weapon;
}
};
Enemy Class Difference
class Enemy {
private:
Weapon* weapon; // Enemy has pointer to weapon 0x2C
public:
Weapon* getWeapon() const {
return weapon;
}
};
Hook Explain
void saferHookedUpdate(void* instance) {
// Check if this is Player (not Enemy)
if (IsPlayerInstance(instance)) {
// Extract weapon from memory offset 0x2C
void* weaponPtr = *(void**)((uint64_t)instance + 0x2C);
// If weapon exists, set ammo to 10000
if (weaponPtr != NULL) {
originalSetAmmo(weaponPtr, 10000);
}
}
// Call original game function
originalUpdate(instance);
}
How It Works In Game
Game updates all characters update each frame CPM Our hook intercepts runs before original update function Checks instance type identifies player vs enemy Sets unlimited ammo only for players 10000 bullets Game continues resumes normal operation
https://news.1rj.ru/str/RevDex/167
https://news.1rj.ru/str/RevDex/168
https://news.1rj.ru/str/RevDex/169
// cocos2d engine 🚂 example here
Guide - @aantik_mods
Some people still don't know about the field Offset I explain 😂👏 See
Example '*
Your update offset is 0x7788.
Your field offset
float get_speed is 0x5
That means the full field address is 0x7788 + 0x5
For example, in hex: 00 66 55 66 C7 88
here C7 is the pointer of your field
Weapon Class Explained
The Weapon class handles gun bullet count
class Weapon {
private:
int ammo; // Hidden variable
public:
// Setter method to change ammo
void setAmmo(int value) {
ammo = value;
}
// Getter method to read ammo
int getAmmo() const {
return ammo;
}
};
Player Class Connection
Player class contains weapon directly
class Player {
private:
Weapon weapon; // Player OWNS this weapon 0x2C
public:
// Returns weapon's address
Weapon* getWeapon() {
return &weapon;
}
};
Enemy Class Difference
class Enemy {
private:
Weapon* weapon; // Enemy has pointer to weapon 0x2C
public:
Weapon* getWeapon() const {
return weapon;
}
};
Hook Explain
void saferHookedUpdate(void* instance) {
// Check if this is Player (not Enemy)
if (IsPlayerInstance(instance)) {
// Extract weapon from memory offset 0x2C
void* weaponPtr = *(void**)((uint64_t)instance + 0x2C);
// If weapon exists, set ammo to 10000
if (weaponPtr != NULL) {
originalSetAmmo(weaponPtr, 10000);
}
}
// Call original game function
originalUpdate(instance);
}
How It Works In Game
Game updates all characters update each frame CPM Our hook intercepts runs before original update function Checks instance type identifies player vs enemy Sets unlimited ammo only for players 10000 bullets Game continues resumes normal operation
https://news.1rj.ru/str/RevDex/167
https://news.1rj.ru/str/RevDex/168
https://news.1rj.ru/str/RevDex/169
// SoldierLocalController->updateStep(float, cpVect, cpVect, float);
void (*orig_updateStepP)(void *instance, float f1, Vector2 v1, Vector2 v2, float f2);
void updateStepP(void *instance, float f1, Vector2 v1, Vector2 v2, float f2) {
if (instance != NULL) {
// Class Linking get Object
void* Weapon = *(void**)((uint64_t)instance + 0x1D0);
if (Weapon != NULL) {
if (isZoom > 0) {
*(float *) ((uint64_t) Weapon + 0x1dc) = (float) isZoom;
}
}
}
return orig_updateStepP(instance, f1, v1, v2, f2);
}
// cocos2d engine 🚂 example here
Guide - @aantik_mods
Some people still don't know about the field Offset I explain 😂👏 See
Example '*
Your update offset is 0x7788.
Your field offset
float get_speed is 0x5
That means the full field address is 0x7788 + 0x5
For example, in hex: 00 66 55 66 C7 88
here C7 is the pointer of your field
1❤5👌3
https://github.com/eirv/SimpleIORedirect
发现一个有趣的项目,听说它可以过签360加固,但是只支持安卓14-15,你可以研究一下😁
发现一个有趣的项目,听说它可以过签360加固,但是只支持安卓14-15,你可以研究一下😁
GitHub
GitHub - eirv/SimpleIORedirect: Android IO redirection implementation, using seccomp user notify mechanism / 使用 seccomp unotify…
Android IO redirection implementation, using seccomp user notify mechanism / 使用 seccomp unotify 的 Android 文件重定向实现 - eirv/SimpleIORedirect
Media is too big
VIEW IN TELEGRAM
I’m building HM Manager, but I ran into a big problem.
I added DEX regex searching, but
Last night, I started doing research to figure out how MT Manager performs regex searches so fast, even on large DEX files 😂👏
After continuous work, I finally managed to build my own **custom disassembler and DEX parser in C++ and here’s the result
Dex Parser Faster Than Ever! 😂👏
I added DEX regex searching, but
dexlib2 is sooo slow 🦥😭Last night, I started doing research to figure out how MT Manager performs regex searches so fast, even on large DEX files 😂👏
After continuous work, I finally managed to build my own **custom disassembler and DEX parser in C++ and here’s the result
Dex Parser Faster Than Ever! 😂
Please open Telegram to view this post
VIEW IN TELEGRAM
👌14❤6❤🔥1
ApiKill @aantik_mods.zip
512.3 KB
ApiKill — @aantik_mods
Internal API Request Block
ApiKill is a simple, effective tool to control internal API requests inside an app. With ApiKill you can block annoying online dialogs, unwanted remote checks, or problematic domains while still allowing specific APIs you need
Online dialog sellers are already jealous of me 😁
The main feature doesn’t need a firewall or VPN 😂 My C++ is fire, dialog sellers can’t compete I don’t care💅
Internal API Request Block
ApiKill is a simple, effective tool to control internal API requests inside an app. With ApiKill you can block annoying online dialogs, unwanted remote checks, or problematic domains while still allowing specific APIs you need
Online dialog sellers are already jealous of me 😁
The main feature doesn’t need a firewall or VPN 😂 My C++ is fire, dialog sellers can’t compete I don’t care
Please open Telegram to view this post
VIEW IN TELEGRAM
❤14🤯7🥰2
diff tools.apk
5.3 MB
Lib Diff Tool Lightweight library comparer for modding
A simple and fast tool to compare native libraries and other files when an APK is modded but the DEX isn't changed. Works well with large libraries (1GB+) If you have the original library and a modded one, this tool highlights differences so you can quickly find what was changed.
A simple and fast tool to compare native libraries and other files when an APK is modded but the DEX isn't changed. Works well with large libraries (1GB+) If you have the original library and a modded one, this tool highlights differences so you can quickly find what was changed.
1❤18🤓3
Auto CE 2.0 MOD.apk
21.9 MB
Auto CE 2.0 MOD.apk
No Need Vip Access ( Lifetime 🛡️)
Don't West Money ( Happy Reverse Engineering)
No Need Vip Access ( Lifetime 🛡️)
Don't West Money ( Happy Reverse Engineering)
❤13🤯1😍1
C++ Toast No Need Jni Method.h
6.4 KB
AantikToast – C++ Toast Without Any JNI Methods
AantikToast() is a simple and elegant C++ function that lets you show Android Toast messages directly from native code no extra Java methods, no messy JNI bridges, and no unnecessary boilerplate It works smoothly with just JNIEnv* and a jobject context.
And yeah… some people tried to use this same context to show dialogs 😂
+ Java developer understand this point ---[]
But listen Android has many different types of contexts and this one is ONLY meant for showing Toasts. Don’t try anything else with it
AantikToast() is a simple and elegant C++ function that lets you show Android Toast messages directly from native code no extra Java methods, no messy JNI bridges, and no unnecessary boilerplate It works smoothly with just JNIEnv* and a jobject context.
And yeah… some people tried to use this same context to show dialogs 😂
+ Java developer understand this point ---[]
But listen Android has many different types of contexts and this one is ONLY meant for showing Toasts. Don’t try anything else with it
❤14👀3🤓2