Jump to content
  • Advertisement
DejayHextrix

DX12 Android Online Game Bot !?!Help!?!

Recommended Posts

Hi, New here. 

I need some help. My fiance and I like to play this mobile game online that goes by real time. Her and I are always working but when we have free time we like to play this game. We don't always got time throughout the day to Queue Buildings, troops, Upgrades....etc.... 

I was told to look into DLL Injection and OpenGL/DirectX Hooking. Is this true? Is this what I need to learn? 

How do I read the Android files, or modify the files, or get the in-game tags/variables for the game I want? 

Any assistance on this would be most appreciated. I been everywhere and seems no one knows or is to lazy to help me out. It would be nice to have assistance for once. I don't know what I need to learn. 

So links of topics I need to learn within the comment section would be SOOOOO.....Helpful. Anything to just get me started. 

Thanks, 

Dejay Hextrix 

Edited by DejayHextrix

Share this post


Link to post
Share on other sites
Advertisement
1 hour ago, DejayHextrix said:

I was told to look into DLL Injection and OpenGL/DirectX Hooking. Is this true? Is this what I need to learn? 

 

Not for Android, no.  DLL Injection is strictly for Windows programs.

I don't know how feasible it is for you, but you can probably get the APK off your device using adb (not sure about this).  APK files are just zip files, so extract it.  Then it will depend on how the program was written.  If it's C++, you'll have to get good reading assembly.  If it's Java, you can use a Java decompiler on it.  If it's C# then you can use a C# decompiler on it.  I do this at work to analyze the APKs we create before we publish them to make sure we're not wasting space on anything stupid.

After that, it's pretty much up to you to figure out how to find what you want to automate and put it back together into a working APK.  I've never done that.  It's also unlikely that a decompiler will give you something that you can actually compile again.  You also will not be able to sign the APK using the original signature, but you will probably be able to sign it yourself as long as nothing bothers to validate the signature.

If that fails, your next option (if it's a properly constructed client/server game) is to intercept the network traffic and automate the request/responses using a standalone program that you create from scratch.  This will only work if the game and server are not using SSL in a way that prevents proxy interception (and I know from experience that a lot of games do not bother).

Edited by Nypyren

Share this post


Link to post
Share on other sites
4 minutes ago, Nypyren said:

 

Not for Android, no.  DLL Injection is strictly for Windows programs.

Even if the Android game is ran through an emulator on windows? 

Btw, Thank you. At least someone who can help me instead of complaining about my "Low-Level Effort" in my post. All I'm trying to do is get started. 

Share this post


Link to post
Share on other sites

for Android game bot, you might want to take a look at 123Autoit-nonroot, do you youtube search on the name 123Autoit, and you should be able to see some demo on the result.

can you provide what game you want to automate?

Share this post


Link to post
Share on other sites
12 hours ago, DejayHextrix said:

Even if the Android game is ran through an emulator on windows?

Possibly.  It's possible you could inject a DLL into the emulator, but my gut feeling is that it would be even harder to find what you're interested in.  If you have an emulator you could possibly automate what you want at the UI level (i.e. make a program that simulates clicking on the emulator's screen at the right places).  It sounds like Kevin is talking about a similar tool that will run on the Android device itself, but I can't read Chinese so I'm not sure what any of those youtube tutorials say.

Share this post


Link to post
Share on other sites

Is there an alternative way to create the bot to use the UI Variables for more interaction? Because you're almost describing a macro recorder(Mouse Recorder, with UI Coordinates of each function to click) I wouldn't mind having a bot that can interact on it own and find certain variables on its own without UI interface Coordinates. If that makes sense?

13 hours ago, kevin yiu said:

for Android game bot, you might want to take a look at 123Autoit-nonroot, do you youtube search on the name 123Autoit, and you should be able to see some demo on the result.

can you provide what game you want to automate?

War and Order Android Game. 

Thank you guys so much for taking the effort to help me out. I really appreciate it, help finding a solution to my project.  

Share this post


Link to post
Share on other sites
6 hours ago, Nypyren said:

Possibly.  It's possible you could inject a DLL into the emulator, but my gut feeling is that it would be even harder to find what you're interested in.  If you have an emulator you could possibly automate what you want at the UI level (i.e. make a program that simulates clicking on the emulator's screen at the right places).  It sounds like Kevin is talking about a similar tool that will run on the Android device itself, but I can't read Chinese so I'm not sure what any of those youtube tutorials say.

 there are English subtitle provided within the video. anyway,  as you are saying if automation is your what you are intended  you could use tools like autoit or sikuli, i think they are all free and easy to learn, however then your computer will be taken over, which i don't think this is what you really wanted

Share this post


Link to post
Share on other sites

I need more then just Automation. I need the bot to interactive with the world to know where resource tiles, monsters and whatever else I need the bot to find within the world. So it needs to be interactive not just automation. Like I said a macro(mouse) recorder is not what I am looking for. 

Share this post


Link to post
Share on other sites

Typically when cheating in a Windows game (ex: CheatEngine), the way to go about it is to attach to the process with a debugger (or any other tool that can read memory from the process), look at an integer value on the UI and search for that value in the process memory.  You'll find potentially thousands of memory locations due to the value probably not being very unique, and a lot of memory available.  Then you perform an action in the game that you know can change that value, and search again.  If the memory has not been re-allocated in the meantime you will likely narrow down the memory address for the variable you're interested in.  That's usually fairly easy for integer values or strings.  It's harder (and slower) for floating point values, or values that you aren't sure of their representation in memory.  This also fails for Java and C# if they are using a relocating garbage collector (some mobile GC implementations disable relocation for performance, some keep it on to minimize fragmentation problems); it will depend on how the game was made.

Depending on how the game developers implement resource tiles, map tiles could be an array of tile data, an array of REFERENCES to tile data, or even just a slipshod list of game objects and components in Unity that has no simple and easy-to-manipulate representation in RAM.  At this point it starts heavily depending on how the game is implemented; what language or engine they used, etc.  If they used Unity, their code is in C# and you can probably decompile it from the Assembly-CSharp.dll inside the APK, unless they obfuscated it (in C#'s case that would mean renaming all classes and variables to meaningless things like "A" instead of "TileMap".  If it's written in Java, it's about the same effort and results.  If it's C++ or Unity with IL2CPP then you will have to learn how to be a professional assembly-level reverse engineer to get anything useful out of it.  If you aren't already, we're talking about multiple years worth of effort trying to learn how to do it.

If you luck out and it's unobfuscated C# or Java, your best bet is to modify that code directly to do what you need.  For Unity APKs which do not use IL2CPP, the .Net DLLs will be present and you should be able to edit them to a certain extent using dnSpy.  Unity does make some tweaks to these DLLs itself in order for prefab->script references to find and instantiate the proper classes (and other things like that), so there's a risk that you can break the game completely if you attempt this; I've only modified XNA games for Windows this way, personally.

For Java, I only know of jdGUI for decompiling code; I haven't found anything like dnSpy for Java yet.

For native code (compiled from C++ or IL2CPP) you will need a professional grade disassembler/decompiler such as IDA Pro.  IDA Pro has a free version of their disassembler that will work on the x86 binaries that should be present in Android APKs (Android native code should normally include both ARMv7 and x86 native code since some Androids use x86.  Most use ARM, which I don't believe is freely available in IDA's free version.  Their decompiler is not free and will likely be far outside of your budget.  Remember that if you modify the x86 binary you will have to run the modified version on an x86 processor, which likely means using the emulator since the vast majority of Android devices use ARM.

After that you have to figure out how to reconstruct an APK from your modified files and install it on your device.  If the game has any security measures which try to validate its signature, you will have to find and defeat those during the modification step.  I haven't done this myself so I'm not sure of what you might encounter.

Edited by Nypyren

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Advertisement
  • Advertisement
  • Popular Tags

  • Popular Now

  • Advertisement
  • Similar Content

    • By mmmax3d
      Hi everyone,
      I would need some assistance from anyone who has a similar experience
      or a nice idea!
      I have created a skybox (as cube) and now I need to add a floor/ground.
      The skybox is created from cubemap and initially it was infinite.
      Now it is finite with a specific size. The floor is a quad in the middle
      of the skybox, like a horizon.
      I have two problems:
      When moving the skybox upwards or downwards, I need to
      sample from points even above the horizon while sampling
      from the botton at the same time.  I am trying to create a seamless blending of the texture
      at the points of the horizon, when the quad is connected
      to the skybox. However, I get skew effects. Does anybody has done sth similar?
      Is there any good practice?
      Thanks everyone!
    • By mmmax3d
      Hi everyone,
      I would need some assistance from anyone who has a similar experience
      or a nice idea!
      I have created a skybox (as cube) and now I need to add a floor/ground.
      The skybox is created from cubemap and initially it was infinite.
      Now it is finite with a specific size. The floor is a quad in the middle
      of the skybox, like a horizon.
      I have two problems:
      When moving the skybox upwards or downwards, I need to
      sample from points even above the horizon while sampling
      from the botton at the same time.  I am trying to create a seamless blending of the texture
      at the points of the horizon, when the quad is connected
      to the skybox. However, I get skew effects. Does anybody has done sth similar?
      Is there any good practice?
      Thanks everyone!
    • By iArtist93
      I'm trying to implement PBR into my simple OpenGL renderer and trying to use multiple lighting passes, I'm using one pass per light for rendering as follow:
      1- First pass = depth
      2- Second pass = ambient
      3- [3 .. n] for all the lights in the scene.
      I'm using the blending function glBlendFunc(GL_ONE, GL_ONE) for passes [3..n], and i'm doing a Gamma Correction at the end of each fragment shader.
      But i still have a problem with the output image it just looks noisy specially when i'm using texture maps.
      Is there anything wrong with those steps or is there any improvement to this process?
    • By chiffre
      Introduction:
      In general my questions pertain to the differences between floating- and fixed-point data. Additionally I would like to understand when it can be advantageous to prefer fixed-point representation over floating-point representation in the context of vertex data and how the hardware deals with the different data-types. I believe I should be able to reduce the amount of data (bytes) necessary per vertex by choosing the most opportune representations for my vertex attributes. Thanks ahead of time if you, the reader, are considering the effort of reading this and helping me.
      I found an old topic that shows this is possible in principal, but I am not sure I understand what the pitfalls are when using fixed-point representation and whether there are any hardware-based performance advantages/disadvantages.
      (TLDR at bottom)
      The Actual Post:
      To my understanding HLSL/D3D11 offers not just the traditional floating point model in half-,single-, and double-precision, but also the fixed-point model in form of signed/unsigned normalized integers in 8-,10-,16-,24-, and 32-bit variants. Both models offer a finite sequence of "grid-points". The obvious difference between the two models is that the fixed-point model offers a constant spacing between values in the normalized range of [0,1] or [-1,1], while the floating point model allows for smaller "deltas" as you get closer to 0, and larger "deltas" the further you are away from 0.
      To add some context, let me define a struct as an example:
      struct VertexData { float[3] position; //3x32-bits float[2] texCoord; //2x32-bits float[3] normals; //3x32-bits } //Total of 32 bytes Every vertex gets a position, a coordinate on my texture, and a normal to do some light calculations. In this case we have 8x32=256bits per vertex. Since the texture coordinates lie in the interval [0,1] and the normal vector components are in the interval [-1,1] it would seem useful to use normalized representation as suggested in the topic linked at the top of the post. The texture coordinates might as well be represented in a fixed-point model, because it seems most useful to be able to sample the texture in a uniform manner, as the pixels don't get any "denser" as we get closer to 0. In other words the "delta" does not need to become any smaller as the texture coordinates approach (0,0). A similar argument can be made for the normal-vector, as a normal vector should be normalized anyway, and we want as many points as possible on the sphere around (0,0,0) with a radius of 1, and we don't care about precision around the origin. Even if we have large textures such as 4k by 4k (or the maximum allowed by D3D11, 16k by 16k) we only need as many grid-points on one axis, as there are pixels on one axis. An unsigned normalized 14 bit integer would be ideal, but because it is both unsupported and impractical, we will stick to an unsigned normalized 16 bit integer. The same type should take care of the normal vector coordinates, and might even be a bit overkill.
      struct VertexData { float[3] position; //3x32-bits uint16_t[2] texCoord; //2x16bits uint16_t[3] normals; //3x16bits } //Total of 22 bytes Seems like a good start, and we might even be able to take it further, but before we pursue that path, here is my first question: can the GPU even work with the data in this format, or is all I have accomplished minimizing CPU-side RAM usage? Does the GPU have to convert the texture coordinates back to a floating-point model when I hand them over to the sampler in my pixel shader? I have looked up the data types for HLSL and I am not sure I even comprehend how to declare the vertex input type in HLSL. Would the following work?
      struct VertexInputType { float3 pos; //this one is obvious unorm half2 tex; //half corresponds to a 16-bit float, so I assume this is wrong, but this the only 16-bit type I found on the linked MSDN site snorm half3 normal; //same as above } I assume this is possible somehow, as I have found input element formats such as: DXGI_FORMAT_R16G16B16A16_SNORM and DXGI_FORMAT_R16G16B16A16_UNORM (also available with a different number of components, as well as different component lengths). I might have to avoid 3-component vectors because there is no 3-component 16-bit input element format, but that is the least of my worries. The next question would be: what happens with my normals if I try to do lighting calculations with them in such a normalized-fixed-point format? Is there no issue as long as I take care not to mix floating- and fixed-point data? Or would that work as well? In general this gives rise to the question: how does the GPU handle fixed-point arithmetic? Is it the same as integer-arithmetic, and/or is it faster/slower than floating-point arithmetic?
      Assuming that we still have a valid and useful VertexData format, how far could I take this while remaining on the sensible side of what could be called optimization? Theoretically I could use the an input element format such as DXGI_FORMAT_R10G10B10A2_UNORM to pack my normal coordinates into a 10-bit fixed-point format, and my verticies (in object space) might even be representable in a 16-bit unsigned normalized fixed-point format. That way I could end up with something like the following struct:
      struct VertexData { uint16_t[3] pos; //3x16bits uint16_t[2] texCoord; //2x16bits uint32_t packedNormals; //10+10+10+2bits } //Total of 14 bytes Could I use a vertex structure like this without too much performance-loss on the GPU-side? If the GPU has to execute some sort of unpacking algorithm in the background I might as well let it be. In the end I have a functioning deferred renderer, but I would like to reduce the memory footprint of the huge amount of vertecies involved in rendering my landscape. 
      TLDR: I have a lot of vertices that I need to render and I want to reduce the RAM-usage without introducing crazy compression/decompression algorithms to the CPU or GPU. I am hoping to find a solution by involving fixed-point data-types, but I am not exactly sure how how that would work.
    • By korben_4_leeloo
      Hi.
      I wanted to experiment D3D12 development and decided to run some tutorials: Microsoft DirectX-Graphics-Samples, Braynzar Soft, 3dgep...Whatever sample I run, I've got the same crash.
      All the initialization process is going well, no error, return codes ok, but as soon as the Present method is invoked on the swap chain, I'm encountering a crash with the following call stack:
      https://drive.google.com/open?id=10pdbqYEeRTZA5E6Jm7U5Dobpn-KE9uOg
      The crash is an access violation to a null pointer ( with an offset of 0x80 )
      I'm working on a notebook, a toshiba Qosmio x870 with two gpu's: an integrated Intel HD 4000 and a dedicated NVIDIA GTX 670M ( Fermi based ). The HD 4000 is DX11 only and as far as I understand the GTX 670M is DX12 with a feature level 11_0. 
      I checked that the good adapter was chosen by the sample, and when the D3D12 device is asked in the sample with a 11_0 FL, it is created with no problem. Same for all the required interfaces ( swap chain, command queue...).
      I tried a lot of things to solve the problem or get some info, like forcing the notebook to always use the NVIDIA gpu, disabling the debug layer, asking for a different feature level ( by the way 11_0 is the only one that allows me to create the device, any other FL will fail at device creation )...
      I have the latest NVIDIA drivers ( 391.35 ), the latest Windows 10 sdk ( 10.0.17134.0 ) and I'm working under 
      Visual Studio 2017 Community.
      Thanks to anybody who can help me find the problem...
  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

Participate in the game development conversation and more when you create an account on GameDev.net!

Sign me up!