diff --git a/anticheat/libtersafe.idb b/anticheat/libtersafe.idb
index 111ee0b8c..0c9c31fb5 100644
Binary files a/anticheat/libtersafe.idb and b/anticheat/libtersafe.idb differ
diff --git a/ligma-cheat/README.md b/ligma-cheat/README.md
deleted file mode 100644
index 66121979e..000000000
--- a/ligma-cheat/README.md
+++ /dev/null
@@ -1,74 +0,0 @@
-# build scripts
-
-First things first, to get this compiling/working for you, you are going to need to fix these build scripts:
-
-```
-adb logcat -c
-adb push C:\Users\%USERNAME%\source\repos\ligma\ARM\Release\libligma.so /data/app/com.activision.callofduty.shooter-1/lib/arm/libligma.so
-start cmd /k "title 'ligma filter' & adb logcat | findstr ligma"
-start cmd /k "title 'codm logs' & adb logcat | findstr com.activision.callofduty.shooter"
-start cmd /k "title 'all logs' & adb logcat"
-adb shell am start -n com.activision.callofduty.shooter/com.tencent.tmgp.cod.PermissionGrantActivity
-```
-
-just change `C:\Users\%USERNAME%\source\repos\ligma\ARM\Release\libligma.so` to the path of your repo. Also change `adb` to whatever `adb` your emulator is using.
-
-# setup
-
-Since we arent done making this cheat, we have no need to repackage the entire apk and reinstall everytime we wanna test our code. Since the application
-is not inside of this repo, you will need to first download the apk from here: [cod mobile](https://apkpure.com/call-of-duty-legends-of-war/com.activision.callofduty.shooter).
-
-### decompile
-
-First unzip the xapk and take the .apk that is inside of it out. use apktool.jar to decompile the apk. we are going to patch a smali file to load our .so before any other .so.
-
-```
-apktool.jar d codm.apk
-```
-
-now go to this smali file: `smali\com\tencent\tpshell\TPShellApplication.smali`. Add this smali code to load our .so:
-
-[`[WARNING]`]: (do not put libligma.so or ligma.so just ligma!)
-
-```
-const-string v0, "ligma"
-invoke-static {v0}, Ljava/lang/System;->loadLibrary(Ljava/lang/String;)V
-```
-
-
-
-### recompile
-
-simply run this to recompile the apk, this apk is not signed and will need to be signed.
-
-```
-apktool.jar b codm -o codm_patched.apk
-```
-
-### signing
-
-use apksigner.jar to sign the newly compiled apk.
-
-```
-apksigner.jar -a codm_patched.apk
-```
-
-now you have a patched & signed apk. Its time to install the apk.
-
-### install
-
-now that we have a signed and patched apk, install the apk (not the xapk) just the patched apk into your emulator. After you have installed it you will
-need to copy the .obb files which are located INSIDE of the xapk. open the xapk back up in zip, open `Android` folder and you will see an `obb` folder. Copy this folder
-to `Android/obb (or copy the content from inside of the obb file to here)` on your emulator.
-
-
-
-
-Finally you will now need to copy the original `apk` to `/data/app/` please refer to [this](https://githacks.org/android-reverse-engineering/cod-mobile/-/blob/master/ligma%20(cheat)/ligma/bypass/bypass.cpp#L35) line of code to understand why.
-Ensure that the `apk` is named `base_orig.apk`. If everything is done correctly you will now be able to build your .so and the game will auto run.
-
-# Result
-
-now if you click build inside of visual studios your screen should look like this (make sure you build in release otherwise the build script wont know where to copy your .so from!). Also be aware that you may need to build 2/3 times since `adb` will connect the first time...
-
-
\ No newline at end of file
diff --git a/ligma-cheat/ligma-cheat/bypass/bypass.cpp b/ligma-cheat/ligma-cheat/bypass/bypass.cpp
index 10e6fde51..c642de08b 100644
--- a/ligma-cheat/ligma-cheat/bypass/bypass.cpp
+++ b/ligma-cheat/ligma-cheat/bypass/bypass.cpp
@@ -10,15 +10,20 @@ namespace ligma
__attribute__((noinline))
void init(const std::function& callback)
{
- il2cpp_callback = callback;
+ ligma::utils::on_image_load("libil2cpp.so", callback);
+ ligma::utils::on_image_load("libxlua.so", [&](const std::uintptr_t module_base)
+ {
+ // install lua hooks when libxlua.so gets loaded...
+ loadbufferx = dlsym(reinterpret_cast(module_base), "luaL_loadbufferx");
+ ligma::hook::make_hook(loadbufferx, reinterpret_cast(&loadbufferx_hook));
+ });
+
+ // these hooks can be registered at anytime.
fopen_ptr = dlsym(dlopen("libc.so", RTLD_NOLOAD), "fopen");
dlopen_ptr = dlsym(dlopen("libdl.so", RTLD_NOLOAD), "dlopen");
system_prop_get = dlsym(dlopen("libc.so", RTLD_NOLOAD), "__system_property_get");
- loadbufferx = dlsym(dlopen("libxlua.so", RTLD_NOW), "luaL_loadbufferx");
- LOGI("loader_dlopen_ptr = %p", dlopen_ptr);
ligma::hook::make_hook(dlopen_ptr, reinterpret_cast(&dlopen_hook));
- ligma::hook::make_hook(loadbufferx, reinterpret_cast(&loadbufferx_hook));
ligma::hook::make_hook(fopen_ptr, reinterpret_cast(&fopen_hook));
ligma::hook::make_hook(system_prop_get, reinterpret_cast(&system_property_hook));
}
@@ -37,7 +42,7 @@ namespace ligma
__attribute__((noinline))
FILE* fopen_hook(const char* path, const char* mode)
{
- if (strstr(path, "base.apk"))
+ if (strstr(path, ".apk")) // support older versions of android.
{
path = "/data/app/base_orig.apk";
LOGI("spoofed base.apk to original apk!");
@@ -57,20 +62,21 @@ namespace ligma
__attribute__((noinline))
void* dlopen_hook(const char* filename, int flags)
{
- LOGI("dlopen called, filename = %s", filename);
dlopen_mutex.lock();
ligma::hook::disable(dlopen_ptr);
-
const auto result = dlopen(filename, reinterpret_cast(RTLD_NEXT));
- if (strstr(filename, "libil2cpp.so") != NULL)
- {
+ if(ligma::utils::get_callbacks()->size()) // only enable hook if we still have callbacks...
ligma::hook::enable(dlopen_ptr);
- dlopen_mutex.unlock();
- }
- else
+ dlopen_mutex.unlock();
+
+ //
+ // if there is a callback for this module, call it and remove it from the map.
+ //
+ const auto callback = ligma::utils::get_callbacks()->find(filename);
+ if (callback != ligma::utils::get_callbacks()->end())
{
- dlopen_mutex.unlock();
- il2cpp_callback(reinterpret_cast(result));
+ callback->second(reinterpret_cast(result));
+ ligma::utils::get_callbacks()->erase(filename);
}
return result;
}
diff --git a/ligma-cheat/ligma-cheat/ligma-cheat.vcxproj b/ligma-cheat/ligma-cheat/ligma-cheat.vcxproj
index 006b20522..a8c0d4c86 100644
--- a/ligma-cheat/ligma-cheat/ligma-cheat.vcxproj
+++ b/ligma-cheat/ligma-cheat/ligma-cheat.vcxproj
@@ -37,6 +37,7 @@
+
@@ -152,6 +153,7 @@
NotUsingpch.hc++1z
+ Enabled%(AdditionalDependencies)
@@ -175,6 +177,7 @@ adb shell am start -n com.activision.callofduty.shooter/com.tencent.tmgp.cod.Per
NotUsingpch.hc++1z
+ Enabled%(AdditionalDependencies)
@@ -198,6 +201,7 @@ adb shell am start -n com.activision.callofduty.shooter/com.tencent.tmgp.cod.Per
NotUsingpch.hc++1z
+ Enabled%(AdditionalDependencies)
@@ -221,6 +225,7 @@ adb shell am start -n com.activision.callofduty.shooter/com.tencent.tmgp.cod.Per
NotUsingpch.hc++1z
+ Enabled%(AdditionalDependencies)
@@ -244,6 +249,7 @@ adb shell am start -n com.activision.callofduty.shooter/com.tencent.tmgp.cod.Per
NotUsingpch.hc++1z
+ Enabled%(AdditionalDependencies)
@@ -267,6 +273,7 @@ adb shell am start -n com.activision.callofduty.shooter/com.tencent.tmgp.cod.Per
NotUsingpch.hc++1z
+ Enabled%(AdditionalDependencies)
@@ -290,6 +297,7 @@ adb shell am start -n com.activision.callofduty.shooter/com.tencent.tmgp.cod.Per
NotUsingpch.hc++1z
+ Enabled%(AdditionalDependencies)
@@ -313,6 +321,7 @@ adb shell am start -n com.activision.callofduty.shooter/com.tencent.tmgp.cod.Per
NotUsingpch.hc++1z
+ Enabled%(AdditionalDependencies)
diff --git a/ligma-cheat/ligma-cheat/ligma-cheat.vcxproj.filters b/ligma-cheat/ligma-cheat/ligma-cheat.vcxproj.filters
index c3c69edb9..968d7683c 100644
--- a/ligma-cheat/ligma-cheat/ligma-cheat.vcxproj.filters
+++ b/ligma-cheat/ligma-cheat/ligma-cheat.vcxproj.filters
@@ -19,6 +19,9 @@
{742fd78d-91c1-449a-a790-95a32404ea5d}
+
+ {83d12913-a2bb-4372-a9a4-387cd3b158ad}
+
@@ -27,6 +30,9 @@
source\bypass
+
+ source\utils
+
diff --git a/ligma-cheat/ligma-cheat/main.cpp b/ligma-cheat/ligma-cheat/main.cpp
index 5bbed57e5..e64b80761 100644
--- a/ligma-cheat/ligma-cheat/main.cpp
+++ b/ligma-cheat/ligma-cheat/main.cpp
@@ -3,10 +3,6 @@
__attribute__((constructor))
void init()
{
- //
- // this lambda is called when il2cpp.so is loaded...
- // WARNING: !!!! DO NOT CALL DLOPEN OR ANY FUNCTION THAT MAY CALL IT INSIDE OF THIS LAMBDA !!!!
- //
ligma::bypass::init([](const std::uintptr_t il2cpp_base)
{
LOGI("il2cpp base address = %p", il2cpp_base);
diff --git a/ligma-cheat/ligma-cheat/utils/utils.cpp b/ligma-cheat/ligma-cheat/utils/utils.cpp
new file mode 100644
index 000000000..52abb1408
--- /dev/null
+++ b/ligma-cheat/ligma-cheat/utils/utils.cpp
@@ -0,0 +1,32 @@
+#include "utils.h"
+#include
+
+namespace ligma
+{
+ namespace utils
+ {
+ void on_image_load(const std::string& module_name, const std::function& callback)
+ {
+ get_callbacks()->insert({ module_name, callback });
+ }
+
+ auto get_callbacks() -> std::map>*
+ {
+ static std::map> callback_map{};
+ return &callback_map;
+ }
+
+ void iterate_memory(const std::function&, const std::string& protection)>& callback)
+ {
+ std::fstream maps("/proc/self/maps");
+ std::pair memory_range;
+ std::string page_perms;
+ while (maps >> memory_range.first >> memory_range.second >> page_perms)
+ {
+ maps.ignore(std::numeric_limits::max(), '\n'); // skip to next line :)
+ callback(memory_range, page_perms);
+ }
+ maps.close();
+ }
+ }
+}
\ No newline at end of file
diff --git a/ligma-cheat/ligma-cheat/utils/utils.h b/ligma-cheat/ligma-cheat/utils/utils.h
index 21b4add6e..10f2a73eb 100644
--- a/ligma-cheat/ligma-cheat/utils/utils.h
+++ b/ligma-cheat/ligma-cheat/utils/utils.h
@@ -7,17 +7,8 @@ namespace ligma
{
namespace utils
{
- inline void iterate_memory(const std::function&, const std::string& protection)>& callback)
- {
- std::fstream maps("/proc/self/maps");
- std::pair memory_range;
- std::string page_perms;
- while (maps >> memory_range.first >> memory_range.second >> page_perms)
- {
- maps.ignore(std::numeric_limits::max(), '\n'); // skip to next line :)
- callback(memory_range, page_perms);
- }
- maps.close();
- }
+ auto get_callbacks() -> std::map>*;
+ void iterate_memory(const std::function&, const std::string& protection)>& callback);
+ void on_image_load(const std::string& module_name, const std::function& callback);
}
}
\ No newline at end of file
-
-### recompile
-
-simply run this to recompile the apk, this apk is not signed and will need to be signed.
-
-```
-apktool.jar b codm -o codm_patched.apk
-```
-
-### signing
-
-use apksigner.jar to sign the newly compiled apk.
-
-```
-apksigner.jar -a codm_patched.apk
-```
-
-now you have a patched & signed apk. Its time to install the apk.
-
-### install
-
-now that we have a signed and patched apk, install the apk (not the xapk) just the patched apk into your emulator. After you have installed it you will
-need to copy the .obb files which are located INSIDE of the xapk. open the xapk back up in zip, open `Android` folder and you will see an `obb` folder. Copy this folder
-to `Android/obb (or copy the content from inside of the obb file to here)` on your emulator.
-
-
-
-
-Finally you will now need to copy the original `apk` to `/data/app/` please refer to [this](https://githacks.org/android-reverse-engineering/cod-mobile/-/blob/master/ligma%20(cheat)/ligma/bypass/bypass.cpp#L35) line of code to understand why.
-Ensure that the `apk` is named `base_orig.apk`. If everything is done correctly you will now be able to build your .so and the game will auto run.
-
-# Result
-
-now if you click build inside of visual studios your screen should look like this (make sure you build in release otherwise the build script wont know where to copy your .so from!). Also be aware that you may need to build 2/3 times since `adb` will connect the first time...
-
-
\ No newline at end of file
diff --git a/ligma-cheat/ligma-cheat/bypass/bypass.cpp b/ligma-cheat/ligma-cheat/bypass/bypass.cpp
index 10e6fde51..c642de08b 100644
--- a/ligma-cheat/ligma-cheat/bypass/bypass.cpp
+++ b/ligma-cheat/ligma-cheat/bypass/bypass.cpp
@@ -10,15 +10,20 @@ namespace ligma
__attribute__((noinline))
void init(const std::function