sprx_cracking

AW_Paradox.h
--------------

/*


process_analyzing_paradox_aw
// write process that nulls out a function
SetNop(0x32CAEB4); // null do_auth function
SetNop(0x32CAF08); // null do_auth function part 2

SetNop(0x32CAF78); // null do_auth function
SetNop(0x32CAFCC); // null do_auth function part 2

SetNop(0x32CB4B8); // null do_auth function
SetNop(0x32CB50C); // null do_auth function part 2

SetNop(0x32CB814); // null do_auth function
SetNop(0x32CB868); // null do_auth function part 2

//SetNop(0x32CCA20); // decrypt entry
//SetNop(0x32CCA74); // decrypt entry part 2


SetNop(0x32CABA4); // read license key nop
SetBlr(0x32C4198); // stop reading key

SetUint(0x32F0AA0, 0xD00279A0); // licene key check
SetUint(0x10031560, 0x4AFA2C);  // hook check
SetNop(0x32CBD0C); // update module
SetUint(0x10021590, 0x244); // socket handle check for connect
SetNop(0x32CAD24); // stop connect to paradox.sh
SetUint(0x32F0AA4, 0x12B344); // auth send recv check

SetNop(0x32CB8C4); // thread get admin commands
SetNop(0x32CA9E0); // admin command to shutdown console


// socket send trampoline
SetNop(0x32CAE8C); // send an encrypted string
SetNop(0x32CB2E0);
SetNop(0x32CB310);
SetNop(0x32CB36C); // socket send trampoline psid
SetNop(0x32CB5C4);
SetNop(0x32E6ACC);
SetNop(0x32E6BC0);

// socket recv
SetNop(0x32CAF50);
SetNop(0x32CB554);
SetNop(0x32CB5F4);
SetNop(0x32E6B00);
SetNop(0x32E6BF0);


unsigned int hook1_bytes[] = { 0x3D60032E, 0x396BE9F4, 0x7D6903A6, 0x4E800420 };
WriteGameProcessMemory(0x4CAC9C, (const void *)&hook1_bytes, sizeof(hook1_bytes));

unsigned int hook1_orginal_bytes[] = { 0x3D60004D, 0x396BACAC, 0x7D6903A6, 0xF821FF91, 0x7C0802A6, 0xF8010080, 0x8083001C, 0x4E800420, };
WriteGameProcessMemory(0x32DE42C, (const void *)&hook1_orginal_bytes, sizeof(hook1_orginal_bytes));


unsigned int hook2_bytes[] = { 0x3D60032E, 0x396B0500, 0x7D6903A6, 0x4E800420 };
WriteGameProcessMemory(0x1D0490, (const void *)&hook2_bytes, sizeof(hook2_bytes));

unsigned int hook2_orginal_bytes[] = { 0x3D60001D, 0x396B04A0, 0x7D6903A6, 0xF821FC81, 0x7C0802A6, 0xF8010390, 0xDBE10378, 0x4E800420 };
WriteGameProcessMemory(0x32E04B4, (const void *)&hook2_orginal_bytes, sizeof(hook2_orginal_bytes));


unsigned int hook3_bytes[] = { 0x3D60032E, 0x396BED14, 0x7D6903A6, 0x4E800420 };
WriteGameProcessMemory(0x2390E0, (const void *)&hook3_bytes, sizeof(hook3_bytes));

unsigned int hook3_orginal_bytes[] = { 0x3D600024, 0x396B90F0, 0x7D6903A6, 0xF821FF91, 0x7C0802A6, 0xF8010080, 0x3C800004, 0x4E800420 };
WriteGameProcessMemory(0x32DECEC, (const void *)&hook3_orginal_bytes, sizeof(hook3_orginal_bytes));


unsigned int hook4_bytes[] = { 0x3D60032E, 0x396B5DC0, 0x7D6903A6, 0x4E800420 };
WriteGameProcessMemory(0x779CE8, (const void *)&hook4_bytes, sizeof(hook4_bytes));

unsigned int hook4_orginal_bytes[] = { 0x3D600078, 0x396B9CF8, 0x7D6903A6, 0x39800000, 0x658C009C, 0x818C0830, 0xF8410028, 0x4E800420 };
WriteGameProcessMemory(0x32E5D98, (const void *)&hook4_orginal_bytes, sizeof(hook4_orginal_bytes));


process_cracking_AW_Paradox_Sep_24TH_2019 first one
SetReturnTrue(0x32CABA4);
//SetNop(0x32CABA4); // read license key nop

uint32_t license_and_auth_vars[] = { 0xD00279A0, 0x0012B344, 0x01000000, 0x00050000 };
SetUintArray(0x32F0AA0, license_and_auth_vars, sizeof(license_and_auth_vars));

SetUint(0x330041C, 0x000003F2); // spoof socket handle
SetUint(0x10021590, 0x000003F2); // spoof socket handle check
SetNop(0x32CAD24); // stop connect to paradox.sh


SetNop(0x32CAE8C); // send an encrypted string
SetNop(0x32CAEB4); // null do_auth function
SetNop(0x32CAF08); // null do_auth function part 2
SetNop(0x32CAF50); // socket recv something
SetNop(0x32CAF78); // null do_auth function
SetNop(0x32CAFCC); // null do_auth function part 2
SetNop(0x32CB2E0); // send something
SetNop(0x32CB310); // send something
SetNop(0x32CB36C); // send psid
SetNop(0x32CB4B8); // null do_auth function
SetNop(0x32CB50C); // null do_auth function part 2
SetNop(0x32CB554); // recv something
SetNop(0x32CB5C4); // send something
SetNop(0x32CB5F4); // recv something
SetNop(0x32CB608); // no notify incase we crash bc of empty buffer??
SetNop(0x32CB7A8); // no snprintf incase we crash bc of empty buffer?
SetNop(0x32CB7B4); // no notify incase we crash bc of empty buffer?

SetUint(0x32F0764, 0x000022FD); // addresses var check

unsigned int address_data[] = {
    0x0000000B, 0x003D9920, 0x009D5530, 0x001BBD50, 0x009D5530, 0x004EB158,
    0x009D5530, 0x00244BB0, 0x009D5530, 0x005EEC20, 0x009D5530, 0x005FB288,
    0x009D5530, 0x005FAD38, 0x009D5530, 0x005FAFD0, 0x009D5530, 0x00010D90,
    0x009D5530, 0x003FF4A0, 0x009D5530, 0x0022B810, 0x009D5530, 0x006E2768,
    0x009D5530, 0x006E25F0, 0x009D5530, 0x00232658, 0x009D5530, 0x003AF41C,
    0x009D5530, 0x00227318, 0x009D5530, 0x00187830, 0x009D5530, 0x001B2CB0,
    0x009D5530, };
WriteGameProcessMemory(0x32F07B4, (const void *)&address_data, sizeof(address_data));

SetNop(0x32CB7D0); // request addresses from server maybe
SetNop(0x32CB814); // null do_auth function
SetNop(0x32CB868); // null do_auth function part 2
SetNop(0x32CB8C4); // thread get admin commands
SetNop(0x32CBD0C); // update module


SetBranch(0x32CABB0, 0x32CACD8); // skip the bullshit
SetBranch(0x32CAD28, 0x32CB7B8); // skip the bullshit
SetBranch(0x32CB8D0, 0x32CBE9C); // skip the bullshit

*/


void process_cracking_AW_Paradox_Sep_24TH_2019()
{
    SetReturnTrue(0x32CABA4); // read license key return true
    uint32_t license_and_auth_vars[] = { 0xD00279A0, 0x0012B344, 0x01000000, 0x00050000 };
    SetUintArray(0x32F0AA0, license_and_auth_vars, sizeof(license_and_auth_vars));
    SetNop(0x32CAD24); // stop connect to paradox.sh

    uint32_t address_data[] = {
        0x0000000B, 0x003D9920, 0x009D5530, 0x001BBD50, 0x009D5530, 0x004EB158,
        0x009D5530, 0x00244BB0, 0x009D5530, 0x005EEC20, 0x009D5530, 0x005FB288,
        0x009D5530, 0x005FAD38, 0x009D5530, 0x005FAFD0, 0x009D5530, 0x00010D90,
        0x009D5530, 0x003FF4A0, 0x009D5530, 0x0022B810, 0x009D5530, 0x006E2768,
        0x009D5530, 0x006E25F0, 0x009D5530, 0x00232658, 0x009D5530, 0x003AF41C,
        0x009D5530, 0x00227318, 0x009D5530, 0x00187830, 0x009D5530, 0x001B2CB0,
        0x009D5530, };
    SetUintArray(0x32F07B4, address_data, sizeof(address_data)); // addresses loaded from server

    SetNop(0x32CB7D0); // request addresses from server maybe
    SetNop(0x32CB8C4); // thread get admin commands
    SetNop(0x32CBD0C); // update module
    SetBranch(0x32CABB0, 0x32CACD8);  // skip the bullshit
    SetBranch(0x32CAD28, 0x32CB7B8);  // skip the bullshit
    SetBranch(0x32CB8D0, 0x32CBE9C);  // skip the bullshit
}


BO1_Paradox.h
--------------


// add 0x20000   for it to work with 2 sprx's, only if the paradox is the second one loaded
void process_cracking_BO1_Paradox_Sep_26TH_2019()
{
    //uint32_t sprx_base_address1 = 0x028F0000;
    //uint32_t sprx_base_address2 = 0x02910000;
    //uint32_t next_base_address_size = sprx_base_address2 - sprx_base_address1; // 0x20000
    //uint32_t next_base_address_size = 0x20000;

    SetReturnTrue(0x28F7CEC); // read license key return true
    uint32_t license_and_auth_vars[] = { 0xD0025720, 0x000EAAA5, 0x01000000, 0x00050000 };
    SetUintArray(0x29109F0, license_and_auth_vars, sizeof(license_and_auth_vars));
    SetNop(0x28F7E6C); // stop connect to paradox.sh

    uint32_t address_data[] = { 0x00D223C4, 0x00C3DFB8, 0x00C3DFBC, 0x00C3DFC0 };
    SetUintArray(0x291EBDC, address_data, sizeof(address_data)); // addresses loaded from server

    uint32_t address_data2[] = {
        0x004C4FF0, 0x00B576E8, 0x00754B48, 0x00B576E8,
        0x00399CC8, 0x00B576E8, 0x007A21E0, 0x00B576E8,
        0x001B74F0, 0x00B576E8, 0x007458D8, 0x00B576E8,
        0x00734350, 0x00B576E8, 0x00751940, 0x00B576E8,
        0x00754410, 0x00B576E8, 0x0055A098, 0x00B576E8,
        0x00559E98, 0x00B576E8, 0x000F4BC8, 0x00B576E8,
        0x000FD7F0, 0x00B576E8, 0x00734570, 0x00B576E8,
        0x005B99C8, 0x00B576E8, 0x003A5650, 0x00B576E8,
        0x001A1C98, 0x00B576E8,
    };

    SetUintArray(0x29107B0, address_data2, sizeof(address_data2)); // addresses loaded from server


    SetNop(0x28F8918); // request addresses from server
    SetNop(0x28F8A0C); // thread get admin commands
    SetNop(0x28F8E54); // update module

    SetBranch(0x28F7CF0, 0x28F7E20);  // skip the bullshit
    SetBranch(0x28F7E70, 0x28F8900);  // skip the bullshit
    SetBranch(0x28F8A18, 0x28F8FE4);  // skip the bullshit
}


BO2_Paradox.h
------------------------


void process_cracking_BO2_Paradox_Sep_24TH_2019()
{
#ifdef enable_debugging

    // all this will cause the sprx to say that there is an update avaliable but the functions will not be nulled. also no auth success
    SetNop(0x30FC894); // null decrypt_functions
    SetNop(0x30FC8E8);

    SetNop(0x30FB0EC); // null do_auth
    SetNop(0x30FB140);

    SetNop(0x30FB1B0); // null do_auth
    SetNop(0x30FB204);

    SetNop(0x30FB6F0); // null do_auth
    SetNop(0x30FB744);

    SetNop(0x311DB2C); // null do_auth
    SetNop(0x311DB80);

    SetNop(0x3124BE4); // null trampoline_function
    SetNop(0x3124C38);

    SetNop(0x3124C78); // null menu setup
    SetNop(0x3124CCC);

    SetNop(0x3124D0C); // null paradox_init
    SetNop(0x3124D60);

    SetNop(0x3124DA0); // null trampoline_create_thread
    SetNop(0x3124DF4);

    SetNop(0x311D2C0); // null hook function start
    SetNop(0x311D314);

    SetNop(0x311D354); // null setup hooks
    SetNop(0x311D3A8);

    SetNop(0x311D3E8); // null trampoline_hook_function_start
    SetNop(0x311D43C);


#elif enable_cracking

    sleep(500); // recently added to fix freezing

    SetReturnTrue(0x30FADB8); // read license key return true
    //uint32_t license_and_auth_vars[] = { 0x140CF261, 0xD0025C50, 0x001337EA, 0x01000000 };
    uint32_t license_and_auth_vars[] = { 0x1CC1D99A, 0xD0025C50, 0x001337EA, 0x01000000 };
    SetUintArray(0x3140E40, license_and_auth_vars, sizeof(license_and_auth_vars));
    SetNop(0x30FAF5C); // stop connect to paradox.sh


    uint32_t xor_addresses[] = {
        /*
        0x14DA7BB9, 0x14EEDD79, 0x14EEDD7D, 0x14EEDD41, 0x1408DDA9, 0x141D9745,
        0x147AC041, 0x147950A1, 0x147A5189, 0x147A5B71, 0x14493CF9, 0x14493CA1,
        0x140DABE9, 0x140DA569, 0x14441F09, 0x14086541, 0x143DCE79, 0x147A5625,
        0x140A5FF9, 0x140A5FAD, 0x141C2671, 0x14315B29, 0x14315449, 0x14795159,
        0x147957B1, 0x1453FBA9, 0x144ADC55, 0x1408A499
        */

        0x1C175042, 0x1C23F682, 0x1C23F686, 0x1C23F6BA, 0x1CC5F652, 0x1CD0BCBE,
        0x1CB7EBBA, 0x1CB47B5A, 0x1CB77A72, 0x1CB7708A, 0x1C841702, 0x1C84175A,
        0x1CC08012, 0x1CC08E92, 0x1C8934F2, 0x1CC54EBA, 0x1CF0E582, 0x1CB77DDE,
        0x1CC77402, 0x1CC77456, 0x1CD10D8A, 0x1CFC70D2, 0x1CFC7FB2, 0x1CB47AA2,
        0x1CB47C4A, 0x1C9ED052, 0x1C87F7AE, 0x1CC58F62
    };

    uint32_t malloc_0x70_address = GetGameProcessUint32(0x3130094); // 0x100189E0
    //printf("malloc_0x70_address: 0x%X\n", malloc_0x70_address);
    if (malloc_0x70_address != 0)
        SetUintArray(malloc_0x70_address, xor_addresses, sizeof(xor_addresses)); // fill up xor address array

    uint32_t server_data[] = {
        0x00000000, 0x00000004, 0x00000008, 0x0000000C, 0x00000010, 0x00000000,
        0x00000014, 0x00000000, 0x00000018, 0x00000000, 0x0000001C, 0x00000000,
        0x00000020, 0x00000000, 0x00000024, 0x00000000, 0x00000028, 0x00000000,
        0x0000002C, 0x00000000, 0x00000030, 0x00000000, 0x00000034, 0x00000000,
        0x00000038, 0x00000000, 0x0000003C, 0x00000000, 0x00000040, 0x00000000,
        0x00000044, 0x00000000, 0x00000048, 0x00000000, 0x0000004C, 0x00000000,
        0x00000050, 0x00000000, 0x00000054, 0x00000000, 0x00000058, 0x00000000,
        0x0000005C, 0x00000000, 0x00000060, 0x00000000, 0x00000064, 0x00000000,
        0x00000068, 0x00000000, 0x0000006C
    };
    SetUintArray(0x3150EF0, server_data, sizeof(server_data)); // offsets for '0x100189E0' structure


    //SetNop(0x30FAD58); // request addresses from server. actually needed bc the function inside uses malloc
    SetNop(0x30FBB2C); // update module
    SetBranch(0x30FADC4, 0x30FAEEC);  // skip the bullshit
    SetBranch(0x30FAF60, 0x30FB800);  // skip the bullshit
    SetBranch(0x30FAB04, 0x30FAD40);  // skip the bullshit
    SetBranch(0x312525C, 0x31255B0);  // skip everything except for malloc

    //SetUint(0x3130094, 0x100189E0); // force malloc address
    //SetUint(0x3130090, 0x10018990); // force malloc address

    // other malloc addresses
    // malloc_0x70_address: 0x100189B0
    // malloc_0x20_address: 0x10018960

    //uint32_t malloc_0x20_address = GetGameProcessUint32(0x3130090); // 0x10018990
    //printf("malloc_0x20_address: 0x%X\n", malloc_0x20_address);


    SetUint(0x10021594, 0xDE7BBE46); // xor value 2


    //SetUint(0x31507E8, 0x312A240); // do_auth param  crashes game

    SetBranch(0x311DBAC, 0x311DC24);  // skip thread exit  // crashes sometimes if load too quickly or too slowly

#endif
}


BO2_sprxio.h
------------------


bool run_once_sprxio = true;

void process_cracking_BO2_Sprxio_Nov_2ND_2019()
{
#ifdef enable_debugging

    // temp to debug it
    //SetNop(0x3102D24); // stop the memset from being call to see whats in the buffer
    //SetNop(0x310A2CC); // free
    //SetNop(0x310A54C); // free 2
    //SetNop(0x3109A50); // memset

    SetBlr(0x3102D24);


#elif enable_cracking


    SetBlr(0x3101A34); // block read license key
    SetBlr(0x3101CBC); // block updates
    SetBlr(0x3101C28); // block get psid
    SetBlr(0x3101E7C); // block auth sprx
    SetBlr(0x3102190); // block auth welcome
    SetUint(0x313D224, 0x00000001); // has auth success
    /*

    0x311C52C = 1001D140 1001D3A0 1001CEE0
    0x311c550 = 00000002
    0x311C88C  10021990 00D49540 5DBE770C

1001C948  00000000 00000000 00000000 00000000 00000000 00000000
1001C960  00000000 00000000 00000000 00000000 00000000 00000000
1001C978  6348BE58 00000053 1001C978 50726F20 4D6F6400 00000000
1001C990  1001014C 00000007 0000000F 0310D1AD 0311CB60 00000000
1001C9A8  00000000 00000005 00000000 1002028D 96583400 00000000
1001C9C0  00000000 00000000 6348BE58 00000013 00D495E0 00D67E98
1001C9D8  6348BE58 00000013 00D49600 00D67E98 6348BE58 00000053
1001C9F0  00000000 4368616D 73000000 00000000 00000000 00000005
1001CA08  0000000F 0310D1AD 0311CB68 00000000 00000000 00000002
1001CA20  1002028C 00000000 000076BD 9C0076BD A0001FCC 8C0052DF
1001CA38  6348BE58 00000023 10020A10 10020A60 10020AB0 10020B00
1001CA50  10020B50 10020BA0 6348BE58 00000053 5400313C 4368616E
1001CA68  6765204E 616D6500 180002F4 0000000B 0000000F 0310D1B4
1001CA80  030076A9 10003155 AC00349F 00000000 00000000 00000000
1001CA98  00001185 BC0077E1 2C0075A3 380015F0 6348BE58 00000053
1001CAB0  C0005EFF 456E6420 47616D65 00000E9F BC00052A 00000008
1001CAC8  0000000F 0310D1AD 0311CB70 00000000 00000000 00000000
1001CAE0  00000000 00000000 00003DA6 28007632 20000000 00000000
1001CAF8  6348BE58 00000053 00000000 43726173 68204761 6D650000
1001CB10  00000000 0000000A 0000000F 0310D1AD 0311CB78 00000000
1001CB28  00000000 00000000 00000000 00000000 00000000 00000000
1001CB40  00000000 00000000 6348BE58 00000043 00000000 100202E0
1001CB58  10020314 10020314 00000000 41696D62 6F74204D 656E7500
1001CB70  00000000 0000000B 0000000F 00000000 00000000 00000000
1001CB88  6348BE58 00000053 00000000 456E6162 6C656400 00000000
1001CBA0  00000000 00000007 0000000F 0310D144 03000000 00000000
1001CBB8  00000000 00000002 1002028E 00000000 00000000 00000000
1001CBD0  00000000 00000000 6348BE58 00000053 00000000 41696D62
1001CBE8  6F74204B 65790000 00000000 0000000A 0000000F 0310D1AD
1001CC00  0311CB88 00000000 00000000 00000003 0311C4C4 10020298
1001CC18  04000000 00000000 00000000 00000000 6348BE58 00000053
1001CC30  00000000 54617267 65742042 6F6E6500 00000000 0000000B
1001CC48  0000000F 0310D1AD 0311CB80 00000000 00000000 00000003
1001CC60  0311C4D8 10020295 07000000 00000000 00000000 00000000
1001CC78  6348BE58 00000053 65000000 53696C65 6E74204D 6F646500
1001CC90  F7000000 0000000B 0000000F 0310D144 03000000 37000000 ...............D....7...
1001CCA8  D3000000 00000002 1002028F 00000000 00000000 B0000000 ........................
1001CCC0  D7000000 D5000000 6348BE58 00000053 FD000000 4175746F ........cH.X...S....Auto
1001CCD8  2053686F 6F740000 DA000000 0000000A 0000000F 0310D144  Shoot.................D
1001CCF0  03000000 B9000000 02000000 00000002 10020291 00000000 ........................
1001CD08  00000000 66000000 E0000000 AA000000 6348BE58 00000053 ....f...........cH.X...S
1001CD20  B8000000 4175746F 2057616C 6C000000 2A000000 00000009 ....Auto Wall...*.......
1001CD38  0000000F 0310D144 03000000 6D000000 89BC7C56 00000002 .......D....m.....|V....
1001CD50  10020292 00000000 00000000 00000000 00000000 00000000 ........................
1001CD68  6348BE58 00000053 00000000 4E6F2053 70726561 64000000 cH.X...S....No Spread...
1001CD80  00000000 00000009 0000000F 0310D144 03000000 00000000 ...............D........
1001CD98  00000000 00000002 10020290 00000000 00000000 00000000 ........................
1001CDB0  00000000 00000000 6348BE58 00000023 1001D210 1001CB50 ........cH.X...#.......P
1001CDC8  10020410 10020800 10020BF0 10021310 6348BE58 00000013 ................cH.X....
1001CDE0  00D49560 00D67E98 6348BE58 00000053 00000000 456E6162 ...`..~.cH.X...S....Enab
1001CDF8  6C652041 6E746920 41696D00 0000000F 0000000F 0310D144 le Anti Aim............D
1001CE10  03BC7C56 187F0000 10000000 00000002 10020293 00000000 ..|V....................
1001CE28  003400D4 187F0000 514483A9 E780FFFF 6348BE58 00000053 .4......QD......cH.X...S
1001CE40  10BC7C56 5820416E 74692041 696D204D 6F646500 0000000F ..|VX Anti Aim Mode.....
1001CE58  0000000F 0310D144 03000000 00000000 C9000000 00000003 .......D................
1001CE70  0311C4F8 1002029A 04000000 00000000 AFBB7C56 187F0000 ..................|V....
1001CE88  6348BE58 00000053 00000000 5920416E 74692041 696D204D cH.X...S....Y Anti Aim M
1001CEA0  6F646500 0000000F 0000000F 0310D144 03000000 00000000 ode............D........
1001CEB8  00000000 00000003 0311C50C 1002029B 03000000 00000000 ........................
1001CED0  005DBE77 86000000 6348BE58 00000263 0000001C 00000091 .].w....cH.X...c........
1001CEE8  00000065 00000096 0000004B 00000095 000000F7 000000BF ...e.......K............
1001CF00  0000000F 00000011 00000036 00000037 000000D3 00000085 ...........6...7........
1001CF18  00000027 000000E7 00000029 000000B0 000000D7 000000D5 ...'.......)............
1001CF30  0000000E 000000AD 000000FD 0000003E 0000004A 0000005C ...............>...J...\
1001CF48  000000DA 00000097 000000CF 00000088 00000012 000000B9 ........................
1001CF60  00000002 000000FF 000000F8 000000E6 000000DD 00000066 .......................f
1001CF78  000000E0 000000AA 00000067 0000001A 000000B8 000000E4 ...........g............
1001CF90  000000CA 00000098 0000002A 00000025 000000C8 000000F5 ...........*...%........
1001CFA8  00000019 0000006D 00000089 380015F0 800048ED 6800306C .......m....8.....H.h.0l
1001CFC0  C0005EFF C00045CE 98005EFE 18000E9F BC00052A BC000497 ..^...E...^........*....
1001CFD8  20003DA9 480077DD 840005A4 80005F34 AC00370E 88003711  .=.H.w......._4..7...7.
1001CFF0  7C0075A2 C000606F 08003DA6 28007632 20000000 00000000 |.u...`o..=.(.v2 .......
1001D008  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D020  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D038  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D050  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D068  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D080  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D098  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D0B0  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D0C8  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D0E0  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D0F8  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D110  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D128  00000000 00000000 00000000 00000000 6348BE58 000000D3 ................cH.X....
1001D140  1001D210 00000000 1001CDC0 1001CDD8 1001CDD8 43C30000 ....................C...
1001D158  42C80000 44020000 42700000 1001E1E0 00000000 3EE4E26C B...D...Bp..........>..l
1001D170  3F7EFDC8 3F800000 41200000 40D5708D 00000000 00000000 ?~..?...A ..@.p.........
1001D188  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D1A0  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D1B8  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D1D0  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D1E8  00000000 00000000 00000000 00000000 00000000 00000000 ........................
1001D200  00000000 00000000 6348BE58 00000043 00000000 1001D370 ........cH.X...C.......p
1001D218  1001D390 1001D394 00000000 4D697363 204D656E 75000000 ............Misc Menu...
1001D230  00000000 00000009 0000000F 00000000 00000000 00000000 ........................
1001D248  6348BE58 00000013 00D495A0 00D67E98 6348BE58 00000053 cH.X..........~.cH.X...S
1001D260  00000000 55415600 00000000 00000000 00000000 00000003 ....UAV.................
1001D278  0000000F 0310D1AD 0311CB48 00000000 00000000 00000002 ...........H............
1001D290  10020289 00000000 00000000 00000000 00000000 00000000 ........................
1001D2A8  6348BE58 00000013 00D49540 00D67E98 6348BE58 00000053 cH.X.......@..~.cH.X...S
1001D2C0  00000000 4E6F2052 65636F69 6C000000 00000000 00000009 ....No Recoil...........
1001D2D8  0000000F 0310D1AD 0311CB50 00000000 00000000 00000002 ...........P............
1001D2F0  1002028A 00000000 00000000 00000000 00000000 00000000 ........................
1001D308  6348BE58 00000013 00D49580 00D67E98 6348BE58 00000053 cH.X..........~.cH.X...S
1001D320  00000000 4E6F2053 77617900 00000000 00000000 00000007 ....No Sway.............
1001D338  0000000F 0310D1AD 0311CB58 00000000 00000000 00000002 ...........X............
1001D350  1002028B 00000000 00000000 00000000 00000000 00000000 ........................
1001D368  6348BE58 00000033 1001D260 1001D2C0 1001D320 1001C980 cH.X...3...`....... ....
1001D380  1001C9F0 1001CA60 1001CAB0 1001CB00 1001D308 10010044 .......`...............D
1001D398  6348BE58 00000043 1001D3F0 1001D410 00000000 00000035 cH.X...C...............5
1001D3B0  000000FF 00000000 1001D420 1001E1D0 1001E1D0 10018960 ........... ...........`
1001D3C8  1001D3E0 10018970 10018980 00000000 6348BE58 00000013 .......p........cH.X....
1001D3E0  00000000 0000002D 6348BE58 00000023 00000000 00000000 .......-cH.X...#........
1001D3F8  00000000 00000000 00000000 00000000 6348BE58 00000013 ................cH.X....
1001D410  0014B1E6 6B966D7D 6348BE58 00000DC3 00000000 00000000 ....k.m}cH.X............
1001D428  00000000 00000000 00000000 00000000 00000000 00000000 ........................

*/

/*
    uint32_t all_data_buffer[] = {
        0x311CD88, 0x00000000, 0x0311CCE0, 0x00000001, 0x0311CCE8, 0x00000002,
        0x311CCF0, 0x00000003, 0x0311CCF8, 0x00000004, 0x0311CD00, 0x00000005,
        0x311CD08, 0x00000006, 0x0311CD10, 0x00000007, 0x0311CD18, 0x00000008,
        0x311CD20, 0x00000009, 0x0311CCB8, 0x0000000A
    };

    uint32_t get_all_data_buffer = GetGameProcessUint32(0x313D470);
    if (get_all_data_buffer)
    {
        printf("get_all_data_buffer: 0x%X\n", get_all_data_buffer);
        SetUintArray(get_all_data_buffer, all_data_buffer, sizeof(all_data_buffer)); // trampolines check
    }


    uint32_t dword_311C52C = GetGameProcessUint32(0x311C52C);
    if (dword_311C52C)
    {
        printf("dword_311C52C: 0x%X\n", dword_311C52C);
    }

    uint32_t dword_311C530 = GetGameProcessUint32(0x311C530);
    if (dword_311C530)
    {
        printf("dword_311C530: 0x%X\n", dword_311C530);
    }


    uint32_t dword_311C534_data[] = {
        0x00000055, 0x000000A8, 0x000000BD, 0x000000A7, 0x00000090, 0x000000E1,
        0x00000028, 0x00000072, 0x0000005B, 0x00000078, 0x00000042, 0x0000009F,
        0x00000035, 0x0000004F, 0x00000032, 0x00000051, 0x000000E6, 0x000000EE,
        0x00000007, 0x00000040, 0x0000000E, 0x0000005F, 0x0000008D, 0x000000D4,
        0x000000BB, 0x0000006F, 0x0000005A, 0x00000044, 0x000000B9, 0x00000049,
        0x0000005C, 0x000000E5, 0x00000064, 0x000000F6, 0x00000094, 0x000000FD,
        0x00000002, 0x000000C5, 0x000000D7, 0x000000DE, 0x0000009E, 0x000000AD,
        0x00000066, 0x0000008C, 0x000000DC, 0x0000006A, 0x00000000, 0x000000CE,
        0x000000C1, 0x00000003, 0x0000008F, 0x00000089, 0x000000AB, 0x380015F0,
        0x800048ED, 0x6800306C, 0xC0005EFF, 0xC00045CE, 0x98005EFE, 0x18000E9F,
        0xBC00052A, 0xBC000497, 0x20003DA9, 0x480077DD, 0x840005A4, 0x80005F34,
        0xAC00370E, 0x88003711, 0x7C0075A2, 0xC000606F, 0x08003DA6, 0x28007632,
        0x20000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000
    };


    uint32_t dword_311C534 = GetGameProcessUint32(0x311C534);
    if (dword_311C534)
    {
        printf("dword_311C534: 0x%X\n", dword_311C534);
        SetUintArray(dword_311C534, dword_311C534_data, sizeof(dword_311C534_data));
    }

    */


#endif
}


Ghost_Paradox.h
------------------------

// add 0x20000   for it to work with 2 sprx's, only if the paradox is the second one loaded
void process_cracking_Ghost_Paradox_Sep_29TH_2019()
{
    //uint32_t sprx_base_address1 = 0x2970000;
    //uint32_t sprx_base_address2 = 0x2990000;
    //uint32_t next_base_address_size = sprx_base_address2 - sprx_base_address1; // 0x20000
    //uint32_t next_base_address_size = 0x20000;

    SetNop(0x297B7D0); // stop downloading address from the server
    SetNop(0x297AD24); // stop connection to the server
    SetNop(0x297B8C4); // stop the admin thread
    SetNop(0x297BD0C); // stop the auto update

    uint32_t auth_data_1[] = {
        0xD00189A0, 0x0012B344, 0x01000000, 0x000C0000
    };
    SetUintArray(0x29A0E60, auth_data_1, sizeof(auth_data_1));

    uint32_t auth_data_2[] = {
        0x0036DA70, 0x00A7F3C8, 0x006D2D08, 0x00A7F3C8,
        0x0046540C, 0x00A7F3C8, 0x00459C6C, 0x00A7F3C8,
        0x00472E78, 0x00A7F3C8, 0x00153680, 0x00A7F3C8,
        0x004731B8, 0x00A7F3C8, 0x005BB454, 0x00A7F3C8,
        0x002BB688, 0x00A7F3C8, 0x002D9394, 0x00A7F3C8,
        0x002D894C, 0x00A7F3C8, 0x002B1C14, 0x00A7F3C8,
        0x002E2374, 0x00A7F3C8, 0x00473658, 0x00A7F3C8,
        0x00787434, 0x00A7F3C8, 0x007872BC, 0x00A7F3C8,
        0x0056B1D4, 0x00A7F3C8, 0x002B32C8, 0x00A7F3C8,
        0x0056ABCC, 0x00A7F3C8, 0x006D9638, 0x00A7F3C8,
        0x00121550, 0x00A7F3C8, 0x007EFB84, 0x00A7F3C8,
        0x0014C018, 0x00A7F3C8
    };
    SetUintArray(0x29A07D0, auth_data_2, sizeof(auth_data_2));

    SetBranch(0x297ABA8, 0x297ACD8); // skip the bullshit
    SetBranch(0x297AD28, 0x297B7B8); // skip the bullshit
}


GTA_Conqueror.h
-----------------------
/*
responses:


104.27.181.166


m.justformodding.com/athrz.php?key=PPPPPPPPPPPPPPPPPPP&mac=A8:A8:A8:A8:A8:A8
respons:     Bienvenue rapha99 ! Votre application Conqueror Sprx est activ\303\251. Bon jeu \303\240 vous sur Grand Theft Auto V. Pour toutes informations, visitez notre boutique : www.JustForModding.com


*/


GTA_Extortion.h
----------------------


/*
responses:


3.7
---------
104.27.162.84

m.extortiondev.com/Login3.php?key=PPPPPPPPPPPPPPPPPPP&mac=A8:A8:A8:A8:A8:A8&ver=3.7
respons:    Welcome to Extortion GTA v3.7\nYou are using Latest Update!


4.0.1
-------


m.extortiondev.com/Login7?Hex=009

000a/dev_hdd0/tmp/Extortion.key#001a%s%02X:%02X:%02X:%02X:%02X:%02X#002a&key=#003a&mac=#004a009#005aNO#006aExtortionGTA#007aip-api.com#


m.extortiondev.com/Login7?Hex=009&key=PPPPPPPPPPPPPPPPPPP&mac=A8:A8:A8:A8:A8:A8&d=N

000a29801856#001a29802664#002a29801320#003a29803824#004a29801128#005a25702736#006a29820896#&d=N


m.extortiondev.com/Login7?Hex=009&key=PPPPPPPPPPPPPPPPPPP&mac=A8:A8:A8:A8:A8:A8&s=N

000a0001a0002a0003a0004a0005a0006a0007a0008a0009a0010a0011a0012a0013a0014a0015a0016aFUCK\000


m.extortiondev.com/Login7?Hex=009&key=PPPPPPPPPPPPPPPPPPP&mac=A8:A8:A8:A8:A8:A8

0006078112#00118#00233976268#00333389968#00433978079#005&complete=YES#


m.extortiondev.com/Login7?Hex=009&key=PPPPPPPPPPPPPPPPPPP&mac=A8:A8:A8:A8:A8:A8&complete=YES


000~HUD_COLOUR_RADAR_DAMAGE~#001~HUD_COLOUR_FRANKLIN_DARK~#002~s~#003~n~#004Extortion GTA Menu#005~BLIP_CRIM_HOLDUPS~Main Mods#006~BLIP_GUN_SHOP~Player#007~BLIP_GANG_VEHICLE~Vehicle#008~BLIP_GARAGE~Spawn Vehicle#009~BLIP_FAIRGROUND~Spawn Objects#010~BLIP_FLIGHT_SCHOOL~Teleport#011~BLIP_DEATHMATCH~Lobby Mods#012~BLIP_UGC_MISSION~Recovery#013~BLIP_CLOTHES_STORE~Model Changer#014~BLIP_CINEMA~Animations#015~BLIP_SHRINK~Weather#016~BLIP_TATTOO~Spawn Peds#017~BLIP_RANDOM_CHARACTER~Miscellaneous#
\r\n
Welcome to Extortion GTA v4.0.1\n
You are using Latest Update!\000


*/


unsigned char main_menus_bytes[] = {
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x48, 0x55, 0x44, 0x5F, 0x43, 0x4F, 0x4C, 0x4F, 0x55, 0x52, 0x5F, 0x52, 0x41, 0x44, 0x41,
    0x52, 0x5F, 0x44, 0x41, 0x4D, 0x41, 0x47, 0x45, 0x7E, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x48, 0x55, 0x44, 0x5F, 0x43, 0x4F, 0x4C, 0x4F, 0x55, 0x52, 0x5F, 0x46, 0x52, 0x41, 0x4E,
    0x4B, 0x4C, 0x49, 0x4E, 0x5F, 0x44, 0x41, 0x52, 0x4B, 0x7E, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x73, 0x7E, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x6E, 0x7E, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x45, 0x78, 0x74, 0x6F, 0x72, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x47, 0x54, 0x41, 0x20, 0x4D, 0x65,
    0x6E, 0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x42, 0x4C, 0x49, 0x50, 0x5F, 0x43, 0x52, 0x49, 0x4D, 0x5F, 0x48, 0x4F, 0x4C, 0x44, 0x55,
    0x50, 0x53, 0x7E, 0x20, 0x4D, 0x61, 0x69, 0x6E, 0x20, 0x4D, 0x6F, 0x64, 0x73, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x42, 0x4C, 0x49, 0x50, 0x5F, 0x47, 0x55, 0x4E, 0x5F, 0x53, 0x48, 0x4F, 0x50, 0x7E, 0x20,
    0x50, 0x6C, 0x61, 0x79, 0x65, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x42, 0x4C, 0x49, 0x50, 0x5F, 0x47, 0x41, 0x4E, 0x47, 0x5F, 0x56, 0x45, 0x48, 0x49, 0x43,
    0x4C, 0x45, 0x7E, 0x20, 0x56, 0x65, 0x68, 0x69, 0x63, 0x6C, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x42, 0x4C, 0x49, 0x50, 0x5F, 0x47, 0x41, 0x52, 0x41, 0x47, 0x45, 0x7E, 0x20, 0x53, 0x70,
    0x61, 0x77, 0x6E, 0x20, 0x56, 0x65, 0x68, 0x69, 0x63, 0x6C, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x42, 0x4C, 0x49, 0x50, 0x5F, 0x46, 0x41, 0x49, 0x52, 0x47, 0x52, 0x4F, 0x55, 0x4E, 0x44,
    0x7E, 0x20, 0x53, 0x70, 0x61, 0x77, 0x6E, 0x20, 0x4F, 0x62, 0x6A, 0x65, 0x63, 0x74, 0x73, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x42, 0x4C, 0x49, 0x50, 0x5F, 0x46, 0x4C, 0x49, 0x47, 0x48, 0x54, 0x5F, 0x53, 0x43, 0x48,
    0x4F, 0x4F, 0x4C, 0x7E, 0x20, 0x54, 0x65, 0x6C, 0x65, 0x70, 0x6F, 0x72, 0x74, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x42, 0x4C, 0x49, 0x50, 0x5F, 0x44, 0x45, 0x41, 0x54, 0x48, 0x4D, 0x41, 0x54, 0x43, 0x48,
    0x7E, 0x20, 0x4C, 0x6F, 0x62, 0x62, 0x79, 0x20, 0x4D, 0x6F, 0x64, 0x73, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x42, 0x4C, 0x49, 0x50, 0x5F, 0x55, 0x47, 0x43, 0x5F, 0x4D, 0x49, 0x53, 0x53, 0x49, 0x4F,
    0x4E, 0x7E, 0x20, 0x52, 0x65, 0x63, 0x6F, 0x76, 0x65, 0x72, 0x79, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x42, 0x4C, 0x49, 0x50, 0x5F, 0x43, 0x4C, 0x4F, 0x54, 0x48, 0x45, 0x53, 0x5F, 0x53, 0x54,
    0x4F, 0x52, 0x45, 0x7E, 0x20, 0x4D, 0x6F, 0x64, 0x65, 0x6C, 0x20, 0x43, 0x68, 0x61, 0x6E, 0x67, 0x65, 0x72, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x42, 0x4C, 0x49, 0x50, 0x5F, 0x43, 0x49, 0x4E, 0x45, 0x4D, 0x41, 0x7E, 0x20, 0x41, 0x6E,
    0x69, 0x6D, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x73, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x42, 0x4C, 0x49, 0x50, 0x5F, 0x53, 0x48, 0x52, 0x49, 0x4E, 0x4B, 0x7E, 0x20, 0x57, 0x65,
    0x61, 0x74, 0x68, 0x65, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x42, 0x4C, 0x49, 0x50, 0x5F, 0x54, 0x41, 0x54, 0x54, 0x4F, 0x4F, 0x7E, 0x20, 0x53, 0x70,
    0x61, 0x77, 0x6E, 0x20, 0x50, 0x65, 0x64, 0x73, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x7E, 0x42, 0x4C, 0x49, 0x50, 0x5F, 0x52, 0x41, 0x4E, 0x44, 0x4F, 0x4D, 0x5F, 0x43, 0x48, 0x41,
    0x52, 0x41, 0x43, 0x54, 0x45, 0x52, 0x7E, 0x20, 0x4D, 0x69, 0x73, 0x63, 0x65, 0x6C, 0x6C, 0x61, 0x6E, 0x65, 0x6F, 0x75,
    0x73, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};


void processSprxLoadCracker()
{
    sys_prx_id_t prx_id = sys_prx_get_module_id_by_name("temp", NULL, NULL);
    stop_unload(prx_id);
    load_start("/dev_hdd0/tmp/Extortion_3_9_5.sprx");
}

void process_cracking_GTA_Extortion_3_9_3()
{
    //thier auth was too fast so we had to make an edit on thier sprx to increase the auth time

    //3.9.3

    //block from writing into sprx
    unsigned int fs_write001_address = Global_BaseAddressGTA + 0x370;
    WriteGameProcessMemory(fs_write001_address, &NOP, sizeof(NOP));

    unsigned int fs_write002_address = Global_BaseAddressGTA + 0x3A8;
    WriteGameProcessMemory(fs_write002_address, &NOP, sizeof(NOP));

    unsigned int fs_write003_address = Global_BaseAddressGTA + 0x19194;
    WriteGameProcessMemory(fs_write003_address, &NOP, sizeof(NOP));


    unsigned char auth_data[] = {
    0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, 0x3E, 0x3A, 0x20, 0x02, 0x06, 0x6F, 0xCC,
    0x02, 0x06, 0x76, 0xDF, 0x01, 0xFD, 0x7D, 0x90,
    };

    /*

    //increase sleep time
    4A4C4 = 3C 60 00 00 60 63 C3 50;

    //nop auto update
    370 = nop;
    3A8 = nop;
    19194 = nop;

    //replace some values from 3.7
    4DDA8 = nop;
    4DDAC = 3C 60 02 06 60 63 6F CC;

    4DDC4 = nop;
    4DDC8 = 3C 60 02 06 60 63 6F CC;

    4DD68 = 3C 80 02 06 60 84 76 DF;
    4DDE4 = 3C 80 02 06 60 84 76 DF;


    //hook address
    4AB20 = nop;
    4AB24 = 3C 60 00 3E 60 63 3A 20;


    //replace some values from 3.7
    154F4 = 3C 60 01 FD 60 63 7D 90;

    //replace all
    3C 60 00 06 80 63 22 58 = 3C 60 00 00 60 63 00 12;

    //bools
    4AB18 = 2C 03 00 01;
    4ACC0 = 2C 03 00 01;
    4AD44 = 2C 03 00 01;
    4ADB8 = 2C 03 00 01;
    4AEFC = 2C 03 00 01;
    4C188 = 2C 03 00 01;
    4D5EC = 2C 03 00 01;
    */

    WriteGameProcessMemory(0x253601C, (const void *)&auth_data, sizeof(auth_data));
    WriteGameProcessMemory(0x100604FC, (const void *)&main_menus_bytes, sizeof(main_menus_bytes));
}


void process_cracking_GTA_Extortion_3_9_5()
{
    //3.9.5

    //block from writing into sprx
    //unsigned int fs_write001_address = baseAddressGTA + 0x37C;
    //writeProcessMemory((void *)fs_write001_address, &NOP, sizeof(NOP));

    //unsigned int fs_write002_address = baseAddressGTA + 0x3B4;
    //writeProcessMemory((void *)fs_write002_address, &NOP, sizeof(NOP));

    //unsigned int fs_write003_address = baseAddressGTA + 0x193CC;
    //writeProcessMemory((void *)fs_write003_address, &NOP, sizeof(NOP));

    unsigned char auth_data[] = {
    0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12,
    0x00, 0x3E, 0x3A, 0x20, 0x02, 0x06, 0x6F, 0xCC, 0x02, 0x06, 0x76, 0xDF, 0x01, 0xFD, 0x7D, 0x90
    };

    WriteGameProcessMemory(0x253601C, (const void *)&auth_data, sizeof(auth_data));
    WriteGameProcessMemory(0x100604FC, (const void *)&main_menus_bytes, sizeof(main_menus_bytes));
}


void process_cracking_GTA_Extortion_4_0_1()
{
    //4.0 & 4.0.1
    // I used these bytes to get the hook. there are a few references but its easy to see which one it is (usually a huge sub but sometimes a loc_ becuase its so big)  [E8 41 00 28 7C 63 07 B4  7C 1F 18 00]


    // icrease sleep time and wait for our module to load (hex: 0xC350, decimal: 50000)


    /*
    0x25360DC =
    01010000 00000000 00000000                      // activate 2 bools
    00000000 00000000 00000000 00000000 00000012    // auth var
    003E3A20 01883150 02066FCC 020676DF 01FD7D90    // hook | RPC Adr | unk | unk | unk
    */
    unsigned char auth_data[] = {
        0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12,
        0x00, 0x3E, 0x3A, 0x20, 0x01, 0x88, 0x31, 0x50, 0x02, 0x06, 0x6F, 0xCC, 0x02, 0x06, 0x76, 0xDF, 0x01, 0xFD, 0x7D, 0x90 };


    // patch in jump patch code becuase I couldnt find the proper bytes for off_62A1C which contains the bytes
    // 003E3A20 = 3D60024F 396BF018 7D6903A6 4E800420
    unsigned char hook_data[] = {
        0x3D, 0x60, 0x02, 0x4F, 0x39, 0x6B, 0xF0, 0x18, 0x7D, 0x69, 0x03, 0xA6, 0x4E, 0x80, 0x04, 0x20
    };


    WriteGameProcessMemory(0x25360DC, (const void *)&auth_data, sizeof(auth_data));
    WriteGameProcessMemory(0x100604FC, (const void *)&main_menus_bytes, sizeof(main_menus_bytes));
    WriteGameProcessMemory(0x003E3A20, (const void *)&hook_data, sizeof(hook_data));


    //  nop this dword_647A0 becuase it getting set to 0 after its being used [NOTE: this is the other_auth_var]. only need do dump all the values
    // 0251C96C = nop   (ida = 0x4C96C)
    // 0251C970 = nop   (ida = 0x4C970)
    //writeProcessMemory((void *)0x251C96C, (const void *)&NOP, sizeof(NOP));
    //writeProcessMemory((void *)0x251C970, (const void *)&NOP, sizeof(NOP));

    //  nop this dword_64798 becuase it getting set to 0 after its being used [NOTE: this is the hook address]. only need do dump all the values
    // 0251CBE4 = nop   (ida = 0x4CBE4)
    // 0251CBE8 = nop   (ida = 0x4CBE8)

    //writeProcessMemory((void *)0x251CBE4, (const void *)&NOP, sizeof(NOP));
    //writeProcessMemory((void *)0x251CBE8, (const void *)&NOP, sizeof(NOP));

    // nop this off_62A1C becuase it getting set to 0 after its being used. only need do dump all the values
    // 0251CBF0 = nop   (ida = 0x4CBF0)
    // 0251CBF4 = nop   (ida = 0x4CBF4)
    //writeProcessMemory((void *)0x251CBF0, (const void *)&NOP, sizeof(NOP));
    //writeProcessMemory((void *)0x251CBF4, (const void *)&NOP, sizeof(NOP));

    //patchinjump code  prt ^
    //0x253437C
}
void process_cracking_GTA_Extortion_4_1()
{

}


GTA_Hextic.h
---------------------


/*
unsigned int server_socket_buffer[] = {
    0x48545450, 0x2F312E31, 0x20323030, 0x204F4B0D, 0x0A536572, 0x7665723A, 0x206E6769, 0x6E782F31, 0x2E31342E, 0x320D0A44, 0x6174653A,
    0x20547565, 0x2C203233, 0x204A756C, 0x20323031, 0x39203130, 0x3A34323A, 0x31382047, 0x4D540D0A, 0x436F6E74, 0x656E742D, 0x54797065,
    0x3A207465, 0x78742F68, 0x746D6C3B, 0x20636861, 0x72736574, 0x3D555446, 0x2D380D0A, 0x436F6E74, 0x656E742D, 0x4C656E67, 0x74683A20,
    0x3134340D, 0x0A436F6E, 0x6E656374, 0x696F6E3A, 0x20636C6F, 0x73650D0A, 0x0D0A556E, 0x7265736F, 0x6C766162, 0x6C650A55, 0x6E726573,
    0x6F6C7661, 0x626C650A, 0x556E7265, 0x736F6C76, 0x61626C65, 0x0A313333, 0x37202020, 0x20202020, 0x20202020, 0x20202020, 0x20202020,
    0x20202020, 0x20202020, 0x20202020, 0x20202020, 0x20202020, 0x20202020, 0x20202020, 0x20202020, 0x20202020, 0x20202020, 0x20202020,
    0x20202020, 0x20202020, 0x20202020, 0x20202020, 0x20202020, 0x20202020, 0x20202020, 0x20202020, 0x20202020, 0x20203637, 0x38383130,
    0x34303900, 0x39323432, 0x00323130, 0x34303334, 0x32313400, 0x32313034, 0x30333430, 0x38360031, 0x30323937, 0x30313633, 0x32003635,
    0x35333500, 0x33323736, 0x38003936, 0x33333133, 0x36363400, 0x36353533, 0x35003231, 0x30343033, 0x34323738, 0x00323130, 0x34303334,
    0x30353400, 0x32313034, 0x30333430, 0x37300032, 0x31303430, 0x33343231, 0x34003133, 0x31373031, 0x32353132, 0x00323637, 0x38383130,
    0x34303900, 0x32333330, 0x36323631, 0x35360031, 0x30323937, 0x30313633, 0x32003936, 0x33333133, 0x36363400, 0x32313034, 0x30333432,
    0x31340031, 0x33313730, 0x31323531, 0x32003332, 0x37363800, 0x30784646, 0x46460048, 0x65787469, 0x63004845, 0x58544943, 0x20505333,
    0x20362E37, 0x00436861, 0x6E676520, 0x496E2057, 0x65627369, 0x74650032, 0x39393830, 0x30333200, 0x33333633, 0x31333237, 0x39370032,
    0x34393533, 0x39323839, 0x32000000
};

*/

void process_cracking_GTA_Hextic_6_7_2()
{

    SetBranch(0x25023D4, 0x250255C);
    SetBreakPoint(0x250255C);


    /*
    SetBranch(0x24D3100, 0x24D3294);
    SetNop(0x2502290);
    SetNop(0x2502310);
    SetNop(0x250234C);

    unsigned int server_socket_buffer[] = {
        0x48545450, 0x2F312E31, 0x20333032, 0x204D6F76, 0x65642054, 0x656D706F, 0x72617269, 0x6C790D0A, 0x53657276, 0x65723A20, 0x6E67696E,
        0x782F312E, 0x31342E32, 0x0D0A4461, 0x74653A20, 0x5765642C, 0x20323420, 0x4A756C20, 0x32303139, 0x2030363A, 0x30343A34, 0x3820474D,
        0x540D0A43, 0x6F6E7465, 0x6E742D54, 0x7970653A, 0x20746578, 0x742F6874, 0x6D6C3B20, 0x63686172, 0x7365743D, 0x5554462D, 0x380D0A43,
        0x6F6E7465, 0x6E742D4C, 0x656E6774, 0x683A2033, 0x36370D0A, 0x436F6E6E, 0x65637469, 0x6F6E3A20, 0x636C6F73, 0x650D0A4C, 0x6F636174,
        0x696F6E3A, 0x20687474, 0x70733A2F, 0x2F777777, 0x2E666269, 0x2E676F76, 0x2F636F6E, 0x74616374, 0x2D75730D, 0x0A0D0A47, 0x6F6F6443,
        0x616C6C00, 0xEF92A520, 0x57656C63, 0x6F6D6520, 0x546F2048, 0x65787469, 0x6320EF92, 0xA50A596F, 0x75204172, 0x65204F6E, 0x20566572,
        0x73696F6E, 0x20362E37, 0x2E320A45, 0x6E6A6F79, 0x2026204A, 0x6F696E20, 0x4F757220, 0x44697363, 0x6F726421, 0x00323637, 0x38383130,
        0x34303900, 0x39323432, 0x00323130, 0x34303334, 0x32313400, 0x32313034, 0x30333430, 0x38360031, 0x30323937, 0x30313633, 0x32003635,
        0x35333500, 0x33323736, 0x38003936, 0x33333133, 0x36363400, 0x36353533, 0x35003231, 0x30343033, 0x34323738, 0x00323130, 0x34303334,
        0x30353400, 0x32313034, 0x30333430, 0x37300032, 0x31303430, 0x33343231, 0x34003133, 0x31373031, 0x32353132, 0x00323637, 0x38383130,
        0x34303900, 0x32333330, 0x36323631, 0x35360031, 0x30323937, 0x30313633, 0x32003936, 0x33333133, 0x36363400, 0x32313034, 0x30333432,
        0x31340031, 0x33313730, 0x31323531, 0x32003332, 0x37363800, 0x30784646, 0x46460048, 0x65787469, 0x63004845, 0x58544943, 0x20505333,
        0x20362E37, 0x00436861, 0x6E676520, 0x496E2057, 0x65627369, 0x74650032, 0x39393830, 0x30333200, 0x33333633, 0x31333237, 0x39370032,
        0x34393533, 0x39323839, 0x32000000, 0x00000000
    };
    WriteGameProcessMemory(0x2535418, (const void *)&server_socket_buffer, sizeof(server_socket_buffer));
    */


}


GTA_Lexicon.h
------------------------

void process_cracking_lexicon()
{
    SetBranch(IDA2MEM(0x57BC0), IDA2MEM(0x57C5C)); // so you can load the menu offline
    SetNop(IDA2MEM(0x561E8));  // nop read license key
    SetBranch(IDA2MEM(0x56200), IDA2MEM(0x57AE8)); // skip to hooking
    SetNop(IDA2MEM(0x57B28)); // nop address decrypter
    SetNop(IDA2MEM(0x57B3C)); // nop thread for server settings
    SetNop(IDA2MEM(0x57B40)); // nop thread for server settings 2

    SetUint(0x1C2BB80, 0x2520878); // hook is player online
    //SetUint(0x1C271E0, 0x2520878); // hook GET_INDEX_OF_CURRENT_LEVEL  an old hook he used in his previous versions of lexicon

    SetUint(0x1C2A3D0, 0x2520DEC); // hook disable control actions
    SetUint(0x1C2E9F8, 0x2520EFC); // hook set ped current weapon

    SetString(IDA2MEM(0x6A13C), "LEXICON CRACKED", strlen("LEXICON CRACKED")); // replace    "Lexicon PS3 3.7"
}


GTA_LTS.h
--------------------
/*
responses:

104.27.175.50


server.lastteamstanding.uk//8mTNvKbbPTHjz5RFQqs6A77yDVhc/KKZnXavaxhGct9m7fh5CtNHpejHN.php?usern=PPPPPPPPPPPPPPPPPPP&passw=pppppppppppppppp&guidl=4515b6de31029b7b359a10d152cd6385&psnnameo=RealGamer214&macAddresso=A8:A8:A8:A8:A8:A8
respones:    Success: Logged in.


server.lastteamstanding.uk//8mTNvKbbPTHjz5RFQqs6A77yDVhc/KKZnXavaxhGct9m7fh5CtNHpejHN.php?val=270
respones:    elgood


server.lastteamstanding.uk//8mTNvKbbPTHjz5RFQqs6A77yDVhc/KKZnXavaxhGct9m7fh5CtNHpejHN.php?usern=PPPPPPPPPPPPPPPPPPP&do=gd&passw=pppppppppppppppp
respones:    Resp:1:1:1:1:1:0:197:195:ip-api.com:line/:?fields=513:adder:16397:0:1:1:1:1:1:1:1:1:1:1:1:5:0:1000:4:511:75


8/2/2019

104.27.175.50

server.lastteamstanding.uk//8mTNvKbbPTHjz5RFQqs6A77yDVhc/KKZnXavaxhGct9m7fh5CtNHpejHN.php?usern=PPPPPPPPPPPPPPPPPPP&passw=pppppppppppppppp&guidl=4515b6de31029b7b359a10d152cd6385&psnnameo=RealGamer214&macAddresso=A8:A8:A8:A8:A8:A8
respones:   Success: Logged in.


server.lastteamstanding.uk/
respones:    // just a space


server.lastteamstanding.uk//8mTNvKbbPTHjz5RFQqs6A77yDVhc/KKZnXavaxhGct9m7fh5CtNHpejHN.php?val=277
respones:  elgood

server.lastteamstanding.uk//8mTNvKbbPTHjz5RFQqs6A77yDVhc/KKZnXavaxhGct9m7fh5CtNHpejHN.php?usern=PPPPPPPPPPPPPPPPPPP&do=gd&passw=pppppppppppppppp
respones:   Resp:1:1:1:1:1:0:197:195:ip-api.com:line/:?fields=513:adder:16397:0:1:1:1:1:1:1:1:1:1:1:1:5:0:1000:4:511:75


*/


void process_cracking_LTS_2_7_7()
{

}


GTA_Paradise.h
--------------------------


/*
responses:


185.11.145.5

server.paradisesprx.com/gtartm.php?retreiveData=true&Key=ppppppppppppppppppppppppppppppppppp


server.paradisesprx.com/ipinfo.php?IP=31.215.63.29


server.paradisesprx.com/res/downloadasset.php?key=%s&filename=%s


server.paradisesprx.com/res/getprop.php?hash=%s


server.paradisesprx.com/res/downloadsprx.php?key=ppppppppppppppppppppppppppppppppppp&filesize


server.paradisesprx.com/downloadsprx.php?key=ppppppppppppppppppppppppppppppppppp


server.paradisesprx.com/res/downloadasset.php?key=ppppppppppppppppppppppppppppppppppp&filename=ParadiseScrollbar.dds


server.paradisesprx.com/res/downloadasset.php?key=ppppppppppppppppppppppppppppppppppp&filename=portalCrosshair.dds


server.paradisesprx.com/res/downloadasset.php?key=ppppppppppppppppppppppppppppppppppp&filename=ParadiseText256.dds


server.paradisesprx.com/conneco.php?sesh=ppppppppppppppppppppppppppppppppppp&data=-470941074


server.paradisesprx.com/conneco.php?sesh=ppppppppppppppppppppppppppppppppppp&data=ppppppppppppppppppppppppppppppppppp      =   1239465692
responses:
0x14EDE704
0x1534BD2C
0x143B7A68
0x14CDA7BC
0x153493B8
0x1596800C
0x154C5868
0x154CF830
0x153186C0
0x286B183C
0x2C60183C
0x68621B9A
0x5B8B1C1C
0x32A95CE4
0x1535221C
0xA564FBC2
0xC820E44B
0x15AE4ADC
0x22827B79
0x1431FB8C


//idk other stuff respones that idk where it came from:
0x110306A4
0x22690036
0x799F018C
0x2CC0674D
0x60DE1963
0x5FE551AA
0x5C5C2D08


*/


/*
patterns for ida


pattern to search for to find thread function in paradise sprx
these are the values that he uses for this thread params
li        r6, 0x5AA
li        r7, 0x1000
38 C0 05 AA 38 E0 10 00


***dont need to nop the decrypt function. you need to nop the encrypt function. the encrypt function will be below the decrypt function in the ida funciton list***

nop sys call for write to process inside encryption func
you will freeze when the function is called but you can now dump the funtion that is decrypted
pattern: 78 66 36 64 78 67 1F 24  7C 63 30 14 7C 67 18 10     |     you should see 2      sc       instructions. 1 to  get process id and another for write process memory  (NOTE: DO NOT confuse it with the decrypt func as they are similar) (usually decrypt function are always at the top of a function)


update: for find the threads in the new versions you need to nop the sys call ^ above and then you be able to search for the threads. (only the main 2 threads show up)
pattern: 38 A0 00 00 38 C0 05 AA  60 E7 A0 00
pattern: 38 A0 00 00 38 C0 05 AA  38 E0 20 00 39 00 00 00


to get the main thread unencrypted. connect and attach before the welcome message dialog comes up and the thread will be decrypted


for the write process. this is just useful for any writes that he uses
pattern: 39 60 03 89    |   li        r11, 0x389


*/


void process_cracking_GTA_Paradise_April_15_2018() // APRIL 15TH, 2018
{
    unsigned int address = Global_BaseAddressGTA + 0x14E20; // nop empty thread from paradise. this thread returns 0. Causes freeze when attached RTM tools/debugger
    WriteGameProcessMemory(address, (const void *)&NOP, sizeof(NOP));
    unsigned int address2 = Global_BaseAddressGTA + 0x14E64; // another thread. could be like checks
    WriteGameProcessMemory(address2, (const void *)&NOP, sizeof(NOP));
}

void process_cracking_GTA_Paradise_April_30_2018() // APRIL 30TH, 2018 | Paradise GTA Update(1.4.6.1)
{

    unsigned int address = Global_BaseAddressGTA + 0x15CA4; // nop empty thread from paradise. this thread returns 0. Causes freeze when attached RTM tools/debugger
    WriteGameProcessMemory(address, (const void *)&NOP, sizeof(NOP));
    unsigned int address2 = Global_BaseAddressGTA + 0x15CE8; // another thread. could be like checks
    WriteGameProcessMemory(address2, (const void *)&NOP, sizeof(NOP));
}

void process_cracking_GTA_Paradise_September_8_2018() // SEPTEMBER 8TH, 2018 | Paradise GTA Update 1.4.8
{
    //these string dont show up in the dump some how???
    //Please refrain from using network mods while downloading.
    //Paradise RPF download 95% Complete
    //~g~Download finished! Restart your PS3 to take effect!
    //Paradise RPF download 100% Complete


    unsigned int address3 = Global_BaseAddressGTA + 0x29BC0; // nop empty thread from paradise. this thread returns 0. Causes freeze when attached RTM tools/debugger
    WriteGameProcessMemory(address3, (const void *)&NOP, sizeof(NOP));

    //unsigned int breakPoint = 0x7FE00008; // used from thread funcs when main thread is too fast to use break point with debugger
    //writeProcessMemory((void *)0x24F9CBC, (const void *)&breakPoint, sizeof(breakPoint));
}

void process_cracking_GTA_Paradise_November_23_2018() // November 23TH, 2018 | Paradise GTA Update 1.4.9.1 | ** the version he said he added some "secret stuff" on a skype call. also said it just a cool feature for his users **
{
    unsigned int address = Global_BaseAddressGTA + 0x00000; // nop empty thread from paradise. this thread returns 0. Causes freeze when attached RTM tools/debugger
    WriteGameProcessMemory(address, (const void *)&NOP, sizeof(NOP));
}

void process_cracking_GTA_Paradise_JANUARY_31ST_2019() // JANUARY 31ST, 2019 | Paradise GTA Update 1.5.0
{
    // nop sys call for write to process inside encryption func
    // you will freeze when the function is called but you can now dump the funtion that is decrypted
    // pattern: 78 66 36 64 78 67 1F 24  7C 63 30 14 7C 67 18 10     |     you should see 2      sc       instructions. 1 to  get process id and another for write process memory   (NOTE: DO NOT confuse it with the decrypt func as they are similar) (usually decrypt function are always at the top of a function)
    //WriteGameProcessMemory(0x24D29AC, (const void *)&NOP, sizeof(NOP));

    // nop empty threads from paradise. this thread returns 0. Causes freeze when attached RTM tools/debugger. IMPORTANT: you need to remove the sleeps from our thread in    prx.cpp    becuase this thread is faster then ours
    WriteGameProcessMemory(0x24FF914, (const void *)&NOP, sizeof(NOP));


    // encrypted_game_calls_part_1
    //SetBreakPoint(0x24D9568);
    // 24D9568                 lwz       r3, 0(r3)  # r3 = 0x1E70388    |  a xor value for encrpting addresses

    //SetBreakPoint(0x24D95E4); // used for encryption
    // 24D95E4                 addic     r3, r1, arg_70     # r3 = 0x2550000, r1 = 0xD003FE40 = 00000000

    //SetBreakPoint(0x24D95FC); // used for encryption
    // 24D95FC                 mr        r3, r1     # r3 = 0xD003FEB0 = 0xEDEAEDD8


    // encrypted game called part 3
    //SetBreakPoint(0x24DA460); // didn't breakpoint
    // 24DA460                 extsw     r3, r3

    //SetBreakPoint(0x24DA57C); // didn't breakpoint
    // 24DA57C                 lwz       r4, 0(r4)
    // 24DA580                 std       r2, arg_28(r1)

    //SetBreakPoint(0x24DA59C); // didnt breakpoint
    // 24DA59C                 lwz       r4, 0(r5)
    // 24DA5A0                 lwz       r2, 4(r5)

    //SetBreakPoint(0x24DA5D8); // didn't breakpoint
    // 24DA5D8                 lwz       r4, 0(r5)
    // 24DA5DC                 lwz       r2, 4(r5)

    //SetBreakPoint(0x24DA654); // didn't breakpoint
    // 24DA654                 lwz       r7, 0(r9)
    // 24DA658                 lwz       r2, 4(r9)

    // SetBreakPoint(0x24DA704);  // no good address results
    // 24DA704                 lwz       r4, 0(r4)
    // 24DA708                 std       r2, arg_28(r1)

    //SetBreakPoint(0x24DA724);
    // 24DA724                 lwz       r4, 0(r5)  # r4 = 0x15BA0E4
    // 24DA728                 lwz       r2, 4(r5)

    //SetBreakPoint(0x24DA7E4);
    // 24DA7E4                 lwz       r4, 0(r5)  # r4 = 0xA8B814
    // 24DA7E8                 lwz       r2, 4(r5)

    //SetBreakPoint(0x24DA878);
    // 24DA878                 lwz       r7, 0(r6)  # r7 = 0xA8B908
    // 24DA87C                 lwz       r2, 4(r6)

    //SetBreakPoint(0x24DA904);
    // 24DA904                 lwz       r5, 0(r6)  # r6 = 0xD003F8D8 = 0x1626844
    // 24DA908                 std       r2, arg_28(r1)

    //SetBreakPoint(0x24DA93C);  // not a func but it seems to be some pointer for creating the function
    // 24DA93C                 lwz       r3, 0(r3)  # r3 = 0x40D13AB8
    // 24DA940                 std       r2, arg_28(r1)

    //SetBreakPoint(0x24DA960);
    // 24DA960                 lwz       r6, 0(r5)  # r6 = 0x46E30C
    // 24DA964                 lwz       r2, 4(r5)

    //SetBreakPoint(0x24DA9FC);
    // 24DA9FC                 stw       r6, arg_7C(r1) # r5 = 0xA8B978
    // 24DAA00                 mr        r3, r26
    // 24DAA04                 std       r2, arg_28(r1)

    //SetBreakPoint(0x24DAA0C);
    // 24DAA0C                 lwz       r5, 0(r4)  # r5 = 0xA8B978
    // 24DAA10                 lwz       r2, 4(r4)

    //SetBreakPoint(0x24DAAC4);
    // 24DAAC4                 lwz       r10, 0(r9) # r9 = 0xD003F8C0 = 0x9F8FF0
    // 24DAAC8                 mr        r4, r28
    // 24DAACC                 std       r2, arg_28(r1)

    //SetBreakPoint(0x24DAAD0);
    // 24DAAD0                 mr        r5, r25    # r5 = 0x222D970 = CNetworkPlayerMgr
    // 24DAAD4                 mtctr     r10
    // 24DAAD8                 lwz       r2, 4(r9)

    //SetBreakPoint(0x24DA62C); // didn't breakpoint
    // 24DA62C                 lwz       r5, 0(r5)
    // 24DA630                 extsw     r4, r7
    // 24DA634                 std       r2, arg_28(r1)

    //SetBreakPoint(0x24DA654); // didn't breakpoint
    // 24DA654                 lwz       r7, 0(r9)
    // 24DA658                 lwz       r2, 4(r9)


    //SetBreakPoint(0x24DAC68);
    // results:
    // 24DAC68                 lwz       r6, 0(r5)     # r6 = 0x47E00C
    // 24DAC6C                 lwz       r2, 4(r5)     # 0x1C85330

    //SetBreakPoint(0x24D9908);
    // 24D9908                 lwz       r4, 0(r5)     # r4 = 0x15BA0E4
    // 24D990C                 lwz       r2, 4(r5)     # 0x1C85330

    //SetBreakPoint(0x24D99DC);
    // 24D99DC                 lwz       r4, 0(r5)     # r4 = 0xA8B814
    // 24D99E0                 extsw     r30, r30      # ignore
    // 24D99E4                 lwz       r2, 4(r5)     # 0x1C85330

    //SetBreakPoint(0x24D9A58);
    // 24D9A58                 lwz       r6, 0(r7)     # r7 = 0xD003F748 = 0xA8B908
    // 24D9A5C                 lwz       r2, 4(r7)     # 0x1C85330

    //SetBreakPoint(0x24D9AEC);
    // 24D9AEC                 lwz       r5, 0(r6)     # r6 = 0x1626844

    //SetBreakPoint(0x24D9B4C);
    // 24D9B4C                 lwz       r6, 0(r5)     # 0xD003F738->0x46E30C
    // 24D9B50                 lwz       r2, 4(r5)     # 0x1C85330

    //SetBreakPoint(0x24D9C50);
    // 24D9C50                 lwz       r7, 0(r8)     # r7 = 0xA8B5FC
    // 24D9C54                 std       r2, 0x620+var_5F8(r1)  # 0x1C85330

    //SetBreakPoint(0x24D9CE0);
    // 24D9CE0                 lwz       r5, 0(r7)    # r5 = 0xA8BBBC
    // 24D9CE4                 std       r2, 0x620+var_5F8(r1)  # 0x1C85330

    //SetBreakPoint(0x24D9DD0);
    // 24D9DD0                 lwz       r7, 0(r8)    # r7 = 0xA8B5FC
    // 24D9DD4                 std       r2, 0x620+var_5F8(r1)  # 0x1C85330

    //SetBreakPoint(0x24D9E60);
    // 24D9E60                 lwz       r5, 0(r7)     # r5 = 0xA8BBBC
    // 24D9E64                 std       r2, 0x620+var_5F8(r1)  # 0x1C85330

    //SetBreakPoint(0x24D9F0C);
    // 24D9F0C                 lwz       r5, 0(r4)     # r5 = 0xA8B978
    // 24D9F10                 std       r2, 0x620+var_5F8(r1)  #0x1C85330

    //SetBreakPoint(0x24D9FC8);
    // 24D9FC8                 lwz       r10, 0(r9)     # r9 = 0xD003F708 = 0x9F8FF0
    // 24D9FCC                 mr        r4, r28        # ignore
    // 24D9FD0                 std       r2, 0x620+var_5F8(r1)  # 0x1C85330

    //SetBreakPoint(0x24DA04C);
    // 24DA04C                 lwz       r8, 0(r7)      # r7 = 0xD003F700 = 0x483F50
    // 24DA050                 lwz       r2, 4(r7)      # 0x1C85330


    // encrypted game pointer part 1
    //SetBreakPoint(0x24D9814); // no good results
    //SetBreakPoint(0x24D9818);
    //SetBreakPoint(0x24D9808);


    //SetBreakPoint(0x24DA250);
    // results:
    // 24DA250                 lwz       r6, 0(r5)     # r6 = 0x5A47C
    // 24DA254                 lwz       r2, 4(r5)     # 0x1C85330

    //SetBreakPoint(0x24DA304);
    // 24DA304                 lwz       r4, 0(r6)     # r4 = 0x150BAA4
    // 24DA308                 lwz       r2, 4(r6)     # 0x1C85330


    // found in memory. Might be used later???
    // 0x51BA0
}

void process_cracking_GTA_Paradise_FEBUARY_13TH_2019()
{
    // nop sys call for write to process inside encryption func
    // you will freeze when the function is called but you can now dump the funtion that is decrypted
    //WriteGameProcessMemory(0x24DC3CC, (const void *)&NOP, sizeof(NOP)); // nop the encryption function
    //WriteGameProcessMemory(0x24DC578, (const void *)&NOP, sizeof(NOP)); // nop the encryption function


    //SetBreakPoint(0x24DC140);


}

void process_cracking_GTA_Paradise_May_5TH_2019()
{

#ifdef enable_debugging

    ///SetNop(0x24D1E94); // nop write process syscall for decrypt function. not needed
    //SetNop(0x24D22A4); // nop write process syscall for encrypt function
    //SetNop(0x24FCAC8); // nop write process syscall for encrypting the thread


    //SetNop(0x24DB6FC); // nop write process syscall in freeze lobby v3
    //SetNop(0x24DB4DC); // nop write process syscall in freeze lobby v3 as host
    //SetNop(0x24D5544);  // nop write process syscall for encrypt function #2

    //SetNop(0x24FAF24); // nop write process syscall for encrypting for unknown func

    ///SetBreakPoint(0x24D23C8); // breakpoint here to get the first param of the get host of this script native

#elif enable_cracking


    //**NOTE** when the time is in the fiture the game will say cound't not go online bc youre missing cloud files

    SetNop(0x24FC088); // remove read license key function
    SetReturnTrue(0x24DE6F0); // return true in the read license key function | useless since we nop the sub but here just incase
    SetBranch(0x24FC098, 0x24FC0DC); // bypass reading key
    SetBranch(0x24FC0F4, 0x24FC154); // bypass read key length
    SetNop(0x24FBF88); // nop anti debugging thread
    //SetNop(0x24FBFB0); // nop 2nd thread that checks for anti debugger. this will let you debug but will cuase some functions not ot work like xml vehicle spawner and freeze player and other functions
    unsigned int anti_debugging_eboot_memory[] = {
        0x60000000, 0x60000000, 0x60000000, 0x60000000, 0x60000000, 0x60000000,
        0x60000000, 0x60000000, 0x60000000, 0x60000000, 0x60000000, 0x60000000,
        0x60000000, 0x60000000, 0x60000000, 0x60000000, 0x60000000, 0x60000000,
        0x60000000, 0x60000000, 0x60000000, 0x60000000, 0x60000000, 0x60000000,
        0x60000000, 0x60000000, 0x60000000, 0x60000000,
    };
    WriteGameProcessMemory(0x24D36AC, (const void *)&anti_debugging_eboot_memory, sizeof(anti_debugging_eboot_memory));


    SetNop(0x24FC3A8); // nop the run_auth_setup
    SetUint(0x25379A0, 0x253D280); // pointer to array_with_server_addresses
    unsigned int array_with_server_addresses[] = {
        0x01E6FF38, 0x003FA510, 0x01306254, 0x01C6BF80, 0x003F8B84, 0x009D9830,
        0x00474054, 0x0047E00C, 0x003A9EFC, 0x3D600000, 0x396B0000, 0x7D6903A6,
        0x4E800420, 0x27A244D8, 0x003E3A20, 0xB06FE3FE, 0xDD2BFC77, 0x00A552E0,
        0x19974656, 0x013AE3B0, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
        0x00000000, 0x08421B34, 0x004241D4, 0x043E4298, 0x0159A284, 0x01C707E0,
        0x0133C430, 0x01DE12C0, 0x68BE968A, 0x00D38374, 0xDDF8506E, 0x01C72E70,
        0x013CA768, 0x5D2F0936, 0x3FF8A110, 0x7701AE7A, 0x2EDCED76, 0x6889179E,
        0x37AE0314, 0x7FF6D4F3, 0x198AE961, 0x54F5F89C, 0x7CB53A80, 0x1399569B,
        0x741DB119, 0x7184E059, 0x12365695, 0x602DC317, 0x413DAEE5, 0x1519CFC7,
        0x378281EF, 0x6C70C35E, 0x56FE147C, 0x16D635A7,
    };
    WriteGameProcessMemory(0x253D280, (const void *)&array_with_server_addresses, sizeof(array_with_server_addresses));

    // when spawning a car it used to crash bc the function was partly encrypted
    unsigned int spawn_callback_decrypted[] = {
        0xF821FF61, 0x7C0802A6, 0xF80100B0, 0xFBE10098,
        0x3FE01006, 0xFBC10090, 0x38800000, 0x607E0000,
        0x3C601005, 0x3CC0FA92, 0x909F0004, 0x3CA00250,
        0x909F000C, 0x907F0008, 0x907F0000, 0xFBA10088,
        0x60C4E226, 0x3BA59970, 0x78830020, 0x3C801006,
        0x4BFD7AF5, 0x3C801647, 0x80BF0000, 0x30610070,
        0x6084F1CB, 0x38C00000, 0x80A50000, 0x7CA507B4,
        0x4801F3CD, 0x60000000, 0xC03D0000, 0x63C30000,
        0xC0810070, 0xC0410074, 0xC0610078, 0xEC24082A,
        0x4BFFFD91, 0xE80100B0, 0x7C0803A6, 0xEBA10088,
        0xEBC10090, 0xEBE10098, 0x382100A0, 0x4E800020,
    };
    WriteGameProcessMemory(0x24F9978, (const void *)&spawn_callback_decrypted, sizeof(spawn_callback_decrypted));

    // function was partly encrypted
    unsigned int secondary_thread_decrypted[] = {
        0x4BFFF9E9, 0x2C030000, 0x41820008, 0x3BC00001,
        0x38600000, 0x48044D81, 0x60000000, 0x3C800254,
        0x2C1E0000, 0xE884B0F8, 0x41820010, 0x3CA00254,
        0x60640000, 0xF865B0F8, 0x7C841810, 0x2C240002,
        0x40810074,
    };
    WriteGameProcessMemory(0x24D3668, (const void *)&secondary_thread_decrypted, sizeof(secondary_thread_decrypted));


    SetString(0x2525B70, "Paradise Cracked", strlen("Paradise Cracked"));
    SetString(0x2523A90, "using næ«Paradise CRAKnæ«", strlen("using næ«Paradise CRAKnæ«"));

    /*

    // 0xF48643B0 Thursday, December 31, 2099 10:37:36 PM
    unsigned int time_stamp_date_patch[] = {
    0x3C80F486, // lis       r4, 0xF486 # 0xF48643B0
    0x608443B0, // ori       r4, r4, 0x43B0 # 0xF48643B0
    };
    WriteGameProcessMemory(0x24FB9DC, (const void *)&time_stamp_date_patch, sizeof(time_stamp_date_patch)); // crashed
    SetBlr(0x24FB338); // blr the run_date_check_function
    SetNop(0x24FBA40); // when the timestamp ends the thread will crash by setting an invalid memory address


    unsigned int data_001[] = {
    0x322934A0, 0x40D13A80,
    };
    WriteGameProcessMemory(0x253021C, (const void *)&data_001, sizeof(data_001));

    SetUint(0x2530350, 0x00000000);
    SetUint(0x253052C, 0x00000000);

    unsigned int data_002[] = {
    0x000000FF, 0x00000053,
    };
    WriteGameProcessMemory(0x2530530, (const void *)&data_002, sizeof(data_002));

    unsigned int data_006[] = {
    0x00000000, 0x00010000, 0x00000001, 0x01000000,
    };
    WriteGameProcessMemory(0x2534A49, (const void *)&data_006, sizeof(data_006));

    SetUint(0x2535C30, 0x1EEE1A4);
    */

#endif
}


void process_cracking_GTA_Paradise_March_3rd_2020()
{

#ifdef enable_debugging

    SetNop(0x24D5920); // nop write process syscall in encrypt func 0001


#elif enable_cracking

    //SetNop(0x24FF0AC); // remove read license key function
    //SetReturnTrue(0x24E2830); // return true in the read license key function | useless since we nop the sub but here just incase
    //SetBranch(0x24FF0BC, 0x24FF100); // bypass reading key
    //SetBranch(0x24FF118, 0x24FF178); // bypass read key length

    SetNop(0x24FEFAC); // nop anti debugging thread
    SetBranch(0x24D3B70, 0x24D3CD8); // skip anti debugging and break point detection
    SetUint(0x24D1330, 0x609F0000); // invalid instruction2 fix

    /*
    SetNop(0x24FF3CC); // nop the run_auth_setup

    SetUint(0x2544C20, 0xE3EE026E); // xor value used for xor values

    SetUint(0x2547C98, 0x254D058); // pointer to array_with_xor_values
    unsigned int array_with_xor_values[] = {
        0x088A3A8A, 0x095360A2, 0x085CA7E6, 0x08AA7A32, 0x09534E36, 0x09F15D82,
        0x092B85E6, 0x092B25BE, 0x09565B4E, 0x340CC5B2, 0x3007C5B2, 0x7405C614,
        0x47ECC192, 0x2ECE816A, 0x0952FF92, 0xB903264C, 0xD44739C5, 0x09C99752,
        0x11FB83E4, 0x08562602, 0x066CC5B2, 0x066CC5B2, 0x066CC5B2, 0x066CC5B2,
        0x066CC5B2, 0x012EDE86, 0x092E8466, 0x0D52872A, 0x08356736, 0x08ABC252,
        0x085F0182, 0x08B2D772, 0x61D25338, 0x09BF46C6, 0xD49495DC, 0x08ABEBC2,
        0x085062DA, 0x570C5801, 0x369464A2, 0x7E6D6BC8, 0x27B028C4, 0x61E5D22C,
        0x3EC2C6A6, 0x769A1141, 0x10E62CD3, 0x5D993D2E, 0x75D9FF32, 0x1AF59329,
        0x7D7174AB, 0x78E825EB, 0x1B5A9327, 0x694106A5, 0x48516B57, 0x1C750A75,
        0x3EEE445D, 0x651C06EC, 0x5F92D1CE, 0x1FBAF015,
    };
    WriteGameProcessMemory(0x254D058, (const void*)&array_with_xor_values, sizeof(array_with_xor_values));
    SetUint(0x2547C9C, 0x882578A3); // xor values for xor array
    SetUint(0x2547C8C, 0xBF20B39A); // xor values for xor array
    */


#endif
}


void process_cracking_GTA_Paradise_March_17Th_2020()
{

#ifdef enable_debugging


#elif enable_cracking

    uint32_t bl_create_thread = GetGameProcessUint32(0x24FF588);
    if (bl_create_thread == 0x4802A611) // only do it once becuase its going to re-encrypt and it will cause invalid instruction somewhere else
        SetNop(0x24FF588); // nop anti debugging thread

    SetBranch(0x24D3C80, 0x24D3DE8); // skip anti debugging and break point detection

#endif
}


void process_cracking_GTA_Paradise_June_15Th_2020()
{

#ifdef enable_debugging


#elif enable_cracking

    // some what still broken but enough to dump it

    uint32_t bl_create_thread = GetGameProcessUint32(0x2501A88);
    if (bl_create_thread == 0x4802CA09) // only do it once becuase its going to re-encrypt and it will cause invalid instruction somewhere else
        SetNop(0x2501A88);

    SetBranch(0x24D3C78, 0x24D3E08); // skip anti debugging and break point detection

#endif
}


void process_cracking_GTA_Paradise_July_2Nd_2020()
{

#ifdef enable_debugging


#elif enable_cracking

    // some what still broken but enough to dump it

    uint32_t bl_create_thread = GetGameProcessUint32(0x2501C98);
    if (bl_create_thread == 0x4802CAD9) // only do it once becuase its going to re-encrypt and it will cause invalid instruction somewhere else
        SetNop(0x2501C98);

    SetBranch(0x24D3C78, 0x24D3E08); // skip anti debugging and break point detection

#endif
}


GTA_Serendipity.h
--------------------------


void process_cracking_serendipity()
{
    WriteGameProcessMemory(0x24D4194, (const void *)&NOP, sizeof(NOP)); // read key  0x24D3968
    WriteGameProcessMemory(0x24D41D0, (const void *)&NOP, sizeof(NOP)); // first auth request
    WriteGameProcessMemory(0x24D42B0, (const void *)&NOP, sizeof(NOP)); // seconds auth request

    unsigned int seren_hook = 0x3E3A20; // is player online
    WriteGameProcessMemory(0x2530064, (const void *)&seren_hook, sizeof(seren_hook)); // main hook address

    unsigned int text_pos_x = 0x3F30A3D7; // float 0.69
    WriteGameProcessMemory(0x2531B40, (const void *)&text_pos_x, sizeof(text_pos_x)); // text pos x

    unsigned int menu_pos_x = 0x3F4CCCCD; // float 0.8
    WriteGameProcessMemory(0x2531B44, (const void *)&menu_pos_x, sizeof(menu_pos_x)); // menu pos x

    unsigned int menu_rgba[] = {
        0x000000FF, 0x000000FF, 0x000000FF, 0x000000FF, 0x000000FF, 0x000000FF,
        0x000000FF, 0x000000FF, 0x0000000F, 0x0000000F, 0x0000000F, 0x00000078,
        0x000000FF, 0x0000007D, 0x00000000, 0x000000AF, 0x000000FF, 0x0000007D,
        0x00000000, 0x000000AF, 0x000000FF, 0x0000007D, 0x00000000, 0x000000AF
    };

    WriteGameProcessMemory(0x2531C10, (const void *)&menu_rgba, sizeof(menu_rgba)); // menu RGBA
}


GTA_Terrorizor.h
--------------------------------

void process_cracking_terrorizer()
{
    SetNop(IDA2MEM(0x4FD58)); // nop auther thread
    SetNop(IDA2MEM(0x48B40)); // bypass check in PatchInJump
    SetUint(IDA2MEM(0x48D74), 0x2C030001); // set some check to true
    SetUint(IDA2MEM(0x48E48), 0x38600001); // set check to true
    SetBranchless(IDA2MEM(0x48BF4)); // branch where he sets up all the hooks
}


lua_plugin.h
----------------------

// github.com/gallexme/ScriptHook-Lua-Plugin
// gtaforums.com/topic/386908-doc-lua-scripting-help/page/6/   VECTOR3 lua usage


int lua_func_notify(lua_State *l)
{
    const char *text = lua_tostring(l, 1);
    vshtask_notify(text);
    return 1;
}

int lua_func_sleep(lua_State *l)
{
    int key = lua_tointeger(l, 1);
    sleep(key);
    return 1;
}

int lua_func_set_memory(lua_State *l)
{
    unsigned long _address = ((unsigned long)tolua_tonumber(l, 1, 0));
    const char *_text = tolua_tostring(l, 2, 0);
    //const char *text = lua_tostring(l, 2);
    unsigned long _size = ((unsigned long)tolua_tonumber(l, 3, 0));

    int ret = WriteGameProcessMemory(_address, (const void *)_text, _size);
    lua_pushboolean(l, ret);
    return 1;
}

int lua_func_get_memory_uint32(lua_State *l)
{
    unsigned long _address = ((unsigned long)tolua_tonumber(l, 1, 0));
    uint32_t value;
    int ret = ReadGameProcessMemory(_address, (void *)&value, sizeof(uint32_t));
    if (ret == SUCCEEDED)
    {
        lua_pushnumber(l, value);
    }
    else
    {
        lua_pushnumber(l, 0x8001000D);
    }
    return 1;
}

int lua_func_get_memory_uint64(lua_State *l)
{
    unsigned long _address = ((unsigned long)tolua_tonumber(l, 1, 0));
    //uint64_t* value = ((uint64_t*)tolua_tousertype(l, 2, 0));

    uint64_t value;
    int ret = ReadGameProcessMemory(_address, (void *)&value, sizeof(uint64_t));
    if (ret == SUCCEEDED)
    {
        lua_pushnumber(l, value);
    }
    else
    {
        lua_pushnumber(l, 0x8001000D); // if failed
    }
    return 1;
}

int lua_func_is_in_game(lua_State *l)
{
    lua_pushboolean(l, bIsGameLoaded);

    return 1;
}

int lua_func_get_game_name(lua_State *l)
{
    if (bIsGameLoaded)
    {
        lua_pushstring(l, global_game_Title);
    }
    else
    {
        lua_pushstring(l, "");
    }

    return 1;
}

int lua_func_load_sprx_into_process(lua_State *l)
{
    if (bIsGameLoaded)
    {
        const char *text = lua_tostring(l, 1);
        load_start(text);
        lua_pushboolean(l, 1);
    }
    else
    {
        lua_pushboolean(l, 0);
    }
    return 1;
}

void run_function(lua_State *L, const char *func)
{
    lua_getglobal(L, func);
    int error = lua_pcall(L, 0, 0, 0);

    if (error) {
        fprintf(_stderr, "%s: %s\n", func, lua_tostring(L, -1));
        lua_pop(L, 1);
        sys_timer_usleep(500);
    }
    if (error == LUA_ERRMEM) {
        fprintf(_stderr, "C daemon: Memory error");
        sys_timer_usleep(500);
    }
}

void run_file(lua_State *L, char *file)
{
    int error = luaL_loadfile(L, file) || lua_pcall(L, 0, 0, 0);

    if (error) {
        fprintf(_stderr, "%s: %s\n", file, lua_tostring(L, -1));
        lua_pop(L, 1);
    }
    if (error == LUA_ERRMEM) {
        fprintf(_stderr, "C daemon: Memory error");
    }
}

#define LUA_SCRIPT_FILE "/dev_hdd0/tmp/lua/main.lua"

lua_State *generateLuaState()
{
    lua_State *lua_state;

    printf("calling luaL_newstate\n");
    lua_state = luaL_newstate();
    sleep(500);
    // load Lua libraries
    printf("calling luaL_openlibs\n");
    luaL_openlibs(lua_state);

    sleep(9000);

    if (luaL_dofile(lua_state, LUA_SCRIPT_FILE)) // crashes in here????
    {
        fprintf(_stderr, "Main.lua: %s\n", lua_tostring(lua_state, -1));
        lua_pop(lua_state, 1);
    }

    printf("seting up lids\n");
    lua_pushcfunction(lua_state, &lua_func_notify);
    lua_setglobal(lua_state, "notify");
    lua_pushcfunction(lua_state, &lua_func_sleep);
    lua_setglobal(lua_state, "sleep");
    lua_pushcfunction(lua_state, &lua_func_set_memory);
    lua_setglobal(lua_state, "set_memory");
    lua_pushcfunction(lua_state, &lua_func_get_memory_uint32);
    lua_setglobal(lua_state, "get_memory_uint32");
    //lua_pushcfunction(lua_state, &lua_func_get_memory_uint64);
    //lua_setglobal(lua_state, "get_memory_uint64");
    lua_pushcfunction(lua_state, &lua_func_is_in_game);
    lua_setglobal(lua_state, "is_in_game");
    lua_pushcfunction(lua_state, &lua_func_get_game_name);
    lua_setglobal(lua_state, "get_game_name");
    lua_pushcfunction(lua_state, &lua_func_load_sprx_into_process);
    lua_setglobal(lua_state, "load_sprx");


    printf("calling init\n");
    run_function(lua_state, "init");
    printf("finished calling init\n");
    return lua_state;
}


Minecraft_modcraft_Tool.h
----------------------------------------
/*
responses:


modcraft.pw/

/api/login.php?para1=RealGamer3242&para2=ppppppppppp&para3=Fl4g5Or5ajv864x4MeV9JM50tgBfy1vO3fMl5t52pR8ECYGlt7b/Z23mWXbLXRbL&para4=489984&para5=Color%20[A=255,%20R=0,%20G=100,%20B=155]

respones: [truncated]qwskgsjuow396jb0x41d88338spr0x016C5D60spr0x4000ABE4spr0x00B2E06Cspr0x008BB020spr0x013E4DB4spr0x00947B40spr0x00A0B1E8spr0x0032A0D8spr0x0032A0F8spr0x0032A090spr0x0032A098spr0x0032A0B0spr0x0032A0A0spr0x001E9277spr0x000119FFspr0x00


/api/login.php?para1=RealGamer3242&para2=ppppppppppp&para3=Fl4g5Or5ajv864x4MeV9JM50tgBfy1vO3fMl5t52pR8ECYGlt7b/Z23mWXbLXRbL&para4=489984&para5=Color%20[A=255,%20R=0,%20G=100,%20B=155]

*/


MW2_Paradox.h
-------------------


// add 0x20000   for it to work with 2 sprx's, only if the paradox is the second one loaded
void process_cracking_MW2_Paradox_Sep_29TH_2019()
{
    //uint32_t sprx_base_address1 = 0x25C0000;
    //uint32_t sprx_base_address2 = 0x25E0000;
    //uint32_t next_base_address_size = sprx_base_address2 - sprx_base_address1; // 0x20000
    //uint32_t next_base_address_size = 0x20000;

    SetNop(0x25CAC18); // stop connect to paradox.sh
    SetNop(0x25CB6C4); // request addresses from server
    SetNop(0x25CB7B8); // thread get admin commands
    SetNop(0x25CBC00); // stop auto update module

    uint32_t auth_data_1[] = {
        0xD00179A0, 0x00128D72, 0x01000000, 0x00050000
    };
    SetUintArray(0x25F0B48, auth_data_1, sizeof(auth_data_1));

    uint32_t auth_data_2[] = {
        0x00915258, 0x0091527C, 0x00915254, 0x009FD590, 0x000A2060
    };
    SetUintArray(0x26004DC, auth_data_2, sizeof(auth_data_2));

    uint32_t server_data[] = {
        0x000A1A88, 0x00724C38, 0x00052738, 0x00724C38,
        0x0005EFB0, 0x00724C38, 0x0045B298, 0x00724C38,
        0x004C6CC8, 0x00724C38, 0x00096178, 0x00724C38,
        0x00200E38, 0x00724C38, 0x004C6D28, 0x00724C38,
        0x001E59A0, 0x00724C38, 0x000335D8, 0x00724C38,
        0x00032898, 0x00724C38, 0x00238070, 0x00724C38,
        0x002539F8, 0x00724C38, 0x001D9EC0, 0x00724C38,
        0x0004FE80, 0x00724C38, 0x000A8510, 0x00724C38,
        0x004C7168, 0x00724C38, 0x004C7248, 0x00724C38
    };
    SetUintArray(0x25F07DC, server_data, sizeof(server_data));


    SetBranch(0x25CAA9C, 0x25CABCC); // skip the bullshit
    SetBranch(0x25CAC1C, 0x25CB6AC); // skip the bullshit
}


MW3_Paradox.h
--------------------------

// add 0x20000   for it to work with 2 sprx's, only if the paradox is the second one loaded
void process_cracking_MW3_Paradox_Sep_29TH_2019()
{
    //uint32_t sprx_base_address1 = 0x23B0000;
    //uint32_t sprx_base_address2 = 0x23D0000;
    //uint32_t next_base_address_size = sprx_base_address2 - sprx_base_address1; // 0x20000
    //uint32_t next_base_address_size = 0x20000;

    SetNop(0x23CBA3C); // stops connecting the server
    SetNop(0x23CCA20); // stops the auto updater
    SetNop(0x23CC4E8); // stops downloading server addresses

    uint32_t auth_data_1[] = {
        0xD00189A0, 0x001379A5, 0x01000000, 0x00050000
    };
    SetUintArray(0x2405438, auth_data_1, sizeof(auth_data_1));

    uint32_t auth_data_2[] = {
        0x007F0ECC, 0x007BD008, 0x007BD010, 0x007BD00C,
    };
    SetUintArray(0x2416934, auth_data_2, sizeof(auth_data_2));

    uint32_t server_data[] = {
        0x00393640, 0x0072DCE8, 0x004A38B8, 0x0072DCE8,
        0x004A3740, 0x0072DCE8, 0x000C0878, 0x0072DCE8,
        0x0006DE58, 0x0072DCE8, 0x001DB240, 0x0072DCE8,
        0x003937C0, 0x0072DCE8, 0x00068308, 0x0072DCE8,
        0x003930D0, 0x0072DCE8, 0x00211A24, 0x0072DCE8,
        0x001F9D74, 0x0072DCE8, 0x000C568C, 0x0072DCE8,
        0x00291060, 0x0072DCE8, 0x002911A8, 0x0072DCE8,
        0x000C42A8, 0x0072DCE8, 0x0007A5C8, 0x0072DCE8,
        0x003F8DE8, 0x0072DCE8, 0x0003CAD8, 0x0072DCE8,
        0x000BC550, 0x0072DCE8, 0x000402C0, 0x0072DCE8,
        0x004A4B20, 0x0072DCE8, 0x0038B044, 0x0072DCE8,
        0x003808B8, 0x0072DCE8, 0x00392D78, 0x0072DCE8,
        0x004A568C, 0x0072DCE8, 0x0002B620, 0x0072DCE8,
        0x00023890, 0x0072DCE8, 0x000BE498, 0x0072DCE8,
        0x00277158, 0x0072DCE8, 0x000CD63C, 0x0072DCE8
    };
    SetUintArray(0x2400C18, server_data, sizeof(server_data));


    SetBranch(0x23CB8C0, 0x23CB9F0); // skip the bullshit
    SetBranch(0x23CBA40, 0x23CC4D0); // skip the bullshit
}


prx.cpp
-------------------------
#include <sys/ppu_thread.h>
#include <string.h>
#include <ppu_asm_intrinsics.h>
#include <sys/sys_time.h>
#include <sys/time_util.h>
#include <stdarg.h>
#include <assert.h>
#include <sys/process.h>
#include <sys/memory.h>
#include <sys/timer.h>
#include <sys/return_code.h>
#include <sys/prx.h>
#include <stddef.h>
#include <math.h>
#include <cmath>
#include <cellstatus.h>
#include <typeinfo>
#include <algorithm>
#include <vector>
#include <pthread.h>
#include <locale.h>
#include <cell/error.h>
#include <sys/paths.h>
#include <time.h>
#include <net\if_dl.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <cell/cell_fs.h>
#include <cell/sysmodule.h>
#include <stdio.h>
#include <cell/fs/cell_fs_errno.h>
#include <cell/fs/cell_fs_file_api.h>
#include <sysutil/sysutil_userinfo.h>
#include <sysutil/sysutil_oskdialog.h>
#include <sysutil/sysutil_msgdialog.h>
#include <netdb.h>
#include <netex/net.h>
#include <netex/errno.h>
#include <ppu_intrinsics.h>
#include <stdlib.h>
#include <cfloat>
#include <cstdio>
#include <cstdlib>
#include <ctime>
#include <np.h>
#include <xstring>
#include <stdint.h>
#include <map>
#include <sys/syscall.h>
#include <sys/types.h>
#include <fastmath.h>
#include <sys/random_number.h>
#include <sysutil/sysutil_sysparam.h>
#include <netex/libnetctl.h>
#include <ctype.h>


//needed for vshlib.h
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <math.h>
#include <time.h>
#include <dirent.h>
#include <wchar.h>
#include <cell/codec/pngdec.h>
#include <cell/gcm.h>
#include <cell/font.h>
#include <cell/l10n.h>
#include <sys/prx.h>
#include <sys/mempool.h>
#include <sys/synchronization.h>
#include <sys/ppu_thread.h>
#include <sys/memory.h>
#include <sys/interrupt.h>
#include <sys/process.h>
#include <sys/spinlock.h>
#include <sys/random_number.h>
#include <sys/sys_time.h>
#include <sys/spu_utility.h>
#include <sys/spu_image.h>


// newly added
#include <sdk_version.h>
#include <cell/rtc.h>
#include <cell/pad.h>
#include <sys/event.h>
#include <cell/pad.h>
#include <ctype.h>
#include <limits.h>
#include <float.h>


#include <vshlib.h>


SYS_MODULE_INFO(sprx_entry, SYS_MODULE_ATTR_EXCLUSIVE_LOAD | SYS_MODULE_ATTR_EXCLUSIVE_START, 1, 1);
SYS_MODULE_START(sprx_entry);


//libaries
#pragma comment(lib, "c")
#pragma comment(lib, "c_stub")
#pragma comment(lib, "sn")
#pragma comment(lib, "m")
#pragma comment(lib, "io_stub")
#pragma comment(lib, "sysutil_stub")
#pragma comment(lib, "sysmodule_stub")
#pragma comment(lib, "syscall")
#pragma comment(lib, "gcm_sys_stub")
#pragma comment(lib, "net_stub")
#pragma comment(lib, "netctl_stub")


#define enable_cracking 1
//#define enable_debugging 1


//#define enable_AW 1
//#define enable_Ghosts 1
//#define enable_BO3 1
#define enable_BO2 1
//#define enable_BO1 1
//#define enable_MW3 1
//#define enable_MW2 1
//#define enable_GTA 1


//#define enable_MW3_RetroClient 1
//#define enable_MW2_Reflex_2_5 1
//#define enable_GTA_paradise 1
//#define enable_GTA_LTS 1
//#define enable_GTA_extortion 1
//#define enable_GTA_serendipity 1
//#define enable_GTA_lexicon 1
//#define enable_GTA_hextic 1
//#define enable_GTA_terrorizer 1
//#define enable_AW_Paradox 1
//#define enable_BO2_Paradox 1
//#define enable_BO1_Paradox 1
//#define enable_Ghosts_Paradox 1
//#define enable_MW2_Paradox 1
//#define enable_MW3_Paradox 1
#define enable_BO2_Sprxio 1


#include "lua.h"
#include "utils.h"
#include "lua_plugin.h"
#include "MW3_RetroClient.h"
#include "MW2_Reflex_2_5.h"
#include "GTA_Extortion.h"
#include "GTA_Paradise.h"
#include "GTA_Conqueror.h"
#include "GTA_LTS.h"
#include "GTA_Serendipity.h"
#include "GTA_Lexicon.h"
#include "Minecraft_modCraft_Tool.h"
#include "GTA_Hextic.h"
#include "GTA_Terrorizer.h"
#include "AW_Paradox.h"
#include "BO2_Paradox.h"
#include "BO1_Paradox.h"
#include "MW2_Paradox.h"
#include "MW3_Paradox.h"
#include "Ghost_Paradox.h"
#include "BO2_Sprxio.h"


void initiate_ingame_cracks(uint32_t pid, char *game_id, char *game_title)
{
    //printf("game_id: %s\n", game_id);
    //printf("game_title: %s\n", game_title);


    //GTAV
    if (IsGameGTAV(game_id))
    {
        //printf("game_title: %s\n", game_title);
#ifdef enable_GTA_paradise
        process_cracking_GTA_Paradise_July_2Nd_2020();
#elif enable_GTA_LTS
        process_cracking_LTS_2_7_7();
#elif enable_GTA_extortion
        process_cracking_GTA_Extortion_4_1();
#elif enable_GTA_serendipity
        process_cracking_serendipity();
#elif enable_GTA_lexicon
        process_cracking_lexicon();
#elif enable_GTA_hextic
        process_cracking_GTA_Hextic_6_7_2();
#elif enable_GTA_terrorizer
        process_cracking_terrorizer();
#endif
    }
    //BO1
    else if (IsGameBO1(game_id))
    {
        //printf("game_title: %s\n", game_title);
#ifdef enable_BO1_Paradox
        process_cracking_BO1_Paradox_Sep_26TH_2019();
#endif
    }
    //BO2
    else if (IsGameBO2(game_id))
    {
        //printf("game_title: %s\n", game_title);
#ifdef enable_BO2_Paradox
        process_cracking_BO2_Paradox_Sep_24TH_2019();
#elif enable_BO2_Sprxio
        process_cracking_BO2_Sprxio_Nov_2ND_2019();
#endif
    }
    //BO3
    else if (IsGameBO3(game_id))
    {
        //printf("game_title: %s\n", game_title);
    }
    //MW3
    else if (IsGameMW3(game_id))
    {
        //printf("game_title: %s\n", game_title);
#ifdef enable_MW3_RetroClient
        proccess_cracking_MW3_RetroClient();
#elif enable_MW3_Paradox
        process_cracking_MW3_Paradox_Sep_29TH_2019();
#endif
    }
    //MW2
    else if (IsGameMW2(game_id))
    {
        //printf("game_title: %s\n", game_title);
#ifdef enable_MW2_Reflex_2_5
        process_MW2_Reflex_2_5();
#elif enable_MW2_Paradox
        process_cracking_MW2_Paradox_Sep_29TH_2019();
#endif
    }
    // COD Ghosts
    else if (IsGameGhosts(game_id))
    {
        //printf("game_title: %s\n", game_title);
#ifdef enable_Ghosts_Paradox
        process_cracking_Ghost_Paradox_Sep_29TH_2019();
#endif
    }
    //AW
    else if (IsGameAW(game_id))
    {
        //printf("game_title: %s\n", game_title);
#ifdef enable_AW_Paradox
        process_cracking_AW_Paradox_Sep_24TH_2019();
#endif
    }
    else
    {

    }
}

void main_thread_handler(uint64_t arg)
{
    int GameProcessID = 0, lastGameProcessID = 0;

    sys_timer_sleep(10);

    printf("loaded sprx cracker\n");


    //lua_State *lua_state = generateLuaState();

    printf("starting while loop\n");

    while (true)
    {
        GameProcessID = GetGameProcessID();
        //printf("GameProcessID: 0x%X\n", GameProcessID);

        if (GameProcessID != 0)
        {
            if (GameProcessID != lastGameProcessID)
            {
                /*for (int x = 0; x < (10 * 100); x++) //10 second delay
                {
                    sys_timer_usleep(10000);
                    sys_ppu_thread_yield();
                }*/


                printf("Attached into game process\n");
            }


            if (bPressStartToAttach)
            {
                attachedPID = GameProcessID;
                if (attachedPID)
                {
                    get_game_info(); // get current game information

                    bIsGameLoaded = 1;

                    //if (lua_state)
                    //  run_function(lua_state, "tick");

                    //printf("game process 0x%08X\n", attachedPID);
                    initiate_ingame_cracks(attachedPID, global_game_TitleID, global_game_Title);
                }
            }
        }
        else
        {
            if (attachedPID) // Disconnect
            {
                attachedPID = 0;
                bIsGameLoaded = 0;
            }
            else
            {
                //sys_timer_usleep(3 * 1000 * 1000); //3 second delay
            }
        }


        lastGameProcessID = GameProcessID;
        sys_timer_usleep(1668);
        sys_ppu_thread_yield();
    }


    // close the Lua state
    //if (lua_state)
    //  lua_close(lua_state);

    sys_ppu_thread_exit(0);

}

extern "C" int sprx_entry(void)
{
    sys_ppu_thread_t main_thread_id = -1;
    sys_ppu_thread_create(&main_thread_id, main_thread_handler, 0, 3000, 0x4000, 1, "sprx_entry");
    _sys_ppu_thread_exit(0);

    return 0;
}


Utils.h
---------------------------
char global_game_TitleID[16]; //#define _game_TitleID  _game_info+0x04
char global_game_Title[64]; //#define _game_Title    _game_info+0x14

int get_game_info()
{
    int game_plugin_handle = FindLoadedPlugin("game_plugin");

    if (game_plugin_handle)
    {
        char _game_info[0x120];
        game_interface = (game_plugin_interface *)plugin_GetInterface(game_plugin_handle, 1);
        game_interface->gameInfo(_game_info);

        snprintf(global_game_TitleID, 10, "%s", _game_info + 0x04);
        snprintf(global_game_Title, 63, "%s", _game_info + 0x14);
    }

    return game_plugin_handle;
}


bool IsGameGTAV(char *cur_title_id)
{
    if (!strcmp(cur_title_id, "BLES01807") || !strcmp(cur_title_id, "BLUS31156") ||
        !strcmp(cur_title_id, "BLJM61019") || !strcmp(cur_title_id, "NPUB31154") ||
        !strcmp(cur_title_id, "NPEB01283"))
    {
        return true;
    }

    return false;
}
bool IsGameBO1(char *cur_title_id)
{
    if (!strcmp(cur_title_id, "BLES01034") || !strcmp(cur_title_id, "BLES01031") ||
        !strcmp(cur_title_id, "BLES01105") || !strcmp(cur_title_id, "BLJM60286") ||
        !strcmp(cur_title_id, "BLES01035") || !strcmp(cur_title_id, "BLES01032") ||
        !strcmp(cur_title_id, "BLES01033") || !strcmp(cur_title_id, "BLUS30591"))
    {
        return true;
    }

    return false;
}
bool IsGameBO2(char *cur_title_id)
{
    if (!strcmp(cur_title_id, "BLUS31011") || !strcmp(cur_title_id, "BLES01717") ||
        !strcmp(cur_title_id, "BLES01718") || !strcmp(cur_title_id, "BLES01719") ||
        !strcmp(cur_title_id, "BLES01720") || !strcmp(cur_title_id, "NPEB01205") ||
        !strcmp(cur_title_id, "NPUB31054") || !strcmp(cur_title_id, "NPUB31055") ||
        !strcmp(cur_title_id, "NPUB31056") || !strcmp(cur_title_id, "BLUS31141") ||
        !strcmp(cur_title_id, "BLUS31140"))
    {
        return true;
    }

    return false;
}
bool IsGameBO3(char *cur_title_id)
{
    if (!strcmp(cur_title_id, "NPEB02266") || !strcmp(cur_title_id, "BLUS31527") ||
        !strcmp(cur_title_id, "NPUB31665") || !strcmp(cur_title_id, "BLES02166") ||
        !strcmp(cur_title_id, "BLES02168"))
    {
        return true;
    }

    return false;
}
bool IsGameAW(char *cur_title_id)
{
    if (!strcmp(cur_title_id, "BLUS31466") || !strcmp(cur_title_id, "BLES02078") ||
        !strcmp(cur_title_id, "BLES02077") || !strcmp(cur_title_id, "BLES02079") ||
        !strcmp(cur_title_id, "BLJM61227") || !strcmp(cur_title_id, "BLJM61228") ||
        !strcmp(cur_title_id, "NPUB31553") || !strcmp(cur_title_id, "NPEB02087"))
    {
        return true;
    }

    return false;
}
bool IsGameMW3(char *cur_title_id)
{
    if (!strcmp(cur_title_id, "BLES01428") || !strcmp(cur_title_id, "BLES01429") ||
        !strcmp(cur_title_id, "BLES01432") || !strcmp(cur_title_id, "BLUS30838") ||
        !strcmp(cur_title_id, "BLES01433") || !strcmp(cur_title_id, "NPUB30787") ||
        !strcmp(cur_title_id, "NPUB30788") || !strcmp(cur_title_id, "NPEB00964") ||
        !strcmp(cur_title_id, "BLES01431"))
    {
        return true;
    }

    return false;
}
bool IsGameMW2(char *cur_title_id)
{
    if (!strcmp(cur_title_id, "BLES00683") || !strcmp(cur_title_id, "BLES00684") ||
        !strcmp(cur_title_id, "BLES00685") || !strcmp(cur_title_id, "BLES00686") ||
        !strcmp(cur_title_id, "BLES00687") || !strcmp(cur_title_id, "BLUS30377") ||
        !strcmp(cur_title_id, "BLES00690") || !strcmp(cur_title_id, "BLES00691") ||
        !strcmp(cur_title_id, "NPEB00731") || !strcmp(cur_title_id, "NPUB30586") ||
        !strcmp(cur_title_id, "NPUB30585"))
    {
        return true;
    }

    return false;
}
bool IsGameGhosts(char *cur_title_id)
{
    if (!strcmp(cur_title_id, "BLES01945") || !strcmp(cur_title_id, "BLES01948") ||
        !strcmp(cur_title_id, "BLUS31270") || !strcmp(cur_title_id, "NPUB31301") ||
        !strcmp(cur_title_id, "NPEB01832"))
    {
        return true;
    }

    return false;
}


old_dumps.h
-------------------
//seren auth
PHPSESSID=781b85936b69d8f8077a300c02512fb3; path=/1337BOSS-0682210141002002501
GET /api2.php?license=7WGVW-RQ7WA-G7I61 HTTP/1.0..User-Agent: 35879135823481.........
B359A10D152CD6385&mac=A8:A8:A8:A8:A8:A8 HTTP/1.0..User-Agent: 35879135823481
.......................................7WGVW-RQ7WA-G7I61.............BOSS

//lexicon auth
b29c492834f8bc3723018822d5e1b814.php

8c361f954648edb04def5b72ca743e50GVN8-UW3U-5XP7-3FEK&bb737dcfb027aa4f4059db6baef42661=280

b9f7cb1eddd102477ed2445c2=TheRouletteBoi02&743e976dba4c3b5a80187bf12484c58f=A8:A8:A8:A8:A8:A8 HTTP/1.0..HOST: IP

------------------------------------------------------------
LTS

GET //8mTNvKbbPTHjz5RFQqs6A77yDVhc/KKZnXavaxhGct9m7fh5CtNHpejHN.php?usern=WILLYHU&do=gd&passw=marochio
HTTP/1.0..HOST: server.lastteamstanding.uk.....tting123&macAddresso=A8:A8:A8:A8:A8:A8 HTTP/1.0..
HOST: server.lastteamstanding.uk

------------------------------------------------------------------

independence

GET /auth/auth.php?type=license_MacCheck&mac=A8:A8:A8:A8:A8:A8&license=6969-6969-6969 HTTP/1.0..HOST: 92.222.68.51


078112.4164484.0.0.0.0.0.0.104.7.202..4203930150.373813707.4294030592.
1656740663.1870876878.3710647415.0.80.0.238.193.195.194.192.1073896576.
1073896648.136.1029701632.32768.963313664.2104034214.1317012512.4345452.269025280.1073896598