Actually fixed Android

It didnt work for all UE4 games, now it should

Author: EZFNDEV

ReadMe.md

@@ -3,6 +3,13 @@ It can be really difficult to get the AES Key of a game if you do not know what
 #### If this doesn't work for you just a open a new issue, but provide the game name and a memory dump of it, if you already have the AES Key or find it later please provide that too :)
 You can use https://github.com/NtQuery/Scylla to get a memory dump of your game
 
+## Android (arm64-v8 only)
+For android games you will get two AES Keys, that is because I do not know when the key is + 0x1000 after the offset it should be at. Just try both :)
+(If you know why the location is 0x1000 bytes forward please make a pr)
+
+## Android (armeabi-v7a)
+If you send me a library + AES Key I can add support for that too
+
 ### Example outputs:
 ```
 Please select from where you want to get the AES Key

UEAESKeyFinder/Searcher.cs

@@ -116,19 +116,7 @@ public int FollowJMP(int addr)
 
         return addr;
     }
-    public int GetPageAddress(int Addr, int PageSize)
-    {
-        // log2
-        PageSize |= PageSize >> 1;
-        PageSize |= PageSize >> 2;
-        PageSize |= PageSize >> 4;
-        PageSize |= PageSize >> 8;
-        PageSize |= PageSize >> 16;
-        int bits_page_offset = new List<int>() { 0, 9, 1, 10, 13, 21, 2, 29, 11, 14, 16, 18, 22, 25, 3, 30, 8, 12, 20, 28, 15, 17, 24, 7, 19, 27, 23, 6, 26, 5, 4, 31 }[(PageSize * 0x07C4ACDD) >> 27];
-
-        return (Addr >> (bits_page_offset - 1)) << (bits_page_offset - 1);
-    }
-    public int DecodeADRP(int adrp) // https://chromium.googlesource.com/chromiumos/third_party/binutils/+/refs/heads/stabilize-7374.B/gold/aarch64.cc#150
+    public UInt64 DecodeADRP(int adrp) // https://chromium.googlesource.com/chromiumos/third_party/binutils/+/refs/heads/stabilize-7374.B/gold/aarch64.cc#150
     {
         const int mask19 = (1 << 19) - 1;
         const int mask2 = 3;
@@ -141,17 +129,20 @@ public int DecodeADRP(int adrp) // https://chromium.googlesource.com/chromiumos/
         int value = imm << 12;
         // Sign extend to 64-bit by repeating msbt 31 (64-33) times and merge it
         // with value.
-        return ((((int)(1) << 32) - msbt) << 33) | value;
+        return (UInt64)(((((int)(1) << 32) - msbt) << 33) | value);
     }
-    public int GetADRPAddress(int ADRPLoc)
+    public UInt64 DecodeADD(int add)
     {
-        int ADRP = DecodeADRP(BitConverter.ToInt32(this.ProcessMemory, ADRPLoc));
-        int ADD = BitConverter.ToInt32(this.ProcessMemory, ADRPLoc + 4);
-
-        int imm12 = (ADD & 0x3ffc00) >> 10;
-        if ((ADD & 0xc00000) != 0) imm12 <<= 12;
+        var imm12 = (add & 0x3ffc00) >> 10;
+        if ((imm12 & 0xc00000) != 0) imm12 <<= 12;
+        return (UInt64)imm12;
+    }
+    public int GetADRLAddress(int ADRPLoc)
+    {
+        UInt64 ADRP = DecodeADRP(BitConverter.ToInt32(this.ProcessMemory, ADRPLoc));
+        UInt64 ADD = DecodeADD(BitConverter.ToInt32(this.ProcessMemory, ADRPLoc + 4));
 
-        return GetPageAddress(ADRPLoc, PAGE_SIZE) + ADRP + imm12;
+        return (int)((((UInt64)ADRPLoc & 0xFFFFF000) + ADRP + ADD) & 0xFFFFFFFF);
     }
     public Dictionary<ulong, string> FindAllPattern(out long t)
     {
@@ -167,6 +158,8 @@ public Dictionary<ulong, string> FindAllPattern(out long t)
             {
                 // if this gets no results (or too many) for some reason we could also get the addr that calls this...
 
+                // 01 01 40 AD 01 00 00 AD C0 03 5F D6
+
                 // First instruction is the adrp, then add...
 
                 // Second instruction
@@ -186,11 +179,16 @@ public Dictionary<ulong, string> FindAllPattern(out long t)
                 if (this.ProcessMemory[i + 9] != 0x03) continue;
                 if (this.ProcessMemory[i + 10] != 0x5F) continue;
                 if (this.ProcessMemory[i + 11] != 0xD6) continue;
-
+                
                 aesKey = "";
-                int aesKeyAddr = GetADRPAddress(i - 8);
+                int aesKeyAddr = GetADRLAddress(i - 8);
+
                 aesKey += BitConverter.ToString(this.ProcessMemory[aesKeyAddr..(aesKeyAddr + 32)]).ToString().Replace("-", "");
                 offsets.Add(AllocationBase + (ulong)aesKeyAddr, $"0x{aesKey}");
+
+                aesKeyAddr += 0x1000; // Please fix this, idk when its + 0x1000 and when not....
+                aesKey = BitConverter.ToString(this.ProcessMemory[aesKeyAddr..(aesKeyAddr + 32)]).ToString().Replace("-", "");
+                offsets.Add(AllocationBase + (ulong)aesKeyAddr, $"0x{aesKey}");
             }
         }
         else