Overview

Youre not just throwing the .ipa into ghidra right? Also its not easy to just find functions etc. You need to actively debug the game if it is non-unity which means il2cpp decompiler wont work therefore making you have to not only debug the game but also go through the trouble of resolving stuff too and figuring it out.

Im attempting to make a hack for dragonfist limitless but I can't quite figure out how to sort through all of these functions, I am familiar with assembly but if someone could help me out by maybe sitting down with me or pointing me in the right direction I would love you for it. Discord: murderher_

Can anybody help me make maple rush hack work

HELP

Macro on version 2.11.1 isnt working please mod update the agar.io app for version 2.11.2

I always stop binary analysis after it is finished naming functions. This isn't bad lag but its noticeable and annoying

I believe this happens when IDA is still processing the binary and you're searching in the Functions window or you have a search going already.

mine lags too but thats just because my mac is getting old as hell lol. bought it in 2012.

Wow

close the functions window no more lag

Nice!

This is amazing for everyone because now we don't have to rely on existing strings to make strings, and we also don't have to deal with the f***ery of UTF16!! I can finally make strings of any length. No char arrays, no stupid bs. Just regular c strings In the dump search for private string CreateString(PTR value); // 0x1008EBE9C Obviously your offset will be different. Then make a pointer to it (and I don't know why this method isn't static because the this pointer isn't used): monoString *(*String_CreateString)(void *_this, const char *str) = (monoString *(*)(void *, const char *))getRealOffset(0x1008EBE9C); Then make your string like this: monoString *str = String_CreateString(NULL, "Hello this is a string of any length in Unity. WOOOOOOOOOOOOOOOOOOOOOOOOO"); And you'll have your very own Unity string https://twitter.com/hackedbyshmoo/status/990034671844184064

Interesting. I've seen these around too sometimes.

Have you ever seen something like MOV V0.16B, V1.16B? I'm still trying to figure out how what is stored in these registers is significant and why manipulating floats is done this way on arm64. However, I figured out that V and S registers correspond with each other. S0 = V0, S1 = V1, etc So if you have something like FMOV S0, #1.0 MOV V1.16B, V0.16B and you want to modify V1 (aka S1) to 31.0, you can change MOV V1.16B, V0.16B to FMOV S1, #31.0!

I freed up like 4.5 GB of space by deleting old binaries

This one's nice! Thanks

That's not all you can do, but the key combo Ctrl+1+Enter creates a new disassembly window

Ah nice

If you need to see where a function is being called from you can do if(__builtin_return_address(0) == (void *)/*offset*/){ //... }