Batch  

Since ellekit got updated, this will no longer be needed, use laxus hack instead

In the next tutorial, I’ll show invoke function for it

Hello everyone, today i'll show you how to hack Unity Game using il2cpp resolver Level: Beginner Game: Subway Surf Requirements: - Theos (https://theos.dev/docs/installation) - DNSpy (https://github.com/dnSpy/dnSpy) / IlSpy (https://github.com/icsharpcode/ILSpy) - Batchh Mod Menu Template (Template) - Follow the tutorial carefully! What we will make: - Will make this: Subway Surf All Version Hack - SOO Let's START!!! Step 1 (Dump our game): - What "Dump our game" means: Dumping is extracting data or code from a binary file for analysis or modification. IL2CPPDumper is a tool used to extract metadata and code from Unity games that use the IL2CPP scripting backend. - To perform the dump we'll use: https://armconverter.com/il2cppdumper but first we need to get our decrypter game, from here https://armconverter.com/decryptedappstore/us/Subway surf - Now to perform the dump just extract the zip of the decrypted game, and you need to get two files: UnityFramework and global-metadata.dat - UnityFramework is located in "Frameworks/UnityFramework.framework/" - global-metadata.dat is located in "Data/Managed/Metadata" - Drop the UnityFramework (Executable) on the left box and drop the global-metadata.dat in the right box - Wait and then download the results! (If you're lazy here the dumped zip: https://iosddl.net/07d83ef42134a41e/com.kiloo.subwaysurfers-3.31.0-Decrypted.ipa-il2cppdumper.zip) Step 2 (Open the dumped data): - Open DNSpy / ILSpy then choose files and open the folder where you extracted the dump zip you need to select all the file insinde DummyDll Step 2.5 (Open the Batchh mod menu template): - Theos need to be installed! - To open the mod menu template you simply run this command in your terminal inside the folder you want your mods: $THEOS/bin/nic.pl - Fill all the information required, for the information about the app they can be found in: https://armconverter.com/appinfo Step 3 (Let's search values in the DNSpy/ILSpy): - Open a txt file to write down what we find! (it will be useful after) - What we want to achieve is: Unlimited Jumps, Unlimited currency, No Collision - But first let's change our search options to "Method", for our purpose: - Let's search for "Jump", maybe we can the checker that handles the jump: - As you can see there are alot, so how can we find it? After some time it will became more easy to find! My though process for unlimited jump is to find the handler of "can jump", so let's search it! - We found two result, the first one is the right one! "System....", that is not correlate with what we want. So double click the "CanJump" Method: - As you can see we get direct to the Class that contains out method, also in the left you can open the toggle arrow to reveal all the methods and fields inside the class. - So let's write down in our txt file, the Assembly we're in, this can be found by scrolling all the way up: - Right now we are in "Assembly-CSharp.dll", now let's write down our Class, namespace, method name, to find this scroll all the way up inside the CanJump class: - We see that our Namespace is "SYBO.RunnerCore.Character", our Class is "CharacterMotor", our Method name is "get_CanJump". - Before searching for Unlimited currency or No Collision let's explore class CharacterMotor and see if we can find anything. - In this class we can find two methods related to collision "CheckFrontalImpact" and "CheckSideImpact", we will use this for our no collision, also as you can see in these two there are 1 arguments "impactState", write it down that too. - Let's search for the currency, the first thing it comes to my mind is to search GetCurrency: - Note that also this one has 1 argument "CurrencyType" it indicates the type of currency - We also need Class, namespace, do as before! Namespace = SYBO.Subway.Meta, Class = WalletModel Step 4 (Coding): - I've made my template as simple as possible, all the changes and coding will be done in Cheat/ folder, for this particular hack we'll use Patches.h and Offset.h - First let's change our Offset.h this is where all the offsets are stored, with my new method "il2cpp resolver" we now don't need to hard code the offset anymore! //Offset.h namespace offset { namespace CharacterMotor { uint64_t CheckSideImpact = 0x0; uint64_t CheckFrontalImpact = 0x0; uint64_t get_CanJump = 0x0; } namespace WalletModel { uint64_t GetCurrency = 0x0; } } - So as you can see from the code i defined with Class and Method inside them, this will be for having more clarity! You can do how you like it, this is my method of storing them. - Now let's go to Patches.h where the real code begin (Don't worry it's not hard, even if you don't know how to code!) //Patches.h #ifndef PATCHES_H #define PATCHES_H #include "../KittyMemory/MemoryPatch.hpp" #include "Offset.h" #include "Settings.h" #include "Util.h" #include "il2cpp.h" struct PatchInfo { MemoryPatch patch; bool* setting; }; std::vector<PatchInfo> patch_infos; void addNewPatch(uintptr_t offset, const char* hexPattern, bool* setting) { MemoryPatch newPatch = createUnityFrameworkPatch(offset, hexPattern); if (!newPatch.isValid()) return; patch_infos.push_back({newPatch, setting}); } void initPatch() { //here init your patches } #endif // PATCHES_H - This is how it should look like, now let's edit it! All the edit will be inside the initPatch function. - For this hack we'll use as i said my Il2cpp resolver what does that do? Retrieve information of the game based on Assembly, Class, Method, and other stuff we'll cover in next tutorial! - So let's finish our code! void initPatch() { Il2CppAttach(); Il2CppMethod AsmMethod("Assembly-CSharp.dll"); offset::CharacterMotor::CheckSideImpact = AsmMethod.getClass("SYBO.RunnerCore.Character", "CharacterMotor").getMethod("CheckSideImpact", 1); offset::CharacterMotor::CheckFrontalImpact = AsmMethod.getClass("SYBO.RunnerCore.Character", "CharacterMotor").getMethod("CheckFrontalImpact", 1); offset::CharacterMotor::get_CanJump = AsmMethod.getClass("SYBO.RunnerCore.Character", "CharacterMotor").getMethod("get_CanJump", 0); offset::WalletModel::GetCurrency = AsmMethod.getClass("SYBO.Subway.Meta", "WalletModel").getMethod("GetCurrency", 1); } - As you can see this uses all the information we gathered before! What does this do? Retrieve information! - Now we need to execute the hack! How? by calling function patch(offset, modify) void initPatch() { Il2CppAttach(); Il2CppMethod AsmMethod("Assembly-CSharp.dll"); offset::CharacterMotor::CheckSideImpact = AsmMethod.getClass("SYBO.RunnerCore.Character", "CharacterMotor").getMethod("CheckSideImpact", 1); offset::CharacterMotor::CheckFrontalImpact = AsmMethod.getClass("SYBO.RunnerCore.Character", "CharacterMotor").getMethod("CheckFrontalImpact", 1); offset::CharacterMotor::get_CanJump = AsmMethod.getClass("SYBO.RunnerCore.Character", "CharacterMotor").getMethod("get_CanJump", 0); offset::WalletModel::GetCurrency = AsmMethod.getClass("SYBO.Subway.Meta", "WalletModel").getMethod("GetCurrency", 1); //ADD PATCHES patch(offset::CharacterMotor::CheckSideImpact, "C0035FD6"); //return so it doesn't execute the check patch(offset::CharacterMotor::CheckFrontalImpact, "C0035FD6"); //return patch(offset::CharacterMotor::get_CanJump, "20008052C0035FD6"); //Set the can jump to 'true' patch(offset::WalletModel::GetCurrency, "007C009B007C009BC0035FD6"); //Multiply the value by it self 2 times } - And this is it! the hack are already enabled it! On the next tutorial we'll see how to add options, and use checkboxes - Now it's you're turn to add more hacks to it! - I know you are wondering what is "C0035FD6", "2008052C0035FD6" those are assembly code, how can you get them? from using this converter: https://armconverter.com/ Step 5 (Bonus arm code): - C0035FD6 = ret = return - 20008052 = movz w0, #1 = set boolean to true - 00008052 = movz w0, #0 = set boolean to false - 00F0271E = fmov s0, #31 = High float value - 007C009B = mul x0, x0, x0 = Multiply int - 00E284D2 = mov x0, #10000 = Set int to 10k - You can figure out the rest or google it! This is the end! Thanks for reading and hope this will help you create a Unity hack on your own, if you need any help feel free to comment, i'll try to respond to everyone! Credits: - @batchh

Modded/Hacked App: Subway Surfers By Sybo Games ApS Bundle ID: com.kiloo.subwaysurfers iTunes Store Link: https://apps.apple.com/us/app/subway-surfers/id512939461?uo=4 Mod Requirements: - Jailbroken iPhone/iPad/iPod Touch. - iGameGod / Filza / iMazing or any other file managers for iOS. - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak. - PreferenceLoader (from Cydia, Sileo or Zebra). Hack Features: - No Collision (Immortal) - Unlimited Jumps - Unlimited Currency Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/ Modded Android APK(s): https://iosgods.com/forum/68-android-section/ For more fun, check out the Club(s): https://iosgods.com/clubs/ iOS Hack Download Link: [Hidden Content] Installation Instructions: STEP 1: Download the .deb Cydia hack file from the link above. Use Safari/Google Chrome or other iOS browsers to download. STEP 2: Once the file has downloaded, tap on it and then you will be prompted on whether you want to open the deb with iGameGod or copy it to Filza. STEP 3: If necessary, tap on the downloaded file, and then, you will need to press 'Install' from the options on your screen. STEP 4: Let iGameGod/Filza finish the cheat installation. Make sure it successfully installs, otherwise see the note below. STEP 5: If the hack is a Mod Menu — which is usually the case nowadays — the cheat features can be toggled in-game. Some cheats have options that can be enabled from your iDevice settings. STEP 6: Turn on the features you want and play the game. You may need to follow further instructions inside the hack's popup in-game. NOTE: If you have any questions or problems, read our Troubleshooting topic & Frequently Asked Questions & Answers topic. If you still haven't found a solution, post your issue down below and we'll do our best to help! If the hack does work for you, please post your feedback below and help out other fellow members that are encountering issues. Credits: - @batchh Cheat Video/Screenshots: N/A

Thanks Trying to make quality content for the community

Nice work!

Nice work!

Updated! + Il2cpp strings + Minor fixes

Updated! Added setting save state

I think an admin or someone that has permission

Updated!

Modded/Hacked App: Soul Weapon Idle By Highbrow Bundle ID: com.highbrow.games.swidle iTunes Store Link: https://apps.apple.com/us/app/soul-weapon-idle/id6463790728?uo=4 Mod Requirements: - Jailbroken iPhone/iPad/iPod Touch. - iGameGod / Filza / iMazing or any other file managers for iOS. - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak. - PreferenceLoader (from Cydia, Sileo or Zebra). Hack Features: MOB-SECTION - Instant Die PLAYER SECTION - God Mode - Attack Speed - Fast Skill Cool Down Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/ Modded Android APK(s): https://iosgods.com/forum/68-android-section/ For more fun, check out the Club(s): https://iosgods.com/clubs/ iOS Hack Download Link: [Hidden Content] Installation Instructions: STEP 1: Download the .deb Cydia hack file from the link above. Use Safari/Google Chrome or other iOS browsers to download. STEP 2: Once the file has downloaded, tap on it and then you will be prompted on whether you want to open the deb with iGameGod or copy it to Filza. STEP 3: If necessary, tap on the downloaded file, and then, you will need to press 'Install' from the options on your screen. STEP 4: Let iGameGod/Filza finish the cheat installation. Make sure it successfully installs, otherwise see the note below. STEP 5: If the hack is a Mod Menu — which is usually the case nowadays — the cheat features can be toggled in-game. Some cheats have options that can be enabled from your iDevice settings. STEP 6: Turn on the features you want and play the game. You may need to follow further instructions inside the hack's popup in-game. NOTE: If you have any questions or problems, read our Troubleshooting topic & Frequently Asked Questions & Answers topic. If you still haven't found a solution, post your issue down below and we'll do our best to help! If the hack does work for you, please post your feedback below and help out other fellow members that are encountering issues. Credits: - @batchh Cheat Video/Screenshots: N/A

Manual ban i think, there isn't an anticheat, you can follow this to unban your device if banned:

UPDATED I added comment that refers to il2cpp resolver page release so there's some example, for the documents it's more easy to change things for me

UPDATED Added support for arm64e devices!!!

UPDATED

UPDATE

UPDATE

That's perfect, thanks!

Don't worry, i'll figure that out!

In the first popup what's the real address, it's 0x166CDF0?

What iPhone and version, what jailbreak? Also try to wait a bit before clicking “thank you”

IOS-il2cppResolver Enjoy ❤️ Download: [Hidden Content] What is this? This project provides tools for interacting with Unity's IL2CPP (Intermediate Language to C++), specifically designed to work within Theos. What it allows us to do: - Complete access to IL2CPP Games! - Manipulate Methods/Fields/gameobject/Camera..and much more... Credits: - @batchh - Sneakyevil

The goat

That's not an error, it just the offset finded ahah