Ted2

Crashes :S Edit: did the CMP to MOV W0, #1, should've been MOV W8, #1. Works fine now, thankyou Shmoo!

Hey, So I'm trying to make my hack support arm64 devices too, lazy too use AutoLipo & since most devices are arm64 it's good to understand it I think. So the hack is done for armv7, I got a boolean function which looks like this in armv7: __text:003D5A58 sub_3D5A58 __text:003D5A58 __text:003D5A58 CMP R0, #0 __text:003D5A5A ITTT EQ __text:003D5A5C MOVEQ R0, #0 __text:003D5A5E SXTBEQ R0, R0 __text:003D5A60 BXEQ LR __text:003D5A62 MOV R1, #(_OBJC_IVAR_$_Something) ; char _somethign; __text:003D5A6A ADD R1, PC ; char _something; __text:003D5A6C LDR R1, [R1] ; char _something; __text:003D5A6E LDRB R0, [R0,R1] __text:003D5A70 SXTB R0, R0 __text:003D5A72 BX LR What I did here was, Change CMP R0, #0 to MOV R0, #1 and change MOVEQ R0, #0 to MOVEQ R0, #1. This worked. Now I went to the same function in arm64, and my mind was like This is the code: sub_10041D8DC ; CODE XREF: sub_10031C83C+228�p __text:000000010041D8DC __text:000000010041D8DC CBZ X0, locret_10041D8F4 __text:000000010041D8E0 ADRP X8, #_OBJC_IVAR_$_something._something@PAGE ; bool _something; __text:000000010041D8E4 LDRSW X8, [X8,#_OBJC_IVAR_$_Something._something@PAGEOFF] ; bool _something; __text:000000010041D8E8 LDRB W8, [X0,X8] __text:000000010041D8EC CMP W8, #0 __text:000000010041D8F0 CSET W0, NE __text:000000010041D8F4 __text:000000010041D8F4 locret_10041D8F4 ; CODE XREF: sub_10041D8DC�j __text:000000010041D8F4 RET So I was actually looking for a boolean, which I thought was: MOV X0, #0 or MOV W0, #0. The only function I see which I have to include is the CMP. So my question, what's the boolean function? Is it diffrent named in arm64 binary's? Thankyou in advance

Oh mistake by me

It isn't a patcher. So you can not control it

set watchpoint: w s e -- 0xiGGAdress Then let it add or substract in game & u get ida offset

There is already a tutorial for this..

Enough good tuts on this forum. Idont thibk flexconverter will get a update

I think @Amuyea told you in SB that flex3 might not be supported. But u can also write a own tweak

I don't think the function 'have' is in the class 'AppDelgate'. See in flex which class it has & replace that one with AppDelgate.

Sick

Are you high or what? Tf dude.

Decompile apk using apktool. Also this is in the tutorial section.

Yes & the folder is called 'smali' after you decompiled it. It's not easy af, my 2 tutorials are easy smali hacking. imo it's the hardest hacking thing, when it's using reflections etc. (On android besided sub_x)

compiled classes.dex = smali files. it's code of the game, u can hack it. decompile .apk fot access & see tutorial section for seing how to hack with if

Make new & write down.

U can mail apple, they love free money. Or just create a new second apple ID. Not that hard

is it a cracked version?

I'll be back in 45 mins. Gotta bring my old books to school

0x10 is just a code. for example sometimes you got a item in store, they are all diftrent named. Henk = 0x0, jan = 0x1, pieter = 0x3, Joka = 0x4 etc etc. i don't think it's something you wanna hack. Atleast the 0x10, maybe the IDA function (if u can load the .so atleast)

U can hack level too but then u dont have any missons etc :lol

Hack it too

Thanks for the feedback!

Sick

Credits: @castix

Sick