Ted2

Turned of find my iphone?

What?

This one is sick, only the answers are helping allot.

Pm me & I'll do it

Good you still enjoy

Sorry, i dont understand you

Sick

I just tested the hack on latest version, I do get unlimited prof & rom points once I earned some. Also, kim's sister? lol Are you talking about another game?

Already got vip, but iOSGods = But lemme answer tho Tutorial I use the most, still. So much good tutorials here tho, the pinned IDA Tutorial is sick too!

Take the aslr from the lldb offset. See if that matches in IDA.

Overwrite the other folders

U got a documents &/or libary folderfrom the zip i suppose? Import those folders & try again.

Yea, sometimes u can just change LDR to a MOV, artleast I've done it + tutorials say that it can be done too

I'm not sure, u could try chane the SUB to an ADD, when u'll buy something the coins won't substract but they'll add it. btw for arm64 u gotta remove aslr loaded offset. Now U got the wrong function in IDA. how you do that is by type 'image list' in lldb & then the above line. There's also a tutorial madr about how to do that, something called like 'how to defeat aslr.....'

Not sure what you mean by freeze? Like it stays the same for ever? I think you have to use mov r0, r7 for that.. Not sure tho

Where dis you get the hacked file from? also you know you gotta unzip the .zip & those documents you need to import?

LDR R0, [R7] BX LR. this will load 803milion into R0 (the main value) i think MOV R0, R7 would work too

The offset you get from lldb, is probs right. But it's not always the exact thing lldb says, for you the ldr. If u could post a code/screenshot of the entire function, others (maybe me) can help more. Also r7 is in armv7 a big value, but it seems like you're hacking arm64, so that will be diffrent. have a look at this post:

You don't get infite rom & prof pointa or don't u know where it is?

You mean from the begin of the function? If yes, that will crash the game

Start with non sub_x games first, master that & then try sub_x.

Yea, I was looking there. But got confused when in the arm64 function wasn't a boolean to false like it was in the armv7 function The LDRB to MOV W8, #1 doesn't seem to work, but I'll just keep it with the other ine

Crashes :S Edit: did the CMP to MOV W0, #1, should've been MOV W8, #1. Works fine now, thankyou Shmoo!

Hey, So I'm trying to make my hack support arm64 devices too, lazy too use AutoLipo & since most devices are arm64 it's good to understand it I think. So the hack is done for armv7, I got a boolean function which looks like this in armv7: __text:003D5A58 sub_3D5A58 __text:003D5A58 __text:003D5A58 CMP R0, #0 __text:003D5A5A ITTT EQ __text:003D5A5C MOVEQ R0, #0 __text:003D5A5E SXTBEQ R0, R0 __text:003D5A60 BXEQ LR __text:003D5A62 MOV R1, #(_OBJC_IVAR_$_Something) ; char _somethign; __text:003D5A6A ADD R1, PC ; char _something; __text:003D5A6C LDR R1, [R1] ; char _something; __text:003D5A6E LDRB R0, [R0,R1] __text:003D5A70 SXTB R0, R0 __text:003D5A72 BX LR What I did here was, Change CMP R0, #0 to MOV R0, #1 and change MOVEQ R0, #0 to MOVEQ R0, #1. This worked. Now I went to the same function in arm64, and my mind was like This is the code: sub_10041D8DC ; CODE XREF: sub_10031C83C+228�p __text:000000010041D8DC __text:000000010041D8DC CBZ X0, locret_10041D8F4 __text:000000010041D8E0 ADRP X8, #_OBJC_IVAR_$_something._something@PAGE ; bool _something; __text:000000010041D8E4 LDRSW X8, [X8,#_OBJC_IVAR_$_Something._something@PAGEOFF] ; bool _something; __text:000000010041D8E8 LDRB W8, [X0,X8] __text:000000010041D8EC CMP W8, #0 __text:000000010041D8F0 CSET W0, NE __text:000000010041D8F4 __text:000000010041D8F4 locret_10041D8F4 ; CODE XREF: sub_10041D8DC�j __text:000000010041D8F4 RET So I was actually looking for a boolean, which I thought was: MOV X0, #0 or MOV W0, #0. The only function I see which I have to include is the CMP. So my question, what's the boolean function? Is it diffrent named in arm64 binary's? Thankyou in advance

Oh mistake by me