Ted2

Where dis you get the hacked file from? also you know you gotta unzip the .zip & those documents you need to import?

LDR R0, [R7] BX LR. this will load 803milion into R0 (the main value) i think MOV R0, R7 would work too

The offset you get from lldb, is probs right. But it's not always the exact thing lldb says, for you the ldr. If u could post a code/screenshot of the entire function, others (maybe me) can help more. Also r7 is in armv7 a big value, but it seems like you're hacking arm64, so that will be diffrent. have a look at this post:

You don't get infite rom & prof pointa or don't u know where it is?

You mean from the begin of the function? If yes, that will crash the game

Start with non sub_x games first, master that & then try sub_x.

Yea, I was looking there. But got confused when in the arm64 function wasn't a boolean to false like it was in the armv7 function The LDRB to MOV W8, #1 doesn't seem to work, but I'll just keep it with the other ine

Crashes :S Edit: did the CMP to MOV W0, #1, should've been MOV W8, #1. Works fine now, thankyou Shmoo!

Hey, So I'm trying to make my hack support arm64 devices too, lazy too use AutoLipo & since most devices are arm64 it's good to understand it I think. So the hack is done for armv7, I got a boolean function which looks like this in armv7: __text:003D5A58 sub_3D5A58 __text:003D5A58 __text:003D5A58 CMP R0, #0 __text:003D5A5A ITTT EQ __text:003D5A5C MOVEQ R0, #0 __text:003D5A5E SXTBEQ R0, R0 __text:003D5A60 BXEQ LR __text:003D5A62 MOV R1, #(_OBJC_IVAR_$_Something) ; char _somethign; __text:003D5A6A ADD R1, PC ; char _something; __text:003D5A6C LDR R1, [R1] ; char _something; __text:003D5A6E LDRB R0, [R0,R1] __text:003D5A70 SXTB R0, R0 __text:003D5A72 BX LR What I did here was, Change CMP R0, #0 to MOV R0, #1 and change MOVEQ R0, #0 to MOVEQ R0, #1. This worked. Now I went to the same function in arm64, and my mind was like This is the code: sub_10041D8DC ; CODE XREF: sub_10031C83C+228�p __text:000000010041D8DC __text:000000010041D8DC CBZ X0, locret_10041D8F4 __text:000000010041D8E0 ADRP X8, #_OBJC_IVAR_$_something._something@PAGE ; bool _something; __text:000000010041D8E4 LDRSW X8, [X8,#_OBJC_IVAR_$_Something._something@PAGEOFF] ; bool _something; __text:000000010041D8E8 LDRB W8, [X0,X8] __text:000000010041D8EC CMP W8, #0 __text:000000010041D8F0 CSET W0, NE __text:000000010041D8F4 __text:000000010041D8F4 locret_10041D8F4 ; CODE XREF: sub_10041D8DC�j __text:000000010041D8F4 RET So I was actually looking for a boolean, which I thought was: MOV X0, #0 or MOV W0, #0. The only function I see which I have to include is the CMP. So my question, what's the boolean function? Is it diffrent named in arm64 binary's? Thankyou in advance

Oh mistake by me

It isn't a patcher. So you can not control it

set watchpoint: w s e -- 0xiGGAdress Then let it add or substract in game & u get ida offset

There is already a tutorial for this..

Enough good tuts on this forum. Idont thibk flexconverter will get a update

I think @Amuyea told you in SB that flex3 might not be supported. But u can also write a own tweak

I don't think the function 'have' is in the class 'AppDelgate'. See in flex which class it has & replace that one with AppDelgate.

Sick

Are you high or what? Tf dude.

Decompile apk using apktool. Also this is in the tutorial section.

Yes & the folder is called 'smali' after you decompiled it. It's not easy af, my 2 tutorials are easy smali hacking. imo it's the hardest hacking thing, when it's using reflections etc. (On android besided sub_x)

compiled classes.dex = smali files. it's code of the game, u can hack it. decompile .apk fot access & see tutorial section for seing how to hack with if

Make new & write down.

U can mail apple, they love free money. Or just create a new second apple ID. Not that hard

is it a cracked version?

I'll be back in 45 mins. Gotta bring my old books to school