Ted2

Got a bucn of errors lol. /var/mobile/kimk/theos/include/substrate.h:310:20: note: candidate function [with Type_ = void] not viable: no known conversion from 'void **' to 'const char *' for 2nd argument static inline void MSHookFunction(MSImageRef image, const char *name, Ty... ^ /var/mobile/kimk/theos/include/substrate.h:284:20: note: candidate template ignored: deduced conflicting types for parameter 'Type_' ('void' vs. 'void *') static inline void MSHookFunction(Type_ *symbol, Type_ *replace, Type_ *... ^ /var/mobile/kimk/theos/include/substrate.h:303:20: note: candidate template ignored: could not match 'type-parameter-0-0 *' against 'void' static inline void MSHookFunction(const char *name, Type_ *replace, Type... ^ /var/mobile/kimk/theos/include/substrate.h:293:20: note: candidate function template not viable: requires 2 arguments, but 3 were provided static inline void MSHookFunction(Type_ *symbol, Type_ *replace) {

Yes sorry.. #import <UIKit/UIKit.h> #import <substrate.h> #import <Foundation/Foundation.h> //tweak.xm by Chrizk0// //template by DiDA// #define PLIST_PATH @"/var/mobile/Library/Preferences/com.Ted2.KimK.plist" inline bool GetPrefBool(NSString *key) { return [[[NSDictionary dictionaryWithContentsOfFile:PLIST_PATH] valueForKey:key] boolValue]; } //make up any function relevant to your symbols.// int (*orig_Cash)(void *self); //*static included before any function to obfuscate while decreasing size in compilation.*// static int Cash(void *self) { if(GetPrefBool(@"key1")) { return 987654321; } else { return orig_Cash(self); } } static bool Cheat(void *self) { if(GetPrefBool(@"key2")) { return FALSE; } else { return orig_Cheat(self); } } //define your symbols with mshookfunction.// __attribute__((constructor)) void DylibMain(){ MSHookFunction(MSFindSymbol(NULL, "__Z16Player_AwardCashP7SPlayeri"),(void*)Cash, (void**)&orig_Cash); MSHookFunction(MSFindSymbol(NULL, "__Z22SceneManager_IsCheaterP13SSceneManager"),(void*)Cheat, (void**)&orig_Cheat); } %end

Hi, I'm making a hack but I got into a weird problem. I made a patcher using a template from here, hacking the game using the 'new mshook way by shmoo'. Whenever I turn the hack ON in settings, the hack aint working. (int) Whenever I turn it OFF, it works perfectly fine. (int) BUT when i turn a boolean function, 'isCheater' ON, it does work. I've checked my tweak.xm, but it's fine. I'm confused as f**k Anyone got a solution?

Thanks!

So, if I wanna know the armv7 offset I gotta thin the binary & then I can figure the armv64 offset out too? Or am I wrong here

Ok thankyou! alright, thnx both of you

Hi, I'm trying to learn LLDB, I got a offset but it's arm64 for sure, can we get the armv7 offset too? Or can we figure the armv7 offset out using the armv64? Hope someone knows the answer! Thankyouu

This does not jailbreak your device. It rejailbreaks it. So get the jailbreak first from official Pangu Site & when that app crashes, you use the site you just used. http://en.pangu.io/help.html

Sometimes things got written like: "name" in the apk function. Then you search in ios strings for that. If the android functiok doesn't have in the hack function something like "name" try to find the closest thing that does, find that in ios strings & try to scroll to the right function that looks like the android one. I think there are other ways too, but this is one way.. Atleast I think

We actually got it working yesterday.. We just had to ignore the error lol

Solved, thank @Zimon & @xiaov & @UnboundGodz

Alright, I tried it again, rebooted first, closed all applications, still same problem. Terminal Window 1: iPhone-van-Joey:~ root# debugserver 192.168.***.***:23 --attach=FraggerFree debugserver-@(#)PROGRAM:debugserver PROJECT:debugserver-320.2.89 for arm64. Attaching to process FraggerFree... Listening to port 23 for a connection from 192.168.***.***... Waiting for debugger instructions for process 0. Terminal window 2: MacBook-Pro:~ Joey$ lldb (lldb) process connect connect://192.168.***.***:23 Process 746 stopped * thread #1: tid = 0x16b3, 0x2111f8a8 libsystem_kernel.dylib`mach_msg_trap + 20, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP frame #0: 0x2111f8a8 libsystem_kernel.dylib`mach_msg_trap + 20 libsystem_kernel.dylib`mach_msg_trap: -> 0x2111f8a8 <+20>: pop {r4, r5, r6, r8} 0x2111f8ac <+24>: bx lr libsystem_kernel.dylib`mach_msg_overwrite_trap: 0x2111f8b0 <+0>: mov r12, sp 0x2111f8b4 <+4>: push {r4, r5, r6, r8} I don't get the problem My device isn't slow at all, iphone 6s are not slow at all

Yes on every app.. Alright i'll try the first thing but second thing is done already

Hi! I've been trying to connect LLDB to a application this whole day, but it doesnt seem to work... Also Zimon tried helping me using TeamViewer, no succes. The process always stops... (lldb) process connect connect://192.168.x.x:23 Process 975 stopped * thread #1: tid = 0x3f69, 0x0000000180d58fd8 libsystem_kernel.dylib`mach_msg_trap + 8, stop reason = signal SIGSTOP frame #0: 0x0000000180d58fd8 libsystem_kernel.dylib`mach_msg_trap + 8 libsystem_kernel.dylib`mach_msg_trap: -> 0x180d58fd8 <+8>: ret libsystem_kernel.dylib`mach_msg_overwrite_trap: 0x180d58fdc <+0>: movn x16, #0x1f 0x180d58fe0 <+4>: svc #0x80 0x180d58fe4 <+8>: ret (lldb) c Process 975 resuming Process 975 exited with status = -1 (0xffffffff) lost connection Why is this happening? I've tried replacing the debugserver file that zimon used too, not working either.. I'm on iOS 9.3.3 on a iPhone 6s Hope someone can help! Thankyou in advance!

I've read somewhere that it's not always the exact offset. Not sure if that was lldb or gdb..

Stay on 9.3.3, also 9.3.3 is jailbreakable & it's awesome ?

Coool

oh kk @Kita123 here: by Joka

for jailbroken devices I think?

Have you logged in again in with the same email in cydia?

lldb doesn't always take you to the exact good adress, sometimes you've too look around the function. I am not skilled with ida, but try to change sub to add or nop. Then, spend coins in game & see if it decreased. Also you hack arm7, make sure the binary is thinned if your phone loads arm64.

See this tut by @shmoo

Sorry

beast!