Ted2

haha alright, thanks DiDa, you're my hero

Lol I feel so stupid sometimes.. It was switched off -.- Works now. Why 381c7047 though?

ehmm, it still doesn't work.. I've defenitly thinned it this time

I did thin the binary to armv7 using shmoo's tutorial about 'How to perform a Binary patch' edit: you're right.. I redownloaded because otherwise it would've loaded my hacks still into it. Sh*t man, lol sorry.. I feel so stupidd My bad & thankyou for helping

Heyyy it's me again.. I used this tutorial also: https://www.dropbox.com/s/y3rcskg8uigt5lm/IDA PRO Code Inject Tutorial.pdf?dl=0 I'm kind of practicing to work with IDA on Pou, So I figured out how to hack some functions by editing the binary using a hex editor. Now I wanted to try to make a code injection tweak out of it. The function is: ; Coins - (int)have __text:0003EBD4 ; Attributes: bp-based frame __text:0003EBD4 __text:0003EBD4 ; int __cdecl -[Coins have](struct Coins *self, SEL) __text:0003EBD4 __Coins_have_ ; DATA XREF: __objc_const:0045C890o __text:0003EBD4 PUSH {R4-R7,LR} __text:0003EBD6 ADD R7, SP, #0xC __text:0003EBD8 MOV R4, R0 __text:0003EBDA MOV R0, #(_OBJC_IVAR_$_Coins.given - 0x3EBEA) ; int given; __text:0003EBE2 MOVW R1, #:lower16:(selRef_collected - 0x3EBF0) well the function is longer, but in the hex editor I changed ; Coins - (int)have __text:0003EBD4 ; Attributes: bp-based frame __text:0003EBD4 __text:0003EBD4 ; int __cdecl -[Coins have](struct Coins *self, SEL) __text:0003EBD4 __Coins_have_ ; DATA XREF: __objc_const:0045C890o __text:0003EBD4 PUSH {R4-R7,LR} __text:0003EBD6 ADD R7, SP, #0xC TO: ; Coins - (int)have __text:0003EBD4 ; Attributes: bp-based frame __text:0003EBD4 __text:0003EBD4 ; int __cdecl -[Coins have](struct Coins *self, SEL) __text:0003EBD4 __Coins_have_ ; DATA XREF: __objc_const:0045C890o __text:0003EBD4 MOV R0,R7 __text:0003EBD6 BX LR This worked. So the HEX Offsets I need are 0003ebd4 & 0003ebd6 Right? So what I did in my tweak.xm was: %ctor { if(GetPrefBool(@"key1")) { writeData(0x3ebd4, 0x38467047); writeData(0x3ebd6, 0x7047); } else { } It had no effect, however I got the credit popup which is automaticly added in the tweak.xm So after that I tried this, which didn't make sense to me since the BX LR had another hex adress %ctor { if(GetPrefBool(@"key1")) { writeData(0x3ebd4, 0x38467047); } else { } } but this didn't work either.. It doesn't make any sense I try this on Pou, since this can be hooked too, but for me it's just practicing & playing around lol Someone knows what the problem can be? Am I doing something wrong? Thankyou in advance!

Lemme see

Thanks guys

hi, So I got this function: Coins - (int)cheated __text:0003F99C __text:0003F99C ; int __cdecl -[Coins cheated](struct Coins *self, SEL) __text:0003F99C __Coins_cheated_ __text:0003F99C MOV R1, #(_OBJC_IVAR_$_Coins.cheated - 0x3F9A8) ; int cheated; __text:0003F9A4 ADD R1, PC ; int cheated; __text:0003F9A6 LDR R1, [R1] ; int cheated; __text:0003F9A8 LDR R0, [R0,R1] __text:0003F9AA BX LR Iknow I could MSHook this, but I wanna practice IDA.. So.. how would I return the int to 0? I've no idea which one I have to change.. I thought the first MOV to MOV R1, #0 but I don't think it worked.. help would be great!

you'll have to search for functions

read this: http://androidcracking.blogspot.nl/2011/10/if-app-requires-unlocker-key-app-its.html

they used protection using checksums, very hard to crack most of the time.

Bypasses the 'Please download ....' screen. It's now stuck at the loading screen

the public boolean allowAccess could be encoded too, so it could have got any name. Anyways, the error you get isn't written in the smali files or .so file either. So that's a bit weird, I'm gonna do some research

You are AMAZING.

Thanks mate Link is dead bro

Probably google play DRM. not sure if they encoded their game totally but you can try thi search in all smali files (using 'find in files') for: public boolean allowAccess () then Do this: const v0, 0x1 return v0 Big chance it can be DRM 101 too. this is harder to bypass. And can't tell this in steps lol. download Lucky patcher & see if it says that there is a google play verification. You can try the program 'AntiLVL too, this bypasses lots of DRM protection included Google Play Verification

Awesome

ohhh, like that.

what do you mean by animation?

I think for everyone it's locked. cause it's not working anymore or another reasong

Nice hax

my bad

doesn't this work

Damn intresting. Hope someone could help