Ted2

https://github.com/theos/sdks

Search forum first lol

Ikr

Ok when gay xx

Your Code: %hook PromoteViewController -(void)goBuyViews:(int)arg1 numbercoins:(int)arg2 { %orig (arg2, 5); <--> Return arg2 as normal & return arg 1 as 5 } %end The code you want: %hook PromoteViewController -(void)goBuyViews:(int)arg1 numbercoins:(int)arg2 { %orig (arg1, 5); <--> return arg1 as normal & return arg2 as 5. } %end You switched them, wile you think the one effects the other.

No. You do have written now 'return arg2 as normal & return arg1 as 5, which you said you didn't want. this line of code is for all arguments in a function %orig (arg1, arg2, arg3, arg4) So if you need to make arg1 return orignal & arg2 as 5, you do this: %orig (arg1, 5)

%hook PromoteViewController -(void)goBuyViews:(int)arg1 numbercoins:(int)arg2 { %orig (arg1, 5); <----> Now it returns arg1 as what it is normally & returns argument 2 as 5, if you dont want to change both, change 5 to arg2 } %end

com.quickturtle.EmployeeSurvival-en Requires: iOS 7.0 or later. Price: Free Updated: 2017-03-03T22:37:58Z iTunes URL: https://itunes.apple.com/us/app/dont-get-fired/id1008957297?mt=8&uo=4&at=1010lce4 Requirements: - Jailbroken or Non-Jailbroken iPhone/iPad/iPod Touch. - Cydia Impactor. - A Computer Running Windows/Mac/Linux. Hack Features: - Coins (spend some) I know there is a savegame cheat, but someone requested it for iOS 10, so I made this .ipa for him. Hack Download Link: [Hidden Content] Installation Instructions: STEP 1: Uninstall the app if you have it installed on your iDevice. Make sure to back it up so you don't lose your progress. STEP 2: Download the pre-hacked .IPA file from the link above to your computer. STEP 3: Download Cydia Impactor and extract the archive. STEP 4: Open/Run Cydia Impactor on your computer then connect your iOS Device and wait until your device name shows up on Cydia Impactor. STEP 5: Once your iDevice appears, drag the modded .IPA file you downloaded and drop it inside the Cydia Impactor application. STEP 6: You will now be asked to enter your iTunes/Apple ID email login & then your password. Go ahead and enter the required information.. STEP 7: Wait for Cydia Impactor to finish sideloading/installing the hacked IPA. STEP 8: Once the installation is complete and you see the app on your Home Screen, you will now need to go to your Settings -> General -> Profiles & Device Management. Once there, tap on the email you entered from STEP 6, and then tap on 'Trust [email protected]'. STEP 9: Now go to your Home Screen and open the newly installed app and everything should work fine. You may need to follow further instructions inside the hack's popup in-game. NOTE: For free Apple Developer accounts you will need to repeat this process every 7 days. Using a disposable Apple ID for this process is suggested but not required. Jailbroken iDevices can skip using Cydia Impactor and just install the IPA mod with AppSync from Cydia. If you have any questions or problems, read our Cydia Impactor topic and if you don't find a solution, post your issue down below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues. Credits: - @Ted2 Cheat Video/Screenshots: N/A

@BigDaddy284

Hey! If you came here wondering how you create a port23 for lldb using iFunbox, you're at the right place. You need to have place the debugserver file from this topic by @DiDA first. Then IF you're on Windows 10 you follow the video from below. Lower windows, should be able to run mux.exe, if not watch my video also. Video: Credits: @Ted2

I'm gonna make the tutorial right now.

Will make a tutorial on how to do on windows soon (create a port). On mac, you just need terminal. I linked a mac tutorial, in the requirements. Have a look at that

Requested Award: Bulletin Proof: https://iosgods.com/topic/56818-ida-lldb-tutorial-noob-friendly/

Hi, Normally I unban/reset my account using the keychain.db method, using the genp command. Now, I can't find the code for the game I have. For example, this is the code of another game: GW8WLE43LG.zombiegun3d the package name, binary name or anything related ain't there in the keychain.db (i used pc to search too) Is there another way to find out, cause I see some other strange things too. Like this: Q9SM2F33Y6.* Thankyou in advanceee

Both links are working. The .deb is like 18mb, so if you download it using your phone, wait a few seconds when you clicked download. If still not work, copy it using a pc & paste it into your phone using iFunbox.

Ahh, X23,W23 instead of X29&W29?

R7 holds that value I guess. Well, they say it holds 803million, while I get the number from above most of the time if i remember correctly lol.

Watchpoints don't work on gdb. Gdb is connects within seconds, lldb not. Lldb supports arm64, which gdb doesn't

Change it to 777. Those are the right premissions

What?

@Goran this is not Coin Dozer, coin dozer will be in my more 'advanced tutorial' the watchpoints you get from coin dozer, are not directly the right addresses. So that's why I'll cover that in my more advanced & it will be a video.

NOTE: iOS 11 is NOT able to run armv7, most devices run on iOS 11. I suggest NOT to hack armv7 binary, so this tutorial is KINDA useless. You can use this tutorial to reduce your knowledge. I will be making a simulair tutorial for arm64 binaries. Hello Everyone! In this topic I'll explain/show you how you hack games with IDA using lldb &/ GDB on armv7 I'll try to make it as noob friendly as I can, it will be a long tutorial since I'll explain EVERY step. Requirements for this tutorial: - IDA Program -> get it HERE - Jailbroken Phone to test it - Hex Editor - The binary of the game we're gonna hack -> get it HERE * - The game, get it HERE & download v1.11 - LLDB -> For Windows, go HERE & for Mac go HERE - Gameplayer - Theos fully setup (not 100% neccesarry, but since you're learn hacking.. why not?) -> Setup Tutorial * = When you're hacking armv7, I suggest you to remove aslr from the binary using THIS site, so you don't have to calculate every watchpoint & breakpoint. The binary for this tutorial, is thinned & has ASLR removed. The game we are going to hack is called 'Trigger Fist' a dead shoot game, but good to practice with. First thing to do, is load the binary from above into IDA, with these settings: Second thing we need to do is replace the binary of the game with the one from above, since we will be using lldb & we don't want aslr to be loaded. To do this, you'll need Filza Manager from Cydia. First of all, copy the binary, then go to: /var/containers/bundle/appliciation/'Trigger Fist/TriggerFist.app' & paste. Then set the binary premissions like this: To do this, you click the little 'Info' icon next to the binary name. Alright, everything is set for debugging using lldb First of all we need to know what we're going to hack, which is ammo & grenades. So what we're going to do is find the values using Gameplayer, I hope everyone knows how to do that. Write them down if you found both values. You can also do this while you're connected with lldb, but every time you search for a value in Gameplayer, you'll need to type 'continue or c' in the lldb window. I do this because sometimes the game changes the value even if I haven't closed it. Not sure if this also is for this game, but it's up to you how you wanna do it.If you do not know how to find them: Your ammo starts with 30 (atleast for me, if not for you replace numbers from below with yours) Alright, now we need to debug, so we can get the ida offsets. We need to debug with port 23, on mac you don't need to do anything. On windows you run the mux.exe program for it, but if you're on Windows 10 that won't work. We need to do it with iFunbox, using the USB Tunnel option in the toolbox tab. See THIS topic to do this with Windows 10 First we need to make connection with our phone, by runnning this command in SSH Terminal (open using iFunbox) debugserver 127.0.0.1:23 --attach=PID What is 'PID', not sure what it exactly is, but I do know how to find it Open the game, click Gameplayer icon & select the application if it doesn't automaticly. This is the PID: Alright, you typed it in & it should look like this: Now go to your lldb folder & double click lldb.exe A command promt will show up, type this: process connect connect://127.0.0.1:23 It should look like this: It can take some time to make connection, depends on how fast you connection is. When it's connected it will show you this: Alright, so we want to know the ida offsets of the gameplayer addresses we have. We do this by this command w s e -- 0xgameplayeraddress which is for me w s e -- 0x1501ca6c //ammo and w s e -- 0x0ebcec60 //grenades It should say this when you set a watchpoint: Type 'continue' or 'c' in the lldb window to continue the game. Make a change in ammo, the game will freeze, this is good! The lldb window will look like this: This is the ida offset: (marked with <<<<<<<<<) (WRITE IT DOWN + WRITE DOWN TO WHAT THE VALUE CHANGED) (lldb) Process 86864 stopped * thread #1: tid = 0x15350, 0x001527d4 TriggerFist`___lldb_unnamed_function1$$TriggerFist + 1382346, stop reason = watchpoint 3 frame #0: 0x001527d4 TriggerFist`___lldb_unnamed_function1$$TriggerFist + 1382346 TriggerFist`___lldb_unnamed_function1$$TriggerFist + 1373466: -> 0x1527d4 <<<<<<<<<<<<<<<: mov r0, #0x1 0x1527d8: strb r0, [r10, #430] 0x1527dc: mov r0, #0x1 Also type 'register read' to know what each register means around the function. (register = R1, R2, R3, etc) It will look like this: Copy the output & paste it somewhere where you can find it back & type 'ammo' above it. How to copy it? Select it with your mouse & hit enter, this will copy it. You can 'ctrl + c it' too, but it will ask you to quit lldb & we don't want that. Alright, now type 'continue' or 'c' in lldb to continue the game Make a change in grenades, the game will freeze & we know now this is good! We also know how the lldb windows looks like & what the ida offset is. (WRITE IT DOWN = WRITE DOWN TO WHAT THE VALUE CHANGED) Type again 'register read' & do the same progress you did with the ammo, but now type 'grenades' above it. I suggest you to register read when the you have more then 0 grenades, otherwise it's harder to see which register is the real one. Now we have both, close lldb. Alright, now we know both offsets & what every register means, it's easy peasy to hack. Let's look into the ammo function first, it looks like this: Alright, there are most of the times multiply ways to hack something. This is the exact code written: LDR R0, [R10,#0x88] LDR R0, [R0,#0x70] CMP R5, R0 BLT loc_152764 LDR R0, [R10,#0x88] LDR R1, [R0,#0xAC] // SUB R1, R1, #1 // STR R1, [R0,#0xAC] // MOV R0, #1 ; The address where it drops us STRB R0, [R10,#0x1AE] MOV R0, #1 STRB R0, [R10,#0x1AF] LDR R0, [R10,#0x1CC] ADD R0, R0, #1 STR R0, [R10,#0x1CC] LDR R0, [R10,#0x88] VLDR S0, [R0,#0x68] VCVT.F64.F32 D2, S0 VCVT.F32.F64 S0, D2 VSTR S0, [R10,#0x284] LDR R0, [R10,#0x174] LDR R1, =(unk_C80D00 - 0x15281C) // B loc_152814 Alright, we also know what all Registers means. lldb gives the values in HEX decimal We only know the values in decimal. We wrote down what our ammo changed to, which was for me 29. 29 in hex = 1D Register 1 (R1) holds that value, which means that's our ammo. As you can see in the code, we see some R1, R0, R5, R10 etc. R1 is which is important for us now. As you can see in the code above the 'register read' output, I wrote // after each instruction with a R1 in it. Which are these four: I wrote down what they mean. Anyways, The sub instruction is the most used way to hack ammo Why? Well.. when you shoot, one bullet wil go away.. This instruction Substracts 1 from R1 (ammo) into R1 (ammo) We can hack a SUB in diffrent ways. 1. NOP the instruction, what this does is skip the instruction and does nothing 2. Change the #1 to #0, which would substract 0 from our ammo. 3. Change the SUB to ADD, which would ADD ammo instead of substracting. 4. Change the SUB to MOV R1, R7, which would move the value of 803 millioin into our ammo. We can also hack it using the first LDR from above & the STR function. How we hack the LDR: - LDR R1, [R0,#0xAC] to LDR R1, [R7,#0xAC] --> What this does is load R7 (803 million) into our ammo instead of what the normal value should be. This works because it's loading uninitialized memory into R0 How we hack the STR: - STR R1, [R0,#0xAC] to STR R7, [R0,#0xAC] --> what this does is stores R7 into R0,#AC] instead of storing our normal ammo. When you're hacking a binary, you need to know what kind of 'HEX' it is. How to find out: When you know that you can change the instruction which you like. Let's change the SUB instruction to MOV R1, R7 The outcome in armconverter will be 0710A0E1, because this game is ARM-HEX. Normally you patch the binary manually using a hex editor, somehow this is not working for me on this game. Maybe for some others it does I don't know. These are the steps if you wanna try it: Load the same binary you loaded into IDA in HxD. I suggest you to make a backup though. We need to go to our SUB instruction offset, which is: 1527CC How do I know? See here: Go to that offset in HxD, by doing 'ctrl + G' or 'edit - goto' This is it, this is what we're gonna hack. Alright, I'm going to hack it by MOV R1, R7 the SUB instruction. You can do whatever you prefer, but remember do it in ARM-HEX!! It will look like this: Now save it. We wanna test it, but we need to sign it first. Paste the hacked binary into var/mobile with iFunbox or whatever you like. Type in SSH window: cd /var/mobile & then type: ldid -s TriggerFist You're done, if it doesn't work see this topic by @shmoo: Sign Binary Topic Now replace it into your application folder like you did before with the same premissions. Test the hack. I'm using a Code Injection Template with Theos, if you never used theos, you need to set this up. If you do paste this nic template into your /var/theos/templates/iphone/HERE Link to template: Code Injection Template made by @DiDA You set up a project like you normally do & change the tweak.xm, which looks like this: Change it to this: Why? The first offset, is the ida hex offset & the second is the hacked offset. Compile it & test it. The grenades function is for you guys, you can try this on your own! You guys have the 'read register' output, so you can do it! Let me know if you succeed Hope you learned something PS: there will come some more advanced tutorial soon, also with lldb. Another game you can practice with is Sniper 3D, ammo is easy & resources are same offsets but maybe more 'challenging ' Credits: - @Ted2 - @shmoo see his comment, he fixed some errors: HERE

Reinstall it using Cydia Impactor without removing the app, so you won't loose data. You only have 1 week to play most of time when installed using Cydia Impactor, you are pretty lucky since you said you played 2 weeks.

Noice

Enjoy