Ted2

hmm, I tried that will try again lol

There is also no, MOV X0, #1 in the function lol

Yea could do that. But there is no CMP in the funtion

Why would that return to true? Wouldn't that skip the whole function?

Hey, So in armv7 I had this code: PUSH {R4,R5,R7,LR} ADD R7, SP, #8 I changed it to MOV R0, #1 BX LR Now I wanted to do this on amrv64 too, So I looked up some tutorials & I thought this would be the right code to do: MOV W0, #1 RET This crashed the game once I selected the item. MOV X0, #1 RET This didn't had any effect. Anyone knows what I do wrong? Thankyou in advance!

Thankyou

gj

Added video: https://youtu.be/Hmk0Lj5K1WU

You have a option for images 'Insert Other Media' for the hide option read the FAQ & the rest of options are mostly a option with just clicking with your mouse button on it

Thanks

Iknow, I wrote in my post I'm just practicing.

are you jailbroken?

thanks

Hacked App: Bike Race Pro & Bike Race TFG iTunes Link: Bike Race Pro: https://itunes.apple.com/us/app/bike-race-pro/id510461370?mt=8&uo=4 Bike Race Free: https://itunes.apple.com/us/app/bike-race-free-by-top-free/id510461758?mt=8&uo=4 Bundle ID: com.topfreegames.bikeracepaid/ & com.topfreegames.bikeracefree Hack Requirements: - Jailbroken iPhone/iPad/iPod Touch. - iFile / Filza / iFunBox / iTools / AnyTrans / iExplorer / DiskAid or any other file managers for iOS. - Cydia Substrate (from Cydia). Hack Features: - Unlocks every bike, also tourney bikes. - if you're not jailbroken, take a look at this: https://iosgods.com/topic/19383-bike-race-pro-bikeracetfg-all-bikes-hack/page-1 NOTE: You can't use the tourney bikes in tourneys it self, since this is server sided. Hack Download Link: [Hidden Content] Installation Instructions:Step 1: Download the file from the link above.Step 2: Copy the file over to your iDevice using any file managers mentioned above or skip this step if you're downloading from your iDevice.Step 3: Using iFile or Filza, browse to where you saved the downloaded deb file and tap on it.Step 4: Once you tap on the file, you will then need to press on "Installer" or 'Install' from the options on your screen.Step 5: Let iFile / Filza finish the installation.Step 6: Once the installation is finished, open the app and enjoy the hack! - if you're not jailbroken, take a look at this: https://iosgods.com/topic/19383-bike-race-pro-bikeracetfg-all-bikes-hack/page-1 Credits: @Ted2 Hack Video/Screenshots: Enjoy!

haha alright, thanks DiDa, you're my hero

Lol I feel so stupid sometimes.. It was switched off -.- Works now. Why 381c7047 though?

ehmm, it still doesn't work.. I've defenitly thinned it this time

I did thin the binary to armv7 using shmoo's tutorial about 'How to perform a Binary patch' edit: you're right.. I redownloaded because otherwise it would've loaded my hacks still into it. Sh*t man, lol sorry.. I feel so stupidd My bad & thankyou for helping

Heyyy it's me again.. I used this tutorial also: https://www.dropbox.com/s/y3rcskg8uigt5lm/IDA PRO Code Inject Tutorial.pdf?dl=0 I'm kind of practicing to work with IDA on Pou, So I figured out how to hack some functions by editing the binary using a hex editor. Now I wanted to try to make a code injection tweak out of it. The function is: ; Coins - (int)have __text:0003EBD4 ; Attributes: bp-based frame __text:0003EBD4 __text:0003EBD4 ; int __cdecl -[Coins have](struct Coins *self, SEL) __text:0003EBD4 __Coins_have_ ; DATA XREF: __objc_const:0045C890o __text:0003EBD4 PUSH {R4-R7,LR} __text:0003EBD6 ADD R7, SP, #0xC __text:0003EBD8 MOV R4, R0 __text:0003EBDA MOV R0, #(_OBJC_IVAR_$_Coins.given - 0x3EBEA) ; int given; __text:0003EBE2 MOVW R1, #:lower16:(selRef_collected - 0x3EBF0) well the function is longer, but in the hex editor I changed ; Coins - (int)have __text:0003EBD4 ; Attributes: bp-based frame __text:0003EBD4 __text:0003EBD4 ; int __cdecl -[Coins have](struct Coins *self, SEL) __text:0003EBD4 __Coins_have_ ; DATA XREF: __objc_const:0045C890o __text:0003EBD4 PUSH {R4-R7,LR} __text:0003EBD6 ADD R7, SP, #0xC TO: ; Coins - (int)have __text:0003EBD4 ; Attributes: bp-based frame __text:0003EBD4 __text:0003EBD4 ; int __cdecl -[Coins have](struct Coins *self, SEL) __text:0003EBD4 __Coins_have_ ; DATA XREF: __objc_const:0045C890o __text:0003EBD4 MOV R0,R7 __text:0003EBD6 BX LR This worked. So the HEX Offsets I need are 0003ebd4 & 0003ebd6 Right? So what I did in my tweak.xm was: %ctor { if(GetPrefBool(@"key1")) { writeData(0x3ebd4, 0x38467047); writeData(0x3ebd6, 0x7047); } else { } It had no effect, however I got the credit popup which is automaticly added in the tweak.xm So after that I tried this, which didn't make sense to me since the BX LR had another hex adress %ctor { if(GetPrefBool(@"key1")) { writeData(0x3ebd4, 0x38467047); } else { } } but this didn't work either.. It doesn't make any sense I try this on Pou, since this can be hooked too, but for me it's just practicing & playing around lol Someone knows what the problem can be? Am I doing something wrong? Thankyou in advance!

Lemme see

Thanks guys

hi, So I got this function: Coins - (int)cheated __text:0003F99C __text:0003F99C ; int __cdecl -[Coins cheated](struct Coins *self, SEL) __text:0003F99C __Coins_cheated_ __text:0003F99C MOV R1, #(_OBJC_IVAR_$_Coins.cheated - 0x3F9A8) ; int cheated; __text:0003F9A4 ADD R1, PC ; int cheated; __text:0003F9A6 LDR R1, [R1] ; int cheated; __text:0003F9A8 LDR R0, [R0,R1] __text:0003F9AA BX LR Iknow I could MSHook this, but I wanna practice IDA.. So.. how would I return the int to 0? I've no idea which one I have to change.. I thought the first MOV to MOV R1, #0 but I don't think it worked.. help would be great!

you'll have to search for functions

read this: http://androidcracking.blogspot.nl/2011/10/if-app-requires-unlocker-key-app-its.html