Ted2

What do you mean by 'attach the game to the lldb screen' ? didn't I altready do that with the commands?

nop the branches? not sure if there are any.. but yea lol see this tutorial & then the end of it:

awesome

Hi So, I can connect now to my phone etc. but lldb won't load more than: Got a connection, waiting for process information for launching or attaching. Those 2 are my terminal screen: debugserver screen: iPhone-van-Joey:~ root# debugserver 192.168.***.***:1234 --attach-877 debugserver: unrecognized option `--attach-877' debugserver-@(#)PROGRAM:debugserver PROJECT:debugserver-320.2.89 for arm64. Listening to port 1234 for a connection from 192.168.***.***... Got a connection, waiting for process information for launching or attaching. lldb screen: (lldb) process connect connect://192.168.***.***:1234 (lldb) It's already like 10 minutes.. Anyone knows what the problem can be? thank you in advance...

Hey, So I'm trying to attach a game using LLDB. Watched this tutorial: https://www.youtube.com/watch?v=sVaKHs3GGEM But I'm getting this when I try to attach to a game: iPhone-van-Joey:~ root# debugserver 192.168.178.103:1234 --attach=sniper3d debugserver-@(#)PROGRAM:debugserver PROJECT:debugserver-320.2.89 for arm64. Attaching to process sniper3d... error: failed to attach to process named: "" unable to start the exception thread Exiting. iPhone-van-Joey:~ root# Also, my real IP is (let's say) 192.168.178.120 --> why do I've to put 103:1234 instead of 120:1234 What does the 103:1234 actually mean? Hope someone can help

thnx

Hey, me again... So I hacked this function: __FestPlayer_gemsCount_ MOV R1, #(_OBJC_IVAR_$_FestPlayer._gemsCount - 0x1DFC5C) ; unsigned int _gemsCount; ADD R1, PC ; unsigned int _gemsCount; LDR R1, [R1] ; unsigned int _gemsCount; LDR R0, [R0,R1] BX LR I changed LDR R0, [R0,R1] to MOV R0, R7 The gem value was changed, but it wouldn't let me spend the gems cause a 'connection error' I'm not sure if this means the servers are checking it or if it's the wrong function. Anyone?

Thanks guys!

Hey I think this is something that checks if the value is legit: BLX.W _objc_msgSend in hex it is: AA F3 14 CF But NOP is in hex: 00BF So I guess that won't work, so how can I nop this? thankyouu in advance

Heyy, So I wanna try hack a game using LLDB, but I didn't got far, since I can't even SSH into my iPhone 6s Some info: - iPhone 6S running ios 9.3.3 Jailbroken - Using Macbook pro - OpenSSH is installed on my phone Run command: ssh root@***.***.***.*** error: ssh: connect to host ***.***.***.*** port 22: Network is unreachable help would be awesome

Is this the whole function? cause I don't see .end method somewhere. So please can you write the whole function>

There are 3 cases can cause this problem: Case 1. The most possible reason is that you enabled Find My iPhone on your iPad or iPhone, you can temporary disable it then try to restore again, and re-enable it after restore completed. To turn off Find My iPhone on an iOS device, tap Settings > iCloud, then tap to turn off Find My iPhone. Case 2. Your iPad or iPhone is busy. E.g, you do a restore with iTunes and the restore processing is not completed, then you do a restore with iBackupBot, the error will occurred. Your can try to restore your iPad or iPhone two more times. Case 3. If you try the method in case 1 and case 2 and the problem still not resolved, you can try restore your device with iTunes on a different known-good computer. If the errors persist on another computer, the device may need service, just take it to Apple Store.

thankyouu

thankyou m8

thankss

Hey there, A few days ago, I figured out how a game I've been hacking for years added protection to their game. Their protection compared stored values with the original values in classes.dex (smali files) What does crc do? The crc protection will detect if the game files has been modified. For example you change a simple coin value from 0x9 to 0xfff, the game will notice the original code is changed and it will probably crash the game. crc protection has it's own value/key which is stored somewhere in resources as a string. Example: 0x7f050017 How do we bypass it? I've never seen this kind of protection in any game before, but that might be because I don't really hack that much anymore. Anyways, I've read somewhere that this kind of protection gets more popular, so that's why I'll teach you how we bypass it. As I said, this protection compares using .classes.dex Open up a text editor which can read .smali files, go to 'find in files' and locate your decompiled apk. Search for: classes.dex. I'm not sure how much hits you get, I got 2 hits. 1: .method private static a(Ljava/util/zip/ZipFile;Ljava/util/zip/ZipEntry;Ljava/io/File;Ljava/lang/String;)V .locals 6 .prologue .line 308 invoke-virtual {p0, p1}, Ljava/util/zip/ZipFile;->getInputStream(Ljava/util/zip/ZipEntry;)Ljava/io/InputStream; move-result-object v1 .line 310 const-string v0, ".zip" invoke-virtual {p2}, Ljava/io/File;->getParentFile()Ljava/io/File; move-result-object v2 invoke-static {p3, v0, v2}, Ljava/io/File;->createTempFile(Ljava/lang/String;Ljava/lang/String;Ljava/io/File;)Ljava/io/File; move-result-object v2 .line 312 const-string v0, "MultiDex" new-instance v3, Ljava/lang/StringBuilder; invoke-direct {v3}, Ljava/lang/StringBuilder;-><init>()V const-string v4, "Extracting " invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v3 invoke-virtual {v2}, Ljava/io/File;->getPath()Ljava/lang/String; move-result-object v4 invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v3 invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String; move-result-object v3 invoke-static {v0, v3}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I .line 314 :try_start_0 new-instance v3, Ljava/util/zip/ZipOutputStream; new-instance v0, Ljava/io/BufferedOutputStream; new-instance v4, Ljava/io/FileOutputStream; invoke-direct {v4, v2}, Ljava/io/FileOutputStream;-><init>(Ljava/io/File;)V invoke-direct {v0, v4}, Ljava/io/BufferedOutputStream;-><init>(Ljava/io/OutputStream;)V invoke-direct {v3, v0}, Ljava/util/zip/ZipOutputStream;-><init>(Ljava/io/OutputStream;)V :try_end_0 .catchall {:try_start_0 .. :try_end_0} :catchall_0 .line 316 :try_start_1 new-instance v0, Ljava/util/zip/ZipEntry; const-string v4, "classes.dex" <-----> invoke-direct {v0, v4}, Ljava/util/zip/ZipEntry;-><init>(Ljava/lang/String;)V .line 318 invoke-virtual {p1}, Ljava/util/zip/ZipEntry;->getTime()J move-result-wide v4 invoke-virtual {v0, v4, v5}, Ljava/util/zip/ZipEntry;->setTime(J)V .line 319 invoke-virtual {v3, v0}, Ljava/util/zip/ZipOutputStream;->putNextEntry(Ljava/util/zip/ZipEntry;)V .line 321 const/16 v0, 0x4000 new-array v4, v0, [B .line 322 invoke-virtual {v1, v4}, Ljava/io/InputStream;->read([B)I move-result v0 .line 323 :goto_0 const/4 v5, -0x1 if-eq v0, v5, :cond_0 .line 324 const/4 v5, 0x0 invoke-virtual {v3, v4, v5, v0}, Ljava/util/zip/ZipOutputStream;->write([BII)V .line 325 invoke-virtual {v1, v4}, Ljava/io/InputStream;->read([B)I move-result v0 goto :goto_0 .line 327 :cond_0 invoke-virtual {v3}, Ljava/util/zip/ZipOutputStream;->closeEntry()V :try_end_1 .catchall {:try_start_1 .. :try_end_1} :catchall_1 .line 329 :try_start_2 invoke-virtual {v3}, Ljava/util/zip/ZipOutputStream;->close()V .line 331 const-string v0, "MultiDex" new-instance v3, Ljava/lang/StringBuilder; invoke-direct {v3}, Ljava/lang/StringBuilder;-><init>()V const-string v4, "Renaming to " invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v3 invoke-virtual {p2}, Ljava/io/File;->getPath()Ljava/lang/String; move-result-object v4 invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v3 invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String; move-result-object v3 invoke-static {v0, v3}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I .line 332 invoke-virtual {v2, p2}, Ljava/io/File;->renameTo(Ljava/io/File;)Z move-result v0 if-nez v0, :cond_1 .line 333 new-instance v0, Ljava/io/IOException; new-instance v3, Ljava/lang/StringBuilder; invoke-direct {v3}, Ljava/lang/StringBuilder;-><init>()V const-string v4, "Failed to rename \"" invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v3 invoke-virtual {v2}, Ljava/io/File;->getAbsolutePath()Ljava/lang/String; move-result-object v4 invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v3 const-string v4, "\" to \"" invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v3 invoke-virtual {p2}, Ljava/io/File;->getAbsolutePath()Ljava/lang/String; move-result-object v4 invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v3 const-string v4, "\"" invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v3 invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String; move-result-object v3 invoke-direct {v0, v3}, Ljava/io/IOException;-><init>(Ljava/lang/String;)V throw v0 :try_end_2 .catchall {:try_start_2 .. :try_end_2} :catchall_0 .line 337 :catchall_0 move-exception v0 invoke-static {v1}, Landroid/support/c/b;->a(Ljava/io/Closeable;)V .line 338 invoke-virtual {v2}, Ljava/io/File;->delete()Z throw v0 .line 329 :catchall_1 move-exception v0 :try_start_3 invoke-virtual {v3}, Ljava/util/zip/ZipOutputStream;->close()V throw v0 :try_end_3 .catchall {:try_start_3 .. :try_end_3} :catchall_0 .line 337 :cond_1 invoke-static {v1}, Landroid/support/c/b;->a(Ljava/io/Closeable;)V .line 338 invoke-virtual {v2}, Ljava/io/File;->delete()Z .line 340 return-void .end method this method is long as hell, doesn't seem to have any value or key like 0x7f050017 etc. Also, it didn't seem any intresting to me cause it didn't got any intresting .smali places like com/gamecreators/gamename, just android/support. Let's look at hit 2 first. .method public a()Z .locals 6 .prologue const/4 v1, 0x0 .line 34 new-instance v0, Ljava/util/zip/ZipFile; iget-object v2, p0, Lcom/companyname/test/e;->a:Landroid/content/Context; invoke-virtual {v2}, Landroid/content/Context;->getPackageCodePath()Ljava/lang/String; move-result-object v2 invoke-direct {v0, v2}, Ljava/util/zip/ZipFile;-><init>(Ljava/lang/String;)V .line 35 const-string v2, "classes.dex" <-----> invoke-virtual {v0, v2}, Ljava/util/zip/ZipFile;->getEntry(Ljava/lang/String;)Ljava/util/zip/ZipEntry; move-result-object v2 .line 36 const-string v3, "classes2.dex" <------> invoke-virtual {v0, v3}, Ljava/util/zip/ZipFile;->getEntry(Ljava/lang/String;)Ljava/util/zip/ZipEntry; move-result-object v3 .line 38 invoke-virtual {v0, v2}, Ljava/util/zip/ZipFile;->getInputStream(Ljava/util/zip/ZipEntry;)Ljava/io/InputStream; move-result-object v2 .line 39 invoke-virtual {v0, v3}, Ljava/util/zip/ZipFile;->getInputStream(Ljava/util/zip/ZipEntry;)Ljava/io/InputStream; move-result-object v0 .line 41 invoke-direct {p0, v2}, Lcom/companyname/test/e;->a(Ljava/io/InputStream;)Ljava/lang/String; move-result-object v3 .line 42 invoke-direct {p0, v0}, Lcom/companyname/test/e;->a(Ljava/io/InputStream;)Ljava/lang/String; move-result-object v0 .line 47 :try_start_0 invoke-direct {p0}, Lcom/companyname/test/e;->b()Ljava/security/PublicKey; move-result-object v2 .line 48 const v4, 0x7f050017 ### invoke-direct {p0, v4}, Lcom/companyname/test/e;->a(I)[B move-result-object v4 .line 49 const v5, 0x7f050016 ### invoke-direct {p0, v5, v4, v2}, Lcom/companyname/test/e;->a(I[BLjava/security/PublicKey;)Z :try_end_0 .catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0 move-result v2 .line 51 if-eqz v2, :cond_1 .line 52 const v4, 0x7f050016 ### :try_start_1 invoke-direct {p0, v4, v3, v0}, Lcom/companyname/test/e;->a(ILjava/lang/String;Ljava/lang/String;)Z :try_end_1 .catch Ljava/lang/Exception; {:try_start_1 .. :try_end_1} :catch_1 move-result v0 .line 58 :goto_0 if-eqz v2, :cond_0 if-eqz v0, :cond_0 const/4 v1, 0x1 :cond_0 return v1 .line 55 :catch_0 move-exception v0 move v0, v1 :goto_1 move v2, v0 move v0, v1 goto :goto_0 :catch_1 move-exception v0 move v0, v2 goto :goto_1 :cond_1 move v0, v1 goto :goto_0 .end method This one gets intresting. Values are in this function marked with ### + the location (which I did rename) are intresting. com/companyname/test/e. Okay, I believe there are like 5 ways to bypass the check. I'm gonna tell you the most simple one. The function name, what does it say? (the beginning of code I added) .method public a()Z Z = BOOLEAN in smali. Let's look under the function name: .method public a()Z .locals 6 .prologue const/4 v1, 0x0 0x0 = false 0x1 = true Since we're pretty sure the method is the crc protection, change 0x0 to 0x1. Recompile - sign & test. Why? .Method public a()Z translated should me something like: isOrignalClasses.Dex or hasNotBeenModified etc it automaticly returns to false, but we want it to true. Hope I explained it a bit well, it's complicated so hard to explain. Credit: @Ted2

"sad story comming" I've hacked this game for like 1/2 years for my YouTube channel. Since version 6.5 the developers added protection to their game so I couldn't hack it anymore. I never had such a protection like this seen in .smali. It took me MONTHS, to figure out how they did it and how I could undo it. From version 6.5 until this version, I tried and tried. Now I succeed. Enjoy!

Modded Game Name: Bike Race Pro Google Play Store Link: https://play.google.com/store/apps/details?id=com.topfreegames.bikeraceproworld&hl=nl Rooted Device: Not Required. Mod Features: - Unlocks All Bikes (except tourney) - Bypasses Code Modificaton Check Protection, so no crashes. Hack Download Link: [Hidden Content] Installation Instructions: Step 1: Download the Modded APK file above using your favorite browser or a download manager of your choice. Step 2: Copy the file over to your Android device via USB or wirelessly. Skip this step if you're using your Android device to download the mod. Step 3: Browse to the location where the hacked APK is stored using a file manager of your choice. Step 4: Tap on the .APK file then tap 'Install' and the installation should begin. Step 5a: If the mod contains an OBB file, extract it if it's archived and copy the folder to /Android/obb. Step 5b: If the mod contains a DATA file/folder, extract it if it's archived and copy the folder to /Android/data. Step 6: Once the installation is complete, everything should be ready. Enjoy! Note: Make sure you have enabled 'Unknown Sources' in settings before installing the Modded APK. If you encounter issues, our Frequently Asked Questions topic may help you. Credits: - @Ted2 Mod Video/Screenshots: Credit of video: BikeRaceJ BikeRaceJ = me I (Ted2) do own the channel & I modded it.

better not be bluestacks 2... thnx anyways

SOLVED, can't really explain how cause that will be diffrent in any app. Anyways, it's a good protection by the devs.

Lol nice

I can recompile, install it & open it. Once I run the game it's totally bugging around, freezing, crashing etc etc. VERY anoying cause I've no idea how they added this kind of protection

@ZahirSher??

Yea, but ANY code I do will get noticed, very anoying. Not even a hack code, just any.