Ted2

If you wanna start .dll hacking (reflector) see this: - https://iosgods.com/topic/34375-modding-basic-unity-android-games-with-net-reflector-easier-to-understand/ - https://iosgods.com/topic/41704-the-basics-hacking-mod-android-games-with-net-reflector/ - https://iosgods.com/topic/31346-hacking-unity-games-with-net-reflector-assembly-csharpdll-hacking/

thanks mate, will look into it after work!

root method (something like flex) data/data/com.packagenameofgame.something --> SharedPreferences folder are files in that can be hacked sometimes. Sava games are possible way one: share the preferencesfolder file you hacked (root needed) way two: actually way one, but now you make this possible for non rooted users. You create a .zip/.data etc file with the files inside the SharedPreferences folder, then the hard part comes. You'll need to code some .smali so the data files you added will load in game (hard shit imo) Smali hacking, just find the right .smali to hack & edit values etc. IDA hacking, it's .so file hacking (simulair as iOS IDA binary hacking) .dll hacking, some games are easy to hack using this, some are not. You'll need the program .net reflector. LuckyPatcher tool, But I don't call this hacking lol. PS: allot people forget about .smali hacking, I don't know why.. because not any game has .so or .dll files

Hey, I've used windows before, and when I had a hex editor I had the option 'goto' to get to the locations of the function I wanted to hack. I can't seem to find that option on any Mac Hex editor, or is it just called diffrently?

I didn't say that haha, it was just funny because I searched for it 2 mins ago before you posted it

Hahah, funny this. 2 mins ago I searched for this & found it on android forum Anyways, thankss

thankssss

Thanks mate!

heyy I was wondering if we could encrypt or hacks, so people can't read the functions you've used in your hack.. For example that a game dev won't be able to see what you did..

naice mate, but I see it's a document folder & you say in the post that jailbreak is required..? Anyways, goodjob

Yess, - https://iosgods.com/topic/30729-simple-smali-hacking/ - https://iosgods.com/topic/43631-smali-hacking-tutorial-2-boolean/

Once you changed a value in the game, you can't just create a .apk from your current data, sadly. Sometimes it's stored in data/data/packagenameofgame/sharedpreferences. Most of the time if it's written there, it's also written in the smali files. But just create a backup of your hacked app is not possible.

Why do you name TapTitans2 specific? I mean there are tutorials, but on diffrent games..

Hmm, will try. Thanks again ❤

Yes, but those have got a symbol..

Heyy I'm not sure if this function is hackable at all, but this is the function: _Currency_HasAmount_m708671023 PUSH {R4-R7,LR} ADD R7, SP, #0xC PUSH.W {R8,R10,R11} SUB SP, SP, #8 MOVW R5, #:lower16:(__ZZ29Currency_HasAmount_m708671023E24s_Il2CppMethodIntialized - 0x142EEA) ; Currency_HasAmount_m708671023::s_Il2CppMethodIntialized MOV R4, R0 MOVT.W R5, #:upper16:(__ZZ29Currency_HasAmount_m708671023E24s_Il2CppMethodIntialized - 0x142EEA) ; Currency_HasAmount_m708671023::s_Il2CppMethodIntialized MOV R8, R1 ADD R5, PC ; Currency_HasAmount_m708671023::s_Il2CppMethodIntialized LDRB R0, [R5] ; Currency_HasAmount_m708671023::s_Il2CppMethodIntialized CBNZ R0, loc_142F02 Can this function be added into a MSHook tweak, if yes What's the symbol & what's the function what I'll need to use Thankyou in advance

I don't think you can man..

Haha no probs

Thankyou

Added Video Tutorial, goodluck guys!

Thanks & what's wrong with them?

Thanks man.. but I screwed up the spoilers & at the end the credits.. You know how to do them right?

Hey! Long time ago, I made a Smali Hacking tutorial! Find it here: https://iosgods.com/topic/30729-simple-smali-hacking/ Today, I wanna create a new one. This one is about boolean hacking boolean = FALSE/TRUE Can be written in diffrent ways: FALSE --> '0x0' or just '0' (smali only 0x0, atleast for what I've worked on) TRUE --> '0x1' or just '1' (smali also only 0x1, again atleast for what I've worked on) The game in this tutorial: https://play.google.com/store/apps/details?id=com.fungamesforfree.snipershooter.free&hl=nl Download the game on your pc & decompile it, how? - https://iosgods.com/topic/43411-decompile-recompile-apk-without-a-tool-like-advancedapktool-etc/ or use a tool: - https://iosgods.com/topic/30893-advanced-apktool-windows-download-link/ Once decompiled, it will look like this: Open up Sublime Text, Notepad++ or something like that. We're gonna search for functions in ALL smali files. How we do that is simple, once you opened Sublime Text you have a option 'Find' Go to 'Find' - 'Find in files', now locate the smali folder from the decompiled apk Will look like this: So, for what kind of functions do we need to search? Well, every game is diffrent, in some you won't even success. Some example functions: -hasUnlocked -isUnlocked -isLocked -hasUpgraded -isUpgraded -has'itemofgame' -hasPurchased'itemofgame' -is'itemofgame'Purchased' -is'itemofgame'locked -is'itemofgame'unlocked etc etc. The game we have, includes weapons. We will try 'hasUnlocked' first: 0 matches. We will try 'isUnlocked' & 'isLocked' 0 matches for both We will try 'has'itemofgame' = 'hasWeapon' 0 matches We will try 'hasPurchased'itemofgame'' = 'hasPurchasedWeapon' 0 matches We will try 'isWeaponPurchased' 14 Matches in 6 files. So, we got which matches in the files. This does NOT mean, it's the right one. Let's have a look This is what we got: You see what we got? The one marked with '~' is the location of the .smali where our matches has been found. you'll see the most do locate to GameData.smali (under '~' they locate to com/fungamesforfree/snipershooter/data/GameData.smali: OUR SECOND match IS GameData.smali, so we REALLY need to check this one out, also the name of it is intresting! So let's open the second one (double click on it in your text viewer (sublime text in my case) /Users/Joey/Desktop/apktool/ssf/smali/com/fungamesforfree/snipershooter/data/GameData.smali: The whole code until the function is ended, is pretty long. It's like this: It's a long one, but actually not, the function is: 'isWeaponPurchased' & right after that we get the boolean code. This is the code we'll work with: .method public isWeaponPurchased(I)Z --> Function, the 'Z' is boolean .locals 5 .prologue const/4 v1, 0x0 --> earlier explained: 0x0 means false What do we do? Functions is: isWeaponPurchased, the code under it says NO IT IS NOT (0x0) SOOOOO, WE CHANGE IT TO: 0x1, because that means TRUE. .method public isWeaponPurchased(I)Z .locals 5 .prologue const/4 v1, 0x1 --> changed to true Recompile it to a apk, sign it & test it! When you tested your .apk, you see only the last 3 weapons are unlocked, the ones you needed to purchase with real money. I couldn't figure out how to hack the other weapons by code, maybe I missed something. Luckily the money can be hacked with eyes closed Coins are written in the same smali as the weapons, search for 'getMoney' You'll get two matches - invoke-virtual {p0}, Lcom/fungamesforfree/snipershooter/data/GameData;->getMoney()I - .method public getMoney()I it's the second one, because under the second one you'll find this code: .method public getMoney()I .locals 3 .prologue .line 351 iget-object v0, p0, Lcom/fungamesforfree/snipershooter/data/GameData;->preferences:Landroid/content/SharedPreferences; const-string v1, "e" const/4 v2, 0x0 ---> remove the /4 + add your own value (in hex) invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getInt(Ljava/lang/String;I)I move-result v0 return v0 .end method This is how I'll code it: .method public getMoney()I .locals 3 .prologue .line 351 iget-object v0, p0, Lcom/fungamesforfree/snipershooter/data/GameData;->preferences:Landroid/content/SharedPreferences; const-string v1, "e" const v2, 0xfffffff invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getInt(Ljava/lang/String;I)I move-result v0 return v0 .end method Recompile, sign it & test it. Proof: Video Tutorial: Hope you learned something, might make a video tutorial for it too. Credits: @Ted2 PS: I'm not hiding this tutorial because I want everyone be able to check it without giving me a like or reply, but if it helps. Please, hit the thanks &/or rep button