Ted2

can’t you just read it first

what

Awesome have fun!

Download FlexAll (idk the repo, google it) & then three finger long press & it will appear

Awesome work!

I did not but I did this to make things more clear for newbies

cheers mate

Correct, I do have that originally but I thought let’s keep it “simple “ for this “tutorial” Though, now I think of it, maybe that is keeping it simple. I just happen to know most people here don’t code at all & thought 1,2,3...,75 would make more sense for them than list(range(1,75))

Hello there, Lately I've been playing around with API's from games & it's pretty fun actually I thought, let's make a small guide/tutorial on an example game so maybe others can do awesome stuff too So I'm sure most of you have ever played or heard about the game Bike Race. Well, this game got me into hacking mobile games & whenever I re-hack this game, I get new features & this was also the game I started experimenting this on. Requirements for this: Flexible Jailbroken device Some knowledge about http requests? (or just read it for fun..) Flexible is one of the best tools out there if you're creating tweaks & need to debug something. Flex also has a "Network History" option, which logs all http requests that are being made by the app, in our cause Bike Race. What a http request does is the following: It sends requests to a server & if the request is valid it'll give you a response. For example when you clicked on this topic, you have send iOSGods a request to go to this topic, which returns this page as response. So the main thing in the game Bike Race, are bikes, obviously. Since I've played this game for a long time back in the days, I happen to know that the developers store bikes into your account so when you come back it will restore them. But let's not get ahead of it & first start the game & log some network history... So when I open up the game, stay on the main screen & look at my network history, I have like 36 requests being made by the game, most of them are stupid & not worth looking into, this is something you'll have to learn to recognize. But let's give you some examples for things that aren't interesting to look at: A request for a image a request to ad providers (may be interesting if you want to disable ads) a request to crashlytics etc etc. Some things that do seem interesting to me: A request being made to a url that actually has the name of the game in it A request being made with the word "player" in it See the picture below, where the request boxed with red does not seem interesting, and the ones with green do. Okay, so now think of what I've said: Whenever I come back to this game, it restores my bikes. To me, this sounds something like player related. So if you look at the third request in the green box: bikerace-backend.tfgapps.com/players --> the long number above is the given ID. This is a GET request, which means it's asking the url for data for this specific player. When I click on the arrow ('>'), I get some information about the request: Request URL: https://bikerace-backend.tfgapps.com/players/974a6dd2-f0d3-4d55-b66a-a8a860641e51 Request Method: GET Status Code: 200 OK Response body: "Tab to view" And some other stuff, but I'm interested in the response. Remember, when you send a request you'd want some kind of response. Sometimes this response is just a Status Code (200 OK, 500 NOT OK etc etc). So when I click "Tab to view" I get this response in json: I've started a clean account to minimize the json response, as it's very long in my original account. Okay, so I've got some information about my account, as you can see my bikes is an empty array, because I do not have bikes yet. You can see some Id's for my account, my guest multiplayer name etc etc. So what now? Just change the bikes array right? Nope... this is sadly not how it works, this is the response from our GET request, we can't modify responses. If we could, then any game would get rekt. All we got now, is player information which we can't directly modify from our request. However, remember: The game restores your progress, so at some point we it must modify our bikes array. So let's earn a bike & check our network history... Ho-ly-sh!t, this seems interesting. The request method is a PUT, the name already explains what it does, it PUT's something into something... pls don't think about that kids . Jokes aside, this seems HUGE! We also got something new, a request body. When you send data to a server (POST, PUT, UPDATE/PATCH etc), you enter it in the body of the request. If I look at my request body, I see this: Alright, so let's go a little back. Our request method was PUT, and it was send to the url https://bikerace-backend.tfgapps.com/players/974a6dd2-f0d3-4d55-b66a-a8a860641e51/bikes So it's sending this data, to the player with the ID "974a6dd2-f0d3-4d55-b66a-a8a860641e51" & it's sending it the the players bikes. Okay, so this is really huge then, as this is a PUT request, we know the url, the format of the data, meaning we can actually modify this. Now comes the tricky part however, there are so many ways to send requests, you got tools for this, you can do it with curl from your terminal, you can do it with lots of programming languages etc. I'm going to show you how I tested it: with Python. Below, you'll see my Python code with comments that explain what what does. # Importing the requests libary from Python import requests # Importing json, so we can print out the response in json. import json # Creating a function that takes one argument: The player ID. def putAllBikesIntoiOSAccount(accountID): # The URL we have to send the request to, we got this from the image in the topic! url = 'https://bikerace-backend.tfgapps.com/players/' + accountID + '/bikes' # The headers, this is the same as MIME Type. Without the headers, it doesn't know what kind of data you're sending. headers = {"Content-Type": "application/json"} # The body, which will be ALL bikes (75 bikes total) body = {"bikes": range(1,75)} # The actual request being made. Notice the ".put", as we have to PUT bikes into /bikes. # First argument of 'put' is the URL it's being send to. Second the headers & lastly & most important: the body with our biks data. request = requests.put(url, headers=headers, json=body) # Printing our request, so we can see the result. print(request.json()) return request # Calling the function with my player ID putAllBikesIntoiOSAccount("974a6dd2-f0d3-4d55-b66a-a8a860641e51") Now when I run this python file, this is the response of the request we send: {'bikes': [6, 1, 2, 3, 4, 5, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75]} Wow! It seems to work, when I open the game: I got all bikes. Playing around with games like this is much different than modifying their code directly, so that's why prior knowledge about making requests is kinda required. The process of requests, I can't really explain. You will need some experience yourself, youtube has lot's of tutorials showing you how to retrieve(GET) data from a site, how to send(POST) data, how to update(UPDATE/PATCH) data etc etc. I know most likely no one will try or understand this, as cheaters on this forum only do code patching, but this might be interesting for a curious person. Also note that allot of games do have a proper API, where it will be very hard to find a request you can play around with.

Updated 1.10.1 pls donate paypal thx

for iOS? Tonight. It requires a jailbreak though. This is the topic: Just wait for a comment that I updated it

That should be possible, yes

If you’re referring to this: https://iosgods.com/topic/82708-golf-battle-v110-1-automatic-hole-in-one/?do=findComment&comment=2570888 , it’s outdated & never updated, which is why the topic is locked. It was posted more than a year ago & if you would have checked the version of the hack & the current version, you wouldn’t even be in this situation. I won’t ever update that hack for android, as I don’t do android hacks anymore. If you got an iOS device, then you can wait for a update on the iOS hack I posted for this game.

yeah give cash

Hack has been updated b****ez jk love u guys pls donate paypal thx, [email protected]

i’ll update tonight

ur mom gay

Y’all better donate to absolution or no updates 🖕

Anti cheat bypassed does not mean people can't report you. If you abuse it, people will notice and report you. So either play legit, play with hacks on some throw away account or don't abuse the hack.