A1XEN

Hi, I recently wondered bout this well you see, using iGG to patch and offset in a jailed devices works, and i may be because once you made a patch it automatically create a breakpoint on it in order to work.. thats only my observation, but, i look into the breakpoint it made its not showing the Applied Action, cuz all i did is to apply a patch in a bool function with a bool Hex value, and there it works, can someone explain to me how does iGG’s breakpoint find what and where to change also, when the breakpoint is still enabled and the patch is turned off, the game freezes. im really curious and want to uncover this technique so it can help me build tweaks using breakpoints @Rook

yo @Batch i did this #include <mach/arm/thread_status.h> uint64_t canBuyHandle = 0; uint64_t gemsHandle = 0; void specter_CanBuy_Handler(void *ctx) { arm_thread_state64_t *regs = (arm_thread_state64_t *)ctx; mem_brk_suspend_self(); if (menu && [menu getToggleValue:0 withTitle:@"Always Buy"]) { regs->__x[0] = 1; // Force return TRUE } mem_brk_resume_self(); } void specter_AddOrRemoveGems_Handler(void *ctx) { arm_thread_state64_t *regs = (arm_thread_state64_t *)ctx; mem_brk_suspend_self(); if (menu && [menu getToggleValue:0 withTitle:@"Infinite Gems"]) { // Always force the gem transaction to be a massive gain regs->__x[1] = 999999; } mem_brk_resume_self(); } void hooks() { uintptr_t base = 0; int32_t initStatus = mem_init("UnityFramework", &base); if (initStatus == MEM_OK) { // Install Breakpoints // Remember to clean your build (make clean) before running this mem_brk_install(0xDA4D70, (uintptr_t)specter_CanBuy_Handler, &canBuyHandle); mem_brk_install(0xDA7F50, (uintptr_t)specter_AddOrRemoveGems_Handler, &gemsHandle); NSLog(@"[SilentPwn] Hardware Breakpoints deployed."); } else { NSLog(@"[SilentPwn] Error: mem_init failed with code: %d", initStatus); } it kinda work because the game dint crash at startup the menu loaded, but they dont work, one of the hook (canBuy) crashes the game after 10seconds after toggling, and also it disabled me from buying anything, know this is maybe because of my callback code i may be hooked a wrong instructions, but i wanna ask if i could directly apply a hex value to it as the callback of the breakpoint since i think that is how i made it to work using iGG

ill do it tomorrow sir, btw can i ask if you,laxus,puddin and other devs make cheats using only breakpoints for jailed devices too?

can i still use silentPwn&libspecter using only vanilla/standar theos? and not Theos-Jailed?

So this part of specter.h is the only thing i could use? ‘cause it doesnt change any values and binaries ‘cause its only possible on jailbroken? right? *** * Hardware Breakpoint API (max 6 concurrent on ARM64, iOS only) * * Breakpoints redirect execution via Mach exception handling — * no code is modified at the target address. * */ #if TARGET_OS_IOS /** Install hardware breakpoint hook at image-relative RVA. */ int32_t mem_brk_install(uintptr_t rva, uintptr_t replacement, uint64_t *handle_out); /** Install hardware breakpoint hook at absolute address. */ int32_t mem_brk_install_at(uintptr_t target, uintptr_t replacement, uint64_t *handle_out); /** Remove breakpoint by handle. */ int32_t mem_brk_remove(uint64_t handle); /** Remove breakpoint by target address. */ int32_t mem_brk_remove_at(uintptr_t target); /** Return the absolute target address watched by a breakpoint handle. */ int32_t mem_brk_target(uint64_t handle, uintptr_t *target_out); /** Disable hardware breakpoint hooks on the current thread. * * Use immediately before calling the original function for a breakpoint hook * to avoid recursively entering the replacement. */ int32_t mem_brk_suspend_self(void); /** Re-enable hardware breakpoint hooks on the current thread. */ int32_t mem_brk_resume_self(void); /** Number of currently active hardware breakpoints. */ int32_t mem_brk_active_count(void); /** Maximum hardware breakpoints supported on this device (typically 6). */ int32_t mem_brk_max_breakpoints(void); #endif /* TARGET_OS_IOS */

hi

do i just get the specter.h and arm64/libspecter.a files from the repository and put it inside silentpwn Lib?

what do you mean by your library? you mean the libspecter?

why ai says dobby is good for non jb, how about kittymemory? its installed in your library too

Please help @Rook @Laxus @Puddin teach me pls

so much thing happend today, bro, the menu loaded fine (without any tweaks) (.deb) now when i use dobby.h and Resolver.hpp (yk that u made it) to make a hook on a function i found using il2cppdumper (dump.cs) but when i inject it and tried it crashes (without cydia substrate) and when i added cydia substrate, it finally launch the game, BUT as soon as the modmenu loaded the game crashes instantly i removed every cydia substrate dependencies on makefile but still asking for cydia substrate framework when i ask ai, some says i should use dobby, and the other one says use MsHook/logos(ik it wont work on jailed) @Batch im sorry for disturbance:( do you wanna see whole code on tweak.mm?

i tried it it worked the menu loaded now um going to try adding some hookings if it works

so i wont extract the dylib from the deb file?

i had a time to do it, and im sure i did everything right linking libspecter, i only remove substrate dependencies on your codes and still it crashes on start up (i extracted the dylib inside the deb file after compilation) and then injected it using sideloadly Cydia substrate, substitute, sideload spoofer, All off, and nope it still crashes, the crazy part is i havent even addrd any patches hooks anything in it just bare menu, and it wont open , i really dk how yall making tweaks for jailed and manage it to actually startup without crashing😭 @Batch @Rook

working on it sorry ive been busy for a while