A1XEN

Hi, I recently wondered bout this well you see, using iGG to patch and offset in a jailed devices works, and i may be because once you made a patch it automatically create a breakpoint on it in order to work.. thats only my observation, but, i look into the breakpoint it made its not showing the Applied Action, cuz all i did is to apply a patch in a bool function with a bool Hex value, and there it works, can someone explain to me how does iGG’s breakpoint find what and where to change also, when the breakpoint is still enabled and the patch is turned off, the game freezes. im really curious and want to uncover this technique so it can help me build tweaks using breakpoints @Rook

yo @Batch i did this #include <mach/arm/thread_status.h> uint64_t canBuyHandle = 0; uint64_t gemsHandle = 0; void specter_CanBuy_Handler(void *ctx) { arm_thread_state64_t *regs = (arm_thread_state64_t *)ctx; mem_brk_suspend_self(); if (menu && [menu getToggleValue:0 withTitle:@"Always Buy"]) { regs->__x[0] = 1; // Force return TRUE } mem_brk_resume_self(); } void specter_AddOrRemoveGems_Handler(void *ctx) { arm_thread_state64_t *regs = (arm_thread_state64_t *)ctx; mem_brk_suspend_self(); if (menu && [menu getToggleValue:0 withTitle:@"Infinite Gems"]) { // Always force the gem transaction to be a massive gain regs->__x[1] = 999999; } mem_brk_resume_self(); } void hooks() { uintptr_t base = 0; int32_t initStatus = mem_init("UnityFramework", &base); if (initStatus == MEM_OK) { // Install Breakpoints // Remember to clean your build (make clean) before running this mem_brk_install(0xDA4D70, (uintptr_t)specter_CanBuy_Handler, &canBuyHandle); mem_brk_install(0xDA7F50, (uintptr_t)specter_AddOrRemoveGems_Handler, &gemsHandle); NSLog(@"[SilentPwn] Hardware Breakpoints deployed."); } else { NSLog(@"[SilentPwn] Error: mem_init failed with code: %d", initStatus); } it kinda work because the game dint crash at startup the menu loaded, but they dont work, one of the hook (canBuy) crashes the game after 10seconds after toggling, and also it disabled me from buying anything, know this is maybe because of my callback code i may be hooked a wrong instructions, but i wanna ask if i could directly apply a hex value to it as the callback of the breakpoint since i think that is how i made it to work using iGG

ill do it tomorrow sir, btw can i ask if you,laxus,puddin and other devs make cheats using only breakpoints for jailed devices too?

can i still use silentPwn&libspecter using only vanilla/standar theos? and not Theos-Jailed?

So this part of specter.h is the only thing i could use? ‘cause it doesnt change any values and binaries ‘cause its only possible on jailbroken? right? *** * Hardware Breakpoint API (max 6 concurrent on ARM64, iOS only) * * Breakpoints redirect execution via Mach exception handling — * no code is modified at the target address. * */ #if TARGET_OS_IOS /** Install hardware breakpoint hook at image-relative RVA. */ int32_t mem_brk_install(uintptr_t rva, uintptr_t replacement, uint64_t *handle_out); /** Install hardware breakpoint hook at absolute address. */ int32_t mem_brk_install_at(uintptr_t target, uintptr_t replacement, uint64_t *handle_out); /** Remove breakpoint by handle. */ int32_t mem_brk_remove(uint64_t handle); /** Remove breakpoint by target address. */ int32_t mem_brk_remove_at(uintptr_t target); /** Return the absolute target address watched by a breakpoint handle. */ int32_t mem_brk_target(uint64_t handle, uintptr_t *target_out); /** Disable hardware breakpoint hooks on the current thread. * * Use immediately before calling the original function for a breakpoint hook * to avoid recursively entering the replacement. */ int32_t mem_brk_suspend_self(void); /** Re-enable hardware breakpoint hooks on the current thread. */ int32_t mem_brk_resume_self(void); /** Number of currently active hardware breakpoints. */ int32_t mem_brk_active_count(void); /** Maximum hardware breakpoints supported on this device (typically 6). */ int32_t mem_brk_max_breakpoints(void); #endif /* TARGET_OS_IOS */

hi

do i just get the specter.h and arm64/libspecter.a files from the repository and put it inside silentpwn Lib?

what do you mean by your library? you mean the libspecter?

why ai says dobby is good for non jb, how about kittymemory? its installed in your library too

Please help @Rook @Laxus @Puddin teach me pls

so much thing happend today, bro, the menu loaded fine (without any tweaks) (.deb) now when i use dobby.h and Resolver.hpp (yk that u made it) to make a hook on a function i found using il2cppdumper (dump.cs) but when i inject it and tried it crashes (without cydia substrate) and when i added cydia substrate, it finally launch the game, BUT as soon as the modmenu loaded the game crashes instantly i removed every cydia substrate dependencies on makefile but still asking for cydia substrate framework when i ask ai, some says i should use dobby, and the other one says use MsHook/logos(ik it wont work on jailed) @Batch im sorry for disturbance:( do you wanna see whole code on tweak.mm?

i tried it it worked the menu loaded now um going to try adding some hookings if it works

so i wont extract the dylib from the deb file?

i had a time to do it, and im sure i did everything right linking libspecter, i only remove substrate dependencies on your codes and still it crashes on start up (i extracted the dylib inside the deb file after compilation) and then injected it using sideloadly Cydia substrate, substitute, sideload spoofer, All off, and nope it still crashes, the crazy part is i havent even addrd any patches hooks anything in it just bare menu, and it wont open , i really dk how yall making tweaks for jailed and manage it to actually startup without crashing😭 @Batch @Rook

working on it sorry ive been busy for a while

hi Im sorry i have been busy for a while, im working on it:)

ye i tried doing so, i edited the my patches in patch() and used the libspecter function: SpecterWriteMemory But i had an error while compiling, maybe i did something wrong linking my ai even said: The output from ⁠nm⁠ is very revealing. Your ⁠libspecter.a⁠ file is not a C++ library—it is a Rust library. The error message ⁠Producer: 'LLVM...rust-1.95.0-stable'⁠ and the file names containing ⁠-cgu.0.rcgu.o⁠ are signatures of compiled Rust code. Because Rust and C++ handle symbols, memory, and calling conventions differently, your C++ compiler (Clang) doesn't know how to "talk" to that binary file directly. it said that i should just use the native function pre-made/include in SilentPwn, but im not sure if it will work in jailed devices thats why i wanna know if you have a tutorial how to link libspecter properly with Silentpwn 🙏

im going crazy lol i cant figure out how am i going to link libspecter to silentPwn i wish you have a tutorial im going to restart fresh tomorrow im gonna goto sleep

ok but hey, i downloaded silentpwn, i couldnt upload it to the theos template it says: albaaaiexen@A1XIENNN SilentPwn % $THEOS/bin/nicify.pl . && mv Batchh_SilentPwn*.nic.tar $THEOS/templates/ios [info] 107 entries. [info] 1 prompt. [info] 2 constraints. [info] Archived template "Batchh/SilentPwn 2.0.5" to Batchh_SilentPwn 2.0.5.nic.tar. mv: /Users/albaaaiexen/theos/templates/ios is not a directory albaaaiexen@A1XIENNN SilentPwn % mv Batchh_SilentPwn*.nic.tar /Users/albaaaiexen/theos/templates/ios/ mv: /Users/albaaaiexen/theos/templates/ios/ is not a directory albaaaiexen@A1XIENNN SilentPwn % tho i have the the /Users/albaaaiexen/theos/templates/ios/, BUT the "ios" is not a folder maybe thats why its causing an error moving the file should i make a folder? or what? and when i open the tweak.mm it already has pre made tweaks, is it really like that or just because its not the one generated from the theos template?

Yo, does this work for jailed devices?

Ah, i see, thank you very much for your answers, ill update you if i make it works (hopefully)

man, i appreciate this thank you, i will try later, but one more thing, you see most of hacks/tweaks here in iosgods are made for jailed devices can you tell me how do they make it? am i doing something different? or they have a special tool?

so, i had to make a menu right? that only runs when the game is fully loaded? would that work? and yeah i figured out why live offset patcher only works when i turned on the breakpoints

please help, @Laxus @Batch @Puddin

i found it but the github link is broken, can you teach the trick you do to apply patches and tweaks for jailed devices, and also if there is a official menu/template for theos that helps apply tweaks/patches on jailed devices thanks 🙏 @Rook