Happy Secret

Hack found Idle vLogger v130.11.24 Infinite Money Hack (spend to increase) Offset: 0x33BABC8 Original: fneg s0, s8 (0041211E) Patch to: nop (1F2003D5) @Aye Jayy @faalshe @S1MostHated @Domon Mondo

Need some help. Not sure why consecutive two games hit this "System.InvalidOperationException: Sequence contains no matching element" message. Lamar-Idle Vlogger Frozen City Both use UnityFramework file and global-metadata.dat file as input to https://armconverter.com/il2cppdumper/ Below is the sample result for Lamar-Idle Vlogger Task status for ID: 1a5f3f7f-cc14-43be-bbb5-02310e551ac3Edit and restart Current status: error-il2cppdumper-35 Starting il2cppdumper on 2023-01-19 13:27:25.709076 Initializing metadata... Metadata Version: 29 Initializing il2cpp file... Il2Cpp Version: 29 Searching... System.InvalidOperationException: Sequence contains no matching element at System.Linq.Enumerable.First[TSource] (System.Collections.Generic.IEnumerable`1[T] source, System.Func`2[T,TResult] predicate) [0x00015] in <d22af090bceb4be792f53595cf074724>:0 at Il2CppDumper.Macho64.MapVATR (System.UInt64 addr) [0x0000d] in <db8182c1b351438a8097566295703173>:0 at Il2CppDumper.SectionHelper.FindMetadataRegistrationV21 () [0x00097] in <db8182c1b351438a8097566295703173>:0 at Il2CppDumper.SectionHelper.FindMetadataRegistration () [0x00035] in <db8182c1b351438a8097566295703173>:0 at Il2CppDumper.Macho64.PlusSearch (System.Int32 methodCount, System.Int32 typeDefinitionsCount, System.Int32 imageCount) [0x00011] in <db8182c1b351438a8097566295703173>:0 at Il2CppDumper.Program.Init (System.String il2cppPath, System.String metadataPath, Il2CppDumper.Metadata& metadata, Il2CppDumper.Il2Cpp& il2Cpp) [0x002f9] in <db8182c1b351438a8097566295703173>:0 ERROR: An error occurred while processing. Total time for il2cppdumper: 0:00:03.897344 ======== Il2cppdumper did not produce any files. Probably something is wrong with the executable or metadata? Is it I am missing some important skill or knowledge ? Both game are under Hack Request, trying to see if I can find a solution. Unfortunately, blocked by this.

Not sure why, I can’t even sideload the decrypted version with Sideloadly. Game crash on opening. Also, the metadata file looks like included quite some foul language. IL2CPP dumping failed as well. Dont even know how to get started, sorry can’t help.

Completely dead ended for live hook on non-jailbroken. Tried 1. Interceptor.replace instead of Interceptor.attach —FAILED on my IPad Pro 2nd Gen 2. Remove memory protection —FAILED on my IPad Pro 2nd Gen For now, I will Iive with live patch first. May be later see if H5GG would update embedded Frida version to latest. Then could give it a try.

Thanks

What type of string? You can’t do it with iGameGod or HG55?

Thx Although you said for newbies, I still don’t know how to use

Update: 1. It works every time on my iPad Pro (9.7) but not work on my iPad Pro 2nd Generation. 2. Both are on iPad OS 16.2 Completely no idea what happens. Luckily the live patching work across device. Just the Interceptor failed on one. I guess it is the implementation of Interceptor causing problem. Because the statement simply hang and not returning, app’s console log show nothing. We just see the Interceptor call invoked, then nothing more in log and not progressing. So, it is probably not invalid memory access stuff. Looking for possible solutions.

I am not able to find out what causing the game hang yet. But I seem happened after I tried to clean up the script. It could also because I mess up the code. Let me try a bit more today.

Test Result: 1. try {pid=h5gg.getProcList("UnityFramework")[0].pid;}catch(e){} - NOT WORK 2. let frontapp = h5frida.get_frontmost_application(); frontapp.pid; - THIS WORK But the hook seems not always work, sometime it cause game hang (not exit) on applying the hook. Need some more study.

Never use Ted2 mod menu. I don’t have a jailbroken device now. is it a simple deb that I can inject and try out?

Am….are we talking the same hook? You seems have special expectation on that word “normal”. My “normal” just mean, we don’t need to patch and re-Sideload the app. Just directly hook on to the app under debugging state.

Cool, let me give them a try. If I remember correctly, h5frida.enumerate_processes() return process within Frida only. I only see Gadget in it previously. Below one could work, frontmost app should be the game let frontapp = h5frida.get_frontmost_application(); frontapp.pid This one, I am not so sure. h5gg.getProcList("UnityFramework")[0].pid There is a version of h5gg works cross-process app, which is requires jailbroken. Hopefully, these commands does not need that version.

GOD!!! I seems make the normal hook working under debugging state! I can hook the Subway Surfers - Always can jump! Not sure if there has any drawback/issue yet. Will give another try later tonight! If it really works, I will definitely make another Tutorial. Anyway, current version is still quite handicapped. Need manually hard code process ID in script. But if hook is possible, I will find way to get process ID from system.

Quite busy these two days. I am still figuring out how to write “Intercepter” on UnityFramework. Never try it before. Or do you have good tutorial? Or a quick piece of normal hook script for Subway Surfers? Two quick challenges found are, 1. How to get process ID in script? “var pid = $("#procname").attr('pid');” is not working. Per tuancc, this seems need different version of H5GG. I am trying to hard code “pid” for now. 2. Interceptor is default not available under current configuration. We will need to update the Frida config. Already found what to change, hopefully we won’t block by the jailed implementation of H5GG/h5frida.

Oh! God! I just missed the lovely “F5”! Thank you so much!

Oh!! That is something I don’t know. Any tutorial? How to convert first photo to second one? I thought we can only look at those arm code to mentally reverse engine the logic. Very painful exercise for me.

Cool, thx. Not aware of that. Do you have a good source of it? I don’t familiar GitHub and how to build. It often take me long time.

Haven’t try to do same thing with IDA. I use IDA normally for string search, static analysis using graphical view. I don’t even debug from IDA now. Completely don’t know how to debug on non-jailbroken device.

Frankly, I want a Windows PC as well. A lot app in Windows OS are not available in Mac. Take DnSpy as example, I tried pretty hard still can’t get it running with wine in Mac.

Thanks for the support. if you are on Mac, Xcode is a pretty good option. Free and suppprt signing and Sideload with your our own Apple developer certificate.

Don't need the Documents app (iOS). Use the Apple's iOS Files app (default install). It can access the static-inline-hook folder if we Sideload with "Enable File Sharing" on.

UPDATE: You can achieve this with JIT from Sideloadly/Altstore/etc now First and foremost this trick is not for everyone. It is mostly for those casual hacker who will do some dynamic hacking with debugger, while won’t spend a lot of time in front of PC. Casual, in a sense that he/she does not have a jailbroken device. He/she would like to do some causal hacking with in travel or away from PC. This Trick allow you to test your hack with H5GG in real-time. YES, no need to repackage and re-sideload. Requirements: - Xcode - Subway Surfers Credits : @tuancc the H5GG tool @ꞋꞌꞋꞌꞋꞌꞋꞌ for the tutorial on H5GG tutorial

The patched one in static-inline-hook folder, AirDrop it to Mac, repackage the ipa and Sideload again. Just want to say, for Mac user, you do not necessarily need 3u Tools (or alike). Of course, 3u Tools is a great tool to have.

If you are on Mac, you can actually AirDrop the framework file to Mac. This is my default option