QuasaR

Uh, you can't extract it from the .tar file. You need to place the .tar file in $THEOS/templates and then run $THEOS/bin/nic.pl Select the cheat from shmoo and then you fill in the required information. After that you have the correct Tweak.xm and other stuff you can modify.

@K_KCan you update this to version 1.1.30 ?

@DiDA Would it be possible to add this game to the 'direct install' ?

@DiDA, @ZahirSher, @shmoo I trying this on the new version of Last Day on Earth to see if I can find something regarding the noise when doing a raid but is seems like it's obfuscated or something. // Namespace: Assets.Core.Game.Battle.Character public class RaiderCharacterController : TraderCharacterController // TypeDefIndex: 6136 { // Fields private FollowPointer JKGEMOAJMHC; // 0x1B0 // Methods protected override void OCFEAMFBGJP(); // 0x10064D73C public override bool GLOJCBJINGE(); // 0x10064D774 protected override void MENMGDJOEMF(); // 0x10064D7BC public override bool CheckUse(); // 0x10064D7E8 protected override void HFJCJHJPIMG(); // 0x10064D830 public void .ctor(); // 0x10064D868 protected override void BDKNACCPKIK(); // 0x10064D86C public override void NMNJBHEHDDD(); // 0x10064D898 public override void Dispose(); // 0x10064DB0C protected override void BNPNANEBNBA(); // 0x10064DB44 } Can someone give me some pointers on how to deobfuscated this ?

Thank you!

Tnx schmoo

Thank you for the update

Can you share the tool with me too If you want my skype I can PM you.

@0xBL4Z3R Thank you for this tutorial! 2 questions: 1) Do we need a cracked binary to hook the debugserver to or does it also work on clean installed apps ? 2) How where you able to crack the binary from June's Journey ? (Clutch gives me the following error : Error: Failed to dump <Stickers> with arch arm64)

Ok, but code injection mostly assumes it's a mov /add instruction and about R registers, not W or X and not an STR instructionlike in the following example (set_water): __text:0000000100DBD5C0 LDR W0, [X0,#0x70] __text:0000000100DBD5C4 RET __text:0000000100DBD5C4 ; End of function ItemDefinition$$get_water __text:0000000100DBD5C4 __text:0000000100DBD5C8 __text:0000000100DBD5C8 ; =============== S U B R O U T I N E ======================================= __text:0000000100DBD5C8 __text:0000000100DBD5C8 __text:0000000100DBD5C8 ItemDefinition$$set_water ; CODE XREF: ProtoSerializer$$Read_85953+C5C↓p __text:0000000100DBD5C8 ; DATA XREF: __const:00000001022EB878↓o __text:0000000100DBD5C8 STR W1, [X0,#0x70] __text:0000000100DBD5CC RET __text:0000000100DBD5CC ; End of function ItemDefinition$$set_water __text:0000000100DBD5CC The set_water is called from the following code: __text:0000000100DDF618 loc_100DDF618 ; CODE XREF: ProtoSerializer$$Read_85953+698↑j __text:0000000100DDF618 MOV X0, X21 __text:0000000100DDF61C MOV X2, #0 __text:0000000100DDF620 BL ItemDefinition$$set_water __text:0000000100DDF624 B loc_100DDFB00 __text:0000000100DDF628 ; ---------------------------------------------------------------------------

First of all, thank you very very much for this tutorial. I was wondering if you have an example Tweak.xm for a game with how to hook the class functions. I have found the following info for the game I am trying to 'hack' // Namespace: IAS.Proto public class ItemDefinition : IExtensible // TypeDefIndex: 3153 { // Methods public void .ctor(); // 100dbd3f8 public int get_water(); // 100dbd5c0 public void set_water(int value); // 100dbd5c8 public int get_premium(); // 100dbd600 public void set_premium(int value); // 100dbd608 } In IDA I have the following code on offset 100dbd5c0: __text:0000000100DBD5C0 sub_100DBD5C0 ; CODE XREF: sub_1002E1114+378↑p __text:0000000100DBD5C0 ; sub_100DD1FF8+A88↓p __text:0000000100DBD5C0 ; DATA XREF: ... __text:0000000100DBD5C0 LDR W0, [X0,#0x70] __text:0000000100DBD5C4 RET __text:0000000100DBD5C4 ; End of function sub_100DBD5C0 Which translates to the following pseudocode: __int64 __fastcall sub_100DBD5C0(__int64 a1) { return *(unsigned int *)(a1 + 112); } What I want is to display the current value (so I know I am in the right place) and then hook the set_ functions to set a new value. I am hoping you can help me. If you need more info please let me know. [edit] In my search of more tools I stumbled across something interesting. https://github.com/nevermoe/unity_metadata_loader This little tool lets you add the strings from the global*.dat file directly into IDA which makes searching easiere

Thanks!