QuasaR

https://github.com/theos/sdks

Awesome! Tnx for the conversion! [edit] The instruction works perfectly, only downside is that I made the zombies immortal (in LDOE) instead of setting a 'god' mode to the player

@DiDAThat method doesn't work. I have the following 2 instructions : __text:00000001002E17BC MOV V8.16B, V1.16B (HEX = 28 1C A1 4E) __text:00000001002E17C0 MOV V9.16B, V0.16B (HEX = 09 1C A0 4E) and I want to change to top one from MOV V8.16B, V1.16B to MOV V8.16B, V0.16B so that V8.1 and V9.1 match. When I run the HEX value through http://armconverter.com/hextoarm/, I get exactly the same instruction as displayed above so I can't follow the linked tutorial because I don't get a different instruction which I can modify.

@DiDA I have the following instruction (MOV V8.16B, V0.16B) that I want to convert to HEX. I tried using the online converter but conversion fails. Can you help me convert this from ARM to HEX ?

Thank you for the update

Can you share the tool with me too If you want my skype I can PM you.

@0xBL4Z3R Thank you for this tutorial! 2 questions: 1) Do we need a cracked binary to hook the debugserver to or does it also work on clean installed apps ? 2) How where you able to crack the binary from June's Journey ? (Clutch gives me the following error : Error: Failed to dump <Stickers> with arch arm64)

Ah, ofcourse... instead of getting the size I already set it myself :+

Hi Guys, In IDA I have the following code: __text:00000001002E4330 MOV X1, #0 __text:00000001002E4334 BL Inventory$$get_size __text:00000001002E4338 MOV X1, X0 __text:00000001002E433C CBZ X21, loc_1002E44B0 What I want is to add an extra instruction before the MOV X1,X0 with something like MOV X0,#50. So it will look like this: __text:00000001002E4330 MOV X1, #0 __text:00000001002E4334 BL Inventory$$get_size __text:0000000XXXXXXXXX MOV X0, #50 __text:00000001002E4338 MOV X1, X0 __text:00000001002E433C CBZ X21, loc_1002E44B0 How can I do that with code injection without overwriting the rest of the instructions or losing instructions ?

Wow, indeed, you go for one error to the other :+ Try export THEOS=/var/theos and then make again

I had the same issue. Mine was that I used an old SDK in /var/theos/sdks. After installing a new SDK (https://github.com/theos/sdks) it compiled perfectly for me. So please remove any old SDK's you have and do a git clone https://github.com/theos/sdks (git clone git://github.com/theos/sdks when you get an error about https) in your /var/theos/sdks/ folder.

Ok, but code injection mostly assumes it's a mov /add instruction and about R registers, not W or X and not an STR instructionlike in the following example (set_water): __text:0000000100DBD5C0 LDR W0, [X0,#0x70] __text:0000000100DBD5C4 RET __text:0000000100DBD5C4 ; End of function ItemDefinition$$get_water __text:0000000100DBD5C4 __text:0000000100DBD5C8 __text:0000000100DBD5C8 ; =============== S U B R O U T I N E ======================================= __text:0000000100DBD5C8 __text:0000000100DBD5C8 __text:0000000100DBD5C8 ItemDefinition$$set_water ; CODE XREF: ProtoSerializer$$Read_85953+C5C↓p __text:0000000100DBD5C8 ; DATA XREF: __const:00000001022EB878↓o __text:0000000100DBD5C8 STR W1, [X0,#0x70] __text:0000000100DBD5CC RET __text:0000000100DBD5CC ; End of function ItemDefinition$$set_water __text:0000000100DBD5CC The set_water is called from the following code: __text:0000000100DDF618 loc_100DDF618 ; CODE XREF: ProtoSerializer$$Read_85953+698↑j __text:0000000100DDF618 MOV X0, X21 __text:0000000100DDF61C MOV X2, #0 __text:0000000100DDF620 BL ItemDefinition$$set_water __text:0000000100DDF624 B loc_100DDFB00 __text:0000000100DDF628 ; ---------------------------------------------------------------------------

Thank you for the package. I was unable to compile it myself (even after placing the readline stuff in the correct folders). Your package is working fine.

First of all, thank you very very much for this tutorial. I was wondering if you have an example Tweak.xm for a game with how to hook the class functions. I have found the following info for the game I am trying to 'hack' // Namespace: IAS.Proto public class ItemDefinition : IExtensible // TypeDefIndex: 3153 { // Methods public void .ctor(); // 100dbd3f8 public int get_water(); // 100dbd5c0 public void set_water(int value); // 100dbd5c8 public int get_premium(); // 100dbd600 public void set_premium(int value); // 100dbd608 } In IDA I have the following code on offset 100dbd5c0: __text:0000000100DBD5C0 sub_100DBD5C0 ; CODE XREF: sub_1002E1114+378↑p __text:0000000100DBD5C0 ; sub_100DD1FF8+A88↓p __text:0000000100DBD5C0 ; DATA XREF: ... __text:0000000100DBD5C0 LDR W0, [X0,#0x70] __text:0000000100DBD5C4 RET __text:0000000100DBD5C4 ; End of function sub_100DBD5C0 Which translates to the following pseudocode: __int64 __fastcall sub_100DBD5C0(__int64 a1) { return *(unsigned int *)(a1 + 112); } What I want is to display the current value (so I know I am in the right place) and then hook the set_ functions to set a new value. I am hoping you can help me. If you need more info please let me know. [edit] In my search of more tools I stumbled across something interesting. https://github.com/nevermoe/unity_metadata_loader This little tool lets you add the strings from the global*.dat file directly into IDA which makes searching easiere

Same issue here, worked before though... Hoping that an update will come soon (Free, NOT VIP!).

iPhone 6+ iOS8.4, game version 1.2.021 both functions not working.