Elreys

good

????

thanks

thks

thks

Hi Guys, Yesterday i tried to crack a new game named Space Marshals, first with Clutch and Rasticrack but in booth tool the game was not listed, after this a decide to download the ipa from appaddict site. The installation was succesfull on my Ipad 2 and my Iphone 6 Plus, I used GamePlayer i found the Ammo adress i changed, with and works fine, but the gm adress was the wrong in IDA, so i thinked ASLR enabled after this i tried to disable the ASLR with HackJack Tool but unsuccesfully, i tried also python script from [http://sskaje.me] the scripts works he disabled correct all the PIE, but after this the game wont start .... So now i need you HELP GUYS:) Thanks for your Support

Hi Guys, i think its good if we can create a list with all server side Game, or better, a list with specification what are point that we need to check to know if a game is a server side or not, it will help us to dont wast a lot of time, with server side Game, what you think ? @@DiDA its this possible or not ? Thanks ELREYS

thks thks

mercy

ok

thks

Hi DiDA i check the folde avery single file, i found one interesting differetnt beetween my Plist struct and this of Zahir Folder, but this are generate auotmatically from $THEOS. and an other difference are in the structure, he has one folder more there as me. http://imgur.com/4xLEkPz My Plist content: dungeon.plist { Filter = { Bundles = ( "com.orca.dungeonm" ); }; } Zahir Plist content: dh4.plist <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Filter</key> <dict> <key>Bundles</key> <array> <string>com.gameloft.DungeonHunter4</string> </array> </dict> </dict> </plist>

DiDA, please look on my Picture i prepare all the information that you need for a diagnose, @ http://imgur.com/45D...WuIR81Z,uMEhVW1 Its really crazy i tried to create a new Tweak with a simply Game, but again the same problem, also i tried to created a Packed on my Iphone 6 Plus ios 8 I wait of your Support Guys Thanks

I try now to create simply a tweak without button, i like to remember you that i have a Ipad Air , i change also the Make file for 64 Device, the creation work fine, but if the game are still not affected, if a change this manually with hex editor they work perfectly. I dont know if the problem are the code: #import <Foundation/Foundation.h> #import "writeData.h" %ctor{ writeData(0x29E0CC,0x8042); } Please help me :wallbash: :wallbash:

I tried but unfortunately won't work, I did exactly this that you writes

Hi Guys, i create succesfully my first debian file, i see also the Preference Menu on my IPAD, i can switch GOD MODUS, LevelSkip etc. But the game are not affected if i change the code with HEX Editor manually they works perfect. Tweak.xm CODE : #import <Foundation/Foundation.h> #import "writeData.h" BOOL GOD; %ctor { GOD = [[[NSDictionary dictionaryWithContentsOfFile:@"var/mobile/Library/Preferences/com.Zagor1979.plist"] valueForKey:key@"GOD"] boolValue]; if(GOD) { writeData(0x1C2064,0x3501); //------> new adds r5 , r5 , #0x1) } { writeData(0x1C2064,0x002E); old } } I try more things but unfortunally they dont work great.. I need you Help Master DIDA Thanks for your Support

Thks

DiDA i try but this guide ist not complete, ithink thex miss somthing ? http://imgur.com/dddbgrf,LkZDQcZ

Hi SuperGIU i try also to create a new Preference bundle but i receive this error : error: expected function body after function declarator if(GetPrefBool(@"kInvincible")) this are my file content : I try with this file: #import <Foundation/Foundation.h> #import "writeData.h" #include <unistd.h> #define PLIST_PATH @"/private/var/root/spidy/spidermanultimate/Resources/SpiderManUltimate.plist" inline bool GetPrefBool(NSString *key) { return [[[NSDictionary dictionaryWithContentsOfFile:PLIST_PATH] valueForKey:key] boolValue]; } %ctor if(GetPrefBool(@"kInvincible")) { writeData(0x47842,0x3501); } { writeData(0x1C4551,0x002E); }; What is wrong ? Thks ELREYS

thks

Hi Guys, i need your help , to unterstand a litlle be the register on ARM, i found this address: 002B2CB2 |.>71AAF64A |movw r1, #0xafaa From 0x002B2CA4 002B2CB6 |. 4F8F1A7 |sub.w r4, r7, #0xf8 002B2CBA |. 1ABF2C0 |movt r1, #0xab 002B2CBE |. 9807 |ldr r0, [sp, #0x1c] 002B2CC0 |. 4479 |add r1, pc 002B2CC2 |. 6942 |ldr r2, [r0, #0x14] 002B2CC4 |. 4620 |mov r0, r4 002B2CC6 |. C824F250 |blx ._sprintf 002B2CC2 |. 6942 |ldr r2, [r0, #0x14] ----- r2 is the required level to locked the level , i try this : 1. register write r2 1 to change the required level from 55 to 1 i see the change in lldb but if a run with c continue, nothing are changed What is wrong ? Thanks Guys

Thk

Laxus what you mean exactly i like to unterstand this explanation becuase i think this is the only way to cheat the system.

Hi Guys, its possible to route a game function in a different one, i tell you my idea i found a tutorial function - that mean free continue fall non death super jump eccc, then we have a second normal function, death non free continue, if we can ropute this function on the event its perfect but the question is its thi way possible ??? IDA ---> Normal : BL sub_1E59DC | Tutorial ----> BL sub_DCFC4 I need you help Guys Thanks ELREYS

thks