Jbro129

You would need to setup your own server and replace the real server IP address with a private server ip address. Since it's a unity game and it uses il2cpp, the game gets it's strings from globalmetadata.dat. but it would have to be the exact character length as the original when you replace it or else the game won't be able to read the file which would make the game crash.

Yes lol

Thanks

Background I created a unity project on my computer and wrote simple C# to then convert to Arm through Unity's Il2cpp compiler. I have more complicated conversions but they would be pretty hard to explain. If you do want those conversions then make sure to comment below Example Conversions Force True: C# private bool True() { return true; } Force True: IDA Arm MOV R0, #1 BX LR hex -> 01 00 A0 E3 1E FF 2F E1 Force False: C# private bool False() { return false; } Force False: IDA Arm MOV R0, #0 BX LR hex -> 00 00 A0 E3 1E FF 2F E1 Force positive int: C# private int pInt() { return 999; } Force positive int: IDA Arm MOV R0, #999 BX LR hex -> E7 03 00 E3 1E FF 2F E1 Force Float: C# private float pFloat() { return 999f; } Force Float: IDA Arm MOV R0, #0x447A BX LR hex -> 7A 04 04 E3 1E FF 2F E1 // 447A <= 447A0000 Float Hexadecimal // Convert Int to Float here - https://babbage.cs.qc.cuny.edu/IEEE-754.old/Decimal.html // Convert Float to Int here - https://babbage.cs.qc.cuny.edu/IEEE-754.old/32bit.html You CANNOT use hexadecimals longer than 4 character long Working example => Movt r0, #447A (1000 int) Not-Working Example => Movt r0, #4479C (999 int) There is a way to use longer hexadecimal floating points with MOV and I plan on adding it in the future. Force Int or Float into a field: C# //float private void setFieldF() { fieldF = 1000F; } public float fieldF; //int private void setFieldI() { fieldI = 1000; } public int fieldI; Force Int or Float into a field: IDA Arm Get your field offset from your generated dump.cs from Il2CppDumper by Prefare. //float field MOV R1, #0x447A STR R1, [R0,#0x10] // replace "0x10" with your field offset inside of dump.cs BX LR hex -> 7A 14 04 E3 10 10 80 E5 1E FF 2F E1 //int field MOV R1, #1000 STR R1, [R0,#0x14] // replace "0x14" with your field offset inside of dump.cs BX LR hex -> FA 1F A0 E3 14 10 80 E5 1E FF 2F E1 Force Return with Parameters: C# // 1 Parameter private string Param1(string one) { return one; } //2 Parameters private int Param2(int one, int two) { return two; } //3 Parameters private int Param2(float one, float two, float three) { return three; } Force Return with Parameters: IDA Arm It does not matter if the function is string, int, or float, if the function is the same type as the parameter then it will be the same arm code regardless. //1 Parameter MOV R0, R1 BX LR hex -> 01 00 A0 E1 1E FF 2F E1 //2 Parameters MOV R0, R2 BX LR hex -> 02 00 A0 E1 1E FF 2F E1 //3 Parameters MOV R0, R3 BX LR hex -> 03 00 A0 E1 1E FF 2F E1 //if the function has more than 3 parameters then reolace the second "R" with said parameter number Example: 7 Parameters MOV R0, R7 BX LR hex -> 07 00 A0 E1 1E FF 2F E1 Example: 5 Parameters MOV R0, R5 BX LR hex -> 05 00 A0 E1 1E FF 2F E1 Force end an IEnumertor/IEnumerable: C# private IEnumerator setYielEnumerator() { yield break; } private IEnumerable setYieldEnumerable() { yield break; } Force end an IEnumertor/IEnumerable: IDA Arm Using BX LR to end an IEnumertor or IEnumerable is wrong. Go to dump.cs and find the IEnumertor or IEnumerable function Say for example dump.cs says this private IEnumerator setYielEnumerator(); // 0xOFFSET or private IEnumerable setYieldEnumerable(); // 0xOFFSET Find the "sealed class" that has the function name in the class name Example // Namespace: private sealed class <setYielEnumerator>c__Iterator0 : IEnumerator, IDisposable, IEnumerator`1<object> // TypeDefIndex: 1446 { // Fields internal object $current; // 0x8 internal bool $disposing; // 0xC internal int $PC; // 0x10 // Methods public void .ctor(); // 0xOFFSET public bool MoveNext(); // 0xOFFSET private object System.Collections.Generic.IEnumerator<object>.get_Current(); // 0xOFFSET private object System.Collections.IEnumerator.get_Current(); // 0xOFFSET public void Dispose(); // 0xOFFSET public void Reset(); // 0xOFFSET } // Namespace: private sealed class <setYieldEnumerable>c__Iterator1 : IEnumerable, IEnumerable`1<object>, IEnumerator, IDisposable, IEnumerator`1<object> // TypeDefIndex: 1447 { // Fields internal object $current; // 0x8 internal bool $disposing; // 0xC internal int $PC; // 0x10 // Methods public void .ctor(); // 0xOFFSET public bool MoveNext(); // 0xOFFSET private object System.Collections.Generic.IEnumerator<object>.get_Current(); // 0xOFFSET private object System.Collections.IEnumerator.get_Current(); // 0xOFFSET public void Dispose(); // 0xOFFSET public void Reset(); // 0xOFFSET private IEnumerator System.Collections.IEnumerable.GetEnumerator(); // 0xOFFSET private IEnumerator`1<object> System.Collections.Generic.IEnumerable<object>.GetEnumerator(); // 0xOFFSET } Go to the offset of MoveNext() public bool MoveNext(); // 0xOFFSET And write this in hex editor MOV R1, #0xFFFFFFFF STR R1, [R0,#0x10] MOV R0, #0 BX LR hex -> 00 10 E0 E3 10 10 80 E5 00 00 A0 E3 1E FF 2F E1 //same hex for both IEnumertor and IEnumerable Credits @Jbro129 for the tutorial Prefare for Il2CppDumper - Kienn, @Valeschi , @Earthiest and @DiDA for Armconverter.com

One way that might work is to go into the app and then turn on airplane mode. If a pop-up shows up saying "no internet" or whatever try to find what causes the pop-up and disable it. Then look around for any other functions that use the same method. As far as clash of clans, the last time I played that was before they added that second layer. If you find the function that stops the pop-up, check what other functions it uses to check for internet connection/sync check so you can then see what other functions use that same branch (press "X" in IDA on the function to see what others branch to it). Most likely COC calls a dedicated function to restart the app upon pressing the button to reconnect. Going to the dedicated function and BX LRing it might work in some situations. Then hopefully you can find what you want.

I have way too much time on my hands

A short way to answer that is to... #1 Try to disable or temporary stop server syncing (example would be in clash of clans and making the server sync popup not show up so it doesn't force an app restart.) #2 Once you have disabled it, try to find a way to get whatever it is you want. Inapp currency or level or whatever it is that you want. #3 Make the game think that what you have is legitimate so you can then apply your modded currency or whatever you are modding to the server. A tip when modding in app currency is to make the game think you got the currency through in-app purchases. Another way is to spoof in app purchases so you can get the reward without paying, which takes more skill, time, and effort .

Making an il2cpp mod menu is in general a pain to make from the ground up. I know how and I will release a template at some point.

Nice Only works with Unity games still using C#?

Check ids.xml and public.xml in res/values and look on line 296 in ids.xml and line 2026 in public.xml (The lines for each file is said in the apktool error pic you provided)

Very nice!

I am the type of person who cannot have a phone unrooted or not jailbroken.

You fixed it but the game loads up then crashes shortly after even when no patches are applied. https://drive.google.com/file/d/1t5sy3fqpHSgcNjgmGNxR7Uhi44hWMDlK/view?usp=sharing #import "writeData.h" #import <Foundation/Foundation.h> #import <UIKit/UIKit.h> #import <substrate.h> #define PLIST_PATH @"/var/mobile/Library/Preferences/com.jbro129.terrariamod.plist" inline bool GetPrefBool(NSString *key) { return [[[NSDictionary dictionaryWithContentsOfFile:PLIST_PATH] valueForKey:key] boolValue]; } %ctor { if(GetPrefBool(@"dev")) { writeData(0x0, 0x0); } else { writeData(0x0, 0x0); } if(GetPrefBool(@"craft")) { writeData(0x, 0x0); writeData(0x, 0x0); writeData(0x, 0x0); } else { writeData(0x, 0x0); writeData(0x, 0x0); writeData(0x, 0x0); } if(GetPrefBool(@"health")) { writeData(0x, 0x); writeData(0x, 0x); } else { writeData(0x, 0x); writeData(0x, 0x); } if(GetPrefBool(@"block")) { writeData(0x, 0x); } else { writeData(0x, 0x); } } %hook AppDelegate - (BOOL)application:(id)fp8 didFinishLaunchingWithOptions:(id)fp12 { UIAlertView *igcredits = [[UIAlertView alloc] initWithTitle:@"Terraria Mod Menu" message:@"Mod By Jbro129" delegate:self cancelButtonTitle:@"Continue" otherButtonTitles:@"Subscribe", nil]; [igcredits show]; [igcredits release]; return %orig(); } %new -(void)alertView:(UIAlertView *)alertView clickedButtonAtIndex:(NSInteger)buttonIndex { NSString *button = [alertView buttonTitleAtIndex:buttonIndex]; if([button isEqualToString:@"Subscribe"]) { [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"http://youtube.com/Jbro129"]]; } } %end I removed the offsets because I just dont like sharing offsets. That google drive link is a video I recorded display recorder.

I am using the ios 8.1 sdk. I found this download for it from @Ted2 on another thread somewhere. http://www94.zippyshare.com/v/tfVYO2ju/file.html

I am trying to compile a theos patcher and I recieve errors while compiling it. I am on ios 9.0.2 iPad Mini 4. Here is regular "make package" Here is "make package messages=yes" Here is my Makefile ARCHS = armv7 arm64 TARGET = iphone:clang:latest:latest #CFLAGS = -fobjc-arc #THEOS_PACKAGE_DIR_NAME = debs include theos/makefiles/common.mk TWEAK_NAME = TerrariaMod TerrariaMod_FILES = Tweak.xm TerrariaMod_FRAMEWORKS = UIKit TerrariaMod_LDFLAGS += -Wl,-segalign,4000 include $(THEOS_MAKE_PATH)/tweak.mk after-install:: install.exec "killall -9 SpringBoard" SUBPROJECTS += TerrariaMod autolipo include $(THEOS_MAKE_PATH)/aggregate.mk I tried ldid -S "binary" for the usual commands needed for theos and I recieve an error for ldid also.

I have the Galaxy S8 and I used SamPWN on XDA to root it. There are also custom firmwares that have more stable root in it for the S8 and S8+ like PartCyborgRom.

Lol that was me.

I know how to bypass the anticheat pg3d on Android and iOS should be the same. Also v13.3.0 just came out for Android so I would wait @shmoo for it to come for iOS before modding.

Well I guess you could make it so the game closes if the image file is removed from the assets. I don't know of a universal resolution but Google does haha

Well it really depends on the screen resolution, coding something that shows different image sizes depending on screen size shouldnt be to hard. Like having 3 images in assets 3 different sizes of the same image. I will look into that.

Very nice!

Requirements: 1. Apktool (Any type of apktool) 2. Text editor (Sublime Text/Notepad++) 3. The Zip File Linked below End Result : Download Code: [Hidden Content] Instructions: Step 1: Decompile your Apk using Apktool (In cmd on windows do "apktool d YourApk.apk") course replace "YourApk.apk" with the apk of your choice. Step 2: Open AndroidManifest.xml and find the lines that look similar to this <activity android:configChanges="locale|fontScale|keyboard|keyboardHidden|mcc|mnc|navigation|orientation|screenLayout|screenSize|smallestScreenSize|touchscreen|uiMode" android:label="@string/app_name" android:launchMode="singleTop" android:name="com.unity3d.player.UnityPlayerActivity" android:screenOrientation="landscape"> <intent-filter> <action android:name="android.intent.action.MAIN"/> <category android:name="android.intent.category.LAUNCHER"/> </intent-filter> </activity> Step 3: search for the text .method protected onCreate(Landroid/os/Bundle;)V inside of the file and insert this line under where it says .locals Code: invoke-static {p0}, Lcom/gbo/banner;->gboCustomImage(Landroid/content/Context;)V Example use of code - .method protected onCreate(Landroid/os/Bundle;)V .locals 2 invoke-static {p0}, Lcom/gbo/banner;->gboCustomImage(Landroid/content/Context;)V Step 4: Download the above below "CustomImageJbro.zip" and extract the 3 smali files. Put them inside of this directory of your decompiled apk YourDecompiledAPK \---smali \---com \---gbo |---popup$1.smali |---popup$2.smali |---popup.smali Step 5: Open banner$2.smali and go to line 45 and replace the url to one of your choice. "https://www.youtube.com/Jbro129" to "https://iosgods.com" Then open banner.smali and go to line 99 and replace the text with one of your choice. "Subscribe" to "Visit iOSGods" Step 6: Still inside of banner.smali, go to line 25 and replace the text with one of your choice. This text is a toast that pops up open opening. "Mod By Jbro129" to "Mod For iOSGods" Step 7: If you got this far then you most likely saw line 48. Basically what is happening, the app is taking an image from within the assets folder and displaying it upon startup. So go back to your decompiled apk and go to /assets and paste the image of your choice there. Make sure it is a .PNG and then rename your image to config.png. "picture.png" to "config.png" YourApk \---assets |---config.png \---..... Step 8: Go back to banner.smali and go to line 75. This is the images background color, so if it set to "#0000ff" then it will be blue or if it is "#ff0000" it will be red. Mine was set to "#373fe8" so it is a variant of blue. Take the hex color of your choice and replace "#373fe8" with "#YourColor" Example = "#373fe8" <= "#ff8000" Step 9: Apply all changes and then recompile apk. As you will see, the toast will be the one you typed as well as the image you put into /assets etc when you open the app. Credits: - @Jbro129

Interesting ? Making this work no root is possible and I have done it. It's also a mod menu Lol

Nice job