Enoch

I'm trying to work on this game right now. I'll post again once it's finished. Preview: https://prnt.sc/q4nw4b

Thank you, I will try that. But how did you get that value? I’m trying to figure it out so I can dwindle down on asking.

Alright so I started using il2cpp (thanks to DADi) and I'm able to find the RVA's of what I want to change. But after watching many youtube videos (all for android, to see if there's much of a difference), many tutorials on here, I have gotten no where. Well, I've gotten some places but I'm stuck. When looking at these tutorials they don't explain how to change the function or why they are changing the function to their selected value. Example: https://prnt.sc/q4ms08 https://prnt.sc/q4mtbe So what I'm trying to do is change the hit damage of the weapon. So I found it: https://prnt.sc/q4mtnh I go to ARM converter and convert - STP D9, D8, [SP,#-0x30] and the HEX I get is "E9233D6D". So I go into HxD and look it up and look up the RVA to make sure it matches, it does. Now I'm stuck, how do I know what to change it to? The tutorials don't explain why or how they got or decided on what to change it to.

@Ted2 Good tut but I'm kinda lost. https://prnt.sc/q4eq93 So I decide to right click > code https://prnt.sc/q4eqk6 I'm pretty lost here. Do I create a function?

I’ve had this happen before. I had to download Unc0ver from similar apps to Appcake.

Gonna put this in my pocket for later, thanks for this. edit: UI looks great.

Your best bet would to check out the VIP Android hacks section or the regular android hacks section.

Alright so looks like I'm probably the number one poster in help and support. So using ArchAngel's advice, I'm using the lldb method on my phone and it's going a lot better than using PuTTY. But with advancements comes set backs. So I'm currently at a setback. What am I doing wrong? The short is: I only get two values and no hits. w s e -- 0x28300E780 w s e -- 0x283010070 c (Spend in game) (-No updated hits in lldb-) Process interrupt * thread #1: tid = 0x1beb4, 0x000001a14080f4 libsystem_kernel.dylib'mach_msg_trap + 8, queue=com.apple.main-thread', stop reason = signal SIGSTOP frame #0 0x0000001a14080f4 libsystem_kernel.dylib'mach_msg_trap: -> 0x1a14080f4 <+8>: ret libsystem_kernel.dylib'mach_msg_overwrite_trap: 0x1a14080f8 <+0>: movn x16, #0x1f 0x01a14080fc <+4>: svc #0x80 0x1a1408100 <+8>: ret (lldb)

Fixed. I was loading it in as a binary instead of Mach 0.

In the future here are some tips and how to turn off auto renewal: https://prnt.sc/q2s4pq https://prnt.sc/q2s516 https://prnt.sc/q2s5ij

So I decrypted the IPA using bfdecrypt. I open it as little endian. I don't select a RAM start address and I don't select a ROM start address, I just leave everything as is. I then disassemble it as a 64 bit code. There's no functions in the function window. I’m not sure if it’s the decrypter that sucks or if there’s something else wrong. This what what I get from there: https://prnt.sc/q2jadv

Gonna see if my app will crash, testing for someone. Thank you.

It still hasn't worked. I'll PM you.

As far as I know, DLG is the only alternative for the time being. I would suggest just paying for iGameGuardian, it's what I'm probably gonna have to do. Edit: You can try this with GameGem. This work around works for me: 1.) Launch GameGem and the app you would like to modify. 2.) Open up your preferred terminal app. 3.) type "su" then hit enter. Follow it with your password next. 4. Type "killall GameGemNative && GameGemNative" and then run it 5.) Go back to GameGem then preform any search, then go back to the terminal app. 6.) Close terminal app.

Whenever I unfreeze the app PuTTY gets this error and then it goes inactive: https://prnt.sc/q28zmn I can set watch lists but I can't ever get the new value because of this. I did set keepalives but it's not keeping it alive whenever I continue so I can't get frame #0 or the IDA address.

I forgot that I renamed the binary name on my desktop to RoKDecrypted to keep an eye on it and not lose it. So I forgot it was a different name.

It was c and then pressing enter, thank you.

So I run attach 'PID' and I run image list, it freezes the app. If I close out of PuTTY while in the game (while it's frozen) it unfreezes. Even after the attach is done, it stays frozen. I close out of PuTTY? It resumes. I've also tried having it in the background while I'm running attach 'PID' and image list. Whenever I go into the app, it's frozen. I can't set watchpoints because it's frozen. Is it just taking a while to rebase the debugger and I should leave it and see what happens?

And the app and binary name was "ios".

Thanks to a user on Reddit you can get the PID using: ps ax | grep 'app name'

To go with the post above, In the MCMMetaIdentifier the value is: com.lilithgame.roc.ios Also not preferences, I see the same thing. I’m thinking maybe they never changed the file names from Rise of Civilizations but when I run it in lldb I still get the same thing. This must be easier to attach the game with the PID.

The game is Rise of Kingdoms in the app store but on the homepage it's called RiseofKingdoms so I assume I'm spelling it correctly. Edit: Just checked /var/mobile/Containers/Data/Application and it’s called RiseOfKingdoms so I’m spelling it correctly. They did have a legal issue a while back and had to change their name from Rise of Civilizations to Rise of Kingdoms but I don’t think that would matter at this point.

Not attaching https://prnt.sc/q1qn7t

So I'm using PutTTY to attempt to attach the game, I have no idea what the PID is for the game and not sure how to find it using DLG so I'm trying to attach using the name of the game. However, it won't attach. Maybe it'll actually attach using the PID but as I said, I'm not sure how to get it using DLG. I'm following this tutorial: Screenshot: https://prnt.sc/q1q674