ThePianoGuy

Now you should be able to hack or modify any game, right? Let’s try to hack score value in “300: Seize Your Glory” game. This is promo-game, based on “300:Rise of an Empire” movie. [Hidden Content] Credit: greatestmeow

Kingroot doesn't work on 2.6.xx because they removed pre-root and patched exploits. The only one way to root is modify root.fs

Since version 0.9.0, Bluestacks added su binary which allow you to grant access silently but silent root access doesn't work for some apps. PLEASE READ!!! DO NOT TRY TO ROOT BLUESTACKS WITH SUPERSU APP. YOU WILL LOSE ROOT PERMISSIONS, INCLUDING LOSS OF SEMI-ROOT EXPLOIT. Download Bluestacks 2 at: http://www.bluestacks.com/ Don't like Bluestacks 2? Download classic Bluestacks instead: http://forum.xda-developers.com/wiki/BlueStacks_App_Player LET'S ROOT THE BLUESTACKS! You can watch the videos or read the topic below 1. Launch Bluestacks 2. Download Kingroot app for Android from here: http://www.kingroot.net/?myLocale=en_US (NOTE: Some browsers blocks Kingroot from downloading. Add it to the whitelist, to prevent any issues) 3. Double-click on the APK file to install the app into the Bluestacks 4. You'll see the Kingroot app in the app drawer, open it. 5. Tap on "Root status failed" to begin the rooting process 6. Rooting will take 5-10 SECONDS! After rooting, you will see a message like this: 7. That's it. Bluestacks is now rooted. IMPORTANT. Do not open any app which asks you to restart the device. Pressing restart will UNROOT Bluestacks and the good hidden semi-root exploit will be GONE FOREVER until you reinstall Bluestacks. 8. Test root access on any apps to see if it works. 9. Close the Bluestacks, and reboot your computer to take effect. Now enjoy your 100% full root access on Bluestacks. You can finally use GameGuardian on Bluestacks to hack any offline games without the use Cheat Engine or similar external softwares! Credits: AndnixSH

Why unsigned APK, and why is it recommended for most games? With an unsigned APK, you can install the APK over the original. You can login with your Google+ account without signature error, and login with your Facebook account without uninstalling Facebook app. No more login not working complains! What are the difference between unsigned APK and signed APK? Unsigned APK is an APK that was been modded but the modders kept the original signature by developer to make Google login working. SIgned APK is an APK which was been re-signed by modders with APKtool's signature, dated 29-02-2008. Google or other social medias may not work due to signature that was been changed. You can only install an unsigned APK on your rooted device because it require the signature to be disabled using Lucky Patcher. If your phone is not rooted, please saerch on Google about how to root your phone. Note from Xtreme Myst: By using the method described, consider to NOT add new files or remove existing files on the APK. For example, along with your mod you need to add a file into the APK, let say in "assets/myfile.dat". It won't work and lead to failure during APK installation. Another example, let say you've successfully remove XC protection and been thinking it's okay to pull the "lib/armeabi/libxigncode.so" out of the APK. Again, it causing installation failure. This is because all file structures in the APK was mapped and their info was stored in "META-INF/CERT. SF" file. The solution is you need to put all your mods along with expected APK file structures in the compiled APK, sign it (with any desired key), then pull the "META-INF/CERT.SF" from this newly signed APK to be used as replacement for the old one at your working APK. Let's start modding. First, we need to change another apps. 7zip or Winrar 1. Right click on the APK file -> Open With -Z Choose Another App 2. Click on "More apps" and tick "Always use this app to open .APK files" 3. Click "Look for another app on this PC" 4. To go program files and select any program to open with APK. I'd recommended 7zip or Winrar 5. The program will open 6. Drag and replace the modded file in the .APK file That's it. You are done Smali and XML modding If you were modding Smali or XML and you have recompiled it and signed it, you can do it 1. Compile the APK (Resigning an APK is optional) 2. Drag and replace a modded file from a signed APK to an original APK, and the APK will become an unsigned APK. 3. Simply close the program, and you are done! Replace signatures in META-INF (Second method) You can delete the modified signatures and add the original signatures in META-INF folder but it may not work for some apps 1. Open signed APK 2. Open META-INF folder 3. Delete all signatures and add original signatures by game developer in META-INF folder. This will make APK into unsigned APK Credit: AndnixSH

GameGuardian is the best

Can't login with your Google+ on modded games? Really need to uninstall Facebook? NO PROBLEM. i will show you how to patch signature and make your device thinking that the signature is always true, so you can install any UNSIGNED modded apk on What can you do after patching? - Install Unsigned APK - Install Unsigned APK over the original APK - Login with your Facebook account without uninstalling Facebook app - Login with your Google+ on modded games 1. Make sure your device is rooted, and have latest SuperSU and Busybox binaries. 2. Download Lucky Patcher from http://lucky-patcher.netbew.com/and install it DO NOT DOWNLOAD LUCKY PATCHER FROM PLAYSTORE 3. Open Lucky Patcher from the app drawer and let it refresh 4. Click "Toolbox" 5. Click "Patch to android" 6. Check "Signature Verification status always true" and "Disable .apk Signature Verfication" and click Apply IMPORTANT! If Lucky Patcher does not allow you to check "only patch dalvik-cache, which means, your device does not support patching dalvik-cache. When you patch signature verifications without patching dalvik-cache, the dalvik-cache will be cleared and it will take 5-10 to boot once. "only patch dalvik-cache" is the quickest way to patch the signature verifications. JUST PATCH IT ANYWAY IF DALVIK-CACHE PATCH IS NOT SUPPORTED AND STOP ASKING QUESTIONS! Most devices running Android Lollipop will reboot when patching 7. You will get a message saying that the patches are applied (ONLY if patched in dalvik-cache) 8. Reboot your device 9. Install the unsigned modded apk over the playstore version. (Do NOT uninstall the playstore version!) 10. Open the game, login to Google Play, and enjoy! Credits: AndnixSH (for creating this tutorial) ChelpuS (for creating Lucky Patcher ) Raxx (for grammar fix)

if you need help with Droid4X, i can contact with Droid4X店小六 in QQ chat for help. she is only one who speak english and translated Droid4X to english i think.

I always remove bloatwares from all of my devices.

I know you can download US apps on apkpure but i rather downloading apps from Play Store i just wanna share my tricks If the VPN method to acces US Play Store is not working for you, and you wanted to access US Play Store? You can do it without VPN and without create a new account. Let's get started Note: This guide is for peoples who can't get access to US Play Store when using VPN or Proxy. Account changes might take a week to apply changes. 1. On your computer, go to your personal info an login with your Google account https://myaccount.google.com/privacy#personalinfo 2. Remove your phone number. Make sure the location sharing is not enabled. 3. Go to Language https://myaccount.google.com/language 4. Add language "English (United states)" and delete other languages 5. Go to https://wallet.google.com 6. Click on the gear icon in top-right corner 7. Edit your customer details. Change your country to US and put fake US Address, click save here is my example: yeah i know i misspelled Los Angeles but it doesn't matter how you spell 8. Disable Wi-Fi and Mobile data 9. On your device, open Settings - Apps 10. Clear data of Google Play Settings and Play Store Android 4.2.x and up: On Google Play Services, Click on Manage space and clear all data 11. Reboot your device 12. Enable Wi-Fi or Mobile data That's all. Now you have to wait few days until your changes apply and the Play Store will automatically change the region to US without any notice. If you waited 1 week and the region still not changed, try repeat the step 7 to 9 again. Credit: AndnixSH

there is no limitation of value in x86 so you don't have to think about MOV R0, R7 thing 99,999,999 value is mov eax, 0x5f5e0ff = b8 ff e0 f5 05 max value is 0xffffffff = 4,294,967,295 , but it if max value is 2,147,384,687 for some games, the value will go negative or the game will crash mov eax, 0xffffffff = b8 ff ff ff ff i'm unsure if it works

Modded Game Name: The Sandbox Evolution Google Play Store Link: https://play.google.com/store/apps/details?id=com.pixowl.tsb2&hl=en Rooted Device: Not Required. Mod Features: - All elements unlocked Hack Download Link: [Hidden Content] Installation Instructions (non-root): Step 1: Download the signed Modded APK file above using your favorite browser or a download manager of your choice. Step 2: Copy the file over to your Android device via USB or wirelessly. Skip this step if you're using your Android device to download the mod. Step 3: Browse to the location where the hacked APK is stored using a file manager of your choice. Step 4: Tap on the .APK file then tap 'Install' and the installation should begin. Step 5a: If the mod contains an OBB file, extract it if it's archived and copy the folder to /Android/obb. Step 5b: If the mod contains a DATA file/folder, extract it if it's archived and copy the folder to /Android/data. Step 6: Once the installation is complete, everything should be ready. Enjoy! Note: Make sure you have enabled 'Unknown Sources' in settings before installing the Modded APK. If you encounter issues, our Frequently Asked Questions topic may help you. Installation Instructions (root): Step 1: Patch the signature using Lucky Patcher. CLICK HERE! Step 2: Download and Install the unsigned APK over the original game Step 3: Once the installation is complete, everything should be ready. Enjoy! Credits: AndnixSH Mod Video/Screenshots: N/A

Hi there, I will show you how to decrypt and encrypted .dll file (when trying to MOD Unity based Android games) using Gcore dump and WinHex. Before we start, how to check if a .dll file is encrypted? Easy. When you open a .dll file into Reflector and you get: "Assembly-CSharp (this could change, depending on the name of the file), File is not a portable executable. DOS header does not contain 'MZ' signature." it means you have got an encrypted DLL! See image: It means the DLL file does not have a valid MZ/PE header so you can't open/modify it. DLL files require MZ/PE headers in order to view its content and, to prevent hacking, some game developers protect their game erasing these MZ/PE headers from some dll files. Now let's start with the requirements! First of all, you need: 1. To have some Android Hacking experiences (otherwise you will not understand a single word of this Topic) 2. A rooted Android device 3. .NET Reflector or JustDecompile installed on your computer (if you've got hacking experience, you should already have this tool) 4. A computer running at least Windows XP 5. A Rooted Android device (Works with BlueStacks) running Android 4.2.2 and newer versions. Previous version might not work. Works with Bluestacks. Custom roms with Android 4.2.2+ based are supported 6. At least 1 GB of RAM on your Device. A minimum of 300-400 MB free RAM space is required 7. Latest verison of SuperSU or other Superuser apps 8. BusyBox for Android. Get it from HERE 9. Terminal app for Android. You can download it from HERE 10. gcore installed on your device. Download it from: HERE 11. Any file explorer app installed on your Android device. I'd recommended X-plore 12.[/url]Cracked version of WinHex (free version will not work for this purpose). Download it from HERE Update your BusyBox and Superuser. If you are using outdated version of BusyBox, SuperSU or other Superuser apps, you will need to update because older versions may cause problems. If you are using built-in cyanogenmod SuperUser, beware it's very unstable. Uninstall this and this abandoned superuser if you have one and install the popular Superuser apps, SuperSU, Kingroot, Kingoroot, iRoot, etc... Most Superuser have an update check option in the settings, some of them don't. Simply open a setting and request an update, or manually update the app from the website. Install BusyBox from the given link. Open the app and grant Root permissions. Smart Install will slowly load and, when completely loaded, tap "Install". The BusyBox binaries will be now permanently installed on your device. You can close the app or even uninstall it. BusyBox is just the installer. See screen below if you need help. Install gcore on your device 1) Download gcore to your device (using the link given at the top of this Topic) 2) Open your Root Explorer app 3) Copy the 2 files "gdb" and "gdbserver" included into the zip file 4) Paste them to /system/bin/ (in your INTERNAL ROOT memory -> system -> bin) Folder (of course you will need to grant root permissions to see that folder). 5) If asked, overwrite files. Find the package name of the app you're going to hack! This will be required to find the app in the Terminal app we're going to use soon. It's usually called "com.DEVELOPER_CODE.GAME_CODE". Method #1 You can find it going (with your browser) to the Google Play website https://play.google.com/, looking for the game you have installed on your device and then copying what's next to "id=". See screenshot: Method #2 Install Package Name Viewer app from playstore and find the game you are looking for Method #3 For Cyanogenmod ROMs, you can go to "Settings" -> "Apps" and then you'll find the package name of any app you have installed on your device. Decrypt a game with a Terminal app First, reboot your phone Install Terminal app (with the link above). Then launch and minimize the game with the decrypted .dll (otherwise you could not see it in the following step.) Launch the Terminal and type: su Now hit Enter and grant Root Permissions for the Terminal app. Your username will now start with "root@". This confirms you have now Root Permissions on the Terminal. root@[member='YourName'] # Now, type: dumpsys meminfo to show all the processes or dumpsys meminfo | grep com.* This command will search for all the running processes starting with "com." (the * is a jolly symbol which means any letter/number/symbol) or dumpsys meminfo | grep th.* This command will search for all the running processes starting with "th." (the * is a jolly symbol which means any letter/number/symbol) Hit enter and you'll see a list of the running process of your device. You will find the package name of the game with the encrypted dll too! Using the game Crusaders Quest's as an example, you should see something like this: 118740 kB: com.nhnent.SKQUEST (pid 383 / activities) If you have some problems searching for PID or if an app close after a few seconds and you dont have enough time to type in the code You can use an APP called ProcessView , you can find it on Google Play Store GooglePlay LINK: https://play.google.com/store/apps/details?id=jp.vviki.android.SysLoadLogger Take note of the number next to "pid" (PID stands for "Process ID" and changes everytime a process starts). In my example, I'll take note of the number "383". Now, using the PID you just noted, type: gdb -pid xxxxx (replacing "xxxxxx" with the PID number) In my example, I'll use my Crusader Quest's PID (383). Now hit Enter. You'll wait few seconds and the Terminal will show: (gdb) in the Terminal app. If you got "can' execute: permission denied" error, put this in Terminal chmod 777 /system/bin/gdb && chmod 777 /system/bin/gdbserver HAVE "ptrace: Operation not permitted" ERROR? PLEASE SEE THE TUTORIAL ABOUT BYPASSING THE "ptrace: Operation not permitted" ERROR LINK TO TUTORIAL We're almost done with Terminal. Now we do need to save the dumped file from the RAM storage we will use to get the decrypted dll into our /sdcard/ path. So, choose how to call this file (I will call it "nameoffile" as an example). So, let's type: gcore /sdcard/anynames (replacing "nameoffile" with the name you decided to give to this file). See pic: Hit enter and the Terminal will show empty line.. it's generating a very big dumped file so wait patiently until it completes this process. The file could be up to 1GB of size!!! At the end of this process, you'll see: Saved corefile /sdcard/xxxxxxxx Of course, instead of "nameoffile" you will see the name of the file you chosen before. Do not worry about any warnings like these you may read in the Terminal app: after that, you succcessfully decrypted the game. Close the Terminal app. They do not interfere in ANY way with the decryption of the .dll files. Are you tired? Well, I've got a good new for you. You just decrypted the dll (well, every dll also if not encrypted will be "decrypted"! You're almost done. You just need few more steps and you'll be able to HACK your game! You can (finally) close the Terminal App! Moving the file to your PC! If you browse with your mobile to the path "/sdcard/", you will see the new big file but, since Windows can't see dump files, to move it to your PC you have two chances. 1) Enable USB Debugging (better in my opinion) This way you'll see dump files from your PC. Go to Settings -> About Phone and tap on "Build Number" 7 times. You will unlock the "hidden" developer menu. Now go will see "Developer Options" inside "Settings" of your device. Tap on it and check "USB Debugging". OR 2) Moving this file to a folder Create a folder on your /sdcard/ path and move this dumped file to the newly created folder. This way Windows should be able to see it. So, if you chosen 1) or 2), now connect your device to your PC, go to the /sdcard/ directory and move the file (if you followed 1st option) or the folder (if you followed 2nd option) Now copy the file to your computer Using WinHex Open the cracked WinHex (extract the downloaded .zip file and double-click on the "WinHex.exe" file. See pic: Now take a look at the top of WinHex window and click "File" -> "Open" (see pic). You will see the a dialog box similar to the following: So, go to the folder where you copied the big file and click "Open". Now, go to "Tools -> "Disk Tools" -> "File Recovery by Type..." (top of WinHex), like the following screenshot: and a smaller window will pop-up. It should be very similar to the following one: Click the "+" next to "Programs" (1) and check "Windows exec." (2). Now, select the folder where you want the new file to be generated under "Output Folder" (3). Ensure "Complere byte-level search" is checked (4) and then click "OK" (5). The file recover will now begin and, when it finished you'll get a message like this: Now, reach the location where you saved this file and delete all files with the ".com" extension. They're not needed and may only cause confusion. You can finally close WinHex. Find the right dll Now you do have a list of .dll files but... which one is encrypted? They have got weird names... This step is important. You need to check which DLL is encrypted. Also, not just Assembly-Csharp.dll file can be encrypted. Other files can be encrypted too. So, take out "Managed" folder from the APK file you want to MOD (it's located at /assets/bin/data/Managed/), select all the .dll files inside that folder and drag and drop them into the Reflector window like you usually do when you try to hack a Unity3D game. To see which DLL files are encrypted, click "No" when it ask you to reopen DLL files. For example, Crusaders Quest has got 4 encrypted .dlls: Assembly-CSharp.dll Assembly-CSharp-firstpass.dll Assembly-UnityScript.dll Assembly-UnityScript-firstpass.dll Now, clear all opened DLL files from Reflector, go to the location where you recovered the files (with WinHex) and drag and drop all the .dll files. Click "No" if it does ask you to reopen DLL files in Reflector and ignore any dll error. So, select a .dll file to show the name of the file and its location For example, for Crusaders Quest we have got: Assembly-CSharp.dll = 000034.dll Assembly-CSharp-firstpass.dll = 000030.dll Assembly-UnityScript.dll = 000028.dll Assembly-UnityScript-firstpass.dll = 000013.dll So, rename all the .dll files that was encrypted and place them inside the extracted "Managed" folder. This way you'll replace original encrypted files with new decrypted ones. Let's start modding! Go to the "Managed" folder and move the newly decrypted .dll files inside Reflector or JustDecompile and enjoy modding the way you know! if you do need help, please reply below! Credits AndnixSH SK H Nam A.K.A SKNAM (helped me with winhex) SB (Fixed grammar) IF YOU GOT "ptrace: Operation not permitted" ERROR, PLEASE SEE THE TUTORIAL ABOUT BYPASSING THE "ptrace: Operation not permitted" ERROR LINK TO TUTORIAL Tags: File is not a portable executable. dos header does not contain 'mz' signature, How to decrypt dll file, Encrypted file, Assembly-Csharp.dll, Assembly-Csharp.dll file, Unity3D, Unity 3D games, File is not a portable executable

Hello dear community, Today, i will teach you how to mod x86 libs. x86 is not that hard to understand because the instruction are almost the same as ARM. In this tutorial, i mod the game called The Sandbox 2. You don't really need to mod x86 at all since I never heard any problem with ARM translating to x86, and it's too hard to change instruction without code caving. Just wanna make tutorial lol Now let's start modding. In this tutorial, I'll show you how to mod The Sandbox Evolution very easy in x86. First of all, you need IDA PRO and Hex Workshop installed on your computer. If you already have them installed, go to next step Open the APK file with WinRar and extract the lib folder (In case you want to mod both x86 and ARM) Open the x86 .so file in IDA. You will see the dialog box similar to the following: In x86, you don't need to change anything. MetaPC is fine. Click OK to disassemble the lib file, and let it fully load. After that, press CTRL + F, search "isElementUnlocked" and double click on the function to open it Remember the offset (9869E0) of first instruction. we need to use it later. Note: The offset will change each update. Open Hex Workshop or other hex editing program, and search the offset. I'm using Hex Workshop Here is the offset of isElementUnlocked The function isElementUnlocked is a boolean function, which means it can return true or false. If you want unlock everything, replace it with b8 01 00 00 00 c3, which will return true. True is: b8 01 00 00 00 (mov eax, 1) False is: b8 00 00 00 00 (mov eax, 0) And return is: c3 (retn) When you open the modded .so file in IDA, your modded instruction will look like: Isn't that easy? You can also do the same on hasBoughtPromoPack to unlock premium If you want to hack mana like 9999999, search getManaBalance and giveMana, and replace it with any values you want b8 7f 96 98 00 (mov eax, 9999999) c3 (ret) You can use online x86 Assembly to get raw hex https://defuse.ca/online-x86-assembler.htm#disassembly Open the APK with WinRAR and replace the modded .so file. Re-sign the APK, install it and run the game. [/IMG] Credits: AndnixSH# Tutorial updated (May 2018)

Thanks! I don't know if it is better because i never tried it before, but GUI tool is much faster and quicker than the CMD version. I don't include wipe folder functions in my tool for security reason but i can include it if many users request it you can try. it should be better and faster. if you have any ideas, feel free to request features here

Requirements: Windows 7 or newer (This tool will not work for Windows XP) .NET Framework 4.5.2 or newer Java SE/JDK is required for decompile, compile, and sign APK. If you don't have Java installed, you can only use Zipalign or Install APK. Download and install Java SE/JDK now Features: 7z Compression-level 0-9 APK infomation with icon by aapt dump badging Background workers to get rid of lags Remember window position (SHIFT + Q to reset window position) Advanced log viewer, with .txt file selection Extract APK / Zip APK Switch between apksigner.jar by Google and signapk.jar by bootstraponline Quick help Full environment path support Adb process kill Apktool.jar version selections Decompile APK Compile APK Sign APK after compile Sign seletected APK (It will clone the selected APK, and sign it) Sign compiled APK (If you forgot to sign your compiled APK, you can sign it) SignAPK (signapk.jar v1.0) Remember path when closed (config will reset if EXE file was moved to somewere else) Framework installer (uses apktool.jar's commands) Logs tab Drag and drop file support Full options of decompile and compile Cancel button in waiting dialog box Clear logs when exit Allow path changes in textbox Java heap option. Default 512m ZipAlign Options to rename the apk file Options to select apktool version. Tooltips Enable/Disable check for updates Enable/Disable tips and ToolTips and more... How to use: Download .msi or zip file, If you download .msi, open it and simply install it. If you download portable version .zip, extract to the portable drive you like to. Launch APK Easy Tool, directory are automatically set Select the APK file you want to work with or drop the APK to perform an action Do some work and good luck You do not need to select APK and set the directory if you do drag and drop actions. Framework are for ROM developers and System App modder only It works the same way as the command line version Download links: Dropbox link Mediafire link Android File Host link Baidu link (For peoples who live in china that can't access any other websites above) Credits: Evildog1 (Creator of this tool) ibotpeaches (Creator of apktool.jar) Google (adb, aapt, apksigner and zipalign) bootstraponline (signapk) Igor Pavlov (7zip) Changelogs: 1.41 (2017-12-01) - Added News tab. It requires an internet connection - Added options to change path of signing keys .pem and .pk8 - Added donation button - Added Full APK Infomation. - Added options to select your own .pk8 and .pem file for signing - Improved apktool version check. - Fixed wrong directory when the program auto create them - Removed changelogs from the tool. You can see them in news and online - Removed WS_EX_COMPOSITED to get rid of some UI glitches. Weird UI drawing may occur but looks cool for me :). - Changed transparent BackColor to write to improve UI performance a bit - .NET framework target is 4.6 - Some UI changes - Some fixes Full changelogs Screenshots:

didn't iOSGods made a deb file that blocks iOSleecher first? just asking

Hi, At our school, we have found an iPad 4 that was not been used for almost 2 years. it was been updated to 9.3.1, because i requested to update all iPads in one via MDM (Mobile Device Management). They all forgot who was the owner and who logged in with their iCloud account. How do we do now? The warrant was expired. a teacher told me to try hack/jailbreak into it, but it's not possible on iOS 9.3.1 and without NAND exploit (NAND exploit that i can install CFW).

how can i watch Youtube Red shows for free?

i was waiting for this tutorial!

@dida how about code injection and preferences design generator?

is there a way to decrypt HTTPS traffics? i can't hack it when it says unknown with a green up arrow icons

wow

cool

cool