𓄼 . f v c k . 𓄹

11 minutes ago, Alihackali said:

thanks because I am waiting u

it will be my next tutorial

14 hours ago, Alihackali said:

 thanks for everything

but you did not complete the H5GG    explain how to make a mod menu that changes or allows offsets to call a function in html for the modmenu

thanks again 

let me a few weeks or days

6 hours ago, Happy Secret said:

Thanks for sharing. That is a really good LLDB cheat sheet.

But apparently I can’t find the parameter for ‘p’ or ‘x’ to display Double value on a Memory Address.

Can you share an example? 

i didn’t mentioned it on my tutorial but i used also ‘p (int *) 0x9’ to read to a registrer or an instance var, maybe you need to add another pointer like this ´p *(float*) 0x8c’ i will clarify it this afternoon once i can check and will confirm you 

15 hours ago, Houari_manar10 said:

did we get ban or no ?

not for me, still on my main account with it

40 minutes ago, Happy Secret said:

To supplement a bit here:

The key reason behind:

1. The watchpoint break right after the triggering instruction:
    Default watchpoint type (w or write) only trigger when the address that we watch changed. So, it will always be after the fact (value changed). The trigger instruction will always be one instruction before the one got highlighted.

2.We saw long random value in the watch result:
   That number could be float or double (or some Boolean) which has a very different representation in memory. What we see is, LLDB try to understand the underlying hex as a normal decimal number. For Floating point, we can apply formatter to our memory read. For Double, I always need to refer to online Double tool like this one - https://gregstoll.com/~gregstoll/floattohex/

Please do let me know if there are simple way to read Double in LLBD.

mhhh i seem not understanding what you are trying to tell me 😅, in this case it was an int, as shown on iGG, float would have been FADD.

To read double values, i guess you can use the 'p' command with a few parameter or the 'x' one

https://www.nesono.com/sites/default/files/lldb cheat sheet.pdf

38 minutes ago, Puddin said:

Doesn’t lldb only work on iOS 12 and below or something?

depends on which Xcode version you use (and so lldb) but nah, the tutorial is based on a jailed iOS 15.1

if you used a lldb version from Xcode with compatibly iOS 12 then yeah it might not support anything higher

Hello againnn

On this series, we gonna see modding for games that aren't made with Unity3D. It's a bit more complicated since we do not have well written function names and class struct or whatever Il2cpp games offer us.

If you are going to hack your first game, it's not a good idear to start here, it would be better to start on Unity games. Please refer you to my other tutorials.

Tho don't worry, i will add some kinda small comments to explain you things. If you are an advanced dev, you can skip all the  notes 

Requirements:
- iOS device
- Mac + Xcode
- ARM notions.

Thanks to @Happy Secret, for showing us that it was possible to debug a game on a jailed device if we sign the app with our Apple ID (Sideloadly). At least i learned it from him

Tho if you don't have a Mac, you can still use a JB device with lldb / lldb-10 installed like on the linked tutorial below.

This tutorial is based on another one that has already been published and is very well written, please check it first to understand what we are going to do, since it will be similar.

Hope you learned something, if you have questions or need some clarification, write a comment i will answer once i have the time.

Credits :

- Me 

- @Happy Secret

- @Ted2 for the old tutorial

4 hours ago, Darkness7270 said:

I am currently on version IOS 16.3.1 and whenever download a hacked app, it will work, I trust the developer, then click on the app. The problem occurs when I click on the app, it prompts “unable to verify app”(Screenshot here). I do not have access to a mac or windows device.

Settings -> general -> VPN and profiles -> find the certificate and trust

1 hour ago, jajajsj44 said:

can u pls give me ur theos version?

https://gofile.io/d/Xv9loE

4 hours ago, Alihackali said:

I have to put the mode menu code in html, but I don't know how to put the Offset , it's a bit complicated. Can you please explain where to put the Offset and link it in the button?

 

 

 Happy Secret

𓄼 . f v c k . 𓄹

here is the mod
https://github.com/H5GG/H5GG/blob/main/examples-HTML5/H5Menu(DarkStyle).html

 

You would need to create an HTML script element, and paste all frida code stuff to make it work. I will cover this in a second part of this tutorial series.

1 hour ago, jojab55443 said:

Is it possible to use xcode for theos with full features? 

You can use any IDE, and still compile it with theos, you can drop the tweak folder inside Atom or VS, and use it from there and having a console where you compile it. 

Regarding XCode, idk if it can compile a theos project. but you can for sure see your project inside.

This ESP is so clean ! 

wow !! well written ! 

2 hours ago, Happy Secret said:

Here is the update version of the Hack - Download Here

It included minor enhancement to allow turn on/off on Infinite Dash as well. Also, it embedded the Dylib in it as well. 
Hack feature description updated, tips updated, All offset location updated (in the hacking note)

Can you help to upload to iOSGods? Thanks

the iPAQ is crashing on launch A12, iOS 15.1, TrollStore installation 

14 minutes ago, Happy Secret said:

Great! Tested. 
 

Hook overrides with two exports is working! I can turn on/off H5Frida hook now.

Thank you so much!

haha that’s cool 👌

It’s cool that you explain and share offsets too 

19 minutes ago, Happy Secret said:

Do you mean I have two exports?

1. With hack, say healthHack (including hook detail for hack, apply on hook address, say 0xABC) 

2. Without hack, say NoHealthHack (blank hook function not modify anything, apply on hook address, say 0xABC)

In my HTML element,

- When turn on hack. I call script.call("healthHack");

- When turn off hack, I call script.call("NoHealthHack);

As both hook apply on same Hook address, it will override with each other? It renders the hack turn on and off?

Can't wait to see your second part Tutorial.

 

By the way, my new hack on Dungreed with H5GG Mod Menu and Hook. I am preparing a Specific Tutorial for this Hack as well. Below is the Hack, the relate tutorial will upload a bit later. Very busy recently.

 

Yeah it’s the idear, but the script.call need to be called only after a if, otherwise it will be constantly called even if you called the NoHealthHack hook. 

so it’s here where you can check if button has been clicked, and if yes, then call HealthHack, else call NoHealthHack.

Nice, gonna see the hack right now

🙂

Edit  : here is a link where it uses a button action to call a function https://github.com/H5GG/H5GG/blob/main/examples-HTML5/H5DrawEsp(3.0).html

it will draw an ESP example, but you can replace it with your hook, you may need to include frida stuff 

2 hours ago, Happy Secret said:

Not completely get it. I have the H5GG hook script loaded and called. 

It already hooked on the instruction I want. 

I am working on mod menu and want to see if I can turn on/off H5GG Hook.

As you know, the H5Frida script cannot directly communicate with the outside Javascript. It can only do communication based on Send/Recv function. 

I have no idea how to pass the "Boolean Switch" from the mod menu to H5Frida script.

Frankly, I believe it is already registered in Frida. Changing the H5Frida script after it is loaded to Frida, might not help. I am not sure. 

If I want to change anything, I might need to override the hook or update the hook function in H5Frida.  Or you mean hook another rpc.exports to override the other one? Will it cause repatch of binary? 

Or I need to re-initiate a new H5Frida instance? Or unload the script and load a new one? 

I have school exams atm, but after i will make a part 2 with mod menu and switch on/off for offset patch and hook  

But no, you don’t need to create another instance of frida or unload the script. 

You need to create an rpc.export that hold your hooks like this : 

// i don’t have iG iDE on iOS sadly

rpc.exports.healthHack= function(context){   

//your hook

}

and after you need to create a HTML element to get if there is a button clicked or slider

//here you call it

script.call("healthHack");

1 hour ago, Happy Secret said:

Hi ꞋꞌꞋꞌꞋꞌꞋꞌ,

Are there way to turn off the hook?
 For patch, we have DeactiveCodePatch. But hook, how do we control it? Can we disable the hook in runtime?

Yes, it’s possible. You can do it by a simply if(…)

Or by using rpc.exports, and create a function that call the script that holds the hook with script.call

There might be some examples here tho, cuz i don’t have atm :

https://t.me/h5gg_cn

https://t.me/h5gg_en

Someone also shared some H5GG scripts on iG, there might have an example too