0xSolana

If you trusted already one app with the same Apple ID, you don't need to trust again (only if it's in the delay of 7 days).

Omggggg that's crazzzzy

Yes, and also in Cydia, the toolchain that you installed. and follow the guide linked in my replies (up) and then put the Ted2 template in /template

Yes but not only, everything on cydia/sileo or every stuff related to theos.

Maybe uninstall every thing related to theos, remove all alias and symlink, and restart from 0

Then 3 possibilities : 1) your alias for 'theos' does not link to the correct patch, (maybe you installed theos twice on a diff directory). 2) you unzip/open the template of Ted2. 3) you did put the template in a wrong directory. Please follow the official instruction here : https://theos.dev/docs/installation-ios or here :

Any theos template need to be at $THEOS/template. If you have it installed at /var/theos/template then put it there. if /opt/theos/template then there. Make sure to not unzip the template.

look about Ted2 mod menu

Yeah, the one in my first reply, it's maybe the Part 2 or 3 regarding the hooking part

MSHookFunction() won't work for games using UnityFramework file afaik. You need use HOOK() for UnityFrameworks files.

Start with the Part 1, and follow the topics.

Mhhh okay okay thanks for testing

Are you using the Non-Jailbreak menu ? If you installed a cheat for Jailbreak and sideload it for non-JB, it gonna crash. The code need to be adapt, and so only non-jailbroken mods can work on non-JB.

If you already did some search on the DLLs, and all was obfuscated then u need to dump an older version and check for things related to "cheat" "ban" "anti" "anit" (yeah i saw a game making this kind of protection , and compare it with latest dump. Here a few projects i found on github, maybe there is an anticheat provided. Keep in mind that google and Github is best friend... https://github.com/Oifox/Forward-Assault-Mod-Source https://github.com/DarksideH/Forward-Assault-Esp https://github.com/Im-TEC/Masskill https://github.com/Im-TEC/Telekill

You need to make a difference between your player and others players, here on the video you showed, you probably made god mod but for every instances. U need to make it only if its not yours by adding a check. See:

Mhhh so you mean H5GG hook is working some times if debugging is on ?

I mean c++ hook like on Ted2 mod menu. try {pid=h5gg.getProcList("UnityFramework")[0].pid;}catch(e){} var session = h5frida.attach(pid); I saw this code on github for the second option. (getProcList), idk if it requires JB or not

let procs = h5frida.enumerate_processes(); if(!procs || !procs.length) throw "frida无法获取进程列表\n\nfrida can't get process list"; let pid = -1; //pid=-1, 使用自身进程来调用OC/C/C++函数, 也可以附加到其他APP进程来调用 //Use its own process to call OC/C/C++ functions, or attach to other APP processes to call try {pid=h5gg.getProcList("UnityFramework")[0].pid;}catch(e){} let found = false; for(let i=0;i<procs.length;i++) { if(procs[i].pid==pid) { //if(procs[i].name!='Gadget') throw "免越狱测试请卸载frida-server的deb然后重启当前APP\nFor non-jailbreak tests, please uninstall the frida-server deb and restart the current APP"; found = true; } } if(!found) throw "frida无法找到目标进程\n\nfrida cannot find the target process"; //检查目标APP进程是否在前台运行, 如果在后台暂停了, frida附加调用会卡住 //Check whether the target APP process is running in the foreground, if it is suspended in the background, frida will be blocked while(pid>0) { let frontapp = h5frida.get_frontmost_application(); if(frontapp && frontapp.pid == pid) break; alert("请将目标APP切换至前台运行, 再点击确定继续...\n" + "Please switch the target APP to the foreground to run, and then click OK to continue..."); } Im on my device atm, couldn't paste it as code, but here is a raw code i found on an H5GG project that takes the PID. Tho i haven't read anything related to frida interceptor method (regarding H5GG)

Maybe after there is a way to find an automated step to make the app thinks it's in debugging mod ! It's good that "normal" hook with c++ work

@Happy Secret Have you tried to see if "normal" hook that is used for common cheats, work on jailed if debugging is on ? I do not have XCode, otherwise i would test it by myself

Mhh Mhh okay that's what i would try, im not a pro, but this is what i would do : You can maybe try to get the field with the Update() function (if there is). else, ive seen somwhere on the web where you can use other function from the class but i didn't tried, Lmk if it worked. So, if no Update() function : //just a poc to get the idear void(*old_func)(void *instance); void func(void *instance) { if ([switches isSwitchOn:@"9999 Items"]) { //int Amount *(int *) ((uint64_t) instance + 0x1C) = 9999; } old_func(instance); } setup(){ //a function in the same class. use Update if there is, if not try another function (Init for ex) HOOK(0x1ABB3A8, func, old_func); } do the same thing. Afaik, when there is a Type and you don't have his definition, just make a pointer to it like this ; //taking ur code auto modInit = reinterpret_cast<void(*) (void *, void *, int, bool)>(getRealOffset(0x1ABB3A8)); replace the CRefItem with void *, that way it gonna make a pointer on the undifined type and with luck it not gonna crash using this is the same as . *(int *) ((uint64_t) instance + 0x1C) = 9999; i guess, once you hooked Init, you can easly called it and put "true" on the func parameter, it gonna overwrite it probably. //POC modInit(this_, paramName ,9999, true); Hope it could help you, tho all this is my knowledge, things might not be 100% right

don't start hacking on UE4 games, they are kinda hard, try first with some IL2CPP/Mono games (Unity3D)

it was a long time ago but i dis not build it, it was already done

use IlSpy for macOS, it's working great, it's different then DnSpy but well at least you can decompile DLLs

Yeah but sadly i don't have a mac