0xSolana

yes, im not sure if i am right but in the 11.2 sdk there are private framework that maybe (not sure) arnt in the 13.3 sdks that u got by the theosinstaller command ? ( in your error log it says the file is corrupted or something like this) and maybe replacing the 13.3 by the 11.2 which include private frameworks will work don’t take care if my phrase arnt good (not english)

hum i don’t understand what you are trying to do with the binary, have u extract correctly the sdks linked and placed one of them in /var/theos/sdks ?

if it is a personal tweak, then build it for your device. i am not sure if it’s arm64 or 64e so just write : ARCHS = arm64 #arm64e check also the topic that ive linked EDIT : ive seen u made a tweak for the photomath app, and so you might not need to use 13.3 sdk. i personally use the 11.2 to create hacks or simple tweak. you can find it there : https://github.com/theos/sdks

look maybe at this

Hello, When i extract the .deb of my hack, and opened the hack.dylib in a text editor, i saw that it was possible to change a lot informations such as the the author's name, the used HEX, the description and the switch option, the Mod Menu icon (button also). Luckily I couldn't find the offsets I heard of CPLoader but it's been deleted, also for CPAntiDumper but worked only for AppStore binaries. the program didnt recognize my file as an arm64 bin. So that's why i ask for a way to secure all that stuff ? Thanks

have u tried to delete all dylibs that touch safari or chrome ? If not, install "NoSub" and activate on safari / chrome

yes

😀

i used lldb on MacOS and Windows but it still buggy (by buggy i mean that lldb kick me from the program) i download the 2 file from Nini but didn’t update them otherwise it just crash my NewTerm window (or via SSH it dose not respond) can you tell me wich version of lldb do you use, your ios version with the jailbreak ? thanks EDIT : do you think that the problem could be the RAM (i am iphone 6 and he is old + low RAM) ?

Hey, i tried to debug games with lldb, worked for the first game but for any other game, it is too much laggy, my connection is closed by the remote host for any reason by SSH via WI-FI or USB it is the same. Using Unc0ver or Checkra1n is also the same. So that's why i want to try with GDB. (Shmoo Topic For GDB) but shmoo deleted his repo and can't find an up to date version. i Tried the 1708 version with radare repo but had an error with bad executable. i looked the open source and only see "armv7" but i am arm64. So i would like to know if any guy here has an up to date GDB for ARM64 ? maybe Laxus or Rook ? Thanks

well, finally when i tried debug a new game from the appstore, the same problem came back. ios 12.4, Checkra1n Should i maybe hack the .ipa and install the ipa then debug the cracked ipa by CrackerXI ? or it should be from the appstore ? EDIT: It stop the conexion instantly or after 5-10 seconds... maybe an anti-debug or it can't ?

Nice man ! Checkra1n works great with lldb

have u tried to install it on a guest apple id account (from another country or whatever but not yours) ?

When i looked into Blitz Brigade binary file with iDA, i found 2-3 strings with "Syscall" inside, should i RET them or NOP ? and try debugging the game after ? Anyway, Thanks for all those explains, i will take a look on google if i can find informations about that and if not i will create a support topic and if you have time, i will tag you

So to do that i do like if i had to find an offset (by subtracting the aslr to the offset that I got from iGameGod ?) but then i don't know what to do ? ps : i had to use lldb (gdb not working on my device so i can use the fonction to "bypass" the aslr) i found that https://iosgods.com/topic/687-tool-remove-aslr-v200/ am i right ?

It crashed when i open the Gameloft game... (I also had the info that Blitz Brigade have an anti-debug. So i installed "LetMeDebug" but the game crash when opening)

@Nini could you please check this topic

As ted2 said its what u get from armconverter. example : You want to RET a fonction (that the fonction dose not happen), in arm converter you would type : RET --> C0035FD6 // This is the RET fonction in HEX/BYTES that arm converter will send u So, now that we know the bytes of our "RET" we will patch the offset that u got from IDA / lldb or anywhere [switches addOffsetSwitch:@"One Hit Kill" description:@"Enemy will die instantly!" offsets:{0x1001BB2C0} // adress of IDA or anuwhere you got bytes:{0xC0035FD6}]; // the bytes u got from armconverter.com // So, the fonction at 0x1001BB2C0 will be "delete" by our 0xC0035FD6 (RET) see arm knloegde here : https://iosgods.com/topic/45417-tutorial-basic-arm-instruction-explanation-with-image/

i'll try that and tell u back thanks

Hello, I tried to attach a Gameloft game (Blitz Brigade) with lldb but i keep getting this error : error: attach failed: attach failed: lost connection I get only this message when trying debugging BBG game. I also had the info that BBG have an anti-debug. So i installed "LetMeDebug" but the game crash when opening I search for "Ptrace pwner" but xarold repo is dead and i couldn't find a deb for it. So do u guys know if there is any other anti-debug to finally attach the Gameloft game ? (and if someone have the Ptrace pwner file i don't say no 🙃)

Hello, When i SSH into my device (via WIFI or USB) and launch lldb, it work but, for any random time, it close the conection... Dred@macbook-pro-de-Dred ~ % ssh [email protected] [email protected]'s password: ---:~ root# lldb (lldb) att deadtrigger2 Process 22391 stopped * thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP frame #0: 0x00000001f9bd4148 libsystem_kernel.dylib`semaphore_timedwait_trap + 8 libsystem_kernel.dylib`semaphore_timedwait_trap: -> 0x1f9bd4148 <+8>: ret libsystem_kernel.dylib`semaphore_timedwait_signal_trap: 0x1f9bd414c <+0>: mov x16, #-0x27 0x1f9bd4150 <+4>: svc #0x80 0x1f9bd4154 <+8>: ret Executable module set to "/var/containers/Bundle/Application/AB88859F-E994-400C-95DE-5F869C84DF68/deadtrigger2.app/deadtrigger2". Architecture set to: arm64-apple-ios-. (lldb) c Process 22391 resuming // was going to search for GameGem ammo offset but it closed the conexion (lldb) Connection to 192.168.x.x closed by remote host. Connection to 192.168.x.x closed. Dred@macbook-pro-de-Dred ~ % // back to the mac SSH by WIFI or USB has the same result... I have installed lldb from Cydia (apt.bingner.com repo) lldb version : 10-1 iOS : 12.4 (ARM64)

I followed your tutorial and found exactly the same offset. the game is still at the same version (2.1) maybe RAM ? (mine isn’t very low and lagg) (for ex if i quit app for 2 sec and comme back, it will restart it) EDIT : I tried hack with another hex and it worked. IT FREEZ2 WHEN WE RET THE STR

Hello, I used the live offset patcher to test that but, when i finished enter values, the game freeze when i switch the weapon. (Phone is not connect to lldb) Here is the offset + hex : Offset : 10092DEE8 // no 0x bcz Live Offset Patcher don't support it Patched Hex : C0035FD6 (ARM64)