0xSolana

it happens to me too on certain apps, i’ve got the app on iDA and for le it was only sub_x functions without symbols there too. Is it the same for you ?

it should

installed trough TS ?

See this maybe https://blog.unity.com/engine-platform/il2cpp-full-generic-sharing-in-unity-2022-1-beta

should work on 16.x so 16.0.2 inculded

i love it

Hello! A new iGameGod update was released today with some exciting new features which we'll go through in this tutorial! These features will be useful for you to debug, patch instructions, see instructions (just like IDA/Hopper Ghidra), modify registers, set breakpoints and watchpoints! We saw watchpoints in the previous tutorial, here we will see the new breakpoint feature. 1) Breakpoints & Disassembler Okay, from here, we will use any iGG way to find our coin value. I will use the Exact Search option. (we will cover also if the amount is obfuscated later on this tutorial) Long press the result, and Set A Watchpoint. Now click the the search icon on the bottom right corner, and select iGDebugger. I resumed the game and hit 9 coins (grabbed a coin 9 times), and now, in our watchpoint, you can see some changes (Writes: 9) . It's great! It fits our in-game actions! We will have a closer look at it. Click on the 'Hill Climb Racing +2567624' field, and select the last Stack Trace. On the top, I will select "Offset" to get the decimal values of the registers. Scroll down until you see the register values. Note that the last coin I picked had the amount of 5. and x0 has it! My balance is 845 now, and x9 is holding it! Now we now what instructions to look at. From here you can easily add a "New Action" and modify the value the registers are holding which we will cover in a bit, but for now, let's take a look at what's happening. Now, we will try to see which stack frame will be useful. Look at the first one, it has a special symbol name that is attractive to me. (_ZN.....addCoins....). From the name it seems it's adding our coins. Let's click on it. BOOM! The hole instructions of this function! The middle instruction ADD w9, w9, w0 seems the instruction that is adding the coin to our balance (w9 = w9 + w0). Let's mod this! You can simply tap the instruction, and select the Patch Instruction option and edit it to whatever. Here, I've decided to add the balance to the balance which will make x2 on our balance each time we collect a coin. Another way you can modify this instruction is by using breakpoints! To do so, click the instruction and select Breakpoint. You instruction will be marked with a small blue circle. Once you have done that, it will bring you on a new window where you can place some actions. It can be scary at first sight but don't worry, it works really simply! An action will be called BEFORE the breakpoint (so before the ADD w9, w9, w0) and it will allow us to do something. Lets check the options we have. We have 2 option, the Jump one, and the Modify Register. We will use the 2nd option for now. In the field, you can set the value to attribute to that register, and you can click the blue square to set your register. Here I will select x0 register as its holding our coin value. NOTE (w0 and x0 are basically the same, only the size of the register is the difference). Don't forget to enable the breakpoint, and let's resume the game. As you could notice, the game doesn't stop like a "normal" breakpoint would do. But that's okay since our action is still executed. And now we earn +1000 each time we collect a coin. We can verify this is working by checking in-game, or via the watchpoint history! So, this was the correct instruction, we will add it to our Bookmark section so that we do not have to repeat all theses steps. To do this, swipe the instruction to the left and press "Bookmark". If the app gets updated, the offset will likely change. But as long as the app version is unchanged, the bookmark will be valid. You will be able to see all your bookmarks in the Disassembler window, when you open iGG. It was all concerning breakpoints & iGDisassembler. Let's see something else now. 2) Hacking with Symbols & Function Names Now, lets say we want unlimited fuel, but problem, there isn't an easy value to search for since we do not know it's value. And I don't want to spend 10 minutes to do some fuzzy search, so we will go trough symbols! NOTE Symbols are generated when the game gets compiled, sometimes its obfuscated, sometimes not, and when its not it deals with the function name To generate all the symbols from our binary file, select Settings, Disassembler, Libraries and Hill Climb Racing. We will use the second option (Symbols). It may take time since the app is 40MB, (around 1 minute) and from there, lets search for strings such as "fuel" "consumption" "spendFuel" anything useful. I finally found this: The symbol name is duplicated but that's not a problem, select one of the two and you will land at the same place: Hmm this seems to be the fuel consumption multiplier as the name suggest Click the instruction, and this time we won't use the Modify register option, but the Jump option! And we will enter the default number which is 1. Why? Because it will skip 1 instruction. If we wanted to skip more, increase the field value but be careful of crashes And so, it will never mov the value of 1 into s0. After testing, our Car fuel never decreases! 3) With obfuscated coins Let's assume we couldn't find the coins with all iGG search feature. Well if it was the case, we had to do some symbol search like the step 2, or we could use IDA and strings or whatever to help us. Let's say after a few hours/days/year on IDA you find this : Well its the same function as the one we found earlier. But it was without using the coins amount! Of course this would take time to find the right function and wouldn't be as fast a searching the coin number, but well if its obfuscated, its the only solution! Now, we have the offset of our function addCoins : 0x100272DB0 We will able to see the function on iGG and do some patches/change the registers, to do this, select Settings, Disassembler, Libraries and Hill Climb Racing. We will this time use the Lookup Library Offset option. Make sure to enter the offset without the 0x100 before In the beginning it could be a bit complex, but with 10/15 minutes I'm sure you will manage the tool! Hope you learned something new! Video Tutorial: -

SatellaJailed is a Jailed in-app purchase cracker (iOS 12-16). You can simply inject the SatellaJailed.dylib inside your iPA and test it ! It won't work for all apps, but i tried it on a few ones, and it worked ! Also, the project is open source ! And it's mostly written in Swift. Github Project Dylib file Credits : Paisseon

install the original app from appstore, enable notifications, and install the iPA OVER the exerting app

i will post part 2 and there will be this. Once i have the time

Are you using 2 times the same offset to patch ? Seems good with the code, but maybe you did something wrong with the ipa, and so it can’t load frida or frida gadget

then the iPA is not rightly made. Re do Step 1

Usually not, you can maybe add the file in the .app and move it with NSFileManager on the document folder if you create a tweak (not sure)

Are you sure to have correctly added fridda in the iPA ? If you are sure that it’s a unity game and the correct offset, then maybe h5gg isn’t supported yet on 16.2

yeah?

You will need to know basic c++ code, such as conditions, array, and how it’s managed in the memory. Learn how c++ code is compiled into Arm code Learn iOS arch (ARM64) Learn things about iOS Binary / how an app is made Learn how Unity3D works by looking YouTube tutorials, how it’s compiled, what’s the difference between il2cpp and mono, things like this. And from there look into the tutorial section for some tutorials, I’ve made some the last month/year so they aren’t outdated. Their are quite simple but it will allow you to make 30/40% of the cheats that are in iG (Unity3D) Im making a new série on Non Unity Apps too, but this one has only one part atm

mhhh seems that your have log in and log out a lot of times and snapchat banned either your iP or your device… let it a week and try after that time. You can also try to install the 11.71, and install the 11.80 OVER the existing app, this should let you still logged on your account without the need to log again

what kind of issue ?

check the .app to see how big is the binary file (usually the app name), if its less than 10Mo, the bin name is "UnityFramework"

Maybe they autorise only one connexion ? I Do not have the time but u can check this :

cool !

If you are using TS, use the iPA for TrollStore. Otherwise use the other one + sideloadly You can use Sideloadly to edit the bundle id, to 'export' it and send it to your device trough 3uTools, and can install it from there. WDYM By modmyIpa ??

70%. But you may be banned at 70%

Be carful about bans, its made for trollstore. Try to isntall the original snapchat, enable notification and install the ipa ouver it

installed through trollstore ?