princessXZ

nice!

Omg Powerful

thx

Hello. I want to get the device information in Tweak and create a license mechanism. Where is there a way to get the MacAddress of the device? (If MacAddress is difficult, other methods are possible) Also, I try to get the database file on the web using wget, But always returns failed. #import <substrate.h> #import <iostream> #import <fstream> %hook AppController -(void)applicationDidBecomeActive:(id)argument { //system("wget http://zorba.starfree.jp/ok.txt -P ~/"); std::string sourceUrl = "http://zorba.starfree.jp/"; std::string sourceFile = "ok.txt"; std::string putPath = "./"; std::string getUrl = sourceUrl + sourceFile; std::string command = "wget " + getUrl+ " -P " + putPath; system( ( const char* )command.c_str() ); std::string dlFile = putPath + sourceFile; std::ifstream ifs( dlFile.c_str() ); if ( ifs.fail() ) { NSLog(@"wget is failed"); } else { NSLog(@"wget is sucess"); } UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"license check" message:@"Getting License file Success!" delegate:nil cancelButtonTitle:@"Continue" otherButtonTitles:nil]; [alert show]; return %orig(argument); } %end

I tried ondeviceconsole but nothing happened so using oslog instead worked fine! Thanks.

I always use Flexing to view NSLog, but this method is inconvenient because I have to open the Flexing screen every time to see the detailed movement. I want to know how to see the Log from the command line as I open the command line from the pc with SSH. IOS13.3.1/iPhone8 Any idea 🥺

Thank you 😃

Thank you! I'll fix that 🙂

Hello there:) Today I want to tell you about Code Inject and MSHook Hacking. I will explain with a practical example for clarity! I thank this community and leave this guide. Thank you! ✔Requirements ✔Binary ✔Note about Tweak.xm ✔ASLR Slide ✔ARM Insructions ✔CodeInject Ex1:Change instruction to change damage Ex2:Change branch to change accuracy of weapon ❔ Where should I actually write ❔ ✔MS(Object-C func) ✔MSHook(Native func) Ex1:Increase Damage ✔NSLog Ex:Display argument values ✔Call the native func Ex:Call a function to get user information ✔PrefBundle p.s. A knowledgeable person would think why I don't talk about debuggers. Unfortunately gdb is displayed as BadCPUType in my environment and watch-point does not work properly in lldb. Here are some great tutorials if you are interested in them: https://iosgods.com/topic/75950-arm64-ida-lldb-tutorial-noob-friendly/ If there are any mistakes please point in reply ! Enjoy

ty!!

Sorry I forgot to mention boss @RooKiG

Hello there Most people re-sign apps after mods, but they can't connect to Google Play because apk has different signature with old one. So I will show you how to work around this problem! I'm not good at English so please let me know if there are any unnatural expressions😅 ✔Requirements ✔Disable signature verification ✔Create unsigned apk ✔Install modded apk Have fun 🙃

Unable to hack neither Unity games nor NonUnity games without solving the problem that Anyway Hook function hook does not work:(

@Noctisx I know there is useful tool for Unity. but the game I want to hack is non-unity ... made with cocos2dx :c

Hello boss. Thank you for your reply. Is my way of getting the offset correct?(I'm worried about this) and also depends on CyraSubstrate of checkra1n that MSHookFunction cannot be used properly?:c I tried MSHookMemory but I got this errror:c Undefined symbols for architecture armv7: "_MSHookMemory", referenced from: _logosLocalCtor_7b309e66(int, char**, char**) in Tweak.xm.105cff38.o ld: symbol(s) not found for architecture armv7 By the way I also tried LiveOffsetPatcher but crashed as well I learned about the IOS hack for about a week but very defficult ( maybe the time to return to Android hack?:/ )　

Hello everyone. I really need community's help now. I am hacking using MSHookFunction and vm_writeData. The game crashes when the function to hook is called in the case of MShookFunction, and when the function containing the rewritten instruction is called in the case of vm_writeData. First, I thought that the processing after rewriting was bad. So I wrote the code to origin one with vm_writeData, but it still crashes when the function containing the instruction is called. And now I think the offset is shifted:( Here's how I get offset 1.Retrieve the desired binary decrypted using CrackerXI 2.Open it in IDA and find the desired function I know there is an ASLR slide. I used iosgods' binarytool to remove aslr, but when opened in IDA the before and after offsets were the same. I tried thinbinary as well. However, the process could not be completed normally due to an error on binarytool. Below is an example of insturuction and offset: 15 00 38 1E __text:00000001002B55F0 FCVTZS W21, S0 I write code like this #import <substrate.h> #import "vm_writeData.h" %ctor { vm_writeData(0x1002B55F0, 0x1500381E); } This only writes the original instruction but does not work. Crash when function containing this is called. The game was made with cocos2dx My phone is iphone8 and version is iOS13.3.1 Theos version is latest. I would appreciate any advice. Thank you.

I ll check ty!

awesome

i hope it helps me:)

Now all clear Thank you. https://iphonedevwiki.net/index.php/Logos

ty

ty

Hey I'm making hook code But my MSFindSymbol doesn't work I tried to replace substrate.h with CydiaSubstrate/Framewrok one but still get error. When I try to compile code, I get this error Tweak.xm:33:1: error: C++ requires a type specifier for all declarations MSHookFunction(MSFindSymbol(NULL, "__ZN9GameScene20CalculateShootDamageEP9UserInforhf"), (void*)CalculateShootDamage, (void**)&org_CalculateShootDamage); And this is my Tweak.xm #import <CoreFoundation/CoreFoundation.h> #import <substrate.h> #import <Foundation/Foundation.h> #define PLIST_PATH @"/var/mobile/Library/Preferences/com.zorba.prefbundle.plist" inline bool GetPrefBool(NSString *key) { return [[[NSDictionary dictionaryWithContentsOfFile:PLIST_PATH] valueForKey:key] boolValue]; } int64_t (*org_CalculateShootDamage)(void *self, unsigned char arg1, float arg2); int64_t CalculateShootDamage(void *self, unsigned char arg1, float arg2){ if (GetPrefBool(@"HackDamage")) { return 300; } else { return org_CalculateShootDamage(self, arg1, arg2); } } %hook AppController // OpenDetected -(void)applicationDidBecomeActive:(id)argument { if (GetPrefBool(@"DetectOpened")) { UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"mcohack" message:@"Detected App opened!" delegate:nil cancelButtonTitle:@"Continue" otherButtonTitles:nil]; [alert show]; return %orig(argument); } else { return %orig(argument); } } // HackDamage MSHookFunction(MSFindSymbol(NULL, "__ZN9GameScene20CalculateShootDamageEP9UserInforhf"), (void*)CalculateShootDamage, (void**)&org_CalculateShootDamage); %end And IDA screen http://zorba.starfree.jp/ida.png I thank this wonderful community!! ps: I tried to hook with offset, It looks success but when called this function game crash. Is it erong type to use int64_t ? 😢 #import <substrate.h> #import <Foundation/Foundation.h> #import <mach-o/dyld.h> float (*old_CalculateShootDamage)(void *self, unsigned char arg1, float arg2); static int64_t CalculateShootDamage(void *self, unsigned char arg1, float arg2) { return old_CalculateShootDamage(self, arg1, arg2); } %ctor { MSHookFunction((void*)(_dyld_get_image_vmaddr_slide(0) + 0x1002B53CC),(void*)CalculateShootDamage,(void**)&old_CalculateShootDamage); } Next I tried to hack with vm_writedata . I set to origin hex one but game crash when function called.. @import Foundation; @import UIKit; #import <substrate.h> #import "vm_writeData.h" // To MSHook Offsets, use https://iosgods.com/topic/22718-mshook-offsets/ // To Generate Tweak.xm and Preferences Plist https://iosgods.com/topic/24138-code-inject/ #define PLIST_PATH @"/var/mobile/Library/Preferences/com.zorba.mcomods.plist" inline bool GetPrefBool(NSString *key) { return [[[NSDictionary dictionaryWithContentsOfFile:PLIST_PATH] valueForKey:key] boolValue]; } // Add your MS/Flex/MSHook Code here. Examples can be found on iOSGods. %ctor { // Code Injection example if(GetPrefBool(@"key1")) { vm_writeData(0x1002B55F0, 0x15008052); // } } infomations: IOS13.3.1 / iphone8 / theos latest version Non unity game (cocos2dx)

Omg I found a workaround I just changed file name from Tweak.x to Tweak.xm And change makefile from <projectname>_FILES = Tweak.x to <projectname>_FILES = Tweak.xm mafu:~/mcohack root# make package install > Making all for tweak mcohack… ==> Preprocessing Tweak.xm… ==> Preprocessing Tweak.xm… ==> Compiling Tweak.xm (arm64)… ==> Compiling Tweak.xm (armv7)… ==> Linking tweak mcohack (arm64)… ==> Generating debug symbols for mcohack… ==> Linking tweak mcohack (armv7)… ==> Generating debug symbols for mcohack… rm /var/root/mcohack/.theos/obj/debug/arm64/Tweak.xm.mm rm /var/root/mcohack/.theos/obj/debug/armv7/Tweak.xm.mm ==> Merging tweak mcohack… ==> Signing mcohack… > Making all in prefbundle… > Making all for bundle prefbundle… ==> Copying resource directories into the bundle wrapper… ==> Compiling XXXRootListController.m (arm64)… ==> Compiling XXXRootListController.m (armv7)… ==> Linking bundle prefbundle (armv7)… ==> Generating debug symbols for prefbundle… ==> Linking bundle prefbundle (arm64)… ==> Generating debug symbols for prefbundle… ==> Merging bundle prefbundle… ==> Signing prefbundle… > Making stage for tweak mcohack… > Making stage in prefbundle… > Making stage for bundle prefbundle… dm.pl: building package `com.zorba.mcohack:iphoneos-arm' in `./packages/com.zorba.mcohack_0.0.1-1+debug_iphoneos-arm.deb' ==> Installing… dpkg: warning: downgrading com.zorba.mcohack from 0.0.1-2+debug to 0.0.1-1+debug (Reading database ... 58411 files and directories currently installed.) Preparing to unpack .../com.zorba.mcohack_0.0.1-1+debug_iphoneos-arm.deb ... Unpacking com.zorba.mcohack (0.0.1-1+debug) over (0.0.1-2+debug) ... Setting up com.zorba.mcohack (0.0.1-1+debug) ... Processing triggers for com.saurik.substrate.safemode (1.1) ... ==> Unloading '-'… > Making after-install in prefbundle… My Problem solved but I want to know the difference between Tweak.x and Tweak.xm and why this happens thank you.

It seems to be helpful, but I don't know what the difference between Tweak.xm and Tweak.x is https://github.com/theos/theos/issues/324