Zirak

I've ran some more tests and confirmed the game has server sided validation/damage computation (logic seems to be pretty good as well, as it seems to reliably know whether you should win or lose at the server level). It also explains how it can do quick battles in Arena and determine whether you should win/lose, seems like the determination is done by the server and leaves a small margin of error for RNG. This check doesn't apply if you fight your friends (from the friend list), but appears to be checked everywhere else... So the best that this thing can do is if you have a team that has a 10% win rate (and the game server knows that team has a chance to win legit), you can potentially spoof the stats to guarantee a win and save time... As a programmer I'm impressed with how they've pulled it out, since it means they need to simulate the game play (factoring in the time, and animation for each skill, DPS, skill stuns, etc.) and judge whether the team comp you picked with the gear is eligible for a win. I've tried spoofing one item on Shemira and have a fully loaded (legit) team try to clear 9-20, and was able to JUST barely clear it, and it would still fail with a battle_check_key error, so the logic to validate this must be really accurate. Here's a video:

Damage is reflected in game, but it results in a battle key validation error when the game won packet is sent.

I wrote a proxy that does exactly this, they initially use JSON to do the initial communication (to get stuff like the host IP and port), and then it establishes a WebSocket connection to it. If you change the WIN/LOSS flag to 0x01 (0x02 being a loss), it gets detected and fails their battle key check. The same goes if you manipulate the received packet to make the game think your heroes are like, let's say 120 when they are 90, if you win the match, the game battle key check fails and marks it as a loss... I've even tried by messing with the # of enchantments on weapons (spoiler alert, you can make them over 120, so you get HUGE stat bonuses). I'd need someone who is an expert at disassembling the binary of the game to identify how it's generating the packet, and see if we can identify what it uses to validate the packet the mobile device sends back to the server. Based at a glance, each sent packet seems to have a hash of some sort, but I have no clue how it's generated. I've tried enumerating each byte and creating separate md5 hashes to see if it'll match (e.g. take bytes 0 to 1, take bytes 0 to 2 ... take bytes 10 to 40, take bytes 11 to 40... basically all iterations) but nothing appeared to match that way. The funny thing is, if you manipulate the packet (like change a random byte which doesn't impact your hero stats), and you win the battle, the game doesn't cause any battle_key check errors, and it sends a successful response back, as if everything went smoothly... which throws the hash theory out the window, or does it? Again, would need someone expert at disassembling the binary to help me find out how the packets are structured. PM me if anyone knows more about this at a technical level (no leechers/beggers please).

Hey Amuyea, Hit me up with a PM if you need my assistance in unlinking the cheats with the enemy entities.

Time to test

What iOS version are you using? What Fun Run 2 game version do you have?

V3.3 update out.

New update is out with the ability to toggle God Mode and No Game Start Counter On/Off

Will do, will try to make it more dynamic

New update out, improves connectivity, and also added some "anti cheat" checks to help avoid accidental autoban (please note, this isn't a guaranteed safety!)

Haha, just be careful with using this, don't heavily abuse the power ups, otherwise you'll be auto banned. You can spam it here and there, but not continuously. Also, I didn't enable God Mode, since it just skews your end game results so much that it can be easily flagged. This hack can be used for casual play without anyone detecting, and can give you an easy advantage on any race.

Requirements:Any Jailbroken iDevice Fun Run 2 (Version 3.3) Features:Unlimited Power ups Anti AFK DC (does not DC you after 15 seconds) Unlimited Jump No game start counter (New 01/27/2016) Additional checks for "Anti Ban" measures (still not guaranteed to antiban) (New 01/28/2016) Added two new buttons, one for God Mode, and one to enable No Counter (skips the 5 seconds counter in the beginning) Download: [Hidden Content] Password: Hacked By Zirak Instructions:Close the game from Multitasking. Extract the downloaded files. Go to /private/var/mobile/Containers/Bundle/Application/YOUR FUNRUN2 APPID/Fun Run 2.app/ using iTools/iFunBox/DiskAid Move the resource.car file Run the game. Enjoy! Credits: Zirak WARNING: DO NOT DOWNLOAD FUN RUN 2 HACKS FROM ANY OTHER WEBSITE, ONLY TRUST IOSGODS.COM. THERE IS A PERSON WHO STOLE MY CHEATS AND CLAIMING IT AS HIS OWN, HE HAS A HIDDEN KEY LOGGER STORED WITHIN IT TO LOG YOUR USER NAME AND PASSWORDS.

Thx

Thx

Awesome