asianqueen

Thanks

LLDB on Android (Communication between Android and Windows) By me ofc Note: I will not cover how to [url=https://iree.dev/developers/debugging/android-with-lldb/]install LLDB[/url] on Windows and Android. This is to setup communication between Android and Windows after you've installed LLDB on your Android device. However, I did include the documentation how I install it on my machine and on my android in the zip. Requirement: Windows PC (Tested on Win 11) Make sure you have PowerShell installed (Should be by default). PowerShell ISE is what we're targetting Android device that is rooted (Not for virtual machines) Tested on: Pixel 9 Pro XL OnePlus13 [Hidden Content] Snapshot: Instruction: 1) Download the zip file. 2) Unzip it anywhere you desire. 3) Make sure your android device is hook up with usb and have usb debugging set to on and also to use usb as file transfer. 4) Open PowerShell ISE and locate the 'StartLLDB.ps1'. Click the Play button to execute the script. Click Start 'LLDB Server' and it should look like: You should now see the status with a PID (Not the same as mine ofc). 5) Open PowerShell ISE (New session; do not try to open it on the existing tab). Locate the 'StartDebug.ps1' script and click the play button to execute the script. a) On the game name; if you know what it is; you can just type it then click 'Attach (Interactive)' button. It will locate the pid process of your game. b) It should open a command prompt windows and attach your game process. Ready for you to press c to continue and set watchpoint etc... Example of setting a watchpoint: # size must be 1, 2, 4, or 8 on AArch64, and the address must be aligned to that size watchpoint set expression -w write -s 4 -- (void*)0xYOUR_ADDR Details of the Debugger windows: Start LLDB Server = Create a LLDB host on Android side so you can use Windows to connect to it. Kill LLDB Server = If for some odd reason your game crash and you need to setup a new host/server; this is the right button to click. Once killed the existing one, click the 'Start LLDB Server' to start a new one. Refresh Log = straight forward; it just clears and refresh the log box. ****************** Game name textbox = This is where you type your game filename and it will use that information to search and attach the correct process. Auto-handle common signals = reduce the debugger to throw extra details after attached so your connection will be alot quicker. Resume after attach = after attached the process; you manually have to type continue then press enter to resume the game. This will perform just that for you. However, it's possible that the game may break and freeze for other random triggers and you'll have to manually type c and enter to resume. Attach = Attach the process. Kill = If the game freezes and won't resume at all or if the game crash; this is what you need to click to kill it.

Thanks for sharing.

Nice work

I believe those have checks. It's the same as Cookie Kingdom; it shows a little intro and then auto-closes the game.

ty for sharing.

Modded/Hacked App: Plants vs. Zombies™ By EA Swiss Sarl Bundle ID: com.ea.pvzfree.bv iTunes Store Link: https://apps.apple.com/us/app/plants-vs-zombies/id893677096?uo=4 Version 3.5.4 Tested on: iPhone8 (Palera1n rootful) ~~~Features~~~ [Hidden Content] If you're unsure what to do with it; please check out our contributor tutorials: Installation and details How to use

Not only can Frida do decryption; but it can also perform watchpoint, breakpoint, etc... However it seems like those functions do not work properly with rootless. I am going to jb it rootful to test its functionality of it. I believe rootless is the main reason why hacking from igg to ida doesn't work anymore.

can someone walk us through from point A to point Z on how to install to how to use it?

Thanks for sharing

2 Updates: Code has been updated to use hex instead of modifying values from offset address. Collect sun to gain max. Add 1 hit kill cheats.

thanks

We're going to use this example: LDR X8, [SP,#0x90+var_70] LDR X8, [X8,#0x478] LDR X8, [X8,#0x10] LDR W8, [X8,#0x44] SUBS W8, W8, #2 CSET W8, NE TBNZ W8, #0, loc_100132CEC B loc_100132C40 Can someone explain what is CSET? I know it's a condition set, but it doesn't make any sense to me. It has nothing to compare against. Based on my understanding, If W8 is not equal to; but what is it not equal to? What are we comparing against? Any help is much appreciated.

this hack is actually for a rootful device. Only rootless would have to go through additional steps to get it convert. Make sure the game is a cracked version and not the original one from Apple Store. comes to realize different app to crack has different offset address. You'll have to use igg to decrypt the app; install then use this modmenu.

can you snapshot what you see in IDA? for that address?