CodeName9

Hello there! hope you're having a good day. Today i wanted to ask the iosgods community for a list of applications that are great for practising hackingwith string, I personally find it very difficult so i would like games that people know are good for hacking with strings and know so string incase i need help! So just a few games for practising strings would be good thanks.

tanks

thanks

thanks

fmov is a float value

So after using dnspy for a while and hacking quite a few unity games, i wanted to try no unity games/sub_xxx with IDA, target game: Dead by Daylight I'm able to find the functions i want using strings, here is the target string: __cstring:00000001046AE9B4 00000029 C GameplayModifierType.RevealKillerInRange (There are many similar strings for different objects, - traps, hooks, survivors; since the game has built in chams, i believe these are the functions to enable the chams for each entity/object.) After xref'ing the string, here are the results: https://imgur.com/a/Ga80yqQ , as you can see, there are many results, giving us the idea that this is a useful string so far. Then pressing ok, we can now see that there is a sub_x right below the function (reinforcing the idea of this being a useful string): ADRP X1, #aGameplaymodifi_19@PAGE ; "GameplayModifierType.RevealKillerInRang"... ADD X1, X1, #aGameplaymodifi_19@PAGEOFF ; "GameplayModifierType.RevealKillerInRang"... ADD X0, SP, #0x30 MOV W2, #1 BL sub_1024EBB80 LDR X1, [SP,#0x30] LDR W2, [SP,#0x38] ADD X0, X21, #0x6CC BL sub_104000738 In fact.. there are 2 sub_x's, this is my first issue... Which sub_x should i open? both? or is one preferred? Let me know! For the sake of the Help/support Topic, i will just choose and open the first sub_x (BL sub_1024EBB80) here are the visuals..: https://imgur.com/a/ZNxvAGZ If you cannot zoom in on the image, i will paste it all here: Top box : ; Attributes: bp-based frame sub_1024EBB80 STP X20, X19, [SP,#-0x20]! STP X29, X30, [SP,#0x10] ADD X29, SP, #0x10 MOV X19, X0 CBZ X1, loc_1024EBBBC Bottom left box: MOV X3, X2 MOV W2, #0 MOV W4, #1 MOV W5, #0xFFFFFFFF MOV X0, X19 BL sub_1024EC234 MOV X0, X19 LDP X29, X30, [SP,#0x10] LDP X20, X19, [SP+0],#0x20 RET Bottom right box: loc_1024EBBBC STR XZR, [X19] STR WZR, [X19,#8] MOV X0, X19 LDP X29, X30, [SP,#0x10] LDP X20, X19, [SP+0],#0x20 RET ; End of function sub_1024EBB80 Here, i'm not sure what to modify, yes i know what MOV, STR, BL, LDR, RET, ADD, SUB etc mean, i've done a lot of research but can't seem to find my answers, so can anyone tell me what i should change in this? Next, i believe we can go into the next sub, (BL sub_1024EC234) which will take us to this: (I will put IDA into text view so i can copy'n paste it all) __text:00000001024EC234 sub_1024EC234 ; CODE XREF: sub_1024EB8C8+1C0↑p __text:00000001024EC234 ; sub_1024EBB80+28↑p __text:00000001024EC234 STP X28, X27, [SP,#-0x40]! __text:00000001024EC238 STP X22, X21, [SP,#0x10] __text:00000001024EC23C STP X20, X19, [SP,#0x20] __text:00000001024EC240 STP X29, X30, [SP,#0x30] __text:00000001024EC244 ADD X29, SP, #0x30 __text:00000001024EC248 SUB SP, SP, #0x410 __text:00000001024EC24C MOV X19, X5 __text:00000001024EC250 MOV X22, X3 __text:00000001024EC254 MOV X20, X1 __text:00000001024EC258 MOV X21, X0 __text:00000001024EC25C ADRP X8, #___stack_chk_guard_ptr@PAGE __text:00000001024EC260 LDR X8, [X8,#___stack_chk_guard_ptr@PAGEOFF] __text:00000001024EC264 LDR X8, [X8] __text:00000001024EC268 STUR X8, [X29,#-0x38] __text:00000001024EC26C CBNZ W2, loc_1024EC298 __text:00000001024EC270 CBZ W4, loc_1024EC298 __text:00000001024EC274 ADD X1, SP, #8 __text:00000001024EC278 ADD X3, SP, #4 __text:00000001024EC27C MOV W2, #0x400 __text:00000001024EC280 MOV X0, X20 __text:00000001024EC284 BL sub_1024EF2C8 __text:00000001024EC288 CBZ W0, loc_1024EC334 __text:00000001024EC28C ADD X20, SP, #8 __text:00000001024EC290 LDR W8, [SP,#4] __text:00000001024EC294 ADD W2, W8, #1 __text:00000001024EC298 __text:00000001024EC298 loc_1024EC298 ; CODE XREF: sub_1024EC234+38↑j __text:00000001024EC298 ; sub_1024EC234+3C↑j __text:00000001024EC298 LDRB W9, [X20] __text:00000001024EC29C CBZ W9, loc_1024EC340 __text:00000001024EC2A0 __text:00000001024EC2A0 loc_1024EC2A0 ; CODE XREF: sub_1024EC234+108↓j __text:00000001024EC2A0 MOV W8, #0 __text:00000001024EC2A4 ADD X10, X20, #1 __text:00000001024EC2A8 ADRP X11, #unk_105B60264@PAGE __text:00000001024EC2AC ADD X11, X11, #unk_105B60264@PAGEOFF __text:00000001024EC2B0 MOV X12, X9 __text:00000001024EC2B4 __text:00000001024EC2B4 loc_1024EC2B4 ; CODE XREF: sub_1024EC234+A8↓j __text:00000001024EC2B4 SXTB W13, W12 __text:00000001024EC2B8 SUB W13, W13, #0x61 ; 'a' __text:00000001024EC2BC CMP W13, #0x1A __text:00000001024EC2C0 CSET W13, CC __text:00000001024EC2C4 SUB W12, W12, W13,LSL#5 __text:00000001024EC2C8 EOR W12, W8, W12 __text:00000001024EC2CC AND W12, W12, #0xFF __text:00000001024EC2D0 LDR W12, [X11,W12,UXTW#2] __text:00000001024EC2D4 EOR W8, W12, W8,LSR#8 __text:00000001024EC2D8 LDRB W12, [X10],#1 __text:00000001024EC2DC CBNZ W12, loc_1024EC2B4 __text:00000001024EC2E0 ADD X10, X20, #1 __text:00000001024EC2E4 MOV W12, #0xFFFFFFFF __text:00000001024EC2E8 ADRP X11, #unk_105B62664@PAGE __text:00000001024EC2EC ADD X11, X11, #unk_105B62664@PAGEOFF __text:00000001024EC2F0 __text:00000001024EC2F0 loc_1024EC2F0 ; CODE XREF: sub_1024EC234+F4↓j __text:00000001024EC2F0 EOR W9, W12, W9 __text:00000001024EC2F4 AND W9, W9, #0xFF __text:00000001024EC2F8 LDR W9, [X11,W9,UXTW#2] __text:00000001024EC2FC EOR W9, W9, W12,LSR#8 __text:00000001024EC300 AND W12, W9, #0xFF __text:00000001024EC304 LDR W12, [X11,W12,UXTW#2] __text:00000001024EC308 EOR W9, W12, W9,LSR#8 __text:00000001024EC30C AND W12, W9, #0xFF __text:00000001024EC310 LDR W12, [X11,W12,UXTW#2] __text:00000001024EC314 EOR W9, W12, W9,LSR#8 __text:00000001024EC318 AND W12, W9, #0xFF __text:00000001024EC31C LDR W12, [X11,W12,UXTW#2] __text:00000001024EC320 EOR W12, W12, W9,LSR#8 __text:00000001024EC324 LDRB W9, [X10],#1 __text:00000001024EC328 CBNZ W9, loc_1024EC2F0 __text:00000001024EC32C MVN W9, W12 __text:00000001024EC330 B loc_1024EC344 __text:00000001024EC334 ; --------------------------------------------------------------------------- __text:00000001024EC334 __text:00000001024EC334 loc_1024EC334 ; CODE XREF: sub_1024EC234+54↑j __text:00000001024EC334 MOV W2, #0 __text:00000001024EC338 LDRB W9, [X20] __text:00000001024EC33C CBNZ W9, loc_1024EC2A0 __text:00000001024EC340 __text:00000001024EC340 loc_1024EC340 ; CODE XREF: sub_1024EC234+68↑j __text:00000001024EC340 MOV W8, #0 __text:00000001024EC344 __text:00000001024EC344 loc_1024EC344 ; CODE XREF: sub_1024EC234+FC↑j __text:00000001024EC344 AND W5, W8, #0xFFFF __text:00000001024EC348 AND W6, W9, #0xFFFF __text:00000001024EC34C MOV X3, X22 __text:00000001024EC350 MOV X4, X19 __text:00000001024EC354 MOV X0, X21 __text:00000001024EC358 MOV X1, X20 __text:00000001024EC35C BL sub_1024ECA2C __text:00000001024EC360 LDUR X8, [X29,#-0x38] __text:00000001024EC364 ADRP X9, #___stack_chk_guard_ptr@PAGE __text:00000001024EC368 LDR X9, [X9,#___stack_chk_guard_ptr@PAGEOFF] __text:00000001024EC36C LDR X9, [X9] __text:00000001024EC370 CMP X9, X8 __text:00000001024EC374 B.NE loc_1024EC390 __text:00000001024EC378 ADD SP, SP, #0x410 __text:00000001024EC37C LDP X29, X30, [SP,#0x30] __text:00000001024EC380 LDP X20, X19, [SP,#0x20] __text:00000001024EC384 LDP X22, X21, [SP,#0x10] __text:00000001024EC388 LDP X28, X27, [SP+0],#0x40 __text:00000001024EC38C RET Here, there are another 2 sub_x (the final ones in the string) let me know if you want me to show them too but i was afraid this topic is too long.. haha and if anyone knows what i cant change to enable the built in chams, please let me know! and thank you for your time.

Done!

Hi! before, i was looking around on some tutorial, and specifically how to remove or bypass ASLR but im not sure if these tutorials are up to date, i believe one was posted back in 2015? And i was reminded again whilst looking at the chat box, so i thought i'd create another support topic with the chance maybe someone can help me? ; How to bypass ASLR? thanks! also if it helps, im on ios 13.

I was starting to learn how to make a chams hack, so i was reading about on google, and i'm pretty sure i saw that i need to log shaders, there was no tutorial so i thought i would come to iosgods and ask around, thanks, and im not too sure what else i can put here, just that i would like to know how to log shaders. ios : 13

Would you recommend buying any sort of books on these languages or would online resources me more than enough?

Okay thanks, I have a rough idea of what I’ll do, also how would I put it into a menu? I know how to add options into a mod menu but not sure how to add a esp or aimbot

Oh okay thanks, so if a game doesn’t use OpenGL, what would it use instead?

Thanks I’ll try find some source code for reference, and see what I can do, also is it similar to making a aimbot in a pc game like csgo or something? And another question, I was looking up “OpenGL” and I saw your topic on a tool you made, but I was wandering if you knew it is still functional and worth looking into?

For real? 😂 well I guess just here lmao, tomorrow I’ll try make progress on a esp, have little idea on what I gotta do but I feel like esp is better to start with then a aimbot, so you’ll be here to help? Haha

Okay so just I can just contact you with iosgods pm’s ?

Hey, I saw you helped a lot on a bunch of my help and support topics, so thanks and was wandering if you had anything like a discord where I could contact you for help? Obviously just if you want haha but you seemed really nice and helpful

Great job everyone!

Alright thanks haha I just made a topic so jsut waiting for approval

So, I just want to make a simple esp or chams cheat, I know it can’t be easy so I’m prepared to do .. stuff. If you can help me or send me to tutorials I would be very thankful. im not sure what else I can add to this but I’d like to just implement a simple ESP or Chams into a menu, thanks. Also I know there’s some source codes around for esps so is there anything I can do with those?

Thanks very much, also I know it’s off topic for this but, what’re the steps of making a chams or esp?

Just so I’m thinking right, what exactly is a BL? and thanks

Thanks for the detailed reply, I was actually able to branch the functions and offsets and got the cheat to work when pressing the music button, of course I want to try to do multiple branches at a time, because; i put these into a modmenu as there’s a lot, but the thing is I can only enable one at a time, like I can’t do ... give 10k coins and give 10k gems ... at the same time so is it possible to branch multiple functions to the same offset (music button) and for them to both work at the same time? Also I’ll read into guest’s topic on function pointers, Thank you bR34Kr

Hey again, i tried doing this, and put the arm64 from https://armconverter.com/ (https://imgur.com/a/APhgwYC) into the offset field in the live offset patcher, and used ret in the patch field but did nothing.

Hey, thank you for the easy-to-follow reply I’ll try it

So im trying to change the flow of a public void with no arguments / branching a function (Music Toggle Button) to my offset. i want to change a button in a game (such as music on/off button in settings), so that it redirects the flow to the function i want. for example, public void Give10kCoins() The button will be changed to instead not turn music off or on, but to give me the 10k coins. Hopefully its enough info, thank you.