Ibrahim 89

It says "UNABLE TO INSTALL 'YOUTUBEIPAHACKED' "when I try to install the IPA on my device?

Hey guys I followed Joka’s tutorial to give colour to my switches.

However it doesn’t seem to work for me.

Can anyone provide a solution for this? Here are my projects files:

Tweak.mm:

#import <Preferences/PSControlTableCell.h>
#import <Preferences/PSListController.h>

@interface PSSwitchTableCell : PSControlTableCell
- (id)initWithStyle:(int)style reuseIdentifier:(id)identifier specifier:(id)specifier;
@end
 
@interface SRSwitchTableCell : PSSwitchTableCell
@end
 
@implementation SRSwitchTableCell
 
-(id)initWithStyle:(int)style reuseIdentifier:(id)identifier specifier:(id)specifier {
 
    self = [super initWithStyle:style reuseIdentifier:identifier specifier:specifier];
   
if (self) {
        [((UISwitch *)[self control]) setOnTintColor:[UIColor blueColor]]; // Change the colour of the ON state UISwitch here
 
    }
    return self;
}
 
@end

@interface helloListController: PSListController {
}
@end

@implementation helloListController
- (NSArray *)specifiers {
	if (!_specifiers) {
		_specifiers = [[self loadSpecifiersFromPlistName:@"Root" target:self] retain];
	}

	return _specifiers;
}

/* The "Visit iOSGods.com" link inside the Preferences button */
- (void)link {
        UIApplication *application = [UIApplication sharedApplication];
        NSURL *URL = [NSURL URLWithString:@"https://iosgods.com"];
        [application openURL:URL options:@{} completionHandler:^(BOOL success) {
            if (success) {
                //NSLog(@"Opened url");
            }
        }];
}
@end

// vim:ft=objc

Root.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>items</key>
	<array>
		<dict>
			<key>cell</key>
			<string>PSGroupCell</string>
			<key>footerText</key>
			<string>This text will appear under your first switch.</string>
                   <key>label</key>
                   <string>This is the new text</string>
		</dict>
		<dict>
                  <key>cellClass</key>
                   <string>SRSwitchTableCell</string> 
                   <key>cell</key>
                   <string>PSSwitchCell</string>
			<key>default</key>
			<false/>
			<key>defaults</key>
			<string>ks</string>
			<key>key</key>
			<string>key1</string>
			<key>label</key>
			<string>SwitchText1</string>
		</dict>
		<dict>
			<key>cell</key>
			<string>PSGroupCell</string>
			<key>footerText</key>
			<string>This text will appear under your second switch.</string>
		</dict>
		<dict>
			<key>cell</key>
			<string>PSSwitchCell</string>
			<key>default</key>
			<false/>
			<key>defaults</key>
			<string>ks</string>
			<key>key</key>
			<string>key2</string>
			<key>label</key>
			<string>SwitchText2</string>
		</dict>
		<dict>
			<key>cell</key>
			<string>PSGroupCell</string>
			<key>footerText</key>
			<string>This text will appear under your third switch.</string>
		</dict>
		<dict>
			<key>cell</key>
			<string>PSSwitchCell</string>
			<key>default</key>
			<false/>
			<key>defaults</key>
			<string>ks</string>
			<key>key</key>
			<string>key3</string>
			<key>label</key>
			<string>SwitchText3</string>
		</dict>
             <dict>
             <key>cell</key>
             <string>PSGroupCell</string>
             </dict>
             <dict>
             <key>cellClass</key>
             <string>SRSwitchTableCell</string>
             <key>cell</key>
             <string>PSSwitchCell</string>
             <key>default</key>
             <false/>
             <key>default</key>
             <string>ks</string>
             <key>key</key>
             <key>key4</key>
             <key>label</key>
             <string>New Button</string>
             </dict>
		<dict>
			<key>cell</key>
			<string>PSGroupCell</string>
		</dict>
		<dict>
			<key>cell</key>
			<string>PSTextCell</string>
			<key>label</key>
			<string>Made by Ibrahim</string>
		</dict>
		<dict>
			<key>action</key>
			<string>link</string>
			<key>cell</key>
			<string>PSButtonCell</string>
			<key>icon</key>
			<string>[email protected]</string>
			<key>label</key>
			<string>Visit iOSGods.com</string>
		</dict>
	</array>
	<key>title</key>
	<string>Testing</string>
</dict>
</plist>

This is what it shows me in Settings:

Can someone tell me where I went wrong?

9 hours ago, Ted2 said:

I don't know what the issue can be then. Sorry

No problem.

Anyway Thanks for the help.

7 hours ago, Ted2 said:

Which jailbreak do you use? Also, UI as in Mod Menu?

I use the unc0ver jailbreak on ios 12.1 and the UI I created was in tweak, and when I insatlled the tweak the app crashed.

14 hours ago, Ted2 said:

No, if you were missing something it would throw errors.
Also, which UI shows in the app? 

You can try this, but I doubt this will work:

 

#include <substrate.h>
#include <mach-o/dyld.h>
#define ASLR_BIAS _dyld_get_image_vmaddr_slide(0)

uint64_t getRealOffset(uint64_t offset){
	return ASLR_BIAS + offset;
}

void inject(uint64_t offset, uint64_t hackedHex) {
    hackedHex = CFSwapInt32(hackedHex);        
    MSHookMemory((void *)getRealOffset(offset), (void *)&hackedHex, sizeof(hackedHex));
}

//Usage
%ctor {
    inject(0x10092DEE8, 0x1F2003D5);
}

 

Nop still not working. It compiles fine but does not show any effect in the app however when I use the CustomLive Offset Patcher, the hack works(which freezes the ammo). My fault about the UI that was some other one, even using the UI crashes the app. Twice checked the Bundle ID.

12 hours ago, Ted2 said:

Have you entered the correct bundle ID? Do a NSLog in the %ctor to see if it actually loads into the game or not

Yes. correct bundle ID entered and the UI shows in the app. Am I missing something in my include directory in theos since I only have the substrate.h   file??

13 hours ago, Laxus said:

How can you so sure that offset is working shrug

Cuz I tested with CustomLive offset patcher and it worked fine.

13 hours ago, DADi said:

Since latest Unc0ver uses Substitute, I think MSHookMemory might not be needed any longer? Unless it was ported over to Unc0ver's Substitute.

I also think someone made a header ready with MSHookMemory support.

Should I resort to vm_writedata to patch offsets?

Hey guys I tried hacking with MSHOOKMEMORY using this tutorial:

I created a bloody harry hack but after successfully compiling my project in theos and installing the .deb, the tweak fails to function in the game shows no affects.

Here my Makefile:

INSTALL_TARGET_PROCESSES = SpringBoard

include $(THEOS)/makefiles/common.mk

TWEAK_NAME_LIBRARIES = substrate

bloodyharry_FILES = Tweak.x
bloodyharry_CFLAGS = -fobjc-arc

include $(THEOS_MAKE_PATH)/tweak.mk

And here is my Tweak.xm:

#import <substrate.h>
#import <mach-o/dyld.h>

uint64_t realAddr(uint64_t offset) {
	return offset + _dyld_get_image_vmaddr_slide(0);
}

%ctor {

uint64_t offset = realAddr(0x10092DEE8);

const uint8_t data[] = {
	0x1F, 0x20, 0x03, 0xD5,
};

MSHookMemory((void *)offset, data, sizeof(data));

}

Can anyone tell me where am I going wrong and what should I do to make my hack work?? btw im on ios 12.1 unc0ver

Thanks in advance.

Do we have to overwrite TWEAK_NAME = in Step 2 or add it the line below it??

38 minutes ago, Qnzboi102 said:

Why don’t u try ReProvision 

That would only work on a Jailbroken device? I need to install the tweaked IPA on a non-jailbroken device...........

So I have made a tweaked IPA using theos-jailed on my mac. When I install the the IPA on my IPhone 7 (IPhone9,3 ios 12.1) it installs and the hack works perfectly fine but when I tried installing it in my IPhone 7 Plus (IPhone9,2 ios 13.1.1) with cydia impactor it gives me the following error:

What did you enter in VAR EX and what is the function name?? for example in IDA what would it be.

You can use Live Offset patcher to test the hack before creating a .deb

3 hours ago, Qnzboi102 said:

Try using this 

i use this to test any offsets in real time and when I get what I am using I compile it with ted2’s mod menu using theos. 

Here is the post

 

Appreciate your attention but is there a way to make a simple tweak to patch offsets without any preference bundle or mod menu.

Anyway thanks for the help.

Does it work on ios 12 ?

On 9/20/2019 at 7:42 AM, JustCeeeeeeee said:

How do we use these offsets? They dont seem to say what module or anything.

It just makes the useful offsets visible.

I was recently trying out lldb on the game Bloody Harry. and got an Offset: 10092DEE8 which I want to NOP. so the Hex is 1F2003D5

Bundle ID: com.FDGEntertainment.BloodyHarry

Im on ios 12.4 and, since template in this tutorial is the only way to patch offsets.

Can someone provide me a working .deb of this app with the tweak.xm and make file using the template in this tutorial.. Anyway Thanks

Have you searched the forum?

Thanks bruh. Appreciate your hardwork

Thanks shmoo !

%hook BNPremiumSolver

-(bool)isPremium {

return true;

}

This works bruh

1 minute ago, X204 said:

%hook HSSUser

-(bool)isPremium {

return true;
	
}

 

is this MSFindSYmbol ?? I need that, this one works for me

1 minute ago, X204 said:

 

Not work because you hook the worng function

So whats the correct function?

On 9/30/2019 at 4:55 PM, T13RN0 said:

Why hook it, just use a code injection with the writedata header file (true in arm64 is MOV X0, #1 RET)

Can u tell me the exact line to add the MOV instruction.

Thanks.

13 minutes ago, wollyBEU said:

yessss

Can i use cydia impactor to install it?

Its a .deb, you can install it with filza.