Phoneapphack

I'm answering very late, but I came across the same situation and solved it on my own experience, in general, you should take the uintptr_t pointer to the typeinfo class and dereference it, in general, just do it like this auto kube_c = *(uintptr_t*)(*(uintptr_t*)(getRealOffset(0x6769CB0)) + 0xB8); // get access to static fields if (!kube_c) return; auto bcs = *(uintptr_t*)(kube_c + 0x38); // get static field, in my case this public static BattleControllerScript bcs; if (!bcs) return; auto ps = *(uintptr_t*)(bcs + 0xC8); // next, you can take any field and so on, well, you know, I think, just for example if (!ps) return; return ps; you will have other offsets, and classes, and fields, but 0xb8 is almost everywhere as access to static fields and yet, you must definitely have this in order to receive UnityFramework and get an absolute address : uint64_t getRealOffset(uint64_t offset) { uint32_t c = _dyld_image_count(); for (int i = 0; i < c; i++) { if (strstr(_dyld_get_image_name(i), "UnityFramework")) { return _dyld_get_image_vmaddr_slide(i) + offset; } } return 0; }

hey, guys! I have a problem, I started doing ios cheating, and I don't have a jailbroken device, and I decided to do a non jailbroken cheat, which I noticed is static members, as I understood, hooks are not needed here, and I was told that it works on non jailbreaked, and I tried, I get that's how SomeClass_TypeInfo_c -> access static_fields _offset -> field offset, I get dyld of unityframework, and I'm offseting to typeinfo, and I can offseting to access static field, but then when offseting the pointer from access static field to static field, I crash, and it's not a problem that I have a non jailbreak. since typeinfo and access to static fields, when nslog is output, pointers are displayed, and something seems to be read in memory, but it crashes when I get the fields already, here is my code, help #import <Metal/Metal.h> #import <MetalKit/MetalKit.h> #import <Foundation/Foundation.h> #import <mach-o/dyld.h> #import <pthread/pthread.h> #import <substrate.h> uint64_t getRealOffset(uint64_t offset) { uint32_t c = _dyld_image_count(); for (int i = 0; i < c; i++) { if (strstr(_dyld_get_image_name(i), "UnityFramework")) { return _dyld_get_image_vmaddr_slide(i) + offset; } } return 0; } void *modifyGameVarDefs(void *arg){ while(true){ if (true) { auto typeinfo = getRealOffset(0x37EB940); auto staticfields = *(uint64_t*)((uint64_t)typeinfo + 0xB8) NSLog(@"animspeed %lu", typeinfo); if(typeinfo) { float animspeed = *(float*)((uint64_t)staticfields + 0x0); NSLog(@"animspeed %f", animspeed); } } sleep(1); } return NULL; } __attribute__((constructor)) void hackthread() { pthread_t thread; pthread_create(&thread, NULL, modifyGameVarDefs, NULL); }

so cool

I try this

thx nice

nice, thanks

thanks

good, thanks

i test it

Thanks for source, im newbie in ios hacking