bR34Kr

You can do this using the VNC package on Cydia, although it might be deprecated on more recent versions of iOS

The game might be using encrypted values / offseted values. Also, you might be using the wrong types. Make sure to use a type that matches the value (always go for the smallest, smart devs won't put HP ranging from 0 to 100 in a 4 byte int while they can put it in a 1 byte char for example)

As Ted said this is an Enum. What you need to do is find a class/structure that uses a value of that type (so search for the Enum's name). That will give you the field you want to modify and its offset

This was posted 3 years ago. I'm pretty sure the game got updated since then

The address will always change because it's allocated randomly in memory. The only way to save it is to have a static route to your value, so to do that use LLDB to search the base of your value, then finding an pointer to that base, then repeating this process until you end up with a static address. Once you do that just add, dereference, again and again and you'll be able to change your value

Open the binary in IDA, find fopen calls and try to see where it freads this file. From that you can see how it decrypts the JSON into actual JSON. Good luck!

Something you could do is search for your negative money value, play the game, research to narrow it down and then manually changing everyone until it works. Although this may crash/corrupt your game so I suggest you make a backup first.

Debugging is the process of adding breakpoints / watchpoints and see how the game actually goes and does stuff. For the reload I'd search for the Gun class (with ammo for example), and search closeby memory for constant floats or ints representing the cooldown time. Then you're in business

Yes a watchpoint will "watch" an address for r/w and will tell you where that happens :)

Right now you are looking for a string and finding a function which references that string, after you search all the binary for the first FMOV instruction so you're deemed to fall on something completely random. What you should do is debug the game and find the value for the cooldown while searching by difference (cooldown increased / decreased etc.) and then finding which instruction actually edits the value and then patching it. Hope this helped

Here's a brief rundown of integer types: Signature represents if a number has sign bit. If it's unsigned then all the bits of the bytes are used to represent your integer and the value will be positive. If the value is signed then the first bit will be used to check wheter an integer is positive or negative. So the 'S' or 'U' in front of the type represents if you want to search for unsigned or signed values 1 byte - char Represented by 1 byte in memory Goes from 0 to 255 (unsigned) Goes from -128 to 127 (signed) 2 bytes - short Represented by 2 bytes in memory Goes from 0 to 65535 (unsigned) Goes from -32768 to 32767 (signed) 4 bytes - int Represented by 4 bytes in memory Goes from 0 to 42949672955 (unsigned) Goes from -2147483648 to 2147483647 (signed) 8 bytes - int Represented by 8 bytes in memory Goes from 0 to 18446744073709551615 (unsigned) Goes from -9223372036854775808 to 9223372036854775807 (signed) So to answer your question more clearly: UInt is an unsigned 4 byte integer and SInt is a signed 4 byte integer More detailed explanation here: https://en.cppreference.com/w/c/language/type

Any should do fine.

Awesome

That's pretty cool...

Also make sure the binary is the cracked version. I just tried with an iOS binary and the offset pointed to by IDA is correct if you jump to it in a hex editor (I used HxD). Maybe IDA changes the endianness? But just make sure you bin is cracked. That's about it.

Yes

Edit the coding at a lower level (the assembly) or by hooking to functions (so the game calls our version of it rather than the original)

Been a while since I've seen ya post. Good job

Good job

1: Knock knock 2: Who's there? 1: Knock 2: Knock who? 1: Knock knock Congrats! You understood recursion through a knock knock joke :p

Use Discord to chat with your friends during class Edit: I’m not responsible if you fail or anything of the sort if you do this method

That offset is based on the class. So it's not literally 0x2ECF56 in memory, it's PlayerOffset+0x2ECF56. So yes, you need to find a way to get your player instance and then to read it you read the float stored 0x2ECF56 after that base address.

Remove the 10 before the offset. ^ for future reference

What OS are you on? Version and all