bR34Kr

It's probably the range/margin of error for floating point numbers. I recommend your read IEEE754
to understand how floating point is stored on computers but TL;DR: It's very lossy. So if you store 25.5, it may not be able to exist and might go store it as 25.00000001 etc. Because of this margin of error, if thousands upon thousands of calculations are done on the value (position for example), then the error will get amplified and may change a difference of 1 in the result for example. So the tolerance would be how much you handle errors like this. A tolerance of 1 is very generous but it should be fine

To "bypass" ASLR, you need to find the ASLR offset so you can add/subtract it from your offset to know its original/ASLRed offset. To get it when hooking to a process use this function:
_dyld_get_image_vmaddr_slide() (Info here -> https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/dyld.3.html)
The header for it is on the manpage
 
 
For removing it from your LLDB session you want to do
image list PROC_NAME in LLDB (while replacing PROC_NAME with the process name). That will give you the ASLR offset for that process and you need to subtract it from every offset you get through it

Yupp exactly that. You need to install it.

Yupp that's the reason. Try installing overb0ard and expanding the memory limits for the given process, and as Rook said, there's a looooooot of results. That means it'll be a lot of toggling before you can find your value.
 
https://github.com/Doregon/overb0ard

Using the -v option you'll see the call being made to clang and will know the libraries being linked. Either you can add SCLAlertView's files to the FILES Makefile variable so you embed it inside your binary or use the the library and link it using the LIBRARIES Makefile variable iirc.
 
The former should be easier and a reference can be found here:
 

Yes the binary is probably not compatible with your device. You should try and find a version that works for you. Which one are you using right now?

I fear that's not how your tweak should look for a Unity game. Unity games are not in ObjectiveC due to its C#/Mono dependency. Reading the tutorial on instance variables and learning C more in depth should get you on the right path for Unity game cheats. Though, for ObjC that'd be the good strategy. For using an alert you can use UIAlertView https://stackoverflow.com/questions/4463806/adding-a-simple-uialertview

The game uses a custom encrypted format fort he gllobal-metadata.dat as you've probably seen. I highly suggest you try to debug the game until the actual call is made to open the file (most probably via fopen) and then try to work your way from there. You should be able to be able to dump it at one point from the memory it is loaded into. Another great way for filtering out where it could be would be to
 try and find global-metadata.dat's magic bytes (the bytes that begin every file of its kind. You can try and download multiple random Unity games and analyze them and build from there) and then searching for that sequence in memory and dumping it from there.
 
Good luck!

Are you sure your hook actually works without the menu? Try hooking to the update function or another function that gets called.

FlexDecrypt should work. Either try running it as root or make sure you actually provide the correct path to the binary.

Read the tutorials they should be pretty clear. In this case you'd need to hook the functions to return your own stuff or patch them

The address will always change because it's allocated randomly in memory. The only way to save it is to have a static route to your value, so to do that use LLDB to search the base of your value, then finding an pointer to that base, then repeating this process until you end up with a static address. Once you do that just add, dereference, again and again and you'll be able to change your value

Yes a watchpoint will "watch" an address for r/w and will tell you where that happens :)

Here's a brief rundown of integer types:
Signature represents if a number has sign bit. If it's unsigned then all the bits of the bytes are used to represent your integer and the value will be positive. If the value is signed then the first bit will be used to check wheter an integer is positive or negative. So the 'S' or 'U' in front of the type represents if you want to search for unsigned or signed values 1 byte - char Represented by 1 byte in memory Goes from 0 to 255 (unsigned) Goes from -128 to 127 (signed) 2 bytes - short Represented by 2 bytes in memory Goes from 0 to 65535 (unsigned) Goes from -32768 to 32767 (signed) 4 bytes - int Represented by 4 bytes in memory Goes from 0 to 42949672955 (unsigned) Goes from -2147483648 to 2147483647 (signed) 8 bytes - int Represented by 8 bytes in memory Goes from 0 to 18446744073709551615 (unsigned) Goes from -9223372036854775808 to 9223372036854775807 (signed)  
So to answer your question more clearly: UInt is an unsigned 4 byte integer and SInt is a signed 4 byte integer
 
More detailed explanation here: https://en.cppreference.com/w/c/language/type

Remove the 10 before the offset.

 
^ for future reference

You can use FlexDecrypt https://github.com/JohnCoates/flexdecrypt

Unity is in a 3D environment as far as I know, so basically you want to find the function to set the Camera location. This way you can move it up or down or whatever. The reason it does that is because of ARM's way of handling floating point. I think in the Club "IDA tips" there should be something detailing your issue. But for the set location you'd want to call that function by making a function pointer to it. If it's too complicated you can find the GetCameraLocation and move on an axis but again, you are limited by the floats in ARM

It’s a bug with the Jailbreak, so you need to ReJB. As for the error, it’s as simple as not having permission to access the directory. I believe you created your project as root but you tried to compile with mobile and mobile does not have permissions to go to root’s directories. Try compiling as root. And if you want to compile as mobile then change owner to mobile for all files and directories in that project.
 
And a small tip, add this line to your Makefile to remove armv7
ARCHS = arm64  

Doesn’t seem like you hook to the actual function inside your %ctor. You need to use the MSHookFunction function.

It's the iGMM which is not updated for the app.

It is impossible to do since the version isn't signed. The only way of you doing so is that you saved your blobs on that version.