ada1016

looked forwarded

looking forwared

cannot wait to learn

With great content of this website, I am able to do more, and got some tiny result, today, please allow me to ask something in a little bit advance IDA section __text:009791B4 ; =============== S U B R O U T I N E ======================================= __text:009791B4 __text:009791B4 ; Attributes: bp-based frame __text:009791B4 __text:009791B4 _Unit_get_GarrisonAttack_m3286393770 ; DATA XREF: __const:02694614o my tweak.xm on the specific function. float (*orig_GarrisonAttack)(void *self); static float GarrisonAttack(void *self) { NSLog(@"[tweak] --- >>> original attack %f",orig_GarrisonAttack(self)); if(ishookEnabled(@"attack")){ return 999999; } else { return orig_GarrisonAttack(self); } } at ctr% MSHookFunction(MSFindSymbol(NULL, "_Unit_get_GarrisonAttack_m3286393770"),(void*)GarrisonAttack, (void**)&orig_GarrisonAttack); My questions 1. How do I know its return type from IDA? using float and work is purely by luck, I don't know, maybe int will also work? 2. can I print the original result of the function? like I want to know what is the value of _Unit_get_GarrisonAttack_m3286393770, can I just NSlog orig_GarrisonAttack(self)? 3. cont with 2, I did try to do this and nothing show up, perhaps I code it wrong? NSLog(@"[tweak] --- >>> original attack %f",orig_GarrisonAttack(self)); 4. Lastly (sorry), is it possible to return the number base on the original method's result? (don't want to get god power as it looked so easy to get caught) e.g. take return value and x10 as new value static float GarrisonAttack(void *self) { return orig_GarrisonAttack(self)*10; } really appreciate in advance

checking... no IDA 6.95..

thanks for reading my question, I tried the mshook patch template you pointed and immediate meet 'UIAlertView' is deprecated error, do you got updated template or new way to it? $ ~/theos/bin/nic.pl NIC 2.0 - New Instance Creator ------------------------------ [1.] iOSGods CSCI Patcher v2.2 [2.] iOSGods MSHook Patcher v1.1 [3.] iOSGods Patcher v1.2 [4.] iphone/activator_event [5.] iphone/application_modern [6.] iphone/cydget [7.] iphone/flipswitch_switch [8.] iphone/framework [9.] iphone/ios7_notification_center_widget [10.] iphone/library [11.] iphone/notification_center_widget [12.] iphone/preference_bundle_modern [13.] iphone/tool [14.] iphone/tweak [15.] iphone/xpc_service Choose a Template (required): 2 Project Name (required): mshookpatch Package Name [com.yourcompany.mshookpatch]: com.ap.mshookpatch Author/Maintainer Name [U-AzureAD\STEVENJIANG]: Sj [iOSGods MSHook Patcher v1.1] MobileSubstrate Bundle filter [com.apple.springboard]: com.diandian.valantforce [iOSGods MSHook Patcher v1.1] List of applications to terminate upon installation (space-separated, '-' for none) [SpringBoard]: - Instantiating iOSGods MSHook Patcher v1.1 in mshookpatch/... Done. AzureAD+STEVENJIANG@DESKTOP-T14QN27 ~ $ cd mshookpatch/ AzureAD+STEVENJIANG@DESKTOP-T14QN27 ~/mshookpatch $ make package > Making all for tweak mshookpatch… ==> Preprocessing Tweak.xm… ==> Compiling Tweak.xm (armv7)… Tweak.xm:97:468: error: 'UIAlertView' is deprecated: first deprecated in iOS 9.0 - UIAlertView is deprecated. Use UIAlertController with a preferredStyle of UIAlertControllerStyleAlert instead [-Werror,-Wdeprecated-declarations] ...AppDelegate* _LOGOS_SELF_CONST, SEL, UIAlertView *, NSInteger); ^ /home/STEVENJIANG/theos/sdks/iPhoneOS9.3.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIAlertView.h:26:12: note: 'UIAlertView' has been explicitly marked deprecated here @interface UIAlertView : UIView ^ Tweak.xm:78:1: error: 'UIAlertView' is deprecated: first deprecated in iOS 9.0 - UIAlertView is deprecated. Use UIAlertController with a preferredStyle of UIAlertControllerStyleAlert instead [-Werror,-Wdeprecated-declarations] UIAlertView *igcredits = [[UIAlertView alloc] initWithTitle:@"mshookpatch Cheats" ^ /home/STEVENJIANG/theos/sdks/iPhoneOS9.3.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIAlertView.h:26:12: note: 'UIAlertView' has been explicitly marked deprecated here @interface UIAlertView : UIView ^ Tweak.xm:78:28: error: 'UIAlertView' is deprecated: first deprecated in iOS 9.0 - UIAlertView is deprecated. Use UIAlertController with a preferredStyle of UIAlertControllerStyleAlert instead [-Werror,-Wdeprecated-declarations] UIAlertView *igcredits = [[UIAlertView alloc] initWithTitle:@"mshookpatch Cheats" ^ /home/STEVENJIANG/theos/sdks/iPhoneOS9.3.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIAlertView.h:26:12: note: 'UIAlertView' has been explicitly marked deprecated here @interface UIAlertView : UIView ^ Tweak.xm:89:171: error: 'UIAlertView' is deprecated: first deprecated in iOS 9.0 - UIAlertView is deprecated. Use UIAlertController with a preferredStyle of UIAlertControllerStyleAlert instead [-Werror,-Wdeprecated-declarations] ...AppDelegate* _LOGOS_SELF_CONST __unused self, SEL __unused _cmd, UIAlertView * alertView, NSInteger buttonIndex) { ^ /home/STEVENJIANG/theos/sdks/iPhoneOS9.3.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIAlertView.h:26:12: note: 'UIAlertView' has been explicitly marked deprecated here @interface UIAlertView : UIView ^ Tweak.xm:100:535: error: 'UIAlertView' is deprecated: first deprecated in iOS 9.0 - UIAlertView is deprecated. Use UIAlertController with a preferredStyle of UIAlertControllerStyleAlert instead [-Werror,-Wdeprecated-declarations] ..._typeEncoding = '@'; i += 1; _typeEncoding = ':'; i += 1; memcpy(_typeEncoding + i, @encode(UIAlertView *), strl... ^ /home/STEVENJIANG/theos/sdks/iPhoneOS9.3.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIAlertView.h:26:12: note: 'UIAlertView' has been explicitly marked deprecated here @interface UIAlertView : UIView ^ Tweak.xm:100:566: error: 'UIAlertView' is deprecated: first deprecated in iOS 9.0 - UIAlertView is deprecated. Use UIAlertController with a preferredStyle of UIAlertControllerStyleAlert instead [-Werror,-Wdeprecated-declarations] ...+= 1; _typeEncoding = ':'; i += 1; memcpy(_typeEncoding + i, @encode(UIAlertView *), strlen(@encode(UIAlertView *))... ^ /home/STEVENJIANG/theos/sdks/iPhoneOS9.3.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIAlertView.h:26:12: note: 'UIAlertView' has been explicitly marked deprecated here @interface UIAlertView : UIView ^ Tweak.xm:100:604: error: 'UIAlertView' is deprecated: first deprecated in iOS 9.0 - UIAlertView is deprecated. Use UIAlertController with a preferredStyle of UIAlertControllerStyleAlert instead [-Werror,-Wdeprecated-declarations] ...1; memcpy(_typeEncoding + i, @encode(UIAlertView *), strlen(@encode(UIAlertView *))); i += strlen(@encode(UIAlertView ... ^ /home/STEVENJIANG/theos/sdks/iPhoneOS9.3.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIAlertView.h:26:12: note: 'UIAlertView' has been explicitly marked deprecated here @interface UIAlertView : UIView ^ 7 errors generated. make[3]: *** [/home/STEVENJIANG/theos/makefiles/instance/rules.mk:295: /home/STEVENJIANG/mshookpatch/.theos/obj/debug/armv7/Tweak.xm.265df578.o] Error 1 make[2]: *** [/home/STEVENJIANG/theos/makefiles/instance/library.mk:32: /home/STEVENJIANG/mshookpatch/.theos/obj/debug/armv7/mshookpatch.dylib] Error 2 make[1]: *** [/home/STEVENJIANG/theos/makefiles/instance/library.mk:24: internal-library-all_] Error 2 make: *** [/home/STEVENJIANG/theos/makefiles/master/rules.mk:90: mshookpatch.all.tweak.variables] Error 2 AzureAD+STEVENJIANG@DESKTOP-T14QN27 ~/mshookpatch

cannot wait to take a look

The latest THEOS (post 2017, April) no longer has preference bundle template? Instead, it is preference_bundle_modern Can I have some love on how to use this new one? At least it does not have .mm file that existing tutorial mentioned, or is there a template just for preference bundle? NIC 2.0 - New Instance Creator ------------------------------ [1.] iphone/activator_event [2.] iphone/application_modern [3.] iphone/cydget [4.] iphone/flipswitch_switch [5.] iphone/framework [6.] iphone/ios7_notification_center_widget [7.] iphone/library [8.] iphone/notification_center_widget [9.] iphone/preference_bundle_modern [10.] iphone/tool [11.] iphone/tweak [12.] iphone/xpc_service Choose a Template (required): 9

thanks for sharing

let me take a look

let's learn

I will answer myself so if anyone meet similar questions like I do, you can get some lights here. Still million appreciation to @arthurdapaz and @DiDA. Could not done this without your TuT and guide Q: NSLog, where to read and how? A: Install ondeviceconsole on Cydia, SSH in and run command Q: So how the code goes that make it works? #import <APMenu.h> #import <CoreFoundation/CoreFoundation.h> #import <substrate.h> #import <Foundation/Foundation.h> float (*orig_func)(void *self); float new_func(void *self) { float newValue = [mm getFloat:@"k05SimpleUiSlider"]; if (newValue) return newValue; else return orig_func(self); } %ctor { mm = [APMenu sharedInstance]; mp = [MemoryPatcher sharedInstance]; NSDictionary *hacks = @{ @"k05SimpleUiSlider":@{ @"type": @"modslider", @"typecfg": @{ @"minimumValue":@0, @"maximumValue":@99999 }, @"desc": @"God Power", @"label": @"Normal UI Slider" }, }; [mm init:hacks openAfter: 1 width: 260 maxVisibleToggles: 5 theme: rgb(0xbef7d9) title: @"MY GAME HACK" credits: @"Hack by ada1016. Thanks to DiDA n' shmoo for inspiration <3" creditsURL: nil gesture: APGestureThreeFingerTap onFirstLaunch:^{ [mm listenChanges:^(id sender) { if ([mm ismodtext:sender]) { UIKeyTextField *textField = (UIKeyTextField*) sender; NSString *key = textField.featureKey; float value = textField.text.floatValue; NSLog(@"Value of modtext %@: %f", key, value); } if ([mm ismodslider:sender]) { UIKeySlider *slider = (UIKeySlider*) sender; NSString *key = slider.featureKey; float value = slider.value; NSLog(@"Value of modslider %@: %f", key, value); } if ([mm ismodswitcher:sender]) { UIViewSwitcher *switcher = (UIViewSwitcher*) sender; NSString *key = switcher.featureKey; BOOL value = switcher.isOn; NSLog(@"Value of modslider %@: %d", key, value); } }]; MSHookFunction(MSFindSymbol(NULL,"_Equipment_get_Attack_m171674799"), (void*)new_func, (void**)&orig_func); NSLog(@"Initialized"); }]; }

@DiDA Thank you for help out.. I am still learning all this MSHook stuff.. @arthurdapaz thanks! The more I study the less I know.. ;(.. Do you mind 1. Take a look of my Tweak.xm and see if I understand this correctly? Cause it still crash when I try to enter the battle.. 2. If you can share a living sample of Tweak.xm that got your widget and its hacking code? (this will helps much better) 3. Lastly.. where to see NSLog? #import <APMenu.h> #import <CoreFoundation/CoreFoundation.h> #import <substrate.h> #import <Foundation/Foundation.h> float (*orig_func)(void *self); float new_func(void *self) { float newValue = [mm getFloat:@"k05SimpleUiSlider"]; if (newValue) return newValue; else return orig_func(self); } %ctor { mm = [APMenu sharedInstance]; mp = [MemoryPatcher sharedInstance]; NSDictionary *hacks = @{ @"k05SimpleUiSlider":@{ @"type": @"modslider", @"typecfg": @{ @"minimumValue":@0, @"maximumValue":@99999 }, @"desc": @"Normal UI Slider", @"label": @"Normal UI Slider" }, }; [mm init:hacks openAfter: 1 width: 260 maxVisibleToggles: 5 theme: rgb(0xbef7d9) title: @"MY VALANTFORCE GAME HACK" credits: @"Hack by ada1016. Thanks to DiDA n' shmoo for inspiration <3" creditsURL: nil gesture: APGestureThreeFingerTap onFirstLaunch:^{ [mm listenChanges:^(id sender) { if ([mm ismodtext:sender]) { UIKeyTextField *textField = (UIKeyTextField*) sender; NSString *key = textField.featureKey; float value = textField.text.floatValue; NSLog(@"Value of modtext %@: %f", key, value); } if ([mm ismodslider:sender]) { UIKeySlider *slider = (UIKeySlider*) sender; NSString *key = slider.featureKey; float value = slider.value; NSLog(@"Value of modslider %@: %f", key, value); } if ([mm ismodswitcher:sender]) { UIViewSwitcher *switcher = (UIViewSwitcher*) sender; NSString *key = switcher.featureKey; BOOL value = switcher.isOn; NSLog(@"Value of modslider %@: %d", key, value); } }]; MSHookFunction(MSFindSymbol(NULL,"_Equipment_get_Attack_m171674799"), (void*)new_func, (void**)&orig_func); NSLog(@"Initialized"); }]; }

thx

thanks

So, I like so start with thanks @arthurdapaz and @shmoo for the detail TuT on how to start Cydia Substrate journey I am now able to build deb, get it running and get the UI, the next step is of course, try on real game. For a game I am trying to start, I know what I want to change at HeX editor, and noticed there seems to be some pre-fix there so the actual offset at binary should minus 0x4000 __text:0094083C _Equipment_get_Attack_m171674799 ; CODE XREF: _AutoEquipLogic_GetAutoEquip_m241924269+3C6�p __text:0094083C ; _AutoEquipLogic_GetAutoEquip_m241924269+3DC�p ... __text:0094083C 00 6C LDR R0, [R0,#0x40] __text:0094083E 70 47 BX LR __text:0094083E ; End of function _Equipment_get_Attack_m171674799 The offset on IDA appeared as 0094083C but the actual offset at HxD is 0x93C83C, and I tried to change it to 58 46. On @arthurdapaz's template, I write it like this NSDictionary *hacks = @{ @"k01BasicSwitcher":@{ @"offsets": @[@"0x93C83C"], @"orig": @[@"0x006C"], @"patched": @[@"0x5846"], @"desc": @"God Power", @"label": @"God Power" }, }; The result is game crash.. Can I get some love and please let me know where went wrong? The original Tweak.xm attached. #import <APMenu.h> #import <CoreFoundation/CoreFoundation.h> #import <substrate.h> #import <Foundation/Foundation.h> /* // // You can use: [mm getFloat:@"SOME HACK KEY"]; // You can use: [mm getBool:@"SOME HACK KEY"]; // // For customizing the hack inside your hooks // see an example below: // // EXAMPLE OF HOOK FUNCTIONS // THAT GETS THE VALUE DEFINED // OF AN INTERFACE "KEY" ELEMENT float (*orig_func)(void *self); float new_func(void *self) { float newValue = [mm getFloat:@"aSliderKey"]; if (newValue) return newValue; else return orig_func(self); } */ %ctor { // the mod menu core mm = [APMenu sharedInstance]; // a writeData.h rewritten to my APMenu mp = [MemoryPatcher sharedInstance]; NSDictionary *hacks = @{ @"k01BasicSwitcher":@{ @"offsets": @[@"0x0093C83C"], @"orig": @[@"0x006C"], @"patched": @[@"0x5846"], @"desc": @"God Power", @"label": @"God Power" }, }; // HERE IS WHERE ALL THE FUN BEGINS :) [mm init:hacks openAfter: 1 // seconds (I like to use average game loading time) (OBLIGATORY) width: 260 // width in pixels (OBLIGATORY) maxVisibleToggles: 5 // only shows N first hacks, the others needs to be scrolled (OBLIGATORY) theme: rgb(0xbef7d9) // the main color for you hack menu (you can use any color :) (OBLIGATORY) title: @"MY VALANTFORCE GAME HACK" // your hack titlebar text upper case is better :) (OBLIGATORY) credits: @"Hack by ada1016. Thanks to DiDA n' shmoo for inspiration <3" // pretty self explicative, no? (Leave @"" for empty) creditsURL: nil // a URL for the user to visit on credits menu screen @"http://www.myblog.com" or simple: nil // CHOOSE YOUR INTERFACE TOGGLE GESTURE // APGestureTwoFingerTap // APGestureThreeFingerTap // APGestureFourFingerTap // APGestureTwoFingerSwipeUp // APGestureTwoFingerSwipeDown // APGestureTwoFingerSwipeLeft // APGestureTwoFingerSwipeRight // APGestureThreeFingerSwipeUp // APGestureThreeFingerSwipeDown // APGestureThreeFingerSwipeLeft // APGestureThreeFingerSwipeRight gesture: APGestureThreeFingerTap onFirstLaunch:^{ // this method listens to Mod Menu controller changes // and gets it's values according to the type of // UIControl you are dealing with // if you don't need this, just comment or remove these lines [mm listenChanges:^(id sender) { if ([mm ismodtext:sender]) { UIKeyTextField *textField = (UIKeyTextField*) sender; NSString *key = textField.featureKey; float value = textField.text.floatValue; NSLog(@"Value of modtext %@: %f", key, value); } if ([mm ismodslider:sender]) { UIKeySlider *slider = (UIKeySlider*) sender; NSString *key = slider.featureKey; float value = slider.value; NSLog(@"Value of modslider %@: %f", key, value); /* SIMPLE EXAMPLE OF USING THIS switch (value) { case 1: [mp write:0xbadf00d data:0xf33dbac]; break; case 2: [mp write:0xbadf00d data:0xf33dbac]; break; ... } */ } if ([mm ismodswitcher:sender]) { UIViewSwitcher *switcher = (UIViewSwitcher*) sender; NSString *key = switcher.featureKey; BOOL value = switcher.isOn; NSLog(@"Value of modslider %@: %d", key, value); } }]; /* DO SOMETHING AFTER HACK INTERFACE LAUNCH designed for customized hooks or you can popup an alert to warn the user that hack is already active and maybe send an UIAlertControl informing Gesture you have used ******** THIS IS HOW TO HOOK ******** (if you need hooking some internal function): ******** ******** MSHookFunction((void*)[mp calculateAddress:0xb4df00d], (void*)new_func, (void**)&orig_func); ******** ******** Please, notice that new_func and orig_func are declared at ******** the top of the file (before %ctor) */ NSLog(@"Initialized"); }]; }

@shmoo Thanks for the great Tut.. so I tired to play something but not quite getting there. I guess my main problem is I don't know what AppDelgate and how to answer with, The result is I can build the package but didn't see button show up at my game. please can you share where can be wrong at my end? NIC 2.0 - New Instance Creator ------------------------------ [1.] iphone/apmenu [2.] iphone/application [3.] iphone/library [4.] iphone/preference_bundle [5.] iphone/tool [6.] iphone/tweak [7.] shmoo's Mod Menu Template Choose a Template (required): 7 Project Name (required): vfcheat Package Name [com.yourcompany.vfcheat]: com.ap.valantforcehack Author/Maintainer Name [System Administrator]: Steveb [shmoo's Mod Menu Template] Cydia Substrate Bundle filter [com.apple.springboard]: com.diandian.valiantforce [warning] Asked to link theos, but template lacks an optional theos link. Creating one! Contact the author of this template about this issue. [shmoo's Mod Menu Template] Version of the app: 1.12.0 [shmoo's Mod Menu Template] Name of the hack: vfHack [shmoo's Mod Menu Template] Name of the binary: valiantforce [shmoo's Mod Menu Template] What is the AppDelegate: vfDegegate [shmoo's Mod Menu Template] List of applications to terminate upon installation (space-separated, '-' for none) [SpringBoard]: com.diandian.valiantforce Instantiating shmoo's Mod Menu Template in vfcheat/... Done. Steven6:/var/mobile/vfcheat root# make package Making all for tweak vfcheat... Preprocessing Tweak.xm... Constants from lexical variables potentially modified elsewhere are deprecated at /private/var/theos/bin/lib/aliased.pm line 42. Constants from lexical variables potentially modified elsewhere are deprecated at /private/var/theos/bin/lib/aliased.pm line 42. Constants from lexical variables potentially modified elsewhere are deprecated at /private/var/theos/bin/lib/aliased.pm line 42. Constants from lexical variables potentially modified elsewhere are deprecated at /private/var/theos/bin/lib/aliased.pm line 42. Constants from lexical variables potentially modified elsewhere are deprecated at /private/var/theos/bin/lib/aliased.pm line 42. Constants from lexical variables potentially modified elsewhere are deprecated at /private/var/theos/bin/lib/aliased.pm line 42. Constants from lexical variables potentially modified elsewhere are deprecated at /private/var/theos/bin/lib/aliased.pm line 42. Constants from lexical variables potentially modified elsewhere are deprecated at /private/var/theos/bin/lib/aliased.pm line 42. Compiling Tweak.xm... Compiling ModMenu.mm... Compiling Hack.mm... Compiling Hook.mm... Compiling SliderHook.mm... Compiling TextfieldHook.mm... Compiling InfoView.mm... Linking tweak vfcheat... Stripping vfcheat... Signing vfcheat... Making stage for tweak vfcheat... dpkg-deb: building package 'com.ap.valantforcehack' in './debs/com.ap.valantforcehack_1.12.0-1_iphoneos-arm.deb'. Steven6:/var/mobile/vfcheat root# dpkg -i ./debs/com.ap.valantforcehack_1.12.0-1_iphoneos-arm.deb (Reading database ... 10204 files and directories currently installed.) Preparing to unpack .../com.ap.valantforcehack_1.12.0-1_iphoneos-arm.deb ... Unpacking com.ap.valantforcehack (1.12.0-1) over (0.0.1-1) ... Setting up com.ap.valantforcehack (1.12.0-1) ... Steven6:/var/mobile/vfcheat root# at Tweak.xm, I add this line, updated some color setting as well addHack(@"God Mode", @"God Power", font, {0x93C83C}, {0x5846}, {0x006c});

thanks

looking forward to understand more

THANKS, THIS IS THE TOPIC i AM LOOKING FOR

love to learn

thanks

Is v1.11.0 really not possible to substrate?

poke, there is new version now and please update, appreciated.

thanks a lot! this is exactly what is needed