Archangel04

If you did otherwise also

I cant promise this but i did find something to do with the gold which you get on victory. MAY OR MAY NOT BE SERVER SIDED

If you like it, please do give a rep or a thanks

Money is server sided

You can use the one i made as well https://iosgods.com/topic/43611-galaxy-on-fire-2-hd-all-versions/

If app is sliced, then this will only work on one device. Please make sure to crack from Rasticrac after downloading through iTunes to get a binary compatible with other devices as well

1) Go to Filza 2) Copy file from where you downloaded it (on your device) 3) Navigate to /var/mobile/Containers/Data/Applications/AppName/ 4) Replace the Library or Document folders or both (depending on what is there) 5) Overwrite if it asks you 6) Open game

Already tried. Its sub_x. Strings contain nothing useful. The one thing i found is only for training and doesnt work in even 1v1

Yeah, i saw that Otherwise everything seems to be more or less server sided here

Latest app update probably needs iOS 10. Check and report back. Alternatively, search AppCake as well

Done It still shows a super huge value (and yes my iGG offset is correct, i checked)

Il try. I did want to learn how to do so though

NOPed sysctl and the function below it. I can getbin if I use a slow net otherwise it crashes. Debugging witj gdb still gives wrong value

2585

Install batterylife and tell us what info is there in charging

Do you mean the first setup? If so you need a sim to activate it.

Came and hacked the game in which this happened

TBH, Doesnt seem so. Anyways, moving on, According to another post (multiple posts), I need to find a place where there is _sysctl, _getpid and _memset. I didnt find that, but i did get _getpid and _sysctl PUSH {R4,R7,LR} ADD R7, SP, #4 SUB.W SP, SP, #0x20C ; void * MOVW R4, #(:lower16:(___stack_chk_guard_ptr - 0x173AD7A)) MOV.W R0, #0x1EC MOVT.W R4, #(:upper16:(___stack_chk_guard_ptr - 0x173AD7A)) MOVS R1, #0xE ADD R4, PC ; ___stack_chk_guard_ptr LDR R4, [R4] ; ___stack_chk_guard LDR R4, [R4] STR R4, [SP,#0x210+var_8] STR R0, [SP,#0x210+var_208] MOVS R0, #1 STR R0, [SP,#0x210+var_204] STRD.W R1, R0, [SP,#0x10] BLX _getpid STR R0, [SP,#0x210+var_1F8] MOVS R0, #0 STRD.W R0, R0, [SP] ADD R0, SP, #0x210+var_204 ; int * ADD R2, SP, #0x210+var_1F4 ; void * ADD R3, SP, #0x210+var_208 ; size_t * MOVS R1, #4 ; u_int BLX _sysctl CMP.W R0, #0xFFFFFFFF BEQ loc_173ADB6 MOV R0, #(byte_1FCB108 - 0x173ADB2) ADD R0, PC ; byte_1FCB108 LDRB R0, [R0] CBNZ R0, loc_173AE0E B loc_173ADF6 If I NOP, then it crashes (as far as i remember, il have to check later)

Disable individual tweaks with icleaner

Replace True with true in your tweak.xm In computers we have to be careful with caps

Theres no syscall but I did find sysctl. I checked imports, strings but no syscall. When i NOP any BLX _sysctl, it crashes the game. If i BX LR or NOP the branch it kills the game. What should i do then The post is about gdb and if you cant contribute there is no need to comment on this. If you want to increase your post count please dont do so here. Do it in spam city or something

Hi guys, So here we go. I installed SW FA from itunes and did the following su Password rc.sh -m Chose the binary //No errors, all good Go to /var/root/, get the cracked binary thin it with lipo starwars -thin armv7 -o starwars2 Took the output file, used armconverter.com to remove aslr, signed with ldid -s starwars2 Renamed and replaced in the app, permissions set to 777. App works fine. Connect to Mac (and windows), open terminal, start app, find offset in iGG (and GP) gdb att pid watch *0xOffsetfromGP/iGG When i set a watchpoint it shows a very huge value as compared to the value which im hacking (shows something like 40880308 or so and value should be at max 10) In iGG it still shows the same value Checked for ASLR with info address _mh_execute_header Which returns 0x4000. According to @fahadxmb (as far as i remember) that meant aslr was gone. I did get a warning about Possible section anti debug trick detected at segment_Dirty or so (a few hundred times) but thats also fine apparently. Any ideas what the error is? Btw, when i use LLDB (debugserver was thinned for arm64) i get the correct value but when i search in IDA the code isnt there (something entirely different is there) Added log from PuTTy http://pastebin.com/gZ1HCRNW

Though useless i can give you infinite energy in training mode rn. Doubt you want that though

yes, chiruka hell safe. You can even mod xmod to 1000x add and 0x sub and use 4 1* monsters at +100 speed (xmod) and still not get banned. In toa however, i never went more than 2/2 in xmod in ANY case except for 1-2 like toa 100 (TIME IS MOST IMPORTANT HERE ATLEAST 5 MIN ON TOAN 100)