xrayactual

Please don’t use this thr Please don’t use this thread for that, ask in the appropriate thread, as I have. Thank you kindly for the speedy fix. 🍻

@gogigogi1 This is not the right mod file, you uploaded Knights & Dragons menu https://imgur.com/a/rT0DTDd

Install failed through Filza, version does not start with digit. “V2.8.8”. can still inject via igamegod

Thank you 😌 Update: game crashes

I can confirm the 1.8.1 .deb does not install Error Domain=gg.task Code=-1 "dpkg: error processing archive /var/mobile/ Library/Application Support/ Containers/com.gamegod.igg/ Documents/Inbox/ iOSGods.com.billionairmodsv1.8.1iOS Gods.com_iphoneos-arm.deb(- install): parsing file '/Library/dpkg/tmp.ci/ control' near line 10 package 'iosgods.com.billionairmods': "Version' field value 'v1.8.1+iOSGods.com': version number does not start with digit Errors were encountered while processing: /var/mobile/Library/Application Support/Containers/com.gamegod.igg/ Documents/Inbox/ iOSGods.com.billionairmods_v1.8.1i0S Gods.com_iphoneos-arm.deb Userlnfo={NSLocalizedDescription=dp kg: error processing archive /var/ mobile/Library/Application Support/ Containers/com.gamegod.igg/ Documents/Inbox/ iOSGods.com.billionairmods_v1.8.1i0S Gods.com_iphoneos-arm.deb(- install): parsing file '/Library/dpkg/tmp.ci/ control' near line 10 package 'iosgods.com.billionairmods": "Version' field value 'v1.8.1+iOSGods.com': version number does not start with digit Errors were encountered while processing: /var/mobile/Library/Application Support/Containers/com.gamegod.igg/ Documents/Inbox/ iOSGods.com.billionairmods_v1.8.1iOS Gods.com_iphoneos-arm.deb

Thank ye

Thank you

Thank you

Thanks

Thank you

if there is no unity framework then the game does not use unity engine. The same goes for global-metadata.dat, if that is not present then the game likely does not use il2cpp

As far as I can tell, yes. Trying a few other tricks but at this time patching the anti-debuggers is not possible

I don't have any experience in manipulating dat files so that may be in Zahir's realm. I'm still scanning for iterations of _syscall and _sysctl within the assembly, if I can recompile it without issue we may have a starting point... Additional findings: Iron Blade Medieval runs memory checks, and premium currency is held within 5 memory addresses Update: Its littered with antidebugging 🤣 98 total calls, will update when I make more progress _sysctl: _syscall:

I don't know yet, I don't have enough information as I'm waiting for my mac to finish transferring the decrypted files to my windows computer so I can try to disable the debugger. Hackers FYI: within IronBladeSlice.app/Payload/app_package/behaviors/ is a file labeled "AIEnemy.dat", that's probably what dictates AI behavior, i.e. ignore player, but I don't know for certain

@TheFreakzz FYI: This app has anti-debugging enabled, making it more difficult to hack. It is also not an il2cpp or unity game so finding methods that are exploitable could be near impossible. Also cannot "uncar" Assets.car to search for potential exploits IDA might help disable the anti-debugger but methods likely cannot be deciphered in bulk if they are obfuscated. Update: This game uses syscall and sysctl to prevent debugging

I'm fairly new to this but I wanted to put my findings for the latest version here in case someone else notices something I haven't yet. Edit: Here's a folder with everything included, from the decrypted ipa to the lldbinit.py script. I have neatly organized everything in labeled folders indicative of their contents (binary and global-metadata are copied directly from the included unzipped IPA payload). Everything was included so others may pickup at any step of the hacking process, whether it's in the middle or from the very beginning, in case someone needs additional references for deciphering this games' functions, memory checks or any other anti-jailbreak/anti-hacking countermeasures Process I went through: Since the game does not obfuscate all memory values(to my knowledge), I was able to locate my khorium value within 2 memory addresses (that change every start-up). I was able to change the memory values, however the developers have incorporated a memory check against the server's database (or something similar) I also identified 3 separate checks for isJailbroken in the il2cpp dump I created a debugserver on my phone and attached it to the galaxy process, Using my Mac (with XCode installed) I was able to connect to the debugserver, hosted on my phone, through LLDB, allowing me to set watchpoints at the memory addresses (which may help reveal their actual address, for creating a menu) where kohrium is stored/checked. Using LLDB again, I was able to display instructions that precede the set watchpoints (when the memory value is updated) to catch what happens behind the scenes when you spend khorium. This snippet of 20 instructions (12 preceding the watchpoint, and 7 succeeding the watchpoint) do not indicate any instruction set to subtract, which leads me to believe they could possibly be using only "add" and variations of it and using negative integers to avoid revealing where korium is removed (preventing hackers from replacing it with add, essentially spend to gain, or nop, ignoring the subtraction). To better analyze the instruction sets, I also needed the general register of "assembly variables" (for a lack of better words) Addendum: @dupluM, in theory, the features you requested could be found in memory, the same steps I took could locate where in the assembly values are being changed, its slightly more difficult as some values may be obfuscated using offsets or combination of memory values, or the values change too quickly to isolate them from similar values, in order to identify a memory address to recall instructions in LLDB. However, the first step is proving the concept with the most useful semi-static value, khorium (premium currency). Khorium can facilitate a majority of the features you requested, to an extent (Inventory items and resources can be purchased from VIP, Alliance, or Trade Center Shop using khorium; Khorium can be used to improve outfitting for flagships, decreasing the campaign difficulty, possibly to a factor significant enough to make your ship invulnerable, or one-shot enemy ships; Khorium can be used to refill exploration energy, granting additional power module experience for investigations and exploration).

Just gonna leave this here.... Watchpoints for memory addresses that store premium currency (there are two and they share a value): 20 instructions disassembled, 12/7 instructions before/after watchpoint: General registers:

I've been looking for this 🤣

ty

Damn I guess we’re gonna miss the event

@Zahir can you update this please?

Took me some time to get here, but finally made it

Solution: Original post: @Enoch Is it not possible to decrypt unity games using Il2cpp Dumper anymore? CC: @Ted2@Rook I'm getting errors on the two online tools, (IOSGods & JumboPerson), even though I have the executable/binary from CrackdXl, and the metadata from the file path "/this.app/Data/Managed/Metadata", but nothing is working. One of the games I was testing this with has already has mod menus (jailed & jailbroken) There are so many tutorials on IOSGods (regarding mobile hacking basics/tools) and they are all so spread out (in time), some of which are extremely outdated or have requirements that are no longer available/reliable, it's difficult to piece together the process together as it stands today. At this point it's honestly easier to troubleshoot the issues I or others encounter, as they occu, until someone redoes/properly updates the tutorials. Some other issues that don't seem to have an explanation: Using the attach command on an active process through LLDB will crash LLDB, returning you to the previous file path GNU Debugger is completely broken, using the gdb command (literally the first step) spits out the following error, attempts to fix/circumvent caused a cascade of headaches in sources, tweaks/names, duplicate files (during/after install), and their prerequisites Syscall, ptrace, etc. not found in disassembled executable I'll add more as they present themselves Solutions:

Good stuff 😎