Curtain

I modified "tweak.nic.tar"the template, when i create a project not displayed “tweak”option. http://prntscr.com/73o76qhttp://prntscr.com/73o7n5 @DiDA

ye. but today i try to debug arm64 binary. i found both instruction and register are different from armv7. when i attaching it with GDB ,it give me errors. hope you make a tut for this.

@ “send thinned bin to user then it works” you say is only one way to do this for 64bit device ?

If i use this tool, the problem should still exist，so i think this tool does not solve my problem. you mean original bin offset is different from the thinned one but original one cannt debug,is any way to debug orig bin ?

Still not clear I was hoping to use the original binary users can still work Can you detail? Thanks @

We know now the game is mostly arm64, armv7, then I thin binaries to armv7, debugging compiler patches. After testing, it can properly work on a thin patch over the device but does not work in the original binary patch. The person who can help me, I would be very grateful. My question is whether I can work on original（no thin） tweak binary？

solved,thanks again @@DiDA

i follow this tut\ http://iosgods.com/topic/5736-tutorialhow-to-thin-your-arm64-app-binary-to-attach-to-gdb/?hl=+thin give me errors zzmutude-iPad:/var/mobile root# lipo <SimCity> -thin armv7 -output <SimCity> -sh: syntax error near unexpected token `newline' how to fix it,thanks a lot

put into .mm files ?

somebody told me that unless I put anNSTimer to delay the injection, the app will crash. I have no idea how to do that tho I've looked on google, and I couldn't find anything that helped me, maybe you guys could?

Thank you for your support, but I do not know how to code

i found offset with GDB or LLDB that is "0x889C38 STRD R6, [R10,R0]" the gems store in R6 , Old value = 127 New value = 170 0x00889c38 in g_s3e_code () 1: x/i $pc 0x889c38: f0 60 8a e1 strd r6, [r10, r0] (gdb) info r r0 0x1d0 464 r1 0x8b70320 146211616 r2 0xffffffd1 -47 r3 0xffffffff -1 r4 0x1 1 r5 0x0 0 r6 0xaa 170 r7 0x0 0 r8 0x7f 127 r9 0x0 0 r10 0x8b70148 146211144 r11 0x0 0 r12 0x1d0 464 sp 0x58c19e8 93067752 lr 0x889b60 8952672 pc 0x889c38 8952888 cpsr 0x60070010 1611071504 I changed STRD R6, [R10,R0]-->STRD R7(or R8,R9,R10), [R10,R0]-->app crash or the values return to original. so i try to set $r6=0x999999,finally it is work fine,so i want to know is there any way to change the register values directly without debugging. Any help is greatly appreciated!

so useful i am looking for a long time for this

good job btw,if u can ,PM me offset for money,thx

It appears on the setting？

nice

hook ?

I think the problem has been solved. Registers can only be modified when debugging, and can not be made into a patch switch.

@@DiDA please locked

nice one

let me see e ... 0xA99C0 CMP R0, R10 //compare R10 with R0 0xA99C4 BLE 0xA99E8 //branch to 0xA99E8 if it is less than or equal to if R10 less or eq R0,then branch to 0xA99E8.. so why you wrote 0xA99F8 is it wrong ?

hook function?

great job

thx

simcity /shadowsfight2/freeplay/HungryShark The latest version when i debugging simcity via GDB,it work fine,but convert it to .deb,crash,(once start game it will crash) i have tried countless times.the other three games also have different difficulty for me.