Search the Community

Hey future app dev! You want to make an app so follow this. This TuT will cover the very basics of app development, so we will be doing an app which has 3 buttons: Respring, Reboot and uicache and they'll do the actions stated by their names. We will also take the harder route, because it's more fun so we will do this 100% programmatically and in Obj-C. Also note that I heavily explain every little thing in this TuT so it's long. REQUIREMENTS: Theos iOS 8 SDK Power of reading Ability to type in characters This ancient template for Theos: https://iosddl.net/1b23c7c63c6e907f/application.nic.tar Terminal SETUP: So now that you have your iOS 8 SDK downloaded, you want to make sure it'll be used. So move that fresh SDK into theos/sdks but it won't be used yet. To make it work, make a folder named Unused (or whatever you want) and put all the other SDKs in that folder. Then, move the new template to theos/templates. Now, we need to start the app. To do that open your terminal and type in "cd /path/where/you/want/the/app" and then type in theos. You'll see a bunch of templates so with those eyes of yours locate the new template (iphone/application). There should also be an iphone/application modern one but it doesn't work for me. After just follow the steps of the app. It should look like this: BACKGROUND: Now you don't want that app to have a nasty background. Follow these steps to have a sexy one that'll be dynamic and resize to the screen. Results may be ugly or stuff if you use an image which is weirdly sized. I also suggest you to download images that are HD and free using this site: bla.bla.bla. Download the image file and move it to your/app/path/Resources. Basically, the ressources folder is where your app will get it's assets from. The assets could potentially be stores in other files but /Resources is the best one you can use. Rename the image to IamGay.jpg or anything you want (I'll use Background.png). Then, from the RootViewControlller.mm file delete the line where it says self.view.backgroundColor. That's basically a line in the template which will set the background of your app to nasty red. But now, the app doesn't have a background so you need to add one! Add these lines at the place where you deleted the other line: [Hidden Content] Huh, what does that mean? It's basically making the image and setting the background to the image you declared. Also, make sure to replace Background.png with the actual name of the image. So now that everything is dandy and ready for action, we'll make a test build! So from the terminal, cd to the path of the project and type in make package. After that, look in the app's folder in packages and install the .deb and respring. I also want to state, on iPad it will have the "stupid dev look" as I say. It basically will look like this but now worries, we'll fix that. CREATING BUTTONS: So now we will start creating the actual action in the app rather than a plain background. We want to start in a text editor for the file RootViewController.mm, then slide your cursor to before the load view function ends (so basically where this "}" is). Return a lot of returns to make space for adding stuff and were all set. To declare the button we'll type this: [Hidden Content] Just for your knowledge, I'm making a respring button so that's why it's named springButton. You can obviously change the name to whatever you want so in the next steps be sure to change it if you changed it. This TuT is also 100% Obj-C and 0% XCode so why not explain what that does? Basically you're declaring springButton of type UIButton. Another example of declaration could be NSString *playerName = @"GayKid";. So we're declaring a string named playerName which contains GayKid. All good, next step. [Hidden Content] Eesh, that's a complex one, but I'll explain. What you see springButton.frame is basically telling the compiler we're using the frame from our button, which I named springButton. The rest is basically up to you but I'll explain how I made it work. So what I'm doing is using CGRectGetWidth(self.view.bounds) so it gets the width of the screen and I divide it in 4. That's my way of making an app dynamic as it will always get the screen width no matter what device and divide it by 4 to set our button there. The rest (so 348.5) is found by using FLEXible so that's why you need to compile a bunch of times and find the position you want to set your button to. Then, we have the sizing, so I'm using another way of calling the screen width and setting the height at 65. Here's a reference: [Hidden Content] Note that the button is not complete so it will probably give errors while compiling and not display the button. We're getting there though. Next step, set title, color and font size. [Hidden Content] I won't explain these as much as the other steps because if you can read this text then you can probably figure out what it means. We're also using different methods to call things, but that's just for making you understand Obj-C can use different methods for calling stuff. Next step is making it do an action. [Hidden Content] This also terminates the making of our button. The second line doesn't need to be explained but the first yes. What we're doing is basically making the button call a function which I named springUp when the button is touched/tapped. Now if you compile it'll be successful but you can open the app and see a nice crash when you tap the button, that's because we didn't make our function yet so it's calling absolutely nothing. After the first ending bracket "}" Which I told you to write all the steps before before the bracket, we'll go after it now. We want to make a new function so type this in: [Hidden Content] That's just making a void named springUp. I wanted the button to respring so I type this [Hidden Content] system runs a command and the command is killall -9 SpringBoard. Pretty self explanatory. The function isn't done yet! After that enter "}" so we'll end springUp. Compile, install, open the app and hit the button and a respring occurs. Hooray! This is how we make a button. I'll be making three so just repeat the steps, change the title of the button, change the action of the button and it's position. I won't cover the other buttons because they're basically the same thing. TEXT: Nice app, but no one knows who did it! We'll make two text boxes saying "Made by a wandling tiger" and "For iOSGods.com". So start by regoing in your loadview function and add this [Hidden Content] That makes a UILabel named credLabel and sets it's position to 21(X) and Screen's Height - 60 for Y. Now we'll add text to the label so to do this step you need to add this: [Hidden Content] We're the text from credLabel to Made by a wandling tiger. Now we're going to color our stylish and ergonomic designed label so add this: [Hidden Content] The background color is set to clear so that makes no ugly background on the label and we're also setting our text color to white. Noice so now we just need to make it visible: [Hidden Content] This snippet also sets the text to a centered position rather than being on the left. After that we just make it visible. CONCLUSION: This TuT covered the very basics of app development. If you want to progress more in this domain I suggest you to search online, ask questions and learn Obj-C and Swift. I also open sourced all this project so if you want to see the whole code just download it from [Hidden Content] The final package will also be released in the tools section so if you want to try it you can. Here's a screenshot of my final product:

How to Download iBooks onto your iDevice For Free Few Simple Steps less than 2 minutes. Get That Knowledge [Hidden Content] There is also a website for free AudioBooks but i havent personally tested this out yet but heres the link for that page if interested. [Hidden Content] Video: [Hidden Content] Credits: Chris Brian Durrant & TheHackSpot

This tutorial is mainly aimed at helping those who got permanently banned, although this could be applied in the event of a temporal ban as well if you wish to. For one thing, this will result in your account getting lost, along with all your progress, but if you reached this stage your progress has already been erased and there's nothing you can do to get your account back, unless you are somehow able to prove to the EA Customer Service that you didn't cheat (there's no use trying to reason with them if you cheated). However, also according to them, once you get perm ban you are prohibited from playing the game ever again on the same device, no matter how many times you delete and re-install the app, yet that is far from true. You CAN actually continue playing Asphalt 9 as much as you want. Here's how to: [Hidden Content]

Hello guys, This is my first topic on this amazing website. I hope to write well in English because it isn't my first language. (Feel free to correct me if I'll write something wrong) Anyway, today I'll show you How To Install Spotify++ and enable Offline Mode on your iPhone/iPad/iPod Touch without a Jailbreak/PC. REQUIREMENTS: - An iPhone/iPad/iPod Touch running any version of iOS 9/10 (maybe it works on iOS 8 too) - An internet connection - If the process give you some errors, delete the original Spotify app before do that INSTRUCTIONS: [Hidden Content] WHAT I HAVE TO DO WHEN THE TRIAL WILL EXPIRE? Repeat the SAME process for a new fresh account. I suggest you to make a new account immediately and create a share playlist (instructions below). HOW CAN I SAVE MY PLAYLISTS THROUGH DIFFERENT ACCOUNTS? You can use the "Share playlist" option in Spotify. HOW SHARE PLAYLIST SYSTEM WORKS? 1 ► Go into your main account and go into your playlist. 2 ► Click the button in the top right and choose "make collaborative" option. 3 ► Now click the button in the top right again and choose "share". Now click on "Copy playlist link" and save it in your notes. 4 ► Disconnect from your main account and login with your second account, then close Spotify++ from your multitasking menu. 5 ► Click on the playlist link that you have saved before in your notes (or just paste it in safari), click on "Play in Spotify" and open it in Spotify++ app. 6 ► Click on "Follow". Now you have synchronized the playlist correctly for both your accounts and you can add songs with each account. CONCLUSIONS: The whole process is a bit complicated and long but it works perfectly fine for me! Feel free to correct me if I made something wrong. If you have any problem I will try to help you as soon as possible! Peace!

This is a start pack/list with everything about iOS Hacking. We will try and keep this up to date as much as we can but you should also always use the search function on iOSGods to find new topics. If you have any questions or problems, make a Help & Support topic. We also have a Coding Center where people share their offsets and code for you to study and learn. Here is a list of some general tools for hacking iOS applications: How to Install Theos: Have you never hacked on iOS? Flex is a great way to start: How to hack iOS Apps & Games using Cheat Engines: How to Hack Games with IDA: How to Decrypt/Crack an Application:

Hello everyone, in this tutorial i will share you a SnapChat tweak and my method to NOT get banned ! I have been using this SnapChat tweak for about 2 weeks (May 6 2020) and have never received a SnapChat warning or ban ! I will also update this topic every time something happens on my snapchat account and if not, every two weeks I think Snapchat will soon have the Dark Mode so if you install this tweak for the dark mode, wait a few weeks and you will have it without tweak. FEATURES : See DELETED messages from others + custom the color for deleted messages Save Pictures / Videos from everywhere (Chat, Snap, Group, Story (+private), Discover) Save to gallery or specific folder (vault) Save options for tagged users Upload video from the gallery Upload picture from the gallery EDIT picture + video when upload video/picture View snaps for an unlimited times View snaps for an infinite time View stories anonymously Disable Screenshots / Records detection (in Chat, Snap and profile) Hide your presence in chat (no 'is typing' or bitmoji) Fake your location (and get regional geofilter) Fake some stickers data (speed, wheather, date) Fake views and screenshots of snaps of your story Account manager (Switch from account in one-click) Darkmode for Snapchat Automatically save all messages Fake pseudo (change ANY username to what you want + yours (visual only) Spoof the number of requests from friends Show all requests friends (not +99 but +154[example]) Create SnapBreak group (put all your 🔥 in one group) it DOES NOT send in a group, sends to each person at time Can write infinitely lines Infinite upload from galery to chat I don't have ANY other SnapChat tweak (keyborad, font, or any tweak that "modify" SnapChat) I am iOS 12.4, iPhone 6 Week 1 AND 2 : No SnapChat warning or ban ! Week 3 AND 4 : No SnapChat warning or ban ! Since may 2020 : No SnapChat warning or ban ! Happy New Year 2021 🎊: No SnapChat warning or ban ! Here are some picture : Presentations : Dark Mode : Settings : Here are the tweaks needed (repo + .deb file) : [Hidden Content] Here is the method (VERY detailed) : [Hidden Content] I know that there many step "not really useful" but I still advise you to do it (better to waste one minute than 48 hours ban 😁) I also recommend to test this tweak + method on a tester account and then put it in your main account ! if unfortunately you receive this SnapChat message (image): check this topic :

MSHook BASIC Tweak.xm Template --------->REMOVE "[" and "]" and remove the text inside! Also remove the < and > and remove the text inside those! This is for noobs at MSHooking! ---->This contains voids, voids with argument, bool, float, unsigned int, and id! ---->This is to get you started in your tweak.xm!! [Hidden Content] Hopefully you've learned something and are using the template I have created to help you guys! Don't ask me how to do 2 arguments or more in voids because I simply don't know how to do them. Credits: - @

[Hidden Content]Credits: Vid Creator and @@mitosis

Hello, I'm Editing This Topic With A Completely NEW Method And A New Layout As The First One Got Patched. This Tutorial Is Much More Complicated And Takes A Lot Longer And Is A Bit Harder. But It's Worth It In My Opinion. This Might Get Patched Soon I Don't Know. DISCLAIMER: I Am NOT Responsible For ANY Bans Using This Method! It's Your Responsibility And NOT Mine! Be Careful If You Want To Play On An Account You've Spent Money On Or You Care About! ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [Hidden Content] ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Settings / Keybinds: ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [Hidden Content] ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ↓↓↓ Now You're Done! It Might Get Patched Again! If You Get The Error After Finishing A Game Follow The Steps Down Below ↓↓↓ ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [Hidden Content] ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Credits: - Indian Nova (YouTube) I'm Not Exactly Sure This Is The Guy Who Made This But It's The Person I Got This Method From So Therefor I'm Giving The Credits To Him. If You Know Who The Real Creator Is Please Comment That And Give Me Some Proof Or Something And I'll Change The Credit ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Bada Bing, Bada Boom

Requirements: - You need a Computer. - You need an iOS Device. - You need Il2CppDumper which can be found here (I am using v4.7.0 in this tutorial) - You need CrackerXI which can be found on the AppCake repo - You need Xcode if you are on Mac (which can be found on the AppStore), or Notepad++ if you are on Windows (which can be found here) - iHex Tutorial: [Hidden Content]

THIS IS THE ONLY ACTUAL WORKING METHOD TUTORIAL/GUIDE TO UNBAN YOUR DEVICE FROM CALL OF DUTY MOBILE WITHOUT LOSING ANY DATA/SAVED PASSWORDS NOTE: This method does not unban your account. It only unbans your device, allowing you to create a new guest account and link that new account to your desired facebook account (one that isn’t banned already). Requirements: - Jailbroken device; - iFile/Filza File Manager (or another similar tweak); Tutorial/Guide: [Hidden Content] Side Note: You can use this method every time your device gets banned for using cheats in Call of Duty: Mobile. In case you need help or messed up a step, leave a comment and I’ll try to reply as quick as I can.

As of September 30th 2019, this thread has been updated to (maybe) support some other games. (Pokemon GO doesn't work so far) Method 1 Method 2 Method 3 Note: You may use Methods 2 and 3 in conjunction if they do not work standalone. Method 4 Note: This reverts to before you jailbroke! Method 5

Hello guys, If you are as unlucky as me -- being stuck with an A12/13 iDevice (iPhone X and newer) AND iOS version of 13.6, 13.6.1, or 13.7 for whatever reason. edit: Also works for 14.x using any Sileo JB. Your only reliable option to jailbreak and hack your games would be by Odyssey 12.2.2. And unfortunately, getting help from the Odyssey JB community feels like playing the lottery sometimes. Here is what I did in the past 24 hours of researching and trying different things before getting everything working (if you already successfully jailbroke with Odyssey - skip to 12) [Hidden Content]

Ok so let's get right into this. Many of you might have seen this hack posted on this website. [Hidden Content] Tada

How to make a IPA Hack With Windows You have to have some knowledge But i will Answer Questions When i can Unity games only [Hidden Content]

[Hidden Content]

Hello, today I'll show how to hack in-app purchases on iOS 11 (tested on Plague. Inc & Hill Climb Racing). Doesn't work for every app, just those that uses StoreKit. No settings or app, it's always on for every app! Should work for any iOS version (tested on 11.1.2 & 11.3.1). Install the package using Filza, iFile or with dpkg in command line as such: dpkg -i /path/to/hack.deb [Hidden Content] Now go press buy on something in whatever app you want, when the popup appears just press cancel and you'll still get it if the app is supported

Have you ever had the issue of needing to move something bigger than 65535 into R0, and you needed to use a literal number (MOV R0, #255) instead of a register (MOV R0, R7)? Well I did to make a custom floating point return value to separate the field of view function for Bullet Force so I would still be able to get the zoomed in field of view when I aim down sights. This is a very good when you want to move a floating point value into R0, like 1120403456. Additionally, I'll use 1120403456 for this tutorial. [hide] Step 1: Convert your number to hexadecimal. Go to http://www.binaryhexconverter.com/decimal-to-hex-converter. 1120403456 is 42C80000 in hexadecimal. Cool. Step 2: Break your hexadecimal value in half, and that will leave you with two "sections". For 42C80000: The first section would be 0000. The second section would be 42C8. Step 3 Use ARM Converter (http://armconverter.com) to generate the instructions we need. They will always be in this format: MOVW R0, #/*section 1*/ MOVT R0, #/*section 2*/ In my case, my instructions would be: MOVW R0, #0x0000 MOVT R0, #0x42C8 Convert those two instructions, and write the hex down somewhere. Step 4: Time to make the hex string! I used ARM Converter to convert these and it gave me these hexes: MOVW R0, #0x0000 = 40F20000 MOVT R0, #0x42C8 = C4F2C820 Combine the two, and the final hex of MOV R0, #0x42C80000 is: 40F20000C4F2C820 Keep in mind this is 8 bytes, so you'll need to find 4 bytes of extra space before the instruction you are overwriting is. [/hide]

You will need a Jail-broken phone and a DLG cheat engine ( you can search iOS Gods for a .deb or a cydia link for one) Disclaimer this will not work on some games like sever sided games (clash royal/of clans) or games with a lot of different offsets (PvZ heroes) [Hidden Content]

Cho mình hỏi có tài liệu nào hướng dẫn về cách tìm offset với các game hiện nay và cách chỉnh offset để làm deb hack game không Cảm ơn mọi người @Laxus

*BEST VIEWED ON DESKTOP* The Unity tool. I hate it. All it does is make people worse at hacking because no one is developing actual analysis skills anymore. Now all you have to do to make an awesome hack is to CTRL-F everything until you have 100 features. If you want to get good at something, take the hard route. I can't stress that enough. Anyway, when I first heard about it, I thought it just revealed method names and locations. I was surprised upon finding that not only does it reveal method names and their locations, it reveals class names, parameters, instance variables, and the location in memory where said instance variables can be found. I couldn't believe what was right in front of me because everyone was just taking advantage of visible methods and their locations. This applies to non-Unity games as well. You just need to have knowledge of object oriented programming to really know how to take advantage of instance variables. I guess I could cover that in a later tutorial. Anyway, let's get started. This tutorial pertains to iOS only. Not the concepts, just the tutorial. [hide] *****Get the Unity tool from here: https://github.com/Perfare/Il2CppDumper/releases Part A. Instance Variables 1. Memory Layout I went to make this absolutely clear. For example, this... STR X3, [X0, #0x248] ...is telling the machine to store whatever X3 is holding (let's say ammo) in X0+0x248 (let's say X0 points to a Gun object). X0 contains the address of wherever the Gun object is held in memory. Let's say the address of the Gun object is 0x16fd27640. That means the machine is assigning whatever is at 0x16fd27640+0x248 to X3. That's why when you NOP a STR instruction, the value freezes. The machine can no longer update the value at the location of whatever you NOP'ed. Let's look at an actual example involving arrays: #include <stdio.h> #include <malloc.h> #include <conio.h> int main(){ int *a = (int *)malloc(sizeof(int)*4); free(a); _getch(); } This program allocates some memory for an array of four integers, then frees that memory. _getch() forces the machine to wait for a letter to be pressed before it terminates the program. Now I'll give the elements in this array some values: #include <stdio.h> #include <malloc.h> #include <conio.h> int main(){ int *a = (int *)malloc(sizeof(int)*4); a[0] = 3; a[1] = 2; a[2] = 4; a[3] = 1; free(a); _getch(); return 0; } The memory map of this array would be as follows: a[0] a[1] a[2] a[3] 3 2 4 1 But that's not all. Here's another equivalent way of writing the memory map: *(a+0) *(a+1) *(a+2) *(a+3) 3 2 4 1 This is the way we'll be able to get and set instance variables on various objects, but that is later down the line. Why does this work? Because when the compiler sees the [] operator, it translates it into pointer addition (as well as a dereference), which is exactly what we are doing by writing *(a+X). If you're still confused, hopefully this next part will clear this up. When we created the array of four ints, the machine allocated sixteen bytes space on the heap for it (as well as a pointer for it on the stack, but that isn't important for this tutorial). Why sixteen bytes? Because the size of an int on most machines is four, and we allocated memory for four ints. 4*4=16 We can take a look at what the memory looks like where the array is located in Visual Studio's debugger: The highlighted area is where the array is located. You can see the elements in the exact order as they were declared (3, 2, 4, 1) on the heap. Now we can use our newfound knowledge of memory layout to access and modify instance variables in iOS games. 2. The 'this' pointer In C++, the 'this' pointer is best thought of as a hidden argument in every non-static function call. (Static methods do not need to be called with a class object) It references the current instance of its class. To better illustrate this concept, I have created a tiny class called Test. Also, take note that both of Test's instance variables are private, which means I cannot access them directly. Here is Test.h: class Test { private: int a; int b; public: Test(); int getA() const; int getB() const; void setA(int newA); void setB(int newB); ~Test(); }; Here is Test.cpp: #include "Test.h" //create a new Test object and set its instance variables to 5 and 8 respectively Test::Test(){ this->a = 5; this->b = 8; } int Test::getA() const { return this->a; } int Test::getB() const { return this->b; } void Test::setA(int newA){ this->a = newA; } void Test::setB(int newB){ this->b = newB; } Test::~Test(){} See how I use the this pointer to get and set Test's instance variables? If I wanted to call setA, I would do this: Test *t = new Test(); t.setA(100); Obviously, in assembly, we don't have the luxury of syntax. In assembly, the call to setA would look like this: setA(t, 100); t is the this pointer. In assembly, the this pointer is always the first argument to any (non-static) function. For additional clarity, if I included this method in the Test class: void Test::setAB(int newA, int newB){ this->a = newA; this->b = newB; } and called setAB like this: Test *t = new Test(); t.setAB(1000, 2000); The function call in assembly would be setAB(t, 1000, 2000). No matter what type the function is, however many arguments it has, or whatever class it belongs to, the this pointer is always the first argument. If the method is static, there is simply no this pointer. 3. A "Hacky" Way of Getting and Setting Instance Variables Recall our class called Test and the array example. In the array example, our array was located at 0xba5d38, with sixteen bytes of extra space for the four elements. This is no different with our Test class. Consider this code: #include <stdio.h> #include <malloc.h> #include <conio.h> #include "Test.h" int main(){ Test *t = new Test(); _getch(); return 0; } The machine created a pointer to our Test object on the stack and allocated the appropriate amount of memory on the heap for its instance variables. In the Test constructor, I set a and b to 5 and 8 for visibility. Let's take a look at our memory in Visual Studio's debugger: You can see t's instance variables on the heap! Again, since an int is four bytes on most machines, there are eight byes of memory reserved for the two instance variables. And remember, they are private. When I try and directly access the instance variable "a", I get this error: (side note: I changed my project directory and I forgot to change it back) Fortunately for us, since C++ gives us complete control over our memory, we can access and modify a without a function through pointer arithmetic! Since a is our first instance variable, it is located where our Test object is located. b is located at our test object + 0x4, and so on if we had more instance variables. And remember, t is our this pointer. Consider this code: int instanceVariableA = *(int *)(t + 0x0); /*---1---*/ /*--2--*/ Don't be worried if this looks confusing. I'll explain this step by step. Just like with the array example, we can access data through pointer arithmetic. In the comments I've numbered each thing I am going to explain. 1. Since t is literally just the address to its location on the heap, this is also the address to its first instance variable. Also, throughout this entire tutorial I have been including "+ 0x0" for clarity. In your code you don't have to do this. 2. Cast whatever is at t + 0x0 to an int pointer and dereference it to access its value. After all that, we have successfully grabbed t's instance variable a without a function. Remember that when a Test object is created, a is set to 5 and b is set to 8. if I wanted to grab b, I would replace t + 0x0 with t + 0x4. We can modify a in a similar manner in which we used to grab it. All we have to do is treat all of our pointer arithmetic and casting like a variable, and set it to whatever we want, like so: *(int *)(t + 0x0) = 1000; Let's see if this is successful: Success! I call getA() to make sure that I actually did change a. Let's take a look at our memory on the heap: Sure enough, the data at where a is located changed to 0xe803. But since the hex here is in little endian, 0xe803 is actually 0x03e8, which is 1000. We successfully modified a without calling a function. This will be extremely useful when making game hacks because we won't need to call a function that may or may not be present in the game itself every time we want to modify an instance variable. Everytime we call a function from the game, a little instability is added because we don't actually know how it works, and we want as much stability as possible. 4. Applying These Concepts to Game Hacks Why did I use a program I wrote on my computer to illustrate these concepts? Because C++ on Windows is no different than C++ on iOS. A program that counts from one to one hundred on Windows would do the exact same thing on iOS. Obviously, there are API differences, but we aren't dealing with that. Also, Visual Studio's debugger is great for showing memory. Anyway, let's say that I made a dump of some Unity game and the Player class looked like this: public class Player : MonoBehaviour // TypeDefIndex: 5545 { // Fields private float health; // 0x18 private int ammo; // 0x1c private float moveSpeed; // 0x20 private bool isDead; // 0x24 private Player playerLastDamaged; // 0x28 private bool mine; // 0x30 // Methods public void .ctor(); // 0x100093720 private void Awake(); // 0x1000937A0 private void Update(); // 0x1000938FC private void InitPlayer(); // 0x100094000 private void OnDestroy(); // 0x100094AF0 } (I made every instance variable private as a proof of concept - it doesn't matter if something is public or private as shown in the last example) While taking a look at this, you should notice the instance variable "playerLastDamaged" is eight bytes. This is fine. Size does not matter when grabbing instance variables. You should also notice there are no accessors or setters for any of the instance variables. Notice the function called "Update". Any function called LateUpdate or Update is of massive use to you. Why? Because this is a non-static function that is called by Unity once per frame. If you have 60 FPS in a game, Update is being called 60 times a second. Why is this good? Think about it. We wouldn't want to get and set instance variables on a Player object that hasn't been updated for a while right? We need our most current Player object to modify, and what better way of getting it than hooking a function that is called 60 times every second? You all know how to hook a function with MSHookFunction. At least I hope so. In this example, I'm not going to show the call to MSHookFunction. Just imagine it is there. In this example, the game we are hacking is an online FPS. Everyone in the room is a Player object, and Update is called for each Player object. And for some reason, the game is so insecure that we can modify other people's instance variables non-visually. Here's how the barebones function hook would look: void (*Player_update)(void *player); void _Player_update(void *player){ Player_update(player); } Remember the previous examples. The first argument to any non-static function in assembly is the this pointer. It is best to name the this pointer the class name, because it is representing that class. We also have to use a void pointer (void *) because we don't actually have access to the Player class, only its objects. Because of this, the way we get and set instance variables will be a bit different. We also have to check if the player object isn't NULL to prevent crashes! Recall what you read about the this pointer. If the Player object is NULL, this is what the call to update would look like in C++: NULL.Update(); And that doesn't make any sense, right? For this first example, we'll be giving ourselves infinite ammo, infinite health, and increased move speed, as well as making everyone else's health 1.0 and taking everyone else's ammo away. Obviously we don't want to apply anything bad to ourselves, so we can make use of the mine instance variable. This boolean just tells us if this Player object belongs to me. To get this instance variable, we need to do this: if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); } The one difference is casting the void pointer to uint64_t. We need to do this in order to perform pointer arithmetic on the player object. Also, a boolean in C and C++ just holds a 0 or a 1... which means we can substitute int for it. So far, the Update hook looks like this: void (*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); } Player_update(player); } Now that we have the mine instance variable, we can test to see if our Player object is indeed ours, and if it is, apply the hacks: void (*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); if(isMine){ //ammo *(int *)((uint64_t)player + 0x1c) = 999; //health *(float *)((uint64_t)player + 0x18) = 100.0f; //increased move speed, normal is 1.0f *(float *)((uint64_t)player + 0x20) = 5.0f; } } Player_update(player); } That's not all we want to do, though. We want to wreak havoc on other people so we need to take everyone's ammo away and make everyone have 1.0 health. void (*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); if(isMine){ //ammo *(int *)((uint64_t)player + 0x1c) = 999; //health *(float *)((uint64_t)player + 0x18) = 100.0f; //increased move speed, normal is 1.0f *(float *)((uint64_t)player + 0x20) = 5.0f; } else{ //enemy ammo *(int *)((uint64_t)player + 0x1c) = 0; //enemy health *(float *)((uint64_t)player + 0x18) = 1.0; } } Player_update(player); } If you want to get more creative, you can make use of the "playerLastDamaged" instance variable to make a "freeze tag" hack. This hack will freeze the person you just shot, just like if you tag a person in freeze tag. Like before, we have to check if the player object is ours, and then we can access the playerLastDamaged instance variable. void (*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); } Player_update(player); } Now we have to get the playerLastDamaged instance variable. Like I said before, size does not matter. You would access it just like any other instance variable. We also have to check if it isn't NULL. void (*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); if(isMine){ void *playerLastDamaged = *(void **)((uint64_t)player + 0x28); if(playerLastDamaged != NULL){ } } } Player_update(player); } Now we have to set playerLastDamaged's moveSpeed instance variable to 0.0. Remember that playerLastDamaged is a Player object, so we have access to the Player instance variables. Again, we don't have access to the actual Player class, so we have to use a void pointer. void (*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); if(isMine){ void *playerLastDamaged = *(void **)((uint64_t)player + 0x28); if(playerLastDamaged != NULL){ //set person we just shot moveSpeed to 0.0 *(float *)((uint64_t)playerLastDamaged + 0x20) = 0.0f; } } } Player_update(player); } And just like that, our freeze tag hack is complete! There you have it, two full fledged hacks that work by modifying instance variables! ALWAYS REMEMBER TO CHECK ALL POINTERS TO SEE IF THEY'RE NULL!!!! Part B. Function Pointers Function pointers are great when you want to call a function but don't want to sacrifice stability by hooking it. This part is much simpler than instance variables. Here's an example of a function pointer in C++: #include <stdio.h> #include <conio.h> void func(){ printf("Hello, someone called me!\n"); } int main(){ //&func takes the address of where func is kept in memory void (*func_ptr)() = &func; func_ptr(); _getch(); return 0; } We can this in action here: The & operator takes the address of whatever it is being used on. You can think as a function pointer as a pointer to the address of where the function is in memory. The syntax here should look a bit familiar because you are creating a function pointer to the original function whenever you use MSHookFunction to hook something. But again, that adds instability to the hack. The concept here is the same on iOS, but the syntax is not as simple. First of all, let's add some new methods to our Player class from Part A: public class Player : MonoBehaviour // TypeDefIndex: 5545 { // Fields private float health; // 0x18 private int ammo; // 0x1c private float moveSpeed; // 0x20 private bool isDead; // 0x24 private Player playerLastDamaged; // 0x28 private bool mine; // 0x30 // Methods public void .ctor(); // 0x100093720 private void Awake(); // 0x1000937A0 private void Update(); // 0x1000938FC private void InitPlayer(); // 0x100094000 private void OnDestroy(); // 0x100094AF0 private void KillPlayer(); // 0x100095CF4 private void SetPlayerTeam(int team); // 0x100095FF8 private void RespawnPlayerAtLocation(Vector3 location, int health); // 0x10009A230 private int GetPlayerID(); // 0x10009B34C private static void Suicide(int playerID); // 0x10009C99C } Again, it doesn't matter if a function is private or public. To get the correct offset with the ASLR slide, I use a function called getRealOffset. This is what it looks like: uint64_t getRealOffset(uint64_t offset){ return _dyld_get_image_vmaddr_slide(0) + offset; } Now that that's out of the way, this is how to declare a function pointer: <type> (*<function name>)(<this pointer>, <any additional parameters>) = (<type>)(*)(void *, <types of additional parameters))getRealOffset(<offset>); To remember the syntax, learn to look at this as pairs. I'll add comments to pairs you should remember: <type> (*<function name>)(<this pointer>, <any additional parameters>) = (<type>)(*)(void *, <types of additional parameters>))getRealOffset(<offset>); /*A*/ /*------B------*/ /*-----------------C-----------------------*/ /*-A-*//*B*/ /*----------------C------------------*/ /*-------D--------*/ If it is hard to tell, here's what corresponds to what: //A <type> = (<type>) //B (*<function name>) = (*) //C (<this pointer>, <any additional parameters>) = (void *, <types of additional parameters>) //D getRealOffset(<offset>) has no corresponding part It looks really weird, but once you get used to it, it just feels right. Here's what the function pointers would look like for the five new methods I added: void (*Player_KillPlayer)(void *player) = (void (*)(void *))getRealOffset(0x100095CF4); void (*Player_SetTeam)(void *player, int team) = (void (*)(void *, int))getRealOffset(0x100095FF8); void (*Player_RespawnPlayerAtLocation)(void *player, Vector3 *location, int health) = (void (*)(void *, Vector3 *, int))getRealOffset(0x10009A230); int (*Player_GetPlayerID)(void *player) = (int (*)(void *))getRealOffset(0x10009B34C); void (*Player_Suicide)(int playerID) = (void (*)(int))getRealOffset(0x10009C99C); Side note - Vector3 is a class that you can recreate yourself. Notice how the last method I added was static. That's why there's no this object included in the parameters. You can call these function pointers as normal functions: //kill someone Player_KillPlayer(player); //get someone's ID int playerID = Player_GetPlayerID(player); //force someone with ID 1 to suicide Player_Suicide(1); Now that you know how to create and call function pointers, let's make a hack that constantly kills someone with a specific ID. For this example, it will be 10. First, we hook Update. //declare function pointers void (*Player_KillPlayer)(void *player) = (void (*)(void *))getRealOffset(0x100095CF4); void (*Player_SetTeam)(void *player, int team) = (void (*)(void *, int))getRealOffset(0x100095FF8); void (*Player_RespawnPlayerAtLocation)(void *player, Vector3 *location, int health) = (void (*)(void *, Vector3 *, int))getRealOffset(0x10009A230); int (*Player_GetPlayerID)(void *player) = (int (*)(void *))getRealOffset(0x10009B34C); void (*Player_Suicide)(int playerID) = (void (*)(int))getRealOffset(0x10009C99C); void (*Player_update)(void *player); void _Player_update(void *player){ Player_update(player); } Now we have to figure out which Player object is ours, because we don't want to kill ourselves in case our ID is 10. //declare function pointers void (*Player_KillPlayer)(void *player) = (void(*)(void *))getRealOffset(0x100095CF4); void (*Player_SetTeam)(void *player, int team) = (void(*)(void *, int))getRealOffset(0x100095FF8); void (*Player_RespawnPlayerAtLocation)(void *player, Vector3 *location, int health) = (void(*)(void *, Vector3 *, int))getRealOffset(0x10009A230); int (*Player_GetPlayerID)(void *player) = (int(*)(void *))getRealOffset(0x10009B34C); void (*Player_Suicide)(int playerID) = (void(*)(int))getRealOffset(0x10009C99C); void (*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); } Player_update(player); } Now we can check if the Player object isn't ours and then get the Player ID of the Player object if it is not ours. //declare function pointers void (*Player_KillPlayer)(void *player) = (void(*)(void *))getRealOffset(0x100095CF4); void (*Player_SetTeam)(void *player, int team) = (void(*)(void *, int))getRealOffset(0x100095FF8); void (*Player_RespawnPlayerAtLocation)(void *player, Vector3 *location, int health) = (void(*)(void *, Vector3 *, int))getRealOffset(0x10009A230); int (*Player_GetPlayerID)(void *player) = (int(*)(void *))getRealOffset(0x10009B34C); void (*Player_Suicide)(int playerID) = (void(*)(int))getRealOffset(0x10009C99C); void(*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); if(!isMine){ int playerID = Player_GetPlayerID(player); } } Player_update(player); } Now we can check if playerID is 10, and if so, force that player to kill themselves: //declare function pointers void (*Player_KillPlayer)(void *player) = (void(*)(void *))getRealOffset(0x100095CF4); void (*Player_SetTeam)(void *player, int team) = (void(*)(void *, int))getRealOffset(0x100095FF8); void (*Player_RespawnPlayerAtLocation)(void *player, Vector3 *location, int health) = (void(*)(void *, Vector3 *, int))getRealOffset(0x10009A230); int (*Player_GetPlayerID)(void *player) = (int(*)(void *))getRealOffset(0x10009B34C); void (*Player_Suicide)(int playerID) = (void(*)(int))getRealOffset(0x10009C99C); void(*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); if(!isMine){ int playerID = Player_GetPlayerID(player); if(playerID == 10){ Player_Suicide(playerID); } } } Player_update(player); } (I know this is inefficient, but it is a great way of showing use of function pointers) And there you have it, a hack to kill a certain player if their ID is 10 using function pointers. You can get really creative with this method of hacking! It's really addicting Here is an example Tweak.xm (dead trigger 2 hack): https://iosddl.net/cc637e33bdf2a037/Tweak_for_tutorial.xm Check out my aimbots I put on my Github: http://www.github.com/shmoo419/ [/hide] Please let me know if you have any questions (It took about 6 hours to write this tutorial)

So with the Critical ops aimbot when it locks on to somebody and u shoot, you don't hit them due to the Recoil. For the people that haven't already found this out when you launch the game it should let you adjust the values for aimbot or just use WallHack. To make the Aimbot actually hit someone instead of shooting over them use these values [Hidden Content]

Want a phone number to text and call but don't want to pay for it? Here I present you, an app that allows you to do so. This allows you to have unlimited calls and texts. Link : To unlock the hidden content, thanks and click the blue heart ???? [Hidden Content] Instructions : [Hidden Content] Please thanks and +rep for support!

Ever hacked a game, but everything was linked to the enemy? Well, in this topic you'll learn multiple ways to unlink it. Before this tutorial, I suggest you to read through this topic by @shmoo: https://iosgods.com/topic/65529-instance-variables-and-function-pointers/ NOTE: I assume you know how to hook functions, since this is necessarily for unlinking. In the examples you'll see something called "getRealOffset", this is used to defeat the ASLR. Put this code on top of your tweak.xm so you can make use of it: uint64_t getRealOffset(uint64_t offset){ return _dyld_get_image_vmaddr_slide(0) + offset; } Unlinking using functions [Hidden Content] Unlinking using variables [Hidden Content] Some notes: - I know all of you use functions to mod, like get_health, get_damage etc, most likely there's also a variable for them which is easier to use in a Update() function if it exists. - Some function take more "inputs" for example: get_health(int something, void somethingelse).. you need to include these in your hooks (add "void *instance" at the beginning then) - I suggest you to copy all the codes into a editor & add the C++ syntax, this will make it more readable That's it! If you have any questions, feel free to ask me (mention me in the comments) & I'll try & help you! Credits: - @shmoo for his tutorial on function pointers & variables - @Joey for writing this tutorial.

This tutorial covers floats in ARM64, so I expect you to have a basic understanding of IDA and how it works. I won't be going into depth on this subject, but I will show you how I hacked a game with floats in ARM64, so you can get a grip of it. Also, this tutorial will cover ground on ARM64, so I suggest you do a bit of reading up on this before continuing with the tutorial. This tutorial made by is a really good starting point for you to learn how to hack in ARM64. [Hidden Content] That was my brief tutorial on floats in ARM64. If you have any questions, please feel free to ask below!