Jump to content
  • Sky
  • Mint
  • Azure
  • Indigo
  • Blueberry
  • Blackcurrant
  • Watermelon
  • Strawberry
  • Pomegranate
  • Ruby Red
  • Orange
  • Banana
  • Apple
  • Emerald
  • Teal
  • Chocolate
  • Slate
  • Midnight
  • Maastricht
  • Charcoal
  • Matte Black

Search the Community

Showing results for tags 'Guide'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Forum Related
  • No Jailbreak Section
  • VIP Section
  • Game Cheats & Hack Requests
  • Android Section
  • Tutorials, Tools, Support & Coding!
  • Everything Else
  • Dank Memes's Memes
  • Dank Memes's Funny
  • Football Club's News
  • Football Club's Goals
  • Football Club's Live Score
  • Steam Club's Steam Profiles
  • Steam Club's Steam News
  • Steam Club's General
  • Console & PC Gaming's Our specs and setups
  • Console & PC Gaming's Cheap parts and advice
  • Console & PC Gaming's Favourite game songs/themes
  • Console & PC Gaming's Console and PC Gaming
  • Anime's Anime Discussions
  • Anime's Manga Discussions
  • Anime's Recommendations
  • DomiNations Club's DomiNations Discussions
  • DomiNations Club's Friends & Alliances
  • BLEACH Brave Souls Club's Discussions
  • BLEACH Brave Souls Club's BBS Help & Support
  • DRAGON BALL Z DOKKAN BATTLE Club's Updated Links!
  • DRAGON BALL Z DOKKAN BATTLE Club's Global Discussions
  • DRAGON BALL Z DOKKAN BATTLE Club's Japan Discussions
  • DRAGON BALL Z DOKKAN BATTLE Club's News
  • One Piece Treasure Cruise (Global & Japan)'s OPTC Discussion
  • One Piece Treasure Cruise (Global & Japan)'s One Piece Treasure Cruise (Global)
  • One Piece Treasure Cruise (Global & Japan)'s One Piece Treasure Cruise (Japan)
  • One Piece Treasure Cruise (Global & Japan)'s Japan/Global Help & Support
  • One Piece Treasure Cruise (Global & Japan)'s Status Hack For One Piece Treasure Cruise (Global & Japan)
  • Clash of Clans Club's Topics
  • Summoners War Club's Summoners War Discussions
  • Summoners War Club's Help & Support
  • MARVEL Contest of Champions Club's Help & Support
  • MARVEL Contest of Champions Club's Discussions
  • Mobile Legends: Bang bang Club's Discussions
  • Mobile Legends: Bang bang Club's Help & Support
  • Photography's Topics
  • Brawl Stars club's Topics
  • Brawl Stars club's Upcoming updates
  • Brawl Stars club's Guild info
  • Overwatch Club's Overwatch Discussions
  • Overwatch Club's Play(s) of The Game & Highlights
  • Overwatch Club's Tips, Tricks & Tutorials
  • Overwatch Club's Funny Videos & Others
  • Monster Super League Club's Discussions
  • Injustice 2 Club's Discussions
  • Dungeon Hunter Club's DH5 Topics & Discussions
  • Dungeon Hunter Club's DH5 Help & Support
  • Dungeon Hunter Club's Topics
  • Dungeon Hunter Club's Profile Sharing
  • Last Day on Earth: Survival Club's LDOE Discussions
  • Last Day on Earth: Survival Club's LDOE Help & Support
  • Last Day on Earth: Survival Club's LDOE News
  • Last Day on Earth: Survival Club's LDOE Guides & Tutorials
  • Futurama: Worlds of Tomorrow Club's Discussions
  • MARVEL Avengers Academy Club's Discussions
  • Modern Combat 5 Club's Discussions
  • DC Legends Club's Discussions
  • Golf Clash Club's Golf Clash Discussions
  • Golf Clash Club's Golf Clash Help & Support
  • Yu-Gi-Oh! Duel Links Club's Duel Link News
  • Yu-Gi-Oh! Duel Links Club's Duel Link Farming Guides
  • Grand Theft Auto 5's General Talk
  • Grand Theft Auto 5's Glitches
  • Grand Theft Auto 5's Mods
  • Grand Theft Auto 5's Questions
  • King's Raid Club's Discussions
  • MARVEL Future Fight Club's Discussions
  • iOS Jailbreak Setups's Announcements
  • iOS Jailbreak Setups's Device Setups
  • iOS Jailbreak Setups's Tweak, Theming & General Questions
  • iOS Jailbreak Setups's Tweak & Theme Recommendations
  • iOS Jailbreak Setups's General
  • Movies & Series Club's Topics
  • Movies & Series Club's Movies trailers
  • Movies & Series Club's Movies release date
  • Movies & Series Club's Series trailers
  • Taichi Panda Club's Discussions
  • Destiny 2's General
  • Destiny 2's Help/Support
  • Destiny 2's Looking For Group
  • Destiny 2's News
  • Destiny 2's Glitches, Tricks, Tips & Strategies
  • Club Français iOSGods's Groupe de discussion en Français
  • Club Français iOSGods's Support en Français
  • Club Français iOSGods's Support iOS en Français
  • Club Français iOSGods's Support Android en Français
  • iOSGods Svenska Klubb's Diskussioner
  • iOSGods Svenska Klubb's iOS Hjälp
  • iOSGods Svenska Klubb's Android Hjälp
  • iOSGods Svenska Klubb's Generell Hjälp
  • Everything Mac's Discussions
  • Everything Mac's Other Stuff
  • Everything Mac's Questions
  • Everything Mac's Announcements
  • Everything Mac's Apps & Games
  • The Respawnables Club's Respawnables Tips and Tricks
  • The Respawnables Club's Ask your questions here
  • The Respawnables Club's General Discussion
  • Italiano iOSGods Club's Discussioni generali
  • Italiano iOSGods Club's Guide e traduzioni
  • PLAYERUNKNOWN'S BATTLEGROUNDS's Squads
  • PLAYERUNKNOWN'S BATTLEGROUNDS's Discussions
  • España iOSGods Club's Topics
  • Cuphead Club's Boss Levels
  • Cuphead Club's Run and Guns
  • Ultimate Ninja Club's Events
  • Ultimate Ninja Club's Team
  • Ultimate Ninja Club's Tips
  • Ultimate Ninja Club's Clans
  • Brave Frontier Club's Brave Frontier Discussions
  • Brave Frontier Club's Brave Frontier Help & Support
  • iOSGods Turkish Club's Genel Bilgilendirme
  • Naruto x Boruto Ninja Voltage Club's Help & Support
  • Naruto x Boruto Ninja Voltage Club's Announcement
  • Naruto x Boruto Ninja Voltage Club's Clans
  • Naruto x Boruto Ninja Voltage Club's Layout
  • Call of duty WWII's Glitches
  • Call of duty WWII's Mods
  • Call of duty WWII's Boosting
  • Call of duty WWII's General Talk
  • South Park: Phone Destroyer Club's Topics
  • Toram online MMORPG's Topics
  • Rules Of Survival Club's News & Announcements
  • Rules Of Survival Club's Play together!
  • Rules Of Survival Club's Discussions
  • Rules Of Survival Club's Q&A
  • Rules Of Survival Club's YouTube
  • Forward Assault's Topics
  • Forward Assault's FA Help & Support
  • Star Wars: Galaxy of Heroes Club's Working Combos for Non-Jailbreak Mod
  • Star Wars: Galaxy of Heroes Club's Question Section
  • Star Wars: Galaxy of Heroes Club's Ban Warning ⚠️
  • Bullet Force's Glitches, Tricks, Mods & Hacks
  • Bullet Force's Announcements
  • Bullet Force's General
  • Bullet Force's Help & Support
  • Tekken Club's Topics
  • Tekken Club's Q&A
  • Tekken Club's Arcade Sticks & Pad
  • Tekken Club's Character Quick Notes
  • Tekken Club's Frame Data
  • Tekken Club's Tekken Tournaments
  • Tekken Club's Events
  • Marvel&DC Heroes's Topics
  • Marvel&DC Heroes's Movies
  • Marvel&DC Heroes's Series
  • Marvel&DC Heroes's Comics
  • Modern Combat Versus's Glitches, Tricks, Mods & Hacks
  • Modern Combat Versus's Help & Support
  • Modern Combat Versus's Announcements
  • Modern Combat Versus's General
  • GFX Club's GFX Tutorials
  • GFX Club's GFX - Graphic Studio
  • GFX Club's GFX Resources
  • GFX Club's Portfolios
  • GFX Club's GFX Requests
  • Fantasy War Tactics's Topics
  • Club Archives's H A R M O N Y
  • Club Archives's AdventureQuest Worlds Club
  • Club Archives's Call of Duty
  • Club Archives's Game Exploits
  • Club Archives's Counter Strike: Global Offensive
  • Brawl Stars's Topics
  • FC Barcelona Fans Club's LaLiga
  • FC Barcelona Fans Club's Copa del Rey
  • FC Barcelona Fans Club's UEFA Champions League
  • FC Barcelona Fans Club's News & Discussions
  • PC Game Hacking Club's Modded DLL Hacks
  • PC Game Hacking Club's Other PC Hacks
  • Fortnite's Gameplays
  • Fortnite's Glitches
  • Fortnite's Other stuff
  • Marvel Avenger’s Academy's Topics
  • Norsk iOSGods Club's Topics
  • PUBG MOBILE's PUBG Discussions
  • PUBG MOBILE's Find Friends
  • PUBG MOBILE's Help & Support
  • PUBG MOBILE's Japan / Korea
  • PUBG MOBILE's PUBG MOBILE China
  • DragonProject's Topics
  • IDA/Hacking Club For Tips's Tips
  • ConsoleGods's Topics
  • ConsoleGods's Wii
  • ConsoleGods's PS3 Moddig
  • ConsoleGods's Xbox Modding
  • ConsoleGods's Nintendo Switch
  • ConsoleGods's PS4 Modding
  • iOS Development Club's Tutorials
  • iOS Development Club's Shares
  • iOS Development Club's Help
  • iOS Development Club's Requests
  • One Piece Thousand Storm OPTS Club's Topics
  • Marvel Strike Force's Topics
  • Marvel Strike Force's MSF Help & Support
  • Java & Android Development's Java & Android development Tutorials
  • Java & Android Development's Java development questions
  • Java & Android Development's Android development questions
  • Java & Android Development's Challenges!
  • HTML CSS & JAVASCRIPT's Topics
  • Jurassic Survival Club's News
  • Jurassic Survival Club's Discussions
  • Jurassic Survival Club's Guides & Tuts
  • Jurassic Survival Club's Help & Support
  • Russian community iOSGODS's Приветствие
  • The Simpsons™: Tapped Out's Topics
  • DRAGON BALL LEGENDS Club's DBL Discussions
  • DRAGON BALL LEGENDS Club's DBL Help & Support
  • Grim Soul: Survival Club's General Topics
  • Grim Soul: Survival Club's Help & Support
  • Dungeon Hunter Champions's Discussions
  • Dungeon Hunter Champions's Help & Support
  • Dungeon Hunter Champions's News
  • Arena of Valor's Topics
  • Darkness Rises Club's Topics
  • Pokémon Quest's Topics
  • Durango: Wild Lands's Topics
  • Durango: Wild Lands's Durango Discussion
  • Dawn of Titans Club's General Forum
  • Dawn of Titans Club's Dawn of Titans News
  • Dawn of Titans Club's Alliances
  • The Walking Dead: Our World's Topics
  • 8 Ball Pool Tips and Tricks Club's Topics
  • 8 Ball Pool Tips and Tricks Club's New version of 8 ball pool 4.0
  • iOSGods Vietnam's Khu vực bàn chuyện chung
  • iOSGods Vietnam's Hỗ trợ kĩ thuật
  • Shadowgun Legends's Topics
  • النادي العربي's (قسم ببجي)
  • النادي العربي's قسم هاكات اخرى
  • النادي العربي's قسم ادوات السيديا
  • النادي العربي's قسم المواضيع
  • النادي العربي's قسم المساعده
  • SPANISH IOSGODS's Topics
  • AutoTouch Script Club's VIP AutoTouch Scripts
  • AutoTouch Script Club's FREE AutoTouch Scripts
  • AutoTouch Script Club's AutoTouch Script Requests
  • AutoTouch Script Club's AutoTouch Tutorials
  • AutoTouch Script Club's Off Topic
  • Arabic iOSGods Club's الأعضاء الجدد
  • Arabic iOSGods Club's هاك ببجي
  • Arabic iOSGods Club's الهاكات الاخرى
  • Arabic iOSGods Club's أدوات السيديا
  • Arabic iOSGods Club's المواضيع
  • Arabic iOSGods Club's المساعدة
  • Asphalt 9 In-game Club's Topics
  • Asphalt 9 In-game Club's Joint the club
  • Crossfire: Legends Club's Topics
  • Critical Ops Club's Topics & Discussions
  • iOSGods: Indian Club!'s Topics
  • Call of Duty®: Black Ops 4's Topics
  • IOSGODS Romania's Topics
  • IOSGODS Romania's Ce joc te joci?/ What game do you play?
  • Red Dead Redemption II's Topics
  • iOSGods Georgia's Topics
  • Minecraft's Topics
  • Flex Club's Topics
  • Flex Club's Blockheads
  • Flex Club's FlexSupport
  • Star Ocean: Anamnesis's Topics
  • IOSGOD’S IRAN's Topics
  • Enthusiastic Programmers | C#, .NET, Xamarin & more's C# & .NET, .NET Core
  • Enthusiastic Programmers | C#, .NET, Xamarin & more's Xamarin
  • Enthusiastic Programmers | C#, .NET, Xamarin & more's Mono
  • Enthusiastic Programmers | C#, .NET, Xamarin & more's Help
  • Enthusiastic Programmers | C#, .NET, Xamarin & more's Talk
  • Enthusiastic Programmers | PHP & Laravel's Talk
  • Enthusiastic Programmers | PHP & Laravel's Help Desk
  • Enthusiastic Programmers | PHP & Laravel's Laravel
  • Enthusiastic Programmers | PHP & Laravel's Artisan
  • Enthusiastic Programmers | JavaScript, React & more's Talk
  • Enthusiastic Programmers | JavaScript, React & more's Help
  • Enthusiastic Programmers | JavaScript, React & more's JavaScript
  • Enthusiastic Programmers | JavaScript, React & more's jQuery
  • Enthusiastic Programmers | JavaScript, React & more's React, React Native & JSX
  • Enthusiastic Programmers | JavaScript, React & more's Angular
  • Enthusiastic Programmers | JavaScript, React & more's Vue, Vue Native
  • Enthusiastic Programmers | JavaScript, React & more's NodeJs
  • iOSGods Philippines's Topics
  • Romanian iOSGods Club's Topics
  • Sword Art Online Integral Factor's Topics
  • Disney Tsum Tsum's Global
  • Disney Tsum Tsum's Japan
  • Disney Tsum Tsum's Events
  • Kurdistan Club's Topics
  • iOS Gods BRASIL's Topics
  • iOSGods Mexico's Topics
  • iOSGods Mexico's MEXICAN Survival Guides
  • iOSGods Mexico's MEXICAN Youtubers
  • iOSGods Mexico's Spanish Music
  • AFK ARENA's Topics
  • Another Eden's Topics
  • Save Wizard's Quick Codes
  • Save Wizard's Quick Codes
  • War robots's Topics
  • Modern Ops Hack's Topics
  • Area F2's Team Up!
  • Area F2's Help & Support
  • Area F2's News & Events
  • Area F2's Suggestions
  • Kings Of Pool's Upcoming Mods
  • Kings Of Pool's Clubs
  • The Club's General Discussion
  • The Club's Memes
  • The Club's Serious Responses Only

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Found 459 results

  1. Hello everyone ~ in this iOS tutorial/guide I will explain how to get FREE dyes and clothing and shopping for Kim Kardashian Hollywood I have found the offsets for everyone in Ida Pro so that you don't have to do all the hard work yourself and hopefully with these offsets you will be able to update the game on your own when the new updates come out You need only three things: ~ repo for iGameGod (https://iosgods.com/repo/) ~ The app Kim Kardashian: Hollywood itself (version 11.11.2) Offsets & Guide: [Hidden Content] Warning ~ If you use any clothing items that haven't been released yet you may be banned from using online features such as kollections/events/SYS events Use with caution and have fun Feel free to ask any questions if something isn't clear in this tutorial ~~~~~FOR NON-JAILBROKEN USERS AND JAILBROKEN USERS WHO DON'T HAVE IGG~~~~~ Found a solution to saving and adding items permanently into the game! (jailbroken) Required ~ Make sure you have the Lookbook option in the Kloset available ( unlocked at level 7 or 8 ) ~ Make sure you have something to purchase in the Kloset First step: Choose only ONE Kloset item that is able to be purchased with kstars, diamonds, etc. and equip it ~ do not purchase it yet (make sure it is equipped throughout this guide) Second step: Enable the "all past and unreleased items" mod with the offset patcher if it isn't enabled already Third step: Equip any of the past or unreleased items that you would like to have permanently added to your Kloset also (make sure the Kloset item in the first step is still equipped) Fourth step: Disable the mod for all past and unreleased items in live offset patcher AFTER you have a full outfit available to purchase Fifth step: Enable free shopping mod in live offset patcher Sixth step: Save your look in the Lookbook and it will prompt you to purchase the items for 0 kstars and 0 kash and 0 diamonds!! ~ Purchase it Seventh step: Items that are equipped have been bought and now you should be able to own them forever Repeat the same process to add more items into your Kloset!! Also Added a Mega Mod Menu to the Game! Mod Menu video: https://drive.google.com/file/d/1m6B2vw1tFiVAkvzn2g26Ot2YiTuRUpKb/view?usp=sharing
  2. Hello, I'm Editing This Topic With A Completely NEW Method And A New Layout As The First One Got Patched. This Tutorial Is Much More Complicated And Takes A Lot Longer And Is A Bit Harder. But It's Worth It In My Opinion. This Might Get Patched Soon I Don't Know. DISCLAIMER: I Am NOT Responsible For ANY Bans Using This Method! It's Your Responsibility And NOT Mine! Be Careful If You Want To Play On An Account You've Spent Money On Or You Care About! ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [Hidden Content] ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Settings / Keybinds: ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [Hidden Content] ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ↓↓↓ Now You're Done! It Might Get Patched Again! If You Get The Error After Finishing A Game Follow The Steps Down Below ↓↓↓ ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [Hidden Content] ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Credits: - Indian Nova (YouTube) I'm Not Exactly Sure This Is The Guy Who Made This But It's The Person I Got This Method From So Therefor I'm Giving The Credits To Him. If You Know Who The Real Creator Is Please Comment That And Give Me Some Proof Or Something And I'll Change The Credit ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Bada Bing, Bada Boom
  3. Hello, This tutorial will guide you through the needed steps, if your Videos in SketchAR just don't want to load. This error/Problem is known by the developers of the app, even tho it's not fixed yet. Requirements: - Jailbroken Device - SketchAR (already installed) - Filza Follow these simple steps: [Hidden Content] Let me know if I was able to solve your problem 😊
  4. Ppsspp Gold for iPhone Install PPSSPP with or without jailbreak Step 1: Open this URL: iemulators.com, in Safari [This site has every Emulator you can imagine for iPhone] Step 2: Go to the “Apps” tab Step 3: Scroll down until you see PPSSPP icon as well as tap on the icon Step 4: Tap on Install. When the : “dl.boxcloud.com wants to install “PPSSPP” popup opens up, tap Install and also Install once more if required Step 5: Go to : Settings > General > Date & Time > Turn OFF Set Automatically > Change the time to several days back Step 6: Launch PPSSPP App from your home screen (run it for the very first time). Step 7: Exit from PPSSPP Step 8: Got to : Settings > General > Date & Time > Turn ON Set Automatically. If you want to play on your Apple device (or other portable Adroid to ), then follow these steps: Install PPSSPP on your device Connect the device to your PC where you are storing the ISO or CSO file. Android devices can be easily connected via USB cable. The device should show up in Windows Explorer. Now simply copy over the files to somewhere easy to remember - for example, create a folder called "PSP ISO" and copy your ISO and CSO files there. Now, start PPSSPP, navigate to your new ISOs on the Games tab, then click the game, which now should show up with an icon. More info - http://www.ppsspp.org/getgames.html Enjoy iDavie Roms - http://www.freeroms.com/psp_roms_popular.htm
  5. Ever hacked a game, but everything was linked to the enemy? Well, in this topic you'll learn multiple ways to unlink it. Before this tutorial, I suggest you to read through this topic by @shmoo: https://iosgods.com/topic/65529-instance-variables-and-function-pointers/ NOTE: I assume you know how to hook functions, since this is necessarily for unlinking. In the examples you'll see something called "getRealOffset", this is used to defeat the ASLR. Put this code on top of your tweak.xm so you can make use of it: uint64_t getRealOffset(uint64_t offset){ return _dyld_get_image_vmaddr_slide(0) + offset; } Unlinking using functions [Hidden Content] Unlinking using variables [Hidden Content] Some notes: - I know all of you use functions to mod, like get_health, get_damage etc, most likely there's also a variable for them which is easier to use in a Update() function if it exists. - Some function take more "inputs" for example: get_health(int something, void somethingelse).. you need to include these in your hooks (add "void *instance" at the beginning then) - I suggest you to copy all the codes into a editor & add the C++ syntax, this will make it more readable That's it! If you have any questions, feel free to ask me (mention me in the comments) & I'll try & help you! Credits: - @shmoo for his tutorial on function pointers & variables - @Joey for writing this tutorial.
  6. Requirements: 1. PC 2. NDK 3. Android Studio 3.x 4. Apktool Tutorial: [Hidden Content]
  7. Requirements: - This is only for beginners, maybe. If possible, do not mod armv64 library or x86 library. Always mod armv7. Instructions: [Hidden Content]
  8. Hello I get asked a lot of questions about saving items permanently into your KKH game and I have made a free tutorial below on how to achieve this for ALL iOS devices (jailbroken and non-jailbroken) DISCLAIMER ~ There is no other way to get these items easily and this is a complex process. It can get very confusing just follow the steps correctly and hopefully it will make sense to everyone. REQUIRED: ~ An iPhone/iPad/iPod that is Jailbroken or NON-Jailbroken ~ A computer running Mac/Windows (I'm using Windows for this tutorial) ~ NOX Android Emulator https://www.bignox.com/ (you will need at least 4gb of computer ram) ~ Kim Kardashian: Hollywood (original or mod IPA) version 11.11.2 or any version ~ iTunes (for Windows use this version https://www.apple.com/itunes/) Download these APK files on your computer: Root explorer apk ~ https://drive.google.com/file/d/1hpTbkGO4yvNIZh378076Zg2Csu4wta5i/view?usp=sharing Modded apk for Kim Kardashian: Hollywood ~ https://drive.google.com/file/d/1tieU4VHt7D8oOr5xr53mRb9smArfK38V/view?usp=sharing YOU ALSO NEED YOUR PERSONAL DEFAULT.SAVE FILE FROM THE GAME ITSELF The reason why we need the default.sav file is so that our progress can be saved and transferred to Nox Without the default.sav file this tutorial is basically pointless HOW TO TRANSFER THE DEFAULT.SAV FILE FROM OUR GAME TO OUR DESKTOP FOR NON-JAILBROKEN USERS If you are using my mod or another mod make sure when you installed the IPA that you enable UIFileSharing so that we can access the default.sav file in iTunes Screenshot for Enable UIFileSharing in Sideloadly: https://drive.google.com/file/d/1BOF-TcTtv2lQzooqDE1Xw6FBlPd-hemW/view?usp=sharing Locate iTunes on your computer with your iDevice plugged in In iTunes, click on your iDevice, go to the File Sharing section and you will see Kardashian app and there should be a default.sav file (drag that to your Desktop screen) What it should look like: https://drive.google.com/file/d/1yshjFXuSX-CkjiirBnzzK5mIKF_5XZYd/view?usp=sharing FOR JAILBROKEN USERS Go to Filza and go to /var/mobile/Containers/Data/Application/Kardashian/Documents and you will see your default.sav file there Move the default.sav file to /var/mobile/Media/Downloads folder I use 3uTools to extract the file (you can use any file sharing application on your computer) and drag the default.sav file to your Desktop screen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TUTORIAL STEP 1: Open up Nox and make sure to go to settings in Nox make sure you toggle on "Root" What it should look like: https://drive.google.com/file/d/1uUONQXn1_2pP10eNffkXMB0EpHvp5rib/view?usp=sharing STEP 2: Save settings and restart Nox Now that we have root access let's download both apk files (Root Explorer apk and Kim Kardashian: Hollywood apk) What It should look like: https://drive.google.com/file/d/16jBDboVXsHC8Ixtpatpp25vZzvSUmHHg/view?usp=sharing STEP 3: Now drag your default.sav file from your screen to Nox and it will open up a file sharing app (close the app that it opened up in) It should save the file to /storage/emulated/0/Pictures STEP 4: We downloaded Kim Kardashian: Hollywood apk already but now we need to install it To install it click on the app Icon in Nox It will now say it is downloading resources... Wait until the resources are fully downloaded it might take some time STEP 5: Once it is installed fully we can navigate to our Root Explorer apk Make sure to enable Superuser permissions always STEP 6: Now go to one of your tabs in Root Explorer and go to /data/data/com.glu.stardomkim/files STEP 7: Open up another tab in Root Explorer and go to /storage/emulated/0/Pictures You will see your default.sav file ~ long click on the default.sav file and copy it to /data/data/com.glu.stardomkim/files Replace the original default.sav file with the one from your iPhone Screenshot: https://drive.google.com/file/d/1I2b07QChSQGirzojhpc_J7JS6Ff4tOew/view?usp=sharing It will say do you want to overwrite it? click on yes STEP 8: Game should load from the .sav file https://drive.google.com/file/d/19HGiwwOZnxI3m1iaG6ZqtEjDuD-jeKLx/view?usp=sharing Since I already did this process I'm going to restart my game (don't worry I have it saved on my iPad) Make sure you have the LookBook option available at level 8 STEP 9: You will see a save outfit button available in the Kloset https://drive.google.com/file/d/1XsTZk9jylrlCBsoldRFzhR9vOld6a7YN/view?usp=sharing STEP 10: Click on the makeup/face section in the Kloset ~ go to the blush section first You will see these items are available to purchase! (if you haven't owned them already) https://drive.google.com/file/d/1oKm6vHBLi0R0sKTfXS7g42jB7s814V_9/view?usp=sharing STEP 11: Click on the blush that you want to have permanently (do not click on the ones that cost 9999 and purchase them or your game will crash) Then after the blush is equipped press on the save outfit button that I mentioned above The blushes without the price tags can be purchased for 0 kstars 0 diamonds and 0 kash since I don't have enough kstars to purchase the other ones I will use the ones without the price tag The "WHOOPS!" dialog should show up after you click on the save outfit button https://drive.google.com/file/d/1bvsc-7lAqaR4dT5x0SZUh1lrTXxab_Tw/view?usp=sharing Then you will click on "buy now" Then it will prompt you to save it to your lookbook~ press cancel STEP 12: Let's see if we own the blush now and go to your "My Items" section We now own the item! https://drive.google.com/file/d/15UZVjR8vOWo8hQCXkyqBjbyNX9bmIKES/view?usp=sharing STEP 13: Repeat steps 10 & 11 for the whole Kloset (every item should be able to be purchased except for ones with a price tag) STEP 14: Once you are satisfied go to PC files ~> local disk ~> Users folder ~> go to your primary pc user folder ~> Nox_share folder ~> ImageShare folder ~> your default.sav file should show up drag default.sav to your Desktop screen STEP 15: Put the default.sav file back into your game using iTunes File Sharing or 3uTools or any file manager Done. If you have any questions let me know -xoashley
  9. MSHook BASIC Tweak.xm Template --------->REMOVE "[" and "]" and remove the text inside! Also remove the < and > and remove the text inside those! This is for noobs at MSHooking! ---->This contains voids, voids with argument, bool, float, unsigned int, and id! ---->This is to get you started in your tweak.xm!! [Hidden Content] Hopefully you've learned something and are using the template I have created to help you guys! Don't ask me how to do 2 arguments or more in voids because I simply don't know how to do them. Credits: - @
  10. *BEST VIEWED ON DESKTOP* The Unity tool. I hate it. All it does is make people worse at hacking because no one is developing actual analysis skills anymore. Now all you have to do to make an awesome hack is to CTRL-F everything until you have 100 features. If you want to get good at something, take the hard route. I can't stress that enough. Anyway, when I first heard about it, I thought it just revealed method names and locations. I was surprised upon finding that not only does it reveal method names and their locations, it reveals class names, parameters, instance variables, and the location in memory where said instance variables can be found. I couldn't believe what was right in front of me because everyone was just taking advantage of visible methods and their locations. This applies to non-Unity games as well. You just need to have knowledge of object oriented programming to really know how to take advantage of instance variables. I guess I could cover that in a later tutorial. Anyway, let's get started. This tutorial pertains to iOS only. Not the concepts, just the tutorial. [hide] *****Get the Unity tool from here: https://github.com/Perfare/Il2CppDumper/releases Part A. Instance Variables 1. Memory Layout I went to make this absolutely clear. For example, this... STR X3, [X0, #0x248] ...is telling the machine to store whatever X3 is holding (let's say ammo) in X0+0x248 (let's say X0 points to a Gun object). X0 contains the address of wherever the Gun object is held in memory. Let's say the address of the Gun object is 0x16fd27640. That means the machine is assigning whatever is at 0x16fd27640+0x248 to X3. That's why when you NOP a STR instruction, the value freezes. The machine can no longer update the value at the location of whatever you NOP'ed. Let's look at an actual example involving arrays: #include <stdio.h> #include <malloc.h> #include <conio.h> int main(){ int *a = (int *)malloc(sizeof(int)*4); free(a); _getch(); } This program allocates some memory for an array of four integers, then frees that memory. _getch() forces the machine to wait for a letter to be pressed before it terminates the program. Now I'll give the elements in this array some values: #include <stdio.h> #include <malloc.h> #include <conio.h> int main(){ int *a = (int *)malloc(sizeof(int)*4); a[0] = 3; a[1] = 2; a[2] = 4; a[3] = 1; free(a); _getch(); return 0; } The memory map of this array would be as follows: a[0] a[1] a[2] a[3] 3 2 4 1 But that's not all. Here's another equivalent way of writing the memory map: *(a+0) *(a+1) *(a+2) *(a+3) 3 2 4 1 This is the way we'll be able to get and set instance variables on various objects, but that is later down the line. Why does this work? Because when the compiler sees the [] operator, it translates it into pointer addition (as well as a dereference), which is exactly what we are doing by writing *(a+X). If you're still confused, hopefully this next part will clear this up. When we created the array of four ints, the machine allocated sixteen bytes space on the heap for it (as well as a pointer for it on the stack, but that isn't important for this tutorial). Why sixteen bytes? Because the size of an int on most machines is four, and we allocated memory for four ints. 4*4=16 We can take a look at what the memory looks like where the array is located in Visual Studio's debugger: The highlighted area is where the array is located. You can see the elements in the exact order as they were declared (3, 2, 4, 1) on the heap. Now we can use our newfound knowledge of memory layout to access and modify instance variables in iOS games. 2. The 'this' pointer In C++, the 'this' pointer is best thought of as a hidden argument in every non-static function call. (Static methods do not need to be called with a class object) It references the current instance of its class. To better illustrate this concept, I have created a tiny class called Test. Also, take note that both of Test's instance variables are private, which means I cannot access them directly. Here is Test.h: class Test { private: int a; int b; public: Test(); int getA() const; int getB() const; void setA(int newA); void setB(int newB); ~Test(); }; Here is Test.cpp: #include "Test.h" //create a new Test object and set its instance variables to 5 and 8 respectively Test::Test(){ this->a = 5; this->b = 8; } int Test::getA() const { return this->a; } int Test::getB() const { return this->b; } void Test::setA(int newA){ this->a = newA; } void Test::setB(int newB){ this->b = newB; } Test::~Test(){} See how I use the this pointer to get and set Test's instance variables? If I wanted to call setA, I would do this: Test *t = new Test(); t.setA(100); Obviously, in assembly, we don't have the luxury of syntax. In assembly, the call to setA would look like this: setA(t, 100); t is the this pointer. In assembly, the this pointer is always the first argument to any (non-static) function. For additional clarity, if I included this method in the Test class: void Test::setAB(int newA, int newB){ this->a = newA; this->b = newB; } and called setAB like this: Test *t = new Test(); t.setAB(1000, 2000); The function call in assembly would be setAB(t, 1000, 2000). No matter what type the function is, however many arguments it has, or whatever class it belongs to, the this pointer is always the first argument. If the method is static, there is simply no this pointer. 3. A "Hacky" Way of Getting and Setting Instance Variables Recall our class called Test and the array example. In the array example, our array was located at 0xba5d38, with sixteen bytes of extra space for the four elements. This is no different with our Test class. Consider this code: #include <stdio.h> #include <malloc.h> #include <conio.h> #include "Test.h" int main(){ Test *t = new Test(); _getch(); return 0; } The machine created a pointer to our Test object on the stack and allocated the appropriate amount of memory on the heap for its instance variables. In the Test constructor, I set a and b to 5 and 8 for visibility. Let's take a look at our memory in Visual Studio's debugger: You can see t's instance variables on the heap! Again, since an int is four bytes on most machines, there are eight byes of memory reserved for the two instance variables. And remember, they are private. When I try and directly access the instance variable "a", I get this error: (side note: I changed my project directory and I forgot to change it back) Fortunately for us, since C++ gives us complete control over our memory, we can access and modify a without a function through pointer arithmetic! Since a is our first instance variable, it is located where our Test object is located. b is located at our test object + 0x4, and so on if we had more instance variables. And remember, t is our this pointer. Consider this code: int instanceVariableA = *(int *)(t + 0x0); /*---1---*/ /*--2--*/ Don't be worried if this looks confusing. I'll explain this step by step. Just like with the array example, we can access data through pointer arithmetic. In the comments I've numbered each thing I am going to explain. 1. Since t is literally just the address to its location on the heap, this is also the address to its first instance variable. Also, throughout this entire tutorial I have been including "+ 0x0" for clarity. In your code you don't have to do this. 2. Cast whatever is at t + 0x0 to an int pointer and dereference it to access its value. After all that, we have successfully grabbed t's instance variable a without a function. Remember that when a Test object is created, a is set to 5 and b is set to 8. if I wanted to grab b, I would replace t + 0x0 with t + 0x4. We can modify a in a similar manner in which we used to grab it. All we have to do is treat all of our pointer arithmetic and casting like a variable, and set it to whatever we want, like so: *(int *)(t + 0x0) = 1000; Let's see if this is successful: Success! I call getA() to make sure that I actually did change a. Let's take a look at our memory on the heap: Sure enough, the data at where a is located changed to 0xe803. But since the hex here is in little endian, 0xe803 is actually 0x03e8, which is 1000. We successfully modified a without calling a function. This will be extremely useful when making game hacks because we won't need to call a function that may or may not be present in the game itself every time we want to modify an instance variable. Everytime we call a function from the game, a little instability is added because we don't actually know how it works, and we want as much stability as possible. 4. Applying These Concepts to Game Hacks Why did I use a program I wrote on my computer to illustrate these concepts? Because C++ on Windows is no different than C++ on iOS. A program that counts from one to one hundred on Windows would do the exact same thing on iOS. Obviously, there are API differences, but we aren't dealing with that. Also, Visual Studio's debugger is great for showing memory. Anyway, let's say that I made a dump of some Unity game and the Player class looked like this: public class Player : MonoBehaviour // TypeDefIndex: 5545 { // Fields private float health; // 0x18 private int ammo; // 0x1c private float moveSpeed; // 0x20 private bool isDead; // 0x24 private Player playerLastDamaged; // 0x28 private bool mine; // 0x30 // Methods public void .ctor(); // 0x100093720 private void Awake(); // 0x1000937A0 private void Update(); // 0x1000938FC private void InitPlayer(); // 0x100094000 private void OnDestroy(); // 0x100094AF0 } (I made every instance variable private as a proof of concept - it doesn't matter if something is public or private as shown in the last example) While taking a look at this, you should notice the instance variable "playerLastDamaged" is eight bytes. This is fine. Size does not matter when grabbing instance variables. You should also notice there are no accessors or setters for any of the instance variables. Notice the function called "Update". Any function called LateUpdate or Update is of massive use to you. Why? Because this is a non-static function that is called by Unity once per frame. If you have 60 FPS in a game, Update is being called 60 times a second. Why is this good? Think about it. We wouldn't want to get and set instance variables on a Player object that hasn't been updated for a while right? We need our most current Player object to modify, and what better way of getting it than hooking a function that is called 60 times every second? You all know how to hook a function with MSHookFunction. At least I hope so. In this example, I'm not going to show the call to MSHookFunction. Just imagine it is there. In this example, the game we are hacking is an online FPS. Everyone in the room is a Player object, and Update is called for each Player object. And for some reason, the game is so insecure that we can modify other people's instance variables non-visually. Here's how the barebones function hook would look: void (*Player_update)(void *player); void _Player_update(void *player){ Player_update(player); } Remember the previous examples. The first argument to any non-static function in assembly is the this pointer. It is best to name the this pointer the class name, because it is representing that class. We also have to use a void pointer (void *) because we don't actually have access to the Player class, only its objects. Because of this, the way we get and set instance variables will be a bit different. We also have to check if the player object isn't NULL to prevent crashes! Recall what you read about the this pointer. If the Player object is NULL, this is what the call to update would look like in C++: NULL.Update(); And that doesn't make any sense, right? For this first example, we'll be giving ourselves infinite ammo, infinite health, and increased move speed, as well as making everyone else's health 1.0 and taking everyone else's ammo away. Obviously we don't want to apply anything bad to ourselves, so we can make use of the mine instance variable. This boolean just tells us if this Player object belongs to me. To get this instance variable, we need to do this: if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); } The one difference is casting the void pointer to uint64_t. We need to do this in order to perform pointer arithmetic on the player object. Also, a boolean in C and C++ just holds a 0 or a 1... which means we can substitute int for it. So far, the Update hook looks like this: void (*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); } Player_update(player); } Now that we have the mine instance variable, we can test to see if our Player object is indeed ours, and if it is, apply the hacks: void (*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); if(isMine){ //ammo *(int *)((uint64_t)player + 0x1c) = 999; //health *(float *)((uint64_t)player + 0x18) = 100.0f; //increased move speed, normal is 1.0f *(float *)((uint64_t)player + 0x20) = 5.0f; } } Player_update(player); } That's not all we want to do, though. We want to wreak havoc on other people so we need to take everyone's ammo away and make everyone have 1.0 health. void (*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); if(isMine){ //ammo *(int *)((uint64_t)player + 0x1c) = 999; //health *(float *)((uint64_t)player + 0x18) = 100.0f; //increased move speed, normal is 1.0f *(float *)((uint64_t)player + 0x20) = 5.0f; } else{ //enemy ammo *(int *)((uint64_t)player + 0x1c) = 0; //enemy health *(float *)((uint64_t)player + 0x18) = 1.0; } } Player_update(player); } If you want to get more creative, you can make use of the "playerLastDamaged" instance variable to make a "freeze tag" hack. This hack will freeze the person you just shot, just like if you tag a person in freeze tag. Like before, we have to check if the player object is ours, and then we can access the playerLastDamaged instance variable. void (*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); } Player_update(player); } Now we have to get the playerLastDamaged instance variable. Like I said before, size does not matter. You would access it just like any other instance variable. We also have to check if it isn't NULL. void (*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); if(isMine){ void *playerLastDamaged = *(void **)((uint64_t)player + 0x28); if(playerLastDamaged != NULL){ } } } Player_update(player); } Now we have to set playerLastDamaged's moveSpeed instance variable to 0.0. Remember that playerLastDamaged is a Player object, so we have access to the Player instance variables. Again, we don't have access to the actual Player class, so we have to use a void pointer. void (*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); if(isMine){ void *playerLastDamaged = *(void **)((uint64_t)player + 0x28); if(playerLastDamaged != NULL){ //set person we just shot moveSpeed to 0.0 *(float *)((uint64_t)playerLastDamaged + 0x20) = 0.0f; } } } Player_update(player); } And just like that, our freeze tag hack is complete! There you have it, two full fledged hacks that work by modifying instance variables! ALWAYS REMEMBER TO CHECK ALL POINTERS TO SEE IF THEY'RE NULL!!!! Part B. Function Pointers Function pointers are great when you want to call a function but don't want to sacrifice stability by hooking it. This part is much simpler than instance variables. Here's an example of a function pointer in C++: #include <stdio.h> #include <conio.h> void func(){ printf("Hello, someone called me!\n"); } int main(){ //&func takes the address of where func is kept in memory void (*func_ptr)() = &func; func_ptr(); _getch(); return 0; } We can this in action here: The & operator takes the address of whatever it is being used on. You can think as a function pointer as a pointer to the address of where the function is in memory. The syntax here should look a bit familiar because you are creating a function pointer to the original function whenever you use MSHookFunction to hook something. But again, that adds instability to the hack. The concept here is the same on iOS, but the syntax is not as simple. First of all, let's add some new methods to our Player class from Part A: public class Player : MonoBehaviour // TypeDefIndex: 5545 { // Fields private float health; // 0x18 private int ammo; // 0x1c private float moveSpeed; // 0x20 private bool isDead; // 0x24 private Player playerLastDamaged; // 0x28 private bool mine; // 0x30 // Methods public void .ctor(); // 0x100093720 private void Awake(); // 0x1000937A0 private void Update(); // 0x1000938FC private void InitPlayer(); // 0x100094000 private void OnDestroy(); // 0x100094AF0 private void KillPlayer(); // 0x100095CF4 private void SetPlayerTeam(int team); // 0x100095FF8 private void RespawnPlayerAtLocation(Vector3 location, int health); // 0x10009A230 private int GetPlayerID(); // 0x10009B34C private static void Suicide(int playerID); // 0x10009C99C } Again, it doesn't matter if a function is private or public. To get the correct offset with the ASLR slide, I use a function called getRealOffset. This is what it looks like: uint64_t getRealOffset(uint64_t offset){ return _dyld_get_image_vmaddr_slide(0) + offset; } Now that that's out of the way, this is how to declare a function pointer: <type> (*<function name>)(<this pointer>, <any additional parameters>) = (<type>)(*)(void *, <types of additional parameters))getRealOffset(<offset>); To remember the syntax, learn to look at this as pairs. I'll add comments to pairs you should remember: <type> (*<function name>)(<this pointer>, <any additional parameters>) = (<type>)(*)(void *, <types of additional parameters>))getRealOffset(<offset>); /*A*/ /*------B------*/ /*-----------------C-----------------------*/ /*-A-*//*B*/ /*----------------C------------------*/ /*-------D--------*/ If it is hard to tell, here's what corresponds to what: //A <type> = (<type>) //B (*<function name>) = (*) //C (<this pointer>, <any additional parameters>) = (void *, <types of additional parameters>) //D getRealOffset(<offset>) has no corresponding part It looks really weird, but once you get used to it, it just feels right. Here's what the function pointers would look like for the five new methods I added: void (*Player_KillPlayer)(void *player) = (void (*)(void *))getRealOffset(0x100095CF4); void (*Player_SetTeam)(void *player, int team) = (void (*)(void *, int))getRealOffset(0x100095FF8); void (*Player_RespawnPlayerAtLocation)(void *player, Vector3 *location, int health) = (void (*)(void *, Vector3 *, int))getRealOffset(0x10009A230); int (*Player_GetPlayerID)(void *player) = (int (*)(void *))getRealOffset(0x10009B34C); void (*Player_Suicide)(int playerID) = (void (*)(int))getRealOffset(0x10009C99C); Side note - Vector3 is a class that you can recreate yourself. Notice how the last method I added was static. That's why there's no this object included in the parameters. You can call these function pointers as normal functions: //kill someone Player_KillPlayer(player); //get someone's ID int playerID = Player_GetPlayerID(player); //force someone with ID 1 to suicide Player_Suicide(1); Now that you know how to create and call function pointers, let's make a hack that constantly kills someone with a specific ID. For this example, it will be 10. First, we hook Update. //declare function pointers void (*Player_KillPlayer)(void *player) = (void (*)(void *))getRealOffset(0x100095CF4); void (*Player_SetTeam)(void *player, int team) = (void (*)(void *, int))getRealOffset(0x100095FF8); void (*Player_RespawnPlayerAtLocation)(void *player, Vector3 *location, int health) = (void (*)(void *, Vector3 *, int))getRealOffset(0x10009A230); int (*Player_GetPlayerID)(void *player) = (int (*)(void *))getRealOffset(0x10009B34C); void (*Player_Suicide)(int playerID) = (void (*)(int))getRealOffset(0x10009C99C); void (*Player_update)(void *player); void _Player_update(void *player){ Player_update(player); } Now we have to figure out which Player object is ours, because we don't want to kill ourselves in case our ID is 10. //declare function pointers void (*Player_KillPlayer)(void *player) = (void(*)(void *))getRealOffset(0x100095CF4); void (*Player_SetTeam)(void *player, int team) = (void(*)(void *, int))getRealOffset(0x100095FF8); void (*Player_RespawnPlayerAtLocation)(void *player, Vector3 *location, int health) = (void(*)(void *, Vector3 *, int))getRealOffset(0x10009A230); int (*Player_GetPlayerID)(void *player) = (int(*)(void *))getRealOffset(0x10009B34C); void (*Player_Suicide)(int playerID) = (void(*)(int))getRealOffset(0x10009C99C); void (*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); } Player_update(player); } Now we can check if the Player object isn't ours and then get the Player ID of the Player object if it is not ours. //declare function pointers void (*Player_KillPlayer)(void *player) = (void(*)(void *))getRealOffset(0x100095CF4); void (*Player_SetTeam)(void *player, int team) = (void(*)(void *, int))getRealOffset(0x100095FF8); void (*Player_RespawnPlayerAtLocation)(void *player, Vector3 *location, int health) = (void(*)(void *, Vector3 *, int))getRealOffset(0x10009A230); int (*Player_GetPlayerID)(void *player) = (int(*)(void *))getRealOffset(0x10009B34C); void (*Player_Suicide)(int playerID) = (void(*)(int))getRealOffset(0x10009C99C); void(*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); if(!isMine){ int playerID = Player_GetPlayerID(player); } } Player_update(player); } Now we can check if playerID is 10, and if so, force that player to kill themselves: //declare function pointers void (*Player_KillPlayer)(void *player) = (void(*)(void *))getRealOffset(0x100095CF4); void (*Player_SetTeam)(void *player, int team) = (void(*)(void *, int))getRealOffset(0x100095FF8); void (*Player_RespawnPlayerAtLocation)(void *player, Vector3 *location, int health) = (void(*)(void *, Vector3 *, int))getRealOffset(0x10009A230); int (*Player_GetPlayerID)(void *player) = (int(*)(void *))getRealOffset(0x10009B34C); void (*Player_Suicide)(int playerID) = (void(*)(int))getRealOffset(0x10009C99C); void(*Player_update)(void *player); void _Player_update(void *player){ if(player != NULL){ bool isMine = *(int *)((uint64_t)player + 0x30); if(!isMine){ int playerID = Player_GetPlayerID(player); if(playerID == 10){ Player_Suicide(playerID); } } } Player_update(player); } (I know this is inefficient, but it is a great way of showing use of function pointers) And there you have it, a hack to kill a certain player if their ID is 10 using function pointers. You can get really creative with this method of hacking! It's really addicting Here is an example Tweak.xm (dead trigger 2 hack): https://iosddl.net/cc637e33bdf2a037/Tweak_for_tutorial.xm Check out my aimbots I put on my Github: http://www.github.com/shmoo419/ [/hide] Please let me know if you have any questions (It took about 6 hours to write this tutorial)
  11. Hey guys, @Crypto here. Today I'll show you how to get free VIP membership on iOSGods for a year! 1. you'll need to go to the VIP Subscription page : https://iosgods.com/store/category/1-vip-subscriptions/ 2. You'll see 4 VIP packages. Pick the one that is suitable for you and add it to your cart! 3. After the subscription is added to your cart, click "Review & Checkout" 4. Fill out your Billing Information 5. Here's the fun part! Add "PLZUPDATEGAMENOW" in the coupon code input and click "Apply Coupon" That's it! Now you have free membership for a year!☺️ Please don't sue me
  12. *BEST VIEWED ON DESKTOP* Prerequisite reading: https://iosgods.com/topic/65529-instance-variables-and-function-pointers/ Seriously, read my tutorial on instance variables and function pointers before reading this one. You'll be lost. This tutorial builds off of concepts from the last one. The game is Free Fire v1.17.1. I will include everything used in this tutorial in a zip archive at the end, including an IDA database. [hide] 1. What Are Static Members? Have you ever seen something like this while scourging through a Unity dump? Looks like that would be fun as hell to mess around with. Or this? How can we access sUniqueEntityID? Or RunSpeed, DashSpeedScale, and CrouchSpeed? You've probably noticed static members during your Unity hacking. These are different than instance variables. While instance variables will have a copy for each object of a given class, there will only be one copy of each static member for every object. Because of this, a static member is not apart of any object. To illustrate this concept, check out this class I wrote called Apple: An apple is fresh when it hasn't been eaten. When we instantiate a new Apple object, we increment the number of fresh apples because a new Apple hasn't been eaten yet. When eat() is called on an Apple object, it is no longer fresh, so we decrement the number of fresh apples. I also included a regular instance variable that represents the name of an Apple. When an Apple is eaten, its name changes to eaten. Let's make three fresh apples and check out our static member freshApples and our instance variable name for each Apple object: The number of fresh apples is the same for every Apple instance and the name of each Apple instance is unique. Let's eat apple2 and print everything out again: Since apple2 was eaten, the number of fresh apples decremented for every object, but only apple2's name changed to eaten. Remember when I said a static member is not apart of any object? Sounds a bit confusing right? I'm a person that won't really understand something fully until I can see it proven, so using Visual Studio's debugger, we can prove that freshApples is not a part of any Apple object. I set a breakpoint on the first std::cout << "apple1: " << apple1.name << " freshApples: " << Apple::freshApples << std::endl; (line 28) and let it hit. The Locals tab displays variables that are defined in the local scope. That includes our three Apple objects. name is present, but freshApples is not. This makes sense. Why would each Apple have its own copy of something that is supposed to be shared throughout all Apples? Let's take a look at the Autos tab: The Autos tab displays variables used around the current line. Ignore the entry for apple1.name. There's our freshApples static member! It is being used to print its value to the screen. Notice that it is independent of all the other Apple objects listed. However, let's go a bit further and dive into memory. I added these four lines of code: The %p format specifier prints out a pointer, and the & operator takes the address of what it is used on. I set a breakpoint before apple2.eat() because the names of the apples would line up nicer. Because this is before apple2.eat(), freshApples is still 3, and apple2.name is still "second apple". This output confirms it. freshApples is nowhere near apple1, apple2, or apple3. This supports what I said earlier about freshApples not being apart of any Apple object. Let's check out the memory around apple1, apple2, and apple3: You can see the names of the apples. If freshApples was anywhere near these Apple objects, you'd see 03 somewhere in this screenshot. Here is where freshApples is kept in memory: It is stored a long way away from any of the apple objects. In like a void of nothing, kinda sp00ky. This example proves static members are not apart of the objects from the class they reside in. In memory, they reside somewhere else, far away from the class objects. However, nothing is inaccessible. If the machine can pull the value of a static member without a problem, we can too. We just have to replicate what the machine does in our own code. 2. Accessing Static Members In A Game I want to remind you the game being used is Free Fire v1.17.1. Our first example will be the GameVarDef class from the very first screenshot in this tutorial. Here it is again so you don't have to constantly scroll up and down: There are so many more static members in this class. It just wouldn't be convenient to show all of them. We can disregard the readonly keyword just like we disregard private and public. We are past compile-time checks, so a compiler isn't preventing us from making changes to or accessing things when we're hacking. If we can find RunSpeed, we'll have access to every single static member in this class. Why? Check out how the memory is laid out. If RunSpeed is at X, DashSpeedScale will be at X + 0x4, CrouchSpeed will be at X + 0x8, and so on. But how can we do that? If this class holds static members that control many attributes of the game, why not search for functions like GetRunSpeed or GetDashSpeedScale? Searching for GetRunSpeed brings us to a function called GetRunSpeed() at 0x1007231E8. Let's check it out in IDA. I forgot to mention the developers added some fake code and mangled some names in the game, but not the ones we're using so we can disregard it. This function hits when you set a breakpoint on it. I wouldn't make a tutorial using a game where I couldn't figure out how to modify static members in it before. We are not looking to modify the instructions here to boost our run speed. That would defeat the entire purpose of this tutorial. At the end of this tutorial, we'll have made a hack that could modify anything in GameVarDefs via threading, pointer arithmetic, and absolutely no hooking. Anyway, back to it. There is something very interesting about this function: The main thing to take away from this is that the game ends up loading some pointer from a constant base address into X0. In this case, it is whatever 0x102b77358 points at. How do I know its constant? Because it is hardcoded in the binary. Why is this awesome for us? Well, since what we need is always going to be located at whatever 0x102b77358 is pointing to, we don't need a pointer from the game! AKA no hooking! To access normal instance variables, we'd have to hook some kind of function to get the pointer to the object so we can do a little bit of math on it. After all, the locations of those objects change every launch. Here we don't because it's constant. Let's take a look at the end of this function: Okay, so we're getting somewhere. Whatever 0x102b77358+0xa0 is pointing to gets moved into X8, and whatever X8 is pointing at seems to be our run speed and the beginning of the static members from the GameVarDef class. Before we move on, I'd like to include what I call a LDR map. This is how I visualize things in my head. Instead of seeing an entire function, I don't focus on the parts I don't need for what I'm trying to do: Then I usually visualize some sort of map in my head. I tried my best to recreate what I see: If it doesn't help you, please don't try and do it. Different things work for different people. Now let's try and access RunSpeed with a debugger, keeping in mind what we talked about. After attaching to Free Fire via LLDB and getting the ASLR slide, we can see what is at 0x102b77358. To see this, we can use the memory read command. Our ASLR slide is 0xa4000. 0x102b77358 looks like it is pointing to 0x50779f2e01, but since hex here is in little endian, we read the address starting from the end: 0x012e9f7750. That makes more sense. We just imitated these three instructions: Now we have to do is find out what is at 0x012e9f7750+0xa0: 0x012e9f7750+0xa0 is pointing to 0x0111d59c80. We just imitated this instruction: If we were correct in our interpretation of how the game is accessing these static members, 0x0111d59c80 should point to RunSpeed. Let's see: Look at that! Not only do we see RunSpeed, we see every static member from GameVarDef after it. Floats are also not represented as "just floats" in memory, they're represented as an integer equal to their value. If we make a tiny program to convert floats to their integer representation and so on, we can see what 0x40500000 is. To get a float's integer representation and vice versa, we can use a union. A union is like a struct, but also completely different. Like a struct, it can have multiple members, but unlike a struct, all those members share the same location in memory. Very useful. I wrote something to do that a long time ago, so I'll use that here: 3.25 sounds right for something called RunSpeed. But we don't know for sure. We can know for sure if we use LLDB to see what S9 holds in PlayerAttributes::GetRunSpeed. Our ASLR slide here is 0x7c000. S9 is 3.25! This confirms that the way we accessed the static members from GameVarDef is correct. And because of the way memory is laid out for the static members in GameVarDef, we can safely assume they'll all be next to each other. Before we move onto the next step, I want to quickly demonstrate that it doesn't matter if you want to access a static member from a class with other instance variables. Here's the second screenshot from this tutorial again: For this kind of thing, you'd want to find a function that fetches this static member. Thankfully, we have this in the same class: When we take a look at it in IDA, we can see the same theme of a constant base address being used to grab static members: It's the same procedure here as getting RunSpeed from GameVarDef. 1. Move 0x102b77f18 into X19. 2. Move whatever X19 points to into X0. 3. Move whatever X0+0xa0 points to into X8. 4. Load whatever X8 points to into W0, which is our unique ID. If the game you're working on has a class filled with static members that control very hackable aspects of it, you can take advantage of a constant base address and write the hack without any hooking! 3. Multithreading Threads are awesome. Just know that. They allow you to do work simultaneously with the main thread and are so vital to how any computer works. The threads we'll be using in our hacks are POSIX threads. If you want to use POSIX threads, you need to add #include <pthread/pthread.h> to your hack. The POSIX thread datatype is pthread_t and the function we'll be using to spawn POSIX threads is pthread_create. Let's look at pthread_create. int pthread_create(pthread_t *thread, const pthread_attr_t *attr, void *(*start_routine) (void *), void *arg); pthread_create takes four arguments: pthread_t *thread: in short, the thread you want to spawn. const pthread_attr_t *attr: an object to specify thread attributes. We don't need to do this, so this is always NULL. void *(*start_routine) (void *): a pointer to the function you want your thread to work with. Must match that signature. void *arg: the arguments to start_routine. Can be NULL, a single argument, or a struct to pass multiple arguments. I hope you know why that works, that was one of the main takeaways from the previous tutorial. When a successful call to pthread_create returns, your thread will spawn and immediately begin work in the function you passed in for start_routine. Let's look at an example. Since Windows doesn't support POSIX threads, I'll be writing this program on my phone. All this program does is spawn a thread to add one to a counter every second. Here's the code, heavily commented: #include <stdio.h> #include <stdlib.h> #include <pthread.h> #include <unistd.h> // our counter variable. We need this to be global. int counter = 0; // the method your POSIX thread does work in MUST match this signature. // the return type must be void *, and there must be only one argument, which is a void *. void *addOneEverySecond(void *arg){ // we don't want the thread to only increment the counter once and then be done! while(1){ counter++; printf("%d\n", counter); // sleep puts the calling thread to sleep for however many seconds you specify. // once however many seconds is up, the thread is woken back up and executes // until sleep is called again, where it will be put to sleep again. // this is great for easing stress on the device. sleep(1); } // always return NULL for our sakes return NULL; } int main(int argc, char **argv){ // declare our thread pthread_t countThread; // spawn our thread pthread_create(&countThread, NULL, addOneEverySecond, NULL); getchar(); return 0; } Here's what it looks like when I run this program: Pretty simple. That's all there really is to it with threads. We don't need to go into more detail for the stuff we're doing. It is best to create another thread anytime you have something that you want to do that's unrelated to what all your other threads are doing. 4. Putting It All Together With threads and a bit of pointer arithmetic, we can make a hack that will successfully modify anything we want in the GameVarDef class. First of all, let's get the "outline" of our code going: #import <mach-o/dyld.h> #import <pthread/pthread.h> #import <substrate.h> uint64_t getASLRSlide(){ return _dyld_get_image_vmaddr_slide(0); } bool launched = false; %hook UnityAppController - (void)applicationDidBecomeActive:(id)arg0 { if(!launched){ timer(1){ launched = true; }); } %orig; } This is the skeleton of the hack. A function to get the ASLR slide and some code to set up the initial hooks to UnityAppController. Now we can get to adding our function that our thread will do work in, as well as the thread itself: #import <mach-o/dyld.h> #import <pthread/pthread.h> #import <substrate.h> uint64_t getASLRSlide(){ return _dyld_get_image_vmaddr_slide(0); } void *modifyGameVarDefs(void *arg){ while(true){ sleep(1); } return NULL; } bool launched = false; %hook UnityAppController - (void)applicationDidBecomeActive:(id)arg0 { if(!launched){ timer(1){ pthread_t modifyGameVarDefsThread; pthread_create(&modifyGameVarDefsThread, NULL, modifyGameVarDefs, NULL); launched = true; }); } %orig; } Since we don't have any arguments to modifyGameVarDefs, we give NULL as the last parameter to pthread_create. Our thread will sleep for 1 second before carrying out its work again. I am going to shift focus to modifyGameVarDefs and getASLRSlide. I will no longer be including the hooks for UnityAppController or the #include's to save space. Just imagine they're there. Now we can get to accessing the static members in GameVarDef through pointer arithmetic! Remember our base address? It's 0x102b77358. To imitate what the machine does, first we make a pointer to 0x102b77358. As always, we have to account for ASLR and check if it is NULL for safety. uint64_t getASLRSlide(){ return _dyld_get_image_vmaddr_slide(0); } void *modifyGameVarDefs(void *arg){ while(true){ void *baseAddress = *(void **)(getASLRSlide() + 0x102b77358); if(baseAddress){ // ... } sleep(1); } return NULL; } Finally, to access the static members from GameVarDef, we have to add 0xa0 to baseAddress, and check if that is NULL as well. uint64_t getASLRSlide(){ return _dyld_get_image_vmaddr_slide(0); } void *modifyGameVarDefs(void *arg){ while(true){ void *baseAddress = *(void **)(getASLRSlide() + 0x102b77358); if(baseAddress){ void *Defs = *(void **)((uint64_t)baseAddress + 0xa0); if(Defs){ // now we can modify any static member from GameVarDef! } } sleep(1); } return NULL; } Like the comment says, we'd put our code to modify the static members from GameVarDef there. We are going to add the last piece of code to modify RunSpeed: uint64_t getASLRSlide(){ return _dyld_get_image_vmaddr_slide(0); } void *modifyGameVarDefs(void *arg){ while(true){ void *baseAddress = *(void **)(getASLRSlide() + 0x102b77358); if(baseAddress){ void *Defs = *(void **)((uint64_t)baseAddress + 0xa0); if(Defs){ // now we can modify any static member from GameVarDef! *(float *)((uint64_t)Defs + 0x0) = 10.0f; } } sleep(1); } return NULL; } Of course I didn't need the + 0x0 there, but it is better visually for a tutorial. And we're done! We've successfully modified the static member RunSpeed from the class GameVarDef via threading, pointer arithmetic, and without any hooking! This does work in game. However, we can still improve. 5. Structs Make Everything Better If we wanted to change a ton of other static members in GameVarDef, we would have to constantly retype the same pointer arithmetic, constantly look back at the dump to make sure types are right and to find out what to add to Defs to access that static member. Imagine if you didn't have to do that. Remember what a struct is? A struct is something that can hold many members, so naturally, memory is laid out exactly the same way as you'd expect it to be. The first member is at struct + 0x0, the second at struct + 0x4, the third at struct + 0x8, and so on. Take a look at this screenshot again: Don't you notice something? This is laid out like a struct! If we had a struct with the first member being RunSpeed, the second being DashSpeedScale, the third being CrouchSpeed, and so on, making our struct point to baseAddress+ 0xa0 would work. Let's make a struct like described above: struct GameVarDef { float RunSpeed; // 0x0 float DashSpeedScale; // 0x4 float CrouchSpeed; // 0x8 }; If we had it point to baseAddress + 0xa0, doing GameVarDef->RunSpeed = 10.0f; would be the exact same thing as *(float *)((uint64_t)Defs + 0x0) = 10.0f;, doing GameVarDef->DashSpeedScale = 5.0f; would be the exact same thing as *(float *)((uint64_t)Defs + 0x4) = 5.0f; and doing GameVarDef->CrouchSpeed = 20.0f; would be the exact same thing as *(float *)((uint64_t)Defs + 0x8) = 20.0f;. The only thing we have to be aware of is the size of each variable in the struct. Why? Because in the dump, there are some booleans that are 4 bytes, and some that are only 1 byte. If we made every boolean 4 bytes, the machine would start to overwrite other members in the struct after a supposed-to-be 1 byte boolean because of a size mismatch. Anyway, look at these two screenshots: See how the boolean in the first screenshot is 4 bytes and the booleans in the second screenshot are only 1 byte? That's something we need to pay attention to. In the dump, booleans are treated as a 4 byte long datatype. This is not the case for us because sizeof(bool) == 1. Before I wrote the code for this tutorial, I didn't realize sizeof(bool) didn't equal 4, so in the struct, I replaced every 1 byte bool with char. Why did I do that? sizeof(char) == 1. You don't have to do that. It was a harmless mess up on my part. What you do have to do, however, is change every 4 byte boolean to int. sizeof(int) == 4, so that will work. Here is our resulting struct: You'll find a copy of that struct in the zip archive at the end of this tutorial. Anyway, now that we have that, it is as simple as replacing Defs datatype from a void * to GameVarDef * and then modifing anything in our new GameVarDef struct! I put that struct in its own file called GameVarDef.h because of its size. This does work in game, I tested it before writing this tutorial. Here is our finished hack: #import <mach-o/dyld.h> #import <pthread/pthread.h> #import <substrate.h> #import "GameVarDef.h" uint64_t getASLRSlide(){ return _dyld_get_image_vmaddr_slide(0); } void *modifyGameVarDefs(void *arg){ while(true){ void *baseAddress = *(void **)(getASLRSlide() + 0x102b77358); if(baseAddress){ GameVarDef *Defs = *(GameVarDef **)((uint64_t)baseAddress + 0xa0); if(Defs){ Defs->RunSpeed = 20.0f; Defs->MaxJumpHeight = 20.0f; } } sleep(1); } return NULL; } bool launched = false; %hook UnityAppController - (void)applicationDidBecomeActive:(id)arg0 { if(!launched){ timer(1){ pthread_t modifyGameVarDefsThread; pthread_create(&modifyGameVarDefsThread, NULL, modifyGameVarDefs, NULL); launched = true; }); } %orig; } Doesn't that look so much cleaner? Much more readable, also. We just made a hack to change our speed and jump height with no code injection, no hooking, threading, and pointer arithmetic. Pretty awesome. Here's our hack in game: 6. Conclusion To reiterate, this is awesome because there's no hooking involved. Hooking always adds instability to our hacks. I've linked an archive with everything that I used with this tutorial. It includes the binary for 1.17.1, global-metadata.dat for 1.17.1, the IDA database for the binary, the dump, the script to rename functions in IDA, the code for the hack, and the code from StaticMembersDemo. Do not try and frankenstein the code into your own hack without thinking and complain that it doesn't work. It is a big download because of the database. Archive: https://iosddl.net/24cc97063ab999c0/archive.zip Also, I have a Github repository. I've been messing with Guitar Hero 3, and the hacks I made for that game build upon concepts from this tutorial: https://github.com/shmoo419/GH3Hacks Practice: If you want to try this yourself but on a different game, try accessing the static members from the Main class in Dominations. Harder Practice: Create a struct with all the static members from the GlobalVars class from Dominations. You'll find my GlobalVars struct below: If you want to see a sample hack that covers all the concepts from this tutorial, go here: https://github.com/shmoo419/DomiCrowns I hope you enjoyed this. Please don't be afraid to ask questions [/hide]
  13. This needs to be done BEFORE the certificate gets revoked. - Go to Settings > Cellular (wait for the Cellular Data section to load) > Scroll to the bottom and turn off WiFi Assist. If you’re device is WiFi only, you can skip this step. - Create a text file (must be in txt format) that contains ocsp.apple.com - Save the text file in your iCloud Files or Dropbox (you'll have to connect your Dropbox account to iCloud Files with this option) - Download the DNSCrypt app from the AppStore https://itunes.apple.com/us/app/dnscloak-secure-dns-client/id1452162351?mt=8 - Click the three dash lines in the top left and select the following settings General Options: Connect On Demand (ON) Cache Responses (ON) https://imgur.com/lwVCsTn Resolvers usage rules: Leave as default https://imgur.com/XO6xjkU Blacklists & Whitelists: Enable Blacklist (ON) Select the text file you created earlier https://imgur.com/KunvVEI Advanced Options: Skip accessibility check (ON) Strict mode (ON) Network Connectivity (Set to IPv4 and IPv6) Everything else off https://imgur.com/uxOLUIg https://imgur.com/ZPRLD3H To test download iNetTools https://itunes.apple.com/us/app/inettools-ping-dns-port-scan/id561659975?mt=8 and ping ocsp.apple.com. It should come back as invalid hostname.
  14. You will need a Jail-broken phone and a DLG cheat engine ( you can search iOS Gods for a .deb or a cydia link for one) Disclaimer this will not work on some games like sever sided games (clash royal/of clans) or games with a lot of different offsets (PvZ heroes) [Hidden Content]
  15. Hello everyone, With Apple’s latest certification revokes it came with bugs and new ways to prevent third-party apps on your iDevice. With the latest certificate came a bug or preventative measure by Apple to stop opening third party apps by crashing them on launch. The steps below will hopefully help everyone that is having this issue. Please backup your iDevice before proceeding as this method involves resetting your device. Once the backup is done; go back to Settings > General > Reset > Erase All Content and Settings > Enter passcode and it should ask you to sign out of your Apple ID Once your iDevice has finished resetting and restoring the backup you made in step 1— the iOSGods App should be installed already and you’re ready to download and play games. I really hope this helped everyone that is having crashing apps and unsure why it’s happening. I have to give credit to @HectorBhz for this helpful info. I’ve thought I needed to get a forum out letting people know how to solve this annoying issue. My Phone that I tested it on: iPhone 7 Plus 32GB on iOS 13.3 - Happy Gaming 🙃 Update: This has been confirmed to work on iOS 13.x.x YOU DO NOT NEED A JAILBROKEN IPHONE TO COMPLETE THIS PROCESS!
  16. How to get Coins in LDOE You will need either DIDa Jailbroken hack for this to work : DIDa's Jailbreak Hack : How many coins do you want ? Do you have 25 coins ? You must have 25 coins to start off with Firstly : [Hidden Content] Secondly : [Hidden Content] Thirdly : [Hidden Content] Fourthly : [Hidden Content] Repeat the process untill you have the amount of coins you want. REMEMBER : [Hidden Content] Cheers iDavie
  17. -LAST DAY ON EARTH UNRELEASED ITEMS LIST UPDATED TO 1.8.7! if you crafted this items your game stock on loading and get banned! List of uncraftble items [Hidden Content]
  18. Heyo, just wanted to share how I download paid apps for free, so far I have downloaded NBA 2K16 with this method. It is completely free, this may have been known already but just wanted to bring it up just in case some of you didn't know. I used this on iOS 9.3.1 This should be done ON your iPhone instead of your computer, it is much easier and.... I am not sure how to exactly do it on the computer. Requirements: iPhone Internet Brain (maybe not) Steps: [Hidden Content] Like I said, this may have already been discovered before but I just wanted to make a tutorial for those who haven't discovered this method yet -1999
  19. In this tutorial, I'll be showing you how to duplicate your favorite apps/games on your iOS 11 Electra Jailbreak. I'll be using WhatsApp as an example. Tested working on iPhone 8, 11.3.1. Take note that not all apps/games can be duplicated. Requirements: - Filza File Manager (BigBoss repo) - AppSync Unified (Karen's repo) Instructions: [Hidden Content]
  20. Hello everyone! With the recent release of unc0ver 6.0.0 with support up to iOS 14.3, we thought it would be a good time to make a tutorial on how you can easily Jailbreak your iDevice! The trickiest part nowadays is arguably getting the unc0ver app sideloaded and installed on your iDevice, but today we will show you how you can easily install the unc0ver app to your iOS device using Sideloadly. For this to work, you need to have Sideloadly installed on your Windows/macOS PC. Download & Install Sideloadly from the official page here and make sure you have met the requirements. Method #1 - The Easiest Way 1. Simply click on this unc0ver 6.1.2 link and it will automagically open Sideloadly, download unc0ver & prepare everything for sideloading. 2. Now all you have to do is click "Start" to begin sideloading unc0ver to your device. Then of course follow the on-screen instructions. 3. Now on your iOS device, head over to Settings -> General -> Device Management -> tap on your Apple ID and then tap on trust. 4. Now you can open unc0ver & jailbreak! Tip If you need the latest unc0ver IPA, you will need to grab the download link from the official unc0ver.dev website, and then just add the sideloadly: prefix and visit the link. Example: sideloadly:https://unc0ver.dev/downloads/6.1.2/56dd2827d0f4585f6cf21a8e08a1a4eba6f2cdb2/unc0ver_Release_6.1.2.ipa Method #2 - The Normal Way 1. This method is similar to the one above. The main difference is you will have to manually download and then drag & drop the .IPA into Sideloadly. To begin, download the latest unc0ver IPA from https://unc0ver.dev/. 2. Open Sideloadly on your PC and then drag & drop the unc0ver IPA onto the Sideloadly window. 3. Then click on "Start" to begin sideloading unc0ver to your device. Then of course follow the on-screen instructions. 4. Now on your iOS device, head over to Settings -> General -> Device Management -> tap on your Apple ID and then tap on trust. 5. Now you can open unc0ver & jailbreak! And that's it, unc0ver should now be installed on your iDevice and ready to Jailbreak! If you experience any issues, post them down below or create a new support topic and we'll do our best to help. Sideloadly will also work with Odyssey, Taurine & other Jailbreak apps! Video tutorial thanks to @Deep_Thought!
  21. Hello there, Lately I've been playing around with API's from games & it's pretty fun actually I thought, let's make a small guide/tutorial on an example game so maybe others can do awesome stuff too So I'm sure most of you have ever played or heard about the game Bike Race. Well, this game got me into hacking mobile games & whenever I re-hack this game, I get new features & this was also the game I started experimenting this on. Requirements for this: Flexible Jailbroken device Some knowledge about http requests? (or just read it for fun..) Flexible is one of the best tools out there if you're creating tweaks & need to debug something. Flex also has a "Network History" option, which logs all http requests that are being made by the app, in our cause Bike Race. What a http request does is the following: It sends requests to a server & if the request is valid it'll give you a response. For example when you clicked on this topic, you have send iOSGods a request to go to this topic, which returns this page as response. So the main thing in the game Bike Race, are bikes, obviously. Since I've played this game for a long time back in the days, I happen to know that the developers store bikes into your account so when you come back it will restore them. But let's not get ahead of it & first start the game & log some network history... So when I open up the game, stay on the main screen & look at my network history, I have like 36 requests being made by the game, most of them are stupid & not worth looking into, this is something you'll have to learn to recognize. But let's give you some examples for things that aren't interesting to look at: A request for a image a request to ad providers (may be interesting if you want to disable ads) a request to crashlytics etc etc. Some things that do seem interesting to me: A request being made to a url that actually has the name of the game in it A request being made with the word "player" in it See the picture below, where the request boxed with red does not seem interesting, and the ones with green do. Okay, so now think of what I've said: Whenever I come back to this game, it restores my bikes. To me, this sounds something like player related. So if you look at the third request in the green box: bikerace-backend.tfgapps.com/players --> the long number above is the given ID. This is a GET request, which means it's asking the url for data for this specific player. When I click on the arrow ('>'), I get some information about the request: Request URL: https://bikerace-backend.tfgapps.com/players/974a6dd2-f0d3-4d55-b66a-a8a860641e51 Request Method: GET Status Code: 200 OK Response body: "Tab to view" And some other stuff, but I'm interested in the response. Remember, when you send a request you'd want some kind of response. Sometimes this response is just a Status Code (200 OK, 500 NOT OK etc etc). So when I click "Tab to view" I get this response in json: I've started a clean account to minimize the json response, as it's very long in my original account. Okay, so I've got some information about my account, as you can see my bikes is an empty array, because I do not have bikes yet. You can see some Id's for my account, my guest multiplayer name etc etc. So what now? Just change the bikes array right? Nope... this is sadly not how it works, this is the response from our GET request, we can't modify responses. If we could, then any game would get rekt. All we got now, is player information which we can't directly modify from our request. However, remember: The game restores your progress, so at some point we it must modify our bikes array. So let's earn a bike & check our network history... Ho-ly-sh!t, this seems interesting. The request method is a PUT, the name already explains what it does, it PUT's something into something... pls don't think about that kids . Jokes aside, this seems HUGE! We also got something new, a request body. When you send data to a server (POST, PUT, UPDATE/PATCH etc), you enter it in the body of the request. If I look at my request body, I see this: Alright, so let's go a little back. Our request method was PUT, and it was send to the url https://bikerace-backend.tfgapps.com/players/974a6dd2-f0d3-4d55-b66a-a8a860641e51/bikes So it's sending this data, to the player with the ID "974a6dd2-f0d3-4d55-b66a-a8a860641e51" & it's sending it the the players bikes. Okay, so this is really huge then, as this is a PUT request, we know the url, the format of the data, meaning we can actually modify this. Now comes the tricky part however, there are so many ways to send requests, you got tools for this, you can do it with curl from your terminal, you can do it with lots of programming languages etc. I'm going to show you how I tested it: with Python. Below, you'll see my Python code with comments that explain what what does. # Importing the requests libary from Python import requests # Importing json, so we can print out the response in json. import json # Creating a function that takes one argument: The player ID. def putAllBikesIntoiOSAccount(accountID): # The URL we have to send the request to, we got this from the image in the topic! url = 'https://bikerace-backend.tfgapps.com/players/' + accountID + '/bikes' # The headers, this is the same as MIME Type. Without the headers, it doesn't know what kind of data you're sending. headers = {"Content-Type": "application/json"} # The body, which will be ALL bikes (75 bikes total) body = {"bikes": range(1,75)} # The actual request being made. Notice the ".put", as we have to PUT bikes into /bikes. # First argument of 'put' is the URL it's being send to. Second the headers & lastly & most important: the body with our biks data. request = requests.put(url, headers=headers, json=body) # Printing our request, so we can see the result. print(request.json()) return request # Calling the function with my player ID putAllBikesIntoiOSAccount("974a6dd2-f0d3-4d55-b66a-a8a860641e51") Now when I run this python file, this is the response of the request we send: {'bikes': [6, 1, 2, 3, 4, 5, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75]} Wow! It seems to work, when I open the game: I got all bikes. Playing around with games like this is much different than modifying their code directly, so that's why prior knowledge about making requests is kinda required. The process of requests, I can't really explain. You will need some experience yourself, youtube has lot's of tutorials showing you how to retrieve(GET) data from a site, how to send(POST) data, how to update(UPDATE/PATCH) data etc etc. I know most likely no one will try or understand this, as cheaters on this forum only do code patching, but this might be interesting for a curious person. Also note that allot of games do have a proper API, where it will be very hard to find a request you can play around with.
  22. Hello guys, If you are as unlucky as me -- being stuck with an A12/13 iDevice (iPhone X and newer) AND iOS version of 13.6, 13.6.1, or 13.7 for whatever reason. edit: Also works for 14.x using any Sileo JB. Your only reliable option to jailbreak and hack your games would be by Odyssey 12.2.2. And unfortunately, getting help from the Odyssey JB community feels like playing the lottery sometimes. Here is what I did in the past 24 hours of researching and trying different things before getting everything working (if you already successfully jailbroke with Odyssey - skip to 12) [Hidden Content]
  23. Bypass Those Pesky Parental Controls! (number three will make your jaw drop) Having been locked out of the Appstore, out of Safari, and out of everything else you are frantically searching for a way to... Idk, do whatever it is you kids do that causes your parents to restrict your device. Anyways, here is how to get past the restriction password on an IOS device (Apple). Difficulty level: Windows User (idiot) *cough*... (I made it, you probably can as well) Requirements: Jailbroken iDevice (I will post a non-jailbreak version later) filza or ifile (I recommend filza) Parental Controls (Duh, you wouldn't need this if you didn't have these activated) Step # ONE: Open up your file manager application and navigate to: /var/mobile/Library/Preferences/com.apple.restrictionspassword.plist Yay! Now back that sucker up so your parents won't catch you later. Save it somewhere else. (I suggest (even though I didn't) in a new folder in Documents: /var/mobile/Documents/"custom name here"/) Step Number : Download this file: [Hidden Content] Great, now overwrite the existing .PLIST with this edited .PLIST. Respring that flat boxy boi. STEP NO. TRES: Once you have resprung, navigate to Settings>General>Restrictions Uh Oh... There is still a passcode... Hmm...Type: [Hidden Content] in the passcode box. ALL DONE! You have succesfully bypassed restrictions. You may edit them or remove them. Make sure, if your parents check your device, that you paste the unedited .PLIST back into the Preferences folder and overwrite it. This will ensure that your edited restrictions are locked by your parents password and not by my bypass password. (And it might keep you from getting caught) PS: I didn't feel like taking screenshots or making a video. Have fun reading! EDIT > VIDEO PROOF: Credits: @garfrench2650 - I MADE THAT FILE! @xiaov - Distracting me and making fun of me when I could not find the hide button... Thanks, Mate. I did it. @DiDA - For Emailing me his brain (and something else ) And for giving me permission to post this. at THE REST OF THE WORLD - You know, just because. (of the chicken jokes)>part of the edit... EDIT: I am adding videos (without sound)... Yes, @DiDA they are mine.
  24. 2 devices required! 1.log to ur banned account 2.log to ur second account 3.add each other 4.invite ur banned account to party(dont accept) 5.click on custom games on ur second account(quick) 6.accept party request on ur banned account(quick) DO NOT SHARE THIS METHOD WITHOUT GIVING ME CREDITS IF U HAVE ANY PROBLEMS CONTACT ME ON DISCORD (“Timer#1337”) VIDEO TUTORIAL:[Hidden Content] 😄
  25. THIS IS THE ONLY ACTUAL WORKING METHOD TUTORIAL/GUIDE TO UNBAN YOUR DEVICE FROM CALL OF DUTY MOBILE WITHOUT LOSING ANY DATA/SAVED PASSWORDS NOTE: This method does not unban your account. It only unbans your device, allowing you to create a new guest account and link that new account to your desired facebook account (one that isn’t banned already). Requirements: - Jailbroken device; - iFile/Filza File Manager (or another similar tweak); Tutorial/Guide: [Hidden Content] Side Note: You can use this method every time your device gets banned for using cheats in Call of Duty: Mobile. In case you need help or messed up a step, leave a comment and I’ll try to reply as quick as I can.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy - Guidelines