Jump to content
Community Announcements, Giveaways & More!

Tweak Crashes - IDA Function Offset Hooking

Dan L.

By Dan L.
in Help & Support

5 posts in this topic

Recommended Posts

Dan L. Newbie

Dan L. 6
  •   iPhone 7 Plus 
  •   12.1.4

    • Posted
    Posted

    I'm trying to hack Guns of Boom by hooking offsets from IDA into tweak.xm but it crashes.

    I used IL2cppdumper to dump the unity files.

     

    My Device:

    iPhone 7 Plus

    12.1.4 Unc0ver Jailbreak

    Using SDK 10.3

    Used this tut to install Theos: 

     

     

    Here is my tweak.xm 

    #import <substrate.h>
#import <Foundation/Foundation.h>
#import <mach-o/dyld.h>

void (*old_updateSpread)(void *self);

static void updateSpread(void *self) {
	
}

void (*old_applySpread)(void *self);

static void applySpread(void *self) {
	
}

void (*old_resetAccum)(void *self);

static void resetAccum(void *self) {
	
}

void (*old_accumulationEnd)(void *self);

static void accumulationEnd(void *self) {
	
}


%ctor {
	MSHookFunction((void*)(_dyld_get_image_vmaddr_slide(0) + 0x01B95FBC),(void*)updateSpread,(void**)&old_updateSpread);

	MSHookFunction((void*)(_dyld_get_image_vmaddr_slide(0) + 0x01B96670),(void*)applySpread,(void**)&old_applySpread);

	MSHookFunction((void*)(_dyld_get_image_vmaddr_slide(0) + 0x01B96C3C),(void*)resetAccum,(void**)&old_resetAccum);

	MSHookFunction((void*)(_dyld_get_image_vmaddr_slide(0) + 0x01B980FC),(void*)accumulationEnd,(void**)&old_accumulationEnd);
}

     

    Also my makefile: 

    ARCHS = armv7 arm64
TARGET = iphone:clang:latest:latest
THEOS_PACKAGE_DIR_NAME = debs
CFLAGS = -fobjc-arc

include /var/theos/makefiles/common.mk

TWEAK_NAME = GunsOfBoomCheats
GunsOfBoomCheats_FILES = Tweak.xm
GunsOfBoomCheats_LDFLAGS += -Wl,-segalign,4000

include /var/theos/makefiles/tweak.mk

after-install::
	install.exec "killall -9 SpringBoard"

    Crash report: https://imgur.com/a/LyYDHVL

     

    Rook iOS God

    Rook 560k
  •   iPad Pro (2nd gen) 
  •   17.4
  • Donor
  •  

    • Posted
    Posted

    Hello,

    This won't work because you're using vp_Shooter$$ResetAccumulation as symbols when they are not.

    You should hook the function offset instead of the function name.

    Dan L. Newbie

    Dan L. 6
  •   iPhone 7 Plus 
  •   12.1.4

    • Posted
    • Author
    Posted
    35 minutes ago, DADi said:

    Hello,

    This won't work because you're using vp_Shooter$$ResetAccumulation as symbols when they are not.

    You should hook the function offset instead of the function name.

    Would this be the offset? https://imgur.com/a/mGBaqKA

    Archived

    This topic is now archived and is closed to further replies.

    Go to topic listing
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines