Tutorial [Beginner Friendly] Guide to Easily Hacking Your First Unity Game

Enoch · April 9, 2022

There's a lot of tutorials on here but some are more difficult to understand than others so I'm gonna make this as beginner friendly as possible. I won't be teaching you how to install theos, how to create a project in theos, compiling, cracking the game, etc. There's plenty of tutorials here to teach you that but if you click on the name's in "what's needed" you'll be linked to the tutorials.

What's needed:
Theos
OpenSSH
iOSGods Live Offset Patcher
IDA Pro
il2cppdumper
iGDecrypt
Ted2's mod menu template
Filza
CyberDuck or WinSCP

Game we'll be hacking:
Sugar Blast!

Hexes:

High float and public int values: 0090261EC0035FD6 and 00F0271EC0035FD6

Bool TRUE: 20008052C0035FD6

Bool FALSE: 00008052C0035FD6

Low values: 20008052C0035FD6 and 00D0251EC0035FD6

All other values can be found by using the Arm to Hex converter and entering the following:

fmov s0, #5
fmul s0, s0, s0
fmul s0, s0, s0
ret

The ARM64 HEX box at the bottom right will have the offsets needed. Change "#5" to a higher or lower value depending on what you're looking for.

What is bool true and bool false used for?:

Bool true and bool false is used for things like GetAds, HasNoAds, HasInfiniteAmmo, and similar names. For GetAds you would ideally use bool false and HasNoAds you would ideally use bool true.

Dumping with il2cppdumper:

This part is fairly easy and straight forward. First of all, make sure you have decrypted & cracked your target game using iGDecrypt. Now visit il2cppdumper online website and put the cracked binary in "Executable file" and put the metadata in "global-metadata.dat". Metadata can be found in /gamename.app/data/managed/metadata/.

Then hit submit and download the output from the server.

Using IDA to find your functions and offsets:

I personally prefer to look at everything in IDA, others prefer looking at the C-Sharp in DnSpy. Whatever is easier for you or what you feel more comfortable with.

Upload the binary into IDA, this may take a while to decompile depending on your PC. You'll know it's done when you see "idle" at the bottom left of IDA.

Once the it's done decompiling then you're ready to upload the script. This will also take a while depending on your laptop/pc.

When uploading the script file you're gonna want to upload the file "ida" (not ghidra or ida_with_struct) and then "script.json" (not config.json or stringliteral.json) that'll be located in your il2cpp folder. Once it's done you'll see "idle" at the bottom left of IDA again.

Searching functions:

Now it's time to do work, searching functions. Press CTRL+F to use the quick filter. Search the function names you want. Different games are gonna have different names of course. And some games will have multiple functions with the similar names, it's all trail and error when that happens.

What I'm gonna be searching for is coins.

GardenMeta.Inventory$$GetCoins looks like it's going to be it because we of course want to get coins and none of the other function names look like they will help us.

Double click on the function name and then scroll up until you see the function name next to the offset.

Our offset will be 10190EF94, ignore all the 0's infront of it.

Using the Live Offset Patcher:

Thanks to @Rook and others that helped create the !Live Offset Patcher, it makes the job 10x easier. Your offset will go on the left side and the hex will go on the right side. Now it's time to test if it's going to work. Once again, I'll be putting 10190EF94 in the left box and since we want a high number of coins we're going to put 00F0271EC0035FD6 in the right side box. Now that that's done, you'll simply click on it to activate it.

You can look for other functions such as moves, power ups, lives, etc. Whatever you can think of and test them out. This is where you get to work.

Good luck on your journey ladies and gents.

Updated April 9, 2022 by Rook

LeakedTreasure · March 19, 2020

Useful. Thanks for the the share bro

Error. · March 19, 2020

Nice

Updated March 19, 2020 by Error.

Rook · March 19, 2020

Thank you for the tutorial!

Flxcz453 · March 19, 2020

Nice and easy tut

Kilmnar · March 19, 2020

Excellent on the hyperlinks. Nice tut

Kilmnar · March 20, 2020

Pin this?

The Kid Morales · March 20, 2020

Got lost from just reading the first line🥴

Tulak Hord · March 20, 2020

Why do we change with fmov? Doesn't normal mov work?

Enoch · March 20, 2020

4 hours ago, The Kid Morales said:

Got lost from just reading the first line🥴

What do you not understand? I can try to break it down more if it is that difficult to understand.

2 hours ago, Tulak Hord said:

Why do we change with fmov? Doesn't normal mov work?

That was the “code” I was given by a friend so that’s what I’ve used. You can use mov if you want to. I just prefer to stick with the things I was given.