Jump to content
Community Announcements, Giveaways & More!

H5GG Tutorial - Dynamicly Code Patch With Bytes on Non-jailbreak

GodModerator

By GodModerator
Updated in H5GG & iGameGod

 Share

13 posts in this topic

Recommended Posts

GodModerator Supporter

GodModerator 202
  •   iPhone X 
  •   13.4

    • Updated
    Updated (edited)

     

    with h5frida v2.0 now you can patch code dynamicly on non-jailbreak very easily, like this: 

    h5gg.require(7.9);

var h5frida=h5gg.loadPlugin("h5frida", "h5frida-15.1.24.dylib");
if(!h5frida) throw "Failed to load h5frida plugin";

alert("frida plugin version="+h5frida.pluginVersion() + "\nfrida core version="+h5frida.coreVersion());

function ActiveCodePatch(fpath, rvaddr, bytes) {
    if(!h5frida.ActiveCodePatch(fpath, rvaddr, bytes)) {
        var result = h5frida.ApplyCodePatch(fpath, rvaddr, bytes);
        alert(fpath+":0x"+rvaddr.toString(16)+"-PatchFailed!\n" + result);return false;
    } return true;
}
function DeactiveCodePatch(fpath, rvaddr, bytes) {
    return h5frida.DeactiveCodePatch(fpath, rvaddr, bytes);
}

/* 
fpath: relative path of the binary in the .app directory

rvaddr: relative virtual address
Generally speaking, for dylib/framework,  rvaddr = [offset in file] = [address in IDA]
for main executable, rvaddr = offset in file = [address in IDA] - [base address in IDA], the base address is usually 0x100000000.
*/
/*************************************************************************/

//switch on
ActiveCodePatch("Frameworks/UnityFramework.framework/UnityFramework", 0x1A21658, "C0035FD6");

//switch off
DeactiveCodePatch("Frameworks/UnityFramework.framework/UnityFramework", 0x1A21658, "C0035FD6");

    see more: https://github.com/H5GG/H5GG/tree/main/examples-h5frida

    Updated by tuancc
    fix
    • Like 3
    • Agree 2
    • Informative 1
    Laxus iOS God

    Laxus 793.4k
  •   iPhone 5s 
  •   10.3.3

    • Posted
    Posted

    I’m clueless right now, is there a proper code without using hookme to test? Like directly using binary?

    GodModerator Supporter

    GodModerator 202
  •   iPhone X 
  •   13.4

    • Posted
    • Author
    Posted
    1 minute ago, Laxus said:

    I’m clueless right now, is there a proper code without using hookme to test? Like directly using binary?

    do it for your binary by yourself.

    hookme is just for testing, you can delete it.
     

    0xSolana Proficient

    0xSolana 23.8k
  •   iPhone 14 
  •   18.1

    • Posted
    Posted (edited)
    3 hours ago, Laxus said:

    I’m clueless right now, is there a proper code without using hookme to test? Like directly using binary?

    var framework = h5gg.getRangesList("UnityFramework");

    if it's normal binary:

    var bin = h5gg.getRangesList("UnityFramework");

     

    here examples https://github.com/HappyOx6032/h5gg-files

    Updated by j u s t...
    examples
    Laxus iOS God

    Laxus 793.4k
  •   iPhone 5s 
  •   10.3.3

    • Posted
    Posted (edited)
    6 hours ago, j u s t... said:

    var framework = h5gg.getRangesList("UnityFramework");

    if it's normal binary:

    var bin = h5gg.getRangesList("UnityFramework");

     

    here examples https://github.com/HappyOx6032/h5gg-files

    Thank you!! :D

    Best explain, I aint programmer

    Edit: How do I use these ... 

    Updated by Laxus
    0xSolana Proficient

    0xSolana 23.8k
  •   iPhone 14 
  •   18.1

    • Posted
    Posted
    6 hours ago, Laxus said:

    Thank you!! :D

    Best explain, I aint programmer

    Edit: How do I use these ... 

    after you can calc the base adress :

     

    //get bin or framework

    var framework = h5gg.getRangesList("UnityFramework");

    //calculate base adresse + offset to prepare patch

    var adr = Number(framework[0].start) + 0xOffset;

    //patch offset

    f***base(adr,"C0035FD6");

     

    i think there are better examples in the link :)

    • Informative 1
    Happy Secret Rising Star

    Happy Secret 3.4k
  •   iPad Pro (2nd gen) 
  •   16.2

    • Posted
    Posted
    On 9/1/2022 at 4:15 PM, ꞋꞌꞋꞌꞋꞌꞋꞌ said:

    after you can calc the base adress :

     

    //get bin or framework

    var framework = h5gg.getRangesList("UnityFramework");

    //calculate base adresse + offset to prepare patch

    var adr = Number(framework[0].start) + 0xOffset;

    //patch offset

    f***base(adr,"C0035FD6");

     

    i think there are better examples in the link :)

    Hello, the link document is gone. Can help upload one back? Thanks in advance

    Happy Secret Rising Star

    Happy Secret 3.4k
  •   iPad Pro (2nd gen) 
  •   16.2

    • Posted
    Posted

    Not sure why I got "The bytes to patch have changed, please revert to original file and try again" error when execute the ActiveCodePatch function. 

    I did tried with an unmodified UnityFramework file. Still failed. 

    Any idea why? @tuancc

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share
    Go to topic listing
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines