Tutorial H5GG Tutorial - Dynamicly Code Patch With Bytes on Non-jailbreak

[GodModerator 211 iPhone X 13.4]

 

with h5frida v2.0 now you can patch code dynamicly on non-jailbreak very easily, like this:

h5gg.require(7.9);

var h5frida=h5gg.loadPlugin("h5frida", "h5frida-15.1.24.dylib");
if(!h5frida) throw "Failed to load h5frida plugin";

alert("frida plugin version="+h5frida.pluginVersion() + "\nfrida core version="+h5frida.coreVersion());

function ActiveCodePatch(fpath, rvaddr, bytes) {
    if(!h5frida.ActiveCodePatch(fpath, rvaddr, bytes)) {
        var result = h5frida.ApplyCodePatch(fpath, rvaddr, bytes);
        alert(fpath+":0x"+rvaddr.toString(16)+"-PatchFailed!\n" + result);return false;
    } return true;
}
function DeactiveCodePatch(fpath, rvaddr, bytes) {
    return h5frida.DeactiveCodePatch(fpath, rvaddr, bytes);
}

/* 
fpath: relative path of the binary in the .app directory

rvaddr: relative virtual address
Generally speaking, for dylib/framework,  rvaddr = [offset in file] = [address in IDA]
for main executable, rvaddr = offset in file = [address in IDA] - [base address in IDA], the base address is usually 0x100000000.
*/
/*************************************************************************/

//switch on
ActiveCodePatch("Frameworks/UnityFramework.framework/UnityFramework", 0x1A21658, "C0035FD6");

//switch off
DeactiveCodePatch("Frameworks/UnityFramework.framework/UnityFramework", 0x1A21658, "C0035FD6");

see more: https://github.com/H5GG/H5GG/tree/main/examples-h5frida

Updated April 11, 2023 by tuancc
fix

[Laxus 803.4k iPhone 5s 10.3.3]

I’m clueless right now, is there a proper code without using hookme to test? Like directly using binary?

[GodModerator 211 iPhone X 13.4]

1 minute ago, Laxus said:

I’m clueless right now, is there a proper code without using hookme to test? Like directly using binary?

do it for your binary by yourself.

hookme is just for testing, you can delete it.
 

[0xSolana 24.9k iPhone 14 18.1]

3 hours ago, Laxus said:

I’m clueless right now, is there a proper code without using hookme to test? Like directly using binary?

var framework = h5gg.getRangesList("UnityFramework");

if it's normal binary:

var bin = h5gg.getRangesList("UnityFramework");

 

here examples : https://github.com/HappyOx6032/h5gg-files

Updated August 31, 2022 by j u s t...
examples

[Laxus 803.4k iPhone 5s 10.3.3]

6 hours ago, j u s t... said:

var framework = h5gg.getRangesList("UnityFramework");

if it's normal binary:

var bin = h5gg.getRangesList("UnityFramework");

 

here examples : https://github.com/HappyOx6032/h5gg-files

Thank you!!

Best explain, I aint programmer

Edit: How do I use these ... 

Updated September 1, 2022 by Laxus

[0xSolana 24.9k iPhone 14 18.1]

6 hours ago, Laxus said:

Thank you!!

Best explain, I aint programmer

Edit: How do I use these ... 

after you can calc the base adress :

 

//get bin or framework

var framework = h5gg.getRangesList("UnityFramework");

//calculate base adresse + offset to prepare patch

var adr = Number(framework[0].start) + 0xOffset;

//patch offset

f***base(adr,"C0035FD6");

 

i think there are better examples in the link

[Happy Secret 3.5k iPad Pro (2nd gen) 16.2]

On 9/1/2022 at 4:15 PM, ꞋꞌꞋꞌꞋꞌꞋꞌ said:

after you can calc the base adress :

 

//get bin or framework

var framework = h5gg.getRangesList("UnityFramework");

//calculate base adresse + offset to prepare patch

var adr = Number(framework[0].start) + 0xOffset;

//patch offset

f***base(adr,"C0035FD6");

 

i think there are better examples in the link

Hello, the link document is gone. Can help upload one back? Thanks in advance

[0xSolana 24.9k iPhone 14 18.1]

8 hours ago, Happy Secret said:

Hello, the link document is gone. Can help upload one back? Thanks in advance

here is the chinese telegram of H5GG, they share a lot of scripts : https://t.me/h5gg_cn

 

and here is a forked repo of the one i gaved :

https://github.com/iRedddy/h5gg-files

[Happy Secret 3.5k iPad Pro (2nd gen) 16.2]

Thx, but I don’t use Telegram.

 

I am on their discord.

[Happy Secret 3.5k iPad Pro (2nd gen) 16.2]

Not sure why I got "The bytes to patch have changed, please revert to original file and try again" error when execute the ActiveCodePatch function. 

I did tried with an unmodified UnityFramework file. Still failed. 

Any idea why? @tuancc