Jump to content

1 post in this topic

Recommended Posts

Posted (edited)

Hello, dear friends! It's a pleasure to meet you all!

I'm new here and I need some help for my learning.

My question is about a main.cpp, how to basically run with 'Damage' and 'Defence' multiplier function (with the floating mod). It's possible to use hooking and hex in the same, one enable and the other disabled (to alternate)?

Please, if possible can you help me with the code below?

 

Note: The target offsets be like this:

The first below is the Damage.    

// Token: 0x17000D53 RID: 3411
    // (get) Token: 0x06003223 RID: 12835 RVA: 0x00010770 File Offset: 0x0000E970
    [Token(Token = "0x17000D53")]
    public int AttackPower
    {
        [Token(Token = "0x6003223")]
        [Address(RVA = "0xDF6200", Offset = "0xDF6200", VA = "0xCCDF6200")]
        get
        {
            return 0;
        }

The second below is Defence:

    // Token: 0x17000D54 RID: 3412
    // (get) Token: 0x06003224 RID: 12836 RVA: 0x00010788 File Offset: 0x0000E988
    [Token(Token = "0x17000D54")]
    public int DefencePower
    {
        [Token(Token = "0x6003224")]
        [Address(RVA = "0xDF6410", Offset = "0xDF6410", VA = "0xCCDF6410")]
        get
        {
            return 0;
        }
    }

 

 You have all my thanks!!!

Code:

/*

#include <list>
#include <vector>
#include <string.h>
#include <pthread.h>
#include <cstring>
#include <jni.h>
#include <unistd.h>
#include <fstream>
#include "Includes/obfuscate.h"
#include "KittyMemory/MemoryPatch.h"
#include "Includes/Logger.h"
#include "Includes/Utils.h"
#include "Menu.h"

#if defined(__aarch64__) //Compile for arm64 lib only
#include <And64InlineHook/And64InlineHook.hpp>
#else //Compile for armv7 lib only. Do not worry about greyed out highlighting code, it still works

#include <Substrate/SubstrateHook.h>
#include <Substrate/CydiaSubstrate.h>
#include <iostream>

#endif

// fancy struct for patches for kittyMemory
struct My_Patches {
    // let's assume we have patches for these functions for whatever game
    // like show in miniMap boolean function
    MemoryPatch Damage, Defence,  SliderDamage, SliderDefence, SliderArmor;
    // etc...
} hexPatches;

bool feature2 = false, attackpower = false, featureHookToggle = false, gem = false, defencepower = false;
int sliderValue = 1;
void *instanceBtn;
int slider = 1;


// Function pointer splitted because we want to avoid crash when the il2cpp lib isn't loaded.
// If you putted getAbsoluteAddress here, the lib tries to read the address without il2cpp loaded,
// will result in a null pointer which will cause crash
void (*get_gem)(void *instance, int amount);

//Target lib here
#define targetLibName OBFUSCATE("libil2cpp.so")


extern "C" {
JNIEXPORT void JNICALL
Java_uk_lgl_MainActivity_Toast(JNIEnv *env, jclass obj, jobject context) {
    MakeToast(env, context, OBFUSCATE("Modded by Yamasu"), Toast::LENGTH_LONG);
}


JNIEXPORT jobjectArray
JNICALL
Java_uk_lgl_modmenu_FloatingModMenuService_getFeatureList(JNIEnv *env, jobject activityObject) {
    jobjectArray ret;

    const char *features[] = {
            OBFUSCATE("Category_The Category"), //Not counted
            OBFUSCATE("Toggle_Damage"), //0 Case
            OBFUSCATE("Toggle_Defence"), //1 Case
            OBFUSCATE("SeekBar_DamageMT_1_100"), //2 Case
            OBFUSCATE("SeekBar_DamageHeX_1_100"), //3 Case
            OBFUSCATE("Toggle_AttackPower"), //4 Case
            OBFUSCATE("Slider_Damage"), //5 Case
            OBFUSCATE("Slider_Defence"), //6 Case
            OBFUSCATE("Slider_Armor"), //7 Case
            OBFUSCATE("Toggle_Gems"), //8 Case
            OBFUSCATE("Toggle_Gems"), //9 Case
            OBFUSCATE("Toggle_FeatureHook"), //10 Case
            OBFUSCATE("Toggle_Gems"), //11 Case
            OBFUSCATE("Toggle_DefencePower"), //12 Case
    };

    //Now you dont have to manually update the number everytime;
    int Total_Feature = (sizeof features / sizeof features[0]);
    ret = (jobjectArray)
            env->NewObjectArray(Total_Feature, env->FindClass(OBFUSCATE("java/lang/String")),
                                env->NewStringUTF(""));

    for (int i = 0; i < Total_Feature; i++)
        env->SetObjectArrayElement(ret, i, env->NewStringUTF(features[i]));

    pthread_t ptid;
    pthread_create(&ptid, NULL, antiLeech, NULL);

    return (ret);
}


JNIEXPORT void JNICALL
Java_uk_lgl_modmenu_Preferences_Changes(JNIEnv *env, jclass clazz, jobject obj,
                                        jint featNum, jstring featName, jint value,
                                        jboolean boolean, jstring str) {
    //Convert java string to c++
    const char *featureName = env->GetStringUTFChars(featName, 0);
    const char *TextInput;
    if (str != NULL)
        TextInput = env->GetStringUTFChars(str, 0);
    else
        TextInput = "On~Off";


    LOGD(OBFUSCATE("Feature name: %d - %s | Value: = %d | Bool: = %d | Text: = %s"), featNum,
         featureName, value,
         boolean, TextInput);



    //BE CAREFUL NOT TO ACCIDENTLY REMOVE break;

    switch (featNum) {
        case 0:
            feature2 = boolean;
            if (feature2) {
                hexPatches.Damage.Modify();
            } else {
                hexPatches.Damage.Restore();
            }
            break;
        case 1:
            feature2 = boolean;
            if (feature2) {
                hexPatches.Defence.Modify();
            } else {
                hexPatches.Defence.Restore();
            }
            break;
    }
    switch (value) {
        case 2:
            if (value >= 1) {
                sliderValue = value;  //no multiplication

            }
            break;
    }
    switch (value) {
        case 3 :
            if (value >= 1) {
                sliderValue = value * 99999;  // with multiplication does freeze the game

            }
            break;
    }
    switch (featNum) {
        case 4:
            attackpower = boolean;
            break;
    }
    switch (value) {
        case 5:
            hexPatches.SliderDamage = MemoryPatch::createWithHex(
                    targetLibName, string2Offset(
                            OBFUSCATE_KEY("0x15ED0C8", 't')),
                    OBFUSCATE(
                            "60 0A 0E E3 1E FF 2F E1"));
            hexPatches.SliderDamage.Modify();
            break;
        case 6:
            hexPatches.SliderDefence = MemoryPatch::createWithHex(
                    targetLibName, string2Offset(
                            OBFUSCATE_KEY("0x15ED148", 'b')),
                    OBFUSCATE(
                            "60 0A 0E E3 1E FF 2F E1"));
            hexPatches.SliderDefence.Modify();
            break;
        case 7:
            hexPatches.SliderArmor = MemoryPatch::createWithHex(
                    targetLibName, string2Offset(
                            OBFUSCATE_KEY("0x96D7B8", 'q')),
                    OBFUSCATE(
                            "60 0A 0E E3 1E FF 2F E1"));
            hexPatches.SliderArmor.Modify();
            break;
    }
    switch (value)
        case 8: {
            if (instanceBtn != NULL)
                get_gem(instanceBtn, 9999);
            MakeToast(env, obj, OBFUSCATE("Button pressed"), Toast::LENGTH_SHORT);

            break;
        }

    switch (featNum) {
        case 9:
            featureHookToggle = boolean;

            break;
    }
            switch (featNum) {
                case 10:
                    MakeToast(env, obj, TextInput, Toast::LENGTH_SHORT);
                    break;
            }
    switch (featNum) {
        case 11:
            gem  = boolean;
            break;
    }
    switch (featNum) {
        case 12:
            defencepower  = boolean;
            break;
    }

}


// Hooking example
int (*old_attack)(void *instance);
int attack(void *instance) {
    if (instance != NULL && attackpower) {
        return 9999;
    }
    return old_attack(instance);
}
int (*old_defence)(void *instance);
int defence(void *instance) {
    if (instance != NULL && defencepower) {
        return 9999;
    }
    return old_defence(instance);
}

double (*old_Attack)(void *instance);
double (AttackPower)(void *instance) {

    if (instance != NULL && sliderValue >
                            1) {                             //is true when slidervalue more than 1 and not null
        return (double) sliderValue;
    }
    old_Attack(instance);             // otherwise return to old value
}

//Toast
int (*old_gem)(void *instance);
int Gem(void *instance) {
    if (instance != NULL && gem) {
        return 9999;
    }
    return old_gem(instance);
}

// we will run our patches in a new thread so our while loop doesn't block process main thread
// Don't forget to remove or comment out logs before you compile it.

//KittyMemory Android Example: https://github.com/MJx0/KittyMemory/blob/master/Android/test/src/main.cpp
//Use ARM Converter to convert ARM to HEX: https://armconverter.com/
//Note: We use OBFUSCATE_KEY for offsets which is the important part xD

void *hack_thread(void *) {
    LOGI(OBFUSCATE("pthread called"));

    //Check if target lib is loaded
    do {
        sleep(1);
    } while (!isLibraryLoaded(targetLibName));

    LOGI(OBFUSCATE("%s has been loaded"), (const char *) targetLibName);


#if defined(__aarch64__) //Compile for arm64 lib only
    // New way to patch hex via KittyMemory without need to  specify len. Spaces or without spaces are fine
    //hexPatches.GodMode = MemoryPatch::createWithHex(targetLibName,
                                                    //string2Offset(OBFUSCATE_KEY("0x123456", '3')),
                                                    //OBFUSCATE("00 00 A0 E3 1E FF 2F E1"));
    //You can also specify target lib like this
    //hexPatches.GodMode2 = MemoryPatch::createWithHex("libtargetLibHere.so",
                                                     //string2Offset(OBFUSCATE_KEY("0x222222", 'g')),
                                                     //OBFUSCATE("00 00 A0 E3 1E FF 2F E1"));

    // Offset Hook example
    // A64HookFunction((void *) getAbsoluteAddress(targetLibName, string2Offset(OBFUSCATE_KEY("0x123456", 'l'))), (void *) get_BoolExample,
    //                (void **) &old_get_BoolExample);

    // Function pointer splitted because we want to avoid crash when the il2cpp lib isn't loaded.
    // See https://guidedhacking.com/threads/android-function-pointers-hooking-template-tutorial.14771/
    gem = (void(*)(void *,int))getAbsoluteAddress(targetLibName, 0x123456);

#else //Compile for armv7 lib only. Do not worry about greyed out highlighting code, it still works

    // New way to patch hex via KittyMemory without need to specify len. Spaces or without spaces are fine
    hexPatches.Damage = MemoryPatch::createWithHex(targetLibName,
                                                   string2Offset(OBFUSCATE_KEY("0x15ED0C8", 'g')),
                                                   OBFUSCATE("DC OF OF E3 1E FF 2F E1"));
    //You can also specify target lib like this
    hexPatches.Defence = MemoryPatch::createWithHex(targetLibName,
                                                    string2Offset(OBFUSCATE_KEY("0x15ED148", 'g')),
                                                    OBFUSCATE("DC OF OF E3 1E FF 2F E1"));

    hexPatches.SliderDamage = MemoryPatch::createWithHex(targetLibName,
                                                         string2Offset(
                                                                 OBFUSCATE_KEY("0x15ED0C8", 'g')),
                                                         OBFUSCATE("12 07 80 E3 1E FF 2F E1"));

    hexPatches.SliderDefence = MemoryPatch::createWithHex(targetLibName,
                                                          string2Offset(
                                                                  OBFUSCATE_KEY("0x15ED148", 'g')),
                                                          OBFUSCATE("12 07 80 E3 1E FF 2F E1"));

    hexPatches.SliderArmor = MemoryPatch::createWithHex(targetLibName,
                                                        string2Offset(
                                                                OBFUSCATE_KEY("0x96D7B8", 'g')),
                                                        OBFUSCATE("12 07 80 E3 1E FF 2F E1"));
    //Apply patches here if you don't use mod menu
    //hexPatches.GodMode.Modify();
    //hexPatches.GodMode2.Modify();

    // Offset Hook example
    MSHookFunction((void *) getAbsoluteAddress(targetLibName,
                   string2Offset(OBFUSCATE_KEY("0x1C8C8E0", '?'))),
                  (void *) get_gem, (void **) &old_gem);
    MSHookFunction((void *) getAbsoluteAddress(targetLibName,
                                               string2Offset(OBFUSCATE_KEY("0x1C8B70C", '?'))),
                   (void *) get_gem, (void **) &old_gem);


    // Symbol hook example (untested). Symbol/function names can be found in IDA if the lib are not stripped. This is not for il2cpp games
    MSHookFunction((void *) ("__unwind_"), (void *) get_gem, (void **) &old_gem);

    // Function pointer splitted because we want to avoid crash when the il2cpp lib isn't loaded.
    // See https://guidedhacking.com/threads/android-function-pointers-hooking-template-tutorial.14771/
    get_gem = (void (*)(void *, int)) getAbsoluteAddress(targetLibName, 0x1C8C8E0);
    get_gem = (void (*)(void *, int)) getAbsoluteAddress(targetLibName, 0x1C8B70C);

    LOGI(OBFUSCATE("Done"));

#endif

    return NULL;
}

//No need to use JNI_OnLoad, since we don't use JNIEnv
//We do this to hide OnLoad from disassembler
__attribute__((constructor))
void lib_main() {
    // Create a new thread so it does not block the main thread, means the game would not freeze
    pthread_t ptid;
    pthread_create(&ptid, NULL, hack_thread, NULL);
}

/*
JNIEXPORT jint JNICALL
JNI_OnLoad(JavaVM *vm, void *reserved) {
    JNIEnv *globalEnv;
    vm->GetEnv((void **) &globalEnv, JNI_VERSION_1_6);

    return JNI_VERSION_1_6;
}
 */
}
Updated by Azuma tan
More information about the target offsets, text correction

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Our picks

    • Zombie Fortress: Trap Defense v0.8.0 [+6 Jailed Cheats]
      Modded/Hacked App: Zombie Fortress: Trap Defense By SayGames LTD
      Bundle ID: com.nlabsoft.zombiecrusher.s
      App Store Link: https://apps.apple.com/us/app/zombie-fortress-trap-defense/id6747713523?uo=4



      🤩 Hack Features

      - Add Cash
      - Add Diamond
      - Add Energy
      - Add Parts
      - Never Die
      - Add Battle Gold (Enable inside battle)
      • 3 replies
    • Zombie Fortress: Trap Defense v0.8.0 [+6 Cheats]
      Modded/Hacked App: Zombie Fortress: Trap Defense By SayGames LTD
      Bundle ID: com.nlabsoft.zombiecrusher.s
      App Store Link: https://apps.apple.com/us/app/zombie-fortress-trap-defense/id6747713523?uo=4



      🤩 Hack Features

      - Add Cash
      - Add Diamond
      - Add Energy
      - Add Parts
      - Never Die
      - Add Battle Gold (Enable inside battle)
      • 1 reply
    • Heroes Crew: Strategy Defense v1.1.5 [+6 Cheats]
      Modded/Hacked App: Heroes Crew: Strategy Defense By AlohaFactory
      Bundle ID: com.overdogs.heroes
      App Store Link: https://apps.apple.com/us/app/heroes-crew-strategy-defense/id6744350078?uo=4



      🤩 Hack Features

      - Add Currency
      - Unlimited Items
      - Unlimited Property (Heroes, Relic etc)
      - Activate VVip (Use after tutorial and only in main menu)
      - Activate Premium Hunt Pass (Use after tutorial and only in main menu)
      - Unlimited Battle Currency (Always Will Increase)
      • 31 replies
    • Heroes Crew: Strategy Defense v1.1.5 [+6 Jailed Cheats]
      Modded/Hacked App: Heroes Crew: Strategy Defense By AlohaFactory
      Bundle ID: com.overdogs.heroes
      App Store Link: https://apps.apple.com/us/app/heroes-crew-strategy-defense/id6744350078?uo=4



      🤩 Hack Features

      - Add Currency
      - Unlimited Items
      - Unlimited Property (Heroes, Relic etc)
      - Activate VVip (Use after tutorial and only in main menu)
      - Activate Premium Hunt Pass (Use after tutorial and only in main menu)
      - Unlimited Battle Currency (Always Will Increase)
      • 15 replies
    • Candy Pop Story : Match 3 v1.23.0722 [ +3 Cheats ] Auto Win
      Modded/Hacked App: Candy Pop Story : Match 3 By F.O.G LIMITED
      Bundle ID: com.gamoper.candysweetstory.ios
      App Store Link: https://apps.apple.com/us/app/candy-pop-story-match-3/id6670773988?uo=4


      🤩 Hack Features

      - Auto Win
      - Coins
      - Moves
      -
      • 6 replies
    • Candy Pop Story : Match 3 v1.23.0722 [ +3 Jailed ] Auto Win
      Modded/Hacked App: Candy Pop Story : Match 3 By F.O.G LIMITED
      Bundle ID: com.gamoper.candysweetstory.ios
      App Store Link: https://apps.apple.com/us/app/candy-pop-story-match-3/id6670773988?uo=4
       

      🤩 Hack Features

      - Auto Win
      - Coins
      - Moves
      • 6 replies
    • Boom Castle Tower Defense TD v1.5.2 [ +7 Jailed ] Easy Win
      Modded/Hacked App: Boom Castle: Tower Defense TD By Terahype s.r.o.
      Bundle ID: castle.heroes.tower.defense.kingdom.magic.battle.archer
      iTunes Store Link: https://apps.apple.com/us/app/boom-castle-tower-defense-td/id6502820312?uo=4


      Hack Features:

      - Enemy Status [ HP DEF ]

      - Base HP 

      - Battle Cost 0 

      - Stage Unlocked [ Play Any Stage ]

      - Battle Pass Unlocked 

      - Battle Pass Claim Unlimited [ Gems Gold ]

      - iGG Speed Hack Max 0 - 10 [ Skill CD - ATK Speed - Animation Speed - Wave Faster ]


      Jailbreak required hack(s): https://iosgods.com/forum/5-game-cheats-hack-requests/
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
      • 48 replies
    • Boom Castle Tower Defense TD v1.5.2 [ +7 Cheats ] Easy Win
      Modded/Hacked App: Boom Castle: Tower Defense TD By Terahype s.r.o.
      Bundle ID: castle.heroes.tower.defense.kingdom.magic.battle.archer
      iTunes Store Link: https://apps.apple.com/us/app/boom-castle-tower-defense-td/id6502820312?uo=4


      Hack Features:
      - Enemy Status [ HP DEF ]

      - Base HP 

      - Battle Cost 0 

      -  Stage Unlocked [ Play Any Stage ]

      - Battle Pass Unlocked 

      - Battle Pass Claim Unlimited [ Gems Gold ]

      - iGG Speed Hack Max 0 - 10 [ Skill CD - ATK Speed - Animation Speed - Wave Faster ] 


      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
      • 52 replies
    • Zombie Infinity v1.9.1 [ +5 Cheats ] Currency Max
      Modded/Hacked App: Zombie Infinity By kamasu.jp Inc.
      Bundle ID: jp.kamasu.oread
      App Store Link: https://apps.apple.com/ph/app/zombie-infinity/id6736433765?uo=4


      🤩 Hack Features

      - ADS Pass

      - Energy Pass

      - Premium Pass

      - Currency

      - Hero Status [ HP - DMG ]
      • 4 replies
    • Zombie Infinity v1.9.1 [ +5 Jailed ] Currency Max
      Modded/Hacked App: Zombie Infinity By kamasu.jp Inc.
      Bundle ID: jp.kamasu.oread
      App Store Link: https://apps.apple.com/ph/app/zombie-infinity/id6736433765?uo=4


      🤩 Hack Features

      - ADS Pass

      - Energy Pass

      - Premium Pass

      - Currency

      - Hero Status [ HP - DMG ]
      • 3 replies
    • Alien Survivor: Survival Arena v1.40.0 [ +7 Cheats ] Currency Max
      Modded/Hacked App: Alien Survivor: Survival Arena By IMPONILOX LIMITED
      Bundle ID: world.playme.x
      iTunes Store Link: https://apps.apple.com/us/app/alien-survivor-survival-arena/id1669761844?uo=4
       

      🚀 Hack Features

      - ADS NO [ Rewards Free ]

      - Gems [ Achievements Rewards Only One Get ]

      - Energy [ Just Buy ]

      - HP [ Just Equip & Unequip ]

      - ATK [ Just Equip & Unequip ]

      - DEF [ Just Equip & Unequip ]

      - Skill CD [ First Get Then Use ]


      🍏 For Non-Jailbroken & No Jailbreak required hacks: https://iosgods.com/forum/79-no-jailbreak-section/
      🤖 Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      • 19 replies
    • Alien Survivor: Survival Arena v1.40.0 [ +7 Jailed ] Currency Max
      Modded/Hacked App: Alien Survivor: Survival Arena By IMPONILOX LIMITED
      Bundle ID: world.playme.x
      iTunes Store Link: https://apps.apple.com/us/app/alien-survivor-survival-arena/id1669761844?uo=4


      🚀 Hack Features

      - ADS NO [ Rewards Free ]

      - Gems [ Achievements Rewards Only One Get ]

      - Energy [ Just Buy ]

      - HP [ Just Equip & Unequip ]

      - ATK [ Just Equip & Unequip ]

      - DEF [ Just Equip & Unequip ]

      - Skill CD [ First Get Then Use ]


      🍏 Jailbreak iOS hacks: https://iosgods.com/forum/5-game-cheats-hack-requests/
      🤖 Modded Android APKs: https://iosgods.com/forum/68-android-section/
      • 32 replies
×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines