Tutorial H5GG Full Tutorial [Offset Patching + Hooking] for Non-Jailbroken/Jailbreak Devices !

hassen hawari · January 14, 2023

Just now, ꞋꞌꞋꞌꞋꞌꞋꞌ said:

Yep, but here are the basics, after that you can make an HTML Mod Menu and create a dylib that contains your HTML + JS. then you can inject it on an iPA and you wont need to inject the script or anything.

Since Non-JB doesn't have the same permission as a JB Device, i don't think Frida let you hook like on JB.

Do you know any useful video links to learn hack Android games il2cpp?

Happy Secret · January 14, 2023

5 minutes ago, ꞋꞌꞋꞌꞋꞌꞋꞌ said:

Yep, but here are the basics, after that you can make an HTML Mod Menu and create a dylib that contains your HTML + JS. then you can inject it on an iPA and you wont need to inject the script or anything.

HTML + JS injection is fine. But UnityFramework need to patch once before ActiveCodePatch works, this is never mentioned in their example scripts. Not even in GitHub.

But yes, I can understand there will always be a gap between what we can do with jailbroken or not. H5GG already made a huge step forward to close the gap. It will be a plus, if we can help improve documentation a bit.

Happy Secret · January 14, 2023

25 minutes ago, namcyeon said:

@Happy Secret You can try second method with hook, but it's not working with me.

It works for me, even with the ActiveCodePatch patched UnityFramework binary. Probably it just need an artificial anchor point on the same address.

I tested the get_CanJump hack only.

0xSolana · January 14, 2023

19 minutes ago, Happy Secret said:

HTML + JS injection is fine. But UnityFramework need to patch once before ActiveCodePatch works, this is never mentioned in their example scripts. Not even in GitHub.

But yes, I can understand there will always be a gap between what we can do with jailbroken or not. H5GG already made a huge step forward to close the gap. It will be a plus, if we can help improve documentation a bit.

Tuancc said it was for advanced modders only, i guess that's why it'd documented that way.

Yeah they didn't made any guide for that, that's why i made one

11 minutes ago, Happy Secret said:

It works for me, even with the ActiveCodePatch patched UnityFramework binary. Probably it just need an artificial anchor point on the same address.

I tested the get_CanJump hack only.

You only need to "prepare" the UnityFramwork once, after that you can hook/patch the offset. No need to replace with a new UnityFramework file if you switch between ActiveCodePatch/StaticInlineHookFunction.

Updated January 14, 2023 by ꞋꞌꞋꞌꞋꞌꞋꞌ

namcyeon · January 15, 2023

I find out, because i use esign with bought certificate so hooking is not working, with sideloadly, it's running. Replace unity framework whenever you update the mod isn't a good idea. Hopefully one day, non jailbreak can patch the memory offset 🤕

namcyeon · January 15, 2023

i think, a better way is make a app in windows to patch the unityframework file instead of running the mod script to patch it. Then after sideloadly, we can use the mod script. But i have no idea about how to make that app, lol

0xSolana · January 15, 2023

7 hours ago, namcyeon said:

i think, a better way is make a app in windows to patch the unityframework file instead of running the mod script to patch it. Then after sideloadly, we can use the mod script. But i have no idea about how to make that app, lol

H5GG doesn't work like this, it wouldn't be possible since apps are Sandbox on jailed devices.

The only solution is to patch all your offset at once, and replace only once the framework file.

CaIIMeZeus · January 15, 2023

I want to add some mini information too..

you can get new edited binary file from "Documents" app which comes built in app with iDevices. so you can earn time with 3u tools.

Also you guys can use customized and good looking menus written by HTML for your menus too. You can join our server from this link : https://discord.gg/h5gg.

Thanks for making a tutorial for H5GG.

We will be waiting for you to make a tutorial for Unity5D which allows you to make all version ESP hacks for UnityFramework binary games with few clicks.

0xSolana · January 15, 2023

18 minutes ago, CaIIMeZeus said:

I want to add some mini information too..

you can get new edited binary file from "Documents" app which comes built in app with iDevices. so you can earn time with 3u tools.

Also you guys can use customized and good looking menus written by HTML for your menus too. You can join our server from this link : https://discord.gg/h5gg.

We will be waiting for you to make a tutorial for Unity5D which allows you to make all version ESP hacks for UnityFramework binary games with few clicks.

On part 2, i will probably make a tut with a mod menu, but for the first part i just wanted to people know how to patch and hook.

And also, afaik Documents app doesn't let you access app content in /Documents of Subway Surfer (in the case of the tutorial) even if the app has File Sharing enable. (at least on a fully jailed phone)

I will edit the topic once i have time to add Discord link and official Github

Updated January 15, 2023 by ꞋꞌꞋꞌꞋꞌꞋꞌ

Happy Secret · January 15, 2023

1 hour ago, ꞋꞌꞋꞌꞋꞌꞋꞌ said:

On part 2, i will probably make a tut with a mod menu, but for the first part i just wanted to people know how to patch and hook.

And also, afaik Documents app doesn't let you access app content in /Documents of Subway Surfer (in the case of the tutorial) even if the app has File Sharing enable. (at least on a fully jailed phone)

I will edit the topic once i have time to add Discord link and official Github

If you are on Mac, you can actually AirDrop the framework file to Mac. This is my default option