Tutorial Non-Unity Game Hacking Tutorial [Godus] - PART 1 - (LLDB)

[𓄼 . f v c k . 𓄹 20.7k :)]

Hello againnn

On this series, we gonna see modding for games that aren't made with Unity3D. It's a bit more complicated since we do not have well written function names and class struct or whatever Il2cpp games offer us.

If you are going to hack your first game, it's not a good idear to start here, it would be better to start on Unity games. Please refer you to my other tutorials.

Tho don't worry, i will add some kinda small comments to explain you things. If you are an advanced dev, you can skip all the  notes 

 

Requirements:
- iOS device
- Mac + Xcode
- ARM notions.

 

Thanks to @Happy Secret, for showing us that it was possible to debug a game on a jailed device if we sign the app with our Apple ID (Sideloadly). At least i learned it from him

Tho if you don't have a Mac, you can still use a JB device with lldb / lldb-10 installed like on the linked tutorial below.

This tutorial is based on another one that has already been published and is very well written, please check it first to understand what we are going to do, since it will be similar.

 

Hidden Content

React or reply to this topic to see the hidden content & download link.

Hope you learned something, if you have questions or need some clarification, write a comment i will answer once i have the time.

Credits :

- Me 

- @Happy Secret

- @Ted2 for the old tutorial

Updated March 16, 2023 by Rook

[LeePham 4k iPhone X 12.4]

nice bro

[K_K 164.5k iPhone 13 Pro Max 15.1]

Lets see this

[Happy Secret 3.1k iPad Pro (2nd gen) 16.2]

Well written! Cool.

[Flugel 110 iPhone 6s 15.8.3]

Pertamax

[Puddin 57.5k iPhone 14 Pro Max 17.0 Donor]

Doesn’t lldb only work on iOS 12 and below or something?

[Happy Secret 3.1k iPad Pro (2nd gen) 16.2]

To supplement a bit here:

The key reason behind:

1. The watchpoint break right after the triggering instruction:
    Default watchpoint type (w or write) only trigger when the address that we watch changed. So, it will always be after the fact (value changed). The trigger instruction will always be one instruction before the one got highlighted.

2.We saw long random value in the watch result:
   That number could be float or double (or some Boolean) which has a very different representation in memory. What we see is, LLDB try to understand the underlying hex as a normal decimal number. For Floating point, we can apply formatter to our memory read. For Double, I always need to refer to online Double tool like this one - https://gregstoll.com/~gregstoll/floattohex/

Please do let me know if there are simple way to read Double in LLBD.

Updated February 24, 2023 by Happy Secret

[Happy Secret 3.1k iPad Pro (2nd gen) 16.2]

@Puddin I am on latest iOS (non-jailbroken). No issue.

[𓄼 . f v c k . 𓄹 20.7k :)]

38 minutes ago, Puddin said:

Doesn’t lldb only work on iOS 12 and below or something?

depends on which Xcode version you use (and so lldb) but nah, the tutorial is based on a jailed iOS 15.1

if you used a lldb version from Xcode with compatibly iOS 12 then yeah it might not support anything higher

Updated February 24, 2023 by 𓄼 . f v c k . 𓄹

[𓄼 . f v c k . 𓄹 20.7k :)]

40 minutes ago, Happy Secret said:

To supplement a bit here:

The key reason behind:

1. The watchpoint break right after the triggering instruction:
    Default watchpoint type (w or write) only trigger when the address that we watch changed. So, it will always be after the fact (value changed). The trigger instruction will always be one instruction before the one got highlighted.

2.We saw long random value in the watch result:
   That number could be float or double (or some Boolean) which has a very different representation in memory. What we see is, LLDB try to understand the underlying hex as a normal decimal number. For Floating point, we can apply formatter to our memory read. For Double, I always need to refer to online Double tool like this one - https://gregstoll.com/~gregstoll/floattohex/

Please do let me know if there are simple way to read Double in LLBD.

mhhh i seem not understanding what you are trying to tell me 😅, in this case it was an int, as shown on iGG, float would have been FADD.

To read double values, i guess you can use the 'p' command with a few parameter or the 'x' one

https://www.nesono.com/sites/default/files/lldb cheat sheet.pdf

 

Updated February 24, 2023 by 𓄼 . f v c k . 𓄹