Tool H5GG Menu with ARM64 Instruction and Unity Support (work on non-jailbroken)

Happy Secret · March 11, 2023

On 3/11/2023 at 12:15 PM, 𓄼 . f v c k . 𓄹 said:

maybe a feature like LOP (Live Offset Patcher) but this would need to have the app in debug mode to allow the JB way of editing an offset in memory

have u tried gogoled or chatGPT ?

Expand

What is gogoled?

Already tried chatGPT, this is really insane. It can give me code example real quick and even customise it for me.

I only on non-Jailbroken. I have no way to change protected memory segment easily.

It worked once previously with my old iPad under debug mode. But it is not working with current one.
I hope iGameGod has give me surprise on this.

Happy Secret · March 11, 2023

On 3/11/2023 at 12:15 PM, 𓄼 . f v c k . 𓄹 said:

maybe a feature like LOP (Live Offset Patcher) but this would need to have the app in debug mode to allow the JB way of editing an offset in memory

have u tried gogoled or chatGPT ?

edit: also, is it just me or sometimes The Adress field is kinda incorrect ?

the last 3 digit are correct but the rest before it isnt,

Ex : offset : 0x1B97120

Adress showed : 0x10C5CF120

Expand

Top address bar is ASLR removed, including the address backup.

So essentially, you don’t need to calculate (remove ASLR) to get the real offset. You just need to TAP on it, my tool will give you the real offset for you to use with Live Offset Patch or do Binary patch.

But i cannot 100% sure, if there really a bug somewhere…haha.

0xSolana · March 11, 2023

On 3/11/2023 at 12:22 PM, Happy Secret said:

What is gogoled?

Already tried chatGPT, this is really insane. It can give me code example real quick and even customise it for me.

I only on non-Jailbroken. I have no way to change protected memory segment easily.

It worked once previously with my old iPad under debug mode. But it is not working with current one.
I hope iGameGod has give me surprise on this.

Expand

google it*

But i remember u made a topic to edit memory segment on jailed. i tested it and attached my iPhone 12 iOS 15.1 to lldb (XCode) and i could used the JB code to patch an offset :

h5gg.require(7.8);

var modules = h5gg.getRangesList("UnityFramework"); //module file name

var base = modules[0].start; //module base addr in runtime memory

var addr = Number(base) + 0x01915304; //offset

patchBytes(addr,  "00E0AFD2C0035FD6"); //bytes

/********************************************************/
//only jailbroken devices can do this
function patchBytes(addr, hex) {
    for(i = 0;i<hex.length/2;i++) {
        var item = parseInt(hex.substring(i*2, i*2+2), 16);
        h5gg.setValue(addr+i,item, "U8");
    }
}

from H5GG github

On 3/11/2023 at 12:27 PM, Happy Secret said:

Top address bar is ASLR removed, including the address backup.

So essentially, you don’t need to calculate (remove ASLR) to get the real offset. You just need to TAP on it, my tool will give you the real offset for you to use with Live Offset Patch or do Binary patch.

But i cannot 100% sure, if there really a bug somewhere…haha.

Expand

ohh im dumb, the Address showed is ASLR + real offset right ?

Updated March 11, 2023 by 𓄼 . f v c k . 𓄹

Happy Secret · March 11, 2023

On 3/11/2023 at 12:29 PM, 𓄼 . f v c k . 𓄹 said:
google it*

But i remember u made a topic to edit memory segment on jailed. i tested it and attached my iPhone 12 iOS 15.1 to lldb (XCode) and i could used the JB code to patch an offset :
h5gg.require(7.8);

var modules = h5gg.getRangesList("UnityFramework"); //module file name

var base = modules[0].start; //module base addr in runtime memory

var addr = Number(base) + 0x01915304; //offset

patchBytes(addr,  "00E0AFD2C0035FD6"); //bytes

/********************************************************/
//only jailbroken devices can do this
function patchBytes(addr, hex) {
    for(i = 0;i<hex.length/2;i++) {
        var item = parseInt(hex.substring(i*2, i*2+2), 16);
        h5gg.setValue(addr+i,item, "U8");
    }
}
from H5GG github

ohh im dumb, the Address showed is ASLR + real offset right ?
Expand

The address next to Hex and instruction is with ASLR. The normal memory address find in Cheat Engine.

On 3/11/2023 at 12:29 PM, 𓄼 . f v c k . 𓄹 said:

But i remember u made a topic to edit memory segment on jailed. i tested it and attached my iPhone 12 iOS 15.1 to lldb (XCode) and i could used the JB code to patch an offset

Expand

Yes, it worked one some devices. But not all.
Good to know it works on your device as well.

0xSolana · March 11, 2023

On 3/11/2023 at 12:36 PM, Happy Secret said:

The address next to Hex and instruction is with ASLR. The normal memory address find in Cheat Engine.

On 3/11/2023 at 12:29 PM, 𓄼 . f v c k . 𓄹 said:

Expand