Help/Support Dylibs tweaks problem, Theos

[A1XEN 29 iPhone 13 18.4]

1 hour ago, Batch said:

Dobby will not work on non jailbreak. 

For hooks just use breakpoints from my library, that's it

what do you mean by your library? you mean the libspecter?

[Batch 10k iPhone 7 15.7]

47 minutes ago, A1XEN said:

what do you mean by your library? you mean the libspecter?

Yes, the other library replace the binary code, that is not allowed into non jailbreak

[A1XEN 29 iPhone 13 18.4]

1 minute ago, Batch said:

Yes, the other library replace the binary code, that is not allowed into non jailbreak

do i just get the specter.h and arm64/libspecter.a files from the repository and put it inside silentpwn Lib?

[A1XEN 29 iPhone 13 18.4]

51 minutes ago, Batch said:

Yes, the other library replace the binary code, that is not allowed into non jailbreak

So this part of specter.h is the only thing i could use? ‘cause it doesnt change any values and binaries ‘cause its only possible on jailbroken? right?

***

 * Hardware Breakpoint API  (max 6 concurrent on ARM64, iOS only)
 *
 * Breakpoints redirect execution via Mach exception handling —
 * no code is modified at the target address.
 *  */
#if TARGET_OS_IOS

/** Install hardware breakpoint hook at image-relative RVA. */
int32_t mem_brk_install(uintptr_t rva,
                        uintptr_t replacement,
                        uint64_t *handle_out);

/** Install hardware breakpoint hook at absolute address. */
int32_t mem_brk_install_at(uintptr_t target,
                           uintptr_t replacement,
                           uint64_t *handle_out);

/** Remove breakpoint by handle. */
int32_t mem_brk_remove(uint64_t handle);

/** Remove breakpoint by target address. */
int32_t mem_brk_remove_at(uintptr_t target);

/** Return the absolute target address watched by a breakpoint handle. */
int32_t mem_brk_target(uint64_t handle,
                       uintptr_t *target_out);

/** Disable hardware breakpoint hooks on the current thread.
 *
 * Use immediately before calling the original function for a breakpoint hook
 * to avoid recursively entering the replacement.
 */
int32_t mem_brk_suspend_self(void);

/** Re-enable hardware breakpoint hooks on the current thread. */
int32_t mem_brk_resume_self(void);

/** Number of currently active hardware breakpoints. */
int32_t mem_brk_active_count(void);

/** Maximum hardware breakpoints supported on this device (typically 6). */
int32_t mem_brk_max_breakpoints(void);

#endif /* TARGET_OS_IOS */
 

 

 

[Batch 10k iPhone 7 15.7]

3 hours ago, A1XEN said:

do i just get the specter.h and arm64/libspecter.a files from the repository and put it inside silentpwn Lib?

Ye in the makefile

[A1XEN 29 iPhone 13 18.4]

19 hours ago, Batch said:

Ye in the makefile

can i still use silentPwn&libspecter using only vanilla/standar theos? and not Theos-Jailed?

[Batch 10k iPhone 7 15.7]

30 minutes ago, A1XEN said:

can i still use silentPwn&libspecter using only vanilla/standar theos? and not Theos-Jailed?

Yes use standard theos and silenPwn and libspecter. Just add libspecter .a into makefile and then import the header file.

[A1XEN 29 iPhone 13 18.4]

56 minutes ago, Batch said:

Yes use standard theos and silenPwn and libspecter. Just add libspecter .a into makefile and then import the header file.

ill do it tomorrow sir, btw can i ask if you,laxus,puddin and other devs make cheats using only breakpoints for jailed devices too?

[Batch 10k iPhone 7 15.7]

34 minutes ago, A1XEN said:

ill do it tomorrow sir, btw can i ask if you,laxus,puddin and other devs make cheats using only breakpoints for jailed devices too?

No we use igmenu that has a special method in it

[A1XEN 29 iPhone 13 18.4]

On 5/31/2026 at 10:47 PM, Batch said:

No we use igmenu that has a special method in it

yo @Batch i did this

#include <mach/arm/thread_status.h>

uint64_t canBuyHandle = 0;
uint64_t gemsHandle = 0;

void specter_CanBuy_Handler(void *ctx) {
    arm_thread_state64_t *regs = (arm_thread_state64_t *)ctx;
    mem_brk_suspend_self();
    
    if (menu && [menu getToggleValue:0 withTitle:@"Always Buy"]) {
        regs->__x[0] = 1; // Force return TRUE
    }
    
    mem_brk_resume_self();
}

void specter_AddOrRemoveGems_Handler(void *ctx) {
    arm_thread_state64_t *regs = (arm_thread_state64_t *)ctx;
    mem_brk_suspend_self();
    
    if (menu && [menu getToggleValue:0 withTitle:@"Infinite Gems"]) {
        // Always force the gem transaction to be a massive gain
        regs->__x[1] = 999999;
    }
    
    mem_brk_resume_self();
}
 

void hooks() {
    
    
    uintptr_t base = 0;
        int32_t initStatus = mem_init("UnityFramework", &base);
        
        if (initStatus == MEM_OK) {
            // Install Breakpoints
            // Remember to clean your build (make clean) before running this
            mem_brk_install(0xDA4D70, (uintptr_t)specter_CanBuy_Handler, &canBuyHandle);
            mem_brk_install(0xDA7F50, (uintptr_t)specter_AddOrRemoveGems_Handler, &gemsHandle);
            
            NSLog(@"[SilentPwn] Hardware Breakpoints deployed.");
        } else {
            NSLog(@"[SilentPwn] Error: mem_init failed with code: %d", initStatus);
        }

 

 

it kinda work because the game dint crash at startup the menu loaded, but they dont work, one of the hook (canBuy) crashes the game after 10seconds after toggling, and also it disabled me from buying anything, know this is maybe because of my callback code i may be hooked a wrong instructions,

 

but i wanna ask if i could directly apply a hex value to it as the callback of the breakpoint since i think that is how i made it to work using iGG