Jump to content

Guide [IDA Tutorial]How to hack with strings

297 posts in this topic

Recommended Posts

I've really been wanting to make this tutorial for a long time but have never gotten around to it. But it's 11:09 and my parents are in bed so I can make this now :p


I'm going to be providing the site with more things, like tutorials and templates, but not so much hacks. Hacking has gotten so dull recently it's the same thing over and over and over again and I'm done with the stress.


I will be using Blitz Brigade for this tutorial because it is a great game for beginners to start learning strings. I know this binary is not the current version, but the strings are the same and the functions look more or less the same.



- A good grip on arm assembly. Do NOT go into this knowing nothing and then expect me to help you.

- IDA Pro

- Blitz Brigade

- A freaking brain and an IQ of at least 50


For this tutorial, we will be hacking ammo and invisible actions.


Hidden Content

    React or reply to this topic to see the hidden content. More info

  • Like 133
  • Thanks 28
  • Haha 7
  • Upvote 170
  • Agree 13
  • Informative 12
  • Winner 3

Share this post

Link to post
Share on other sites


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By Kyle2100
      This will be an updated version of my other tutorial to help better understand the process and help with any errors. 
      Items that will be needed:
      ios device running 10.x+
      Nonce Setter 
      ios 11.3.1 shsh blob 
      ios 11.3.1 ipsw 
      ios 11.4.1 ipsw 
      What is a Nonce setter? 
      Lets you set your boot-nonce so you can restore with saved blobs.
      iOS 10 nonce setter: https://mega.nz/#!EzwABYwA!_RAT-rlQrhTUrXIXBLrSqhNAlV35Nsr7pv1Ma6Au5yI
      iOS 11 Nonce Setter: 
      Download IPA file (Official website
      Setting The Nonce
      How to set Nonce in iOS 11.1.2

      Step 1: Connect your device to your computer.

      Step 2: Download and unzip Cydia Impactor, select Impactctor.exe, then you need to drop and drag Nonce. ipa to Cydia Impactor.

      Step 3: Enter your Apple ID and passcode wait till this the installation is complete.

      Step 4: Then there should be a Nonce app on your iPhone. Go to Settings app -> General -> Profile -> find your Apple ID and click Trust.  

      Step 5: Continue your operation till the Root Status turns into YES.

      Step 6: Back to your PC, open the SHSH 2 blobs you have saved with Notepad or other third-party software.

      Step 7: Search generator then you’ll find its value between <string> value </string>. Copy the value. 

      Step 8: Back to your iOS device, launch NonceSet1112 app, paste the value in SET/CHANGE NONCE under boot-nonce, the click Save/Restore Now. 
      Set Nonce with terminal
      Make sure you have:
      MTerminal from Cydia Valid shsh2 blob(s) for iOS 10.2 (or whatever firmware you want to be able to restore to. Computer (or filza, but only gonna have instructions for a computer. You'd pretty much just do everything I say to do on the computer, but in filza) Instructions:
      1) Move shsh2 blob(s) to computer
      2) On Windows, open your blob, or a blob if you have multiple, with notepad. On Mac, change the extension from "shsh2" to "plist" (make sure you change it back to shsh2 on Mac when you're done!)
      3) Scroll to the bottom and look for the word generator, to the right should be a code that as far as I know always starts with 0x, this is your nonce generator for that blob. On Windows you can also click ctrl + f and search "generator" and it will take you to it automatically (not sure how to do this on Mac if it's even possible).
      4) in MTerminal sign into root by typing "su" then click enter and type in your password (default is "alpine", so if you haven't changed it this is what your password is)
      5) type "nvram com.apple.System.boot-nonce=your generator" without the quotations
      6) type "nvram -p" without the quotations
      If all went well you should something similar to this when you run "nvram -p"
      backlight-level <your backlight level> com.apple.System.boot-nonce <your generator> boot-args auto-boot true com.apple.System.tz0-size <your tz0 size? Not exactly sure what this is> <your username>:/var/mobile root#
      If you see something like this
      <your username>:/var/mobile root# nvram -p oblit-begins OblitType: ObliterateDataPartition. No reason given. obliteration handle_message: Obliteration Complete backlight-level <your backlight level> com.apple.System.boot-nonce <your generator> boot-args auto-boot true com.apple.System.tz0-size <your tz0 size? Not exactly sure what this is> <your username>:/var/mobile root#
      What is a IPSW?
      IPSW''' is a file format used in iTunes to install iOS firmware.  All Apple Inc.Apple devices share the same IPSW file format for iOS firmware, allowing users to Flashing technology flash their devices through iTunes on OS X and Windows.
      Where can I download the ipsw?
      What is FutureRestore??
      futurerestore is a hacked up idevicerestore wrapper, which allows manually specifying SEP and Baseband for restoring
      Where can I download FutureRestore?
      ok, now that you know what everything is and have downloaded it all lets begin.
      1. Open CMD/Terminal and cd to the future restore folder (I named mine futurerestore_windows)
      cd desktop/futurerestore_windows
      2. Open the future restore folder and drag the futurerestore.exe into the cmd
      3. Next type this command
      -t (drag blob) -i (drag 11.4.1 ipsw) - -latest-baseband (drag 11.3.1 ipsw) 
      On devices with no sim (iPad/iPod) where it says latest baseband type:
      - -no-baseband 
      when I say drag “item” that means drag the file from the desktop into the cmd/terminal and every time you do that hit space before entering anything else
      4. Hit enter and the process will begin 

      if if you have any issues or errors send me a message and I can help you resolve it 
    • By EsssKay
      So i was playing and my energy went to -21474353 something around that number BUT I FOUND A FIX FOR IT
      If your energy is stuck and you cant "fast travel" anywhere go to travel and it will ask you do you want to buy "enough" energy for 25 coins.. Proceed and buy that and it will reset your energy and also gives you 25 coins cause ofd the coin hack
      I found this out myself so if anyojne needs help let me know 
      DISCLAIMER: IM NOT 100% SURE IT IF WORKS IF YOUR ENERGY IS AT +100K +2BILLION as that has not happened to me 
      Hope this helps
    • By SadNess1706
      GameGem 1.5
      Tutorial (Step by Step)

      Hidden Content
      React or reply to this topic to see the hidden content. More info
    • By Owzmo
      This guide is a legit way you can exploit a known issue in the game with player movement.
      Here are the steps.
      - Make sure you have a saw blade mace equipped and a skull crusher in your inventory.
      - Open a chest in any zone, and quickly open your backpack.
      - Switch in-between the skull crusher and saw blade mace, then you should see in the bottom right your speed going up.
      Remember this is for the current 1.9 version of LDoE. It most likely will be patched in the next update or in a hidden hotfix.
      If you want to reverse your speed ( make it normal again), kill yourself on spikes at your base so you can get your loot back.
      Happy Modding!
      - Owzmo
    • By Laxus
      Sup guys! Today i'm gonna show you how to crack an app on iOS 11. This method works with latest version of Electra (v1.0.4)
      I know there a lot of tut about this already but actually none of them worked, even if its work it still such a pain in the ass cause you need to reboot and turn off "Tweaks" inside Electra everytime to crack an app. Seriously!?
      What if I tell you there is a way to bypass this. Yes, you can crack an app whenever you want, do not require to turn off "Tweaks" inside Electra app anymore  
      So, enough chit chat. Let's get started  
      A. How to crack an app with Electra [All Versions]

      Hidden Content
      React or reply to this topic to see the hidden content. More info

      B. How to install cracked app with Electra
      Hidden Content
      React or reply to this topic to see the hidden content. More info Credits:
      - u/_exgen_ for his bfinject's fork
      - sacmuncrack for signer.sh script
      - @Laxus for a well written tutorial
      - Karen for the AppSync on iOS 11
      - CoolStar for the Electra
  • Recently Browsing   0 members

    No registered users viewing this page.

    • Administrator |
    • Global Moderator  |
    • Moderator  |
    • ViP Plus |
    • ViP |
    • Cheater  |
    • Modder  |
    • Novice Cheater |
    • Rookie Modder |
    • Contributor |
    • Senior Member |
    • Member |

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.