Help/Support MsHooking Help

UncoiledLobster · August 10, 2016

Hello!

I am brand new to hacking and from what it seems, mobile substrate methods seem to be the most effective. At the moment I am attempting to learn Method Hooking as it seems easier than other methods such as code injection. I am trying to get a feel for Mobile Substrate before I move on to bigger and greater things.

Here is where I currently am, I have created a new project and have it cd'ed properly. I believe I have the bundle ID in the correct place in the myhack.plist (Project name is myhack) I put it in the key area where it previously said "Bundles". At the moment I am pretty stuck at how to call out headers and methods and how to change values on that and would very much like an in depth explanation. I have read some great tutorials in the help section but none of them are really helpful for somebody who knows absolutely no lingo at all. I am using flex and have class dump but have no idea where to find the headers and methods (Not sure of the difference or what they are) or what to do once I find them. Any input is greatly appreciated.

Thank you for taking the time to read

NOTE -- I NOW KNOW THE MSHOOKING AND METHOD HOOKING ARE DIFFERENT THINGS. I AM TRYING TO LEARN METHOD HOOKING.

Amuyea · August 11, 2016

So you want to learn how to make Flex 2 patch into deb or the IDA mshook?

UncoiledLobster · August 11, 2016

So you want to learn how to make Flex 2 patch into deb or the IDA mshook?

im making a tweak but im using flex to find the headers and methods or whatever they are. I don't know what IDA's are and i don't know what mshooking is. Right now im trying to learn method hooking because it seems easiest and i'm just trying to get a feel for mobile substrate. I'm not trying to make a tweak in flex

Amuyea · August 11, 2016

im making a tweak but im using flex to find the headers and methods or whatever they are. I don't know what IDA's are and i don't know what mshooking is. Right now im trying to learn method hooking because it seems easiest and i'm just trying to get a feel for mobile substrate. I'm not trying to make a tweak in flex

So just Flex 2 patches for now? Because you are quite confused

UncoiledLobster · August 11, 2016

So just Flex 2 patches for now? Because you are quite confused

I'm just using flex to find headers and methods I'm not making anything to post in flex

Amuyea · August 11, 2016

@Diversityy

I think I made myself confused.

What I know, flex header and method is patches.

Using IDA to hack the binary with Mshook is different kind.

TripMX · August 11, 2016

Hey UncoiledLobster (delicacy? ), I used to do MS hooking the old-fashioned way DIRECTLY on the iPad some years ago, but I gave it up after a THEOS update broke the whole system. I have an "updated" version running on my device, but I'm afraid that it might not work.....getting these things to work is a real b**** sometimes, but I'll try it out again for you. BTW, what iOS firmware are you using?

Diversityy · August 11, 2016

@Diversityy

I think I made myself confused.

What I know, flex header and method is patches.

Using IDA to hack the binary with Mshook is different kind.

You're correct ;P

UncoiledLobster · August 11, 2016

Hey UncoiledLobster (delicacy? ), I used to do MS hooking the old-fashioned way DIRECTLY on the iPad some years ago, but I gave it up after a THEOS update broke the whole system. I have an "updated" version running on my device, but I'm afraid that it might not work.....getting these things to work is a real b**** sometimes, but I'll try it out again for you. BTW, what iOS firmware are you using?

using ios 9.0.0 Right now everything is working perfectly but it's my lack of knowledge. Also I am trying to do method hooking not ms hooking

TripMX · August 12, 2016

using ios 9.0.0 Right now everything is working perfectly but it's my lack of knowledge. Also I am trying to do method hooking not ms hooking

Hey UncoildedLobster, I've actually took a lot of time and decided to fire up THEOS on my current iOS (8.3), and it happens to WORK! Now, I have done some testing....

In the past (around 3 years ago), I was able to hook some custom functions into an onine-only game called Galaxy Empire. Here's the video that I made for it from 3 years ago; I had dubbed it a "bug", but it was me who actually used MS hooking on it:

Normally, making that much metal so fast is impossible. I did this visual hack just for fun at the time.

Now, as far as I know, method hooking and MS hacking seem like the same thing to me.......I used THEOS and wrote my own hooks to the functions/methods, and then generated the .dylib and put it in the MobileSubstrate folder; there you have it.

***I hacked this on my iPad 2 [iOS 5.1.1] (ARM v7) 3 years ago with the above video results***

Anyways, over the years, many things have changed, and the old ARM architectures have been modified quite a bit, so when I tried to hack the updated Galaxy Empire yesterday on my iPad Air 2 [iOS 8.3] with THEOS, first off, when I dumped the headers (with both class-dump and class-dump-z, mind you), some of the crucial headers from 3 years ago have just.........disappeared (not found/dumped), so I couldn't replicate what I did 3 years ago with Galaxy Empire. All the headers are full of FB, Flurry, UMAN, MAT, and other ad-tracking content.....there USED to be headers with blatant hackable functions:

HERE'S one of those headers from 3 years ago dumped via iOS 5.1.1:

/*
 *     Generated by class-dump 3.1.2.
 *
 *     class-dump is Copyright (C) 1997-1998, 2000-2001, 2004-2007 by Steve Nygard.
 */
 
#import "AAGameData.h"
 
@class AASystem, NSArray, NSMutableArray, NSString;
 
@interface AAPlanet : AAGameData
{
    double next_refresh_time;
    double diameter;
    double metal;
    double metal_perhour;
    double metal_max;
    double crystal;
    double crystal_perhour;
    double crystal_max;
    double deuterium;
    double deuterium_perhour;
    double deuterium_max;
    double energy_used;
    double energy_max;
    double metal_energy;
    double crystal_energy;
    double deuterium_energy;
    double solar_plant_energy;
    double fusion_energy;
    double solar_satellite_energy;
    double radar_energy;
    double protected_time;
    unsigned long long planet_id;
    unsigned long long system_id;
    unsigned long long empire_id;
    unsigned long long user_id;
    unsigned long long alliance_id;
    unsigned long long field_max;
    unsigned long long field_max_end;
    unsigned long long field_current;
    unsigned long long user_score;
    int attackLimit;
    int planet_type;
    int planet_activity;
    int planet_icon;
    unsigned int temp_min;
    unsigned int temp_max;
    unsigned int planet_position;
    unsigned int system_position;
    unsigned int galaxy_position;
    unsigned int metal_mine_percent;
    unsigned int crystal_mine_percent;
    unsigned int deuterium_mine_percent;
    unsigned int solar_plant_percent;
    unsigned int fusion_reactor_percent;
    unsigned int solar_satelite_percent;
    unsigned int produce_percent;
    unsigned int pirate_level;
    unsigned int new_gift_id;
    unsigned int gift_id;
    unsigned int sensorArrayRange;
    NSString *debris_desc;
    NSString *planet_name;
    NSString *user_name;
    NSString *alliance_name;
    AASystem *_system;
    NSMutableArray *buildings;
    NSMutableArray *buildingEvents;
    NSMutableArray *fleets;
    NSMutableArray *fleetBuildingEvents;
    NSArray *radarFleets;
    NSMutableArray *moonArray;
    NSMutableArray *moonTransmitRechargeEvent;
    NSArray *kryptonArray;
    BOOL is_protected;
    BOOL is_underattack;
    BOOL destoried;
    BOOL has_debris;
    BOOL is_radar_able;
    BOOL is_radar_on;
    BOOL is_moon;
    double energy_left;
}
 
+ (id)keyPathsForValuesAffectingValueForKey:(id)fp8;
- (void)setKryptonArray:(id)fp8;
- (id)kryptonArray;
- (void)setField_max_end:(unsigned long long)fp8;
- (unsigned long long)field_max_end;
- (void)setSensorArrayRange:(unsigned int)fp8;
- (unsigned int)sensorArrayRange;
- (void)setMoonTransmitRechargeEvent:(id)fp8;
- (id)moonTransmitRechargeEvent;
- (void)setMoonArray:(id)fp8;
- (id)moonArray;
- (void)setIs_moon:(BOOL)fp8;
- (BOOL)is_moon;
- (void)setGift_id:(unsigned int)fp8;
- (unsigned int)gift_id;
- (void)setNext_refresh_time:(double)fp8;
- (double)next_refresh_time;
- (void)setPirate_level:(unsigned int)fp8;
- (unsigned int)pirate_level;
- (void)setRadar_energy:(double)fp8;
- (double)radar_energy;
- (void)setRadarFleets:(id)fp8;
- (id)radarFleets;
- (void)setIs_radar_on:(BOOL)fp8;
- (BOOL)is_radar_on;
- (void)setIs_radar_able:(BOOL)fp8;
- (BOOL)is_radar_able;
- (void)setPlanet_activity:(int)fp8;
- (int)planet_activity;
- (void)setIs_underattack:(BOOL)fp8;
- (BOOL)is_underattack;
- (void)setDebris_desc:(id)fp8;
- (id)debris_desc;
- (void)setUser_score:(unsigned long long)fp8;
- (unsigned long long)user_score;
- (void)setHas_debris:(BOOL)fp8;
- (BOOL)has_debris;
- (void)setSolar_satellite_energy:(double)fp8;
- (double)solar_satellite_energy;
- (void)setFusion_energy:(double)fp8;
- (double)fusion_energy;
- (void)setSolar_plant_energy:(double)fp8;
- (double)solar_plant_energy;
- (void)setDeuterium_energy:(double)fp8;
- (double)deuterium_energy;
- (void)setCrystal_energy:(double)fp8;
- (double)crystal_energy;
- (void)setMetal_energy:(double)fp8;
- (double)metal_energy;
- (void)setSystem:(id)fp8;
- (id)system;
- (void)setProduce_percent:(unsigned int)fp8;
- (unsigned int)produce_percent;
- (void)setSolar_satelite_percent:(unsigned int)fp8;
- (unsigned int)solar_satelite_percent;
- (void)setFusion_reactor_percent:(unsigned int)fp8;
- (unsigned int)fusion_reactor_percent;
- (void)setSolar_plant_percent:(unsigned int)fp8;
- (unsigned int)solar_plant_percent;
- (void)setDeuterium_mine_percent:(unsigned int)fp8;
- (unsigned int)deuterium_mine_percent;
- (void)setCrystal_mine_percent:(unsigned int)fp8;
- (unsigned int)crystal_mine_percent;
- (void)setMetal_mine_percent:(unsigned int)fp8;
- (unsigned int)metal_mine_percent;
- (void)setFleetBuildingEvents:(id)fp8;
- (id)fleetBuildingEvents;
- (void)setFleets:(id)fp8;
- (id)fleets;
- (void)setBuildingEvents:(id)fp8;
- (id)buildingEvents;
- (void)setBuildings:(id)fp8;
- (id)buildings;
- (void)setDestoried:(BOOL)fp8;
- (BOOL)destoried;
- (void)setEnergy_max:(double)fp8;
- (double)energy_max;
- (void)setEnergy_used:(double)fp8;
- (double)energy_used;
- (void)setDeuterium_max:(double)fp8;
- (double)deuterium_max;
- (void)setDeuterium_perhour:(double)fp8;
- (double)deuterium_perhour;
- (void)setDeuterium:(double)fp8;
- (double)deuterium;
- (void)setCrystal_max:(double)fp8;
- (double)crystal_max;
- (void)setCrystal_perhour:(double)fp8;
- (double)crystal_perhour;
- (void)setCrystal:(double)fp8;
- (double)crystal;
- (void)setMetal_max:(double)fp8;
- (double)metal_max;
- (void)setMetal_perhour:(double)fp8;
- (double)metal_perhour;
- (void)setMetal:(double)fp8;
- (double)metal;
- (void)setAlliance_name:(id)fp8;
- (id)alliance_name;
- (void)setUser_name:(id)fp8;
- (id)user_name;
- (void)setPlanet_name:(id)fp8;
- (id)planet_name;
- (void)setDiameter:(double)fp8;
- (double)diameter;
- (void)setField_current:(unsigned long long)fp8;
- (unsigned long long)field_current;
- (void)setField_max:(unsigned long long)fp8;
- (unsigned long long)field_max;
- (void)setGalaxy_position:(unsigned int)fp8;
- (unsigned int)galaxy_position;
- (void)setSystem_position:(unsigned int)fp8;
- (unsigned int)system_position;
- (void)setPlanet_position:(unsigned int)fp8;
- (unsigned int)planet_position;
- (void)setAlliance_id:(unsigned long long)fp8;
- (unsigned long long)alliance_id;
- (void)setUser_id:(unsigned long long)fp8;
- (unsigned long long)user_id;
- (void)setEmpire_id:(unsigned long long)fp8;
- (unsigned long long)empire_id;
- (void)setSystem_id:(unsigned long long)fp8;
- (unsigned long long)system_id;
- (unsigned long long)planet_id;
- (void)setPlanet_type:(int)fp8;
- (int)planet_type;
- (void)setTemp_max:(unsigned int)fp8;
- (unsigned int)temp_max;
- (void)setTemp_min:(unsigned int)fp8;
- (unsigned int)temp_min;
- (void)setProtected_time:(double)fp8;
- (double)protected_time;
- (void)setIs_protected:(BOOL)fp8;
- (BOOL)is_protected;
- (void)setAttackLimit:(int)fp8;
- (int)attackLimit;
- (void)setPlanet_icon:(int)fp8;
- (int)planet_icon;
- (void)refreshResources:(id)fp8;
- (unsigned int)deuterium_mine_discount;
- (unsigned int)crystal_mine_discount;
- (unsigned int)metal_mine_discount;
- (double)energy_left;
- (void)dealloc;
- (void)setPlanet_id:(unsigned long long)fp8;
- (void)updateFleetHangingCompletedWithDic:(id)fp8;
- (void)updateBuildingUpdateWithDic:(id)fp8;
- (void)updateResourcesWithDic:(id)fp8;
- (void)updateWithDic:(id)fp8;
- (id)initWithDic:(id)fp8;
 
@end/*

^: So, as you can see, pretty much this entire header is hookable. Unfortunately, these headers no longer exist in the current version of the game, so I have nothing to show for a current hook for this game.