Jump to content
Community Announcements, Giveaways & More!

Help with disabling _syscall

Guest

By Guest
in Help & Support

 Share
Go to solution Solved by Aswag1,

36 posts in this topic

Recommended Posts

  • Replies 35
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Aswag1
Aswag1

Well after laying dormant for quite awhile, I thought I might add a couple of pointers....   It seems that for 64-bit devices, there are certain additional checks in the binary in most GameLoft game

Diversityy
Diversityy

shmoo, you have to do this: %hook GameloftSoSecured -(bool) syscallgtfo { return TRUE; } %end

Oxytyramine Apprentice

Oxytyramine 42.3k
  •   iPhone X 
  •   13.3

    • Posted
    Posted

    I know that already, this is one of the first forums I've signed up with. I know how to use GDB to find offsets in IDA and I know how to patch a binary. My first hack was a savegame for COD: BOZ for v1.3.3, I already learned MS, MSHook, and I'm doing IDA and code inject (writeData) right now and I'm working on Dead Trigger 2 but decided to take a break and do this because I get angry very easily lol

     

    so im not really a beginner ;)

     

    @ 

    @

    sorry u were new thats why i thought that! ok then keep it up bro

    haha worked for me in bia3 too :p

    hack it or i will :p

    Guest

    Guest

    Posted
    Posted

    I'm using a 5S by the way

     

    I've never worked with disabling _syscall and _dlsym before so this is pretty hard, and I can't figure this out. I know that NOP'ing a BLX or any branch would result in a crash, so I stayed away from that. I xref'ed to operand for _dlsym and it gave me this:

     

    __text:00648B04 loc_648B04                              ; CODE XREF: sub_648A04+D8j

    __text:00648B04                 LDR             R0, [sP,#0x70+var_1C]
    __text:00648B06                 BL              sub_649168
    __text:00648B0A                 MOVS            R2, #1
    __text:00648B10                 MOV             R1, #(_objc_msgSend_ptr - 0x648B1C)
    __text:00648B18                 ADD             R1, PC ; _objc_msgSend_ptr
    __text:00648B1A                 LDR             R1, [R1] ; __imp__objc_msgSend
    __text:00648B1C                 MOV             R3, #(selRef_cStringUsingEncoding_ - 0x648B28)
    __text:00648B24                 ADD             R3, PC ; selRef_cStringUsingEncoding_
    __text:00648B26                 STR             R0, [sP,#0x70+var_2C]
    __text:00648B28                 LDR             R0, [sP,#0x70+var_2C]
    __text:00648B2A                 LDR.W           R9, [sP,#0x70+var_20]
    __text:00648B2E                 LDR             R3, [R3] ; "cStringUsingEncoding:"
    __text:00648B30                 STR             R0, [sP,#0x70+handle]
    __text:00648B32                 MOV             R0, R9
    __text:00648B34                 STR             R1, [sP,#0x70+var_50]
    __text:00648B36                 MOV             R1, R3
    __text:00648B38                 LDR             R3, [sP,#0x70+var_50]
    __text:00648B3A                 BLX             R3
    __text:00648B3C                 LDR             R1, [sP,#0x70+handle]
    __text:00648B3E                 STR             R0, [sP,#0x70+symbol]
    __text:00648B40                 MOV             R0, R1  ; handle 
    __text:00648B42                 LDR             R1, [sP,#0x70+symbol] ; symbol
    __text:00648B44                 BLX             _dlsym
    __text:00648B48                 MOV             R1, #(_objc_msgSend_ptr - 0x648B54)
    __text:00648B50                 ADD             R1, PC ; _objc_msgSend_ptr
    __text:00648B52                 LDR             R1, [R1] ; __imp__objc_msgSend
    __text:00648B54                 MOV             R2, R1
    __text:00648B56                 MOV             R3, #(selRef_setObject_forKey_ - 0x648B62)
    __text:00648B5E                 ADD             R3, PC ; selRef_setObject_forKey_
    __text:00648B60                 MOV             R9, #(selRef_valueWithPointer_ - 0x648B6C)
    __text:00648B68                 ADD             R9, PC ; selRef_valueWithPointer_
    __text:00648B6A                 MOV             R12, #(classRef_NSValue - 0x648B76)
    __text:00648B72                 ADD             R12, PC ; classRef_NSValue
    __text:00648B74                 MOV             LR, #(dword_B062A4 - 0x648B80)
    __text:00648B7C                 ADD             LR, PC ; dword_B062A4
    __text:00648B7E                 STR             R0, [sP,#0x70+var_30]
    __text:00648B80                 LDR.W           R0, [LR]
    __text:00648B84                 LDR.W           R12, [R12] ; _OBJC_CLASS_$_NSValue
    __text:00648B88                 LDR.W           LR, [sP,#0x70+var_30]
    __text:00648B8C                 LDR.W           R9, [R9] ; "valueWithPointer:"
    __text:00648B90                 STR             R0, [sP,#0x70+var_58]
    __text:00648B92                 MOV             R0, R12
    __text:00648B94                 STR             R1, [sP,#0x70+var_5C]
    __text:00648B96                 MOV             R1, R9
    __text:00648B98                 STR             R2, [sP,#0x70+var_60]
    __text:00648B9A                 MOV             R2, LR
    __text:00648B9C                 LDR.W           R9, [sP,#0x70+var_5C]
    __text:00648BA0                 STR             R3, [sP,#0x70+var_64]
    __text:00648BA2                 BLX             R9
    __text:00648BA4                 LDR             R1, [sP,#0x70+var_24]
    __text:00648BA6                 LDR             R2, [sP,#0x70+var_64]
    __text:00648BA8                 LDR             R3, [R2]
    __text:00648BAA                 LDR.W           R9, [sP,#0x70+var_58]
    __text:00648BAE                 STR             R0, [sP,#0x70+var_68]
    __text:00648BB0                 MOV             R0, R9
    __text:00648BB2                 STR             R1, [sP,#0x70+var_6C]
    __text:00648BB4                 MOV             R1, R3
    __text:00648BB6                 LDR             R2, [sP,#0x70+var_68]
    __text:00648BB8                 LDR             R3, [sP,#0x70+var_6C]
    __text:00648BBA                 LDR.W           R9, [sP,#0x70+var_60]
    __text:00648BBE                 BLX             R9
    __text:00648BC0                 LDR             R0, [sP,#0x70+var_30]
    __text:00648BC2                 STR             R0, [sP,#0x70+var_18]
     
    And I was not really sure about what to do with any of this. I feel like changing these four lines would do the trick, but I really have no idea what to change them to.
     
    __text:00648B3C                 LDR             R1, [sP,#0x70+handle]
    __text:00648B3E                 STR             R0, [sP,#0x70+symbol]
    __text:00648B40                 MOV             R0, R1  ; handle 
    __text:00648B42                 LDR             R1, [sP,#0x70+symbol] ; symbol
    __text:00648B44                 BLX             _dlsym ----> I wouldn't change this, I just put it there for clarity.
     
    So, not knowing really what to do there I xref'ed to operand loc_648B04 and got this:
     
    __text:00648A50 loc_648A50                              ; CODE XREF: sub_648A04+1Ej
    __text:00648A50                                         ; sub_648A04:loc_648A4Ej
    __text:00648A50                 MOVS            R0, #0
    __text:00648A56                 MOV             R1, #(_objc_msgSend_ptr - 0x648A62)
    __text:00648A5E                 ADD             R1, PC ; _objc_msgSend_ptr
    __text:00648A60                 LDR             R1, [R1] ; __imp__objc_msgSend
    __text:00648A62                 MOV             R2, R1
    __text:00648A64                 MOV             R3, #(selRef_objectForKey_ - 0x648A70)
    __text:00648A6C                 ADD             R3, PC ; selRef_objectForKey_
    __text:00648A6E                 MOV             R9, #(dword_B062A4 - 0x648A7A)
    __text:00648A76                 ADD             R9, PC ; dword_B062A4
    __text:00648A78                 MOV             R12, #(stru_AE58E0 - 0x648A84) ; "%@:%@"
    __text:00648A80                 ADD             R12, PC ; "%@:%@"
    __text:00648A82                 MOV             LR, #(selRef_stringWithFormat_ - 0x648A8E)
    __text:00648A8A                 ADD             LR, PC ; selRef_stringWithFormat_
    __text:00648A8C                 MOV             R4, #(classRef_NSString - 0x648A98)
    __text:00648A94                 ADD             R4, PC ; classRef_NSString
    __text:00648A96                 LDR             R4, [R4] ; _OBJC_CLASS_$_NSString
    __text:00648A98                 LDR             R5, [sP,#0x70+var_1C]
    __text:00648A9A                 LDR             R6, [sP,#0x70+var_20]
    __text:00648A9C                 LDR.W           LR, [LR] ; "stringWithFormat:"
    __text:00648AA0                 STR             R0, [sP,#0x70+var_34]
    __text:00648AA2                 MOV             R0, R4
    __text:00648AA4                 STR             R1, [sP,#0x70+var_38]
    __text:00648AA6                 MOV             R1, LR
    __text:00648AA8                 STR             R2, [sP,#0x70+var_3C]
    __text:00648AAA                 MOV             R2, R12
    __text:00648AAC                 STR             R3, [sP,#0x70+var_40]
    __text:00648AAE                 MOV             R3, R5
    __text:00648AB0                 STR             R6, [sP,#0x70+var_70]
    __text:00648AB2                 LDR.W           R12, [sP,#0x70+var_38]
    __text:00648AB6                 STR.W           R9, [sP,#0x70+var_44]
    __text:00648ABA                 BLX             R12
    __text:00648ABC                 STR             R0, [sP,#0x70+var_24]
    __text:00648ABE                 LDR             R0, [sP,#0x70+var_44]
    __text:00648AC0                 LDR             R1, [R0]
    __text:00648AC2                 LDR             R2, [sP,#0x70+var_24]
    __text:00648AC4                 LDR             R3, [sP,#0x70+var_40]
    __text:00648AC6                 LDR.W           R9, [R3]
    __text:00648ACA                 MOV             R0, R1
    __text:00648ACC                 MOV             R1, R9
    __text:00648ACE                 LDR.W           R9, [sP,#0x70+var_3C]
    __text:00648AD2                 BLX             R9
    __text:00648AD4                 STR             R0, [sP,#0x70+var_28]
    __text:00648AD6                 LDR             R0, [sP,#0x70+var_28]
    __text:00648AD8                 LDR             R1, [sP,#0x70+var_34]
    __text:00648ADA                 CMP             R0, R1
    __text:00648ADC                 BEQ             loc_648B04
    __text:00648ADE                 MOV             R0, #(_objc_msgSend_ptr - 0x648AEA)
    __text:00648AE6                 ADD             R0, PC ; _objc_msgSend_ptr
    __text:00648AE8                 LDR             R0, [R0] ; __imp__objc_msgSend
    __text:00648AEA                 MOV             R1, #(selRef_pointerValue - 0x648AF6)
    __text:00648AF2                 ADD             R1, PC ; selRef_pointerValue
    __text:00648AF4                 LDR             R2, [sP,#0x70+var_28]
    __text:00648AF6                 LDR             R1, [R1] ; "pointerValue"
    __text:00648AF8                 STR             R0, [sP,#0x70+var_48]
    __text:00648AFA                 MOV             R0, R2
    __text:00648AFC                 LDR             R2, [sP,#0x70+var_48]
    __text:00648AFE                 BLX             R2
    __text:00648B00                 STR             R0, [sP,#0x70+var_18]
    __text:00648B02                 B               loc_648BC4
     

    I'm pretty sure that these lines mean to

     

    __text:00648AD4                 STR             R0, [sP,#0x70+var_28] ----> store the value of R0 into SP+70+var_28

    __text:00648AD6                 LDR             R0, [sP,#0x70+var_28] ----> load SP+70+var_28 into R0
    __text:00648AD8                 LDR             R1, [sP,#0x70+var_34] ----> load SP+70+var_34 into R1
    __text:00648ADA                 CMP             R0, R1 ----> compare R1 with R0
    __text:00648ADC                 BEQ             loc_648B04 ----> branch if equal to loc_648B04
     
    I changed CMP R0, R1 to CMP R0, #0 to at least try to make it false and CMP R0, R7 because I know it would never be equal to 800 million. I'm used to having to set MOVS R1, #0x1F to MOVS R1, #0x00 to make this work, not all of this stuff.
     
    @@Laxus you said that you got it to work, would you be able to send me a binary with all of this stuff disabled? And I have a 5S, would that affect anything?
     
    Thanks everyone for trying to help, I really appreciate it :)
    K_K Experienced

    K_K 166.2k
  •   iPhone 13 Pro Max 
  •   15.1

    • Posted
    Posted

     

    I'm using a 5S by the way

     

    I've never worked with disabling _syscall and _dlsym before so this is pretty hard, and I can't figure this out. I know that NOP'ing a BLX or any branch would result in a crash, so I stayed away from that. I xref'ed to operand for _dlsym and it gave me this:

     

    __text:00648B04 loc_648B04 ; CODE XREF: sub_648A04+D8j

    __text:00648B04 LDR R0, [sP,#0x70+var_1C]

    __text:00648B06 BL sub_649168

    __text:00648B0A MOVS R2, #1

    __text:00648B10 MOV R1, #(_objc_msgSend_ptr - 0x648B1C)

    __text:00648B18 ADD R1, PC ; _objc_msgSend_ptr

    __text:00648B1A LDR R1, [R1] ; __imp__objc_msgSend

    __text:00648B1C MOV R3, #(selRef_cStringUsingEncoding_ - 0x648B28)

    __text:00648B24 ADD R3, PC ; selRef_cStringUsingEncoding_

    __text:00648B26 STR R0, [sP,#0x70+var_2C]

    __text:00648B28 LDR R0, [sP,#0x70+var_2C]

    __text:00648B2A LDR.W R9, [sP,#0x70+var_20]

    __text:00648B2E LDR R3, [R3] ; "cStringUsingEncoding:"

    __text:00648B30 STR R0, [sP,#0x70+handle]

    __text:00648B32 MOV R0, R9

    __text:00648B34 STR R1, [sP,#0x70+var_50]

    __text:00648B36 MOV R1, R3

    __text:00648B38 LDR R3, [sP,#0x70+var_50]

    __text:00648B3A BLX R3

    __text:00648B3C LDR R1, [sP,#0x70+handle]

    __text:00648B3E STR R0, [sP,#0x70+symbol]

    __text:00648B40 MOV R0, R1 ; handle

    __text:00648B42 LDR R1, [sP,#0x70+symbol] ; symbol

    __text:00648B44 BLX _dlsym

    __text:00648B48 MOV R1, #(_objc_msgSend_ptr - 0x648B54)

    __text:00648B50 ADD R1, PC ; _objc_msgSend_ptr

    __text:00648B52 LDR R1, [R1] ; __imp__objc_msgSend

    __text:00648B54 MOV R2, R1

    __text:00648B56 MOV R3, #(selRef_setObject_forKey_ - 0x648B62)

    __text:00648B5E ADD R3, PC ; selRef_setObject_forKey_

    __text:00648B60 MOV R9, #(selRef_valueWithPointer_ - 0x648B6C)

    __text:00648B68 ADD R9, PC ; selRef_valueWithPointer_

    __text:00648B6A MOV R12, #(classRef_NSValue - 0x648B76)

    __text:00648B72 ADD R12, PC ; classRef_NSValue

    __text:00648B74 MOV LR, #(dword_B062A4 - 0x648B80)

    __text:00648B7C ADD LR, PC ; dword_B062A4

    __text:00648B7E STR R0, [sP,#0x70+var_30]

    __text:00648B80 LDR.W R0, [LR]

    __text:00648B84 LDR.W R12, [R12] ; _OBJC_CLASS_$_NSValue

    __text:00648B88 LDR.W LR, [sP,#0x70+var_30]

    __text:00648B8C LDR.W R9, [R9] ; "valueWithPointer:"

    __text:00648B90 STR R0, [sP,#0x70+var_58]

    __text:00648B92 MOV R0, R12

    __text:00648B94 STR R1, [sP,#0x70+var_5C]

    __text:00648B96 MOV R1, R9

    __text:00648B98 STR R2, [sP,#0x70+var_60]

    __text:00648B9A MOV R2, LR

    __text:00648B9C LDR.W R9, [sP,#0x70+var_5C]

    __text:00648BA0 STR R3, [sP,#0x70+var_64]

    __text:00648BA2 BLX R9

    __text:00648BA4 LDR R1, [sP,#0x70+var_24]

    __text:00648BA6 LDR R2, [sP,#0x70+var_64]

    __text:00648BA8 LDR R3, [R2]

    __text:00648BAA LDR.W R9, [sP,#0x70+var_58]

    __text:00648BAE STR R0, [sP,#0x70+var_68]

    __text:00648BB0 MOV R0, R9

    __text:00648BB2 STR R1, [sP,#0x70+var_6C]

    __text:00648BB4 MOV R1, R3

    __text:00648BB6 LDR R2, [sP,#0x70+var_68]

    __text:00648BB8 LDR R3, [sP,#0x70+var_6C]

    __text:00648BBA LDR.W R9, [sP,#0x70+var_60]

    __text:00648BBE BLX R9

    __text:00648BC0 LDR R0, [sP,#0x70+var_30]

    __text:00648BC2 STR R0, [sP,#0x70+var_18]

     

    And I was not really sure about what to do with any of this. I feel like changing these four lines would do the trick, but I really have no idea what to change them to.

     

    __text:00648B3C LDR R1, [sP,#0x70+handle]

    __text:00648B3E STR R0, [sP,#0x70+symbol]

    __text:00648B40 MOV R0, R1 ; handle

    __text:00648B42 LDR R1, [sP,#0x70+symbol] ; symbol

    __text:00648B44 BLX _dlsym ----> I wouldn't change this, I just put it there for clarity.

     

    So, not knowing really what to do there I xref'ed to operand loc_648B04 and got this:

     

    __text:00648A50 loc_648A50 ; CODE XREF: sub_648A04+1Ej

    __text:00648A50 ; sub_648A04:loc_648A4Ej

    __text:00648A50 MOVS R0, #0

    __text:00648A56 MOV R1, #(_objc_msgSend_ptr - 0x648A62)

    __text:00648A5E ADD R1, PC ; _objc_msgSend_ptr

    __text:00648A60 LDR R1, [R1] ; __imp__objc_msgSend

    __text:00648A62 MOV R2, R1

    __text:00648A64 MOV R3, #(selRef_objectForKey_ - 0x648A70)

    __text:00648A6C ADD R3, PC ; selRef_objectForKey_

    __text:00648A6E MOV R9, #(dword_B062A4 - 0x648A7A)

    __text:00648A76 ADD R9, PC ; dword_B062A4

    __text:00648A78 MOV R12, #(stru_AE58E0 - 0x648A84) ; "%@:%@"

    __text:00648A80 ADD R12, PC ; "%@:%@"

    __text:00648A82 MOV LR, #(selRef_stringWithFormat_ - 0x648A8E)

    __text:00648A8A ADD LR, PC ; selRef_stringWithFormat_

    __text:00648A8C MOV R4, #(classRef_NSString - 0x648A98)

    __text:00648A94 ADD R4, PC ; classRef_NSString

    __text:00648A96 LDR R4, [R4] ; _OBJC_CLASS_$_NSString

    __text:00648A98 LDR R5, [sP,#0x70+var_1C]

    __text:00648A9A LDR R6, [sP,#0x70+var_20]

    __text:00648A9C LDR.W LR, [LR] ; "stringWithFormat:"

    __text:00648AA0 STR R0, [sP,#0x70+var_34]

    __text:00648AA2 MOV R0, R4

    __text:00648AA4 STR R1, [sP,#0x70+var_38]

    __text:00648AA6 MOV R1, LR

    __text:00648AA8 STR R2, [sP,#0x70+var_3C]

    __text:00648AAA MOV R2, R12

    __text:00648AAC STR R3, [sP,#0x70+var_40]

    __text:00648AAE MOV R3, R5

    __text:00648AB0 STR R6, [sP,#0x70+var_70]

    __text:00648AB2 LDR.W R12, [sP,#0x70+var_38]

    __text:00648AB6 STR.W R9, [sP,#0x70+var_44]

    __text:00648ABA BLX R12

    __text:00648ABC STR R0, [sP,#0x70+var_24]

    __text:00648ABE LDR R0, [sP,#0x70+var_44]

    __text:00648AC0 LDR R1, [R0]

    __text:00648AC2 LDR R2, [sP,#0x70+var_24]

    __text:00648AC4 LDR R3, [sP,#0x70+var_40]

    __text:00648AC6 LDR.W R9, [R3]

    __text:00648ACA MOV R0, R1

    __text:00648ACC MOV R1, R9

    __text:00648ACE LDR.W R9, [sP,#0x70+var_3C]

    __text:00648AD2 BLX R9

    __text:00648AD4 STR R0, [sP,#0x70+var_28]

    __text:00648AD6 LDR R0, [sP,#0x70+var_28]

    __text:00648AD8 LDR R1, [sP,#0x70+var_34]

    __text:00648ADA CMP R0, R1

    __text:00648ADC BEQ loc_648B04

    __text:00648ADE MOV R0, #(_objc_msgSend_ptr - 0x648AEA)

    __text:00648AE6 ADD R0, PC ; _objc_msgSend_ptr

    __text:00648AE8 LDR R0, [R0] ; __imp__objc_msgSend

    __text:00648AEA MOV R1, #(selRef_pointerValue - 0x648AF6)

    __text:00648AF2 ADD R1, PC ; selRef_pointerValue

    __text:00648AF4 LDR R2, [sP,#0x70+var_28]

    __text:00648AF6 LDR R1, [R1] ; "pointerValue"

    __text:00648AF8 STR R0, [sP,#0x70+var_48]

    __text:00648AFA MOV R0, R2

    __text:00648AFC LDR R2, [sP,#0x70+var_48]

    __text:00648AFE BLX R2

    __text:00648B00 STR R0, [sP,#0x70+var_18]

    __text:00648B02 B loc_648BC4

     

    I'm pretty sure that these lines mean to

     

    __text:00648AD4 STR R0, [sP,#0x70+var_28] ----> store the value of R0 into SP+70+var_28

    __text:00648AD6 LDR R0, [sP,#0x70+var_28] ----> load SP+70+var_28 into R0

    __text:00648AD8 LDR R1, [sP,#0x70+var_34] ----> load SP+70+var_34 into R1

    __text:00648ADA CMP R0, R1 ----> compare R1 with R0

    __text:00648ADC BEQ loc_648B04 ----> branch if equal to loc_648B04

     

    I changed CMP R0, R1 to CMP R0, #0 to at least try to make it false and CMP R0, R7 because I know it would never be equal to 800 million. I'm used to having to set MOVS R1, #0x1F to MOVS R1, #0x00 to make this work, not all of this stuff.

     

    @@Laxus you said that you got it to work, would you be able to send me a binary with all of this stuff disabled? And I have a 5S, would that affect anything?

     

    Thanks everyone for trying to help, I really appreciate it :)

    Nop try this C046C046 done :)

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share
    Go to topic listing

    • Our picks

      • Bully: Anniversary Edition Cheats v1.4.1 +1 [ Dev Menu ]

        Bully: Anniversary Edition Cheats v1.4.1 +1 [ Dev Menu ]

        0xSUBZ3R0 posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Bully: Anniversary Edition by Rockstar Games, Inc.
        Bundle ID: com.rockstargames.bully
        iTunes Store Link: https://apps.apple.com/us/app/bully-anniversary-edition/id1148321705?uo=4&at=1010lce4


        Hack Features:
        Jump to (will lose current progress)
        - Ability to jump to any Mission in-game. From Chapter 1 to Chapter 6.
        - Ability to jump to any Classes in-game. Art, Biology, Gym, Geography, Math, English, Chemistry, Music, Photography, Shop.
        - Ability to play any Minigames such as Arcade, Mowing House 1/2/3, Mowing Part 1/2/3, Paper Route Intro, Paper Route, Keep Ups, Penalty Shots, Bike Store & Tattoos.
        - Teleport to any location in-game. Asylum (Ouside), Blue Skies Industrial Part (Trailer Part), Bullworth Town (Outside), Carnival (Outside), New Coventry (Outside), Old Bullworth Gardens (Park), Old Bullworth Vale (Town), High Striker (Carnival Games), etc, etc. 
         
        Interrupt time-space continuum
        - Ability to Change Time.
        - Ability to Change Season. Summer, Fall, Winter, Spring.
        - Cycle Weather.
         
        Cheats
        - Toggle FPS (Display and Frames Per Second counter at the bottom of your screen).
        - Heal (Heal yourself).
        - Give Money (Give yourself unlimited money. The more you tap on this option the more money you will get).
        - Disable Crime
        - Give Bike
        - Invulnerability a.k.a God Mode / Never Die
        - Unlimited Sprint
        - Unlimited Ammo
        - Max Ammo
        - One Shot Kills
        - All Pranks
        - All Weapons
        - All Moves
        - All Grapples
        - All Clothing
        - Pass mission (Pass your current mission with success).
        - Fail mission (Fail your current mission).
         

        Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/topic/135424-bully-anniversary-edition-v11-jailed-cheats-1-debug-menu/


        iOS Hack Download Link: https://iosgods.com/topic/113583-bully-anniversary-edition-cheats-v11-1-dev-menu/
          • Informative
          • Haha
          • Thanks
          • Like
        • 1,321 replies
        Laxus

        Picked By

        Laxus ,
      • SimCity BuildIt Cheats v1.66.1 +1 [ Freeze Currencies ]

        SimCity BuildIt Cheats v1.66.1 +1 [ Freeze Currencies ]

        Laxus posted a topic in ViP Cheats,

        Modded/Hacked App: SimCity BuildIt By EA Swiss Sarl
        Bundle ID: com.ea.simcitymobile.bv
        iTunes Store Link: https://apps.apple.com/us/app/simcity-buildit/id913292932?uo=4


        Hack Features:
        - Infinite Currencies


        Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/topic/124792-arm64-simcity-buildit-v1412-jailed-cheats-1/


        iOS Hack Download Link: https://iosgods.com/topic/157687-simcity-buildit-cheats-v1415-1/
          • Informative
          • Agree
          • Thanks
          • Winner
          • Like
        • 669 replies
        Laxus

        Picked By

        Laxus ,
      • Aqua Match Cheats v0.230.1 +5

        Aqua Match Cheats v0.230.1 +5

        Laxus posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Aqua Match By PLR Worldwide Sales Limited
        Bundle ID: com.playrix.aquamatch
        App Store Link: https://apps.apple.com/us/app/aqua-match/id6502511364?uo=4

         

        📌 Mod Requirements

        - Jailbroken iPhone or iPad.
        - iGameGod / Filza / iMazing.
        - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak (from Sileo, Cydia or Zebra).

         

        🤩 Hack Features

        - Freeze Moves
        - Freeze Life
        - Freeze Boosters
        - Freeze Coins
        - Freeze Gems



        ⬇️ iOS Hack Download Link: https://iosgods.com/topic/196699-aqua-match-cheats-v02301-5/
        • 2 replies
        Laxus

        Picked By

        Laxus ,
      • Star Wars™: Galaxy of Heroes Cheats v0.36.8 +8

        Star Wars™: Galaxy of Heroes Cheats v0.36.8 +8

        Rook posted a topic in ViP Cheats,

        Modded/Hacked App: Star Wars™: Galaxy of Heroes By Electronic Arts
        Bundle ID: com.ea.starwarscapital.bv
        iTunes Link: https://itunes.apple.com/us/app/star-wars-galaxy-of-heroes/id921022358?mt=8&uo=4&at=1010lce4


        Mod Requirements
        - Jailbroken iPhone/iPad/iPod Touch.
        - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
        - Cydia Substrate (from Cydia).
        - PreferenceLoader (from Cydia).


        Hack Features
        - No Skill Cooldown time / Skill Always Available. Linked with enemy. Enable when it's your turn, disable when it's enemies turn. Timing is key.
        - One Hit Kill / Very High Damage. This is linked with you and the enemy, use with Skip Enemy Turn feature or enable disable when you attack via the In-Game Mod Menu! Do not kill the last enemy with OHK otherwise the game will crash. This feature is only for x64 or ARM64 iDevices: iPhone 5s, 6, 6 Plus, 6s, 6s Plus, 7, 7 Plus, iPod Touch 6G, iPad Air, Air 2, Pro & iPad Mini 2, 3, 4 and later.
        - Always Your Turn / Skip Enemy Turn. It's always your turn, you're always attacking.
        - Auto Win. You must use this with One Hit Kill in order for it to work. Kill 1 Enemy and you will auto win the battle.
        - Only 1 Encounter on All Missions.
        -- God Mode / Never Die thanks to the features above.

        This hack is now an In-Game Mod Menu. This means you can toggle switches on/off while in a fight. Since God Mode is linked, turn it off when you're attacking and turn it on when the enemy is attacking to do damage but not receive damage. Same goes for the other features.
          • Informative
          • Agree
          • Haha
          • Thanks
          • Winner
          • Like
        • 3,130 replies
        Laxus

        Picked By

        Laxus ,
      • Homematch - Home Design Games v2.17.2 +2 Jailed Cheats [ Unlimited Currencies ]

        Homematch - Home Design Games v2.17.2 +2 Jailed Cheats [ Unlimited Currencies ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Homematch - Home Design Games By TAPBLAZE, LLC
        Bundle ID: com.tapblaze.homecraft
        iTunes Store Link: https://apps.apple.com/us/app/homematch-home-design-games/id1438898374?uo=4


        Hack Features:
        - Unlimited Coins
        - Unlimited Gems


        Jailbreak required hack(s): [Mod Menu Hack] Homematch - Home Design Games v1.92.3 +2 Cheats [ Unlimited Currencies ] - Free Jailbroken Cydia Cheats - iOSGods
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 13 replies
        Puddin

        Picked By

        Puddin,
      • Homematch - Home Design Games v2.17.2 +2 Cheats [ Unlimited Currencies ]

        Homematch - Home Design Games v2.17.2 +2 Cheats [ Unlimited Currencies ]

        Puddin posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Homematch - Home Design Games By TAPBLAZE, LLC
        Bundle ID: com.tapblaze.homecraft
        iTunes Store Link: https://apps.apple.com/us/app/homematch-home-design-games/id1438898374?uo=4


        Hack Features:
        - Unlimited Coins
        - Unlimited Gems


        Non-Jailbroken & No Jailbreak required hack(s): [Non-Jailbroken Hack] Homematch - Home Design Games v1.92.3 +2 Jailed Cheats [ Unlimited Currencies ] - Free Non-Jailbroken IPA Cheats - iOSGods
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 7 replies
        Puddin

        Picked By

        Puddin,
      • Hero's Adventure v1.2.117 +6 Jailed Cheats [ Damage & Defence ]

        Hero's Adventure v1.2.117 +6 Jailed Cheats [ Damage & Defence ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Hero's Adventure By X.D. Network Inc.
        Bundle ID: com.xd.dxlzz.global
        iTunes Store Link: https://apps.apple.com/us/app/heros-adventure/id6711347049?uo=4

         


        🤩 Hack Features

        - Damage Multiplier
        - Defence Multiplier
        - Give All Items -> Head into Settings > Other and toggle the User Agreement button.
        - Unlock All Achievements -> Head into Settings > Other and toggle the Privacy Policy button.
        -- All DLC Purchased
        -- Guest Login Enabled
        • 140 replies
        Puddin

        Picked By

        Puddin,
      • Hero's Adventure v1.2.117 +6 Cheats [ Damage & Defence ]

        Hero's Adventure v1.2.117 +6 Cheats [ Damage & Defence ]

        Puddin posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Hero's Adventure By X.D. Network Inc.
        Bundle ID: com.xd.dxlzz.global
        iTunes Store Link: https://apps.apple.com/us/app/heros-adventure/id6711347049?uo=4

         
         

        🤩 Hack Features

        - Damage Multiplier
        - Defence Multiplier
        - Give All Items -> Head into Settings > Other and toggle the User Agreement button.
        - Unlock All Achievements -> Head into Settings > Other and toggle the Privacy Policy button.
        -- All DLC Purchased
        -- Guest Login Enabled
        • 31 replies
        Puddin

        Picked By

        Puddin,
      • Pal Go: Tower Defense TD v0.3.86 [+7 Cheats]

        Pal Go: Tower Defense TD v0.3.86 [+7 Cheats]

        Cashlaz posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Pal Go: Tower Defense TD By Playwind Ltd
        Bundle ID: com.playwindgames.freedefender
        iTunes Store Link: https://apps.apple.com/us/app/pal-go-tower-defense-td/id6479316663?uo=4


         

        🚀 Hack Features

        - [VIP] Freeze Currency (Currency will not decrease when used)

        - [VIP] Currency Always Enough (Buy even when you don't have enough currency)

        - [Free] Higher Recruit Energy (Gives 500 Recruit Energy Every Wave)

        - [Free] Always Can Drag Hero

        - [Free] Skip Ads

        - [Free] No Attack Cooldown

        - [Free] Global Speed Multiplier (Enable Inside Battle)

         

        Warning


        Do not use on main account. There is a chance of ban. Not responsible for any bans.

         


        🍏 For Non-Jailbroken & No Jailbreak required hacks: https://iosgods.com/forum/79-no-jailbreak-section/
        🤖 Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        • 54 replies
        Cashlaz

        Picked By

        Cashlaz,
      • Pal Go: Tower Defense TD v0.3.86 [+7 Jailed Cheats]

        Pal Go: Tower Defense TD v0.3.86 [+7 Jailed Cheats]

        Cashlaz posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Pal Go: Tower Defense TD By Playwind Ltd
        Bundle ID: com.playwindgames.freedefender
        iTunes Store Link: https://apps.apple.com/us/app/pal-go-tower-defense-td/id6479316663?uo=4


         

        Hack Features

        - [VIP] Freeze Currency (Currency will not decrease when used)

        - [VIP] Currency Always Enough (Buy even when you don't have enough currency)

        - [Free] Higher Recruit Energy (Gives 500 Recruit Energy Every Wave)

        - [Free] Always Can Drag Hero

        - [Free] Skip Ads

        - [Free] No Attack Cooldown

        - [Free] Global Speed Multiplier (Enable Inside Battle)

         

        Warning


        Do not use on main account. There is a chance of ban. Not responsible for any bans.

         

        Jailbreak required iOS hacks: https://iosgods.com/forum/5-game-cheats-hack-requests/
        Modded Android APKs: https://iosgods.com/forum/68-android-section/
        • 79 replies
        Cashlaz

        Picked By

        Cashlaz,
      • Exfil: Loot & Extract v6.1.1 Debug Menu [+10 Cheats]

        Exfil: Loot & Extract v6.1.1 Debug Menu [+10 Cheats]

        Cashlaz posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Exfil: Loot & Extract By Kwalee Ltd
        Bundle ID: com.eightsec.roguehero
        iTunes Store Link: https://apps.apple.com/us/app/exfil-loot-extract/id6448720577?uo=4


         

        🤩 Hack Features

        - Debug Menu (Enable and debug menu will appear)
         
        • 18 replies
        Cashlaz

        Picked By

        Cashlaz,
      • Exfil: Loot & Extract v6.1.1 Debug Menu [+10 Jailed Cheats]

        Exfil: Loot & Extract v6.1.1 Debug Menu [+10 Jailed Cheats]

        Cashlaz posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Exfil: Loot & Extract By Kwalee Ltd
        Bundle ID: com.eightsec.roguehero
        iTunes Store Link: https://apps.apple.com/us/app/exfil-loot-extract/id6448720577?uo=4

         

        🤩 Hack Features

        - Debug Menu (Enable and debug menu will appear)
        • 18 replies
        Cashlaz

        Picked By

        Cashlaz,
      View All
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines