Jump to content
Goggwell

Tutorial [IDA Tutorial] How to hack floats in ARM64

84 posts in this topic

Recommended Posts

This tutorial covers floats in ARM64, so I expect you to have a basic understanding of IDA and how it works. I won't be going into depth on this subject, but I will show you how I hacked a game with floats in ARM64, so you can get a grip of it.

 

Also, this tutorial will cover ground on ARM64, so I suggest you do a bit of reading up on this before continuing with the tutorial. This tutorial made by is a really good starting point for you to learn how to hack in ARM64.

 

Hidden Content

    React or reply to this topic to see the hidden content. More info

 

That was my brief tutorial on floats in ARM64. If you have any questions, please feel free to ask below!

  • Like 68
  • Thanks 21
  • Haha 5
  • Upvote 68
  • Agree 8
  • Informative 1
  • Winner 8

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By Kyle2100
      This will be an updated version of my other tutorial to help better understand the process and help with any errors. 
       
      Items that will be needed:
      PC/Mac
      ios device running 10.x+
      Nonce Setter 
      ios 11.3.1 shsh blob 
      ios 11.3.1 ipsw 
      ios 11.4.1 ipsw 
      FutureRestore 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      What is a Nonce setter? 
      Lets you set your boot-nonce so you can restore with saved blobs.
      iOS 10 nonce setter: https://mega.nz/#!EzwABYwA!_RAT-rlQrhTUrXIXBLrSqhNAlV35Nsr7pv1Ma6Au5yI
       
      iOS 11 Nonce Setter: 
      Download IPA file (Official website
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Setting The Nonce
      How to set Nonce in iOS 11.1.2

      Step 1: Connect your device to your computer.

      Step 2: Download and unzip Cydia Impactor, select Impactctor.exe, then you need to drop and drag Nonce. ipa to Cydia Impactor.

      Step 3: Enter your Apple ID and passcode wait till this the installation is complete.

      Step 4: Then there should be a Nonce app on your iPhone. Go to Settings app -> General -> Profile -> find your Apple ID and click Trust.  

      Step 5: Continue your operation till the Root Status turns into YES.

      Step 6: Back to your PC, open the SHSH 2 blobs you have saved with Notepad or other third-party software.

      Step 7: Search generator then you’ll find its value between <string> value </string>. Copy the value. 

      Step 8: Back to your iOS device, launch NonceSet1112 app, paste the value in SET/CHANGE NONCE under boot-nonce, the click Save/Restore Now. 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Set Nonce with terminal
      Make sure you have:
      MTerminal from Cydia Valid shsh2 blob(s) for iOS 10.2 (or whatever firmware you want to be able to restore to. Computer (or filza, but only gonna have instructions for a computer. You'd pretty much just do everything I say to do on the computer, but in filza) Instructions:
      1) Move shsh2 blob(s) to computer
      2) On Windows, open your blob, or a blob if you have multiple, with notepad. On Mac, change the extension from "shsh2" to "plist" (make sure you change it back to shsh2 on Mac when you're done!)
      3) Scroll to the bottom and look for the word generator, to the right should be a code that as far as I know always starts with 0x, this is your nonce generator for that blob. On Windows you can also click ctrl + f and search "generator" and it will take you to it automatically (not sure how to do this on Mac if it's even possible).
      4) in MTerminal sign into root by typing "su" then click enter and type in your password (default is "alpine", so if you haven't changed it this is what your password is)
      5) type "nvram com.apple.System.boot-nonce=your generator" without the quotations
      6) type "nvram -p" without the quotations
      If all went well you should something similar to this when you run "nvram -p"
      backlight-level <your backlight level> com.apple.System.boot-nonce <your generator> boot-args auto-boot true com.apple.System.tz0-size <your tz0 size? Not exactly sure what this is> <your username>:/var/mobile root#
      If you see something like this
      <your username>:/var/mobile root# nvram -p oblit-begins OblitType: ObliterateDataPartition. No reason given. obliteration handle_message: Obliteration Complete backlight-level <your backlight level> com.apple.System.boot-nonce <your generator> boot-args auto-boot true com.apple.System.tz0-size <your tz0 size? Not exactly sure what this is> <your username>:/var/mobile root#
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      What is a IPSW?
      IPSW''' is a file format used in iTunes to install iOS firmware.  All Apple Inc.Apple devices share the same IPSW file format for iOS firmware, allowing users to Flashing technology flash their devices through iTunes on OS X and Windows.
      Where can I download the ipsw?
      ipsw.me 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      What is FutureRestore??
      futurerestore is a hacked up idevicerestore wrapper, which allows manually specifying SEP and Baseband for restoring
       
      Where can I download FutureRestore?
      https://github.com/encounter/futurerestore/releases
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      ok, now that you know what everything is and have downloaded it all lets begin.
       
      1. Open CMD/Terminal and cd to the future restore folder (I named mine futurerestore_windows)
      example:
      cd desktop/futurerestore_windows
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      2. Open the future restore folder and drag the futurerestore.exe into the cmd
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      3. Next type this command
      -t (drag blob) -i (drag 11.4.1 ipsw) - -latest-baseband (drag 11.3.1 ipsw) 
      On devices with no sim (iPad/iPod) where it says latest baseband type:
      - -no-baseband 
      when I say drag “item” that means drag the file from the desktop into the cmd/terminal and every time you do that hit space before entering anything else
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      4. Hit enter and the process will begin 
       
      CONGRATULATIONS YOU ARE ON IOS 11.3.1

       
      if if you have any issues or errors send me a message and I can help you resolve it 
    • By SadNess1706
      Requirements:
      NewTerm
      GameGem 1.5
       
      Tutorial (Step by Step)

      Hidden Content
      React or reply to this topic to see the hidden content. More info
    • By Laxus
      Sup guys! Today i'm gonna show you how to crack an app on iOS 11. This method works with latest version of Electra (v1.0.4)
      I know there a lot of tut about this already but actually none of them worked, even if its work it still such a pain in the ass cause you need to reboot and turn off "Tweaks" inside Electra everytime to crack an app. Seriously!?
      What if I tell you there is a way to bypass this. Yes, you can crack an app whenever you want, do not require to turn off "Tweaks" inside Electra app anymore  
      So, enough chit chat. Let's get started  
      A. How to crack an app with Electra [All Versions]

      Hidden Content
      React or reply to this topic to see the hidden content. More info

      B. How to install cracked app with Electra
      Hidden Content
      React or reply to this topic to see the hidden content. More info Credits:
      - u/_exgen_ for his bfinject's fork
      - sacmuncrack for signer.sh script
      - @Laxus for a well written tutorial
      - Karen for the AppSync on iOS 11
      - CoolStar for the Electra
    • By rogojax
      First: Sorry for my bad English i hope you Understand this Tutorial!
      Hey Dawn of Titans Players! 
      Today, I'll show you how to legit hack without being banned by the system or Staff The hack is only for ViP Members! You can find it here
      I list everything you should pay attention Dont Rush the Castle too Fast! I have already done it and was banned within 30 minutes (The System bans you at this point). Dont Push the Titans with low level!  do not have Level 40 Titan at level 5 (A Staff is going to Ban you so be careful).
      Dont try to Sell the Hacked Account! This means dont write in the Global Chat that you sell your Hacked Account other Players are going to Report you.
      Dont buy too much from the God Souls Shop I got banned because i bought too much from the God Souls Shop. Dont buy too much event or exclusive relics from there, its a trap for hackers.
      I add more Points in the future.
      So please play Safe and Hack legit and dont Rush anything.
      In this Topic you can read how to unban your Device.
      Best Regards!
       
       
       
    • By Ray.SingSing.
      How to use iGMM in PUBG
      I'm sharing a guide/tutorial on how to troubleshoot iGMM for PUBG. I've consolidated most of the user issue here.

      Here are the FAQ that I'll cover in this tutorial:
      - Requirement For iGMM Activation.
      - Troubleshooting known issue. (Crash, Login)
      - X-Ray 2 Toggle.
      Tweaks requirement for IGMM:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
      Please kindly download the correct filza from BigBoss Repo. 
      - Cydia Substrate (from Cydia) or Substitute (iOS 11 onwards)
      - PreferenceLoader (from Cydia).
      Troubleshooting known issue (Crash, login)
      - Unable to get past login screen?
      Resolution: Join wifi or tether hotspot and you will be able to login the game.
      - Game crashes in iGMM menu toggling?
      Resolution: Most of the crash was due to multi-tap or tapping two toggles at the same times. Have a precise tap on each toggle to enable/disable the cheats, you will avoid getting crash.
      - Crash within 15 min before game start.
      Resolution: Uninstall the old PUBG tweak as the newly updated tweak's offset conflicted with previous version. 
      Cydia > Install > PUBG > Modify > Remove. (Make sure you delete both old & new tweak, use iCleaner Pro to clear up unused dependencies, respring and have a clean installation of new deb) 
      - Filza $bash issue
      Resolution: Make sure you install filza from BigBoss Repo.
      - Grass Hack Doesn't work some times.
      Resolution: Re-enable "Disable Grass/Trees/Wheat" Toggle and it will remove all grass. It is required to do so every time the game restarted.
      (Make sure all Grass/Trees/Wheat Closer or Farther are enabled at all times)
      - Speed Hack not working. Stutter at times.
      Resolution: Tap on the Cheat and make sure there's a ✓ on the toggle. 
      Pull the slider to choose the speed. If you notice there's stutter in-game, drop the speed to 1-1.5. 
      How to activate X-Ray 2 in lobby:
      1. Start your game, Enable toggle X-Ray 1 & 2
      2. If your screen goes dark like this:
      Black Background (fail) (screenshot)
      Turn off X-Ray 2 and close the whole game. (Leave X-Ray 1 toggle on)
      3. Repeat step 1 until you get no black background like this:
      Clean Background (working) (screenshot)
      4. Toggle on and off X-Ray 2 in game whenever you need. 
      X-Ray 1 don’t have to be turn off, it can be overlapped with X-2.
      This method might require a number of tries to enable it successfully.
      X-Ray are meant to be wall-less. Therefore, do not on X-2 at all times, use the toggles if you’re entering new location or finding enemies around you.

      Video Tutorial: 
      Method 1: Lobby

      How to activate X-Ray 2 in-Game (HIGH RISK, But higher Chance for Perfect X-2):
      1. Start your game, Enable toggle X-Ray 1
      2. Start A match (solo, duo, squad), Start off in a safer spot (far location, no enemy), Enable X-Ray 2.
      If your screen goes dark like this:
      Black Background (fail) (screenshot)
      Turn off X-Ray 2 and close the whole game. (Leave X-Ray 1 toggle on)
      3. Join Back the match you left.
      4. Repeat step 1 until you get no black background like this:
      Clean Background (working) (screenshot)
      5. Toggle on and off X-Ray 2 in game whenever you need. 
      If there's any other issue that was not reflected here, do drop me a PM or leave a reply in the post. I will look into it.

      Method 2 have the best X-Ray 2 in-game as it load full resource along with the game, but it also come with high risk.
      If everything goes well and successful, you will get a perfect blue sky instead of black sky and a full distance view of X-2.
      Video Tutorial: 
      Method 2: In-Game (Higher Chance of using Perfect X-2) 
      *Video tutorial was done in Training Room w/Black sky, I'll leave the surprise for you on getting the Perfect Blue Sky in real game*
      DM me if there's any issue or tutorial you did like to add-in this tutorial. And thanks this post if it helped you!

      Credits for this amazing patcher:
      - @0xS14T3R
      - @L1TA0
      - @shmoo
      - @DiDA
  • Recently Browsing   0 members

    No registered users viewing this page.


    • Administrator |
    • Global Moderator  |
    • Moderator  |
    • ViP Plus |
    • ViP |
    • Cheater  |
    • Modder  |
    • Novice Cheater |
    • Rookie Modder |
    • Contributor |
    • Senior Member |
    • Member |
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.