Jump to content
Community Announcements, Giveaways & More!

Smali Hacking Tutorial #2 (Boolean)

Ted2

By Ted2
Updated in Android Tutorials

 Share

11 posts in this topic

Recommended Posts

Ted2 Supporter

Ted2 39k
  • Donor
  •  

    • Updated
    Updated (edited)

    Hey!

     

    Long time ago, I made a Smali Hacking tutorial!

    Find it here: https://iosgods.com/topic/30729-simple-smali-hacking/

     

    Today, I wanna create a new one.

     

    This one is about boolean hacking

    boolean = FALSE/TRUE

     

    Can be written in diffrent ways:

    FALSE --> '0x0' or just '0' (smali only 0x0, atleast for what I've worked on)

    TRUE --> '0x1' or just '1' (smali also only 0x1, again atleast for what I've worked on)

     

    The game in this tutorial:

    https://play.google.com/store/apps/details?id=com.fungamesforfree.snipershooter.free&hl=nl

     

    Download the game on your pc & decompile it, how?

    https://iosgods.com/topic/43411-decompile-recompile-apk-without-a-tool-like-advancedapktool-etc/

    or use a tool:

    https://iosgods.com/topic/30893-advanced-apktool-windows-download-link/

     

     

    Once decompiled, it will look like this:

     

    foma9Xj.png

     

    Open up Sublime Text, Notepad++ or something like that.

     

    We're gonna search for functions in ALL smali files.

    How we do that is simple, once you opened Sublime Text you have a option 'Find'

    Go to 'Find' - 'Find in files', now locate the smali folder from the decompiled apk

    Will look like this:

     

    5lKIfh6.png

     

    So, for what kind of functions do we need to search?

    Well, every game is diffrent, in some you won't even success.

    Some example functions:

     

    -hasUnlocked

    -isUnlocked

    -isLocked

    -hasUpgraded

    -isUpgraded

    -has'itemofgame'

    -hasPurchased'itemofgame'

    -is'itemofgame'Purchased'

    -is'itemofgame'locked

    -is'itemofgame'unlocked

    etc etc.

     

    The game we have, includes weapons.

     

    We will try 'hasUnlocked' first:

    0 matches.

     

    We will try 'isUnlocked' & 'isLocked'

    0 matches for both

     

    We will try 'has'itemofgame' = 'hasWeapon'

    0 matches

     

    We will try 'hasPurchased'itemofgame'' = 'hasPurchasedWeapon'

    0 matches

     

    We will try 'isWeaponPurchased'

    14 Matches in 6 files.

     

    So, we got which matches in the files. This does NOT mean, it's the right one. Let's have a look :)

     

    This is what we got:

     

     

     

    Searching 3204 files for "isWeaponPurchased"

     
    ~ /Users/Joey/Desktop/apktool/ssf/smali/com/fungamesforfree/snipershooter/d/a.smali:
  823      move-result v3
  824  
  825:     invoke-virtual {v2, v3}, Lcom/fungamesforfree/snipershooter/data/GameData;->isWeaponPurchased(I)Z
  826  
  827      move-result v3
  ...
  850      move-result v3
  851  
  852:     invoke-virtual {v2, v3}, Lcom/fungamesforfree/snipershooter/data/GameData;->isWeaponPurchased(I)Z
  853  
  854      move-result v3
  ...
  875      move-result v3
  876  
  877:     invoke-virtual {v2, v3}, Lcom/fungamesforfree/snipershooter/data/GameData;->isWeaponPurchased(I)Z
  878  
  879      move-result v3
  ...
  900      move-result v3
  901  
  902:     invoke-virtual {v2, v3}, Lcom/fungamesforfree/snipershooter/data/GameData;->isWeaponPurchased(I)Z
  903  
  904      move-result v2


~ /Users/Joey/Desktop/apktool/ssf/smali/com/fungamesforfree/snipershooter/data/GameData.smali:
 1972  .end method
 1973  
 1974: .method public isWeaponPurchased(I)Z
 1975      .locals 5
 1976  


~ /Users/Joey/Desktop/apktool/ssf/smali/com/fungamesforfree/snipershooter/k.smali:
  189      aget v4, v4, v0
  190  
  191:     invoke-virtual {p0, v4}, Lcom/fungamesforfree/snipershooter/data/GameData;->isWeaponPurchased(I)Z
  192  
  193      move-result v4


~ /Users/Joey/Desktop/apktool/ssf/smali/com/fungamesforfree/snipershooter/l/dv.smali:
  837      move-result v4
  838  
  839:     invoke-virtual {v5, v4}, Lcom/fungamesforfree/snipershooter/data/GameData;->isWeaponPurchased(I)Z
  840  
  841      move-result v4
  ...
 1095      move-result v4
 1096  
 1097:     invoke-virtual {v3, v4}, Lcom/fungamesforfree/snipershooter/data/GameData;->isWeaponPurchased(I)Z
 1098  
 1099      move-result v3
 ....
 1330      move-result v4
 1331  
 1332:     invoke-virtual {v3, v4}, Lcom/fungamesforfree/snipershooter/data/GameData;->isWeaponPurchased(I)Z
 1333  
 1334      move-result v3


~ /Users/Joey/Desktop/apktool/ssf/smali/com/fungamesforfree/snipershooter/l/i.smali:
  426      move-result v5
  427  
  428:     invoke-virtual {v4, v5}, Lcom/fungamesforfree/snipershooter/data/GameData;->isWeaponPurchased(I)Z
  429  
  430      move-result v4
  ...
  732      aget v3, v3, v0
  733  
  734:     invoke-virtual {v2, v3}, Lcom/fungamesforfree/snipershooter/data/GameData;->isWeaponPurchased(I)Z
  735  
  736      move-result v3


~ /Users/Joey/Desktop/apktool/ssf/smali/com/fungamesforfree/snipershooter/o/d.smali:
  356      iget-object v7, p0, Lcom/fungamesforfree/snipershooter/o/d;->b:Lcom/fungamesforfree/snipershooter/data/GameData;
  357  
  358:     invoke-virtual {v7, v4}, Lcom/fungamesforfree/snipershooter/data/GameData;->isWeaponPurchased(I)Z
  359  
  360      move-result v4
  ...
  364      iget-object v4, p0, Lcom/fungamesforfree/snipershooter/o/d;->b:Lcom/fungamesforfree/snipershooter/data/GameData;
  365  
  366:     invoke-virtual {v4, v5}, Lcom/fungamesforfree/snipershooter/data/GameData;->isWeaponPurchased(I)Z
  367  
  368      move-result v4
  ...
  372      iget-object v4, p0, Lcom/fungamesforfree/snipershooter/o/d;->b:Lcom/fungamesforfree/snipershooter/data/GameData;
  373  
  374:     invoke-virtual {v4, v6}, Lcom/fungamesforfree/snipershooter/data/GameData;->isWeaponPurchased(I)Z
  375  
  376      move-result v4


14 matches across 6 files

     

    You see what we got?

    The one marked with '~' is the location of the .smali where our matches has been found.

    you'll see the most do locate to GameData.smali (under '~' they locate to 

    com/fungamesforfree/snipershooter/data/GameData.smali:

    OUR SECOND match IS GameData.smali, so we REALLY need to check this one out, also the name of it is intresting!

     

    So let's open the second one (double click on it in your text viewer (sublime text in my case)

    /Users/Joey/Desktop/apktool/ssf/smali/com/fungamesforfree/snipershooter/data/GameData.smali:

     

    The whole code until the function is ended, is pretty long. It's like this:

     

     

     

    method public isWeaponPurchased(I)Z    .locals 5   --> Start of function, the 'Z' means boolean.


    .prologue
    const/4 v1, 0x0


    .line 435
    invoke-static {}, Lcom/fungamesforfree/snipershooter/d/a;->l()Ljava/util/List;


    move-result-object v0


    .line 436
    invoke-virtual {p0}, Lcom/fungamesforfree/snipershooter/data/GameData;->getPurchasedWeapons()[Z


    move-result-object v2


    .line 438
    invoke-interface {v0}, Ljava/util/List;->iterator()Ljava/util/Iterator;


    move-result-object v3


    :cond_0
    invoke-interface {v3}, Ljava/util/Iterator;->hasNext()Z


    move-result v0


    if-nez v0, :cond_1


    .line 444
    array-length v0, v2


    if-ge p1, v0, :cond_2


    .line 445
    aget-boolean v0, v2, p1


    .line 448
    :goto_0
    return v0


    .line 438
    :cond_1
    invoke-interface {v3}, Ljava/util/Iterator;->next()Ljava/lang/Object;


    move-result-object v0


    check-cast v0, Lcom/fungamesforfree/snipershooter/d/a;


    .line 439
    invoke-virtual {v0}, Lcom/fungamesforfree/snipershooter/d/a;->r()I


    move-result v4


    if-ne v4, p1, :cond_0


    .line 440
    iget-object v2, p0, Lcom/fungamesforfree/snipershooter/data/GameData;->cryptoPreferences:Landroid/content/SharedPreferences;


    invoke-virtual {v0}, Lcom/fungamesforfree/snipershooter/d/a;->A()Ljava/lang/String;


    move-result-object v0


    invoke-interface {v2, v0, v1}, Landroid/content/SharedPreferences;->getBoolean(Ljava/lang/String;Z)Z


    move-result v0


    goto :goto_0


    :cond_2
    move v0, v1


    .line 448
    goto :goto_0.end method

     

     

     

    It's a long one, but actually not, the function is: 'isWeaponPurchased' & right after that we get the boolean code.

     

    This is the code we'll work with:

    .method public isWeaponPurchased(I)Z  --> Function, the 'Z' is boolean
    .locals 5

    .prologue
    const/4 v1, 0x0   --> earlier explained: 0x0 means false

    What do we do?

    Functions is:

     

    isWeaponPurchased, the code under it says NO IT IS NOT (0x0)

    SOOOOO, WE CHANGE IT TO: 0x1, because that means TRUE.

    .method public isWeaponPurchased(I)Z
    .locals 5

    .prologue
    const/4 v1, 0x1  --> changed to true

    Recompile it to a apk, sign it & test it!

     

    When you tested your .apk, you see only the last 3 weapons are unlocked, the ones you needed to purchase with real money.

    I couldn't figure out how to hack the other weapons by code, maybe I missed something.

     

    Luckily the money can be hacked with eyes closed :)

     

    Coins are written in the same smali as the weapons, search for 'getMoney'

    You'll get two matches

    -  invoke-virtual {p0}, Lcom/fungamesforfree/snipershooter/data/GameData;->getMoney()I

    - .method public getMoney()I

     

    it's the second one, because under the second one you'll find this code:

    .method public getMoney()I
    .locals 3

    .prologue
    .line 351
    iget-object v0, p0, Lcom/fungamesforfree/snipershooter/data/GameData;->preferences:Landroid/content/SharedPreferences;

    const-string v1, "e"

    const/4 v2, 0x0 ---> remove the /4 + add your own value (in hex)

    invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getInt(Ljava/lang/String;I)I

    move-result v0

    return v0
.end method

    This is how I'll code it:

    .method public getMoney()I
    .locals 3

    .prologue
    .line 351
    iget-object v0, p0, Lcom/fungamesforfree/snipershooter/data/GameData;->preferences:Landroid/content/SharedPreferences;

    const-string v1, "e"

    const v2, 0xfffffff

    invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getInt(Ljava/lang/String;I)I

    move-result v0

    return v0
.end method

    Recompile, sign it & test it.

     

    Proof:

     

     

     

    Video Tutorial: 

     

     

     

    Hope you learned something, might make a video tutorial for it too.

     

    Credits: @Ted2

     

    PS: I'm not hiding this tutorial because I want everyone be able to check it without giving me a like or reply, but if it helps. Please, hit the thanks &/or rep button :)

    Updated by Ted2
    • Like 4
    • Thanks 2
    Rook iOS God

    Rook 554.3k
  • Pixel
  •   14
  • Donor
  •  

    • Posted
    Posted

    Thanks man.. but I screwed up the spoilers & at the end the credits..

    You know how to do them right? xD

    Seems like the spoiler and credits tag was copy pasted. That's likely why it's not working.

     

    Try typing them manually and remove formatting from the

    tags. :)

    Ted2 Supporter

    Ted2 39k
  • Donor
  •  

    • Posted
    • Author
    Posted

    Seems like the spoiler and credits tag was copy pasted. That's likely why it's not working.

     

    Try typing them manually and remove formatting from the

    tags. :)

    Oh yea, I did. Thanks :D

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share
    Go to topic listing

    • Our picks

      • Kritika: The White Knights v5.18.3 +12 Cheats

        Kritika: The White Knights v5.18.3 +12 Cheats

        Rook posted a topic in ViP Cheats,

        Hacked App: Kritika: The White Knights By GAMEVIL Inc.
        iTunes Link: https://itunes.apple.com/us/app/kritika-the-white-knights/id865958296
        Bundle ID: com.gamevil.kritikam.ios.apple.global.normal


        Hack Features
        - Infinite Potions (Increase instead of decrease)
        - Infinite Mana
        - No Potion Cooldown
        - Instant EX Gauge Fill
        - God Mode in Stage Mode
        - God Mode in Tower & Monster Wave
        - God Mode in Arena & PvP (Untested)
        - Timer Hack*
        - Mao Support Always Active
        - 1 Hit Kill in Monster -> One Hit Kill was Replaced with "Monster Level 1"
        - Enemy Doesn't Attack
        - Boss Doesn't Attack
        - Enemy Doesn't Move
        - Boss Doesn't Move
        - Monster Level 1 -> Easy kills
        • 3,104 replies
        Laxus

        Picked By

        Laxus ,
      • Westland Survival - Cowboy RPG v10.4.0 +7 [ Items Cheat ]

        Westland Survival - Cowboy RPG v10.4.0 +7 [ Items Cheat ]

        Rook posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Westland Survival - Cowboy RPG By HELIO LTD
        Bundle ID: com.heliogames.a1
        iTunes Store Link: https://apps.apple.com/us/app/westland-survival-cowboy-rpg/id1339238576?uo=4


        Hack Features:
        - Unlimited Energy / Instant Energy Refills
        - Unlock All Blueprints
        - Items Duplicate When Split / Items Hack
        - Unlimited Consumable Items
        - Unlimited Item Durability
        - God Mode / Never Die -> Linked with enemies. Useful for looting.
        - One Hit Kill / High Damage -> Linked with enemies. Use with caution.


        Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 448 replies
        Laxus

        Picked By

        Laxus ,
      • Chef & Friends: Cooking Game Cheats v1.35.5 +1

        Chef & Friends: Cooking Game Cheats v1.35.5 +1

        Laxus posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Chef & Friends: Cooking Game By MYTONA Ltd.
        Bundle ID: com.mytona.cheftales
        iTunes Store Link: https://apps.apple.com/us/app/chef-friends-cooking-game/id1586951898?uo=4


        Hack Features:
        - Infinite Currencies (Hats, Coins, Gems)

        NOTE: May bug out the game so better try on your throw away account first 


        iOS Hack Download Link: https://iosgods.com/topic/178904-chef-friends-cooking-game-cheats-v141-1/
        • 32 replies
        Laxus

        Picked By

        Laxus ,
      • Cooking Diary Restaurant Game v2.44.2 Jailed Cheats +3

        Cooking Diary Restaurant Game v2.44.2 Jailed Cheats +3

        Laxus posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Cooking Diary® Restaurant Game by MyTona Pte Ltd
        Bundle ID: com.mytonallc.cookingdiary
        iTunes Store Link: https://apps.apple.com/us/app/cooking-diary-restaurant-game/id1214763610?uo=4&at=1010lce4


        Hack Features:
        - Infinite Currencies (Get some)
        - Freeze Boosters


        iOS Hack Download Link: https://iosgods.com/topic/110310-arm64-cooking-diary-restaurant-game-v1160-3/
        • 697 replies
        Laxus

        Picked By

        Laxus ,
      • [ViP Hack] WarFriends v6.0.0 +6 Cheats

        [ViP Hack] WarFriends v6.0.0 +6 Cheats

        Rook posted a topic in ViP Cheats,

        Modded/Hacked App: WarFriends: PvP Shooter Game By Chillingo Ltd
        Bundle ID: com.chillingo.warfriends
        iTunes Link: https://itunes.apple.com/us/app/warfriends-pvp-shooter-game/id979873043


        Hack Features:
        - Debug Menu -> Most/Everything from previous hack has been patched/removed. However, it will still show you some in-game stuff.
        - Free Weapon Upgrades. Instant Weapon Upgrade Delivery Times!
        - Unlimited Clips/Ammo -> Works online & offline
        - No Weapon Reload / Unlimited Ammo in Clip -> Works online & offline
        - One Hit Kill Enemies / High Damage -> Buggy Online, works well offline. Linked with enemy, so hit them first.
        - Gun Fire Rate x1000 -> Shoot bullets really, really fast. Works online too, linked to enemy. One Hit Kill Alternative if you can aim.
        This hack is an In-Game Mod Menu (iGMM). In order to activate the Mod Menu, tap your screen with 3 fingers simultaneously.

         

        Non-Jailbroken Version of this hack: https://iosgods.com/topic/44193-warfriends-v140-3-cheats-ios-10/
        • 1,771 replies
        Rook

        Picked By

        Rook,
      • Towerlands - tower defense TD v3.7.5 +2 Cheats

        Towerlands - tower defense TD v3.7.5 +2 Cheats

        Zahir posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Towerlands - tower defense TD By CHERNYE MEDVEDI, OOO
        Bundle ID: mobi.blackbears.ios.towerlands
        iTunes Store Link: https://apps.apple.com/us/app/towerlands-tower-defense-td/id1491901979?uo=4



        Hack Features:
        - Unlimited Gold
        - Unlimited Gems


        Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 349 replies
        Rook

        Picked By

        Rook,
      • Fishing Clash v1.0.398 +3 Cheats

        Fishing Clash v1.0.398 +3 Cheats

        Zahir posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Fishing Clash: Fish Game 2019 by Ten Square Games S.A.
        Bundle ID: com.tensquaregames.letsfish2
        iTunes Store Link: https://apps.apple.com/us/app/fishing-clash-fish-game-2019/id1151811380


        Hack Features:
        - Combo Always Active
        - Centered Line -> The line is always in the center zone. I didn't test enough but worked for 20 games. Duels too.
        - Line Never Breaks
        • 1,345 replies
        Rook

        Picked By

        Rook,
      • Legend of Solgard v2.53.0 - [ x Player Damage & More ]

        Legend of Solgard v2.53.0 - [ x Player Damage & More ]

        Rook posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Legend of Solgard By King
        Bundle ID: com.midasplayer.apps.solgard
        iTunes Store Link: https://apps.apple.com/us/app/legend-of-solgard/id1281263906

        Mod Requirements:
        - Jailbroken iPhone/iPad/iPod Touch.
        - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
        - Cydia Substrate or Substitute.
        - PreferenceLoader (from Cydia).


        Hack Features:
        - x Player Damage - x1 - 30
        - God Mode

        All features are unlinked and only for player, you!
        • 587 replies
        Rook

        Picked By

        Rook,
      • Legend of Solgard v2.53.0 +3 Cheat [God Mode & Damage]

        Legend of Solgard v2.53.0 +3 Cheat [God Mode & Damage]

        Rook posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Legend of Solgard By King
        Bundle ID: com.midasplayer.apps.solgard
        iTunes Store Link: https://itunes.apple.com/us/app/legend-of-solgard/id1281263906?mt=8&uo=4&at=1010lce4


        Mod Requirements:
        - Jailbroken or Non-Jailbroken iPhone/iPad/iPod Touch.
        - Sideloadly.
        - A Computer Running Windows/Mac/Linux.


        Hack Features:
        - x Player Damage - x1 - 30
        - God Mode / Never Die
        - Auto Kill Enemies

        All features are unlinked and only for player, you!
        • 200 replies
        Rook

        Picked By

        Rook,
      • Hempire - Weed Growing Game [ Auto Updating ] - Unlimited Everything!

        Hempire - Weed Growing Game [ Auto Updating ] - Unlimited Everything!

        Rook posted a topic in ViP Cheats,

        Modded/Hacked App: Hempire - Weed Growing Game By LBC Studios Inc.
        Bundle ID: ca.lbcstudios.hempire
        iTunes Store Link: https://itunes.apple.com/us/app/hempire-weed-growing-game/id1139379843


        Hack Features:
        - Unlimited Currency - Currency Hack
        - Unlimited Storage
        -- Buy anything
        -- Free Rushing/Skipping

        This hack is an In-Game Mod Menu (iGMM). In order to activate the Mod Menu, tap on the iOSGods button found inside the app.
        This hack is using the new iOSGods Auto Updater. The hack will automatically update itself to the current app version you have installed on your iDevice.
        • 1,047 replies
        Rook

        Picked By

        Rook,
      • We Are Warriors! v1.55.0 Cheats +3

        We Are Warriors! v1.55.0 Cheats +3

        Theo1357 posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: We Are Warriors! By Lessmore UG haftungsbeschraenkt
        Bundle ID: com.vjsjlqvlmp.wearewarriors
        iTunes Store Link: https://apps.apple.com/us/app/we-are-warriors/id6466648550?uo=4

         

        Mod Requirements:
        - Non-Jailbroken/Jailed or Jailbroken iPhone/iPad/iPod Touch.
        - Sideloadly / Cydia Impactor or alternatives.
        - A Computer Running Windows/macOS/Linux with iTunes installed.


        Hack Features:
        - Unlimited everything
        - Auto complete task
        • 164 replies
        Rook

        Picked By

        Rook,
      • We Are Warriors! v1.55.0 Cheats +3

        We Are Warriors! v1.55.0 Cheats +3

        Theo1357 posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: We Are Warriors! By Lessmore UG haftungsbeschraenkt
        Bundle ID: com.vjsjlqvlmp.wearewarriors
        iTunes Store Link: https://apps.apple.com/us/app/we-are-warriors/id6466648550?uo=4


        Mod Requirements:
        - Jailbroken iPhone/iPad/iPod Touch.
        - iGameGod / Filza / iMazing or any other file managers for iOS.
        - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak.
        - PreferenceLoader (from Cydia, Sileo or Zebra).


        Hack Features:
        - Unlimited everything
        - Auto complete task
        • 93 replies
        Rook

        Picked By

        Rook,
      View All
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines