Help/Support How to find the correct hook?

[mehdiphone 7.3k 8 8.1.2]

i've watched this video made by phoenix http://iosgods.com/topic/904-tutorialvideo-hack-games-with-flex-and-convert-it-to-deb-tweak/

i don't understand how does he find the good argument for instance:

%hook LevelLayer... how does he know "levelLayer" is the good classname . Does he use IDA pro and look for the functions?

Iam new to this please help

[Rook 551k iPad Pro (2nd gen) 17.4 Donor]

He searches for "coins" and coins method has the LevelLayer class so he returns the coins to 9999.

 

You can't really know if that's the right one or if it'll work unless you test it.

 

All this is done in Flex, not IDA.

[mehdiphone 7.3k 8 8.1.2]

well where do i search for coins ? i dont get it .... all i understand is that he might have donc ctrl+F in the binary to search for strings and functions but how does he find this on iphone ?

[Rook 551k iPad Pro (2nd gen) 17.4 Donor]

well where do i search for coins ? i dont get it .... all i understand is that he might have donc ctrl+F in the binary to search for strings and functions but how does he find this on iphone ?

Did you watch the video?

 

He's using Flex 2 from Cydia. Process the app on Flex and then you can search.

[mehdiphone 7.3k 8 8.1.2]

i got it so i have to try every functions ? ty

[castix 18.4k iPhone X 12.1.1]

You often skip lots of valuable functions using Flex/2. I'll recommend you to use Class-Dump for further hacking using basic MS.

 

1. Download Class-Dump from cydia store

 

2. I showed you how to crack an app using Clutch but I will do it again

2.1 Open Terminal and type

su
alpine
Clutch   // The first time to see the binary names
Clutch "BinaryName"

2.2 Go to /var/mobile/Documents/Cracked

2.3 Click the info button of the .IPA you just cracked

2.4 Change the extension to .zip (It's .ipa.zip now)

2.5 Open the zip file and extract the binary

2.6 Go to /var/mobile/Documents/Payload and copyt the binary to /var/mobile (You can rename it to whatever you want)

 

3. Create a folder at /var/mobile/ called class-dump or something

 

4.Open Terminal again and type

su
alpine
class-dump -H /var/mobile/BinaryName -o /var/mobile/class-dump.  // Only if you named the folder class-dump

]

5. Now in this folder all the header files will appear. Feel free to go through all of them and find the best functions available !

[Rook 551k iPad Pro (2nd gen) 17.4 Donor]

i got it so i have to try every functions ? ty

Not EVERY. Just the ones you see important.

[mehdiphone 7.3k 8 8.1.2]

wow i didn't know we could do this on iphone!! that's really cool thank you !!

i hope i can make more hacks.

but for games such like modern combat IDA is a must isnt it ? there are sub_x functions...

Updated February 27, 2015 by mehdiphone

[Rook 551k iPad Pro (2nd gen) 17.4 Donor]

wow i didn't know we could do this on iphone!! that's really cool thank you !!

i hope i can make more hacks.

but for games such like modern combat IDA is a must isnt it ? there are sub_x functions...

Flex & Class Dump for sub_x functions is useless. You'll need to find the correct offset using gdb/lldb and then hacking it via IDA.

[Incognite 2.6k iPhone 5s 9.3.1]

so class dump finds more useful headers?