Jump to content

Instance Variables and Function Pointers


1,195 posts in this topic

Recommended Posts

*BEST VIEWED ON DESKTOP*

The Unity tool. I hate it. All it does is make people worse at hacking because no one is developing actual analysis skills anymore. Now all you have to do to make an awesome hack is to CTRL-F everything until you have 100 features. If you want to get good at something, take the hard route. I can't stress that enough. Anyway, when I first heard about it, I thought it just revealed method names and locations. I was surprised upon finding that not only does it reveal method names and their locations, it reveals class names, parameters, instance variables, and the location in memory where said instance variables can be found. I couldn't believe what was right in front of me because everyone was just taking advantage of visible methods and their locations.

 

This applies to non-Unity games as well. You just need to have knowledge of object oriented programming to really know how to take advantage of instance variables. I guess I could cover that in a later tutorial. Anyway, let's get started.

 

This tutorial pertains to iOS only. Not the concepts, just the tutorial.

 

Hidden Content

    *****Get the Unity tool from herehttps://github.com/Perfare/Il2CppDumper/releases

     

    Part A. Instance Variables

    1. Memory Layout

    I went to make this absolutely clear. For example, this...

    STR X3, [X0, #0x248]

    ...is telling the machine to store whatever X3 is holding (let's say ammo) in X0+0x248 (let's say X0 points to a Gun object). X0 contains the address of wherever the Gun object is held in memory. Let's say the address of the Gun object is 0x16fd27640. That means the machine is assigning whatever is at 0x16fd27640+0x248 to X3. That's why when you NOP a STR instruction, the value freezes. The machine can no longer update the value at the location of whatever you NOP'ed.

    Let's look at an actual example involving arrays:

    #include <stdio.h>
    #include <malloc.h>
    #include <conio.h>
    
    int main(){
    	int *a = (int *)malloc(sizeof(int)*4);
    	
    	free(a);
    
    	_getch();
    }

    This program allocates some memory for an array of four integers, then frees that memory. _getch() forces the machine to wait for a letter to be pressed before it terminates the program. Now I'll give the elements in this array some values:

    #include <stdio.h>
    #include <malloc.h>
    #include <conio.h>
    
    int main(){
    	int *a = (int *)malloc(sizeof(int)*4);
    	
    	a[0] = 3;
    	a[1] = 2;
    	a[2] = 4;
    	a[3] = 1;
      
    	free(a);
    
    	_getch();
      
      	return 0;
    }

    The memory map of this array would be as follows:

    	a[0]		a[1]		a[2]		a[3]
    	 3	         2                4               1

    But that's not all. Here's another equivalent way of writing the memory map:

    	*(a+0)		*(a+1)		*(a+2)		*(a+3)
    	   3	           2               4               1

    This is the way we'll be able to get and set instance variables on various objects, but that is later down the line. Why does this work? Because when the compiler sees the [] operator, it translates it into pointer addition (as well as a dereference), which is exactly what we are doing by writing *(a+X). If you're still confused, hopefully this next part will clear this up. When we created the array of four ints, the machine allocated sixteen bytes space on the heap for it (as well as a pointer for it on the stack, but that isn't important for this tutorial). Why sixteen bytes? Because the size of an int on most machines is four, and we allocated memory for four ints. 4*4=16 :) We can take a look at what the memory looks like where the array is located in Visual Studio's debugger:

    array_on_the_heap.png

    The highlighted area is where the array is located. You can see the elements in the exact order as they were declared (3, 2, 4, 1) on the heap. Now we can use our newfound knowledge of memory layout to access and modify instance variables in iOS games.

     

    2. The 'this' pointer

    In C++, the 'this' pointer is best thought of as a hidden argument in every non-static function call. (Static methods do not need to be called with a class object) It references the current instance of its class. To better illustrate this concept, I have created a tiny class called Test. Also, take note that both of Test's instance variables are private, which means I cannot access them directly. Here is Test.h:

    class Test {
    private:
    	int a;
    	int b;
    
    public:
    	Test();
    	
    	int getA() const;
    	int getB() const;
    
    	void setA(int newA);
    	void setB(int newB);
    
    	~Test();
    };

    Here is Test.cpp:

    #include "Test.h"
    
    //create a new Test object and set its instance variables to 5 and 8 respectively
    Test::Test(){
    	this->a = 5;
    	this->b = 8;
    }
    
    int Test::getA() const {
    	return this->a;
    }
    
    int Test::getB() const {
    	return this->b;
    }
    
    void Test::setA(int newA){
    	this->a = newA;
    }
    
    void Test::setB(int newB){
    	this->b = newB;
    }
    
    Test::~Test(){}

    See how I use the this pointer to get and set Test's instance variables? If I wanted to call setA, I would do this:

    Test *t = new Test();
    
    t.setA(100);

    Obviously, in assembly, we don't have the luxury of syntax. In assembly, the call to setA would look like this:

    setA(t, 100);

    t is the this pointer. In assembly, the this pointer is always the first argument to any (non-static) function. For additional clarity, if I included this method in the Test class:

    void Test::setAB(int newA, int newB){
    	this->a = newA;
    	this->b = newB;
    }

    and called setAB like this:

    Test *t = new Test();
    
    t.setAB(1000, 2000);

    The function call in assembly would be setAB(t, 1000, 2000). No matter what type the function is, however many arguments it has, or whatever class it belongs to, the this pointer is always the first argument. If the method is static, there is simply no this pointer.

     

    3. A "Hacky" Way of Getting and Setting Instance Variables

    Recall our class called Test and the array example. In the array example, our array was located at 0xba5d38, with sixteen bytes of extra space for the four elements. This is no different with our Test class. Consider this code:

    #include <stdio.h>
    #include <malloc.h>
    #include <conio.h>
    #include "Test.h"
    
    int main(){
    	Test *t = new Test();
      
    	_getch();
    
    	return 0;
    }

    The machine created a pointer to our Test object on the stack and allocated the appropriate amount of memory on the heap for its instance variables. In the Test constructor, I set a and b to 5 and 8 for visibility. Let's take a look at our memory in Visual Studio's debugger:

    test_instance_variables.png

    You can see t's instance variables on the heap! Again, since an int is four bytes on most machines, there are eight byes of memory reserved for the two instance variables. And remember, they are private. When I try and directly access the instance variable "a", I get this error:

    trying_to_access_private_instance_variab

    (side note: I changed my project directory and I forgot to change it back)

    Fortunately for us, since C++ gives us complete control over our memory, we can access and modify a without a function through pointer arithmetic! Since a is our first instance variable, it is located where our Test object is located. b is located at our test object + 0x4, and so on if we had more instance variables. And remember, t is our this pointer. Consider this code:

    int instanceVariableA = *(int *)(t + 0x0);
                                    /*---1---*/
                            /*--2--*/

    Don't be worried if this looks confusing. I'll explain this step by step. Just like with the array example, we can access data through pointer arithmetic. In the comments I've numbered each thing I am going to explain.

    1. Since t is literally just the address to its location on the heap, this is also the address to its first instance variable. Also, throughout this entire tutorial I have been including "+ 0x0" for clarity. In your code you don't have to do this.

    2. Cast whatever is at t + 0x0 to an int pointer and dereference it to access its value.

    After all that, we have successfully grabbed t's instance variable a without a function. Remember that when a Test object is created, a is set to 5 and b is set to 8.

    accessing_A_without_function.png

    if I wanted to grab b, I would replace t + 0x0 with t + 0x4.

    We can modify a in a similar manner in which we used to grab it. All we have to do is treat all of our pointer arithmetic and casting like a variable, and set it to whatever we want, like so:

    *(int *)(t + 0x0) = 1000;

    Let's see if this is successful:

    accessing_A_and_setting_it_without_funct

    Success! I call getA() to make sure that I actually did change a. Let's take a look at our memory on the heap:

    memory_on_heap_after_changing_A.png

    Sure enough, the data at where a is located changed to 0xe803. But since the hex here is in little endian, 0xe803 is actually 0x03e8, which is 1000. We successfully modified a without calling a function. This will be extremely useful when making game hacks because we won't need to call a function that may or may not be present in the game itself every time we want to modify an instance variable. Everytime we call a function from the game, a little instability is added because we don't actually know how it works, and we want as much stability as possible.

     

    4. Applying These Concepts to Game Hacks

    Why did I use a program I wrote on my computer to illustrate these concepts? Because C++ on Windows is no different than C++ on iOS. A program that counts from one to one hundred on Windows would do the exact same thing on iOS. Obviously, there are API differences, but we aren't dealing with that. Also, Visual Studio's debugger is great for showing memory. Anyway, let's say that I made a dump of some Unity game and the Player class looked like this:

    public class Player : MonoBehaviour // TypeDefIndex: 5545
    {
    	// Fields
    	private float health; // 0x18
    	private int ammo; // 0x1c
      	private float moveSpeed; // 0x20
      	private bool isDead; // 0x24
      	private Player playerLastDamaged; // 0x28
      	private bool mine; // 0x30
    
    	// Methods
    	public void .ctor(); // 0x100093720
    	private void Awake(); // 0x1000937A0
    	private void Update(); // 0x1000938FC
    	private void InitPlayer(); // 0x100094000
    	private void OnDestroy(); // 0x100094AF0
    }

    (I made every instance variable private as a proof of concept - it doesn't matter if something is public or private as shown in the last example)

    While taking a look at this, you should notice the instance variable "playerLastDamaged" is eight bytes. This is fine. Size does not matter when grabbing instance variables. You should also notice there are no accessors or setters for any of the instance variables.

    Notice the function called "Update". Any function called LateUpdate or Update is of massive use to you. Why? Because this is a non-static function that is called by Unity once per frame. If you have 60 FPS in a game, Update is being called 60 times a second. Why is this good? Think about it. We wouldn't want to get and set instance variables on a Player object that hasn't been updated for a while right? We need our most current Player object to modify, and what better way of getting it than hooking a function that is called 60 times every second? You all know how to hook a function with MSHookFunction. At least I hope so. In this example, I'm not going to show the call to MSHookFunction. Just imagine it is there. In this example, the game we are hacking is an online FPS. Everyone in the room is a Player object, and Update is called for each Player object. And for some reason, the game is so insecure that we can modify other people's instance variables non-visually. Here's how the barebones function hook would look:

    void (*Player_update)(void *player);
    
    void _Player_update(void *player){
    	Player_update(player);
    }

    Remember the previous examples. The first argument to any non-static function in assembly is the this pointer. It is best to name the this pointer the class name, because it is representing that class. We also have to use a void pointer (void *) because we don't actually have access to the Player class, only its objects. Because of this, the way we get and set instance variables will be a bit different. We also have to check if the player object isn't NULL to prevent crashes! Recall what you read about the this pointer. If the Player object is NULL, this is what the call to update would look like in C++:

    NULL.Update();

    And that doesn't make any sense, right? :p

    For this first example, we'll be giving ourselves infinite ammo, infinite health, and increased move speed, as well as making everyone else's health 1.0 and taking everyone else's ammo away.

    Obviously we don't want to apply anything bad to ourselves, so we can make use of the mine instance variable. This boolean just tells us if this Player object belongs to me. To get this instance variable, we need to do this:

    if(player != NULL){
    	bool isMine = *(int *)((uint64_t)player + 0x30); 
    }

    The one difference is casting the void pointer to uint64_t. We need to do this in order to perform pointer arithmetic on the player object. Also, a boolean in C and C++ just holds a 0 or a 1... which means we can substitute int for it.

    So far, the Update hook looks like this:

    void (*Player_update)(void *player);
    
    void _Player_update(void *player){
    	if(player != NULL){
    		bool isMine = *(int *)((uint64_t)player + 0x30);
    	}
    
    	Player_update(player);
    }

    Now that we have the mine instance variable, we can test to see if our Player object is indeed ours, and if it is, apply the hacks:

    void (*Player_update)(void *player);
    
    void _Player_update(void *player){
    	if(player != NULL){
    		bool isMine = *(int *)((uint64_t)player + 0x30);
    
    		if(isMine){
    			//ammo
    			*(int *)((uint64_t)player + 0x1c) = 999;
    
    			//health
    			*(float *)((uint64_t)player + 0x18) = 100.0f;
    
    			//increased move speed, normal is 1.0f
    			*(float *)((uint64_t)player + 0x20) = 5.0f;
    		}
    	}
    
    	Player_update(player);
    }

    That's not all we want to do, though. We want to wreak havoc on other people so we need to take everyone's ammo away and make everyone have 1.0 health.

    void (*Player_update)(void *player);
    
    void _Player_update(void *player){
    	if(player != NULL){
    		bool isMine = *(int *)((uint64_t)player + 0x30);
    
    		if(isMine){
    			//ammo
    			*(int *)((uint64_t)player + 0x1c) = 999;
    
    			//health
    			*(float *)((uint64_t)player + 0x18) = 100.0f;
    
    			//increased move speed, normal is 1.0f
    			*(float *)((uint64_t)player + 0x20) = 5.0f;
    		}
    		else{
    			//enemy ammo
    			*(int *)((uint64_t)player + 0x1c) = 0;
    
    			//enemy health
    			*(float *)((uint64_t)player + 0x18) = 1.0;
    		}
    	}
    
    	Player_update(player);
    }

    If you want to get more creative, you can make use of the "playerLastDamaged" instance variable to make a "freeze tag" hack. This hack will freeze the person you just shot, just like if you tag a person in freeze tag. Like before, we have to check if the player object is ours, and then we can access the playerLastDamaged instance variable.

    void (*Player_update)(void *player);
    
    void _Player_update(void *player){
    	if(player != NULL){
    		bool isMine = *(int *)((uint64_t)player + 0x30);
    	}
    
    	Player_update(player);
    }

    Now we have to get the playerLastDamaged instance variable. Like I said before, size does not matter. You would access it just like any other instance variable. We also have to check if it isn't NULL.

    void (*Player_update)(void *player);
    
    void _Player_update(void *player){
    	if(player != NULL){
    		bool isMine = *(int *)((uint64_t)player + 0x30);
    
    		if(isMine){
    			void *playerLastDamaged = *(void **)((uint64_t)player + 0x28);
    
    			if(playerLastDamaged != NULL){
    				
    			}
    		}
    	}
    
    	Player_update(player);
    }

    Now we have to set playerLastDamaged's moveSpeed instance variable to 0.0. Remember that playerLastDamaged is a Player object, so we have access to the Player instance variables. Again, we don't have access to the actual Player class, so we have to use a void pointer.

    void (*Player_update)(void *player);
    
    void _Player_update(void *player){
    	if(player != NULL){
    		bool isMine = *(int *)((uint64_t)player + 0x30);
    
    		if(isMine){
    			void *playerLastDamaged = *(void **)((uint64_t)player + 0x28);
    
    			if(playerLastDamaged != NULL){
    				//set person we just shot moveSpeed to 0.0
    				*(float *)((uint64_t)playerLastDamaged + 0x20) = 0.0f;
    			}
    		}
    	}
    
    	Player_update(player);
    }

    And just like that, our freeze tag hack is complete! There you have it, two full fledged hacks that work by modifying instance variables! ALWAYS REMEMBER TO CHECK ALL POINTERS TO SEE IF THEY'RE NULL!!!!

     

    Part B. Function Pointers

    Function pointers are great when you want to call a function but don't want to sacrifice stability by hooking it. This part is much simpler than instance variables. Here's an example of a function pointer in C++:

    #include <stdio.h>
    #include <conio.h>
    
    void func(){
    	printf("Hello, someone called me!\n");
    }
    
    int main(){
      	//&func takes the address of where func is kept in memory
    	void (*func_ptr)() = &func;
    
    	func_ptr();
    
    	_getch();
    
    	return 0;
    }

    We can this in action here:

    function_pointer_1.png

    The & operator takes the address of whatever it is being used on. You can think as a function pointer as a pointer to the address of where the function is in memory. The syntax here should look a bit familiar because you are creating a function pointer to the original function whenever you use MSHookFunction to hook something. But again, that adds instability to the hack. The concept here is the same on iOS, but the syntax is not as simple. First of all, let's add some new methods to our Player class from Part A:

    public class Player : MonoBehaviour // TypeDefIndex: 5545
    {
    	// Fields
    	private float health; // 0x18
    	private int ammo; // 0x1c
      	private float moveSpeed; // 0x20
      	private bool isDead; // 0x24
      	private Player playerLastDamaged; // 0x28
      	private bool mine; // 0x30
    
    	// Methods
    	public void .ctor(); // 0x100093720
    	private void Awake(); // 0x1000937A0
    	private void Update(); // 0x1000938FC
    	private void InitPlayer(); // 0x100094000
    	private void OnDestroy(); // 0x100094AF0
      	private void KillPlayer(); // 0x100095CF4
      	private void SetPlayerTeam(int team); // 0x100095FF8
      	private void RespawnPlayerAtLocation(Vector3 location, int health); // 0x10009A230
      	private int GetPlayerID(); // 0x10009B34C
      	private static void Suicide(int playerID); // 0x10009C99C
    }

    Again, it doesn't matter if a function is private or public.

    To get the correct offset with the ASLR slide, I use a function called getRealOffset. This is what it looks like:

    uint64_t getRealOffset(uint64_t offset){
        return _dyld_get_image_vmaddr_slide(0) + offset;
    }

    Now that that's out of the way, this is how to declare a function pointer:

    <type> (*<function name>)(<this pointer>, <any additional parameters>) = (<type>)(*)(void *, <types of additional parameters))getRealOffset(<offset>);

    To remember the syntax, learn to look at this as pairs. I'll add comments to pairs you should remember:

    <type> (*<function name>)(<this pointer>, <any additional parameters>) = (<type>)(*)(void *, <types of additional parameters>))getRealOffset(<offset>);
    /*A*/  /*------B------*/ /*-----------------C-----------------------*/   /*-A-*//*B*/ /*----------------C------------------*/  /*-------D--------*/

    If it is hard to tell, here's what corresponds to what:

    //A
    <type> = (<type>)
    
    //B
    (*<function name>) = (*)
    
    //C  
    (<this pointer>, <any additional parameters>) = (void *, <types of additional parameters>)
    
    //D
    getRealOffset(<offset>) has no corresponding part

    It looks really weird, but once you get used to it, it just feels right.

    Here's what the function pointers would look like for the five new methods I added:

    void (*Player_KillPlayer)(void *player) = (void (*)(void *))getRealOffset(0x100095CF4);
    void (*Player_SetTeam)(void *player, int team) = (void (*)(void *, int))getRealOffset(0x100095FF8);
    void (*Player_RespawnPlayerAtLocation)(void *player, Vector3 *location, int health) = (void (*)(void *, Vector3 *, int))getRealOffset(0x10009A230);
    int (*Player_GetPlayerID)(void *player) = (int (*)(void *))getRealOffset(0x10009B34C);
    void (*Player_Suicide)(int playerID) = (void (*)(int))getRealOffset(0x10009C99C);

    Side note - Vector3 is a class that you can recreate yourself. Notice how the last method I added was static. That's why there's no this object included in the parameters. You can call these function pointers as normal functions:

    //kill someone
    Player_KillPlayer(player);
    
    //get someone's ID
    int playerID = Player_GetPlayerID(player);
    
    //force someone with ID 1 to suicide
    Player_Suicide(1);

    Now that you know how to create and call function pointers, let's make a hack that constantly kills someone with a specific ID. For this example, it will be 10. First, we hook Update.

    //declare function pointers
    void (*Player_KillPlayer)(void *player) = (void (*)(void *))getRealOffset(0x100095CF4);
    void (*Player_SetTeam)(void *player, int team) = (void (*)(void *, int))getRealOffset(0x100095FF8);
    void (*Player_RespawnPlayerAtLocation)(void *player, Vector3 *location, int health) = (void (*)(void *, Vector3 *, int))getRealOffset(0x10009A230);
    int (*Player_GetPlayerID)(void *player) = (int (*)(void *))getRealOffset(0x10009B34C);
    void (*Player_Suicide)(int playerID) = (void (*)(int))getRealOffset(0x10009C99C);
    
    void (*Player_update)(void *player);
    
    void _Player_update(void *player){
    	Player_update(player);
    }

    Now we have to figure out which Player object is ours, because we don't want to kill ourselves in case our ID is 10.

    //declare function pointers
    void (*Player_KillPlayer)(void *player) = (void(*)(void *))getRealOffset(0x100095CF4);
    void (*Player_SetTeam)(void *player, int team) = (void(*)(void *, int))getRealOffset(0x100095FF8);
    void (*Player_RespawnPlayerAtLocation)(void *player, Vector3 *location, int health) = (void(*)(void *, Vector3 *, int))getRealOffset(0x10009A230);
    int (*Player_GetPlayerID)(void *player) = (int(*)(void *))getRealOffset(0x10009B34C);
    void (*Player_Suicide)(int playerID) = (void(*)(int))getRealOffset(0x10009C99C);
    
    void (*Player_update)(void *player);
    
    void _Player_update(void *player){
    	if(player != NULL){
    		bool isMine = *(int *)((uint64_t)player + 0x30);
    	}
    
    	Player_update(player);
    }

    Now we can check if the Player object isn't ours and then get the Player ID of the Player object if it is not ours.

    //declare function pointers
    void (*Player_KillPlayer)(void *player) = (void(*)(void *))getRealOffset(0x100095CF4);
    void (*Player_SetTeam)(void *player, int team) = (void(*)(void *, int))getRealOffset(0x100095FF8);
    void (*Player_RespawnPlayerAtLocation)(void *player, Vector3 *location, int health) = (void(*)(void *, Vector3 *, int))getRealOffset(0x10009A230);
    int (*Player_GetPlayerID)(void *player) = (int(*)(void *))getRealOffset(0x10009B34C);
    void (*Player_Suicide)(int playerID) = (void(*)(int))getRealOffset(0x10009C99C);
    
    void(*Player_update)(void *player);
    
    void _Player_update(void *player){
    	if(player != NULL){
    		bool isMine = *(int *)((uint64_t)player + 0x30);
    		
    		if(!isMine){
    			int playerID = Player_GetPlayerID(player);
    		}
    	}
    
    	Player_update(player);
    }

    Now we can check if playerID is 10, and if so, force that player to kill themselves:

    //declare function pointers
    void (*Player_KillPlayer)(void *player) = (void(*)(void *))getRealOffset(0x100095CF4);
    void (*Player_SetTeam)(void *player, int team) = (void(*)(void *, int))getRealOffset(0x100095FF8);
    void (*Player_RespawnPlayerAtLocation)(void *player, Vector3 *location, int health) = (void(*)(void *, Vector3 *, int))getRealOffset(0x10009A230);
    int (*Player_GetPlayerID)(void *player) = (int(*)(void *))getRealOffset(0x10009B34C);
    void (*Player_Suicide)(int playerID) = (void(*)(int))getRealOffset(0x10009C99C);
    
    void(*Player_update)(void *player);
    
    void _Player_update(void *player){
    	if(player != NULL){
    		bool isMine = *(int *)((uint64_t)player + 0x30);
    		
    		if(!isMine){
    			int playerID = Player_GetPlayerID(player);
    
    			if(playerID == 10){
    				Player_Suicide(playerID);
    			}
    		}
    	}
    
    	Player_update(player);
    }

    (I know this is inefficient, but it is a great way of showing use of function pointers)

    And there you have it, a hack to kill a certain player if their ID is 10 using function pointers.

     

    You can get really creative with this method of hacking! It's really addicting :p

     

    Here is an example Tweak.xm (dead trigger 2 hack): https://iosddl.net/cc637e33bdf2a037/Tweak_for_tutorial.xm

    Check out my aimbots I put on my Github: http://www.github.com/shmoo419/

 

Please let me know if you have any questions :)

 

(It took about 6 hours to write this tutorial)

Updated by Guest
Fixed all images and added a little bit of extra info
Link to comment
https://iosgods.com/topic/65529-instance-variables-and-function-pointers/
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below. For more information, please read our Posting Guidelines.
Reply to this topic... Posting Guidelines

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Our picks

    • (Resonance Solstice China) 雷索纳斯 v1.4.0 +2 Jailed Cheats
      Modded/Hacked App: 雷索纳斯 By Shanghai Leiyu Network Technology Co.,Ltd.
      Bundle ID: com.shanghaileiyu.lsns
      iTunes Store Link: https://apps.apple.com/cn/app/%E9%9B%B7%E7%B4%A2%E7%BA%B3%E6%96%AF/id6466783172?uo=4


      Mod Requirements:
      - Non-Jailbroken/Jailed or Jailbroken iPhone/iPad/iPod Touch.
      - Sideloadly / Cydia Impactor or alternatives.
      - A Computer Running Windows/macOS/Linux with iTunes installed.


      Hack Features:
      - Damage Multiplier
      - Defense Multiplier


      Jailbreak required hack(s): 


      iOS Hack Download IPA Link:

      Hidden Content

      Download via the iOSGods App








      PC Installation Instructions:
      STEP 1: If necessary, uninstall the app if you have it installed on your iDevice. Some hacked IPAs will install as a duplicate app. Make sure to back it up so you don't lose your progress.
      STEP 2: Download the pre-hacked .IPA file from the link above to your computer. To download from the iOSGods App, see this tutorial topic.
      STEP 3: Download Sideloadly and install it on your PC.
      STEP 4: Open/Run Sideloadly on your computer, connect your iOS Device, and wait until your device name shows up.
      STEP 5: Once your iDevice appears, drag the modded .IPA file you downloaded and drop it inside the Sideloadly application.
      STEP 6: You will now have to enter your iTunes/Apple ID email login, press "Start" & then you will be asked to enter your password. Go ahead and enter the required information.
      STEP 7: Wait for Sideloadly to finish sideloading/installing the hacked IPA. If there are issues during installation, please read the note below.
      STEP 8: Once the installation is complete and you see the app on your Home Screen, you will need to go to Settings -> General -> Profiles/VPN & Device Management. Once there, tap on the email you entered from step 6, and then tap on 'Trust [email protected]'.
      STEP 9: Now go to your Home Screen and open the newly installed app and everything should work fine. You may need to follow further per app instructions inside the hack's popup in-game.

      NOTE: iOS/iPadOS 16 and later, you must enable Developer Mode. For free Apple Developer accounts, you will need to repeat this process every 7 days. Jailbroken iDevices can also use Sideloadly/Filza/IPA Installer to normally install the IPA with AppSync. If you have any questions or problems, read our Sideloadly FAQ section of the topic and if you don't find a solution, please post your issue down below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.


      Credits:
      - AlyssaX64


      Cheat Video/Screenshots:

      N/A
      • 1 reply
    • (Resonance Solstice China) 雷索纳斯 v1.4.0 +2 Cheats
      Modded/Hacked App: 雷索纳斯 By Shanghai Leiyu Network Technology Co.,Ltd.
      Bundle ID: com.shanghaileiyu.lsns
      iTunes Store Link: https://apps.apple.com/cn/app/%E9%9B%B7%E7%B4%A2%E7%BA%B3%E6%96%AF/id6466783172?uo=4


      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iGameGod / Filza / iMazing or any other file managers for iOS.
      - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak.
      - PreferenceLoader (from Cydia, Sileo or Zebra).


      Hack Features:
      - Damage Multiplier
      - Defense Multiplier


      Non-Jailbroken & No Jailbreak required hack(s): 


      iOS Hack Download Link:

      Hidden Content

      Download Hack








      Installation Instructions:
      STEP 1: Download the .deb Cydia hack file from the link above. Use Safari/Google Chrome or other iOS browsers to download.
      STEP 2: Once the file has downloaded, tap on it and then you will be prompted on whether you want to open the deb with iGameGod or copy it to Filza.
      STEP 3: If necessary, tap on the downloaded file, and then, you will need to press 'Install' from the options on your screen.
      STEP 4: Let iGameGod/Filza finish the cheat installation. Make sure it successfully installs, otherwise see the note below.
      STEP 5: If the hack is a Mod Menu — which is usually the case nowadays — the cheat features can be toggled in-game. Some cheats have options that can be enabled from your iDevice settings.
      STEP 6: Turn on the features you want and play the game. You may need to follow further instructions inside the hack's popup in-game.

       

      NOTE: If you have any questions or problems, read our Troubleshooting topic & Frequently Asked Questions & Answers topic. If you still haven't found a solution, post your issue down below and we'll do our best to help! If the hack does work for you, please post your feedback below and help out other fellow members that are encountering issues.


      Credits:
      - AlyssaX64


      Cheat Video/Screenshots:

      N/A
      • 2 replies
    • Cat Snack Bar Cheats v1.0.153 +1
      Modded/Hacked App: Cat Snack Bar By treeplla Inc.
      Bundle ID: com.tree.idle.catsnackbar
      iTunes Store Link: https://apps.apple.com/us/app/cat-snack-bar/id6443895159?uo=4


      Hack Features:
      - Freeze Currencies


      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/topic/170232-cat-snack-bar-v1036-jailed-cheats-1/


      iOS Hack Download Link: https://iosgods.com/topic/170233-cat-snack-bar-cheats-v1036-1/
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 66 replies
    • Cats & Soup Cheats v2.59.1 +2
      Modded/Hacked App: Cats & Soup By HIDEA Co.,Ltd
      Bundle ID: com.hidea.cat
      iTunes Store Link: https://apps.apple.com/us/app/cats-soup/id1581431235?uo=4


      Hack Features:
      - Infinite Currencies


      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/topic/157486-cats-soup-v196-jailed-cheats-1/


      iOS Hack Download Link: https://iosgods.com/topic/157484-cats-soup-cheats-v196-1/
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 277 replies
    • Toca Boca World Modded v1.100.1 +1
      Modded/Hacked App: Toca Boca World By Toca Boca AB
      Bundle ID: com.tocaboca.tocalifeworld
      iTunes Store Link: https://apps.apple.com/us/app/toca-boca-world/id1208138685?uo=4


      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
      - Cydia Substrate (from Cydia).
      - PreferenceLoader (from Cydia).


      Hack Features:
      - Everything Purchased


      Non-Jailbroken & No Jailbreak required hack(s): 


      Hack Download Link:

      Hidden Content

      Download Hack








      Installation Instructions:
      STEP 1: Download the .deb Cydia hack file from the link above.
      STEP 2: Copy the file over to your iDevice using any of the file managers mentioned above or skip this step if you're downloading from your iDevice.
      STEP 3: Using iFile or Filza, browse to where you saved the downloaded .deb file and tap on it.
      STEP 4: Once you tap on the file, you will then need to press on 'Installer' or 'Install' from the options on your screen.
      STEP 5: Let iFile / Filza finish the cheat installation. Make sure it successfully installs, otherwise see the note below.
      STEP 6: Now open your iDevice settings and scroll down until you see the settings for this cheat and tap on it. If the hack is a Mod Menu, the cheat features can be toggled in-game.
      STEP 7: Turn on the features you want and play the game. You may need to follow further instructions inside the hack's popup in-game.

       

      NOTE: If you have any questions or problems, read our Troubleshooting topic & Frequently Asked Questions topic. If you still haven't found a solution, post your issue down below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.


      Credits:
      - @Laxus


      Cheat Video/Screenshots:

      N/A

       
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 1,324 replies
    • Alien Invasion: RPG Idle Space Cheats v4.01.00 +2
      Modded/Hacked App: Alien Invasion: RPG Idle Space By MULTICAST GAMES LIMITED
      Bundle ID: com.multicastgames.venomSurvive
      iTunes Store Link: https://apps.apple.com/us/app/alien-invasion-rpg-idle-space/id6443697602?uo=4


      Hack Features:
      - Infinite Currencies


      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/topic/167591-alien-invasion-rpg-idle-space-v204-jailed-cheats-1/


      iOS Hack Download Link: https://iosgods.com/topic/167589-alien-invasion-rpg-idle-space-cheats-v204-1/
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 383 replies
    • Idle MoonRabbit: AFK RPG Cheats v1.109.2 +4
      Modded/Hacked App: Idle MoonRabbit: AFK RPG By Able Games Co. ,Ltd.
      Bundle ID: com.TheAbleGames.DalToKi
      iTunes Store Link: https://apps.apple.com/us/app/idle-moonrabbit-afk-rpg/id1599684924?uo=4


      Hack Features:
      - Multiply Attack
      - Multiply Defense
      - Multiply Stats
      - Instant Kill


      iOS Hack Download Link: https://iosgods.com/topic/167497-idle-moonrabbit-afk-rpg-cheats-v1629-4/
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 214 replies
    • Prison Empire Tycoon-Idle Game Cheats v3.01 +2
      Modded/Hacked App: Prison Empire Tycoon-Idle Game by Digital Things Sociedad Limitada
      Bundle ID: com.codigames.idle.prison.empire.manager.tycoon
      iTunes Store Link: https://apps.apple.com/us/app/prison-empire-tycoon-idle-game/id1508490923?uo=4&at=1010lce4


      Hack Features:
      - Infinite Cash
      - No Ads


      Non-Jailbroken & No Jailbreak required hack(s):  https://iosgods.com/topic/128324-arm64-prison-empire-tycoon%EF%BC%8Didle-game-v102-jailed-cheats-2/

       
      iOS Hack Download Link: https://iosgods.com/topic/128322-arm64-prison-empire-tycoon%EF%BC%8Didle-game-cheats-all-versions-2/
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 1,140 replies
    • Into The Dead 2 Cheats v1.74.1 +11
      Modded/Hacked App: Into the Dead 2 By Prodigy Design Limited T/A Sidhe Interactive
      Bundle ID: com.pikpok.dr2.iosstore
      iTunes Store Link: https://itunes.apple.com/us/app/into-the-dead-2/id1151220243?mt=8&uo=4&at=1010lce4



      Hack Features:
      - Infinite Ammo
      - No Reload
      - One Shot Kill
      - Infinite Grenade
      - No Grenade Cooldown
      - Insane Explotion Radius after Throw Grenade
      - No Collision (God Mode)
      - Infinite Stamnia
      - ViP Services
      - Infinite Silver
      - Infinite Gold


      Hack Download Link: https://iosgods.com/topic/73337-arm64-into-the-dead-2-cheats-v1141-11/
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 1,562 replies
    • Arcana Tactics v5.0.0 Jailed Cheats +3
      Modded/Hacked App: Arcana Tactics By Com2uS Holdings Corporation
      Bundle ID: com.gamevil.arcanatactics.ios.apple.global.normal
      iTunes Store Link: https://apps.apple.com/us/app/arcana-tactics/id1521412306?uo=4

      Hack Features:
      - Multiply Attack
      - Multiply Defense
      - Auto Win


      iOS Hack Download IPA Link: https://iosgods.com/topic/185737-arcana-tactics-v480-jailed-cheats-3/
        • Agree
        • Thanks
        • Like
      • 24 replies
    • Idle Lumber Empire - Wood Game Cheats v1.11.2 +2
      Modded/Hacked App: Lumber Empire: Idle Tycoon By ADQUANTUM LTD
      Bundle ID: com.lumber.inc
      iTunes Store Link: https://apps.apple.com/us/app/lumber-empire-idle-tycoon/id1552153525?uo=4


      Hack Features:
      - Freeze Currencies


      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/topic/150641-lumber-empire-idle-tycoon-v135-jailed-cheats-1/


      iOS Hack Download Link: https://iosgods.com/topic/150640-lumber-empire-idle-tycoon-cheats-v135-1/
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 617 replies
    • [ ArKnights TW ] 明日方舟 v24.2.22 - [ x Player Damage & More ]
      Modded/Hacked App: 明日方舟 By Longcheng Ltd.
      Bundle ID: tw.txwy.ios.arknights
      iTunes Store Link: https://apps.apple.com/tw/app/明日方舟/id1490985322?uo=4&at=1010lce4


      Hack Features:
      - x Player Damage - x1 - 1000
      - x Player Defense - x1 - 1000
      - x Player Attack Speed - x1 - 10
      - Frozen Enemies
      - Instant - Kill
      - Instant - Win
      - Unlimited Skills
      - No Deploy Cost


      iOS Hack Download Link: https://iosgods.com/topic/129583-arknights-tw-%E6%98%8E%E6%97%A5%E6%96%B9%E8%88%9F-v0902-x-player-damage-more/
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 448 replies
×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines