Jump to content
  • Sky
  • Mint
  • Azure
  • Indigo
  • Blueberry
  • Blackcurrant
  • Watermelon
  • Strawberry
  • Pomegranate
  • Ruby Red
  • Orange
  • Banana
  • Apple
  • Emerald
  • Teal
  • Chocolate
  • Slate
  • Midnight
  • Maastricht
  • Charcoal
  • Matte Black
Guest

Tutorial Static Members and Multithreading

65 posts in this topic

Recommended Posts

Guest

*BEST VIEWED ON DESKTOP*

Seriously, read my tutorial on instance variables and function pointers before reading this one. You'll be lost. This tutorial builds off of concepts from the last one.

The game is Free Fire v1.17.1. I will include everything used in this tutorial in a zip archive at the end, including an IDA database.

Hidden Content

    1. What Are Static Members?

    Have you ever seen something like this while scourging through a Unity dump?

    image.png?dl=1

    Looks like that would be fun as hell to mess around with. Or this?

    image.png?dl=1

    How can we access sUniqueEntityID? Or RunSpeed, DashSpeedScale, and CrouchSpeed? You've probably noticed static members during your Unity hacking. These are different than instance variables. While instance variables will have a copy for each object of a given class, there will only be one copy of each static member for every object. Because of this, a static member is not apart of any object. To illustrate this concept, check out this class I wrote called Apple:

    image.png?dl=1

    An apple is fresh when it hasn't been eaten. When we instantiate a new Apple object, we increment the number of fresh apples because a new Apple hasn't been eaten yet. When eat() is called on an Apple object, it is no longer fresh, so we decrement the number of fresh apples. I also included a regular instance variable that represents the name of an Apple. When an Apple is eaten, its name changes to eaten. Let's make three fresh apples and check out our static member freshApples and our instance variable name for each Apple object:

    image.png?dl=1

    The number of fresh apples is the same for every Apple instance and the name of each Apple instance is unique. Let's eat apple2 and print everything out again:

    image.png?dl=1

    Since apple2 was eaten, the number of fresh apples decremented for every object, but only apple2's name changed to eaten. Remember when I said a static member is not apart of any object? Sounds a bit confusing right? I'm a person that won't really understand something fully until I can see it proven, so using Visual Studio's debugger, we can prove that freshApples is not a part of any Apple object. I set a breakpoint on the first std::cout << "apple1: " << apple1.name << " freshApples: " << Apple::freshApples << std::endl; (line 28) and let it hit.

    image.png?dl=1

    The Locals tab displays variables that are defined in the local scope. That includes our three Apple objects. name is present, but freshApples is not. This makes sense. Why would each Apple have its own copy of something that is supposed to be shared throughout all Apples? Let's take a look at the Autos tab:

    image.png?dl=1

    The Autos tab displays variables used around the current line. Ignore the entry for apple1.name. There's our freshApples static member! It is being used to print its value to the screen. Notice that it is independent of all the other Apple objects listed. However, let's go a bit further and dive into memory. I added these four lines of code:

    image.png?dl=1

    The %p format specifier prints out a pointer, and the & operator takes the address of what it is used on. I set a breakpoint before apple2.eat() because the names of the apples would line up nicer. Because this is before apple2.eat(), freshApples is still 3, and apple2.name is still "second apple".

    image.png?dl=1

    This output confirms it. freshApples is nowhere near apple1apple2, or apple3. This supports what I said earlier about freshApples not being apart of any Apple object. Let's check out the memory around apple1apple2, and apple3:

    image.png?dl=1

    You can see the names of the apples. If freshApples was anywhere near these Apple objects, you'd see 03 somewhere in this screenshot. Here is where freshApples is kept in memory:

    image.png?dl=1

    It is stored a long way away from any of the apple objects. In like a void of nothing, kinda sp00ky. This example proves static members are not apart of the objects from the class they reside in. In memory, they reside somewhere else, far away from the class objects. However, nothing is inaccessible. If the machine can pull the value of a static member without a problem, we can too. We just have to replicate what the machine does in our own code.

    2. Accessing Static Members In A Game

    I want to remind you the game being used is Free Fire v1.17.1. Our first example will be the GameVarDef class from the very first screenshot in this tutorial. Here it is again so you don't have to constantly scroll up and down:

    image.png?dl=1

    There are so many more static members in this class. It just wouldn't be convenient to show all of them. We can disregard the readonly keyword just like we disregard private and public. We are past compile-time checks, so a compiler isn't preventing us from making changes to or accessing things when we're hacking. If we can find RunSpeed, we'll have access to every single static member in this class. Why? Check out how the memory is laid out. If RunSpeed is at X, DashSpeedScale will be at X + 0x4, CrouchSpeed will be at X + 0x8, and so on. But how can we do that? If this class holds static members that control many attributes of the game, why not search for functions like GetRunSpeed or GetDashSpeedScale? Searching for GetRunSpeed brings us to a function called GetRunSpeed() at 0x1007231E8.

    image.png?dl=1

    Let's check it out in IDA.

    image.png?dl=1

    I forgot to mention the developers added some fake code and mangled some names in the game, but not the ones we're using so we can disregard it. This function hits when you set a breakpoint on it. I wouldn't make a tutorial using a game where I couldn't figure out how to modify static members in it before. We are not looking to modify the instructions here to boost our run speed. That would defeat the entire purpose of this tutorial. At the end of this tutorial, we'll have made a hack that could modify anything in GameVarDefs via threading, pointer arithmetic, and absolutely no hooking. Anyway, back to it. There is something very interesting about this function:

    image.png?dl=1

    The main thing to take away from this is that the game ends up loading some pointer from a constant base address into X0. In this case, it is whatever 0x102b77358 points at. How do I know its constant? Because it is hardcoded in the binary. Why is this awesome for us? Well, since what we need is always going to be located at whatever 0x102b77358 is pointing to, we don't need a pointer from the game! AKA no hooking! To access normal instance variables, we'd have to hook some kind of function to get the pointer to the object so we can do a little bit of math on it. After all, the locations of those objects change every launch. Here we don't because it's constant. Let's take a look at the end of this function:

    image.png?dl=1

    Okay, so we're getting somewhere. Whatever 0x102b77358+0xa0 is pointing to gets moved into X8, and whatever X8 is pointing at seems to be our run speed and the beginning of the static members from the GameVarDef class. Before we move on, I'd like to include what I call a LDR map. This is how I visualize things in my head. Instead of seeing an entire function, I don't focus on the parts I don't need for what I'm trying to do:

    blocking_out_parts_i_dont_see_in_Get_Run

    Then I usually visualize some sort of map in my head. I tried my best to recreate what I see:

    blocking_out_parts_i_dont_see_in_Get_Run

    If it doesn't help you, please don't try and do it. Different things work for different people. Now let's try and access RunSpeed with a debugger, keeping in mind what we talked about. After attaching to Free Fire via LLDB and getting the ASLR slide, we can see what is at 0x102b77358. To see this, we can use the memory read command.

    image.png?dl=1

    Our ASLR slide is 0xa4000. 0x102b77358 looks like it is pointing to 0x50779f2e01, but since hex here is in little endian, we read the address starting from the end: 0x012e9f7750. That makes more sense. We just imitated these three instructions:

    image.png?dl=1

    Now we have to do is find out what is at 0x012e9f7750+0xa0:

    image.png?dl=1

    0x012e9f7750+0xa0 is pointing to 0x0111d59c80. We just imitated this instruction:

    image.png?dl=1

    If we were correct in our interpretation of how the game is accessing these static members, 0x0111d59c80 should point to RunSpeed. Let's see:

    image.png?dl=1

    Look at that! Not only do we see RunSpeed, we see every static member from GameVarDef after it. Floats are also not represented as "just floats" in memory, they're represented as an integer equal to their value. If we make a tiny program to convert floats to their integer representation and so on, we can see what 0x40500000 is. To get a float's integer representation and vice versa, we can use a union. A union is like a struct, but also completely different. Like a struct, it can have multiple members, but unlike a struct, all those members share the same location in memory. Very useful. I wrote something to do that a long time ago, so I'll use that here:

    image.png?dl=1

    3.25 sounds right for something called RunSpeed. But we don't know for sure. We can know for sure if we use LLDB to see what S9 holds in PlayerAttributes::GetRunSpeed.

    image.png?dl=1

    Our ASLR slide here is 0x7c000. S9 is 3.25! This confirms that the way we accessed the static members from GameVarDef is correct. And because of the way memory is laid out for the static members in GameVarDef, we can safely assume they'll all be next to each other. Before we move onto the next step, I want to quickly demonstrate that it doesn't matter if you want to access a static member from a class with other instance variables. Here's the second screenshot from this tutorial again:

    image.png?dl=1

    For this kind of thing, you'd want to find a function that fetches this static member. Thankfully, we have this in the same class:

    image.png?dl=1

    When we take a look at it in IDA, we can see the same theme of a constant base address being used to grab static members:

    image.png?dl=1

    It's the same procedure here as getting RunSpeed from GameVarDef.

    1. Move 0x102b77f18 into X19.

    2. Move whatever X19 points to into X0.

    3. Move whatever X0+0xa0 points to into X8.

    4. Load whatever X8 points to into W0, which is our unique ID.

    If the game you're working on has a class filled with static members that control very hackable aspects of it, you can take advantage of a constant base address and write the hack without any hooking!

    3. Multithreading

    Threads are awesome. Just know that. They allow you to do work simultaneously with the main thread and are so vital to how any computer works. The threads we'll be using in our hacks are POSIX threads. If you want to use POSIX threads, you need to add #include <pthread/pthread.h> to your hack. The POSIX thread datatype is pthread_t and the function we'll be using to spawn POSIX threads is pthread_create. Let's look at pthread_create.

    int pthread_create(pthread_t *thread, const pthread_attr_t *attr, void *(*start_routine) (void *), void *arg);

    pthread_create takes four arguments:

    pthread_t *thread: in short, the thread you want to spawn.

    const pthread_attr_t *attr: an object to specify thread attributes. We don't need to do this, so this is always NULL.

    void *(*start_routine) (void *): a pointer to the function you want your thread to work with. Must match that signature.

    void *arg: the arguments to start_routine. Can be NULL, a single argument, or a struct to pass multiple arguments. I hope you know why that works, that was one of the main takeaways from the previous tutorial.

     

    When a successful call to pthread_create returns, your thread will spawn and immediately begin work in the function you passed in for start_routine. Let's look at an example. Since Windows doesn't support POSIX threads, I'll be writing this program on my phone. All this program does is spawn a thread to add one to a counter every second. Here's the code, heavily commented:

    #include <stdio.h>
    #include <stdlib.h>
    #include <pthread.h>
    #include <unistd.h>
    
    // our counter variable. We need this to be global.
    int counter = 0;
    
    // the method your POSIX thread does work in MUST match this signature.
    // the return type must be void *, and there must be only one argument, which is a void *.
    void *addOneEverySecond(void *arg){
    	// we don't want the thread to only increment the counter once and then be done!
            while(1){
                    counter++;
                    printf("%d\n", counter);
    
    		// sleep puts the calling thread to sleep for however many seconds you specify.
    		// once however many seconds is up, the thread is woken back up and executes
    		// until sleep is called again, where it will be put to sleep again.
    		// this is great for easing stress on the device.
                    sleep(1);
            }
    
    	// always return NULL for our sakes
            return NULL;
    }
    
    int main(int argc, char **argv){
    	// declare our thread
            pthread_t countThread;
    	// spawn our thread
            pthread_create(&countThread, NULL, addOneEverySecond, NULL);
    
            getchar();
            return 0;
    }

    Here's what it looks like when I run this program:

    threading_gif.gif

    Pretty simple. That's all there really is to it with threads. We don't need to go into more detail for the stuff we're doing. It is best to create another thread anytime you have something that you want to do that's unrelated to what all your other threads are doing.

    4. Putting It All Together

    With threads and a bit of pointer arithmetic, we can make a hack that will successfully modify anything we want in the GameVarDef class. First of all, let's get the "outline" of our code going:

    #import <mach-o/dyld.h>
    #import <pthread/pthread.h>
    #import <substrate.h>
    
    uint64_t getASLRSlide(){
    	return _dyld_get_image_vmaddr_slide(0);
    }
    
    bool launched = false;
    
    %hook UnityAppController
    
    - (void)applicationDidBecomeActive:(id)arg0 {
    	if(!launched){
    		timer(1){
    			launched = true;
    		});
    	}
    
    	%orig;
    }

    This is the skeleton of the hack. A function to get the ASLR slide and some code to set up the initial hooks to UnityAppController. Now we can get to adding our function that our thread will do work in, as well as the thread itself:

    #import <mach-o/dyld.h>
    #import <pthread/pthread.h>
    #import <substrate.h>
    
    uint64_t getASLRSlide(){
    	return _dyld_get_image_vmaddr_slide(0);
    }
    
    void *modifyGameVarDefs(void *arg){
    	while(true){
    		sleep(1);
    	}
    	
    	return NULL;
    }
    
    bool launched = false;
    
    %hook UnityAppController
    
    - (void)applicationDidBecomeActive:(id)arg0 {
    	if(!launched){
    		timer(1){
    			pthread_t modifyGameVarDefsThread;
    			pthread_create(&modifyGameVarDefsThread, NULL, modifyGameVarDefs, NULL);
    			
    			launched = true;
    		});
    	}
    
    	%orig;
    }

    Since we don't have any arguments to modifyGameVarDefs, we give NULL as the last parameter to pthread_create. Our thread will sleep for 1 second before carrying out its work again. I am going to shift focus to modifyGameVarDefs and getASLRSlide. I will no longer be including the hooks for UnityAppController or the #include's to save space. Just imagine they're there. Now we can get to accessing the static members in GameVarDef through pointer arithmetic! Remember our base address? It's 0x102b77358. To imitate what the machine does, first we make a pointer to 0x102b77358. As always, we have to account for ASLR and check if it is NULL for safety.

    uint64_t getASLRSlide(){
    	return _dyld_get_image_vmaddr_slide(0);
    }
    
    void *modifyGameVarDefs(void *arg){
    	while(true){
    		void *baseAddress = *(void **)(getASLRSlide() + 0x102b77358);
    		
    		if(baseAddress){
    			// ...
    		}
    		
    		sleep(1);
    	}
    	
    	return NULL;
    }

    Finally, to access the static members from GameVarDef, we have to add 0xa0 to baseAddress, and check if that is NULL as well.

    uint64_t getASLRSlide(){
    	return _dyld_get_image_vmaddr_slide(0);
    }
    
    void *modifyGameVarDefs(void *arg){
    	while(true){
    		void *baseAddress = *(void **)(getASLRSlide() + 0x102b77358);
    		
    		if(baseAddress){
    			void *Defs = *(void **)((uint64_t)baseAddress + 0xa0);
    			
    			if(Defs){
    				// now we can modify any static member from GameVarDef!
    			}
    		}
    		
    		sleep(1);
    	}
    	
    	return NULL;
    }

    Like the comment says, we'd put our code to modify the static members from GameVarDef there. We are going to add the last piece of code to modify RunSpeed:

    uint64_t getASLRSlide(){
    	return _dyld_get_image_vmaddr_slide(0);
    }
    
    void *modifyGameVarDefs(void *arg){
    	while(true){
    		void *baseAddress = *(void **)(getASLRSlide() + 0x102b77358);
    		
    		if(baseAddress){
    			void *Defs = *(void **)((uint64_t)baseAddress + 0xa0);
    			
    			if(Defs){
    				// now we can modify any static member from GameVarDef!
    				*(float *)((uint64_t)Defs + 0x0) = 10.0f;
    			}
    		}
    		
    		sleep(1);
    	}
    	
    	return NULL;
    }

    Of course I didn't need the + 0x0 there, but it is better visually for a tutorial. And we're done! We've successfully modified the static member RunSpeed from the class GameVarDef via threading, pointer arithmetic, and without any hooking! This does work in game. However, we can still improve.

    5. Structs Make Everything Better

    If we wanted to change a ton of other static members in GameVarDef, we would have to constantly retype the same pointer arithmetic, constantly look back at the dump to make sure types are right and to find out what to add to Defs to access that static member. Imagine if you didn't have to do that. Remember what a struct is? A struct is something that can hold many members, so naturally, memory is laid out exactly the same way as you'd expect it to be. The first member is at struct + 0x0, the second at struct + 0x4, the third at struct + 0x8, and so on. Take a look at this screenshot again:

    image.png?dl=1

    Don't you notice something? This is laid out like a struct! If we had a struct with the first member being RunSpeed, the second being DashSpeedScale, the third being CrouchSpeed, and so on, making our struct point to baseAddress+ 0xa0 would work. Let's make a struct like described above:

    struct GameVarDef {
    	float RunSpeed; // 0x0
    	float DashSpeedScale; // 0x4
    	float CrouchSpeed; // 0x8
    };

    If we had it point to baseAddress + 0xa0, doing GameVarDef->RunSpeed = 10.0f; would be the exact same thing as *(float *)((uint64_t)Defs + 0x0) = 10.0f;, doing GameVarDef->DashSpeedScale = 5.0f; would be the exact same thing as *(float *)((uint64_t)Defs + 0x4) = 5.0f; and doing GameVarDef->CrouchSpeed = 20.0f; would be the exact same thing as *(float *)((uint64_t)Defs + 0x8) = 20.0f;. The only thing we have to be aware of is the size of each variable in the struct. Why? Because in the dump, there are some booleans that are 4 bytes, and some that are only 1 byte. If we made every boolean 4 bytes, the machine would start to overwrite other members in the struct after a supposed-to-be 1 byte boolean because of a size mismatch. Anyway, look at these two screenshots:

    image.png?dl=1

    image.png?dl=1

    See how the boolean in the first screenshot is 4 bytes and the booleans in the second screenshot are only 1 byte? That's something we need to pay attention to. In the dump, booleans are treated as a 4 byte long datatype. This is not the case for us because sizeof(bool) == 1. Before I wrote the code for this tutorial, I didn't realize sizeof(bool) didn't equal 4, so in the struct, I replaced every 1 byte bool with char. Why did I do that? sizeof(char) == 1. You don't have to do that. It was a harmless mess up on my part. What you do have to do, however, is change every 4 byte boolean to int. sizeof(int) == 4, so that will work. Here is our resulting struct:

    struct.gif

    You'll find a copy of that struct in the zip archive at the end of this tutorial. Anyway, now that we have that, it is as simple as replacing Defs datatype from a void * to GameVarDef * and then modifing anything in our new GameVarDef struct! I put that struct in its own file called GameVarDef.h because of its size. This does work in game, I tested it before writing this tutorial. Here is our finished hack:

    #import <mach-o/dyld.h>
    #import <pthread/pthread.h>
    #import <substrate.h>
    #import "GameVarDef.h"
    
    uint64_t getASLRSlide(){
    	return _dyld_get_image_vmaddr_slide(0);
    }
    
    void *modifyGameVarDefs(void *arg){
    	while(true){
    		void *baseAddress = *(void **)(getASLRSlide() + 0x102b77358);
    		
    		if(baseAddress){
    			GameVarDef *Defs = *(GameVarDef **)((uint64_t)baseAddress + 0xa0);
    			
    			if(Defs){
    				Defs->RunSpeed = 20.0f;
    				Defs->MaxJumpHeight = 20.0f;
    			}
    		}
    		
    		sleep(1);
    	}
    	
    	return NULL;
    }
    
    bool launched = false;
    
    %hook UnityAppController
    
    - (void)applicationDidBecomeActive:(id)arg0 {
    	if(!launched){
    		timer(1){
    			pthread_t modifyGameVarDefsThread;
    			pthread_create(&modifyGameVarDefsThread, NULL, modifyGameVarDefs, NULL);
    			
    			launched = true;
    		});
    	}
    
    	%orig;
    }

    Doesn't that look so much cleaner? Much more readable, also. We just made a hack to change our speed and jump height with no code injection, no hooking, threading, and pointer arithmetic. Pretty awesome. Here's our hack in game:

    giphy.gif

    6. Conclusion

    To reiterate, this is awesome because there's no hooking involved. Hooking always adds instability to our hacks. I've linked an archive with everything that I used with this tutorial. It includes the binary for 1.17.1, global-metadata.dat for 1.17.1, the IDA database for the binary, the dump, the script to rename functions in IDA, the code for the hack, and the code from StaticMembersDemo. Do not try and frankenstein the code into your own hack without thinking and complain that it doesn't work. It is a big download because of the database.

    Archive: https://iosddl.net/24cc97063ab999c0/archive.zip

    Also, I have a Github repository. I've been messing with Guitar Hero 3, and the hacks I made for that game build upon concepts from this tutorial: https://github.com/shmoo419/GH3Hacks

    Practice: If you want to try this yourself but on a different game, try accessing the static members from the Main class in Dominations.

    Harder Practice: Create a struct with all the static members from the GlobalVars class from Dominations. You'll find my GlobalVars struct below:

    If you want to see a sample hack that covers all the concepts from this tutorial, go here: https://github.com/shmoo419/DomiCrowns

    I hope you enjoyed this. Please don't be afraid to ask questions :)

Edited by Guest
Holy f*** iosddl almost broke this

Share this post


Link to post
Share on other sites
Guest
4 minutes ago, Diversityy said:

You're amazing!

thanks ^_^

Share this post


Link to post
Share on other sites
Guest
2 minutes ago, Taylor Meyer said:

I love you no homo 

no homo ?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Our picks

    • Taichi Panda v3.9.1 +3 Cheats
      Modded/Hacked App: Taichi Panda by Snail Games USA, Inc.
      Bundle ID: com.snailgamesusa.taiji
      iTunes Store Link: https://itunes.apple.com/us/app/taichi-panda/id944892716?mt=8&uo=4&at=1010lce4


      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
      - Cydia Substrate (from Cydia).
      - PreferenceLoader (from Cydia).


      Hack Features:
      - No Skill Cooldown
      - Infinite MP
      - Disable Enemy Attacks


      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/


      Hack Download Link:

      Hidden Content

      Download Hack








      Installation Instructions:
      STEP 1: Download the .deb Cydia hack file from the link above.
      STEP 2: Copy the file over to your iDevice using any of the file managers mentioned above or skip this step if you're downloading from your iDevice.
      STEP 3: Using iFile or Filza, browse to where you saved the downloaded .deb file and tap on it.
      STEP 4: Once you tap on the file, you will then need to press on 'Installer' or 'Install' from the options on your screen.
      STEP 5: Let iFile / Filza finish the cheat installation. Make sure it successfully installs, otherwise see the note below.
      STEP 6: Now open your iDevice settings and scroll down until you see the settings for this cheat and tap on it. If the hack is a Mod Menu, the cheat features can be toggled in-game.
      STEP 7: Turn on the features you want and play the game. You may need to follow further instructions inside the hack's popup in-game.

       

      NOTE: If you have any questions or problems, read our Troubleshooting topic & Frequently Asked Questions topic. If you still haven't found a solution, post your issue down below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.


      Credits:
      - @ZahirSher


      Cheat Video/Screenshots:

      N/A

       
        • Informative
        • Agree
        • Upvote
        • Haha
        • Thanks
        • Like
      • 41 replies
    • Valor Guard Tactics v1.2.1 +6 Cheats
      Modded/Hacked App: Valor Guard Tactics by GRAVITY Co., Ltd.
      Bundle ID: com.gravity.valorgt.ios
      iTunes Store Link: https://itunes.apple.com/us/app/valor-guard-tactics/id1395886192?mt=8&uo=4&at=1010lce4


      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
      - Cydia Substrate (from Cydia).
      - PreferenceLoader (from Cydia).


      Hack Features:
      - Auto Win
      - Instant Rage Fill
      - SP Hack (Spend to Gain)
      - High Skill Damage
      - Disable Tower Attacks
      - High HP (Applies to enemy hero too, use High Skill Damage to kill them)


      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/


      Hack Download Link:

      Hidden Content

      Download Hack








      Installation Instructions:
      STEP 1: Download the .deb Cydia hack file from the link above.
      STEP 2: Copy the file over to your iDevice using any of the file managers mentioned above or skip this step if you're downloading from your iDevice.
      STEP 3: Using iFile or Filza, browse to where you saved the downloaded .deb file and tap on it.
      STEP 4: Once you tap on the file, you will then need to press on 'Installer' or 'Install' from the options on your screen.
      STEP 5: Let iFile / Filza finish the cheat installation. Make sure it successfully installs, otherwise see the note below.
      STEP 6: Now open your iDevice settings and scroll down until you see the settings for this cheat and tap on it. If the hack is a Mod Menu, the cheat features can be toggled in-game.
      STEP 7: Turn on the features you want and play the game. You may need to follow further instructions inside the hack's popup in-game.

       

      NOTE: If you have any questions or problems, read our Troubleshooting topic & Frequently Asked Questions topic. If you still haven't found a solution, post your issue down below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.


      Credits:
      - @ZahirSher


      Cheat Video/Screenshots:

      N/A

       
        • Winner
        • Agree
        • Upvote
        • Thanks
        • Like
      • 52 replies
    • [ BrownDust Korea ] 턴제 RPG – 브라운더스트 v1.38.7 [ x5 Battle Speed & More ]
      Modded/Hacked App: 턴제 RPG – 브라운더스트 By NEOWIZ
      Bundle ID: com.neowizgames.game.browndust.srpg
      iTunes Store Link: https://itunes.apple.com/kr/app/턴제-rpg-브라운더스트/id1214239084?mt=8&uo=4&at=1010lce4
       

      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
      - Cydia Substrate (from Cydia).
      - PreferenceLoader (from Cydia).


      Hack Features:
      - x5 Battle Speed
      - x10 Battle Speed
      - Unlimited Inventory Space
      - Enable Battle Repeat On All Stages

      This hack is an In-Game Mod Menu (iGMM). In order to activate the Mod Menu, tap on the iOSGods button found inside the app. This hack works on the latest x64 or ARM64 iDevices: iPhone 5s, 6, 6 Plus, 6s, 6s Plus, 7, 7 Plus, 8, 8 Plus, X, Xr, Xs, Xs Max, SE, iPod Touch 6G, iPad Air, Air 2, Pro & iPad Mini 2, 3, 4 and later.


      Non-Jailbroken & No Jailbreak required hack(s): 


      Hack Download Link:

      Hidden Content

      Download Hack








      Installation Instructions:
      STEP 1: Download the .deb Cydia hack file from the link above.
      STEP 2: Copy the file over to your iDevice using any of the file managers mentioned above or skip this step if you're downloading from your iDevice.
      STEP 3: Using iFile or Filza, browse to where you saved the downloaded .deb file and tap on it.
      STEP 4: Once you tap on the file, you will then need to press on 'Installer' or 'Install' from the options on your screen.
      STEP 5: Let iFile / Filza finish the cheat installation. Make sure it successfully installs, otherwise see the note below.
      STEP 6: Now open your iDevice settings and scroll down until you see the settings for this cheat and tap on it. If the hack is a Mod Menu, the cheat features can be toggled in-game.
      STEP 7: Turn on the features you want and play the game. You may need to follow further instructions inside the hack's popup in-game.

       

      NOTE: If you have any questions or problems, read our Troubleshooting topic & Frequently Asked Questions topic. If you still haven't found a solution, post your issue down below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.


      Credits:
      - @DanYal


      Cheat Video/Screenshots:

      N/A
        • Winner
        • Like
      • 24 replies
    • [ Ruuru Idea ] るるたるイデア v01.07.00 [ Weak Enemies ]
      Modded/Hacked App: るるたるイデア By Clover Lab.,inc.
      Bundle ID: jp.cloverlab.rurutaru
      iTunes Store Link: https://itunes.apple.com/jp/app/るるたるイデア/id1434065471?mt=8&uo=4&at=1010lce4
       

      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
      - Cydia Substrate (from Cydia).
      - PreferenceLoader (from Cydia).


      Hack Features:
      - Weak Enemies - Enemies Have Low HP , DEF & ATK
        • Thanks
        • Like
      • 27 replies
    • [ Tower of Saviors ] 神魔之塔 v17.02 - [ x30 Attack & More ]
      Modded/Hacked App: 神魔之塔 By Mad Head Limited
      Bundle ID: com.madhead.tos.zh
      iTunes Store Link: https://itunes.apple.com/us/app/神魔之塔/id583798880?mt=8&uo=4&at=1010lce4
       

      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
      - Cydia Substrate (from Cydia).
      - PreferenceLoader (from Cydia).


      Hack Features:
      - x30 Attack
      - x30 HP
      - One Hit Kill
      - God Mode
        • Winner
        • Agree
        • Upvote
        • Thanks
        • Like
      • 80 replies
    • Shadowverse CCG v2.4.20 [ One Hit Kill & More ]
      Modded/Hacked App: Shadowverse CCG By Cygames, Inc.
      Bundle ID: com.cygames.Shadowverse
      iTunes Store Link: https://itunes.apple.com/us/app/shadowverse-ccg/id1091512762?mt=8&uo=4&at=1010lce4
       

      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
      - Cydia Substrate (from Cydia).
      - PreferenceLoader (from Cydia).


      Hack Features:
      - One Hit Kill
      - God Mode
      - Instant Win
        • Winner
        • Informative
        • Agree
        • Upvote
        • Haha
        • Thanks
        • Like
      • 55 replies
    • Dungeon Crusher: Soul Hunters v3.14.5 [ Freeze Currencies ]
      Modded/Hacked App: Dungeon Crusher: Soul Hunters By TOWARDS MARS LIMITED
      Bundle ID: com.towardsmars.dungeoncrusher
      iTunes Store Link: https://itunes.apple.com/ca/app/dungeon-crusher-soul-hunters/id1002431463?mt=8&uo=4&at=1010lce4
       

      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
      - Cydia Substrate (from Cydia).
      - PreferenceLoader (from Cydia).


      Hack Features:
      - Freeze Currencies  

      This hack is an In-Game Mod Menu (iGMM). In order to activate the Mod Menu, tap on the iOSGods button found inside the app. This hack works on the latest x64 or ARM64 iDevices: iPhone 5s, 6, 6 Plus, 6s, 6s Plus, 7, 7 Plus, 8, 8 Plus, X, Xr, Xs, Xs Max, SE, iPod Touch 6G, iPad Air, Air 2, Pro & iPad Mini 2, 3, 4 and later.


      Non-Jailbroken & No Jailbreak required hack(s): 
      Hack Download Link:

      Hidden Content

      Download Hack








      Installation Instructions:
      STEP 1: Download the .deb Cydia hack file from the link above.
      STEP 2: Copy the file over to your iDevice using any of the file managers mentioned above or skip this step if you're downloading from your iDevice.
      STEP 3: Using iFile or Filza, browse to where you saved the downloaded .deb file and tap on it.
      STEP 4: Once you tap on the file, you will then need to press on 'Installer' or 'Install' from the options on your screen.
      STEP 5: Let iFile / Filza finish the cheat installation. Make sure it successfully installs, otherwise see the note below.
      STEP 6: Now open your iDevice settings and scroll down until you see the settings for this cheat and tap on it. If the hack is a Mod Menu, the cheat features can be toggled in-game.
      STEP 7: Turn on the features you want and play the game. You may need to follow further instructions inside the hack's popup in-game.

       

      NOTE: If you have any questions or problems, read our Troubleshooting topic & Frequently Asked Questions topic. If you still haven't found a solution, post your issue down below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.


      Credits:
      - @DanYal


      Cheat Video/Screenshots:

      N/A
        • Winner
        • Agree
        • Thanks
        • Like
      • 21 replies
    • [ Captain Tsubasa Zero ] キャプテン翼ZERO~決めろ!ミラクルシュート~ v1.3.3 [ Combo Always Active & High Shoot Power ]
      Modded/Hacked App: キャプテン翼ZERO~決めろ!ミラクルシュート~ By GMO GP, Inc.
      Bundle ID: jp.co.gamepot.tsubasa
      iTunes Store Link: https://itunes.apple.com/jp/app/キャプテン翼zero-決めろ-ミラクルシュート/id1369857895?mt=8&ign-mpt=uo%3D4


      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
      - Cydia Substrate (from Cydia).
      - PreferenceLoader (from Cydia).


      Hack Features:
      - Combo Always Active
      - High Shoot Power 
        • Agree
        • Upvote
        • Haha
        • Thanks
        • Like
      • 73 replies
    • [ Tokyo Ghoul ] 東京喰種 :re invoke By BANDAI NAMCO Entertainment Inc. v2.1.3 [ x10 Attack & More ]
      Modded/Hacked App: 東京喰種 :re invoke By BANDAI NAMCO Entertainment Inc.
      Bundle ID: jp.co.bandainamcoent.BNEI0299
      iTunes Store Link: https://itunes.apple.com/jp/app/東京喰種-re-invoke/id1204036754?mt=8&uo=4&at=1010lce4


      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
      - Cydia Substrate (from Cydia).
      - PreferenceLoader (from Cydia).


      Hack Features:
      - x10 Attack
      - x10 HP
      - One Hit Kill
      - God Mode
      - Always Your Turn 
      - Unlimited Skills
        • Winner
        • Upvote
        • Haha
        • Thanks
        • Like
      • 41 replies
    • [ ShadowVerse Japan ] シャドウバース (Shadowverse)  v2.4.20 [ One Hit Kill & More ]
      Modded/Hacked App: シャドウバース (Shadowverse) By Cygames, Inc.
      Bundle ID: jp.co.cygames.Shadowverse
      iTunes Store Link: https://itunes.apple.com/jp/app/シャドウバース-shadowverse/id1050059017?mt=8&uo=4&at=1010lce4
       

      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
      - Cydia Substrate (from Cydia).
      - PreferenceLoader (from Cydia).


      Hack Features:
      - One Hit Kill
      - God Mode
      - Instant Win
        • Winner
        • Agree
        • Haha
        • Thanks
        • Like
      • 27 replies
    • [Smash Rising ] 僕のヒーローアカデミア SMASH RISING v2.0.25 [ Custom Stats Value & More ]
      Modded/Hacked App: 僕のヒーローアカデミア SMASH RISING By BANDAI NAMCO Entertainment Inc.
      Bundle ID: jp.co.bandainamcoent.BNEI0298
      iTunes Store Link: https://itunes.apple.com/jp/app/僕のヒーローアカデミア-smash-rising/id1204031006?mt=8&uo=4&at=1010lce4


      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
      - Cydia Substrate (from Cydia).
      - PreferenceLoader (from Cydia).


      Hack Features:
      - Stats Value - Put Your Value And Tap On Stats Value
      - x3 Stats 
      - x5 Stats
      - x10 Stats
      - No SP Cost
        • Winner
        • Informative
        • Agree
        • Upvote
        • Haha
        • Thanks
        • Like
      • 41 replies
    • RPG AVABEL ONLINE v6.38.0 [ Attack Speed Slider & More ]
      Modded/Hacked App: RPG AVABEL ONLINE By ASOBIMO,Inc.
      Bundle ID: com.asobimo.AvabelOnline
      iTunes Store Link: https://itunes.apple.com/us/app/rpg-avabel-online/id606800657?mt=8&uo=4&at=1010lce4
       

      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
      - Cydia Substrate (from Cydia).
      - PreferenceLoader (from Cydia).


      Hack Features:
      - Attack Speed - x1-10
      - Collision Range - x1-30
      - God Mode -
      - Classes Unlocked
      - Cast Speed Multiplier
      - Charge Speed Multiplier
      - Approach Speed Multiplier
      - No Roll CoolDown
        • Winner
        • Informative
        • Agree
        • Upvote
        • Haha
        • Thanks
        • Like
      • 215 replies
  • Recently Browsing   0 members

    No registered users viewing this page.


    • Administrator |
    • Global Moderator  |
    • Moderator  |
    • ViP Plus |
    • ViP Jailed |
    • ViP |
    • Cheater  |
    • Modder  |
    • Novice Cheater |
    • Rookie Modder |
    • Contributor |
    • Senior Member |
    • Member |
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy - Guidelines