Help/Support Why my game is crashing with my hack? ARM64 MSHooking

Piro · March 8, 2019

How are you guys

I need some help to hack a game. Im trying to set cooldown of POTION to 0 (no cooldown), but game is crashing. Someone can help me please?

Im starting, as i wrote in another help/support topic. Please, be patient and clear and, if possible, detail everything, you also starded one day

I will insert here the functions that im trying to hack, dumped by Il2CppDumper. As well the IDA Graphic View with the flow of method that im trying to hack, and my MSHookin code in Tweak.xm.

The question is, why it's crashing? Please detail...

The functions dumped by Il2CppDumper

public class PotionObject // TypeDefIndex: 5401
{
	// Fields
	[CompilerGeneratedAttribute] // RVA: 0x1018C9B6C Offset: 0x18C9B6C
	[DebuggerBrowsableAttribute] // RVA: 0x1018C9B6C Offset: 0x18C9B6C
	private float <CooldownTime>k__BackingField; // 0x10
	public SourceValue`1<int> Count; // 0x18
	public SourceValue`1<float> RemainCooldownTime; // 0x20
	protected ControllerCollection Parent; // 0x28
	public int ItemSerial; // 0x30

	// Properties
	public float CooldownTime { get; set; }
	public virtual bool IsAvailable { get; }

	// Methods
	public void .ctor(ControllerCollection parent, int potionItemSerial, int potionCount); // RVA: 0x10034A22C Offset: 0x34A22C
	[CompilerGeneratedAttribute] // RVA: 0x1018C9BA8 Offset: 0x18C9BA8
	public float get_CooldownTime(); // RVA: 0x10034A30C Offset: 0x34A30C
	[CompilerGeneratedAttribute] // RVA: 0x1018C9BB8 Offset: 0x18C9BB8
	protected void set_CooldownTime(float value); // RVA: 0x10034A314 Offset: 0x34A314
	public virtual bool get_IsAvailable(); // RVA: 0x10034A31C Offset: 0x34A31C
	public void Update(float deltaTime); // RVA: 0x10034A574 Offset: 0x34A574
	public virtual bool Use(); // RVA: 0x10034A648 Offset: 0x34A648
	public void SetCooldown(); // RVA: 0x10034A680 Offset: 0x34A680
}

The IDA graphic view

My Tweak.xm

#import <substrate.h>
#import <mach-o/dyld.h>
#import <UIKit/UIKit.h>
#include <inject.h>

%ctor {

	//Potion CoolDown Zero Test    ***CRASHING***
	inject(0x10034A6B8, 0x140080D2); //LDR   X20, [X19,#0x20] >>> MOV X0, #0
	inject(0x10034A6BC, 0xE003271E); //LDR   S8, [X19,#0x10]  >>> FMOV S8, $0

  
}

Thanks in advance for your help.

Thanks @Joey for all support until now, and thanks one more for the inject.h

TheArmKing · March 8, 2019

try injecting these instructions

00008052 // MOV X0,#0
0000271E // FMOV S0,X0
C0035FD6 // RET

at

public float get_CooldownTime(); // RVA: 0x10034A30C Offset: 0x34A30C

Joka · March 8, 2019

You can’t make hacks on iOS 12 I don’t believe.

Ted2 · March 8, 2019

1 hour ago, Joka said:

You can’t make hacks on iOS 12 I don’t believe.

my inject is based on MSHookMemory, which supports iOS 12.

btw, @Piro does it crash instantly? cause you also said in other tries it didn’t do damage.

Piro · March 9, 2019

8 hours ago, TheArmKing said:

try injecting these instructions


00008052 // MOV X0,#0
0000271E // FMOV S0,X0
C0035FD6 // RET

at


public float get_CooldownTime(); // RVA: 0x10034A30C Offset: 0x34A30C

Thanks @TheArmKing, it's "worked", but still need hook some branch, because the timer of cooldown it's not 0 =S

Piro · March 9, 2019

6 hours ago, Joey said:

my inject is based on MSHookMemory, which supports iOS 12.

btw, @Piro does it crash instantly? cause you also said in other tries it didn’t do damage.

Wasn't crashing instantly, just at moment that i touch in potion. But i was insert the wrong instruction, ArmKing help me with it.

But still not working, is the same case that you mentioned above, cooldown zero, but i can cast again until the time get back to 0. Is the same case of damage.

Piro · March 9, 2019

8 hours ago, Joka said:

You can’t make hacks on iOS 12 I don’t believe.

You're at the top of the ranking, but it never helps. 

You are incredible, but it could be even more so if you helped people with your cheating skills :)

TheArmKing · March 9, 2019

2 hours ago, Piro said:


You're at the top of the ranking, but it never helps. 

You are incredible, but it could be even more so if you helped people with your cheating skills :)

lol

Ted2 · March 9, 2019

6 hours ago, Piro said:

Wasn't crashing instantly, just at moment that i touch in potion. But i was insert the wrong instruction, ArmKing help me with it.

But still not working, is the same case that you mentioned above, cooldown zero, but i can cast again until the time get back to 0. Is the same case of damage.

probably anti-cheat, some check.

throwawayinnit · March 9, 2019

9 hours ago, Piro said:


You're at the top of the ranking, but it never helps. 

You are incredible, but it could be even more so if you helped people with your cheating skills :)

what does this even mean LOL