I have spent the last 2-4 days working on this tut so I hope you like it
Please Support Me By Click On My Ads !
There are 3 main methods for hacking iOS games. Plist editing, Hex editing and IDA (there is also GDB but it currently does not work for iOS 4.3.3+)
Plist TuT(easy):
Plist editing is editing apple Property list files which can be used to store your Data, i.e your gold or health. (Note Plist editing only works for certain games, not all of them)
Requirements:
-iFileOR
-Plist editor for windows
-winSCP
Step 1 open up iFile
(please note my scores are 0 because i had not played the game then, it will show your scores in the boxes)
Now just edit your score and save
Hex editing(easy-med):
Hex edit your save files for lots of gold or health etc
Recuirements
winSCP or i-funbox or simalar
(most of you already know how to hex edit 
your save files are located in /var/mobile/applications/**your app folder**/Documents
I will show you how to transfer the files only, i am not teaching people to hex edit. if enough people want me to teach you all i will.
in cydia install openSSH and respring.
download winSCP here
this is an example of fruit ninja folders.
just transfer the file anto your PC and edit in a hex editor. (like I said i am not making a tut for that unless enough people ask for one)
IDA Method(med-extra hard):
IDA hacking is by far the hardest of the 3 but also the best. all games can be IDA hacked and usually the hacks you can make are awesome
TUT
Requirements:
-IDA pro 6.1+ i recommend 6.4 (the demo works fine but you may also get a cracked one)
-winSCP or similar
-logical thinking
-Ldone (from the repo cydia.hackulo.us) EDIT: If you are on iOS6 this is no longer needed
transfer the game you want to hacks binary, it is located in the yourApp.app folder and has no extention (i.e the file BloonsTD4 would be the bloonsTD4 binary)
(in this tut we are hacking PvZ 1.9.1)
once back in the PvZ app folder do this:
useful codes and hexes:
BX LR (skips entire function, useful for infinite ammo. i.e put bx lr at the start of a function like weapon::removeAmmo(int) )
2 byte code: 70 47
4 byte code: 1E FF 2F E1
NOP (cheat engine users may be familiar with this) skips the code it is placed on ( for example put a NOP instead of mov r0 #2 and it skips the mov r0 #2)
2 byte code: C0 46
4 byte code: 0000A0E1
Branches (branch to another part of the function or a different function)
B (normal branch)
2 byte: ends in E0
4 byte: ends in EA
BEQ (branch if equal, usually a CMP command above it and it branches if EQUAL)
4 byte: ends in 0A
BNE (branch if not equal, again usually a CMP command above)
4 byte: ends in 1A
BGT (branch if greater than, another CMP above it)
4 byte: ends in CA
BLT: (branch less than, CMP above)
4 byte: ends in BA
BL (branch link. branches to another function)
these are really hard to calculate as the hex is different each time. if you can calculate it though the pay-off is great. you can have rocket bullets, always have full health etc
FAQ:
Q: what if my binary only has an ARMv6 option?
A: use ARMv6, they still run on ARMv7 devices
Q: how do i know if my binary is 2 byte or 4 byte?
A: highlight any code and see if 2 bytes or 4 bytes are highlighted in Hex view in IDA
Q: my app crashes, what should I do?
A: you may not have signed properly, sign again and respring. or you may have edited a wrong function causing your app to be unstable
Q: are there any other methods to IDA hacking?
A: hell yeah, I only showed you basic IDA hacking today, there are way more advanced methods which i MAY make a tut for too at some point
Q: My binary's functions are all sub_xxxxx commands, what do I do now?
A: this is where the compiler throws out function names as they are not needed. in IDA press shift+f12 to open the strings window, search for gold or something here instead and double click on one and press ctrl+X to jump to the function (hard to explain in text but i will include this in my more advanced tutorial)
Enregistrer un commentaire