[TUT] How to hack iOS games and apps

Discussion in 'Apple iOS' started by kamizoom, Apr 4, 2012 with 103 replies and 124,796 views.

?

was this Tutorial helpful?

  1. hell yeah

    38 vote(s)
    73.1%
  2. no, kami is a leecher

    14 vote(s)
    26.9%
  1. Razzile

    Razzile the mods said i suck

    Messages:
    194
    Likes Received:
    63


    you guys asked for it so here it is.

    I have spent the last 2-4 days working on this tut so I hope you like it


    There are 3 main methods for hacking iOS games. Plist editing, Hex editing and IDA (there is also GDB but it currently does not work for iOS 4.3.3+)

    Plist TuT(easy):
    Plist editing is editing apple Property list files which can be used to store your Data, i.e your gold or health. (Note Plist editing only works for certain games, not all of them)
    Requirements:

    -iFileOR
    -Plist editor for windows
    -winSCP


    (sorry about my bad pictures :p )
    Step 1 open up iFile


    Step 2:
    [​IMG]
    [​IMG]



    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    (Please note, you can use either view but text view I think is easier)

    [​IMG]

    [​IMG]

    (please note my scores are 0 because i had not played the game then, it will show your scores in the boxes)
    Now just edit your score and save

    Hex editing(easy-med):

    Hex edit your save files for lots of gold or health etc

    Recuirements
    winSCP or i-funbox or simalar
    (most of you already know how to hex edit :D )


    your save files are located in /var/mobile/applications/**your app folder**/Documents
    I will show you how to transfer the files only, i am not teaching people to hex edit. if enough people want me to teach you all i will.
    in cydia install openSSH and respring.
    download winSCP
    here
    [​IMG]


    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    this is an example of fruit ninja folders.

    just transfer the file anto your PC and edit in a hex editor. (like I said i am not making a tut for that unless enough people ask for one)


    IDA Method(med-extra hard):
    IDA hacking is by far the hardest of the 3 but also the best. all games can be IDA hacked and usually the hacks you can make are awesome
    TUT
    Requirements:
    -IDA pro 6.1+ i recommend 6.4 (the demo works fine but you may also get a cracked one)
    -winSCP or similar
    -logical thinking
    -Ldone (from the repo cydia.hackulo.us) EDIT: If you are on iOS6 this is no longer needed


    transfer the game you want to hacks binary, it is located in the yourApp.app folder and has no extention (i.e the file BloonsTD4 would be the bloonsTD4 binary)
    (in this tut we are hacking PvZ 1.9.1)


    [​IMG]


    Open IDA (idaq.exe not idau.exe if you have that)
    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]


    [​IMG]


    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]


    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    (please note, i say 1 but i mean 01 :p)
    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]


    [​IMG]

    [​IMG]

    [​IMG]

    save the file and transfer it back to your iDevice
    once back in the PvZ app folder do this:

    [​IMG]

    [​IMG]
    Useful information/FAQ
    useful codes and hexes:
    BX LR (skips entire function, useful for infinite ammo. i.e put bx lr at the start of a function like weapon::removeAmmo(int) )
    2 byte code: 70 47
    4 byte code: 1E FF 2F E1
    NOP (cheat engine users may be familiar with this) skips the code it is placed on ( for example put a NOP instead of mov r0 #2 and it skips the mov r0 #2)

    2 byte code: C0 46
    4 byte code: 0000A0E1
    Branches (branch to another part of the function or a different function)

    B (normal branch)
    2 byte: ends in E0
    4 byte: ends in EA
    BEQ (branch if equal, usually a CMP command above it and it branches if EQUAL)
    4 byte: ends in 0A
    BNE (branch if not equal, again usually a CMP command above)
    4 byte: ends in 1A
    BGT (branch if greater than, another CMP above it)
    4 byte: ends in CA
    BLT: (branch less than, CMP above)
    4 byte: ends in BA
    BL (branch link. branches to another function)
    these are really hard to calculate as the hex is different each time. if you can calculate it though the pay-off is great. you can have rocket bullets, always have full health etc
    FAQ:
    Q: what if my binary only has an ARMv6 option?
    A: use ARMv6, they still run on ARMv7 devices
    Q: how do i know if my binary is 2 byte or 4 byte?
    A: highlight any code and see if 2 bytes or 4 bytes are highlighted in Hex view in IDA
    Q: my app crashes, what should I do?
    A: you may not have signed properly, sign again and respring. or you may have edited a wrong function causing your app to be unstable
    Q: are there any other methods to IDA hacking?
    A: hell yeah, I only showed you basic IDA hacking today, there are way more advanced methods which i MAY make a tut for too at some point
    Q: My binary's functions are all sub_xxxxx commands, what do I do now?
    A: this is where the compiler throws out function names as they are not needed. in IDA press shift+f12 to open the strings window, search for gold or something here instead and double click on one and press ctrl+X to jump to the function (hard to explain in text but i will include this in my more advanced tutorial)

    I hope you like this tut, if you did it never hurts to click like ;)
    If you ever need help hacking a game or want to download some cool hacks head over to iOSCheaters and we will help

    If you are stuck on something and need help, post a comment and i will help you out :p

    -Kamizoom

    (tell me if i missed something or there is a messup in the thread)
    Last edited: Mar 1, 2014
  2. Josef Stalin

    Josef Stalin Retired Retired

    Messages:
    7,923
    Likes Received:
    2,631
    Thanks for this tutorial, I was looking for a tutorial like this :)
  3. Razzile

    Razzile the mods said i suck

    Messages:
    194
    Likes Received:
    63
    thanks, I made this because a lot of people wanted a tutorial on this :D
    William Rice and ILovePeace like this.
  4. ILovePeace

    ILovePeace Newbie

    Messages:
    2
    Likes Received:
    1
    Nice Tut Kami, is Hex editing all about:
    1) Remember the values which you want to hack.
    2) Save game
    3) Extract the save file from Document.
    4) Use Portable Hex Workshop 6 to open it.
    5) Press Ctrl F and search for the Remembered Values.
    6) Change the Remembered Values at int32.
    7) Save it!!
    8) Transfer the save file back to Document.
    9) Play the game.

    But not every Saved data can be edited, so you need IDA and Hex editing to hack the binary file.

    PS: Do you know where to download a cracked IDA pro 6.2?
    Liamk81 likes this.
  5. Razzile

    Razzile the mods said i suck

    Messages:
    194
    Likes Received:
    63
    hey, I know you lol. and yeah that is basically it :P
    ILovePeace likes this.
  6. ILovePeace

    ILovePeace Newbie

    Messages:
    2
    Likes Received:
    1
    Hahahaha, yea it's me. Peace is BACK!!

    I am currently getting IDA Pro 6.1, couldn't find IDA Pro 6.2. I hope there is a book call IDA for dummies :)
  7. superside2

    superside2 Enthusiast

    Messages:
    390
    Likes Received:
    48
    Thank you for the tutorial.
  8. Razzile

    Razzile the mods said i suck

    Messages:
    194
    Likes Received:
    63
    anytime mate ;)
  9. Fire30

    Fire30 Senior Member

    Messages:
    7,110
    Likes Received:
    2,069
    don't you also need to chmod the binary after editing it?

    chmod 775 file
  10. Clepto

    Clepto Seasoned Member

    Messages:
    2,915
    Likes Received:
    564
    I'm not sure if it's necessary, but it can't hurt to do it.
  11. Razzile

    Razzile the mods said i suck

    Messages:
    194
    Likes Received:
    63
    as far as I know ldone does this for you, (never had any problems with crashes)
  12. DNICEY

    DNICEY Enthusiast

    Messages:
    135
    Likes Received:
    7
    will this work for IMOB2
  13. Razzile

    Razzile the mods said i suck

    Messages:
    194
    Likes Received:
    63
    nope, server resets anything you change :(
  14. Tibbi64

    Tibbi64 Newbie

    Messages:
    2
    Likes Received:
    0
    Anyone know if Jurassic Park can be hacked? I'm trying but no luck. Don't know much about coding but can follow/copy steps. :) If anyone could look at it for me that would be great. I just want bucks, not really coins. Thanks,
  15. Josef Stalin

    Josef Stalin Retired Retired

    Messages:
    7,923
    Likes Received:
    2,631
    Use cydia tweak from xsellize called Iap cracker and press buy on the bucks for real money and it doesn't charge you.
  16. Brumbledum

    Brumbledum Newbie

    Messages:
    1
    Likes Received:
    0
    Do I need to jailbreak my phone to be able to connect to it? If so can you recommend a good jailbreak app?
  17. Henry Brewer

    Henry Brewer Newbie

    Messages:
    7
    Likes Received:
    1
    all games can be IDA hacked and usually the hacks you can make are awesome[​IMG]
  18. Josef Stalin

    Josef Stalin Retired Retired

    Messages:
    7,923
    Likes Received:
    2,631
    Yes you need to jailbreak. If you are on iOS 6-6.1.2 use evasi0n. If you are not, tell me you iOS version.
  19. emerald123

    emerald123 Newbie

    Messages:
    1
    Likes Received:
    0
    how to hack le vamp???

    If possible someone please tell me how to hack ice age village 1.1.4?

    I wanna learn hacking rather than paying for hacks...
  20. diskreet

    diskreet Newbie

    Messages:
    35
    Likes Received:
    1
    Can this method work on Horror Camp? or is there any hacks or mod for that game?
    Thanks Kami for this tut. been looking for it.