What's new

Mobile [TUT] How to hack iOS games and apps

  • Thread starter Razzile
  • Start date
  • Views 347,368

was this Tutorial helpful?

  • hell yeah

    Votes: 53 69.7%
  • no, kami is a leecher

    Votes: 23 30.3%

  • Total voters
    76
Razzile

kamizoom

‮☄I wonder what this does‮☄
Platinum Record Frame In Gold
Messages
199
Reaction score
87
Points
85
Sin$
0
This guide is getting quite old now. While the information provided is good and useful, the demo games have gone and/or changed, the tools have updated etc. For now you can ask for help on ioscheaters. A new (more sexy) guide is on it's way though so don't fret!

you guys asked for it so here it is.

I have spent the last 2-4 days working on this tut so I hope you like it


There are 3 main methods for hacking iOS games. Plist editing, Hex editing and IDA (there is also GDB but it currently does not work for iOS 4.3.3+)

Plist TuT(easy):
Plist editing is editing apple Property list files which can be used to store your Data, i.e your gold or health. (Note Plist editing only works for certain games, not all of them)
Requirements:

-iFileOR
-Plist editor for windows
-winSCP


(sorry about my bad pictures :tongue: )
Step 1 open up iFile


Step 2:
IMG_0045.jpg

IMG_0047.jpg




IMG_0048.jpg


IMG_0049.jpg


IMG_0050.jpg


IMG_0051.jpg


IMG_0052.jpg


(Please note, you can use either view but text view I think is easier)

IMG_0053.jpg


IMG_0055.jpg


(please note my scores are 0 because i had not played the game then, it will show your scores in the boxes)
Now just edit your score and save

Hex editing(easy-med):

Hex edit your save files for lots of gold or health etc

Recuirements
winSCP or i-funbox or simalar
(most of you already know how to hex edit :biggrin: )


your save files are located in /var/mobile/applications/**your app folder**/Documents
I will show you how to transfer the files only, i am not teaching people to hex edit. if enough people want me to teach you all i will.
in cydia install openSSH and respring.
download winSCP
here
winscp%20tut1.PNG



winscp%20tut3.PNG


winscp%20tut4.PNG


winscp%20tut5.PNG


winscp%20tut6.PNG


winscp%20tut7.PNG


winscp%20tut8.PNG


winscp%20tut9.PNG


this is an example of fruit ninja folders.

just transfer the file anto your PC and edit in a hex editor. (like I said i am not making a tut for that unless enough people ask for one)


IDA Method(med-extra hard):
IDA hacking is by far the hardest of the 3 but also the best. all games can be IDA hacked and usually the hacks you can make are awesome
TUT
Requirements:
-IDA pro 6.1+ i recommend 6.4 (the demo works fine but you may also get a cracked one)
-winSCP or similar
-logical thinking
-Ldone (from the repo cydia.hackulo.us) EDIT: If you are on iOS6 this is no longer needed


transfer the game you want to hacks binary, it is located in the yourApp.app folder and has no extention (i.e the file BloonsTD4 would be the bloonsTD4 binary)
(in this tut we are hacking PvZ 1.9.1)


IDA0.PNG



Open IDA (idaq.exe not idau.exe if you have that)
IDA1.PNG


IDA2.PNG


IDA3.PNG


IDA4.PNG



IDA5.PNG



IDA6.PNG


IDA7.PNG


IDA8.PNG


IDA9.PNG



IDA10.PNG


IDA11.PNG


IDA12.PNG


IDA13v.PNG


(please note, i say 1 but i mean 01 :tongue:)
IDA13v2.PNG


IDA14.PNG


IDA15.PNG


IDA16.PNG


IDA17.PNG


IDA18.PNG



IDA19.PNG


IDA20.PNG


IDA21.PNG


save the file and transfer it back to your iDevice
once back in the PvZ app folder do this:

IDA22.PNG


IDA23.PNG
Useful information/FAQ
useful codes and hexes:
BX LR (skips entire function, useful for infinite ammo. i.e put bx lr at the start of a function like weapon::removeAmmo(int) )
2 byte code: 70 47
4 byte code: 1E FF 2F E1
NOP (cheat engine users may be familiar with this) skips the code it is placed on ( for example put a NOP instead of mov r0 #2 and it skips the mov r0 #2)

2 byte code: C0 46
4 byte code: 0000A0E1
Branches (branch to another part of the function or a different function)

B (normal branch)
2 byte: ends in E0
4 byte: ends in EA
BEQ (branch if equal, usually a CMP command above it and it branches if EQUAL)
4 byte: ends in 0A
BNE (branch if not equal, again usually a CMP command above)
4 byte: ends in 1A
BGT (branch if greater than, another CMP above it)
4 byte: ends in CA
BLT: (branch less than, CMP above)
4 byte: ends in BA
BL (branch link. branches to another function)
these are really hard to calculate as the hex is different each time. if you can calculate it though the pay-off is great. you can have rocket bullets, always have full health etc
FAQ:
Q: what if my binary only has an ARMv6 option?
A: use ARMv6, they still run on ARMv7 devices
Q: how do i know if my binary is 2 byte or 4 byte?
A: highlight any code and see if 2 bytes or 4 bytes are highlighted in Hex view in IDA
Q: my app crashes, what should I do?
A: you may not have signed properly, sign again and respring. or you may have edited a wrong function causing your app to be unstable
Q: are there any other methods to IDA hacking?
A: hell yeah, I only showed you basic IDA hacking today, there are way more advanced methods which i MAY make a tut for too at some point
Q: My binary's functions are all sub_xxxxx commands, what do I do now?
A: this is where the compiler throws out function names as they are not needed. in IDA press shift+f12 to open the strings window, search for gold or something here instead and double click on one and press ctrl+X to jump to the function (hard to explain in text but i will include this in my more advanced tutorial)

I hope you like this tut, if you did it never hurts to click like :wink:
If you ever need help hacking a game or want to download some cool hacks head over to iOSCheaters and we will help

If you are stuck on something and need help, post a comment and i will help you out :tongue:

-Kamizoom

(tell me if i missed something or there is a messup in the thread)
 
Last edited:
Josef Stalin

Josef Stalin

Retired
Retired
MotM Stickied
Messages
7,960
Reaction score
2,771
Points
1,015
Sin$
0
Thanks for this tutorial, I was looking for a tutorial like this :smile:
 
ILovePeace

ILovePeace

Newbie
Messages
2
Reaction score
2
Points
45
Sin$
7
Nice Tut Kami, is Hex editing all about:
1) Remember the values which you want to hack.
2) Save game
3) Extract the save file from Document.
4) Use Portable Hex Workshop 6 to open it.
5) Press Ctrl F and search for the Remembered Values.
6) Change the Remembered Values at int32.
7) Save it!!
8) Transfer the save file back to Document.
9) Play the game.

But not every Saved data can be edited, so you need IDA and Hex editing to hack the binary file.

PS: Do you know where to download a cracked IDA pro 6.2?
 
Razzile

kamizoom

‮☄I wonder what this does‮☄
Platinum Record Frame In Gold
Messages
199
Reaction score
87
Points
85
Sin$
0
Nice Tut Kami, is Hex editing all about:
1) Remember the values which you want to hack.
2) Save game
3) Extract the save file from Document.
4) Use Portable Hex Workshop 6 to open it.
5) Press Ctrl F and search for the Remembered Values.
6) Change the Remembered Values at int32.
7) Save it!!
8) Transfer the save file back to Document.
9) Play the game.

But not every Saved data can be edited, so you need IDA and Hex editing to hack the binary file.

hey, I know you lol. and yeah that is basically it :tongue:
 
ILovePeace

ILovePeace

Newbie
Messages
2
Reaction score
2
Points
45
Sin$
7
hey, I know you lol. and yeah that is basically it :tongue:

Hahahaha, yea it's me. Peace is BACK!!

I am currently getting IDA Pro 6.1, couldn't find IDA Pro 6.2. I hope there is a book call IDA for dummies :smile:
 
Fire30

Fire30

Seasoned Member
Messages
7,222
Reaction score
2,364
Points
635
Sin$
0
don't you also need to chmod the binary after editing it?

chmod 775 file
 
T

Tibbi64

Newbie
Messages
2
Reaction score
0
Points
35
Sin$
0
Anyone know if Jurassic Park can be hacked? I'm trying but no luck. Don't know much about coding but can follow/copy steps. :smile: If anyone could look at it for me that would be great. I just want bucks, not really coins. Thanks,
 
Josef Stalin

Josef Stalin

Retired
Retired
MotM Stickied
Messages
7,960
Reaction score
2,771
Points
1,015
Sin$
0
Anyone know if Jurassic Park can be hacked? I'm trying but no luck. Don't know much about coding but can follow/copy steps. :smile: If anyone could look at it for me that would be great. I just want bucks, not really coins. Thanks,
Use cydia tweak from xsellize called Iap cracker and press buy on the bucks for real money and it doesn't charge you.
 
B

Brumbledum

Newbie
Messages
1
Reaction score
0
Points
35
Sin$
0
Do I need to jailbreak my phone to be able to connect to it? If so can you recommend a good jailbreak app?
 
H

Henry Brewer

Newbie
Messages
7
Reaction score
1
Points
45
Sin$
-7
all games can be IDA hacked and usually the hacks you can make are awesome
25.jpg
 
Josef Stalin

Josef Stalin

Retired
Retired
MotM Stickied
Messages
7,960
Reaction score
2,771
Points
1,015
Sin$
0
Do I need to jailbreak my phone to be able to connect to it? If so can you recommend a good jailbreak app?
Yes you need to jailbreak. If you are on iOS 6-6.1.2 use evasi0n. If you are not, tell me you iOS version.
 
E

emerald123

Newbie
Messages
1
Reaction score
0
Points
35
Sin$
7
how to hack le vamp???

If possible someone please tell me how to hack ice age village 1.1.4?

I wanna learn hacking rather than paying for hacks...
 
diskreet

diskreet

Enthusiast
Messages
42
Reaction score
1
Points
55
Sin$
0
Can this method work on Horror Camp? or is there any hacks or mod for that game?
Thanks Kami for this tut. been looking for it.
 
Top Bottom
Login
Register