Mobile [TUT] How to hack iOS games and apps

was this Tutorial helpful?

  • hell yeah

    Votes: 53 69.7%
  • no, kami is a leecher

    Votes: 23 30.3%

  • Total voters
    76

Evan Orr

Newbie
Messages
1
Reaction score
0
If i want to hack a game, True skate, using IDA, and theres a function called Game::GetMissionRewardValue(int, int) How would i make it so the int values are always 999999
 

Jesse Lee

Newbie
Messages
1
Reaction score
0
Hello, would Kami be so kind as to point me in the right direction on hacking Guardian Cross? There are lots of 'basic' hacks like unlimited bullets, one-shot kills... but I'm seeking the elusive card ID manipulation. Even though it's supposed to be impossible after the latest updates, there are still people selling the newest cards as soon as they become available. I would like to get in on the fun (not for profit; no one in my area buys these things) but have run into deadends thus far. Thanks!
 

zaki

Enthusiast
Messages
138
Reaction score
13
Could anyone msg if they have a follow me Hack im am trying to hack it butt i need abit of help
 
Messages
1
Reaction score
0
What if I was to hack dragon city? Can it be hacked? But if I am connected with a Facebook account I can still hack it right? Sorry I signed up because this became more interested to me!
 

ANKIT LUNIA

Newbie
Messages
1
Reaction score
0
you guys asked for it so here it is.

I have spent the last 2-4 days working on this tut so I hope you like it


There are 3 main methods for hacking iOS games. Plist editing, Hex editing and IDA (there is also GDB but it currently does not work for iOS 4.3.3+)

Plist TuT(easy):
Plist editing is editing apple Property list files which can be used to store your Data, i.e your gold or health. (Note Plist editing only works for certain games, not all of them)
Requirements:

-iFileOR
-Plist editor for windows
-winSCP


(sorry about my bad pictures :tongue: )
Step 1 open up iFile


Step 2:















(Please note, you can use either view but text view I think is easier)





(please note my scores are 0 because i had not played the game then, it will show your scores in the boxes)
Now just edit your score and save

Hex editing(easy-med):

Hex edit your save files for lots of gold or health etc

Recuirements
winSCP or i-funbox or simalar
(most of you already know how to hex edit :biggrin: )


your save files are located in /var/mobile/applications/**your app folder**/Documents
I will show you how to transfer the files only, i am not teaching people to hex edit. if enough people want me to teach you all i will.
in cydia install openSSH and respring.
download winSCP
here

















this is an example of fruit ninja folders.

just transfer the file anto your PC and edit in a hex editor. (like I said i am not making a tut for that unless enough people ask for one)


IDA Method(med-extra hard):
IDA hacking is by far the hardest of the 3 but also the best. all games can be IDA hacked and usually the hacks you can make are awesome
TUT
Requirements:
-IDA pro 6.1+ i recommend 6.4 (the demo works fine but you may also get a cracked one)
-winSCP or similar
-logical thinking
-Ldone (from the repo cydia.hackulo.us) EDIT: If you are on iOS6 this is no longer needed


transfer the game you want to hacks binary, it is located in the yourApp.app folder and has no extention (i.e the file BloonsTD4 would be the bloonsTD4 binary)
(in this tut we are hacking PvZ 1.9.1)





Open IDA (idaq.exe not idau.exe if you have that)





























(please note, i say 1 but i mean 01 :tongue:)



















save the file and transfer it back to your iDevice
once back in the PvZ app folder do this:



Useful information/FAQ
useful codes and hexes:
BX LR (skips entire function, useful for infinite ammo. i.e put bx lr at the start of a function like weapon::removeAmmo(int) )
2 byte code: 70 47
4 byte code: 1E FF 2F E1
NOP (cheat engine users may be familiar with this) skips the code it is placed on ( for example put a NOP instead of mov r0 #2 and it skips the mov r0 #2)

2 byte code: C0 46
4 byte code: 0000A0E1
Branches (branch to another part of the function or a different function)

B (normal branch)
2 byte: ends in E0
4 byte: ends in EA
BEQ (branch if equal, usually a CMP command above it and it branches if EQUAL)
4 byte: ends in 0A
BNE (branch if not equal, again usually a CMP command above)
4 byte: ends in 1A
BGT (branch if greater than, another CMP above it)
4 byte: ends in CA
BLT: (branch less than, CMP above)
4 byte: ends in BA
BL (branch link. branches to another function)
these are really hard to calculate as the hex is different each time. if you can calculate it though the pay-off is great. you can have rocket bullets, always have full health etc
FAQ:
Q: what if my binary only has an ARMv6 option?
A: use ARMv6, they still run on ARMv7 devices
Q: how do i know if my binary is 2 byte or 4 byte?
A: highlight any code and see if 2 bytes or 4 bytes are highlighted in Hex view in IDA
Q: my app crashes, what should I do?
A: you may not have signed properly, sign again and respring. or you may have edited a wrong function causing your app to be unstable
Q: are there any other methods to IDA hacking?
A: hell yeah, I only showed you basic IDA hacking today, there are way more advanced methods which i MAY make a tut for too at some point
Q: My binary's functions are all sub_xxxxx commands, what do I do now?
A: this is where the compiler throws out function names as they are not needed. in IDA press shift+f12 to open the strings window, search for gold or something here instead and double click on one and press ctrl+X to jump to the function (hard to explain in text but i will include this in my more advanced tutorial)

I hope you like this tut, if you did it never hurts to click like :wink:
If you ever need help hacking a game or want to download some cool hacks head over to iOSCheaters and we will help

If you are stuck on something and need help, post a comment and i will help you out :tongue:

-Kamizoom

(tell me if i missed something or there is a messup in the thread)
 
HEY RAZZILE CAN U PLS HACK STAR CHEF BY 99 GAMES
 

Kakashi

OG
Messages
6,045
Reaction score
3,088
I would recommend downloading FLEX 2 instead. It has a lot of patches for games that will hack them for you.
 

mad_matty247

Enthusiast
Messages
136
Reaction score
31
hey awesome tut thanks very much I get this any ideas ?
Can not set debug privilege: Not all privileges or groups referenced are assigned to the caller.
Can not set debug privilege: Not all privileges or groups referenced are assigned to the caller.
Propagating type information...
 

MarhalBlack

Newbie
Messages
1
Reaction score
0
you guys asked for it so here it is.

I have spent the last 2-4 days working on this tut so I hope you like it


There are 3 main methods for hacking iOS games. Plist editing, Hex editing and IDA (there is also GDB but it currently does not work for iOS 4.3.3+)

Plist TuT(easy):
Plist editing is editing apple Property list files which can be used to store your Data, i.e your gold or health. (Note Plist editing only works for certain games, not all of them)
Requirements:

-iFileOR
-Plist editor for windows
-winSCP


(sorry about my bad pictures :tongue: )
Step 1 open up iFile


Step 2:















(Please note, you can use either view but text view I think is easier)





(please note my scores are 0 because i had not played the game then, it will show your scores in the boxes)
Now just edit your score and save

Hex editing(easy-med):

Hex edit your save files for lots of gold or health etc

Recuirements
winSCP or i-funbox or simalar
(most of you already know how to hex edit :biggrin: )


your save files are located in /var/mobile/applications/**your app folder**/Documents
I will show you how to transfer the files only, i am not teaching people to hex edit. if enough people want me to teach you all i will.
in cydia install openSSH and respring.
download winSCP
here

















this is an example of fruit ninja folders.

just transfer the file anto your PC and edit in a hex editor. (like I said i am not making a tut for that unless enough people ask for one)


IDA Method(med-extra hard):
IDA hacking is by far the hardest of the 3 but also the best. all games can be IDA hacked and usually the hacks you can make are awesome
TUT
Requirements:
-IDA pro 6.1+ i recommend 6.4 (the demo works fine but you may also get a cracked one)
-winSCP or similar
-logical thinking
-Ldone (from the repo cydia.hackulo.us) EDIT: If you are on iOS6 this is no longer needed


transfer the game you want to hacks binary, it is located in the yourApp.app folder and has no extention (i.e the file BloonsTD4 would be the bloonsTD4 binary)
(in this tut we are hacking PvZ 1.9.1)





Open IDA (idaq.exe not idau.exe if you have that)





























(please note, i say 1 but i mean 01 :tongue:)



















save the file and transfer it back to your iDevice
once back in the PvZ app folder do this:



Useful information/FAQ
useful codes and hexes:
BX LR (skips entire function, useful for infinite ammo. i.e put bx lr at the start of a function like weapon::removeAmmo(int) )
2 byte code: 70 47
4 byte code: 1E FF 2F E1
NOP (cheat engine users may be familiar with this) skips the code it is placed on ( for example put a NOP instead of mov r0 #2 and it skips the mov r0 #2)

2 byte code: C0 46
4 byte code: 0000A0E1
Branches (branch to another part of the function or a different function)

B (normal branch)
2 byte: ends in E0
4 byte: ends in EA
BEQ (branch if equal, usually a CMP command above it and it branches if EQUAL)
4 byte: ends in 0A
BNE (branch if not equal, again usually a CMP command above)
4 byte: ends in 1A
BGT (branch if greater than, another CMP above it)
4 byte: ends in CA
BLT: (branch less than, CMP above)
4 byte: ends in BA
BL (branch link. branches to another function)
these are really hard to calculate as the hex is different each time. if you can calculate it though the pay-off is great. you can have rocket bullets, always have full health etc
FAQ:
Q: what if my binary only has an ARMv6 option?
A: use ARMv6, they still run on ARMv7 devices
Q: how do i know if my binary is 2 byte or 4 byte?
A: highlight any code and see if 2 bytes or 4 bytes are highlighted in Hex view in IDA
Q: my app crashes, what should I do?
A: you may not have signed properly, sign again and respring. or you may have edited a wrong function causing your app to be unstable
Q: are there any other methods to IDA hacking?
A: hell yeah, I only showed you basic IDA hacking today, there are way more advanced methods which i MAY make a tut for too at some point
Q: My binary's functions are all sub_xxxxx commands, what do I do now?
A: this is where the compiler throws out function names as they are not needed. in IDA press shift+f12 to open the strings window, search for gold or something here instead and double click on one and press ctrl+X to jump to the function (hard to explain in text but i will include this in my more advanced tutorial)

I hope you like this tut, if you did it never hurts to click like :wink:
If you ever need help hacking a game or want to download some cool hacks head over to iOSCheaters and we will help

If you are stuck on something and need help, post a comment and i will help you out :tongue:

-Kamizoom

(tell me if i missed something or there is a messup in the thread)

Kamizoom, Wondering if there is a hack for Empire Z or Star Wars Commander? I use IOS 8.1 and can't find any hacks anywhere
 
Messages
12
Reaction score
3
Hello everyone, i joined today but i have been reading posts for days now i joined because i wanna learn a trick or two for the only game im playing - pokemini by cocone, i know a little about plist editing, but i am hoping to learn more and im seriously hoping, someone will help me out i wanna know if theres a possible way of editing my currency amount on the game (donuts is our currency on pokemini)...
 

Smokesick

Newbie
Messages
2
Reaction score
1
Requesting some information regarding an annoying issue I am presented with when using ldone.

ldone(942,0x375f09dc) malloc: *** mach_vm_map(size=1485127680) failed (error code=3)
*** error: can't allocate region
*** set a breakpoint in malloc_error_break to debug
-sh: line 15: 942 Segmentation fault: 11 ldone "<hidden app name>" -s

This issue persists NOT ONLY on my phone, but my friend's as well. I am running on 8.1.2 and have absolutely everything set up, but even if I decide to sign a legitimate file, I still get the error. Seemingly, it means, as far as I am concerned, that there is not enough memory to do this or something. I cannot sign the file and cannot open the app consecutively. Can anyone help me out? There is so little information about ldone and this kind of cracking and I am not in the mood to setup whole new IDEs, working with xCode and shizzles and crazzles.

Thanks in advance, if someone has come to this forum by accident and read my post :biggrin:
 

HariK06

Newbie
Messages
8
Reaction score
5
Hi there! Where is the fun and entertainment if you will only think about hacking all the games that you try out? I really do not understand this type of mentality to be frank! These guys invested time and money to develop the games or apps and publish them and fools like you are out there spoiling it all! You should be ashamed!
 

Smokesick

Newbie
Messages
2
Reaction score
1
Hi there! Where is the fun and entertainment if you will only think about hacking all the games that you try out? I really do not understand this type of mentality to be frank! These guys invested time and money to develop the games or apps and publish them and fools like you are out there spoiling it all! You should be ashamed!
Well while I do consider your answer rather troll-like and pointless to interact with, I just want to comment on your thesis from my perspective as I currently have plenty of free time. Not everyone is like this, and what is the better way to learn individual things by examining pieces close-up? Sure it's got copyright and all that stuff, but what do you know, with this knowledge things could snowball and tomorrow a revolution might happen! The point is not to shizzle on someone else's work, but to examine, for one's personal improvement. Artists copy styles before they develop theirs.
 
Messages
2
Reaction score
0
ive been looking for the binary for the app in which id like to mod, but i have no application file under my /var/mobile directory. has the location for the binary files been moved?
 

Pie

hotdog
Retired
Messages
7,803
Reaction score
4,381
Le bump for new jailbreakers looking to get into iOS modding.
 
Top Bottom