Jump to content

Welcome, Guest!

Sign In or Create my Account to gain full access to our forums. By registering with us, you'll be able to discuss, share and private message with other members of our community.

Admin

Administrators
  • Content Count

    458
  • Joined

  • Last visited

  • Days Won

    436

Admin last won the day on October 13 2020

Admin had the most liked content!

About Admin

  • Rank
    Cloudzz

Profile Information

  • Gender
    Male
  • Device
    iPhone 6S

Recent Profile Visitors

46,778 profile views
  1. What is theos? A cross-platform suite of tools for building and deploying software for iOS and other platforms. (wiki) What can I do with it? You ever thought about how developers create cydia tweaks/apps? They do so using theos. If you want to get into developing for iOS and learn more on how apps/tweaks work, you can start off by using theos on your jailbroken iDevice. It is also possible to install it on Mac and Windows and Linux based OS, but this tutorial only covers iOS. Guide: [hide] https://www.iosmods.com/downloads/theos.pdf [/hide]
  2. Recently, it appears Apple seems to have patched the current version of Cydia Impactor not allowing users to side-load apps anymore. Security researcher Umang Raghuvanshi has released a patch which bypasses this error, allowing users to side-load their favorite apps again. You can download the patched versions here: Windows: https://www.iosmods.com/downloads/impactor0944_PATCHED.zip Linux: https://www.iosmods.com/downloads/impactor0944_PATHCED_LINUX.zip Credits: @umanghere
  3. These are not all the features, only 3. They are: ammo, grenades and points. Here is the Tweak.xm: /* Copyright NitroxicDemon */ /*************************************/ /**Usage: writeData(0xADDR, 0xDATA);**/ /*************************************/ #include "writeData.h" %ctor { double delayInSeconds = 5.0; dispatch_time_t popTime = dispatch_time(DISPATCH_TIME_NOW, (int64_t)(delayInSeconds * NSEC_PER_SEC)); dispatch_after(popTime, dispatch_get_main_queue(), ^(void){ writeData(0x234846, 0xC046C046); //<<<<<<<< might be ammo or nades writeData(0x23AE4E, 0xC046C046); // Either ammo or nades I forgot writeData(0x20F0A4, 0x47614761); //Points }); } %hook s3eAppDelegate -(void)applicationDidBecomeActive:(id)arg { UIAlertView *credits = [[UIAlertView alloc] initWithTitle:@"COD:BOZ Hack" message:@"Hacked by NitroxicDemon for iOSMods.com!" delegate:self cancelButtonTitle:@"Thanks!" otherButtonTitles:@"Visit Us", nil]; [credits show]; [credits release]; return %orig; } %new -(void)alertView:(UIAlertView *)alertView clickedButtonAtIndex:(NSInteger)buttonIndex { NSString *button = [alertView buttonTitleAtIndex:buttonIndex]; if([button isEqualToString:@"Visit Us"]) { [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"http://www.iOSMods.com/"]]; } } %end
  4. This code will allow you to bypass anti debug protection on apps that have debugging protection. This was not made by me, I found it somewhere in my old files. Here is the Tweak.xm: [hide] #import <substrate.h> #if !defined(PT_DENY_ATTACH) #define PT_DENY_ATTACH 31 #endif //declare orig of ptrace static int (*_ptraceHook)(int request, pid_t pid, caddr_t addr, int data); //implementation of the hook static int $ptraceHook(int request, pid_t pid, caddr_t addr, int data) { if (request == PT_DENY_ATTACH) { //check if the request is PT_DENY_ATTACH request = -1; //invalidate if it is PT_DENY_ATTACH } return _ptraceHook(request,pid,addr,data); //call orig } %ctor { MSHookFunction((void *)MSFindSymbol(NULL,"_ptrace"), (void *)$ptraceHook, (void **)&_ptraceHook); }
  5. In this tutorial, we will accomplish radar hacks for the game Forward Assault [hide] https://www.youtube.com/watch?v=0oR-dGlSC_I [/hide]
  6. In this tutorial, I will just give a brief overview of some ARM64 You need to know ARMv7 first so this will be easier to understand. Let's Get Started [hide] So basically, instructions are the same, ARM64 has LDR, MOV, STR, etc., same from ARMv7. You will notice ARM64 has different registers, instead of R0, for example, ARM64 uses X0, OR W0. You can hack it the same way as you would ARMv7. Example: This is ammo in the game Forward Assault. The highlighted instruction is what I hacked, SUB W8, W8, #1 Subtract 1 from W8 and put the value back into W8, simply NOP it. OR You can hack the STR underneath it and instead of storing W8, change it to W20 or W29. It will result in making your ammo a very high number. why? Because you silly goose, W20/W29 is the equivalent of R7. OR you can use X20/X29 if the function has X But wait, are the W20/W29 both the same Father Nitro? Well, I'm glad you asked, I was just about to get to that you eager mcbeaver. You see here, the 20 has a high value, but 29 has a even more higher value. Sometimes 29 can make it go too high it can go negative, so use 20 instead. BOOLS Now let's talk about Booleans in ARM64. In ARMv7, to make something return TRUE or FALSE, we simply change it to MOV R0, #1 OR MOV R0, #0 ARM64 is no different, it's just X instead. MOV X0, #0 or MOV X0, #1 Example: Here is an example function. In case you didn't know, it's a BOOL since this function loads a byte, which have 0 or 1 value. So as you can see, this function gets my sexiness. Obviously, to hack it you will change it to MOV X0, #1 making it true, which it is.. This can NEVER be false :kappa: FLOATS So floats in ARM64 are similar in ARMv7, using FMOV instead of VMOV. So just hack the instruction the same way as you would in ARMv7. Example: You can change that FMOv S2, #0.5 to FMOV S2, #31.0. Now it's time to discuss something else. As you make know in ARM7, sometimes we want to hack the beginning of a function and make it return a float value. so we would do: VMOV S0, #31.0 VMOV R0, S0 BX LR So father Nitro, is it the same in ARM64? I know what you're thinking, you're thinking in ARM64 the equivalent would be: FMOV S0, #31.0 FMOV X0, S0 RET WRONG! Do that and watch the game crash. In arm64 the second instruction isn't needed. FMOV S0, #31.0 FMOV X0, S0 RET SO just replace the first 2 lines of the function with FMOV S0, #31.0 then RET that bad boy. Now let me get into another example why ARM64 is bae. Example: This function is from Critical Ops, which gets the bounciness from the grenade. As you will see, it's a LDR, you can hack it and change it from LDR to FMOV. Yes, in ARM64 you can hack LDR functions to FMOV's. So to hack the function, you can replace the LDR S0, [X0,#0xA0] with a FMOV S0, #31.0 This function made my grenades super bouncy, it was funny to troll in public matches. The grenades bounced like crazy! In ARMv7 I found the same function, it was a LDR followed by a BX LR (RET). So to hack it, I tried many things, MOV R0, R7 and such but every time I threw a grenade it crashed. A VMOV S0, #31.0 VMOV R0, S0 BX LR wouldn't work since there isn't enough space. Unless you wanted to write your own code to the unused part of the binary and make the function branch there, which I'm not entirely sure would have worked since I never tried. So I just hacked it in ARM64 instead [/hide]
  7. Check tools section ;) Are you on pc or mac
  8. You download the game from the App Store then crack the game using Clutch or rasticrac
  9. This is HIS topic, he is the one who made it.
  10. This tutorial will will show you how you can get a Cydia alternative on your jailbroken iDevice, works on iOS 9.3.1 Getting Started: [hide] How to Install Mojo on iOS Without Jailbreak: Step 1: First and foremost, you’re going to need to head on over to mojoapp.xyz in Safari on your iOS device. Step 2: That will take you to a dedicated Mojo Installer page. The page itself contains a lot of information about the package, as well as a button in the middle to install Mojo directly onto the iOS device. Tap on the button. Step 3: The Mojo Installer will then take you to a new page with some information on it about building a custom profile. Read the information under the “What does this do?” header to familiarize yourself with the process before tapping on the Build Custom Profile button. Step 4: Your device will then switch from the browser to the native Settings app and take you to a page with the title Install Profile. Tap Install in the top-right corner to proceed. Step 5: If your device has a passcode activated, then you will need to enter that into the device to proceed. Step 6: After entering the passcode, tap on the Install button that is shown in the resulting action sheet pop-up. Step 7: The Settings app will then hand control back over to the browser, where you can tap theInstall Mojo button below to proceed. Step 8: Select Install in the resulting pop-up to confirm the installation. This will then hand control back over to the Settings app with yet another Install Profile page. This time around, the profile willnot be signed and will show in red. Step 9: Select Install and enter the device passcode if necessary. Step 10: Select Next from the top-right corner. If a page titled Warning appears to show information about an unsigned profile, tap Install once again to continue. Step 11: And yet again, select Install from the action sheet before hitting Done in the top-right corner. Mojo should then be installed on the device and will be available from the Home screen. Once the above process has been followed through, you should have Mojo successfully installed on the device. Launch the app and start adding repos followed by installing any apps you like. Some of these apps might add certificates of their own. You will have to go into Settings > General > Profile and Trust each of these individually to be able to launch the apps. Tutorial Credits: RedmondPie.com [/hide]
×
×
  • Create New...