18. oktober 2017

IDA Pro 7.0 leaked version



Get it here:


Or here:


It's leaked by someone, not me.
I'm not responsible for this

17. oktober 2017

APK Easy Tool 1.40 coming soon!

APK Easy Tool 1.40 is coming within 1-2 weeks with more awesome features, UI improvement and bug fixes. CMD argument are completely re-witten from scratch to get rid of 0 kb APK size issue when signing APK file


12. oktober 2017

Fake connectivity problems discovered

Found by CSR2 modding community FB group... long time ago
Used to troll cheaters when they using modded savedata
Tsk tsk. Don't do that game devs

3. oktober 2017

How to crack any XOR'ed file using XOR Cracker online tool


Today, I'm going to show you how to crack XOR file using an online tool and to show you that XOR is not a good protection. This tutorial is also useful for malware/security researcher

It's very easy to find out if file is XOR'ed or not. Just open the file in hex editor and you can see the same bytes is filled. In my example, the .dll file was filled with FF


and other example found from the internet is the file is filled with EC E6 DC 7F DC E7 DF E0


Visit https://wiremask.eu/tools/xor-cracker/ and drop the file. The online tool will crack the XOR'ed file for you. Download decrypted file that matches the XOR bytes. In my example, it's FF


Open the download file with hex editor again. Congrats you cracked the XOR'ed file

Credits:
iAndroHacker (tutorial)

Wiremask (online tool)

29. september 2017

Python reverse bytes of file

Developers like to troll us by reversing whole bytes of DLL file so we have a python code to reverse back to original. Thanks to hokage242 for his simple code

open('name_of_your_file.dll','wb').write(open('name_of_your_file.dll','rb').read()[::-1])

Download Python: https://www.python.org/

Create a .py file and add this code, edit, save and execute. Done.

Before:



After:

How to make mod menu for Unity Games using PMT Menu Maker

[​IMG]

PMT Menu maker is an easy-to-use library that does all the necessary calculations and coding for the modder, without requiring C# or Unity knowledge.

Visit PlatinMods for more infomation

If you want to learn the basics, please read Unity scripting guide: https://docs.unity3d.com/ScriptReference/GUI.html

My version of tutorial how to make mod menu from scratch is coming soon

How to dump DLL and other files using GameGuardian (root only) (Android 2.3.3-8.0)

You can dump memory using GameGuardian to extract encrypted file using get_dll_from_bin tool or Winhex. GameGuardian works on ARM, x64 and x86 devices, including x86 emulators (BlueStacks, Droid4X, Koplayer, Andy, Nox, Memu, Leapdroid, AMIDuOS, Windroye, RemixOS, PhoenixOS, AVD, Genymotion etc.)

Requirements:
- Rooted device or emulator.
- Minimum system requirements for Android device: 1 GB RAM, 2 cores CPU. If you have a low-end device, your device may freeze during dumping.
- Available free space of Internal storage or Sdcard: 2+ GB
- Requires Android 2.3.3+ (Gingerbread) and up to 8.0 (Oreo)

Instructions:
Download GameGuardian ap and install it on device or emulator
Download get_dll_from_bin.exe and use it later

Install GameGuardian APK on device or emulator. It's very easy

If you are using emulator that supports shared folder and allows you to changed path of shared folder, please change it.

Example in Memu, I changed music path to D:\Shared that I will use it later

 

Some emulators do not allow you to change the path. I know 2 emulators that uses hardcoded path:
Bluestacks: /sdcard/windows/BstSharedFolder
Nox: /mnt/shared

For others, find it yourself

Launch GG and press Start to launch GG floating icon.

launch the game

Open GG and select process of the game

Click on hamburger menu icon () and click on white folder with down arrow


Change path to shared folder (if supported) and click save. This will allow GG to dump files to your computer directly.



On your computer, navigate to the directory where you have dumped the memory and start recover files using Winhex or other programs


If you are recovering DLL files, copy get_dll_from_bin.exe to dumped folder and double click to start recovering DLL files.


Find the Assembly-Csharp.dll file yourself using .Net Reflector or dnSpy and move  Assembly-Csharp.dll to extracted Managed folder from the game to avoid the save error.

Can't find the Assembly-Csharp.dll file or got PE header error? Download modified get_dll_from_bin.exe and try again and recover PE header by yourself. Don't feed to leechers if you know how to fix it. Nobody likes leeching!


Please do not contact me about DLL dump failure. I don't want to hear more about "Can't dump Assembly-Csharp.dll blah blah blah". It's our secret.

Credits:
iAndroHacker (Tutorial)
Enyby (Deeloper of GameGuardian)

25. september 2017

Critical Ops hacks is back

Critical Ops hacks is back again.

I'll just show you that il2cpp does not protect your game. any developers who think il2cpp protects your game are titally dumb

I don't own this video.



"First Pass of a NEW HACK SYSTEM. More hackers for YOU"

20. september 2017

[iOS] How to dump Il2Cpp-based Unity Games to find functions + offsets to hack (Experimental)

As requested, here is the tutorial how to dump il2cpp of iOS Unity games. With Il2CppDumper, it will be much easier to find useful functions and offsets to hack. No need to waste your time debugging the game.

Requirements:
- ARM/ASM knowledge
- IDA hacking experience
- IDA Pro. Download link
- 64-bit based computer is required if you work with 64-bit hacking
- Notepad++. Download link
- Il2CppDumper (Windows). Download link
- Clutch or Rasticrac for jailbroken devices or visit appvn.com to download latest cracked free games
- Winrar or 7-zip to open .ipa file

Instructions:
Download Il2CppDumper released version by Perfare and extract the program

To open .ipa file, simply rename file extension to .zip and open it
If you are using 7-zip, right click -> 7-zip -> Open Archive to open .ipa file directly


Navigate to \Payload\<app or game name>.app\ and extract the big binary file that doesn't have file extension
Navigate to \Payload\iosfps.app\Data\Managed\Metadata\ and extract global-metadata.dat

launch Il2CppDumper.exe. It will open the dialog twice to select file. For ELF file or Mach-O file, select the binary file. For global-metadata.dat, select global-metadata.dat

It will ask you to select platform, 32-bit or 64-bit.

32-bit:
Press 1 for 32-bit and press 2 for auto. Please use Auto mode to get the program to find offsets and dump code for you because looking for 2 required pointers (CodeRegistration and MetadataRegistration) in IDA Pro to dump is too complicated and Unity already stripped all names of functions which means it will be harder to find,
As you used auto mode, the program will tell the pointers, but you do not need to know it if you have no idea what it is.

Skip 64-bit steps if you are working with 32-bit

64-bit:
Auto mode does not work on 64-bit binary yet. Here is dev's response
"I have to say, these same questions will make me feel that adding auto feature is a bad decision"

We have to find 2 required offsets (CodeRegistration and MetadataRegistration) in IDA to dump. Open IDA Pro 64-bit (idaq64.exe), and disassemble the binary in 64-bit. Search function name InitFunc_1.

Above InitFunc_1, there is sub function that contains 2 pointers we need.

sub_100C46D8C                           ; DATA XREF: InitFunc_1+8o
                 ADRP            X0, #unk_101D48FE8@PAGE
                 ADD             X0, X0, #unk_101D48FE8@PAGEOFF
                 ADRP            X1, #dword_101D948C8@PAGE


In Il2CppDumper, Press 2 for 64-bit and Press 1 for manual. Input your pointers:
Input CodeRegistration(X0): your first pointer

Input MetadataRegistration(X1): your second pointer

The dump.cs file should be created at the location where Il2CppDumper.exe is located

Open dump.cs with Notepad++ by right click and select Edit with Notepad++
Inside dump.cs, you'll see C# codes. Method bodies are not dumped but it's a very simple code that tells you function names and offsets to mod.

To search, click Search -> Find...
To find all keyword, click on Find All in Current Document

lnwqXUy.png

If you never seen C# code before, I'll explain a bit what the codes mean. I'm bad at explaining what these code means but I hope it goes well

This comment you see on top is just a list .dll files that are been converted into il2cpp
// Image 0: mscorlib.dll - 0
// Image 1: System.Security.dll - xxxx
// Image xx: Assembly-CSharp.dll - xxxx

The Assembly-CSharp.dll (Android users know this) is a game logic thing and it is what we looking for. The full code of "Assembly-CSharp.dll" thingy is always located somewhere at the bottom of the dumped file

This class body is like a group to make programmers easier to find codes. For example PlayerAntiHack class contains anti-hack code related.
// Namespace:
public class PlayerScript : MonoBehaviour // TypeDefIndex: 4303
{
}

In IDA you'll probarly see function names like
Player::Get_Gold…
Player::Get_Cash…
Player::Isbanned…
….

I'll bring this better details for you:
A class is a construct that enables you to create your own custom types by grouping together variables of other types, methods and events. A class is like a blueprint. It defines the data and behavior of a type. ... Unlike structs, classes support inheritance, a fundamental characteristic of object-oriented programming.

In the class, you'll see something like this:
// Fields
private int primaryWeaponIndex; // 0x10
private float minSpread; // 0x820
private float spread; // 0x824
private float visualSpread; // 0x828
….

Fields is not what we looking for so let's look into Methods.

// Methods
private int findNextAvailableWeapon(int currentWeaponIndex); // 1e704c
private bool IsLookingAtPlayer(PlayerScript player); // 1f3894
public bool HasBeenVisible(); // 1f2fa0
….
public int get_Gold_Example(); // 1a2b3c
public float float_example(); // 1a2b3d
….

This is what we looking for. These simple codes explains the name of the methods/functions, what type and the REAL IDA OFFSETS are written in the green commenented text.

public, private, protected etc, are access modifier. It's not important to know

static is a static modified to declare a static member. It's not important to know


int, float, double, boolean etc are data type.

If you look up the offset in IDA, you will see a sub_xxxxxx

vePK7YP.png

Write down all useful functions + offsets you found inside the dumped .cs file and start writing your code injection.

Note: It is suggested that you disassemble the binary file and look up the offsets to see if there are enough spaces to replace the instructions to hack.

That's all. Good luck hacking iOS games!

Credits:
iAndroHacker (this tutorial)

Perfare (Il2CppDumper https://github.com/Perfare/Il2CppDumper)

If you have any issues with Il2Cpp, please report the issue at: https://github.com/Perfare/Il2CppDumper/issues/


Thank you!

18. september 2017

Why Winhex and other programs can't find Assembly-csharp.dll from dumped file?

I have recieved some email about Winhex fail to dump Assembly-csharp.dll from dumped file and I would like to explain a bit why. Reasons why Winhex can't find Assembly-csharp.dll from dumped game:
- DLL file is XORed
- File corruption trick.

About File corruption trick, it was chinese mobile researcher's idea to use corruption trick to hide file from being dumped by Winhex. I have seen a PDF file about corrupt hex file using something.

I know how developers used file corruption trick, but to respect modders who like to stop peoples from spending money, respect cheaters who don't have money to spend anything in-game and not being kicked out from my secret team, I CANNOT tell how it was done. Leechers and devs could take this as an advange! However, I have some hints:
- Manually dump
- Fix it yourself
- Don't feed to leechers.

Please do not email me about this.

Thanks for understanding.

13. september 2017

IDA Pro hacking tutorial collections for iOS and Android

Here are all the collections of IDA Hacking tutorials.
Some websites may require registration to view the content

Forums
iOSGods
How To Hack Using IDA by EvillyG00d

IDA HACKING TUTORIAL! #1 by ZahirSher

IDA Hacking Tutorial #2 by ZahirSher

IDA Hacking Tutorial #3 by ZahirSher

[IDA Tutorial]How to deal with/hack vectors by shmoo

How to Hack with Strings by shmoo

How to Hack Vectors by shmoo

How to Disable Anti-Debugging Protection by shmoo

How to Disable Memory Checks by shmoo

How to Hack Floats (ARM64) by shmoo

How to know what to change in IDA in order to make your hack work by shmoo

Sbenny
How To Hack Using IDA by Infamous

How to know what to change in IDA in order to make your hack work by shmoo

[IDA] Android Hacking and Modding by hackjack

Libre.io
Simple App Hacking with IDA - Part 1, 2, 3 by Riu

Tutorial for IDA (moderate level only) by avogadro

IDA String hacking the GameLoft edition by Mila432

IDA String hacking the GameLoft edition #2 by Mila432

[IDA] Game Hacking Tutorial by hackjack

IDA Cheat Sheet by Riu

How To Hack Using IDA by avogadro

GameGuardian
A beginner's guide to brave frontier modding with IDA Pro [PIC] by xXL3g3ndXx


iAndroHacker
IDA Pro x86 lib hacking: Returning false/true

Fake bug - Enable events for cheaters in Kim Kardashian

Youtube videos
IOS Hacking Tutorial by AliKr96

Android Hacking Tutorials by AliKr96

Simple Android Game App Hacking with IDA Part 1, 2, 3 Tutorials United Reverse Engineering Tea by Ninute

How to Mod Android Games in IDA [Doodle Army 2] by Joseph Colbert

String Hacking Tutorial Part II by TheRealProHex






GTA V Glitches 1.41 (September 2017)

Thumbnail by Two Bucks

It's very long time ago I looked into 'funny' GTA V glitch videos. Today I want to look back at glitch videos again and I already found many many many many many many videos related to latest glitches of GTA V.

by PacPacBoy

by PacPacBoy

by Skull HD

by LaazrGaming

by LaazrGaming

by LaazrGaming


And there are more videos to watch. I'm sure there are over 300.000 GTA V glitch videos on Youtube.

I'll update this article when I found more videos, this month.

Good luck trying the latest glitches on GTA V!

12. september 2017

APK Easy Tool v1.39 for Windows (GUI tool, user friendly)



IMPORTANT:
Why this tool was been flagged as a virus by some anti-virus?
Because it thinks my obfuscated tool is a part of malware clones but it's a FALSE POSITIVE!!!!!! I obfuscated my tool to protect my code and i want to keep it closed source, since it's an exclusive tool on the internet. They could steal my work and credit to them self if i open sourced my code. Many many many thanks to stupid computer crimes who created malwares and obfuscated them to get anti-virus to detect any obfuscated programs.

Please add this tool in your whitelist and please DO NOT use Iobit malware fighter 5. It blocks everything and corrupt your files.

I don't make malware. I don't have C&C server. I don't collect any data. My tool does NOT have administrative privileges and it can't make any harm to your computer.

Virustotal: 
https://www.virustotal.com/#/file/5c...80a3/detection

CrowdStrike Falcon: malicious_confidence_60% (D)
Symantec: ML.Attribute.HighConfidence
SentinelOne: static engine - malicious


Requirements:
Windows vista or newer (This tool will not work for Windows XP)
.NET Framework 4.5.2 or newer
Java SE/JDK is required for decompile, compile, and sign APK. If you don't have Java installed, you can only use Zipalign or Install APK. Download and install Java SE/JDK now

Features:
Quick help
Full environment path support
Adb process kill
Apktool.jar version selections
Decompile APK
Compile APK
Sign APK after compile
Sign seletected APK (It will clone the selected APK, and sign it)
Sign compiled APK (If you forgot to sign your compiled APK, you can sign it)
SignAPK (signapk.jar v1.0)
Remember path when closed (config will reset if EXE file was moved to somewere else)
Framework installer (uses apktool.jar's commands)
Logs tab
Drag and drop file support
Full options of decompile and compile
Cancel button in waiting dialog box
Clear logs when exit
Allow path changes in textbox
Java heap option. Default 512m
ZipAlign
Options to rename the apk file
Options to select apktool version.
Tooltips
Enable/Disable check for updates
Enable/Disable tips and ToolTips
and more...

How to use:
1. Download the EXE file, place it somewhere, and open it (If you open it, the resources required for this tool, will be extracted to your personal documents)
2. Set the decompile and compile directory
3. Select the APK file you want to work with
4. Decompile the APK file, and do some work
5. Re-compile APK and Sign, or whatever, when you are done.


You do not need to select APK and set the directory if you do drag and drop actions.

Framework are for ROM developers and System App modder only

It works the same way as you did in the command lines :)
(For chinese peoples who can't access Google and other websites)

Older versions

Credits:
iAndroHacker (Creator of this tool)
ibotpeaches (Creator of apktool.jar)
Android SignAPK (Creator of signapk.jar)


Changelogs:
1.39 (2017-09-10)
Added more tooltips for detailed explanations
Added Quick Help tab
Quickly added apktool version file check on main page
Fixed 0 kb .apk signing bug
Removed update.exe. It was not necessary
Some UI improvements
Some text fixes

More changelogs: