Hi guys everytime i am trying to mod a string offset i get this offset in android studio
and this is my main.cpp:
any solutions please?
and this is my main.cpp:
C++:
#include <list>
#include <vector>
#include <string.h>
#include <pthread.h>
#include <cstring>
#include <jni.h>
#include <unistd.h>
#include <fstream>
#include <iostream>
#include "Includes/Logger.h"
#include "Includes/obfuscate.h"
#include "Includes/Utils.h"
#include "KittyMemory/MemoryPatch.h"
#include "Menu.h"
#include "Strings.h"
#if defined(__aarch64__) //Compile for arm64 lib only
#include <And64InlineHook/And64InlineHook.hpp>
#else //Compile for armv7 lib only. Do not worry about greyed out highlighting code, it still works
#include <Substrate/SubstrateHook.h>
#include <Substrate/CydiaSubstrate.h>
#endif
// fancy struct for patches for kittyMemory
struct My_Patches {
// let's assume we have patches for these functions for whatever game
// like show in miniMap boolean function
MemoryPatch za;
// etc...
} hexPatches;
bool name = false;
// Function pointer splitted because we want to avoid crash when the il2cpp lib isn't loaded.
// If you putted getAbsoluteAddress here, the lib tries to read the address without il2cpp loaded,
// will result in a null pointer which will cause crash
// See https://guidedhacking.com/threads/android-function-pointers-hooking-template-tutorial.14771/
void (*AddMoneyExample)(void *instance, int amount);
//Target lib here
#define targetLibName OBFUSCATE("libil2cpp.so")
// we will run our patches in a new thread so our while loop doesn't block process main thread
// Don't forget to remove or comment out logs before you compile it.
//KittyMemory Android Example: https://github.com/MJx0/KittyMemory/blob/master/Android/test/src/main.cpp
//Use ARM Converter to convert ARM to HEX: https://armconverter.com/
//Note: We use OBFUSCATE_KEY for offsets which is the important part xD
// Hooking example. Please refer to online tutorials how to hook
monoString* (*old_playername)(void *instance);
monoString* playername(void *instance) {
if(instance!=NULL) {
if (name) {
return CreateMonoString("Just for test");
}
}
return old_playername(instance);
}
void *hack_thread(void *) {
LOGI(OBFUSCATE("pthread created"));
//Check if target lib is loaded
do {
sleep(1);
} while (!isLibraryLoaded(targetLibName));
//Anti-lib rename
/*
do {
sleep(1);
} while (!isLibraryLoaded("libYOURNAME.so"));*/
LOGI(OBFUSCATE("%s has been loaded"), (const char *) targetLibName);
#if defined(__aarch64__) //Compile for arm64 lib only
// New way to patch hex via KittyMemory without need to specify len. Spaces or without spaces are fine
// ARM64 assembly example
// MOV X0, #0x0 = 00 00 80 D2
// RET = C0 03 5F D6
hexPatches.GodMode = MemoryPatch::createWithHex(targetLibName,
string2Offset(OBFUSCATE_KEY("0x123456", '3')),
OBFUSCATE("00 00 80 D2 C0 03 5F D6"));
//You can also specify target lib like this
hexPatches.GodMode2 = MemoryPatch::createWithHex("libtargetLibHere.so",
string2Offset(OBFUSCATE_KEY("0x222222", 'g')),
OBFUSCATE("20 00 80 D2 C0 03 5F D6"));
// Offset Hook example
//A64HookFunction((void *) getAbsoluteAddress(targetLibName, string2Offset(OBFUSCATE_KEY("0x123456", 'l'))), (void *) get_BoolExample,
// (void **) &old_get_BoolExample);
// Function pointer splitted because we want to avoid crash when the il2cpp lib isn't loaded.
// See https://guidedhacking.com/threads/android-function-pointers-hooking-template-tutorial.14771/
AddMoneyExample = (void(*)(void *,int))getAbsoluteAddress(targetLibName, 0x123456);
#else //Compile for armv7 lib only. Do not worry about greyed out highlighting code, it still works
MSHookFunction((void *)getAbsoluteAddress("libil2cpp.so", 0xE3CD42), (void *) playername, (void **) &old_playername);
// Symbol hook example (untested). Symbol/function names can be found in IDA if the lib are not stripped. This is not for il2cpp games
//MSHookFunction((void *) ("__SymbolNameExample"), (void *) get_BoolExample, (void **) &old_get_BoolExample);
// Function pointer splitted because we want to avoid crash when the il2cpp lib isn't loaded.
// See https://guidedhacking.com/threads/android-function-pointers-hooking-template-tutorial.14771/
AddMoneyExample = (void (*)(void *, int)) getAbsoluteAddress(targetLibName, 0x123456);
LOGI(OBFUSCATE("Done"));
#endif
return NULL;
}
//JNI calls
extern "C" {
// Note:
// Do not change or translate the first text unless you know what you are doing
// Assigning feature numbers is optional. Without it, it will automatically count for you, starting from 0
// Assigned feature numbers can be like any numbers 1,3,200,10... instead in order 0,1,2,3,4,5...
// ButtonLink, Category, RichTextView and RichWebView is not counted. They can't have feature number assigned
// Toggle, ButtonOnOff and Checkbox can be switched on by default, if you add True_. Example: CheckBox_True_The Check Box
// To learn HTML, go to this page: https://www.w3schools.com/
JNIEXPORT jobjectArray
JNICALL
Java_uk_lgl_modmenu_FloatingModMenuService_getFeatureList(JNIEnv *env, jobject context) {
jobjectArray ret;
//Toasts added here so it's harder to remove it
MakeToast(env, context, OBFUSCATE("Modded by LGL"), Toast::LENGTH_LONG);
const char *features[] = {
OBFUSCATE("Category_The Category"), //Not counted
OBFUSCATE("1_Toggle_New name"),
};
//Now you dont have to manually update the number everytime;
int Total_Feature = (sizeof features / sizeof features[0]);
ret = (jobjectArray)
env->NewObjectArray(Total_Feature, env->FindClass(OBFUSCATE("java/lang/String")),
env->NewStringUTF(""));
for (int i = 0; i < Total_Feature; i++)
env->SetObjectArrayElement(ret, i, env->NewStringUTF(features[i]));
pthread_t ptid;
pthread_create(&ptid, NULL, antiLeech, NULL);
return (ret);
}
JNIEXPORT void JNICALL
Java_uk_lgl_modmenu_Preferences_Changes(JNIEnv *env, jclass clazz, jobject obj,
jint featNum, jstring featName, jint value,
jboolean boolean, jstring str) {
//Convert java string to c++
const char *featureName = env->GetStringUTFChars(featName, 0);
const char *TextInput;
if (str != NULL)
TextInput = env->GetStringUTFChars(str, 0);
else
TextInput = "Empty";
LOGD(OBFUSCATE("Feature name: %d - %s | Value: = %d | Bool: = %d | Text: = %s"), featNum,
featureName, value,
boolean, TextInput);
//BE CAREFUL NOT TO ACCIDENTLY REMOVE break;
switch (featNum) {
case 1:
name = boolean;
break;
}
}
}
//No need to use JNI_OnLoad, since we don't use JNIEnv
//We do this to hide OnLoad from disassembler
__attribute__((constructor))
void lib_main() {
// Create a new thread so it does not block the main thread, means the game would not freeze
pthread_t ptid;
pthread_create(&ptid, NULL, hack_thread, NULL);
}
/*
JNIEXPORT jint JNICALL
JNI_OnLoad(JavaVM *vm, void *reserved) {
JNIEnv *globalEnv;
vm->GetEnv((void **) &globalEnv, JNI_VERSION_1_6);
return JNI_VERSION_1_6;
}
*/
