Had some time during lunch to figure out apktool, Smali, and Ghidra. Pretty cool stuff! I don't have a publicly rootable Android device to mess with the save files directly and my daughter was begging me for VIP and coins. I managed VIP but the best low effort patch for coins ("Dream Dollars") I could figure out was unlimiting the daily $50 gift timer. I'd share but I only bothered with the 32-bit version since that's what her tablet runs.
I started by patching
Then I did the same for a handful of functions in
Generally, I just added
I was initially going to patch in some code to write new values to the save file but hesitated when I saw some annoying salt fields. I did go ahead and neuter
Was cool to figure out how to use all these tools!
I started by patching
IsPurchased(Ljava/lang/string;)Z
to always return true:
Code:
.method public IsPurchased(Ljava/lang/String;)Z
.locals 1
.line 528
const/4 v0, 0x1
return v0
.end method
libil2cpp.so
with some ARM assembly: SubscriptionManager$$get_IsSubscribed
, LockableItem$$IsPackUnlocked
, and DailyGiftManager$$HasEnoughTimePassed
.Generally, I just added
01 00 a0 e3 mov r0, #1
after the function prologues immediately followed by the epilogue.I was initially going to patch in some code to write new values to the save file but hesitated when I saw some annoying salt fields. I did go ahead and neuter
SignedSaveFile$$IsSignatureValid
in the meantime. I also saw some code that looks like they can hotpatch remotely, so I imagine I'll need to work on a root if I want to persist my changes while also persisting her save.Was cool to figure out how to use all these tools!