Help! how to find / hack coins via il2cpp?
- Thread starter Alvin2000
- Start date
Tiahh
Solid & Active Platinian
Most of games are not server sided and no i am not wrong at all.
RedXen
Awesome Active Platinian
I'd start with C#, contrary to what anyone tells you. Easiest to understand for beginners and can be used to do almost anything C++ can.
Rohimbaeka
Rookie
Can you help me with List. I don't know how to hook that
-------
RVA: 0x715724 Offset: 0x715724 VA: 0x715724
public void AddCoins(int coins) { }
// RVA: 0x7157B8 Offset: 0x7157B8 VA: 0x7157B8
public void AddKeys(int keys) { }
// RVA: 0x7157CC Offset: 0x7157CC VA: 0x7157CC
public void SetHoverboardActive(bool active) { }
In main.cpp and I use the LGL Mod menu template
-------
RVA: 0x715724 Offset: 0x715724 VA: 0x715724
public void AddCoins(int coins) { }
// RVA: 0x7157B8 Offset: 0x7157B8 VA: 0x7157B8
public void AddKeys(int keys) { }
// RVA: 0x7157CC Offset: 0x7157CC VA: 0x7157CC
public void SetHoverboardActive(bool active) { }
In main.cpp and I use the LGL Mod menu template
RedXen
Awesome Active Platinian
They're all methods, not lists? :?
Rohimbaeka
Rookie
How to fix it? 
MemoryPatch Coins, Keys;
// etc...
} hexPatches;
bool coins = false;
bool keys = false;
// Hooking examples. Assuming you know how to write hook
void (*old_AddCoins)(void *instance, int _amount); // Your function is void, so use void, not int
void AddCoins(void *instance, int _amount)
{
if(instance != NULL && coins) // Only execute the code inside the if statement when the user turns on the toggle (Use the bool you created)
{
old_AddCoins(instance, 9999); /* If you want to just modify parameters of a function, just use the old_FunctionName and change whatever parameter to whatever you like.
Notice how I don't use return, and just call the function, that's because it's a void data type */
}
old_AddCoins(instance, _amount); // If instance is NULL or something else wrong, call the original function with the **Unedited** parameters
}
void (*old_AddKeys)(void *instance, int _amount); // Your function is void, so use void, not int
void AddKeys(void *instance, int _amount)
{
if(instance != NULL && keys) // Only execute the code inside the if statement when the user turns on the toggle (Use the bool you created)
{
old_AddKeys(instance, 9999); /* If you want to just modify parameters of a function, just use the old_FunctionName and change whatever parameter to whatever you like.
Notice how I don't use return, and just call the function, that's because it's a void data type */
}
old_AddKeys(instance, _amount); // If instance is NULL or something else wrong, call the original function with the **Unedited** parameters
}
// we will run our hacks in a new thread so our while loop doesn't block process main thread
void *hack_thread(void *) {
LOGI(OBFUSCATE("pthread created"));
//Check if target lib is loaded
do {
sleep(1);
} while (!isLibraryLoaded(targetLibName));
//Anti-lib rename
/*
do {
sleep(1);
} while (!isLibraryLoaded("libYOURNAME.so"));*/
LOGI(OBFUSCATE("%s has been loaded"), (const char *) targetLibName);
#if defined(__aarch64__) //To compile this code for arm64 lib only. Do not worry about greyed out highlighting code, it still works
#else //To compile this code for armv7 lib only.
// New way to patch hex via KittyMemory without need to specify len. Spaces or without spaces are fine
// ARMv7 assembly example
// MOV R0, #0x0 = 00 00 A0 E3
// BX LR = 1E FF 2F E1
/*hexPatches.coins = MemoryPatch::createWithHex(targetLibName, //Normal obfuscate
string2Offset(OBFUSCATE("0x715724")),
OBFUSCATE("00 00 A0 E3 1E FF 2F E1"));*/
/*hexPatches.keys = MemoryPatch::createWithHex(targetLibName, //Normal obfuscate
string2Offset(OBFUSCATE("0x7157B8")),
OBFUSCATE("00 00 A0 E3 1E FF 2F E1")); */
//You can also specify target lib like this
hexPatches.Coins = MemoryPatch::createWithHex("libil2cpp.so",
string2Offset(OBFUSCATE("0x715724")),
OBFUSCATE("02 01 E0 E3 1E FF 2F E1"));
hexPatches.Keys = MemoryPatch::createWithHex("libil2cpp.so",
string2Offset(OBFUSCATE("0x7157B8")),
OBFUSCATE("02 01 E0 E3 1E FF 2F E1"));
LOGI(OBFUSCATE("Done"));
#endif
return NULL;
}
//JNI calls
extern "C" {
// Do not change or translate the first text unless you know what you are doing
// Assigning feature numbers is optional. Without it, it will automatically count for you, starting from 0
// Assigned feature numbers can be like any numbers 1,3,200,10... instead in order 0,1,2,3,4,5...
// ButtonLink, Category, RichTextView and RichWebView is not counted. They can't have feature number assigned
// Toggle, ButtonOnOff and Checkbox can be switched on by default, if you add True_. Example: CheckBox_True_The Check Box
// To learn HTML, go to this page: W3Schools Free Online Web Tutorials
JNIEXPORT jobjectArray
JNICALL
Java_uk_lgl_modmenu_FloatingModMenuService_getFeatureList(JNIEnv *env, jobject context) {
jobjectArray ret;
//Toasts added here so it's harder to remove it
MakeToast(env, context, OBFUSCATE("Modded by Bang Modznan"), Toast::LENGTH_LONG);
const char *features[] = {
OBFUSCATE("Category_Menu"), //Not counted
OBFUSCATE("Toggle_Unlimited Coins"),
OBFUSCATE("Toggle_Unlimited Keys"),
//Create new collapse
OBFUSCATE("Subscribe My Youtube Channel"),
OBFUSCATE("CollapseAdd_Toggle_The toggle"),
//Create new collapse again
OBFUSCATE("Collapse_Collapse 2"),
OBFUSCATE("CollapseAdd_SeekBar_The slider_1_100"),
OBFUSCATE("CollapseAdd_InputValue_Input number"),
OBFUSCATE("RichTextView_This is text view, not fully HTML."
"<b>Bold</b> <i>italic</i> <u>underline</u>"
"<br />New line <font color='red'>Support colors</font>"
"<br/><big>bigger Text</big>"),
OBFUSCATE("RichWebView_<html><head><style>body{color: white;}</style></head><body>"
"This is WebView, with REAL HTML support!"
"<div style=\"background-color: darkblue; text-align: center;\">Support CSS</div>"
"<marquee style=\"color: green; font-weight:bold;\" direction=\"left\" scrollamount=\"5\" behavior=\"scroll\">This is <u>scrollable</u> text</marquee>"
"</body></html>")
};
//Now you dont have to manually update the number everytime;
int Total_Feature = (sizeof features / sizeof features[0]);
ret = (jobjectArray)
env->NewObjectArray(Total_Feature, env->FindClass(OBFUSCATE("java/lang/String")),
env->NewStringUTF(""));
for (int i = 0; i < Total_Feature; i++)
env->SetObjectArrayElement(ret, i, env->NewStringUTF(features));
pthread_t ptid;
pthread_create(&ptid, NULL, antiLeech, NULL);
return (ret);
}
JNIEXPORT void JNICALL
Java_uk_lgl_modmenu_Preferences_Changes(JNIEnv *env, jclass clazz, jobject obj,
jint featNum, jstring featName, jint value,
jboolean boolean, jstring str) {
LOGD(OBFUSCATE("Feature name: %d - %s | Value: = %d | Bool: = %d | Text: = %s"), featNum,
env->GetStringUTFChars(featName, 0), value,
boolean, str != NULL ? env->GetStringUTFChars(str, 0) : "");
//BE CAREFUL NOT TO ACCIDENTLY REMOVE break;
switch (featNum) {
case 0:
coins = !coins;
break;
case 1:
keys = !keys;
break;
}
}
}
MemoryPatch Coins, Keys;
// etc...
} hexPatches;
bool coins = false;
bool keys = false;
// Hooking examples. Assuming you know how to write hook
void (*old_AddCoins)(void *instance, int _amount); // Your function is void, so use void, not int
void AddCoins(void *instance, int _amount)
{
if(instance != NULL && coins) // Only execute the code inside the if statement when the user turns on the toggle (Use the bool you created)
{
old_AddCoins(instance, 9999); /* If you want to just modify parameters of a function, just use the old_FunctionName and change whatever parameter to whatever you like.
Notice how I don't use return, and just call the function, that's because it's a void data type */
}
old_AddCoins(instance, _amount); // If instance is NULL or something else wrong, call the original function with the **Unedited** parameters
}
void (*old_AddKeys)(void *instance, int _amount); // Your function is void, so use void, not int
void AddKeys(void *instance, int _amount)
{
if(instance != NULL && keys) // Only execute the code inside the if statement when the user turns on the toggle (Use the bool you created)
{
old_AddKeys(instance, 9999); /* If you want to just modify parameters of a function, just use the old_FunctionName and change whatever parameter to whatever you like.
Notice how I don't use return, and just call the function, that's because it's a void data type */
}
old_AddKeys(instance, _amount); // If instance is NULL or something else wrong, call the original function with the **Unedited** parameters
}
// we will run our hacks in a new thread so our while loop doesn't block process main thread
void *hack_thread(void *) {
LOGI(OBFUSCATE("pthread created"));
//Check if target lib is loaded
do {
sleep(1);
} while (!isLibraryLoaded(targetLibName));
//Anti-lib rename
/*
do {
sleep(1);
} while (!isLibraryLoaded("libYOURNAME.so"));*/
LOGI(OBFUSCATE("%s has been loaded"), (const char *) targetLibName);
#if defined(__aarch64__) //To compile this code for arm64 lib only. Do not worry about greyed out highlighting code, it still works
#else //To compile this code for armv7 lib only.
// New way to patch hex via KittyMemory without need to specify len. Spaces or without spaces are fine
// ARMv7 assembly example
// MOV R0, #0x0 = 00 00 A0 E3
// BX LR = 1E FF 2F E1
/*hexPatches.coins = MemoryPatch::createWithHex(targetLibName, //Normal obfuscate
string2Offset(OBFUSCATE("0x715724")),
OBFUSCATE("00 00 A0 E3 1E FF 2F E1"));*/
/*hexPatches.keys = MemoryPatch::createWithHex(targetLibName, //Normal obfuscate
string2Offset(OBFUSCATE("0x7157B8")),
OBFUSCATE("00 00 A0 E3 1E FF 2F E1")); */
//You can also specify target lib like this
hexPatches.Coins = MemoryPatch::createWithHex("libil2cpp.so",
string2Offset(OBFUSCATE("0x715724")),
OBFUSCATE("02 01 E0 E3 1E FF 2F E1"));
hexPatches.Keys = MemoryPatch::createWithHex("libil2cpp.so",
string2Offset(OBFUSCATE("0x7157B8")),
OBFUSCATE("02 01 E0 E3 1E FF 2F E1"));
LOGI(OBFUSCATE("Done"));
#endif
return NULL;
}
//JNI calls
extern "C" {
// Do not change or translate the first text unless you know what you are doing
// Assigning feature numbers is optional. Without it, it will automatically count for you, starting from 0
// Assigned feature numbers can be like any numbers 1,3,200,10... instead in order 0,1,2,3,4,5...
// ButtonLink, Category, RichTextView and RichWebView is not counted. They can't have feature number assigned
// Toggle, ButtonOnOff and Checkbox can be switched on by default, if you add True_. Example: CheckBox_True_The Check Box
// To learn HTML, go to this page: W3Schools Free Online Web Tutorials
JNIEXPORT jobjectArray
JNICALL
Java_uk_lgl_modmenu_FloatingModMenuService_getFeatureList(JNIEnv *env, jobject context) {
jobjectArray ret;
//Toasts added here so it's harder to remove it
MakeToast(env, context, OBFUSCATE("Modded by Bang Modznan"), Toast::LENGTH_LONG);
const char *features[] = {
OBFUSCATE("Category_Menu"), //Not counted
OBFUSCATE("Toggle_Unlimited Coins"),
OBFUSCATE("Toggle_Unlimited Keys"),
//Create new collapse
OBFUSCATE("Subscribe My Youtube Channel"),
OBFUSCATE("CollapseAdd_Toggle_The toggle"),
//Create new collapse again
OBFUSCATE("Collapse_Collapse 2"),
OBFUSCATE("CollapseAdd_SeekBar_The slider_1_100"),
OBFUSCATE("CollapseAdd_InputValue_Input number"),
OBFUSCATE("RichTextView_This is text view, not fully HTML."
"<b>Bold</b> <i>italic</i> <u>underline</u>"
"<br />New line <font color='red'>Support colors</font>"
"<br/><big>bigger Text</big>"),
OBFUSCATE("RichWebView_<html><head><style>body{color: white;}</style></head><body>"
"This is WebView, with REAL HTML support!"
"<div style=\"background-color: darkblue; text-align: center;\">Support CSS</div>"
"<marquee style=\"color: green; font-weight:bold;\" direction=\"left\" scrollamount=\"5\" behavior=\"scroll\">This is <u>scrollable</u> text</marquee>"
"</body></html>")
};
//Now you dont have to manually update the number everytime;
int Total_Feature = (sizeof features / sizeof features[0]);
ret = (jobjectArray)
env->NewObjectArray(Total_Feature, env->FindClass(OBFUSCATE("java/lang/String")),
env->NewStringUTF(""));
for (int i = 0; i < Total_Feature; i++)
env->SetObjectArrayElement(ret, i, env->NewStringUTF(features));
pthread_t ptid;
pthread_create(&ptid, NULL, antiLeech, NULL);
return (ret);
}
JNIEXPORT void JNICALL
Java_uk_lgl_modmenu_Preferences_Changes(JNIEnv *env, jclass clazz, jobject obj,
jint featNum, jstring featName, jint value,
jboolean boolean, jstring str) {
LOGD(OBFUSCATE("Feature name: %d - %s | Value: = %d | Bool: = %d | Text: = %s"), featNum,
env->GetStringUTFChars(featName, 0), value,
boolean, str != NULL ? env->GetStringUTFChars(str, 0) : "");
//BE CAREFUL NOT TO ACCIDENTLY REMOVE break;
switch (featNum) {
case 0:
coins = !coins;
break;
case 1:
keys = !keys;
break;
}
}
}
I'mtrytobemodder
Rookie
Hi , being an approved modder, do you know how to mod" Unreal" game , ex: DLS2022