Help! how to find / hack coins via il2cpp?
- Thread starter Alvin2000
- Start date
Tiahh
Solid & Active Platinian
Most of games are not server sided and no i am not wrong at all.
RedXen
Awesome Active Platinian
I'd start with C#, contrary to what anyone tells you. Easiest to understand for beginners and can be used to do almost anything C++ can.
Rohimbaeka
Rookie
Can you help me with List. I don't know how to hook that
-------
RVA: 0x715724 Offset: 0x715724 VA: 0x715724
public void AddCoins(int coins) { }
// RVA: 0x7157B8 Offset: 0x7157B8 VA: 0x7157B8
public void AddKeys(int keys) { }
// RVA: 0x7157CC Offset: 0x7157CC VA: 0x7157CC
public void SetHoverboardActive(bool active) { }
In main.cpp and I use the LGL Mod menu template
-------
RVA: 0x715724 Offset: 0x715724 VA: 0x715724
public void AddCoins(int coins) { }
// RVA: 0x7157B8 Offset: 0x7157B8 VA: 0x7157B8
public void AddKeys(int keys) { }
// RVA: 0x7157CC Offset: 0x7157CC VA: 0x7157CC
public void SetHoverboardActive(bool active) { }
In main.cpp and I use the LGL Mod menu template
RedXen
Awesome Active Platinian
They're all methods, not lists? :?
Rohimbaeka
Rookie
How to fix it? 
MemoryPatch Coins, Keys;
// etc...
} hexPatches;
bool coins = false;
bool keys = false;
// Hooking examples. Assuming you know how to write hook
void (*old_AddCoins)(void *instance, int _amount); // Your function is void, so use void, not int
void AddCoins(void *instance, int _amount)
{
if(instance != NULL && coins) // Only execute the code inside the if statement when the user turns on the toggle (Use the bool you created)
{
old_AddCoins(instance, 9999); /* If you want to just modify parameters of a function, just use the old_FunctionName and change whatever parameter to whatever you like.
Notice how I don't use return, and just call the function, that's because it's a void data type */
}
old_AddCoins(instance, _amount); // If instance is NULL or something else wrong, call the original function with the **Unedited** parameters
}
void (*old_AddKeys)(void *instance, int _amount); // Your function is void, so use void, not int
void AddKeys(void *instance, int _amount)
{
if(instance != NULL && keys) // Only execute the code inside the if statement when the user turns on the toggle (Use the bool you created)
{
old_AddKeys(instance, 9999); /* If you want to just modify parameters of a function, just use the old_FunctionName and change whatever parameter to whatever you like.
Notice how I don't use return, and just call the function, that's because it's a void data type */
}
old_AddKeys(instance, _amount); // If instance is NULL or something else wrong, call the original function with the **Unedited** parameters
}
// we will run our hacks in a new thread so our while loop doesn't block process main thread
void *hack_thread(void *) {
LOGI(OBFUSCATE("pthread created"));
//Check if target lib is loaded
do {
sleep(1);
} while (!isLibraryLoaded(targetLibName));
//Anti-lib rename
/*
do {
sleep(1);
} while (!isLibraryLoaded("libYOURNAME.so"));*/
LOGI(OBFUSCATE("%s has been loaded"), (const char *) targetLibName);
#if defined(__aarch64__) //To compile this code for arm64 lib only. Do not worry about greyed out highlighting code, it still works
#else //To compile this code for armv7 lib only.
// New way to patch hex via KittyMemory without need to specify len. Spaces or without spaces are fine
// ARMv7 assembly example
// MOV R0, #0x0 = 00 00 A0 E3
// BX LR = 1E FF 2F E1
/*hexPatches.coins = MemoryPatch::createWithHex(targetLibName, //Normal obfuscate
string2Offset(OBFUSCATE("0x715724")),
OBFUSCATE("00 00 A0 E3 1E FF 2F E1"));*/
/*hexPatches.keys = MemoryPatch::createWithHex(targetLibName, //Normal obfuscate
string2Offset(OBFUSCATE("0x7157B8")),
OBFUSCATE("00 00 A0 E3 1E FF 2F E1")); */
//You can also specify target lib like this
hexPatches.Coins = MemoryPatch::createWithHex("libil2cpp.so",
string2Offset(OBFUSCATE("0x715724")),
OBFUSCATE("02 01 E0 E3 1E FF 2F E1"));
hexPatches.Keys = MemoryPatch::createWithHex("libil2cpp.so",
string2Offset(OBFUSCATE("0x7157B8")),
OBFUSCATE("02 01 E0 E3 1E FF 2F E1"));
LOGI(OBFUSCATE("Done"));
#endif
return NULL;
}
//JNI calls
extern "C" {
// Do not change or translate the first text unless you know what you are doing
// Assigning feature numbers is optional. Without it, it will automatically count for you, starting from 0
// Assigned feature numbers can be like any numbers 1,3,200,10... instead in order 0,1,2,3,4,5...
// ButtonLink, Category, RichTextView and RichWebView is not counted. They can't have feature number assigned
// Toggle, ButtonOnOff and Checkbox can be switched on by default, if you add True_. Example: CheckBox_True_The Check Box
// To learn HTML, go to this page: W3Schools Free Online Web Tutorials
JNIEXPORT jobjectArray
JNICALL
Java_uk_lgl_modmenu_FloatingModMenuService_getFeatureList(JNIEnv *env, jobject context) {
jobjectArray ret;
//Toasts added here so it's harder to remove it
MakeToast(env, context, OBFUSCATE("Modded by Bang Modznan"), Toast::LENGTH_LONG);
const char *features[] = {
OBFUSCATE("Category_Menu"), //Not counted
OBFUSCATE("Toggle_Unlimited Coins"),
OBFUSCATE("Toggle_Unlimited Keys"),
//Create new collapse
OBFUSCATE("Subscribe My Youtube Channel"),
OBFUSCATE("CollapseAdd_Toggle_The toggle"),
//Create new collapse again
OBFUSCATE("Collapse_Collapse 2"),
OBFUSCATE("CollapseAdd_SeekBar_The slider_1_100"),
OBFUSCATE("CollapseAdd_InputValue_Input number"),
OBFUSCATE("RichTextView_This is text view, not fully HTML."
"<b>Bold</b> <i>italic</i> <u>underline</u>"
"<br />New line <font color='red'>Support colors</font>"
"<br/><big>bigger Text</big>"),
OBFUSCATE("RichWebView_<html><head><style>body{color: white;}</style></head><body>"
"This is WebView, with REAL HTML support!"
"<div style=\"background-color: darkblue; text-align: center;\">Support CSS</div>"
"<marquee style=\"color: green; font-weight:bold;\" direction=\"left\" scrollamount=\"5\" behavior=\"scroll\">This is <u>scrollable</u> text</marquee>"
"</body></html>")
};
//Now you dont have to manually update the number everytime;
int Total_Feature = (sizeof features / sizeof features[0]);
ret = (jobjectArray)
env->NewObjectArray(Total_Feature, env->FindClass(OBFUSCATE("java/lang/String")),
env->NewStringUTF(""));
for (int i = 0; i < Total_Feature; i++)
env->SetObjectArrayElement(ret, i, env->NewStringUTF(features));
pthread_t ptid;
pthread_create(&ptid, NULL, antiLeech, NULL);
return (ret);
}
JNIEXPORT void JNICALL
Java_uk_lgl_modmenu_Preferences_Changes(JNIEnv *env, jclass clazz, jobject obj,
jint featNum, jstring featName, jint value,
jboolean boolean, jstring str) {
LOGD(OBFUSCATE("Feature name: %d - %s | Value: = %d | Bool: = %d | Text: = %s"), featNum,
env->GetStringUTFChars(featName, 0), value,
boolean, str != NULL ? env->GetStringUTFChars(str, 0) : "");
//BE CAREFUL NOT TO ACCIDENTLY REMOVE break;
switch (featNum) {
case 0:
coins = !coins;
break;
case 1:
keys = !keys;
break;
}
}
}
MemoryPatch Coins, Keys;
// etc...
} hexPatches;
bool coins = false;
bool keys = false;
// Hooking examples. Assuming you know how to write hook
void (*old_AddCoins)(void *instance, int _amount); // Your function is void, so use void, not int
void AddCoins(void *instance, int _amount)
{
if(instance != NULL && coins) // Only execute the code inside the if statement when the user turns on the toggle (Use the bool you created)
{
old_AddCoins(instance, 9999); /* If you want to just modify parameters of a function, just use the old_FunctionName and change whatever parameter to whatever you like.
Notice how I don't use return, and just call the function, that's because it's a void data type */
}
old_AddCoins(instance, _amount); // If instance is NULL or something else wrong, call the original function with the **Unedited** parameters
}
void (*old_AddKeys)(void *instance, int _amount); // Your function is void, so use void, not int
void AddKeys(void *instance, int _amount)
{
if(instance != NULL && keys) // Only execute the code inside the if statement when the user turns on the toggle (Use the bool you created)
{
old_AddKeys(instance, 9999); /* If you want to just modify parameters of a function, just use the old_FunctionName and change whatever parameter to whatever you like.
Notice how I don't use return, and just call the function, that's because it's a void data type */
}
old_AddKeys(instance, _amount); // If instance is NULL or something else wrong, call the original function with the **Unedited** parameters
}
// we will run our hacks in a new thread so our while loop doesn't block process main thread
void *hack_thread(void *) {
LOGI(OBFUSCATE("pthread created"));
//Check if target lib is loaded
do {
sleep(1);
} while (!isLibraryLoaded(targetLibName));
//Anti-lib rename
/*
do {
sleep(1);
} while (!isLibraryLoaded("libYOURNAME.so"));*/
LOGI(OBFUSCATE("%s has been loaded"), (const char *) targetLibName);
#if defined(__aarch64__) //To compile this code for arm64 lib only. Do not worry about greyed out highlighting code, it still works
#else //To compile this code for armv7 lib only.
// New way to patch hex via KittyMemory without need to specify len. Spaces or without spaces are fine
// ARMv7 assembly example
// MOV R0, #0x0 = 00 00 A0 E3
// BX LR = 1E FF 2F E1
/*hexPatches.coins = MemoryPatch::createWithHex(targetLibName, //Normal obfuscate
string2Offset(OBFUSCATE("0x715724")),
OBFUSCATE("00 00 A0 E3 1E FF 2F E1"));*/
/*hexPatches.keys = MemoryPatch::createWithHex(targetLibName, //Normal obfuscate
string2Offset(OBFUSCATE("0x7157B8")),
OBFUSCATE("00 00 A0 E3 1E FF 2F E1")); */
//You can also specify target lib like this
hexPatches.Coins = MemoryPatch::createWithHex("libil2cpp.so",
string2Offset(OBFUSCATE("0x715724")),
OBFUSCATE("02 01 E0 E3 1E FF 2F E1"));
hexPatches.Keys = MemoryPatch::createWithHex("libil2cpp.so",
string2Offset(OBFUSCATE("0x7157B8")),
OBFUSCATE("02 01 E0 E3 1E FF 2F E1"));
LOGI(OBFUSCATE("Done"));
#endif
return NULL;
}
//JNI calls
extern "C" {
// Do not change or translate the first text unless you know what you are doing
// Assigning feature numbers is optional. Without it, it will automatically count for you, starting from 0
// Assigned feature numbers can be like any numbers 1,3,200,10... instead in order 0,1,2,3,4,5...
// ButtonLink, Category, RichTextView and RichWebView is not counted. They can't have feature number assigned
// Toggle, ButtonOnOff and Checkbox can be switched on by default, if you add True_. Example: CheckBox_True_The Check Box
// To learn HTML, go to this page: W3Schools Free Online Web Tutorials
JNIEXPORT jobjectArray
JNICALL
Java_uk_lgl_modmenu_FloatingModMenuService_getFeatureList(JNIEnv *env, jobject context) {
jobjectArray ret;
//Toasts added here so it's harder to remove it
MakeToast(env, context, OBFUSCATE("Modded by Bang Modznan"), Toast::LENGTH_LONG);
const char *features[] = {
OBFUSCATE("Category_Menu"), //Not counted
OBFUSCATE("Toggle_Unlimited Coins"),
OBFUSCATE("Toggle_Unlimited Keys"),
//Create new collapse
OBFUSCATE("Subscribe My Youtube Channel"),
OBFUSCATE("CollapseAdd_Toggle_The toggle"),
//Create new collapse again
OBFUSCATE("Collapse_Collapse 2"),
OBFUSCATE("CollapseAdd_SeekBar_The slider_1_100"),
OBFUSCATE("CollapseAdd_InputValue_Input number"),
OBFUSCATE("RichTextView_This is text view, not fully HTML."
"<b>Bold</b> <i>italic</i> <u>underline</u>"
"<br />New line <font color='red'>Support colors</font>"
"<br/><big>bigger Text</big>"),
OBFUSCATE("RichWebView_<html><head><style>body{color: white;}</style></head><body>"
"This is WebView, with REAL HTML support!"
"<div style=\"background-color: darkblue; text-align: center;\">Support CSS</div>"
"<marquee style=\"color: green; font-weight:bold;\" direction=\"left\" scrollamount=\"5\" behavior=\"scroll\">This is <u>scrollable</u> text</marquee>"
"</body></html>")
};
//Now you dont have to manually update the number everytime;
int Total_Feature = (sizeof features / sizeof features[0]);
ret = (jobjectArray)
env->NewObjectArray(Total_Feature, env->FindClass(OBFUSCATE("java/lang/String")),
env->NewStringUTF(""));
for (int i = 0; i < Total_Feature; i++)
env->SetObjectArrayElement(ret, i, env->NewStringUTF(features));
pthread_t ptid;
pthread_create(&ptid, NULL, antiLeech, NULL);
return (ret);
}
JNIEXPORT void JNICALL
Java_uk_lgl_modmenu_Preferences_Changes(JNIEnv *env, jclass clazz, jobject obj,
jint featNum, jstring featName, jint value,
jboolean boolean, jstring str) {
LOGD(OBFUSCATE("Feature name: %d - %s | Value: = %d | Bool: = %d | Text: = %s"), featNum,
env->GetStringUTFChars(featName, 0), value,
boolean, str != NULL ? env->GetStringUTFChars(str, 0) : "");
//BE CAREFUL NOT TO ACCIDENTLY REMOVE break;
switch (featNum) {
case 0:
coins = !coins;
break;
case 1:
keys = !keys;
break;
}
}
}
I'mtrytobemodder
Rookie
Hi , being an approved modder, do you know how to mod" Unreal" game , ex: DLS2022
saifou0707
Platinian
Check tutorial section for some examples; like this one:
Modding libil2cpp.so games tutorial for beginners with Video Tutorial
Hello everyone. I'm posting this tutorial to help those who start . Hope it's helpful to you, though it might not bring nothing new to the table. If you are already somewhat experienced and have already modded libil2cpp.so games, you can perfectly skip this tutorial. (APK signing has been...platinmods.com