Help! how to find / hack coins via il2cpp?

Tiahh

Solid & Active Platinian
Jan 12, 2018
75
44
18
37
Dear friend, you are completely wrong, each game is truly unique. (In some games, coins can be stored, for example, on the server side and do not even appear in the dump)
Most of games are not server sided and no i am not wrong at all.
 

RedXen

Awesome Active Platinian
Jul 8, 2021
107
1,839
193
Norway
hi .can you tell me wich programing language is better for modding to learn? c++ or c# or java or anythings else?(spacially for ill2cpp files. ).thanks
I'd start with C#, contrary to what anyone tells you. Easiest to understand for beginners and can be used to do almost anything C++ can.
 

Rohimbaeka

Rookie
Mar 17, 2021
3
1
3
24
Indonesia
Can you help me with List. I don't know how to hook that

-------

RVA: 0x715724 Offset: 0x715724 VA: 0x715724
public void AddCoins(int coins) { }

// RVA: 0x7157B8 Offset: 0x7157B8 VA: 0x7157B8
public void AddKeys(int keys) { }

// RVA: 0x7157CC Offset: 0x7157CC VA: 0x7157CC
public void SetHoverboardActive(bool active) { }

In main.cpp and I use the LGL Mod menu template
 

RedXen

Awesome Active Platinian
Jul 8, 2021
107
1,839
193
Norway
Can you help me with List. I don't know how to hook that

-------

RVA: 0x715724 Offset: 0x715724 VA: 0x715724
public void AddCoins(int coins) { }

// RVA: 0x7157B8 Offset: 0x7157B8 VA: 0x7157B8
public void AddKeys(int keys) { }

// RVA: 0x7157CC Offset: 0x7157CC VA: 0x7157CC
public void SetHoverboardActive(bool active) { }

In main.cpp and I use the LGL Mod menu template
They're all methods, not lists? :?
 

Rohimbaeka

Rookie
Mar 17, 2021
3
1
3
24
Indonesia
How to fix it? 🙏


MemoryPatch Coins, Keys;
// etc...
} hexPatches;

bool coins = false;
bool keys = false;

// Hooking examples. Assuming you know how to write hook

void (*old_AddCoins)(void *instance, int _amount); // Your function is void, so use void, not int
void AddCoins(void *instance, int _amount)
{
if(instance != NULL && coins) // Only execute the code inside the if statement when the user turns on the toggle (Use the bool you created)
{
old_AddCoins(instance, 9999); /* If you want to just modify parameters of a function, just use the old_FunctionName and change whatever parameter to whatever you like.
Notice how I don't use return, and just call the function, that's because it's a void data type */
}
old_AddCoins(instance, _amount); // If instance is NULL or something else wrong, call the original function with the **Unedited** parameters
}
void (*old_AddKeys)(void *instance, int _amount); // Your function is void, so use void, not int
void AddKeys(void *instance, int _amount)
{
if(instance != NULL && keys) // Only execute the code inside the if statement when the user turns on the toggle (Use the bool you created)
{
old_AddKeys(instance, 9999); /* If you want to just modify parameters of a function, just use the old_FunctionName and change whatever parameter to whatever you like.
Notice how I don't use return, and just call the function, that's because it's a void data type */
}
old_AddKeys(instance, _amount); // If instance is NULL or something else wrong, call the original function with the **Unedited** parameters
}


// we will run our hacks in a new thread so our while loop doesn't block process main thread
void *hack_thread(void *) {
LOGI(OBFUSCATE("pthread created"));

//Check if target lib is loaded
do {
sleep(1);
} while (!isLibraryLoaded(targetLibName));

//Anti-lib rename
/*
do {
sleep(1);
} while (!isLibraryLoaded("libYOURNAME.so"));*/

LOGI(OBFUSCATE("%s has been loaded"), (const char *) targetLibName);

#if defined(__aarch64__) //To compile this code for arm64 lib only. Do not worry about greyed out highlighting code, it still works

#else //To compile this code for armv7 lib only.
// New way to patch hex via KittyMemory without need to specify len. Spaces or without spaces are fine
// ARMv7 assembly example
// MOV R0, #0x0 = 00 00 A0 E3
// BX LR = 1E FF 2F E1
/*hexPatches.coins = MemoryPatch::createWithHex(targetLibName, //Normal obfuscate
string2Offset(OBFUSCATE("0x715724")),
OBFUSCATE("00 00 A0 E3 1E FF 2F E1"));*/

/*hexPatches.keys = MemoryPatch::createWithHex(targetLibName, //Normal obfuscate
string2Offset(OBFUSCATE("0x7157B8")),
OBFUSCATE("00 00 A0 E3 1E FF 2F E1")); */
//You can also specify target lib like this
hexPatches.Coins = MemoryPatch::createWithHex("libil2cpp.so",
string2Offset(OBFUSCATE("0x715724")),
OBFUSCATE("02 01 E0 E3 1E FF 2F E1"));

hexPatches.Keys = MemoryPatch::createWithHex("libil2cpp.so",
string2Offset(OBFUSCATE("0x7157B8")),
OBFUSCATE("02 01 E0 E3 1E FF 2F E1"));


LOGI(OBFUSCATE("Done"));
#endif

return NULL;
}

//JNI calls
extern "C" {

// Do not change or translate the first text unless you know what you are doing
// Assigning feature numbers is optional. Without it, it will automatically count for you, starting from 0
// Assigned feature numbers can be like any numbers 1,3,200,10... instead in order 0,1,2,3,4,5...
// ButtonLink, Category, RichTextView and RichWebView is not counted. They can't have feature number assigned
// Toggle, ButtonOnOff and Checkbox can be switched on by default, if you add True_. Example: CheckBox_True_The Check Box
// To learn HTML, go to this page: W3Schools Free Online Web Tutorials

JNIEXPORT jobjectArray
JNICALL
Java_uk_lgl_modmenu_FloatingModMenuService_getFeatureList(JNIEnv *env, jobject context) {
jobjectArray ret;

//Toasts added here so it's harder to remove it
MakeToast(env, context, OBFUSCATE("Modded by Bang Modznan"), Toast::LENGTH_LONG);

const char *features[] = {
OBFUSCATE("Category_Menu"), //Not counted
OBFUSCATE("Toggle_Unlimited Coins"),
OBFUSCATE("Toggle_Unlimited Keys"),
//Create new collapse
OBFUSCATE("Subscribe My Youtube Channel"),
OBFUSCATE("CollapseAdd_Toggle_The toggle"),

//Create new collapse again
OBFUSCATE("Collapse_Collapse 2"),
OBFUSCATE("CollapseAdd_SeekBar_The slider_1_100"),
OBFUSCATE("CollapseAdd_InputValue_Input number"),

OBFUSCATE("RichTextView_This is text view, not fully HTML."
"<b>Bold</b> <i>italic</i> <u>underline</u>"
"<br />New line <font color='red'>Support colors</font>"
"<br/><big>bigger Text</big>"),
OBFUSCATE("RichWebView_<html><head><style>body{color: white;}</style></head><body>"
"This is WebView, with REAL HTML support!"
"<div style=\"background-color: darkblue; text-align: center;\">Support CSS</div>"
"<marquee style=\"color: green; font-weight:bold;\" direction=\"left\" scrollamount=\"5\" behavior=\"scroll\">This is <u>scrollable</u> text</marquee>"
"</body></html>")
};

//Now you dont have to manually update the number everytime;
int Total_Feature = (sizeof features / sizeof features[0]);
ret = (jobjectArray)
env->NewObjectArray(Total_Feature, env->FindClass(OBFUSCATE("java/lang/String")),
env->NewStringUTF(""));

for (int i = 0; i < Total_Feature; i++)
env->SetObjectArrayElement(ret, i, env->NewStringUTF(features));

pthread_t ptid;
pthread_create(&ptid, NULL, antiLeech, NULL);

return (ret);
}

JNIEXPORT void JNICALL
Java_uk_lgl_modmenu_Preferences_Changes(JNIEnv *env, jclass clazz, jobject obj,
jint featNum, jstring featName, jint value,
jboolean boolean, jstring str) {

LOGD(OBFUSCATE("Feature name: %d - %s | Value: = %d | Bool: = %d | Text: = %s"), featNum,
env->GetStringUTFChars(featName, 0), value,
boolean, str != NULL ? env->GetStringUTFChars(str, 0) : "");

//BE CAREFUL NOT TO ACCIDENTLY REMOVE break;

switch (featNum) {
case 0:
coins = !coins;
break;
case 1:
keys = !keys;
break;
}
}
}