Help! Non-Jailbroken cheat crashing

J

jkof

Platinian
Original poster
Mar 28, 2020
36
5
8
24
France
Hello,
i've made some searching around google to make a non jailbroken ipa cheat and manage to make one, and it works but only with offset pathing but when hooking the player class to get its health, it's crashing... (working on jailbroken phone)

i saw on youtube and on modding website some non-jailbreak cheats with esp/aimbot (and so with hooking to get entityList and all stuff)

so if you guys have a guide or a tuto, im happy :pepe023:

Thanks
 
J

jkof

Platinian
Original poster
Mar 28, 2020
36
5
8
24
France
Its basic hooking

C++: 
void (*old_hitbox)(void* player, void* vec);
void new_hitbox(void* player, void* vec){

if([switches isSwitchOn:@"Head Hit"]) {
(*(Vector3 *)((uint64_t)vec + 0x24)).x += 9999.0f;
}
    
    old_hitbox(player, config);
}

setup() {
    HOOK(0x1234567, new_hitbox, old_hitbox);
}
 
·҉ dollaz·҉. .

·҉ dollaz·҉. .

Approved iModder
Approved iModder
Mar 26, 2021
159
1,825
193
Somewhere
Im pretty sure the reason it crashes for no jailbreak, and works for jailbreak because the HOOK macro uses kittymemory, which breaks codesign. I think you can still hook an address using substrate. Ill send it if I can find it


edit:

github.com

BlackopsHacks/Source/Tweak.mm at main · shmoo419/BlackopsHacks

some hacks for COD: BOZ v1.3.5 on iOS via threading and abusing static classes - shmoo419/BlackopsHacks
github.com github.com
 
Last edited:
  • Like
Reactions: Ali omari and jkof
J

jkof

Platinian
Original poster
Mar 28, 2020
36
5
8
24
France
·҉ dollaz·҉. . said:
Im pretty sure the reason it crashes for no jailbreak, and works for jailbreak because the HOOK macro uses kittymemory, which breaks codesign. I think you can still hook an address using substrate. Ill send it if I can find it


edit:

github.com

BlackopsHacks/Source/Tweak.mm at main · shmoo419/BlackopsHacks

some hacks for COD: BOZ v1.3.5 on iOS via threading and abusing static classes - shmoo419/BlackopsHacks
github.com github.com
Click to expand...

So, basically i need to replace the HOOK part with this :
C++: 
pthread_t scoreThread;
pthread_create(&scoreThread, NULL, modifyScore, NULL);
 
Yaskashije

Yaskashije

PMT Elite Modder
Staff member
Modding-Team
Sep 9, 2018
4,380
852,118
1,213
Minkowski Space
·҉ dollaz·҉. . said:
Im pretty sure the reason it crashes for no jailbreak, and works for jailbreak because the HOOK macro uses kittymemory, which breaks codesign. I think you can still hook an address using substrate. Ill send it if I can find it


edit:

github.com

BlackopsHacks/Source/Tweak.mm at main · shmoo419/BlackopsHacks

some hacks for COD: BOZ v1.3.5 on iOS via threading and abusing static classes - shmoo419/BlackopsHacks
github.com github.com
Click to expand...
jkof said:
So, basically i need to replace the HOOK part with this :
C++: 
pthread_t scoreThread;
pthread_create(&scoreThread, NULL, modifyScore, NULL);
Click to expand...


That source works because the classes are static, so their address is known in compile time. You don't need to use a hook to fetch the instance ptr.
In general, that won't be enough because class will be assigned on runtime, and the ASLR will make it so that the instance ptr is different on every run.
 
  • Like
Reactions: jkof
You must log in or register to reply here.
Top Bottom