I've been playing around with android in the past few days, and worked out a way to be able to make mods on my device without using a computer. For iOS moddders it's not something new, but on android it can be a little more tricky and complex, but not impossible, so I'm sharing it with you guys. This tutorial is not for beginners, be familiar with Linux system, you need to have basic modding skills, understanding how memory hacking, debuggers (LLDB in my case) and ARM64 work. First I had to create a modding environment on my device, the following tools were essential: - Rooted device - Kali NetHunter installed with CHROOT (this is essential I will go into details later, modded kernel not necessary) - GameGuardian - LLDB (installed in kali system) - MT FIle Manager - Arm to Hex Converter - apktool (optional, in case you don't have MT, install it via kali system) - Hex Editor (optional in case you don't have MT) - Something to sign the APK with (optional, MT does that too) Kali NetHunter: Kali is well known in hacking community. Pentesters favourite platform. Nethunter is Kali's mobile version for several network analysis and hacking, but in my case the most important part is, it creates a fully working Linux Subsystem on the device with terminal. Most CLI tools I would use on a Linux system work on android this way. The Linux Subsystem is running on the top of the Android system, it has full access to android filesystem and processes. Don't need a modified kernel, CHROOT all that's needed for the Linux Subsystem. GameGuardian: Lets call it GG from now on, it is the best existing memory hack tool for android. Need no further explanation. (Shout out to @NoFearGG, helped me big time figuring out some GG features) LLDB: My favourite debugger. I've tried to run it from Termux, it wouldn't attach to process, but Kali's LLDB worked just fine. Install it via apt from Kali terminal. MT File Manager: The most powerful tool for android modders. It contains Hex editor, Dex Editor (yes browse and rewrite small code without decompiling the apk, it works like a charm), Sign APK, and much more. Some features require VIP subscription, however there is v2.5 cracked on XDA developers (Current version is 2.9). I strongly recommend using this, but there are ways around it. The rest is quite obvious, no need further explanation. So modding environment is ready, lets hack. I downloaded a simple game (Tiny Towers) for demonstration. I start the game, run GG. Open Nethunter terminal in Kali mode. Run LLDB. attach the game (GG displays the game's PID). After I attached LLDB to the process I had to pass some signals to the process without lldb stopping every time. This is very important as it causes the game crash most of the times as there are way too many signal stops (e.g. SIGPWR) . I could achieve this by using the "process handle" command. See what SIGXXX you're getting and pass them all to the process, (lldb) pro hand -p true -s false SIGPWR NAME PASS STOP NOTIFY ========== ===== ===== ====== SIGPWR true false true When done I just continued the process. With GG I found the value I wanted to hack. I set a watchpoint on that memory address and when the value changed I got a hit. This is basic debugging, you know what to do here, not going into more details. Now this part is very important and again I have NoFear to thank for this. When i had a watchpoint hit, i got a memory address, but i needed to figure out the actual offset in lib.so. To do this I copy the watch hit address to GG. Hit goto in options (top right corner), paste the address then save it. Hit goto option again and hit the "XA" button under the address line. Here either find the relevant lib.so or in my case it didn't display it, so had to find that memory range where my watchpoint hit was. Save it, go to saved tab, select both address, and from options select "Calculate Offset, XOR" then select offset. the result will be the actual offset in lib.so. If its not clear I'm sure if you ask NoFear nicely, he will post a video. I loaded the lib.so in MT's HEX editor, made my hex patches and tested the apk. Worked fine. I opened classes.dex in the apk with MT's hex editor (MT automatically decompiles and recompiles the dex on the go), added my toast message, saved it, MT recompiled dex and signed the apk automatically so I was good to go. Thats pretty much it, if you have modding experience this won't be too hard, for newbies it will take some studying. Here is the mod I made, nothing fancy, just a simple game: Credits: @Sterling0x1 @NoFearGG
from iOSGods RSS Feed https://ift.tt/2AC4JUM
Subscribe to:
Post Comments (Atom)
-
Yubo Yoti bypass Requirements: Yubo app Jailbroken iPhone Apps Manager Brain Steps: Open Apps Manager Locate Yubo in Apps Manager and open i...
-
Modded/Hacked App: Simply Guitar by JoyTunes by JoyTunes Bundle ID: com.joytunes.SimplyGuitar iTunes Store Link: https://ift.tt/2ANDd7d Mod ...
-
I don't know how this happened, i was trying to install Kinemaster modded version on my iPhone 7 running iOS 14.0.1, maybe it's beca...
-
Hey everyone I am running Ipad 6th generation running ios 14.0 32 gb capacity with 19.1 gb left I used sideloadly yesterday to install an ap...
-
Hello! I am using this for practice using a dummy Snapchat account I've made and created a My Eyes Only tab. Now, if you don't know ...
-
Hello, does anyone know why I cannot use my Apple password or password from apple servers? Sideloadly version 0.16.1 Checking iOS version......
-
As the title says upon installing Last Day on Earth with sideloadly i get this error ERROR: Guru Meditation 6020bc@89:f11511 Call to np_clie...
-
Hello friends, So I have a problem with Sideloadly, I installed it on my (32x bit Windows 7) laptop (SONY) and tried opening it, but when I ...
-
Hello, I am currently running with an iPhone XR on IOS 12.2. I am trying to install ipa files through cydia impactor but keep receiving this...
-
Netflix is now offering users a chance to win a free subscription for 83 years. The company calls it the “immortal” Netflix account. T...
No comments:
Post a Comment