[IDA tutorial] How to mod x86 lib .so file

Posted by AndnixSH
Hello dear community,

Today, i will teach you how to mod x86 libs. x86 is not that hard to understand because the instruction are almost the same as ARM. In this tutorial, i mod the game called The Sandbox 2.

You don't really need to mod x86 at all since I never heard any problem with ARM translating to x86, and it's too hard to change instruction without code caving. Just wanna make tutorial lol

Now let's start modding.

In this tutorial, I'll show you how to mod The Sandbox Evolution very easy in x86.

First of all, you need IDA PRO and Hex Workshop installed on your computer. If you already have them installed, go to next step

Open the APK file with WinRar and extract the lib folder (In case you want to mod both x86 and ARM)
Open the x86 .so file in IDA. You will see the dialog box similar to the following:

[​IMG]

In x86, you don't need to change anything. MetaPC is fine. Click OK to disassemble the lib file, and let it fully load. After that, press CTRL + F,  search "isElementUnlocked" and double click on the function to open it


Remember the offset (9869E0) of first instruction. we need to use it later.
Note: The offset will change each update.

 [​IMG]


Open Hex Workshop or other hex editing program, and search the offset. I'm using Hex Workshop

[​IMG]

[​IMG] 

Here is the offset of isElementUnlocked

[​IMG]

The function isElementUnlocked is a boolean function, which means it can return true or false. If you want  unlock everything, replace it with b8 01 00 00 00 c3which will return true.

True is:
b8 01 00 00 00 (mov eax, 1)

 false is:
b8 00 00 00 00 (mov eax, 0)

And return is:
c3 (retn)

 [​IMG]

When you open the modded .so file in IDA, your modded instruction will look like:

[​IMG]

Isn't that easy?

If you want to hack mana like 9999999, search getManaBalance and giveMana, and replace it with any values you want
b8 7f 96 98 00 (mov eax, 9999999)
c3 (ret)

Open the APK with WinRAR and replace the modded .so file. Re-sign the APK, install it and run the game.


Credits:
AndnixSH#

Tutorial updated (May 2018)

Comments

Post a Comment

Popular Posts

[Discontinued] VMOS Pro Global/CN Free Custom ROMs | Android 4.4.4, 5.1.1, 7.1.2 | ROOT | Gapps | Xposed | (NO VIP NEEDED)

Posted by AndnixSH
Image
Discontinued. No more updates Due to anti-piracy system VMOS made to prevents root from working correctly with custom ROMs, this project has been discontinued. I wasted a day trying to fix root, but i have no luck. Root is just broken or seems to be disabled. I recommended you to use modded APK of VMOS Pro instead, It is much easier to use. Don't trust anti-virus if mod detected as virus VMOS Pro was protected so i wasn't able to modify APK. Instead, I made a custom ROM as a zip file for VMOS Pro that includes Superuser and Xposed.   If you wonder why VMOS team released pro version, they got suspended from making money from ads so they can only make money from VIP service. If you support them, consider to pay VIP per month to keep them up and you can use their official ROM with switchable root option YOU CANNOT INSTALL ANY OTHER ROMS SUCH AS SAMSUNG, HUAWEI, ETC THAT ARE NOT MADE FOR VMOS. VMOS ROM INSTALLATION IS FOR VMOS ROM ONLY. PLEASE DO NOT BE DUMB, THANKS! Downl
Read more »

How to check Il2Cpp Metadata version

Posted by AndnixSH
Image
Need to check metadata version? it's very easy. Open global-metadata.dat with any hex editor programs or if you are using Hex Workshop, right click on global-metadata.dat and click Hex Edit with hex Workshop vX.X Look at caret 0x4, this one says 18 which means 24 in decimal, so we know the metadata version is 24 Use the online tool to convert hex to decimal: http://www.binaryhexconverter.com/hex-to-decimal-converter That's all
Read more »