[IDA tutorial] How to mod x86 lib .so file

Posted by AndnixSH
Hello dear community,

Today, i will teach you how to mod x86 libs. x86 is not that hard to understand because the instruction are almost the same as ARM. In this tutorial, i mod the game called The Sandbox 2.

You don't really need to mod x86 at all since I never heard any problem with ARM translating to x86, and it's too hard to change instruction without code caving. Just wanna make tutorial lol

Now let's start modding.

In this tutorial, I'll show you how to mod The Sandbox Evolution very easy in x86.

First of all, you need IDA PRO and Hex Workshop installed on your computer. If you already have them installed, go to next step

Open the APK file with WinRar and extract the lib folder (In case you want to mod both x86 and ARM)
Open the x86 .so file in IDA. You will see the dialog box similar to the following:

[​IMG]

In x86, you don't need to change anything. MetaPC is fine. Click OK to disassemble the lib file, and let it fully load. After that, press CTRL + F,  search "isElementUnlocked" and double click on the function to open it


Remember the offset (9869E0) of first instruction. we need to use it later.
Note: The offset will change each update.

 [​IMG]


Open Hex Workshop or other hex editing program, and search the offset. I'm using Hex Workshop

[​IMG]

[​IMG] 

Here is the offset of isElementUnlocked

[​IMG]

The function isElementUnlocked is a boolean function, which means it can return true or false. If you want  unlock everything, replace it with b8 01 00 00 00 c3which will return true.

True is:
b8 01 00 00 00 (mov eax, 1)

 false is:
b8 00 00 00 00 (mov eax, 0)

And return is:
c3 (retn)

 [​IMG]

When you open the modded .so file in IDA, your modded instruction will look like:

[​IMG]

Isn't that easy?

If you want to hack mana like 9999999, search getManaBalance and giveMana, and replace it with any values you want
b8 7f 96 98 00 (mov eax, 9999999)
c3 (ret)

Open the APK with WinRAR and replace the modded .so file. Re-sign the APK, install it and run the game.


Credits:
AndnixSH#

Tutorial updated (May 2018)

Comments

Post a Comment

Popular Posts

VMOS Pro Global CN FREE Custom ROMs | Gapps, ROOT, Xposed | Android 4.4.4, 5.1.1, 7.1.2, 9.0 ROMs | NO VIP

Posted by AndnixSH
Image
VMOS Pro was protected so I wasn’t able to modify/crack APK. Instead, I made a custom ROM as a zip file for VMOS Pro that includes permanent root and Xposed, all done on my Android phone because zipping on Windows or Linux caused corruption on the ROM file. You don’t need to use modded APK at all YOU CANNOT INSTALL ANY OTHER ROMS SUCH AS SAMSUNG, HUAWEI, ETC THAT ARE NOT MADE FOR VMOS. VMOS ROM IMPORTING IS FOR VMOS ROM ONLY. PLEASE DO NOT BE DUMB! FOR EMULATOR USERS: DO NOT TRY TO RUN VMOS IN EMULATORS, ALL VM APPS ARE NEVER SUPPORTED AND WILL SUBJECT TO CRASH. THIS IS ABSOLUTELY DUMB WAY TO DO IT. INSTEAD, INSTALL OTHER EMULATORS LISTED HERE: https://www.andnixsh.com/2018/10/free-android-emulator-collections.html Tested on VMOS Pro 2.9.7 on Android 11 Download VMOS Pro app English and Chinese version has been combined into one APK, so you will get same version if you downloaded from EN or CN website Global (EN) website: https://www.vmos.com/ Chinese website: http://www.vmos.c
Read more

[TOOL] Unity Assets Bundle Extractor

Posted by AndnixSH
Image
Unity .assets and AssetBundle editor UABE is an editor for Unity 3.4+/4/5/2017/2018 .assets and AssetBundle files. It can create standalone mod installers from changes to .assets and/or bundles. Type information extracted from Unity is used in order to generate text representations of various asset types. Custom MonoBehaviour types also are supported. There are multiple plugins to convert Unity assets from/to common file formats : The Texture plugin can export and import .png and .tga files and decode&encode most texture formats used by Unity. The TextAsset plugin can export and import .txt files. The AudioClip plugin can export uncompressed .wav files from U5's AudioClip assets using FMOD, .m4a files from WebGL builds and Unity 4 sound files. The Mesh plugin can export .obj and .dae (Collada) files, also supporting rigged SkinnedMeshRenderers. The MovieTexture plugin can export and import .ogv (Ogg Theora) files.
Read more