LUA games (and you recognize them because there's an "assets" folder full of .lua files have usually encrypted .lua files so you cannot look inside them, but in some cases, they're not encrypted. If this is the case, a simple Notepad++ file will suffice, while if they're encrypted, you can try hacking the file which uses these .lua files which is located into the lib folder. You can recognize it because it's usually the biggest file in there. If this is the case, you'll need to have some basic or advanced knowledge with the usage of IDA Pro. Basic in the case they didn't encrypt the .so file so it should be relatively easier to find the values you're looking for by simple search, and Advanced in case they encrypted it.
About your third though, IAP (In-App Purchases) can be hacked in several ways. The problem is that it's not always (well, almost never) possible to hack them, because it's the main source of income for developers and they try their best to make sure they can't be cracked in any way.
A simple way of hacking In-App Purchases is modifying the google play store IAP mechanism stored into the smali files (obtained after backsmaling/decompiling the apk, using your favourite apktool).
Another way of hacking In-App Purchases is using Net Reflector (if the game is built with Unity) and looking for In-App Purchases-related values, usually some VOID functions you'll need to modify in order to make a purchase successful even if it wasn't.
If the game isn't built with Unity you should try with IDA, or even Notepad++ (for text-based games for example, modifying some javascript files), or even
Lucky Patcher . The counter-side of using LP is that users are forced to have it installed on their devices and, most games detect it. Also, it's been recently reported that users with Android 6.0 and higher devices cannot use
Lucky Patcher properly, resulting in a non-working mod.
Hope it helps.