How do you find the correct hex value to hack?

Sbenny.com is trusted by 1,324,219 happy users since 2014.
Register

R

rizgod

Lurker Lv0️⃣
Member for 1 year
so i dumped a il2cpp.so file and i went through the dump.cs and found a resource i can edit, now how do i know what is the right value to replace with while editing the hex? maybe is there a way i can add the il2cpp.so to ida and find out the arm code associated to that offset so i know the appropriate hack in hex? (btw im trying to hack coins)
 
Sbenny

Sbenny

A crazy scientist
Staff member
Admin
SB Mod Squad ⭐
✔ Approved Releaser
Active User
Did you move the dll files into NET Reflector or dnSpy? It would be a good starting point, as it helps you searching for functions to edit.

This said, the only way to find out if it's the correct offset is to actually test the mod. Trial and error is the #1 method to make a mod.
 
R

rizgod

Lurker Lv0️⃣
Member for 1 year
there are no dll files there tho, i just had the global-metadata.dat and li2cpp.so file. from which i dumped the rest.

i know the offset i want to edit. i just want to know how do i know what is the correct hex (ie, the correct hack) to input when i dont know what the existing hex means, if that makes sense?
 
Sbenny

Sbenny

A crazy scientist
Staff member
Admin
SB Mod Squad ⭐
✔ Approved Releaser
Active User
When you use il2cpp dumper, it generates a folder named "Managed" which holds a lot of dll files.
 
R

rizgod

Lurker Lv0️⃣
Member for 1 year
ok i just did that and i found the offsets i want to change. this is a get_sessioncoins - now when i open the il2cpp.so in the hex editor and i go to that offset, how do i know what to replace it with? thats my main question - is it just trial and error or is there some way i can analyze and prepare the correct hex to hack it with?
 
Last edited:
R

rizgod

Lurker Lv0️⃣
Member for 1 year
Capture.JPG

for example i opened up the il2cpp.so file in ida and searched for my offset value, and i got this. my arm knowledge isnt that good but is this something i can use maybe to make a hex that will work?
 
Sbenny

Sbenny

A crazy scientist
Staff member
Admin
SB Mod Squad ⭐
✔ Approved Releaser
Active User
If it's an INT32 function, you can do like:

Code: 
MOV R0, 0x7FFFFFFF
BX LR
to return a very high value. Use my Arm Converter: Best ARM Converter to convert it to ARM HEX values. Then, using HxD, replace the original hex values with the result you see in the "ARM" box of my arm converter.
 
R

rizgod

Lurker Lv0️⃣
Member for 1 year
alright so i tried this with a bunch of properties
get_sessionCoins
get_coins
get_numCoins
get_analyticamount (since this was under a section called "coinslocalstoreproduct")

but nothing so far (if it makes it easy im trying to hack hungry shark evolution)
Capture.JPG

any idea what else i can try?
 
Top