📖 Tutorial How to Create MOD MENU for | il2cpp.so | and other native android games

Sbenny.com is trusted by 1,393,070 happy users since 2014.
Register

Havanitos

The quieter u become , the more u are able to hear
VIP
Member for 7 years
----------Greetings Everyone----------


PS. If you need help how to connect MemoryPatch with MOD Menu , and game functions let me know 🙂


I'd like to share with you a new MOD Menu, which is extremely good ,
because it is for android games that are not just Unity, you can now MOD Menu
il2cpp and other native android games

You can now MOD Menu this Games!


38072


This is how it Looks Live




For this Tutorial you will need this Tools!

- Android Studio 3* = Download Link!

- APKTool (SBennyAPKT is Good) = Download Link!
- Notepad++ = Download Link!
* Floating ModMenu Repository = Download MOD Menu Project! // Original Author Link MrIkso
* knowledge of C ++, Java, Smali

+-Advanced Modders Recommended


Let's Start with Tutorial!


Once you've downloaded all the necessary files, the first thing you need to do is open Android Studio and open the Floating ModMenu Repository Project!
Extract ModMenu Project in the folder with out Space , just clear name ex. C:Users\xxxxxx\Desktop\Modding\FloatingModMenu-master
( "I'm saying this because I already had a problem compiling the game, and that was the FIX" )
Open the Project in Android Studio


38074

38075


After Loading your Project you will need to Locate to the FloatingModMenuService.java - in this method you will add Options for your MOD Menu.
You can Locate that file easy with Shortcut ( CTRL + SHIFT + F ) and then Search for
Code:
private void modMenu() {


Now you can add your MOD Menu "Buttons" Cheat Options , here is some Example!


38076


When you edit your Options for MOD Menu, open this file /FloatingModMenu/app/src/main/jni/src/main.cpp in this file you will need to edit functions that will implement the hook. Used library KittyMemory. ( This library aims for runtime code patching for both Android and iOS ) Next you need to call from the native library and connect them with switches.

38077

This file is where you Connect MOD Menu Switches with in-game Functions!

After you have added all the necessary options you can build this Project and Make APK!

38079

38080

Be sure that your Build is Successfully Completed with-out Errors!

Next step is to inject "Build ModMenu Stuff" into your Game folder!


Locate the file loction of build-ed MOD Menu APK.
38081


Now you will need to Decompile the application with SBennyAPKTool, or any other tool.
and then you will need to Copy some stuff into your Game Folder!
it also requires you to Decompile your game, after you decompile MODMenu APK!

When you are Ready to Transfer Files from Created MOD Menu Apk, Copy this Files into your Game Folder
Copy Assets folder into your game Assets folder (This is MOD Menu Images)
And You need to copy libKittyMemory.so into Correct Game Structure....(blabla)

but be careful move
libKittyMemory.so Manually because it depends what structure your Game Use, and which one you are Hacking!


libKittyMemory.so is located in this Folders, copy only folder that your Game use.


Next, we need to add permission to display the application on top of others and the Mod-Menu service.

Open AndroidManifest.xml from the game folder
and Add this Code in the first line of Permissions!

Code:
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
Then Copy this Code also in the AndroidManifest.xml after <application>
Code:
<service android:enabled="true" android:exported="false" android:name="com.mrikso.modmenu.FloatingModMenuService"/>
Here is Image for easy Understanding.


Next step is maybe the most difficult because you need to find main activity of your game, and you need to inject your MOD Menu.
You need to register the MOD Menu call and the libKittyMemory library load.
We are looking for the main activity of our game. Usually it is written in <application> (Here is Example of "My Game")




Code:
<application android:allowBackup="true" android:icon="@mipmap/app_icon" android:label="@string/app_name" android:name="android.support.multidex.MultiDexApplication" android:supportsRtl="true" android:theme="@style/UnityThemeSelector">
    <service android:enabled="true" android:exported="false" android:name="com.mrikso.modmenu.FloatingModMenuService"/>
        <activity android:configChanges="density|fontScale|keyboard|keyboardHidden|layoutDirection|locale|mcc|mnc|navigation|orientation|screenLayout|screenSize|smallestScreenSize|touchscreen|uiMode" android:hardwareAccelerated="false" android:label="@string/app_name" android:launchMode="singleTask" android:name="com.unity3d.player.UnityPlayerActivity" android:screenOrientation="portrait">
            <intent-filter>
                <action android:name="android.intent.action.MAIN"/>
                <category android:name="android.intent.category.LAUNCHER"/>
            </intent-filter>
            <meta-data android:name="unityplayer.UnityActivity" android:value="true"/>
        </activity>
As we can see my start activity by game is com.unity3d.player.UnityPlayerActivity

In my case my Main Game Activity is located here.


When you know in what smali folder is your Main Activity you can copy Smali Folder from Decompiled MOD Menu Apk to Game Smali/Com/ Folder





Locate Game Main Activity (in my case UnityPlayerActivity ) and open it with Notepad++ , and copy class (This Code) to the main class of our game in the # virtual methods , you can paste it After Last Methode!

Code:
.method public Start()V
    .locals 3

    .line 23
    const-string v0, "KittyMemory"

    invoke-static {v0}, Ljava/lang/System;->loadLibrary(Ljava/lang/String;)V

    .line 24
    sget v0, Landroid/os/Build$VERSION;->SDK_INT:I

    const/16 v1, 0x17

    if-lt v0, v1, :cond_0

    invoke-static {p0}, Landroid/provider/Settings;->canDrawOverlays(Landroid/content/Context;)Z

    move-result v0

    if-nez v0, :cond_0

    .line 25
    new-instance v0, Landroid/content/Intent;

    new-instance v1, Ljava/lang/StringBuilder;

    invoke-direct {v1}, Ljava/lang/StringBuilder;-><init>()V

    const-string v2, "package:"

    invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {p0}, Landroid/app/Activity;->getPackageName()Ljava/lang/String;

    move-result-object v2

    invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {v1}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v1

    invoke-static {v1}, Landroid/net/Uri;->parse(Ljava/lang/String;)Landroid/net/Uri;

    move-result-object v1

    const-string v2, "android.settings.action.MANAGE_OVERLAY_PERMISSION"

    invoke-direct {v0, v2, v1}, Landroid/content/Intent;-><init>(Ljava/lang/String;Landroid/net/Uri;)V

    .line 26
    .local v0, "intent":Landroid/content/Intent;
    const/16 v1, 0x7d2

    invoke-virtual {p0, v0, v1}, Landroid/app/Activity;->startActivityForResult(Landroid/content/Intent;I)V

    .line 27
    .end local v0    # "intent":Landroid/content/Intent;
    goto :goto_0

    .line 28
    :cond_0
    new-instance v0, Landroid/content/Intent;

    const-class v1, Lcom/mrikso/modmenu/FloatingModMenuService;

    invoke-direct {v0, p0, v1}, Landroid/content/Intent;-><init>(Landroid/content/Context;Ljava/lang/Class;)V

    invoke-virtual {p0, v0}, Landroid/app/Activity;->startService(Landroid/content/Intent;)Landroid/content/ComponentName;

    .line 30
    :goto_0
    return-void
.end method

.method public onActivityResult(IILandroid/content/Intent;)V
    .locals 2
    .param p1, "requestCode"    # I
    .param p2, "resultCode"    # I
    .param p3, "data"    # Landroid/content/Intent;

    .line 34
    const/16 v0, 0x7d2

    if-ne p1, v0, :cond_1

    .line 35
    const/4 v0, -0x1

    if-ne p2, v0, :cond_0

    .line 36
    new-instance v0, Landroid/content/Intent;

    const-class v1, Lcom/mrikso/modmenu/FloatingModMenuService;

    invoke-direct {v0, p0, v1}, Landroid/content/Intent;-><init>(Landroid/content/Context;Ljava/lang/Class;)V

    invoke-virtual {p0, v0}, Landroid/app/Activity;->startService(Landroid/content/Intent;)Landroid/content/ComponentName;

    goto :goto_0

    .line 38
    :cond_0
    const/4 v0, 0x0

    const-string v1, "Draw over other app permission not available. Closing the application"

    invoke-static {p0, v1, v0}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;

    move-result-object v0

    invoke-virtual {v0}, Landroid/widget/Toast;->show()V

    .line 39
    invoke-virtual {p0}, Landroid/app/Activity;->finish()V

    goto :goto_0

    .line 42
    :cond_1
    invoke-super {p0, p1, p2, p3}, Landroid/app/Activity;->onActivityResult(IILandroid/content/Intent;)V

    .line 44
    :goto_0
    return-void
.end method


And the most Important thing is also in the same File, Main Activity smali to add this Code in onCreate Method

Code:
invoke-virtual {p0}, Lcom/unity3d/player/UnityPlayerActivity;->Start()V


Info on Renameing Activity Start Function!
Example : Let's say that your Main Activity Smali is Named HavanitosPlayerTutorial -> Lcom/ohyes/idamodding/activity/HavanitosPlayerTutorial.smali
When you add ( Start Load Function , in defined Activity you need to use that Activity Name )
This is Wrong:

Code:
invoke-virtual {p0}, Lcom/mrikso/modmenu/MainActivity;->Start()V
This is Correct:
Code:
invoke-virtual {p0}, Lcom/ohyes/idamodding/activity/HavanitosPlayerTutorial;->Start()V
This was related in onCreate Method



Thanks for Reading Tutorial , if you need any Help Feel Free to ask any Advanced Modder ! 😉

I hope you Understand my English and my Tutorial Enjoy
 

Attachments

Last edited:

Sbenny

A crazy scientist
Staff Member
Admin
SB Mod Squad ⭐
Active User
This is a very informative thread, thank you so much for your contribution Havanitos! It's very easy to understand and your english is perfect, excellent job!

#ThreadSticked
 

romeo523

Lurker Lv0️⃣
Member for 6 years
Can you teach me how to add function for second and third in menu.
Ex: menu have god mode, one hit , ...
I can mod god mode but one hit it's not effected
 

SuperEvilMafiaBoss

Sbennytopia's Underworld Boss
Member for 5 years
Nice and informative tutorial but when I press build nothing happens...Android Studio latest version...Also how do I make switches/buttons? should I keep the default code or change it?
 

Havanitos

The quieter u become , the more u are able to hear
VIP
Member for 7 years
Nice and informative tutorial but when I press build nothing happens...Android Studio latest version...Also how do I make switches/buttons? should I keep the default code or change it?
Here is your info :)

I clicked Build Project but nothing happen.
Use the name for Project Folder without Space ex. modmenuproject

Can you teach me how to add function for second and third in menu.
Ex: menu have god mode, one hit , ...
I can mod god mode but one hit it's not effected
Create a new Thread in Main.cpp and close the first thread with [ }; ] . If you copy, paste a Thread close Last Thread with only [ } ]
Code:
void * my_UnlimitedDiamonds_thread(void *) {
    LOGD("I have been loaded...");

    // BLA BLA The rest of the Code...

    return NULL;

};   <------------------ This is First Thread ]

void * my_UnlimitedCoins(void *) {
    LOGD("I have been loaded...");

    // BLA BLA The rest of the Code...

    return NULL;

}   <------------------ This is Last Thread ]
Do not forget to add [ private native String ] and to change [ Switch String ] ( .Java file in Project )
This meens same for Main.cpp file Add new MemoryPatch, and change the MP names in Threads

Code:
    private native void antiupdate_on();

    private native void antiupdate_off();
 
    ........
 

addSwitch("AntiUpdate Hack", new SW() {
            public void OnWrite(boolean isChecked) {
                if (isChecked) {
                    antiupdate_on();   // <--------- ( Switch String)
                    //Toast.makeText(getBaseContext(), toastFromJNI(), Toast.LENGTH_LONG).show();
                    Toast.makeText(getBaseContext(), "AntiUpdate Hack - On", Toast.LENGTH_SHORT).show();
                } else {
                    antiupdate_off();
                    Toast.makeText(getBaseContext(), "AntiUpdate Hack - Off", Toast.LENGTH_SHORT).show();
                }


----------------------------------------------------------------------------------------------------------------


struct My_Patches {
    MemoryPatch havanitosAntiCheat;  // <---- Patch name
    MemoryPatch havanitosAntiUpdate;
    MemoryPatch havanitosDiamonds;
    MemoryPatch havanitosCoins;
} my_cool_Patches;

void * my_AntiCheat_thread(void *) {
    LOGD("I have been loaded...");

    ProcMap il2cppMap;
    do {
        il2cppMap = KittyMemory::getLibraryMap("libil2cpp.so");
        sleep(1);
    } while (!il2cppMap.isValid());

    my_cool_Patches.havanitosAntiCheat = MemoryPatch("libil2cpp.so", 0xC3E854,    <-------Be carfule to rename Patch name for another Thread)
                                                  "\bla\bla\bla\bla", 4);
                                               
                        [ Same for the Rest... ]

    return NULL;

};
Also don't forget to call functions on press button! at the end of Main.cpp add call functions for your Cheats

Code:
JNIEXPORT void JNICALL
Java_com_mrikso_modmenu_FloatingModMenuService_antiupdate_1on(JNIEnv *env, jobject instance) {    //   <-------- ( antiupdate_1on , test_1on,,, like_this_explanationmsg_:P_1on

    pthread_t ptid;
    pthread_create(&ptid, NULL, my_AntiUpdate_thread, NULL);

}
extern "C"
JNIEXPORT void JNICALL
Java_com_mrikso_modmenu_FloatingModMenuService_antiupdate_1off(JNIEnv *env, jobject instance) {   //   <-------- ( antiupdate_1off , test_1off,,, like_this_explanationmsg_:P_1off

    // TODO
    // restore & print bytes
    if (my_cool_Patches.havanitosAntiUpdate.Restore()) {     //   <-------- ( Here is what Patch goes Off )
        LOGD("canShowInMinimap has been restored successfully");
        LOGD("Current Bytes: %s", my_cool_Patches.havanitosAntiUpdate.ToHexString().c_str());
        LOGD("===========================");
    }

}
 
Last edited:

SuperEvilMafiaBoss

Sbennytopia's Underworld Boss
Member for 5 years
Sorry for not noticing the answer to my first question in the tutorial above...Thanks for your valuable info buddy.
 
Last edited:

Havanitos

The quieter u become , the more u are able to hear
VIP
Member for 7 years
Sorry for not noticing the answer to my first question in the tutorial above...Thanks for your valuable info buddy.
No problem, i'm always here to help as much as i can, i'm a man who loves to share knowledge, if you need any other help feel free to contact me via pm, if you cant use pm post a message on my profile, and i will contact you :)
 

DipiWebi

Lurker Lv0️⃣
Member for 4 years
Hello I am still new to this type of programming. After seeing this explanation, it made me create an interest in the subject. So if I'm going to create a MOD Menu for an fps game, how do I program for the soldier's aim to always stick in the enemy's head?
 

forumseo

Apprentice Lv2️⃣
Member for 6 years
I see androeed.ru load .so lib, then there is a toast show in the game without toast;->show found in smali.
 

mrcas

Addicted Lv3️⃣
Member for 5 years
Is there anyway to call a function in .so file from menu mod? Not just for patching, but i need to make a custom code from menu and i know exactly what function which game is using in .so file.
 

Havanitos

The quieter u become , the more u are able to hear
VIP
Member for 7 years
Hello I am still new to this type of programming. After seeing this explanation, it made me create an interest in the subject. So if I'm going to create a mod menu for an fps game, how do I program for the soldier's aim to always stick in the enemy's head?
this is a very difficult question for a beginner in programming, you need at least 2 years of experience , i can't help you in this quest :(

Is there anyway to call a function in .so file from menu mod? Not just for patching, but i need to make a custom code from menu and i know exactly what function which game is using in .so file.
I am not sure atm, i have never done such a thing, but i know for custom .so injecting , so probably u can inject your .so file in game and then you code is rest..
Sorry , i am not that advanced :(
 
Top