📖 Tutorial How to Create MOD MENU for | il2cpp.so | and other native android games

Sbenny.com is trusted by 1,313,015 happy users since 2014.
Register

mkcs

Apprentice Lv2️⃣
Member for 4 years
@Havanitos Well, I assume that LOGD lines are for trouble shooting to indicate the patch size and address are correct. However, when I removed the all LOGD lines, I remembered that only the first patch is effective, but not both. Did I delete something important for both patch to work? Following is an example of 1 toogle to patch 2 addresses in a thread.

void *my_test_thread(void *) {
// loop until our target library is found
ProcMap il2cppMap;
do {
il2cppMap = KittyMemory::getLibraryMap("libil2cpp.so");
sleep(1);
} while (!il2cppMap.isValid());

my_cool_Patches.canShowInMinimap1 = MemoryPatch("libil2cpp.so", 0x36B82C, "\xDC\x0F\x00\xE3\x1E\xFF\x2F\xE1", 8);
my_cool_Patches.canShowInMinimap2 = MemoryPatch("libil2cpp.so", 0x36B82D, "\xDD\x0F\x00\xE3\x1E\xFF\x2F\xE1", 8);

return NULL;
}
 

DivineElixir

Lurker Lv0️⃣
Member for 4 years
@Havanitos Well, I assume that LOGD lines are for trouble shooting to indicate the patch size and address are correct. However, when I removed the all LOGD lines, I remembered that only the first patch is effective, but not both. Did I delete something important for both patch to work? Following is an example of 1 toogle to patch 2 addresses in a thread.

void *my_test_thread(void *) {
// loop until our target library is found
ProcMap il2cppMap;
do {
il2cppMap = KittyMemory::getLibraryMap("libil2cpp.so");
sleep(1);
} while (!il2cppMap.isValid());

my_cool_Patches.canShowInMinimap1 = MemoryPatch("libil2cpp.so", 0x36B82C, "\xDC\x0F\x00\xE3\x1E\xFF\x2F\xE1", 8);
my_cool_Patches.canShowInMinimap2 = MemoryPatch("libil2cpp.so", 0x36B82D, "\xDD\x0F\x00\xE3\x1E\xFF\x2F\xE1", 8);

return NULL;
}
I really hope someone time & knowledge is kind enough to revamped KittyMemory. The code is a mess and it got further messy after being modified by others. I believe the original author (not MJ/MJx0) had stopped releasing updates upon knowing his codes was leeched without credits. I had re-code part of it & will be happy if someone could continue.
 

mkcs

Apprentice Lv2️⃣
Member for 4 years
Sure, I will reveal soon. I forgot & just need to either start from scratch or search for my mod list which is either deleted or misplaced as my kids now never play this game.

Anyway, I believe most are getting the wrong idea of my bypass concept.

My main intention is to utilize the 'power' of xposed modules & Virtual Hook which can do more 'damage' to most games. You could also bypass by disabling the tampering detection offset & write directly to the library instead. In short, it's a long list where the limit is your creativity.
Post automatically merged:



No promise but first I will need to edit & improve this ModMenu code by mrikso for or probably create an automated script or program for beginners & easy usage.
What is the purpose of loading xposed modules in an apk? what happen if a phone doesn't have any xposed framework or modules installed?
 

DivineElixir

Lurker Lv0️⃣
Member for 4 years
What is the purpose of loading xposed modules in an apk? what happen if a phone doesn't have any xposed framework or modules installed?
An example is disabling SSL Pinning, various spoofing & hooking methods, etc. You could also create your own Xposed module. Please do a little research about Xposed.

You won't need root or Xposed framework installed when repackaging through these methods whereby an apk could load the Xposed modules. One way is as mentioned, XPatch (by WindySha). App Cloner is also using the same method.
 
Last edited:

mkcs

Apprentice Lv2️⃣
Member for 4 years
An example is disabling SSL Pinning, various spoofing & hooking methods, etc. You could also create your own Xposed module. Please do a little research about Xposed.

You won't need root or Xposed framework installed when repackaging through these methods whereby an apk could load the Xposed modules. One way is as mentioned, XPatch (by WindySha). App Cloner is also using the same method.
How can I make the modified apk seems undetectable like what you did? The integrity flag is triggered in the Lucky Patcher .
Screenshot_20200309-061819__01.jpg
 

DivineElixir

Lurker Lv0️⃣
Member for 4 years
@Havanitos Well, I assume that LOGD lines are for trouble shooting to indicate the patch size and address are correct. However, when I removed the all LOGD lines, I remembered that only the first patch is effective, but not both. Did I delete something important for both patch to work? Following is an example of 1 toogle to patch 2 addresses in a thread.

void *my_test_thread(void *) {
// loop until our target library is found
ProcMap il2cppMap;
do {
il2cppMap = KittyMemory::getLibraryMap("libil2cpp.so");
sleep(1);
} while (!il2cppMap.isValid());

my_cool_Patches.canShowInMinimap1 = MemoryPatch("libil2cpp.so", 0x36B82C, "\xDC\x0F\x00\xE3\x1E\xFF\x2F\xE1", 8);
my_cool_Patches.canShowInMinimap2 = MemoryPatch("libil2cpp.so", 0x36B82D, "\xDD\x0F\x00\xE3\x1E\xFF\x2F\xE1", 8);

return NULL;
}
I'm not sure if you had managed this but you accidentally deleted the function. I'm not into this snippet though but hope this helps.

Delete the line #include "KittyMemory/Logger.h" & replace to #include <jni.h>. You could also delete the file 'Logger.h'.

#include <jni.h>

void *my_test_thread(void *) {
ProcMap il2cppMap;
do {
il2cppMap = KittyMemory::getLibraryMap("libil2cpp.so");
sleep(1);
} while (!il2cppMap.isValid());

my_cool_Patches.canShowInMinimap1 = MemoryPatch("libil2cpp.so", 0x36B82C, "\xDC\x0F\x00\xE3\x1E\xFF\x2F\xE1", 8);
my_cool_Patches.canShowInMinimap2 = MemoryPatch("libil2cpp.so", 0x36B82D, "\xDD\x0F\x00\xE3\x1E\xFF\x2F\xE1", 8);

(my_cool_Patches.canShowInMinimap1.modify() && my_cool_Patches.canShowInMinimap2.modify());

return NULL;
}

extern "C"
JNIEXPORT void JNICALL
Java_com_mrikso_modmenu_FloatingModMenuService_MAIN_1on(JNIEnv *env, jobject instance) {

pthread_t ptid;
pthread_create(&ptid, NULL, my_test_thread, NULL);

}

extern "C"
JNIEXPORT void JNICALL
Java_com_mrikso_modmenu_FloatingModMenuService_MAIN_1off(JNIEnv *env, jobject instance) {

(my_cool_Patches.canShowInMinimap1.Restore() && my_cool_Patches.canShowInMinimap2.Restore());

}
 

mkcs

Apprentice Lv2️⃣
Member for 4 years
I'm not sure if you had managed this but you accidentally deleted the function. I'm not into this snippet though but hope this helps.

Delete the line #include "KittyMemory/Logger.h" & replace to #include <jni.h>. You could also delete the file 'Logger.h'.

#include <jni.h>

void *my_test_thread(void *) {
ProcMap il2cppMap;
do {
il2cppMap = KittyMemory::getLibraryMap("libil2cpp.so");
sleep(1);
} while (!il2cppMap.isValid());

my_cool_Patches.canShowInMinimap1 = MemoryPatch("libil2cpp.so", 0x36B82C, "\xDC\x0F\x00\xE3\x1E\xFF\x2F\xE1", 8);
my_cool_Patches.canShowInMinimap2 = MemoryPatch("libil2cpp.so", 0x36B82D, "\xDD\x0F\x00\xE3\x1E\xFF\x2F\xE1", 8);

(my_cool_Patches.canShowInMinimap1.modify() && my_cool_Patches.canShowInMinimap2.modify());

return NULL;
}

extern "C"
JNIEXPORT void JNICALL
Java_com_mrikso_modmenu_FloatingModMenuService_MAIN_1on(JNIEnv *env, jobject instance) {

pthread_t ptid;
pthread_create(&ptid, NULL, my_test_thread, NULL);

}

extern "C"
JNIEXPORT void JNICALL
Java_com_mrikso_modmenu_FloatingModMenuService_MAIN_1off(JNIEnv *env, jobject instance) {

(my_cool_Patches.canShowInMinimap1.Restore() && my_cool_Patches.canShowInMinimap2.Restore());

}
Yes, I accidentally deleted the 'modify' function which only left the assignment of the patching addresses. Now it looks much tidier and easier to manage after removing the debugging messages. Thank you very much!
 

DivineElixir

Lurker Lv0️⃣
Member for 4 years
Yes, I accidentally deleted the 'modify' function which only left the assignment of the patching addresses. Now it looks much tidier and easier to manage after removing the debugging messages. Thank you very much!
'Tidy' things up looks neat but your concern should be the code flow. KittyMemory is 'messy' and can be optimize further.
 

mkcs

Apprentice Lv2️⃣
Member for 4 years
'Tidy' things up looks neat but your concern should be the code flow. KittyMemory is 'messy' and can be optimize further.
Cool! Also, how can I activate a mod function automatically without using a switch? Too many switches make the menu interface 'dirty'.
 

DivineElixir

Lurker Lv0️⃣
Member for 4 years
In short, KittyMemory is limited. In BBS, you cannot have certain mods as 'MOD Menu' else it'll either crash or goes unstable. Worse, these errors triggered calls to mummy back home.
 

GtcTurbo

Apprentice Lv2️⃣
Member for 8 years
guys i want a little help, with simple way i can mod a game, but i would like to know which difficult way, i am not a programmer or hacker, my job is butcher and free time activities with them
 

GtcTurbo

Apprentice Lv2️⃣
Member for 8 years
This problem it is ok.
all ok, but i dont see the icon MOD inside the game...
 

Ice 404

Lurker Lv0️⃣
Member for 4 years
ola alguem pode me ajudar a criar um mod para freefire
 

heitorhog

Lurker Lv0️⃣
Member for 3 years
hello guys it's ok, someone managed to play the mod into the game, I didn't get it here, if you have more sample material could you please provide
 
Top