1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Game Modding tutorial

Discussion in 'Tutorials' started by Slim420, Dec 12, 2014.

  1. Slim420

    Slim420 Active Member

    Dec 8, 2014
    Likes Received:
    IDA Pro Basics (Instructions Of IDA)
    Here is a good tutorial for anyone who is willing to learn what the arm assembly language is and how do you understand it.
    This is a very useful tutorial to understand the basic instructions in IDA

    Steps of doing:

    1. Check the Game --> What could be hacked? What names the functions could have?

    2. Load the Binary(lib file in lib folder) in IDA -->Check if load resources is checked

    3. Let the IDA time to load

    4. After that open up a Hexeditor and put the Binary in it


    Useful searches:

    (the big ones are the key words)

    Player's Life: life,health,damage,hp,live,power

    e.g: CSoldierHero::takeDamage
    e.g: CPlayer::removeHealth

    Points: points,score,mp

    e.g: Game::UpdatePoints
    e.g: Game::AddPoints
    e.g: Game::loadScore

    Ammo: ammo,shoot,shot,fire,weapon

    e.g CPlayer:: ProcessShooting
    e.g CPlayer::fire
    e.g xxx::subAmmo

    If you have other things like 'speed' or 'suns' or something just try different options


    -level -->level up cheats
    -powerups -->megajump,doodlejump
    -some keywords depend on the game.. rpg,action,fun,...
    -kill -->splinter cell
    -Unlock --> Unlock is an important keyword *


    WHAT TO DO...?

    ADD(e.g score): set to MOV R0,#480000000*
    set the registers or the value after #xx to very high

    SUB(e.g ammo): change to ADD,NOP it. Or set the SUB to #0

    RSB(reverse subtract --take damage): NOP it or set the registers to low or try to change to an ADD

    LDR(e.g score,...): change the Register to Register 7(R7) or to an MOV R0,#480000000*

    STR(e.g setLife): Change the register to R7 or MOV R0,#480000000*

    SUBS/ADDS (same like SUB and ADD)



    ADD R3,R3 #1 -->01 30 83 E2
    SUB R3,R3 #1 --> 01 30 43 E2

    ADD R1,R3,R3 --> 01 30 83 E0
    SUB R1,R3,R3 --> 01 30 43 E0

    MOV R0,#48000000 = 12 03 A0 E3 -->very high value (you know the PvZ Mod where the sun turns into 9999? thats a MOV R0, #48000000)

    MOV R0,#1 = 01 00 A0 E3 (often used for functions like : isXXX or hasXXX (e.g: player::hasAllWeapons if you use an MOV R0,#1 it always returns the value 1 so you have all Weapons))

    MOV R0,#0 = 00 00 A0 E3 (often used for isXXX and hasXXX functions(e.g: player::needFood if you use MOV R0,#0 it always returns 0 , so you do not need food))

    2Byte BX LR : 7047 -->deletes a function
    2Byte Nop : C046 -->NOP = No operation

    4Byte BX LR : 1EFF2FE1 -->deletes a function
    4Byte Nop : 0000A0E1 -->NOP = No operation



    Above mostly all Branch commands there have to be a CMP(compare) and because of this CMP it branches

    e.g: BEQ(branch if equal) above: CMP R3,R2

    so it doesnt branch because R3 not equal to R2

    if CMP R2,R2 and then BEQ then it branches

    BEQ = Branch if equal (cmp r2,r2)
    BNE = Branch if not equal (cmp r3,r11)
    BLT = Branch if lower than(cmp r2,r3)
    BGT = Branch if greater than(cmp r3,r1)



    Without trying you can't succeed.

    So go ahead and try!

    Plist editing - Hex editing - IDA Modding

    Plist: Just download some Games and rehack plists

    Hex: Download savefile and Compare and learn with it some hex.

    IDA: 1. Use the Offset DB and go with IDA to the Location. Check the function and what was changed. 2. Download some Binarys and Compare them. 3. Read Tutorials

    My knowledge:

    BX LR - NOP - SUB - ADD - LDR - STR - MOV - RSB

    Just one last Thing: GDB isnt the horror. I dont like GDB. I can't work with it.

    I just sometimes use it for checking a functions and their registers(e.g when I don't know what registers are low in there and what high).


    In Brothers in Arm: Hour of Heroes

    CSoldierHero UnlockAllWeapons

    Double click on it..

    Make an XRef from the Ttle of the function (highlight the function and press X)

    Then there should be an BNE(branch not equal) it branches if not equal

    If you change it to and B(branch no conditions) it always branches and you have your weapons unlocked..

    This means yo can't change the function directly.. you have to check from where it comes

    BNE,BLT,BGT,BEQ --> B = Change the last byte to an EA if it is 4 Byte XX XX XX EA
    BNE,BLT,BGT,BEQ --> B = Change the last byte to an E0 if it is 2 Byte XX E0


    If you Mod ammo and you know there is a SUB Rx, Rx #1 which sumtracts your ammo the look above there should be a CMP.
    If there is a CMP which compares thesame register as the SUB subtracts then you are right and it could be the CMP that compares if Rx = 0

    IF Rx = 0 it reloads your gun

    so if you NOP (0100A0E1) the CMP it doesnt reload as it doesnt compare if Rx is equal 0

    You often find CMPs above Branches. This means you have two options: Either you make the BXX to only aB so it branches all the time(look at branches). Or you set the CMP as neede: e.g:

    BNE(BranchNotEqual) so it branches when the comparison result isnt equal --> CMP R2,R3 if R2 and R3 have different values it branches as they aren't equal


    Framework used: link

    ARM ASM Converter and GUI by slam80: http://puu.sh/1mC2f

    HxD: http://mh-nexus.de/en/hxd/

    Hex to Decimal Converter: http://www.mediafire.com/?ft4a2bwq0o4xpzv

    IDA Demo 6.4: http://www29.zippyshare.com/v/94408370/file.html

    ANDROID MULTITOOL v3.0 [ADB]: http://forum.xda-developers.com/showthread.php?t=2326604

    I don't take credit for this tut.
    tdnbsun, DzKirito, Bigaon and 7 others like this.
  2. dacuoi

    dacuoi Guest

    link dowload die ? i can't dowload .
    Bigaon likes this.
  3. Slim420

    Slim420 Active Member

    Dec 8, 2014
    Likes Received:
    Re checked links and all should be up and running
  4. h3yf00l

    h3yf00l License Manager
    Staff Member Administrator

    Apr 2, 2014
    Likes Received:
    Good job yet again man, all links working except mega.co  :p

  5. raline

    raline i r noob

    Jan 21, 2015
    Likes Received:
    good tutorial indeed
  6. dedi rukmana

    dedi rukmana i r noob

    Jan 9, 2015
    Likes Received:
    Any Mod diamond line get rich ?
  7. jaeik

    jaeik i r noob

    Feb 15, 2015
    Likes Received:
    Assembly language?
  8. cnaqe

    cnaqe i r noob

    Feb 18, 2015
    Likes Received:
    Great information. Thanks
  9. Beast

    Beast i r noob

    Feb 28, 2015
    Likes Received:
    had already read.. anyway .. great1
  10. zombi3butt

    zombi3butt Member

    Feb 23, 2015
    Likes Received:
    Is there anyway to bypass the unity anticheat? I tried this w slingshot, i managed to change combocount=8 then got banned, samethng with World of warriors.
  11. Beast

    Beast i r noob

    Feb 28, 2015
    Likes Received:
    who has mod these games?? anyone?? if so plz help me...
    1)zombie highway (cars,weapon,level)
    2)hill climb racing (coin & fuel)
    3)zombie tsunami (coins/free shopping)
  12. Espada42

    Espada42 Guest

    How about avabel?
  13. Manu

    Manu i r noob

    Nov 27, 2015
    Likes Received:
  14. Diege

    Diege Guest

    Credits: HACKJACK
  15. rushic24

    rushic24 Guest

    Can anyone please put a tutorial on how to Mod asphalt nitro with ida,
    Its in SB_xx form
  16. Sesy

    Sesy i r noob

    Dec 28, 2015
    Likes Received:
    Thays awwsome......can you please help me Mod family farm
  17. Deniz

    Deniz i r noob

    May 2, 2016
    Likes Received:
    it will be hard for learn but i will try...
  • About Us

    Android Republic - Android Game Mods - Offering only the most advanced and exclusive android mods, protections like Xigncode are easily bypassed by our team.

    Exclusive Android Mods, android protections are no problem for us, only the best available games, here you will find only the best games such as Kritika, Summoners War, Raven, Dragon Striker, Avabel, Evil Bane, 7knights and seven knights, Darkness Reborn, Soul Seeker all fully modded and waiting for you! easy xigncode and dxshield bypass too!
  • Like us on Facebook