Easy Mod Menu Tutorial on Android for Beginners | Learn to make mod menu for any Games
linkPart 1: Designing Menu
linkPart 2: Hooking & Hex Patching
linkPart 3: Adding menu into game
linkPart 4: Find Offsets & Replace Hex
linkHooking Examples and Codes
linkDownload Links and More
Part 1: Designing Menu
The above video is a part 1 tutorial on how to create a mod menu for Android games. It guides viewers through the process of setting up the environment and designing the basic layout of the mod menu.
Here are the detailed steps covered in the video:
Here are the detailed steps covered in the video:
- Download and install the AIDE app and NDK for it (according to your device bit).
- Download the mod menu source zip file and extract it.
- Navigate to the folder where you extracted the zip file in AIDE App.
- Open the main.cpp file to understand the different features that can be added to the mod menu.
- Learn about the following features and how to add them to the mod menu: Category, Toggle switch, Seekbar, Spinner, Button, Checkbox, Radio button, Collapse, Textview etc.
- Change the title, subtitle, background color, text color, and other design aspects of the mod menu.
- Add stroke, change the height, width, and radius of the mod menu.
- Convert an image to base64 and set it as the app icon.
Part 2: Hooking & Hex Patching
This second video dives into the hooking as well as patching the memory addresses (offsets) of an Android games which can be controlled from a mod menu. Here's a breakdown.
- Open the main.cpp file in your source code using the AIDE app.
- Declare variables with the same data type as the function in the game.
- Implement a hooking function that matches the return type of the game's method.
- Ensure the hooking function includes conditions to activate only when specified criteria are met.
- Use MSHook for modding Arm32 games or A64Hook for modding Arm64 games to hook the above function.
- Define a feature name such as Toggle, Seekbar, Button, etc.
- Adjust variable values within respective cases.
- For hex patching, directly insert code within #if and #else sections.
- Modify or restore hex patches within switch cases as needed.
Part 3: Adding menu into game
Here are the steps to add a mod menu to the game, based on the instructions from the video:
- Verify library names: Ensure correct library names to avoid issues with your mods. If unsure, search online to confirm the correct libraries needed for modding.
- Customize menu and subtitle: Remove unnecessary buttons from the created menu and update the subtitle as recommended in the video.
- Build the Menu Apk: Once menu customization is complete, build the app.
- Place game and mod menu apk in the same folder: Copy both the game app and the mod menu app into the same directory. You can locate the mod menu app in the build folder. If you encounter difficulties finding it, ensure that the Apk Output Directory is enabled.
- Decompile the game apk: If you have MT Manager VIP then use it else, follow these steps to decompile the game app. Use a tool called APK Tool M.
- Identify the game's main activity first: Locate the game's main activity using an app like "Current Activity," available on the Google. Once identified, copy the "MainActivity" code text. .
- Open the Smali folder in MT Manager and paste the "MainActivity" text in the appropriate location.
- Add Service and Overlay Permission code in AndroidManifest file.
- Copy the lib,dex and assets folder of menu apk into game and compile it.
Part 4: Find Offsets & Replace Hex
The above video is part 4 of a mod menu tutorial. It explains how to find offsets and replace hex values for Unity games. Here's a simple breakdown:
- Check the Game's Files:
- Locate the game and see if it has a file named
libil2cpp.so. This method only works for Unity games with this file.
- Locate the game and see if it has a file named
- Extract Necessary Files:
- Extract
libil2cpp.soandglobal-metadata.datfrom the game. Create a folder called "dump" to store these files.
- Extract
- Use an IL2CPP Dumper:
- Find an IL2CPP dumper site or use an IL2CPP dumper app.
- If using a site, upload the
libil2cpp.soandglobal-metadata.datfiles. If using an app, select these files from your device.
- Dump the Files:
- Click "submit" and wait for the site or app to process the files.
- Download or Save the resulting
dump.csfile and open it as a text file.
- Search for Keywords:
- Look for keywords related to the mod you want. For example, to unlock pets, search for terms like "
get_unlockedpets" or "petsunlock".
- Look for keywords related to the mod you want. For example, to unlock pets, search for terms like "
- Find and Test Offsets:
- Try different keywords until you find a potential offset.
- Use an offset tester menu to check if it works in the game.
- Replace Hex Values:
- If the offset works, find the replace hex value. Use an online "ARM converter" to convert your desired value.
- Add the replace hex value to your mod menu.
- Additional Notes:
- Some features may require a premium membership.
- This method might not work for all games, especially those with protective measures.
Hooking Examples and Codes
- Hooking Examples
- Declare variables
- Write Hooking Function
- Call Hook Lib
- Add the desired Views
- Change the Variables Value from Switch Cases
bool UnlockSkins;
float LightRadius, PlayerSpeed;bool (*old_unlockskins)(void *instance);
bool unlockskins(void *instance) {
if (instance != NULL && UnlockSkins) {
return true;
}
return old_unlockskins(instance);
}
float (*old_lightradius)(void *instance);
float lightradius(void *instance) {
if (instance != NULL && LightRadius > 0) {
return (float) LightRadius;
}
return old_lightradius(instance);
}
void (*old_playerspeed)(void *instance);
void playerspeed(void *instance) {
if (instance != NULL) {
if (PlayerSpeed >= 1) {
//The below code only executes if PlayerSpeed is equal to or greater than 1
*(float *) ((uintptr_t) instance + 0x2C) = PlayerSpeed;
}
}
return old_playerspeed(instance);
}HOOK_LIB("libil2cpp.so", "0x9D3BAC", unlockskins, old_unlockskins);
HOOK_LIB("libil2cpp.so", "0x8FA3A0", lightradius, old_lightradius);
HOOK_LIB("libil2cpp.so", "0xA0C874", playerspeed, old_playerspeed);OBFUSCATE("Category_Mods"), //It will not counted
OBFUSCATE("15_Toggle_Unlock Skins"), //It will assigned as Case 15
OBFUSCATE("25_SeekBar_Light Radius_0_20"),
OBFUSCATE("30_SeekBar_Player Speed_0_100"),switch (featNum) {
case 15:
UnlockSkins = boolean;
if (boolean) {
Toast(env,obj,OBFUSCATE("Unlock Skins Enabled"),ToastLength::LENGTH_SHORT);
}
break;
case 25:
LightRadius = value;
break;
case 30:
PlayerSpeed = value;
break;
}- Hex Patching Examples
- Add the desired Views
- Patch or Restore the offset directly from Switch Cases
OBFUSCATE("Category_Mods"), //It will not counted
OBFUSCATE("10_Toggle_Unlock Pets"), //It will assigned as Case 10
OBFUSCATE("20_SeekBar_Player Level_0_4"),switch (featNum) {
case 10:
PATCH_LIB_SWITCH("libil2cpp.so", "0x9D3A04", "01 00 A0 E3 1E FF 2F E1", boolean);
if (boolean) {
Toast(env,obj,OBFUSCATE("Unlock Pets Enabled"),ToastLength::LENGTH_SHORT);
}
break;
case 20:
switch (value) {
case 0:
MemoryPatch::createWithHex(targetLibName, string2Offset(OBFUSCATE("0xA1E8A0")), OBFUSCATE("10 4C 2D E9 08 B0 8D E2")).Modify();
break;
case 1:
MemoryPatch::createWithHex(targetLibName, string2Offset(OBFUSCATE("0xA1E8A0")), OBFUSCATE("05 00 A0 E3 1E FF 2F E1")).Modify();
break;
case 2:
MemoryPatch::createWithHex(targetLibName, string2Offset(OBFUSCATE("0xA1E8A0")), OBFUSCATE("64 00 A0 E3 1E FF 2F E1")).Modify();
break;
case 3:
MemoryPatch::createWithHex(targetLibName, string2Offset(OBFUSCATE("0xA1E8A0")), OBFUSCATE("FF 00 A0 E3 1E FF 2F E1")).Modify();
break;
case 4:
MemoryPatch::createWithHex(targetLibName, string2Offset(OBFUSCATE("0xA1E8A0")), OBFUSCATE("50 03 0C E3 1E FF 2F E1")).Modify();
break;
}
break;
}Download Links and More
- Download Tutorial
- Apps
- Android NDK
- Menu Source File & Codes
- Sites Link
Comments