Maybe you asked yourself why some players got 2.147.483.647 points or maybe 9.223.372.036.854.775.807 points in Apple’s GameCenter. This is because they cheated. I know, the truth hurts.
Some of them are progamers and played games for hours, months or even lifes. But the most of them just edited their memory to hack their score. The problem is, that you can edit your score to a limit of 2.147.483.647 points. This is because you can only edit int32 variables on your device. (2.147.483.647 sind (2^32 /2)-1! )
What we need to cheat correctly?
- iPad, iPod or iPhone w/ GameCenter
- A game with GameCenter functions
- Your computer (OS X, Windows or Linux)
- Maybe patience
Install a game on your iPod/iPad/iPhone.
In this example I decided to install “I’M DESTROYER 2 HD FREE” because my score wasn’t astronomically high.
I’m Destroyer 2 HD Free – iTunes
Installation of Charles Web Proxy on your computer
Charles is a HTTP Proxy / HTTP Monitor / Reverse Proxy which allows to monitor the entire traffic including SSL. Basically you can log requests, responses and HTTP-header.
Maybe you noticed that Charles isn’t for free.
In this case we don’t need the full version. Charles demo runs 30 minutes and reminds you to buy it, if you like it. If Charles reaches the 30 minute limit of execution it will close. But don’t worry: Just reopen it for extra 30 minutes.
Setup Proxy in iOSIn this step we route our entire traffic of our device to Charles.
Navigate to “Settings” -> “General” -> “Network” -> “WLAN” and tap on the blue arrow icon on the right side. After that you scroll down and select “Manual” settings.
Determine your computers IP address and type it into the right field in iOS.
In my specific configuration it should look like this (default port of Charles is 8888!)
Start Charles on your computer
When you start Charles on your computer and browse to a website on your iDevice, it should look like this.
But wait. The main problem is that Apple’s GameCenter is talking SSL to encrypt communications. Without countermeasures your iDevice shouldn’t be able to connect to specific Apple services.
Fortunately you can avoid this. Charles gives us an option to sign our own certificate to route SSL correctly.
To save your time and money I created a cert file..
On your iDevice, type this URL into your Safari:
and confirm the installation procedure.
Now we can display SSL traffic!
Launching of I’M DESTROYER 2 HD FREE .. wtfAfter setting up Charles and our configuration on the iDevice, we now can step over to the fun part.
It’s not necessary but advised to clean up the entire charles session window first.
To do this simply select all directorys and hit DEL.
Play that bloody game!Press play and spend some time in the game to get some points.
It’s important that your score is greater than zero.
OK, I finished the first level of the game.
Tap the arrow to jump into the next level and watch on your computer what you just did.
Navigate into the same directory and select submitScores.
As you can see, our score was submitted to the GameCenter.
You can now edit the packet if you right click on “submitScores” and select “Edit”.
Charles will duplicate it and let you type in your own values.
Your destinated score should not be longer than maximal int64, otherwise the GameCenter will reject your packet.
After editing there is only one thing to do: Execute.
Your modified packet will be repeated. It’s kind of odd that the time stamp is simply ignored.
Done! .. what now?It’s even more fun to get achievements. Look for the entry submitAchievements, edit all values to 100 and resend it.
For achievement-IDs you can look into Achievements.plist on your Device. Usually you can find it on /var/mobile/Applications!
You can even unpack an IPA file and look for it on your computer.
Disclaimer: I’m not responsible for something that you do! If you start a thermonuclear war, it’s not my fault.
Do it at your own risk.