Tutorial Fruit Ninja Hack - Always critical hit - Auto Crit

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
Hey guys,

This tutorial will be about how to reverse Fruit Ninja for PC (get it here: https://www.youtube.com/watch?v=58k60SzYXq8) in the aspect of how to do always crits.

Let's, first of collect what we've got:
- crit strikes give us 10 instead of 1 point / sliced fruit
- they occur randomly
- they are being COUNTED. If you do like 10 crit strikes regardless of whether that was in more than 1 game, you get an ACHIEVEMENT

So why not search an unknown 4 byte value which always increases by 1 if we crit. (use "increased value by 1")

That way we find
FruitNinja.exe+E0410 - FF 41 54 - inc [ecx+54]
as the instruction increasing our critical strike total count..

Breakpointing the top of the function
FruitNinja.exe+DF520 - 55 - push ebp

And stepping through will give us this:
FruitNinja.exe+DF727 - 80 BB 65010000 00 - cmp byte ptr [ebx+00000165],00

So either, [ebx+0x165] is 0 and we jump away and the part above (notice it says critical at FruitNinja.exe+DF771) or the critical stuff gets done.

Making it JNE will not be enough as we will notice.. But because we know some basic stuff, [ebx+0x165] will be a flag about crit or not crit.

We will have to breakpoint that instruction before (the CMP) however to find out where this flag is set. Now we breakpoint the beginning of the function again:
FruitNinja.exe+DF520 - 55 - push ebp
And see whether we can find that EBX value again. You will see that it's stored in ECX.

Now we add ecx+165 to the address list and see what writes it after breakpointing the beginning of the function again.
We will find out that
FruitNinja.exe+DF6D4 - 88 83 65010000 - mov [ebx+00000165],al
will write to it.

We'll do a code injection by being in the memory view and press ctrl+A and then ctrl+I and enter.
at newmem: we'll write mov al,1 because we know that if it is 0, the critical stuff will be skipped...

Here's the assembly injection script:
C++:
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
mov al,1

originalcode:
mov [ebx+00000165],al

exit:
jmp returnhere

"FruitNinja.exe"+DF6D4:
jmp newmem
nop
returnhere:

Injecting this will give us always crit.


I hope this wasn't too complicated to understand, if it was feel free to ask..


here's a video
https://www.youtube.com/watch?v=BVHhSyVS4X0
 
Last edited:
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods