We don't have an iOS forum yet, but I frequently work on hacking iOS games, typically using some sort of MITM attack.

I figured I'd share this one with you guys, as its not online/ranked at all. If it's well received, I'll post some more as I come across them, and maybe some other experienced developers will join in.
 

---

---THIS WILL UNLOCK ALL WBID ACCOUNT ITEMS, AS IF YOU HAD COMPLETED ALL THE CONSOLE ACHIEVEMENTS---

So to begin, you DO NOT need to jailbreak your phone for this to work.

We will be relying on modifying responses sent to your phone via a proxy.

I'm going to write this using Charles Web Proxy (I believe I have a cracked version of 3.7, I'll assume you have a working copy of Charles). I might post a more in depth Charles tutorial to help newer hackers join in if needed, but here's the settings you will need.

Your phone should have the Charles SSL Certificate installed (available on the Charles website, just go there in your browser and install it), and you should point your phone to the computer running it, via the advanced settings for your WIFI connection, and configuring your proxy settings to MANUAL (for me its 192.168.SUBNET.MACHINE_ADDRESS, port 8888, no authentication)

In Charles you will need to enable SSL (Proxy -> Proxy Settings -> SSL -> Enable SSL Proxying, and add for a location  "*:*" (All IPs, all ports; although you can customize this as needed)

Now Charles should have an active recording session, and opening the game should show you some packets being sent, and you should be able to see the request/response data on some packets (some won't have responses). *You may need to tell Charles to allow your phone if you haven't run it before, it will pop up as a dialogue.

This means its set up properly.

Now is where the fun begins.

Go to Tools -> Rewrite (ctrl shift w)

• Enable Rewrite
• Add a new Set
• Add a new Location to that set
• Settings:

1. protocol: HTTPS
2. Host: dcfighter.hydra.agoragames.com
3. leave everything else blank (matches all)

Add a new Rule

• Type: Body
• Where: Response
• Match:
• Values: "linked_profiles":*
• Check Regex
• Not Match Whole Value
• Replace:

Values (copy and paste all of this, it should be formatted to fit as one line, as Charles won't accept new lines)

"linked_profiles":  { "360": {"sp_total_character_wins": {"Aquaman":100,"Ares":100,"Bane":100,"Batman":100,"BlackAdam":100,
"Catwoman":100,"Cyborg":100,"Deathstroke":100,"DoomsDay":100,
"Flash":100,"GreenArrow":100,"GreenLantern":100,"HarleyQuinn":100,
"Hawkgirl":100,"Joker":100,"KillerFrost":100,"LexLuthor":100,
"Nightwing":100,"Raven":100,"Shazam":100,"Sinestro":100,"SolomonGrundy":100,
"Superman":100,"WonderWoman":100},"mp_total_character_wins":{"Aquaman":100,"Ares":100,"Bane":100,"Batman":100,"BlackAdam":100,
"Catwoman":100,"Cyborg":100,"Deathstroke":100,"DoomsDay":100,"Flash":100,
"GreenArrow":100,"GreenLantern":100,"HarleyQuinn":100,"Hawkgirl":100,"Joker":100,
"KillerFrost":100,"LexLuthor":100,"Nightwing":100,"Raven":100,"Shazam":100,"Sinestro":100,
"SolomonGrundy":100,"Superman":100,"WonderWoman":100},"sp_total_super_moves_per_char":{"Aquaman":100,"Ares":100,"Bane":100,"Batman":100,"BlackAdam":100,"Catwoman":100,
"Cyborg":100,"Deathstroke":100,"DoomsDay":100,"Flash":100,"GreenArrow":100,
"GreenLantern":100,"HarleyQuinn":100,"Hawkgirl":100,"Joker":100,"KillerFrost":100,
"LexLuthor":100,"Nightwing":100,"Raven":100,"Shazam":100,"Sinestro":100,"SolomonGrundy":100,
"Superman":100,"WonderWoman":100},"mp_total_super_moves_per_char":{"Aquaman":100,"Ares":100,"Bane":100,"Batman":100,"BlackAdam":100,"Catwoman":100,"Cyborg":100,
"Deathstroke":100,"DoomsDay":100,"Flash":100,"GreenArrow":100,"GreenLantern":100,"HarleyQuinn":100,
"Hawkgirl":100,"Joker":100,"KillerFrost":100,"LexLuthor":100,"Nightwing":100,"Raven":100,"Shazam":100,
"Sinestro":100,"SolomonGrundy":100,"Superman":100,"WonderWoman":100},
"sp_total_ladder_completions_per_ladder_type":{"0":100.0,"1":100.0,"2":100.0,"3":100.0,"4":100.0,"5":100.0,
"6":100.0,"7":100.0,"8":100.0,"9":100.0,"10":100.0,"11":100.0,"12":100.0,"13":100.0,"14":100.0,"15":100.0,
"16":100.0,"17":100.0,"18":100.0,"19":100.0,"20":100.0},"sp_total_play_time_per_mode":{"GM_GALLERY_OFF":9999999,
"GM_LADDER_OFF":9999999,"GM_MULTI_VERSUS_OFF":9999999,"GM_PRACTICE_OFF":9999999,
"GM_SCENARIO_OFF":9999999,"GM_SINGLE_VERSUS_OFF":9999999,"GM_STORY_OFF":9999999,
"GM_TRAINING_OFF":9999999},"mp_total_play_time_per_mode":{"GM_CHAT_MATCH_ON":9999999,
"GM_KOTH_ON":9999999,"GM_PLAYER_MATCH_ON":9999999,"GM_PRACTICE_ON":9999999,
"GM_PRIVATE_MATCH_ON":9999999,"GM_RANKED_ON":9999999,"GM_SURVIVOR_ON":9999999},
"sp_total_scenario_completion":100.0,"sp_story_mode_completion":100.0,"mp_all_trans_met":100,
"mp_online_random_challenges_completed":100,"mp_xp_points":99999999,"mp_total_wins_ranked":1000,
"sp_interations_used":500,"mp_interations_used":500,"mp_total_dethrone_koth":100,
"mp_longest_win_streak_ranked":100,"mp_arkham_pig_deaths":100,"sp_arkham_pig_deaths":100,
"mp_total_dethrone_survivor":100,"mp_holiday_challenges_completed":100}}

Choose Replace All, and click OK

We need one more rule to trim a trailing {}

So add one more Rule to the set

• Type: Body
• Where: Response
• Match: {}
• Not Regex
• Replace:  

(I put a single space in there, you can probably leave it empty, but I'm not sure about what sort of quirks different versions of Charles has)
Click OK, and OK, to get back to the Session monitoring

Now in the game, you need to sign up for a WBID Account. As soon as you sign up and log in, it should give you all the unlockables, as if you had completed all the achievements in the Console version. If it doesnt, try returning to the main menu, and going back to the unlockables screen.

You can only unlock everything once, but it will help out a new player a lot, or give a vet a decent boost.

I'm currently monitoring the Event information, unfortunately I didn't save the 50% off Red Son Pack discount event, but soon I should have packets to enable old events.
 

Yeah, I wasn't sure how to handle that, as I was trying to distinguish it from the Console version, as there's PS3 and 360 releases of it as well, but they're quite different from the mobile one. I didn't mean it as a tag but more as specifying the version I was submitting it for.
 

---

So I've been digging into the actual save file of the game now. All the values themselves seem to be stored in an obfuscated/encrypted method, but the location of each value is serialized in a predictable manner.

As of right now, I haven't found a method to directly specify variables, however I have found the location of where the game's currency is stored. Thus, you can easily buy something, replace the value with the old encrypted value, and get your money back while retaining the items.

To get the save file itself, use iFunBox (install it on your pc) and Copy From Phone Injustice.app/Library/playersave.bin

The currency appears to be saved for me in 0x734-0x743 (16 bytes), although I suppose depending on other variables, yours could be in a slightly different location.

To locate this, I copied one save file, completed one fight, and diffed it with the new save. (I used the 010 Hex Editor)

Using my save, and rebuying a bunch of Red Son packs and restoring the money and then selling them, I got up to about 4.5 million before I got bored. So if you want to use my value, B4 DE 2D FE 16 2D E4 88 8A D3 4C 2A 6C 14 39 58 will restore to 4.5 million, I'm not sure if challenge or alliance credits are bundled in that value as well.

Either way, its pretty simple to copy the playersave.bin to and from the phone, diff them as needed, and try replacing values to see what each block of the save corresponds to.

I'm working right now at intercepting the alliance credit reward packet transmissions to/from facebook so I'm hoping to have some Charles rules to send yourself credits soon.

As for actual events, I can't confirm until they roll out a new one, but I believe that its broadcasted to the client in the start-up request from 409.content.swrve.com. The new event will be out in about a week or so, so hopefully that leads to some developments.

Working with iFunBox and a hex editor is really going to improve iOS save hacking though, so keep an eye out for further developments.

I hope this is at least slightly useful to someone else, as I haven't seen a lot of iOS hacks outside the jailbreak world.