jx1992

@@Shmoo419 I noticed theres a sysctl call in the function as well. That function is usually used to detect the presence of a debugger as well. You can visit this site http://www.coredump.gr/articles/ios-anti-debugging-protections-part-2/ to read more about bypassing it or you can post the whole disassembly of the first function and we can figure it out

@@Shmoo419 In the disassembly posted on page 1, the syscall is made to ptrace with the argument "PT_DENY_ATTACH". In linux, this would be used to deny debuggers from attaching to the current process (in this case, Nova 3). Since the disassembly shows that the program doesn't check for the return value of the ptrace syscall, what you can do is one of these 2. 1) Set r1 to -1 Because -1 is not a valid ptrace request argument, the ptrace syscall will return with an error and the call will not succeed. 2) Nop the branch to syscall This simply stops the function from making a syscall. Simple as that. From what I can infer, I suppose you are trying to attach a debugger to the Nova 3 app. You can try the above 2 methods to see if you can get your debugger to attach. For more details you can reference this site : http://www.coredump.gr/articles/ios-anti-debugging-protections-part-1/ Good luck

That's right. If calls to the functions can easily be disabled, you could simply make the actual syscall function to return and do nothing. Can you post the disassembly for the syscall function?

I respectfully disagree. Ultimately, even via strings, you'd be led to functions that seem similar because similar functions can reference the same string. Finally for BF (at least for 1.2.2), strings are referenced dynamically so they don't show up as cross references in IDA. Strings method can work but it'll be as tedious as hex comparing.

Not bad. Good try zahirsher

Wow you practically stole that from me and posted it here without my permission