Jump to content

nyc709

Member
  • Posts

    82
  • Joined

  • Last visited

Posts posted by nyc709

  1. Can somebody help me hook this function to repeat itself. Like I'm doing attack multiplier to hit the enemy multiple times.

    [Address(RVA = "0x1639E4C", Offset = "0x1639E4C", VA = "0x101639E4C")]
    public void SendAttackToEnemy(List<int> moblist, int skill, int card, int flag)

     

    #import "Menu.h"
    #include <substrate.h>
    #import <mach-o/dyld.h>
    
    uint64_t getRealOffset(uint64_t offset){
    return _dyld_get_image_vmaddr_slide(0)+offset;
    }
    int (*org_SendAttackToEnemy)(void*, int moblist, int skill, int card, int flag);
    int SendAttackToEnemy(void* this_, int moblist, int skill, int card, int flag) {
      return org_SendAttackToEnemy(this_, moblist, skill, card, flag) * 20;
    }
    %ctor {
      MSHookFunction((void *)getRealOffset(0x101639E4C), (void *)SendAttackToEnemy, (void **)&org_SendAttackToEnemy);
    }

     

    Kindly correct my code cause it's not working. planning to repeat the function 20 times. 

  2. 9 hours ago, asianqueen said:

    I’m a bit confused. Did you get your value by fuzz search or exact search?

     

    did you also decrypted the game before search?

    I used crackerxi to get the binary file and global meta. 
    Cheat will work if i change the value in igamegod, but it will not get a hit in watchpoint lldb to that address because you cant change the value in the game.  But you can edit it in igamegod.

  3. Tools used:
    IDA Pro, Putty (for lldb command), LLDB, IGameGod


    What I did:

    1. First I run the Game.

    2. Used IGameGod and found a value. 0x125affa9c = 3.5 (FLOAT)

    3. Run Putty, logged in as root, lldb, attach (pid number)

    (lldb) attach 66524
    Process 66524 stopped
    * thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
        frame #0: 0x000000019c5fe198 libsystem_kernel.dylib`mach_msg_trap + 8
    libsystem_kernel.dylib`mach_msg_trap:
    ->  0x19c5fe198 <+8>: ret

    libsystem_kernel.dylib`mach_msg_overwrite_trap:
        0x19c5fe19c <+0>: mov    x16, #-0x20
        0x19c5fe1a0 <+4>: svc    #0x80
        0x19c5fe1a4 <+8>: ret

    Executable module set to "/private/var/containers/Bundle/Application/7449FC03-3312-4469-ABB5-46AC9BA2FEEF/xxxxx.app/xxxxxx".
    Architecture set to: arm64-apple-ios-.


    4. Run image list (path) and noted the HEX number 0118000

    image list /private/var/containers/Bundle/Application/7449FC03-3312-4469-ABB5-46AC9BA2FEEF/BNEI0335.app/BNEI0335
    [  0] E6DA5503-9359-326D-8118-0D3503EC2F14 0x0000000100118000 /private/var/containers/Bundle/Application/7449FC03-3312-4469-ABB5-46AC9BA2FEEF/xxxx.app/xxxx

     

    5. Set watchpoint for 0x125affa9c but the value is showing 1080033280, in Igamegod/dlgmemor the value is 3.5 Float. Please explain?

    (lldb) w s e -- 0x125affa9c
    Watchpoint created: Watchpoint 1: addr = 0x125affa9c size = 8 state = enabled type = w
        new value: 1080033280

    6. Then I continue.

    (lldb) c
    Process 66524 resuming

     

    Problem:

    Can't find the address in IDA because watchpoint is not working when I change the value in IGameGod/DLGmemor.
    Please not that the value can't be change in Game.

    Is there a way to make a breakpoint/watchpoint for me to find the offset in IDA but it's impossible to change the VALUE in Game.
    Can change only using IGameGod/DLGmemor.


    I know that IDA offset = (watchpoint hit address) - (0118000)

     

     

     


     

×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines