scratchyentree

9 hours ago, songyuki97 said:

I misunderstood you. but watchpoint doesnt hit

I think we're screwed man, even the gods of iOS hacking don't know what's going on, I'm sure it's something to do with our ios version and lldb compatibility.

10 minutes ago, K_K said:

I’ll see if I can help with this one

where are you getting your watchpoint from?.. igg , game player etc.

Don’t worry about the aslr unless you are trying find the real offset in IDA.

 

lldb can be frustrating at times .

 

You could change the value in the lldb .

 

You would need to find out what is @ this address :

w s e -- 0x14ED0DBF0

 After it break/ pause you would need to find The register for the number you’re after 

3524493

x/i 0x14ED0DBF0

will give you this info .

 

0x14ED0DBF0 - 0x2c9000 = 0x14C07DBF0 this is giving you real address taking away aslr that’s why it’s not breaking/stopping . 
 

 

Go to this address in IDA 0x14C07DBF0

 

So it’s not breaking or pausing because the vale of the watchpoint address isn’t changing in lldb, even though it is in iGG (I’m using iMemEditor which is the same thing with a different name from the same company).

24 minutes ago, songyuki97 said:

Example

[  0] E63DF4AA-6ED9-30DB-A1F4-2BEDF61449B0 0x0000000102c90000 /var/containers/Bundle/Application/C40578D2-AF06-4CC7-A126-B44D9D39C965/PvZ2.app/PvZ2

0x0000000102c9000

0x2c9000 is ASRL offset

and iGG address is 0x14ED0DBF0

(lldb) w s e -- 0x14ED0DBF0
Watchpoint created: Watchpoint 3: addr = 0x14ed0dbf0 size = 8 state = enabled type = w
    new value: 55837351936

i change value in game, but lldb not hit.

and i try other

0x14ED0DBF0 - 0x2c9000 = 0x14C07DBF0

(lldb) w s e -- 0x14C07DBF0
Watchpoint created: Watchpoint 2: addr = 0x14c07dbf0 size = 8 state = enabled type = w
    new value: (null)

i change value in game, but lldb not hit.

 

what should i do?

thank you

Seems like I'm not the only one having this issue. I believe it might be something to do with either our iOS version, or the LLDB debian that's become outdated. If you could post your iOS version and the version of LLDB you're using maybe we can get an answer sooner.

2 hours ago, Rook said:

Hello,

Did you bypass/adjust for ASLR on your offset?

From what I understand from most of the tutorials I've read on here, I have to get a watchpoint to hit on the Memory Editor Address before I adjust the ASLR on the IDA address. The picture in the OP where it stopped was where I changed the value in game (in my case I gained another coin), and the watchpoint still didn't hit (So it's not outputting the address to subtract the ASLR from). Maybe I'm wrong, but I'm using iMemEditor (Formerly iGameGuardian) to get the memory address, adding said address to lldb, and my watchpoint isn't updating or hitting even though I verified that the address value is changing through iMemEditor. 

Also, are you telling me to adjust for ASLR on the iMemEditor offset? Because if so, it goes against every tutorial on here I've ever read, and also I took the time to try to subtract the ASLR from the iMemEditor address myself with no success.

iOS version 11.4.1 on iPhone 7 Plus using unc0ver 5.2.0 and lldb from San bigner’s repo

For multiple apps, when I set a watchpoint through lldb, it sets a watchpoint properly and reads the value properly. When I go back to the game and modify the value, the watchpoint doesn’t hit, and when I do “w list”, the value of the watchpoint isn’t changed. Am I doing something wrong?

Thanks

Thanks

wow thanks

cool thanks

thanks for the hack bro

great hack! Been waiting for this update

Thanks for this like