Ynotsend

What test did shmoo perform to finally figure it out?

What is your secret? Tell meh.(Wait...why should hacking speed be a secret?)

Can't do strings, nothing useful. But how did shmoo find out that 9.8 was the speed of the player in Blitz Brigade o_0

Lol, I know how to hack with ida(EOR, LLDB/GDB, String Hacking) I have done it all, except this!

Can you link me one? I can't seem to find one.

Wait....ALL GAMELOFT GAMES STOCK SPEED IS 9.8? :0

This has been bugging me for a really long time. I don't care if its confusing, just tell me about something that could get me going onto hacking it. First of all, if there are a lot of complicated tutorials on here, why not a tutorial on this? I know it has to do with vectors, but I am really confused on how to hack SPEED.(Don't say something that speeds up a game! Eg.NOT GOOD--Speedmaster-NOT GOOD)

Don't worry guys, I hacked the game with EOR.

Oh shit, without Internet......try semi restoring

Then what's the other method?

Already know how to use LLDB, but don't know how to hack with LLDB for server sided games. Here is my steps, and for some reason it's not working: Oh the game is N.O.V.A 3 freedom edition.(Already hacked the shit out of the red version or the paid version) 1. Get an offset from iGG for LLDB to watch: Score is what I'm trying to hack 2. Allow LLDB to watch the address 3. Get the offset from LLDB and look in Ida Did all this but always got the wrong offset either from the game or from LLDB. Don't say, did u remove all that security stuff? Already did. Just tell me the correct way, that's all. Please.

So the value for health is 1120403456, but any smaller value like 803 million, will cause the health to be low, so any number close to 1120403456?

Is it possible to get a number close to that?

So what is it? WHAT IS THE ARM INSTRUCTION SO I COULD CHANGE THE VALUE TO 1120403456?

N.O.V.A 3 Freedom Edition: 38 results. Oh btw, I use igameguardian.

Ah, please don't be offended, shmoo and zahirsher created the hacks that I can't for a specific game. And gdb doesn't work for me, it will always give me errors. Are you serious? I can't find offsets with iGG? Damn! That's what I've been trying to do. So in LLDB, how come it doesn't give me a true value? I've already created Ida hacks with LLDB for a different version of the game, but struggling with this "blue" version. If there is a way to get gdb working for iOS 9 that would be nice, and shmoo did tell me to use LLDB. And also if you can, is there a way for LLDB to give me true values? That would SOLVE my issue. I wasted 1 week of my life trying to get offsets for this game . Ida string hacking? Not for this game! Gameloft is like "f**k you!" :\ Small note: I thought LLDB could do everything like gdb?

Oh no, it is subx, I JUST NEED TO KNOW HOW IN THE WORLD DO I FIND THE CORRECT OFFSETS IN NOVA 3 FREEDOM. I followed Shmoos tutorial and used iGG, nothing is working at all.

@@Kennyboy, , Im not just going to find values and hack it . @@ZahirSher, I forgot to tell you that the game was N.O.V.A 3 Freedom Edition, you used fuzzy search for every hack? Eg. Ammo, jetpack.etc

Alright, this issue is huge. And yeah I'm mostly calling out @@shmoo, and @@ZahirSher, but any help will do. So here is my issue, when I search for a value, it gets a couple thousand results. Then I change the value, then search again, and get 0 results. And yes I removed ASLR, ptrace/syscall and binary is cracked(LLDB). So what is it? What's causing me to find the incorrect values? I know these values have been hacked before, SO I NEED HELP ASAP.

Well actually sort of, my binary is already thinned. My issue was that I was finding offsets, I wasn't suppose to find. Any tips on finding the right offset for a server sided game?

No, I don't know how to do that. Link?

Hello, this is not going well at all. So fyi, the game I'm trying to hack right now is, N.O.V.A 3 Freedom Edition. I am not asking for help, on how to hack the game, I know that already. My problem is, after removing ASLR, and disabling ptrace/syscall, I'm still getting an error. My error is: "unable to find section for section 32". Now I believe this error is getting in the way into finding the create IDA offset. So here is the code in LLDB: (lldb) process connect connect://192.168.0.9:8018 error: unable to find section for section 32 Process 32237 stopped * thread #1: tid = 0x7ded, 0x373750a4 libsystem_kernel.dylib`_kernelrpc_mach_port_insert_member_trap + 8, stop reason = signal SIGSTOP frame #0: 0x373750a4 libsystem_kernel.dylib`_kernelrpc_mach_port_insert_member_trap + 8 libsystem_kernel.dylib`_kernelrpc_mach_port_insert_member_trap + 8: -> 0x373750a4: bx lr libsystem_kernel.dylib`_kernelrpc_mach_port_extract_member_trap: 0x373750a8: mvn r12, #0x16 0x373750ac: svc #0x80 (lldb) (lldb) b s -a 0x00F9CB48 Breakpoint 1: no locations (pending). WARNING: Unable to resolve breakpoint to any actual locations. (lldb) Breakpoint 2: no locations (pending). WARNING: Unable to resolve breakpoint to any actual locations. (lldb) w s e -- 0x00F9CB48 Watchpoint created: Watchpoint 1: addr = 0x00f9cb48 size = 4 state = enabled type = w new value: 109760 (lldb) c Process 32237 resuming (lldb) Process 32237 stopped * thread #11: tid = 0x7e5a, 0x37421f88 libsystem_platform.dylib`<redacted> + 112, stop reason = EXC_BREAKPOINT (code=EXC_ARM_DA_DEBUG, subcode=0x19d57fe) frame #0: 0x37421f88 libsystem_platform.dylib`<redacted> + 112 libsystem_platform.dylib`<redacted> + 112: -> 0x37421f88: vst1.8 {d0, d1, d2, d3}, [r12:128]! 0x37421f8c: bhi 0x37421f80 ; <redacted> + 104 0x37421f90: add r12, r12, r3 register read $pc pc = 0x37421f88 libsystem_platform.dylib`<redacted> + 112 (lldb) As you can see, if you look at the pc=0x37421f88, that doesn't match the format in IDA which is something like this: text:00374230(0x00374230). So whats wrong? Why isn't it matching? All of the "text", start with two zero's, so I don't know what I did wrong. This game is server sided, and there is a different version of the game, also called N.O.V.A 3, and its red. And this "red" version, it was super easy to hack. But I did remove ASLR as said before, and removed ptrace/syscall, but still finding these two main issues: "unable to find section for section 32" and the other issue is not matching offsets. PLEASE PLEASE HELP ME.

Hello, I need serious help. I have been trying to hack N.O.V.A 3 freedom edition in Ida. I can't do it at al!!! It's so frustrating!!!! If shmoo, or zahirsher could help me, that would mean a lot.

Thank you