- Ruby Red
- Matte Black
tanis started following Badland Brawl, Dupe single items, Could someone link me a tutorial of How to hack with VS and and 3 others
tanis replied to Chiprian1C's topic in Last Day on Earth: Survival Club's LDOE DiscussionsActually the Android hack can dupe those items as well
It makes sense, I've got confused there. But now I wonder.. how would you get crash reports that make sense if you obfuscate the code? There should be a way to deobfuscate what comes through the crash reporting and it must either be stored in the game or somewhere offline for post processing of crash reports.. has anyone had a look into that by any chance?
Well, then you can learn to use IDA or lldb to remote debug an iOS application, learn some Objective-C to understand how things work in iOS application-space and get your hands dirty with Theos to have a starting point to write your tweaks with.
You stand no chances with VB.
You've got to take your time and learn how to use IDA to analyze the code, either IDA or lldb to debug interactively as needed, learn how to code in Swift/Obj-C/C and setup Theos so that you get a framework to write your hacks with (it makes your life a lot easier). It's not something you learn over a night though
That's fine if you know the address. But in my case I don't know the address of what I'm looking for so I need to find out the virtual address space assigned to the process and read the list of regions in there to scan each of them. I stumbled upon lldbinit https://github.com/gdbinit/lldbinit and it's got a findmem command that seems to work with malloc-ed memory as well (notice the MALLOC_SMALL): (lldbinit) findmem -s ciao Found at : 0000000100000F74 base : 0000000100000000 off : 00000F74 __TEXT Found at : 0000000101000000 base : 0000000100800000 off : 00800000 MALLOC_SMALL Found at : 00007FFFC9D3FF74 base : 00007FFFC1F04000 off : 07E3BF74 __LINKEDIT Found at : 00007FFFC9D4165F off : 07E3D65F __LINKEDIT This pretty much solves most of my problems.
Is there anyone who tried to write something similar to iGameGuardian or who has got an idea of how it could actually work. I doubt that they hook malloc to keep a list of all the memory allocations in the heap. Is there a way to access the list of heaps arenas from within an iOS process? What would you do to find out the arenas? Maybe this could turn out in a collaborative project, wouldn't it be useful? My basic plan would be to make it a dylib and sideload it with the app I want to read the memory from.
Yes, I know about mem find -s "mystring" -- 0x000000010216b000 0x000000010295f000 but you need to find out the addresses of the memory arenas that have been allocated by malloc and friends which is not obvious. You can get a list of memory sections with image dump sections but those are the allocations made when the executable is being launched and memory allocated statically. All the memory allocation functions do not end up in that list and I'm not aware of any easy way to track them down.
Recently Browsing 0 members
No registered users viewing this page.
- Administrator |
- Global Moderator |
- Moderator |
- ViP Plus |
- ViP Jailed |
- ViP |
- Cheater |
- Modder |
- Novice Cheater |
- Rookie Modder |
- Contributor |
- Senior Member |
- Member |