Anonymonk

does crashreporter notify you about anything when your game is crashing?

i just understood that i have to print register value when the watchpoint is hit... i actually tried to backtrace out of a breakpoint ... but "br s -a 0xhpoffset" was hitting nothing... i have to read more about breakpoint s0 and s1 is my hp... but nowhere to be seen in ida s2 and s3 is max hp backtrace + registers 1st hit backtrace + registers 2nd hit i dont know why, something is wrong about old value-new value.. after a second look, s16 s17 s26 s27 seems to be the hit i took

in case someone want to help me but there is not the neccesary information to do so, i uploaded the processed binary by ida here, https://www.dropbox.com/s/rxq43n9tw4p3usg/acier.idb?dl=1 to see crossreference.. or subroutine... , just in case ^^

is it the deb files that you want? http://apt.saurik.com/debs/com.saurik.impactor_0.9.32_iphoneos-arm.deb its cydia eraser install package source : https://www.cydiaupdates.org/pack/38/

otherwise if crashreporter doesn notify you anything, you can just run in safe mode and see if your games still crash, then yu have to find by yourself what cause that, with icleaner... also cocoatop might be helpfull to see if a process is hanging your cpu

hi again, still working on Assassin creed unity, if someone could give me a hand to figure out what to edit for one offset, i think i could manage the rest alone. i couldn't find what to modify to get the unlimited health, so i took another watch point, killingspree. both watchpoint show the same instruction (on a different adress) i higlighted them in red LLDB killingspree IDA view-A of killingspree watchpoint (0 ; 1 ; 2 no killingspree - 3 killingspree activated) LLDB Health float 32b IDA view-A Health i also printed a list of all register out of curiosity.. and to try to understand... (edit: this list is wrong i didnt print at the time of the watchpoint) thank you for the help

yep.. thats it.. i can now try... but it seems really hard to begin to learn instruction in that assassin creed unity i made a try and everyone became immortal, and all attribute to max.... big mess seems like i will have to spend time to learn all that... if someone feel to tell me what to edit ... i welcome everyone, hihihi

i disabled the alsr, and i guess its proper as the lldb display show the same instruction than Ida i see... thank you both for your help, i will give a try right now

i guess i could have choose something easier for my first start ^^, but thats that one i want to hack... so i have a problem, when i dissassemble the binary as arm7 in ida (arm proc), he show a different hex view... as just to open the binary as raw... i tried to open the binary with several Hex editors, they never match with the hex values from ida i was thinking to edit the binary inside my iphone with a hexeditor and test it straight away... binary of assassin creed unity, thinned and alsr removed HEX value from binary HEX value from dissassembled binary in IDA the watchpoint is health going down in 32b float lldb watchpoint IDA view-A when i convert arm to hex or hex to arm... nothing is matching with the value i find when i open the binary in a hex editor.. why is that so, a protection? all the tuto i have red or watched dont have that issue... thanks

Yep, as pointed Ted2 when i put the thinned bin in assassin creed and debugg from that one, it was all right but still the journey seems to be long

thanks but the video is not available @ZahirSher

need to fill paypal or credit card to download that.... nice ... someone could make a dropbox, mediafire, or whatever download link? thanks

/delete

oh sh!t, thats true, i just reinstall the game because i had some loggin problem and i forgot to paste the thinned bin... hahaha, i feel ashamed ^^ thank you

yes, thinned and removed i will try again later to see if i get the same offset, and to type "dis"

hi again, so i finally have a debugger working, i got my first offset for assassin creed unity, that the health offset. the problem i have is when i open the binary in ida, the last offset is 0271EB2C... i also looked at 0x00488670.. but it doesnt match. what have i done wrong? there is not much tuto with lldb, its mainly gdb on iosgods thank you edit: ida show that

ok, i success to find an offset using my iphone 6s ios9.3... but my ipad air 2 ios8.4 doesnt want to work, i can reach segmentation fault 11 ... tryed in safemode but i should have done a reboot before as it was not working. lldb is quite picky.... doesnt want to attach process when i use the name but agree with pid

@DiDA any idea why i get invalid thread ? thanks edit: because i didnt interrupt the process before to set a watchpoint...

nobody have an idea about how to fix that issue?

i was doin ssh over wifi in mac.. as i couldnt find an easy way to make a usb tunnel... but i just tried in windows with ifunbox tunnel .. and i got the same result.. i start to desperate to be abble to find offset in assassin creed unity... because i even tried to set gdb on my iphone running 9.3 and i got the same osabi #$$%## story than with my ipad

i'm not... but thats what i remember.. i didnt had a mac at that time so... all i find about that is ipadian... as you cannot use simulator if its not your app.

hi there, i think i remeber @shmoo telling that he's running ios game straight on his mac to debug and hack.... but i dont find any way to do that... does it was a dream? thankss

i know its old thread, but this one work for me on ios8.4 if @castix still need one. https://www.dropbox.com/s/a3g4k3lvqj87nzm/debugserver?dl=1 @DiDA i think it would be good to put an ios 8.4 compatible debugserver inside the main lldb tutorial... so people which follow it dont have to search why it doesnt work...

so... now, im stuck at the next step, when i run in lldb, process connect connect://172.20.10.6:1234 it just hang there forever.. i have tried with a wrong ip and it does return error.. maybe thats just because i ssh over wifi

just got the first step working with another tuto tuto source is here https://hirschmann.io/remote-ios-debugging/