0xSolana

yes

😀

i used lldb on MacOS and Windows but it still buggy (by buggy i mean that lldb kick me from the program) i download the 2 file from Nini but didn’t update them otherwise it just crash my NewTerm window (or via SSH it dose not respond) can you tell me wich version of lldb do you use, your ios version with the jailbreak ? thanks EDIT : do you think that the problem could be the RAM (i am iphone 6 and he is old + low RAM) ?

Hey, i tried to debug games with lldb, worked for the first game but for any other game, it is too much laggy, my connection is closed by the remote host for any reason by SSH via WI-FI or USB it is the same. Using Unc0ver or Checkra1n is also the same. So that's why i want to try with GDB. (Shmoo Topic For GDB) but shmoo deleted his repo and can't find an up to date version. i Tried the 1708 version with radare repo but had an error with bad executable. i looked the open source and only see "armv7" but i am arm64. So i would like to know if any guy here has an up to date GDB for ARM64 ? maybe Laxus or Rook ? Thanks

well, finally when i tried debug a new game from the appstore, the same problem came back. ios 12.4, Checkra1n Should i maybe hack the .ipa and install the ipa then debug the cracked ipa by CrackerXI ? or it should be from the appstore ? EDIT: It stop the conexion instantly or after 5-10 seconds... maybe an anti-debug or it can't ?

Nice man ! Checkra1n works great with lldb

have u tried to install it on a guest apple id account (from another country or whatever but not yours) ?

When i looked into Blitz Brigade binary file with iDA, i found 2-3 strings with "Syscall" inside, should i RET them or NOP ? and try debugging the game after ? Anyway, Thanks for all those explains, i will take a look on google if i can find informations about that and if not i will create a support topic and if you have time, i will tag you

So to do that i do like if i had to find an offset (by subtracting the aslr to the offset that I got from iGameGod ?) but then i don't know what to do ? ps : i had to use lldb (gdb not working on my device so i can use the fonction to "bypass" the aslr) i found that https://iosgods.com/topic/687-tool-remove-aslr-v200/ am i right ?

It crashed when i open the Gameloft game... (I also had the info that Blitz Brigade have an anti-debug. So i installed "LetMeDebug" but the game crash when opening)

@Nini could you please check this topic

As ted2 said its what u get from armconverter. example : You want to RET a fonction (that the fonction dose not happen), in arm converter you would type : RET --> C0035FD6 // This is the RET fonction in HEX/BYTES that arm converter will send u So, now that we know the bytes of our "RET" we will patch the offset that u got from IDA / lldb or anywhere [switches addOffsetSwitch:@"One Hit Kill" description:@"Enemy will die instantly!" offsets:{0x1001BB2C0} // adress of IDA or anuwhere you got bytes:{0xC0035FD6}]; // the bytes u got from armconverter.com // So, the fonction at 0x1001BB2C0 will be "delete" by our 0xC0035FD6 (RET) see arm knloegde here : https://iosgods.com/topic/45417-tutorial-basic-arm-instruction-explanation-with-image/

i'll try that and tell u back thanks

Hello, I tried to attach a Gameloft game (Blitz Brigade) with lldb but i keep getting this error : error: attach failed: attach failed: lost connection I get only this message when trying debugging BBG game. I also had the info that BBG have an anti-debug. So i installed "LetMeDebug" but the game crash when opening I search for "Ptrace pwner" but xarold repo is dead and i couldn't find a deb for it. So do u guys know if there is any other anti-debug to finally attach the Gameloft game ? (and if someone have the Ptrace pwner file i don't say no 🙃)

Hello, When i SSH into my device (via WIFI or USB) and launch lldb, it work but, for any random time, it close the conection... Dred@macbook-pro-de-Dred ~ % ssh [email protected] [email protected]'s password: ---:~ root# lldb (lldb) att deadtrigger2 Process 22391 stopped * thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP frame #0: 0x00000001f9bd4148 libsystem_kernel.dylib`semaphore_timedwait_trap + 8 libsystem_kernel.dylib`semaphore_timedwait_trap: -> 0x1f9bd4148 <+8>: ret libsystem_kernel.dylib`semaphore_timedwait_signal_trap: 0x1f9bd414c <+0>: mov x16, #-0x27 0x1f9bd4150 <+4>: svc #0x80 0x1f9bd4154 <+8>: ret Executable module set to "/var/containers/Bundle/Application/AB88859F-E994-400C-95DE-5F869C84DF68/deadtrigger2.app/deadtrigger2". Architecture set to: arm64-apple-ios-. (lldb) c Process 22391 resuming // was going to search for GameGem ammo offset but it closed the conexion (lldb) Connection to 192.168.x.x closed by remote host. Connection to 192.168.x.x closed. Dred@macbook-pro-de-Dred ~ % // back to the mac SSH by WIFI or USB has the same result... I have installed lldb from Cydia (apt.bingner.com repo) lldb version : 10-1 iOS : 12.4 (ARM64)

I followed your tutorial and found exactly the same offset. the game is still at the same version (2.1) maybe RAM ? (mine isn’t very low and lagg) (for ex if i quit app for 2 sec and comme back, it will restart it) EDIT : I tried hack with another hex and it worked. IT FREEZ2 WHEN WE RET THE STR

Hello, I used the live offset patcher to test that but, when i finished enter values, the game freeze when i switch the weapon. (Phone is not connect to lldb) Here is the offset + hex : Offset : 10092DEE8 // no 0x bcz Live Offset Patcher don't support it Patched Hex : C0035FD6 (ARM64)

waiting for the good one, no need to search

Hey @TIEPBM Happy that u could made your app For the activator command i think that either there is not enough time (the iphone thinks that there is only one press on the home button because there is no time between the 2 actions) or that it is too slow like you said. Me, I would set an amout off- seconds before clicking again ( but a very small one like 0.1 seconds for example) things like that : activator send activator send libactivator.system.homebutton && sleep 0.1 //your amount of seconds && activator send activator send libactivator.system.homebutton Look there :

Thanks, i think i should practice on smaller task before doing cooldown hack

i answer here because i’m trying to do the same thing. so i have a few questions : -by « debuging » the game you mean remove ASLR from it ? -and how to search the cooldown ? by using GameGem/iGameGod ? or (example : Ak-47 = 2 sec reload) so i search into IDA a string with 2seconds/2sec/*similar words* ? Thanks a lot for theses answer !

it disappears bcz it is to « test » the filter. as far i as know, it is bot possible to keep it more then 48 hours (need to resent to device)

Reseting my phone to 0 and Re Jailbreak + installing theos with @Rook's tutorial was the solution.