0xWeiss

That solved a problem, but not the one I originally had. Haha. However, I realized I was able to find the address in the debug portion of IDA. The green play button thing. However it didn’t have anything next to it, so I exited and saw that the analysis thing wasn’t finished. So I’m gonna let that load and try again tonight.

EDIT: Possible Mistakes List: - “image list UnityFramework” instead of “image list ZombieShop”? (3:23AM Thought)

If you don’t mind, I’ll list everything in detailed steps. Game: • Zombie Shop V-0.21.1 Devices: • iPhone X 13.3 UnC0Ver 7.0.0 JB • ASUS ROG Laptop Win10 x64 Programs: • IDA PRO 7.3 • iL2CPPDumper • Notepad++ • LLDB • 3uTools • PuTTy • iGameGod • Filza • NewTerm • FlexDecrypt | CrackerXI Sites: • ArmConverter • BinaryHexConverter • Calculator-HexCalculator —————————————— 1. Gathering the necessary files. • [iPhone] Launch CrackerXI —> Zombie Shop —> Full IPA • [iPhone] Launch Filza (/var/mobile/Documents/CrackerXI) —> EXTRACT ZombieShop_0.21.1_Weiss • Launch NewTerm —> flexdecrypt /var/mobile/Documents/CrackerXI/ZombieShop_0.21.1_Weiss/Payload/ZombieShop.app/Frameworks/UnityFramework.framework/UnityFramework [[Cracked binary is in /tmp/UnityFramework]] • [PC] — Launch 3uTools > Grab UnityFramework and place in Desktop Folder. • [PC] Direct to ZombieShop.app > Data > Managed > Metadata > Grab global-metadata.dat and place in Desktop Folder. —————————————— 2. IDA Pro Portion • [PC] Launch IDA Pro x64 > New > Select “UnityFramework” > Allow to fully load with “IDLE” is on the bottom left. • [PC] Launch iL2CPPDumper > Select “UnityFramework” > Select “global-metadata.dat” > Allow to finish. • [PC] Return to IDA Pro (Fully Loaded) > File > Script File... > IDA.py > Script.JSON • [PC] Allow the script to fully finish until it says “IDLE” is on the bottom left. —————————————— 3. 3uTools / PuTTy / LLDB / Game Portion • [iPhone] Open iGameGod and enable Zombie Shop. • [iPhone] Launch Zombie Shop. • [PC] Launch 3uTools > Toolbox > Open SSH Tunnel > SSH Client (PuTTy) • [PC] In PuTTy > Type “lldb” > Type “attach ZombieShop” • [PC] Game attaches successfully, the game freezes. • [PC] In PuTTy > Type “image list ZombieShop” > Note the ASLR > Type “c” to continue process (unfreeze game). • [iPhone] Use iGameGod to search values until I’m left with 1-2 (in my case, 3). • [PC] In PuTTy > Type “process interrupt” (freezes game). [[NOTE: Cannot create Watchpoints while the game’s running.]] • [PC] Creates Watchpoints. • [iPhone/PC] Changes the value > Trigger Watchpoints 1. • [PC] In PuTTy > Type “register read” and copy the output into Notepad++ > Type “c” to proceed > Watchpoint 2 was trigger-ed > Type “register read” and copy the output into Notepad++. • [PC] Acquired 2 IDA offsets > Removed ASLR using hex calculator. • [PC/iPhone] Kept notes on money value and converted using decimal to hex. • [PC] Searched for the converted value in the register read outputs and found a match in watchpoint 1. • [PC] Returned to IDA > Press “G” > Inserts Address (ASLR REMOVED ONE) —————————————— [[ENCOUNTERS ERROR]] • Command “JumpAsk” Failed —————————————— Hopefully you could help spot the issue this way!

Welcome! Hello!

HELLO AGAIN! 🙋🏻‍♀️ I’ve run into another issue during this learning journey and I’ve searched the forums to see whether someone’s had the same issue or not, one person did but it went unsolved. Steps: 1. Grabbed ASLR — CE8000 Money: 3320 — CF8 2. Removed ASLR from WatchPoint Offsets. •WatchPoint1 — 0X12C144674 Frame#0 — 10832D0F8 ASLR Removed — 1076450F8 •WatchPoint2 — 0X12C3C8BB0 Frame#0 — 10836CE58 ASLR Removed — 107684E58 3. Converted Decimal to Hex. 4. Searched in Register Read. 5. Made a match (x11 - 12C65CCF8) 6. Went to IDA. 7. Searched for 1076450F8 & 107684E58 8. Met with Command “JumpAsk” Failed. Did I go wrong somewhere? Please educate me!

Windows 10, I’ve downloaded and installed the fix in the regedit. I was able to make the live debugging work, however, I couldn’t figure out how to have IDA make a sigstop when values are searched.

Hello, I’m sure you see me often in these topics. I’m currently in the process of learning how to hack games and I’ve ran into some issues, again. All day today, I’ve been trying to figure out how to work the debugger on IDA Pro. Here are the steps I’ve taken: 1. Open IDA Pro & load cracked binary with the global-meta.data already done. 2. Used 3uTools for SSH Tunnel. 3. Opened game on phone. 4. Open Putty >> debugserver 127.0.0.1:22 -a binaryname (Waiting on Process) 5. Opened LLDB.cmd >> process connect connect 127.0.0.1:22 (Doesn’t Work) Settings on IDA PRO >> Debug Options > Filled Host Name / Port Pressing Attach / Start is just a bundle of error pop-ups. Open to all help 🤍

May I ask how you got debugserver on Putty?

Here's the link to learn how to hack -- LINK -- Have some basic knowledge on some things first, it may help.

🤗

I'm finally able to open .py! Sorry for the late reply, I was doing laundry. Anyways, the tutorial I was following showed them opening script.py, but my script file is a JSON file. EDIT: Nvm. Had to choose ida.py > script.json.

This? -->IMAGE

Is this not correct? --> IMAGE

Just IDC --> IMAGE

I do have a Python folder --> IMAGE

Good afternoon, I'm coming here to ask for help with IDA Pro 7.3. Here's a list of applications I'm currently using: - IDA Pro 7.3 - iL2CPPDumper - Python 2.7.18 - Game Binary (Unity) & Global Metadata Steps I've taken: 1. Cracked the binary using flexdecrypt from Cydia. 2. Grabbed the global-metadata.dat file from the proper folder. 3. Placed the two files on my computer where I'd be able to easily access. 4. Opened IDA Pro -- Opened UnityFramework -- Allowed it to load completely. 5. Ran iL2CPPDumper > Selected UnityFramework > Selected Global-Metadata.dat 6. Dumper updated some files in it's folder --> IMAGE 7. IDA Pro shows .idc files are the only script files I could open and not .py --> IMAGE I've tried doing "All Files" and selecting the files this way, but it gives me this message --> IMAGE Any ideas where I'm going wrong? ^^ Any help would be highly appreciated. Thank you.

Niceeeee

Thank you so much, I will look into that more soon.