0xWeiss

Offset 1 -- Offset 2 -- Offset 3 Python has apparently finished loading. Some functions are still listed as sub_x, but I can see the names of these ones. Money: 1. IDA Offset - 191506c Game.GUI.GlobalCanvas.ResourceValuePresenter$$ChangeResource 2. IDA Offset - 19075ec CSGame.Models.Resources.Resource$$AddValue 3. IDA Offset - 1915288 Game.GUI.GlobalCanvas.ResourceWidgetView$$UpdateValue

Ah, thought I had done that. UnityFramework > global-metadata.dat -- Done. File > Script File > ida.py > script.json Waiting on the load now.

iL2CPPDumper, correct? Open the dump.cs file in Notepad++?

Hmm, either the Live Offset Patcher doesn't work for this game, the offset is wrong (doubt), or the game's currency isn't possible to change. It didn't work.. ^^ Game: ZombieShop

I'm sure you're getting tired of seeing me here, but you're gonna see a whole lot of me. I need assistance with identifying offsets that are useful. I've stumbled across 3. These offsets are involved with the game's currency. Searched current value, altered value by selling, search value, ended up with 3 offsets. Offset 1 -- Offset 2 -- Offset 3 Money: 1. IDA Offset - 191506c Game.GUI.GlobalCanvas.ResourceValuePresenter$$ChangeResource 2. IDA Offset - 19075ec CSGame.Models.Resources.Resource$$AddValue 3. IDA Offset - 1915288 Game.GUI.GlobalCanvas.ResourceWidgetView$$UpdateValue EDIT: I also need help with figuring out how to alter the assembly using the KEYPATCH:Patcher. No idea how to do that, I don't know how to pull up the menu/pop-up. EDIT: I'm also attempting to test the offsets with the Live Patcher on iGG. Any help is appreciated.

That solved a problem, but not the one I originally had. Haha. However, I realized I was able to find the address in the debug portion of IDA. The green play button thing. However it didn’t have anything next to it, so I exited and saw that the analysis thing wasn’t finished. So I’m gonna let that load and try again tonight.

EDIT: Possible Mistakes List: - “image list UnityFramework” instead of “image list ZombieShop”? (3:23AM Thought)

If you don’t mind, I’ll list everything in detailed steps. Game: • Zombie Shop V-0.21.1 Devices: • iPhone X 13.3 UnC0Ver 7.0.0 JB • ASUS ROG Laptop Win10 x64 Programs: • IDA PRO 7.3 • iL2CPPDumper • Notepad++ • LLDB • 3uTools • PuTTy • iGameGod • Filza • NewTerm • FlexDecrypt | CrackerXI Sites: • ArmConverter • BinaryHexConverter • Calculator-HexCalculator —————————————— 1. Gathering the necessary files. • [iPhone] Launch CrackerXI —> Zombie Shop —> Full IPA • [iPhone] Launch Filza (/var/mobile/Documents/CrackerXI) —> EXTRACT ZombieShop_0.21.1_Weiss • Launch NewTerm —> flexdecrypt /var/mobile/Documents/CrackerXI/ZombieShop_0.21.1_Weiss/Payload/ZombieShop.app/Frameworks/UnityFramework.framework/UnityFramework [[Cracked binary is in /tmp/UnityFramework]] • [PC] — Launch 3uTools > Grab UnityFramework and place in Desktop Folder. • [PC] Direct to ZombieShop.app > Data > Managed > Metadata > Grab global-metadata.dat and place in Desktop Folder. —————————————— 2. IDA Pro Portion • [PC] Launch IDA Pro x64 > New > Select “UnityFramework” > Allow to fully load with “IDLE” is on the bottom left. • [PC] Launch iL2CPPDumper > Select “UnityFramework” > Select “global-metadata.dat” > Allow to finish. • [PC] Return to IDA Pro (Fully Loaded) > File > Script File... > IDA.py > Script.JSON • [PC] Allow the script to fully finish until it says “IDLE” is on the bottom left. —————————————— 3. 3uTools / PuTTy / LLDB / Game Portion • [iPhone] Open iGameGod and enable Zombie Shop. • [iPhone] Launch Zombie Shop. • [PC] Launch 3uTools > Toolbox > Open SSH Tunnel > SSH Client (PuTTy) • [PC] In PuTTy > Type “lldb” > Type “attach ZombieShop” • [PC] Game attaches successfully, the game freezes. • [PC] In PuTTy > Type “image list ZombieShop” > Note the ASLR > Type “c” to continue process (unfreeze game). • [iPhone] Use iGameGod to search values until I’m left with 1-2 (in my case, 3). • [PC] In PuTTy > Type “process interrupt” (freezes game). [[NOTE: Cannot create Watchpoints while the game’s running.]] • [PC] Creates Watchpoints. • [iPhone/PC] Changes the value > Trigger Watchpoints 1. • [PC] In PuTTy > Type “register read” and copy the output into Notepad++ > Type “c” to proceed > Watchpoint 2 was trigger-ed > Type “register read” and copy the output into Notepad++. • [PC] Acquired 2 IDA offsets > Removed ASLR using hex calculator. • [PC/iPhone] Kept notes on money value and converted using decimal to hex. • [PC] Searched for the converted value in the register read outputs and found a match in watchpoint 1. • [PC] Returned to IDA > Press “G” > Inserts Address (ASLR REMOVED ONE) —————————————— [[ENCOUNTERS ERROR]] • Command “JumpAsk” Failed —————————————— Hopefully you could help spot the issue this way!

Welcome! Hello!

HELLO AGAIN! 🙋🏻‍♀️ I’ve run into another issue during this learning journey and I’ve searched the forums to see whether someone’s had the same issue or not, one person did but it went unsolved. Steps: 1. Grabbed ASLR — CE8000 Money: 3320 — CF8 2. Removed ASLR from WatchPoint Offsets. •WatchPoint1 — 0X12C144674 Frame#0 — 10832D0F8 ASLR Removed — 1076450F8 •WatchPoint2 — 0X12C3C8BB0 Frame#0 — 10836CE58 ASLR Removed — 107684E58 3. Converted Decimal to Hex. 4. Searched in Register Read. 5. Made a match (x11 - 12C65CCF8) 6. Went to IDA. 7. Searched for 1076450F8 & 107684E58 8. Met with Command “JumpAsk” Failed. Did I go wrong somewhere? Please educate me!

Windows 10, I’ve downloaded and installed the fix in the regedit. I was able to make the live debugging work, however, I couldn’t figure out how to have IDA make a sigstop when values are searched.

Hello, I’m sure you see me often in these topics. I’m currently in the process of learning how to hack games and I’ve ran into some issues, again. All day today, I’ve been trying to figure out how to work the debugger on IDA Pro. Here are the steps I’ve taken: 1. Open IDA Pro & load cracked binary with the global-meta.data already done. 2. Used 3uTools for SSH Tunnel. 3. Opened game on phone. 4. Open Putty >> debugserver 127.0.0.1:22 -a binaryname (Waiting on Process) 5. Opened LLDB.cmd >> process connect connect 127.0.0.1:22 (Doesn’t Work) Settings on IDA PRO >> Debug Options > Filled Host Name / Port Pressing Attach / Start is just a bundle of error pop-ups. Open to all help 🤍

May I ask how you got debugserver on Putty?

Here's the link to learn how to hack -- LINK -- Have some basic knowledge on some things first, it may help.