Jump to content

maddo7

Member
  • Posts

    11
  • Joined

  • Last visited

Profile Information

  • iDevice
    iPhone 11

Recent Profile Visitors

248 profile views

maddo7's Achievements

Newbie

Newbie (1/14)

  • Week One Done
  • One Month Later
  • One Year In
  • 2 Years In
  • 3 Years In

Recent Badges

0

Reputation

  1. I just read tutorials about ASLR and I think it's not necessary to remove it if I add it to the address like I did: ASLR Base + Pointer from IDA. Now it seems I've found the address, the breakpoint triggers on LLDB when I click the button Then there's another issue. When the breakpoint hits I get this error: (lldb) Process 21538 stopped * thread #13: tid = 0x6538, 0xff76545e, stop reason = EXC_BAD_ACCESS (code=1, address=0xff76545e) frame #0: 0xff76545e error: memory read failed for 0xff765400 And the app continues to run but seems to be bugged. I can see the loading circle spinning but nothing else works. When I stop the debugserver, the whole phone crashes and restarts. What is causing this and how can I fix it?
  2. Should I analyze it with IDA after doing all this?
  3. No, I'm new to this and followed a tutorial. How would I do this? I used a cracked version of the App to begin with.
  4. I just tried it with GDB I had to thin the app to make it work. I used "info shared" to get the string with offset (offset 0x10000) (Why is the offset different this time?) Then I used this 0x10000 + 0x2512C = 0x3512C Afterwards I used break *0x3512C and the breakpoint registered (gdb) break *0x3512C Breakpoint 1 at 0x3512C But again the breakpoint doesn't get hit. What could potentially be wrong? EDIT: I just hooked a function that comes after the part where I want to put a breakpoint break funcname and GDB returned Breakpoint 2, 0x35f9e6f8 in funcname () when I ran the App the breakpoint hit without any issues. Now I think I got the wrong address. GDB returned 0x35f9e6f8 as address for the function When I look it up in IDA it is listed as "__picsymbolstub4:00C6F5CC" so address should be 0xC6F5CC When I do the math 0xC6F5CC + 0x10000 = 0xC7F5CC the result is totally different from 0x35f9e6f8 So maybe I misinterpret the pointer I got from IDA? Edit 2: Could it be I need to use a different base offset? info shared lists multiple files with offsets. I examined the App.app/App binary in IDA and the function was there along with the pointer I need. How do I know if this function is in the main executable or in a lib?
  5. Now I read somewhere that I would need to do "image list -o -f" to get a list of the objects. The base address should be the value after [0] which is 0x00000000000e4000 in my case. Then I went to IDA to check the line where it says __text:0002512C which is 0x2512C Now I should add the 2 to get the address: 0x2512C + 0x00000000000e4000 = 0x10912C Now when I do "b s -a 0x10912C" it says "Breakpoint 1: address = 0x000000000010912C" so it seems it found the address now. When I open the app and perform an action that should trigger the breakpoint it still does not. What could be the issue here?
  6. Hello, I checked an App using IDA and I found an interesting line where I'd like to get the values from. The lineitself is a _strlen command which should hold the value. Now I right clicked the line and did "Copy address to command line" wich gave me "0xC10C4C". Then I did "b s -a 0xC10C4C" on LLDB but it just returned "Breakpoint 1: no locations (pending). WARNING: Unable to resolve breakpoint to any actual locations." And when I resume the app the breakpoint won't "break", the app just continues How can I get the right address to set the breakpoint?
  7. When you take a look at instagram requets it usually looks like this: signed_body=e365434d1344fc5d73f85bb72b2d7e3474dd8227275071cb9dd9649ca4f0216d.%7B%22media_id%22%3A%22528086397952388638_263262746%22%7D&ig_ sig_key_version=4&src=timeline&d=0 So the first hash before the . is generated by using hmac sha256 on the string after the . with a special key. I need the key that generates "e365434d1344fc5d73f85bb72b2d7e3474dd8227275071cb9dd9649ca4f0216d" out of "%7B%22media_id%22%3A%22528086397952388638_263262746%22%7D"
  8. The rules say "selling anything in general is prohibited." I'm not selling something and I don't want to buy a product/something. I'm looking for a service which could be free as well. The terms are between me and the person who accepts the request.
  9. Hello, I didn't find a "want to buy" or "paid" section of the forum so I'm posting it here. I'm looking for somebody with reverse engineering skills who could teach me how to get the signature key hash from the iOS version of Instagram. I have a jailbroken iPhone 6 with iOS 9.0 which I could use. You would need to tell me the exact steps needed to extract the key from the App and answer possible questions. I have basic reverse engineering skills on Android but none on iOS so I want to get this going asap. Of course I will pay for your time and service, please tell me your offers.
  10. I'm having the same issues, the server crashes on 9.0, is there a solution for this?
×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines