Jump to content

bR34Kr

ViP Pro
  • Posts

    1,323
  • Joined

  • Last visited

Community Answers

  1. bR34Kr's post in iMemEditor Float Tolerance was marked as the answer   
    It's probably the range/margin of error for floating point numbers. I recommend your read IEEE754
    to understand how floating point is stored on computers but TL;DR: It's very lossy. So if you store 25.5, it may not be able to exist and might go store it as 25.00000001 etc. Because of this margin of error, if thousands upon thousands of calculations are done on the value (position for example), then the error will get amplified and may change a difference of 1 in the result for example. So the tolerance would be how much you handle errors like this. A tolerance of 1 is very generous but it should be fine
  2. bR34Kr's post in How to bypass ASLR? was marked as the answer   
    To "bypass" ASLR, you need to find the ASLR offset so you can add/subtract it from your offset to know its original/ASLRed offset. To get it when hooking to a process use this function:
    _dyld_get_image_vmaddr_slide() (Info here -> https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/dyld.3.html)
    The header for it is on the manpage
     
     
    For removing it from your LLDB session you want to do
    image list PROC_NAME in LLDB (while replacing PROC_NAME with the process name). That will give you the ASLR offset for that process and you need to subtract it from every offset you get through it
  3. bR34Kr's post in IDA Pro 7.3 Assist was marked as the answer   
    Yupp exactly that. You need to install it.
  4. bR34Kr's post in IGameGod crashing searching for 1 or 0 was marked as the answer   
    Yupp that's the reason. Try installing overb0ard and expanding the memory limits for the given process, and as Rook said, there's a looooooot of results. That means it'll be a lot of toggling before you can find your value.
     
    https://github.com/Doregon/overb0ard
  5. bR34Kr's post in macOS Theos linker command error was marked as the answer   
    Using the -v option you'll see the call being made to clang and will know the libraries being linked. Either you can add SCLAlertView's files to the FILES Makefile variable so you embed it inside your binary or use the the library and link it using the LIBRARIES Makefile variable iirc.
     
    The former should be easier and a reference can be found here:
     
  6. bR34Kr's post in methods for finding offsets today? was marked as the answer   
    Yes the binary is probably not compatible with your device. You should try and find a version that works for you. Which one are you using right now?
  7. bR34Kr's post in Creating DEB hacks for unity games was marked as the answer   
    I fear that's not how your tweak should look for a Unity game. Unity games are not in ObjectiveC due to its C#/Mono dependency. Reading the tutorial on instance variables and learning C more in depth should get you on the right path for Unity game cheats. Though, for ObjC that'd be the good strategy. For using an alert you can use UIAlertView https://stackoverflow.com/questions/4463806/adding-a-simple-uialertview
  8. bR34Kr's post in How to dump encrypted metadata? was marked as the answer   
    The game uses a custom encrypted format fort he gllobal-metadata.dat as you've probably seen. I highly suggest you try to debug the game until the actual call is made to open the file (most probably via fopen) and then try to work your way from there. You should be able to be able to dump it at one point from the memory it is loaded into. Another great way for filtering out where it could be would be to
     try and find global-metadata.dat's magic bytes (the bytes that begin every file of its kind. You can try and download multiple random Unity games and analyze them and build from there) and then searching for that sequence in memory and dumping it from there.
     
    Good luck!
  9. bR34Kr's post in Help With Ted Menu Hooking was marked as the answer   
    Are you sure your hook actually works without the menu? Try hooking to the update function or another function that gets called.
  10. bR34Kr's post in Decrypt on iOS 13.6 with Odyssey was marked as the answer   
    FlexDecrypt should work. Either try running it as root or make sure you actually provide the correct path to the binary.
  11. bR34Kr's post in Can’t seem to find out what I have to modify was marked as the answer   
    Read the tutorials they should be pretty clear. In this case you'd need to hook the functions to return your own stuff or patch them
  12. bR34Kr's post in Gameguardian save value? was marked as the answer   
    The address will always change because it's allocated randomly in memory. The only way to save it is to have a static route to your value, so to do that use LLDB to search the base of your value, then finding an pointer to that base, then repeating this process until you end up with a static address. Once you do that just add, dereference, again and again and you'll be able to change your value
  13. bR34Kr's post in iOS what writes/accesses to an address War Robots was marked as the answer   
    Yes a watchpoint will "watch" an address for r/w and will tell you where that happens :)
  14. bR34Kr's post in Cheat Engine Data Explanation Needed was marked as the answer   
    Here's a brief rundown of integer types:
    Signature represents if a number has sign bit. If it's unsigned then all the bits of the bytes are used to represent your integer and the value will be positive. If the value is signed then the first bit will be used to check wheter an integer is positive or negative. So the 'S' or 'U' in front of the type represents if you want to search for unsigned or signed values 1 byte - char Represented by 1 byte in memory Goes from 0 to 255 (unsigned) Goes from -128 to 127 (signed) 2 bytes - short Represented by 2 bytes in memory Goes from 0 to 65535 (unsigned) Goes from -32768 to 32767 (signed) 4 bytes - int Represented by 4 bytes in memory Goes from 0 to 42949672955 (unsigned) Goes from -2147483648 to 2147483647 (signed) 8 bytes - int Represented by 8 bytes in memory Goes from 0 to 18446744073709551615 (unsigned) Goes from -9223372036854775808 to 9223372036854775807 (signed)  
    So to answer your question more clearly: UInt is an unsigned 4 byte integer and SInt is a signed 4 byte integer
     
    More detailed explanation here: https://en.cppreference.com/w/c/language/type
  15. bR34Kr's post in different offsets in Binary was marked as the answer   
    Remove the 10 before the offset.

     
    ^ for future reference
  16. bR34Kr's post in How do I decrypt 400MB+ apps? was marked as the answer   
    You can use FlexDecrypt https://github.com/JohnCoates/flexdecrypt
  17. bR34Kr's post in help to make zoom-out with IDA was marked as the answer   
    Unity is in a 3D environment as far as I know, so basically you want to find the function to set the Camera location. This way you can move it up or down or whatever. The reason it does that is because of ARM's way of handling floating point. I think in the Club "IDA tips" there should be something detailing your issue. But for the set location you'd want to call that function by making a function pointer to it. If it's too complicated you can find the GetCameraLocation and move on an axis but again, you are limited by the floats in ARM
  18. bR34Kr's post in unable to open output file - Theos was marked as the answer   
    It’s a bug with the Jailbreak, so you need to ReJB. As for the error, it’s as simple as not having permission to access the directory. I believe you created your project as root but you tried to compile with mobile and mobile does not have permissions to go to root’s directories. Try compiling as root. And if you want to compile as mobile then change owner to mobile for all files and directories in that project.
     
    And a small tip, add this line to your Makefile to remove armv7
    ARCHS = arm64  
  19. bR34Kr's post in Hooking problem teds template was marked as the answer   
    Doesn’t seem like you hook to the actual function inside your %ctor. You need to use the MSHookFunction function.
  20. bR34Kr's post in IOS iGMM not working! was marked as the answer   
    It's the iGMM which is not updated for the app.
  21. bR34Kr's post in Revert iOS Query was marked as the answer   
    It is impossible to do since the version isn't signed. The only way of you doing so is that you saved your blobs on that version.
×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines