Modern Combat 4 v1.2.1 Functions + Offsets

souravrockss · October 26, 2015

Cool

October 31, 2015

Can I see it?

schlumpf peter · November 29, 2015

thx

Alessandro98 · December 1, 2015

Yes

schlumpf peter · December 3, 2015

Thanks @@shmoo, posting your offsets really helps

But what I don't understand is how you find those offsets...

I used gdb to find the ammo-function but it dropped me off at 0x1c1d74 which is nowhere near C1e24 (your offset). It would be nice if you showed me how you did it

Updated December 3, 2015 by schlumpf peter

December 3, 2015

Thanks @@shmoo, posting your offsets really helps

But what I don't understand is how you find those offsets...

I used gdb to find the ammo-function but it dropped me off at 0x1c1d74 which is nowhere near C1e24 (your offset). It would be nice if you showed me how you did it

For gameloft games, avoid using iGG and GDB watchpoints. It will only drop you off at the label instead of the actual value. You can see this effect by NOP'ing the instructions near the offset you got.

I used a technique called APK compare. An APK is the android app. Basically, what I do is I open the APK binary in Hopper, and have the iOS binary open in IDA. Then I look for things that stick out in the android functions. Mostly ADDW, LDR, and STR instructions.

The thing that would stick out is the #0xYYY in the instructions. For example, LDR R0, [R4, #0x454] would stick out. But not something like LDR R0, [R4, #0x8].

Now go to IDA, and text search for LDR. Then, after that is done, create a quick filter for 0x454. Then look for the function that looks like the android function for that

schlumpf peter · December 3, 2015

For gameloft games, avoid using iGG and GDB watchpoints. It will only drop you off at the label instead of the actual value. You can see this effect by NOP'ing the instructions near the offset you got.

I used a technique called APK compare. An APK is the android app. Basically, what I do is I open the APK binary in Hopper, and have the iOS binary open in IDA. Then I look for things that stick out in the android functions. Mostly ADDW, LDR, and STR instructions.

The thing that would stick out is the #0xYYY in the instructions. For example, LDR R0, [R4, #0x454] would stick out. But not something like LDR R0, [R4, #0x8].

Now go to IDA, and text search for LDR. Then, after that is done, create a quick filter for 0x454. Then look for the function that looks like the android function for that

so basically you need an android device for iOS hacking? Are there any other methods besides gdb, igg and APK compare for finding offsets in IDA?

December 3, 2015

so basically you need an android device for iOS hacking? Are there any other methods besides gdb, igg and APK compare for finding offsets in IDA?

Nope, you don't need an android device. You can find the apks on the internet just like ios apps. And yes there are other methods: strings, fuzzy, EOR, and some others I won't dive into

schlumpf peter · December 3, 2015

Nope, you don't need an android device. You can find the apks on the internet just like ios apps. And yes there are other methods: strings, fuzzy, EOR, and some others I won't dive into

Thanks! You really are a god