Modern Combat 4 v1.2.1 Functions + Offsets

[souravrockss 20 5 9.3.1]

Cool

[8435464 9 26]

Can I see it?

[schlumpf peter 596 iPad 4 8.3.0]

thx

[Alessandro98 184 12]

Yes

[schlumpf peter 596 iPad 4 8.3.0]

Thanks @@shmoo, posting your offsets really helps

But what I don't understand is how you find those offsets...

I used gdb to find the ammo-function but it dropped me off at 0x1c1d74 which is nowhere near C1e24 (your offset). It would be nice if you showed me how you did it

Updated December 3, 2015 by schlumpf peter

[Guest]

Thanks @@shmoo, posting your offsets really helps

But what I don't understand is how you find those offsets...

I used gdb to find the ammo-function but it dropped me off at 0x1c1d74 which is nowhere near C1e24 (your offset). It would be nice if you showed me how you did it

For gameloft games, avoid using iGG and GDB watchpoints. It will only drop you off at the label instead of the actual value. You can see this effect by NOP'ing the instructions near the offset you got.

 

I used a technique called APK compare. An APK is the android app. Basically, what I do is I open the APK binary in Hopper, and have the iOS binary open in IDA. Then I look for things that stick out in the android functions. Mostly ADDW, LDR, and STR instructions.

 

The thing that would stick out is the #0xYYY in the instructions. For example, LDR R0, [R4, #0x454] would stick out. But not something like LDR R0, [R4, #0x8].

 

Now go to IDA, and text search for LDR. Then, after that is done, create a quick filter for 0x454. Then look for the function that looks like the android function for that

[schlumpf peter 596 iPad 4 8.3.0]

For gameloft games, avoid using iGG and GDB watchpoints. It will only drop you off at the label instead of the actual value. You can see this effect by NOP'ing the instructions near the offset you got.

 

I used a technique called APK compare. An APK is the android app. Basically, what I do is I open the APK binary in Hopper, and have the iOS binary open in IDA. Then I look for things that stick out in the android functions. Mostly ADDW, LDR, and STR instructions.

 

The thing that would stick out is the #0xYYY in the instructions. For example, LDR R0, [R4, #0x454] would stick out. But not something like LDR R0, [R4, #0x8].

 

Now go to IDA, and text search for LDR. Then, after that is done, create a quick filter for 0x454. Then look for the function that looks like the android function for that

so basically you need an android device for iOS hacking? Are there any other methods besides gdb, igg and APK compare for finding offsets in IDA?

[Guest]

so basically you need an android device for iOS hacking? Are there any other methods besides gdb, igg and APK compare for finding offsets in IDA?

Nope, you don't need an android device. You can find the apks on the internet just like ios apps. And yes there are other methods: strings, fuzzy, EOR, and some others I won't dive into

[schlumpf peter 596 iPad 4 8.3.0]

Nope, you don't need an android device. You can find the apks on the internet just like ios apps. And yes there are other methods: strings, fuzzy, EOR, and some others I won't dive into

Thanks! You really are a god  

[schlumpf peter 596 iPad 4 8.3.0]

infinite grenades:

writeData(0x59CE4, 0x391C);

writeData(0x59CE6, 0x7047);

@@shmoo 

Updated December 4, 2015 by schlumpf peter