Help/Support IDA Game Strings [ARM64]

driptrill · October 21, 2020

Hi, any tips on how to removed cool down?

I basically tried some tutorials i’ve seen that FMOV holds the cool down i changed the hex to this FMOV S1, #0.0 RET,i added RET because i wasn’t sure if this would fix the crash and it didn’t, NOP, FMOV S1 #0.0, it just crash (No sure if this even the right string i gave up and just searched the FMOV now we here)

https://youtu.be/1xVkMJtLqKs

Updated October 27, 2020 by driptrill

bR34Kr · November 2, 2020

Right now you are looking for a string and finding a function which references that string, after you search all the binary for the first FMOV instruction so you're deemed to fall on something completely random. What you should do is debug the game and find the value for the cooldown while searching by difference (cooldown increased / decreased etc.) and then finding which instruction actually edits the value and then patching it. Hope this helped

0xSolana · November 2, 2020

14 hours ago, bR34Kr said:

Right now you are looking for a string and finding a function which references that string, after you search all the binary for the first FMOV instruction so you're deemed to fall on something completely random. What you should do is debug the game and find the value for the cooldown while searching by difference (cooldown increased / decreased etc.) and then finding which instruction actually edits the value and then patching it. Hope this helped

i answer here because i’m trying to do the same thing.

so i have a few questions :

-by « debuging » the game you mean remove ASLR from it ?

-and how to search the cooldown ? by using GameGem/iGameGod ? or (example : Ak-47 = 2 sec reload) so i search into IDA a string with

2seconds/2sec/*similar words* ?

Thanks a lot for theses answer !

bR34Kr · November 2, 2020

4 hours ago, D red said:

i answer here because i’m trying to do the same thing.

so i have a few questions :

-by « debuging » the game you mean remove ASLR from it ?

-and how to search the cooldown ? by using GameGem/iGameGod ? or (example : Ak-47 = 2 sec reload) so i search into IDA a string with

2seconds/2sec/*similar words* ?

Thanks a lot for theses answer !

Debugging is the process of adding breakpoints / watchpoints and see how the game actually goes and does stuff.

For the reload I'd search for the Gun class (with ammo for example), and search closeby memory for constant floats or ints representing the cooldown time. Then you're in business

0xSolana · November 2, 2020

2 minutes ago, bR34Kr said:

Debugging is the process of adding breakpoints / watchpoints and see how the game actually goes and does stuff.

For the reload I'd search for the Gun class (with ammo for example), and search closeby memory for constant floats or ints representing the cooldown time. Then you're in business

Thanks,

i think i should practice on smaller task before doing cooldown hack