Jump to content

🛡️ Introducing Shiro Security - Game Security Research & Engineering

×
Community Announcements, Giveaways & More!

IDA Game Strings [ARM64]

driptrill

By driptrill
in Help & Support

5 posts in this topic

Recommended Posts

driptrill Newbie

driptrill 0

Posted
Posted

Hi, any tips on how to removed cool down? 

I basically tried some tutorials i’ve seen that FMOV holds the cool down i changed the hex to this FMOV S1, #0.0 RET,i added RET because i wasn’t sure if this would fix the crash and it didn’t, NOP, FMOV S1 #0.0, it just crash (No sure if this even the right string i gave up and just searched the FMOV now we here) 

https://youtu.be/1xVkMJtLqKs

bR34Kr Newbie

bR34Kr 19.3k

    • Posted
    Posted

    Right now you are looking for a string and finding a function which references that string, after you search all the binary for the first FMOV instruction so you're deemed to fall on something completely random. What you should do is debug the game and find the value for the cooldown while searching by difference (cooldown increased / decreased etc.) and then finding which instruction actually edits the value and then patching it. Hope this helped

    lxdx Proficient

    lxdx 27k
  •   iPhone 14 
  •   18.1

    • Posted
    Posted
    14 hours ago, bR34Kr said:

    Right now you are looking for a string and finding a function which references that string, after you search all the binary for the first FMOV instruction so you're deemed to fall on something completely random. What you should do is debug the game and find the value for the cooldown while searching by difference (cooldown increased / decreased etc.) and then finding which instruction actually edits the value and then patching it. Hope this helped

    i answer here because i’m trying to do the same thing. :)

    so i have a few questions :

    -by « debuging » the game you mean remove ASLR from it ?

    -and how to search the cooldown ? by using GameGem/iGameGod ? or (example : Ak-47 = 2 sec reload) so i search into IDA a string with

    2seconds/2sec/*similar words* ? 

     

    Thanks a lot for theses answer ! 

    bR34Kr Newbie

    bR34Kr 19.3k

    • Posted
    Posted
    4 hours ago, D red said:

    i answer here because i’m trying to do the same thing. :)

    so i have a few questions :

    -by « debuging » the game you mean remove ASLR from it ?

    -and how to search the cooldown ? by using GameGem/iGameGod ? or (example : Ak-47 = 2 sec reload) so i search into IDA a string with

    2seconds/2sec/*similar words* ? 

     

    Thanks a lot for theses answer ! 

    Debugging is the process of adding breakpoints / watchpoints and see how the game actually goes and does stuff.

     

    For the reload I'd search for the Gun class (with ammo for example), and search closeby memory for constant floats or ints representing the cooldown time. Then you're in business :)

    lxdx Proficient

    lxdx 27k
  •   iPhone 14 
  •   18.1

    • Posted
    Posted
    2 minutes ago, bR34Kr said:

    Debugging is the process of adding breakpoints / watchpoints and see how the game actually goes and does stuff.

     

    For the reload I'd search for the Gun class (with ammo for example), and search closeby memory for constant floats or ints representing the cooldown time. Then you're in business :)

    Thanks,

    i think i should practice on smaller task before doing cooldown hack :) 

    Archived

    This topic is now archived and is closed to further replies.

    Go to topic listing
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines