Jump to content

3 posts in this topic

Recommended Posts

Posted

After i loaded a binary in IDA, i search for ptrace and sysctl in Import. I did not found any ptrace but i found sysctl.

Does this mean the binary does not have any ptrace to block me from attach with gdb but it has sysctl to block it? (when i try to debugserver host: binary, i got error segment fail 11). and i foudn this too .

 BLX             _sysctl
CBZ             R0, loc_E7B194
MOV            R0, #(aSSysctlFailedW - 0xE7B18C) ; "%s: sysctl failed while trying to get k"...
MOV            R1, #(aClsprocessdebu - 0xE7B18E) ; "CLSProcessDebuggerAttached"
ADD             R0, PC  ; "%s: sysctl failed while trying to get k"...
ADD             R1, PC  ; "CLSProcessDebuggerAttached"
BL                sub_E77FF4
MOVS          R0, #0

B                  loc_E7B19E

 

any one have any idea to how deal with this

Posted

@@DarkArrow

 

Look for the function which has memset, getpid near sysctl and then NOP if you see something like this:

 

MOVS R1, #0x1F

mov #r0,0x1F

mov r1,#0x1F

Posted (edited)

@@DarkArrow

 

Look for the function which has memset, getpid near sysctl and then NOP if you see something like this:

 

MOVS R1, #0x1F

mov #r0,0x1F

mov r1,#0x1F

i am confuse.

 

@@DarkArrow

 

Look for the function which has memset, getpid near sysctl and then NOP if you see something like this:

 

MOVS R1, #0x1F

mov #r0,0x1F

mov r1,#0x1F

i dont see any thing like

MOVS R1, #0x1F

mov #r0,0x1F

mov r1,#0x1F

Also the only function i see is sub_E77FF4 and it does not contain _menset or getpid.

i look at other sub at contain sysctl but they dont have any sub around them only loc_x

 

__text:00E7B134 sub_E7B134                              ; CODE XREF: sub_E75A2C:loc_E75C24p

__text:00E7B134

__text:00E7B134 var_214         = -0x214

__text:00E7B134 var_210         = -0x210

__text:00E7B134 var_20C         = -0x20C

__text:00E7B134 var_208         = -0x208

__text:00E7B134 var_1F8         = -0x1F8

__text:00E7B134 var_1C          = -0x1C

__text:00E7B134 var_18          = -0x18

__text:00E7B134 var_14          = -0x14

__text:00E7B134 var_10          = -0x10

__text:00E7B134 var_C           = -0xC

__text:00E7B134

__text:00E7B134                 PUSH            {R4,R5,R7,LR}

__text:00E7B136                 ADD             R7, SP, #8

__text:00E7B138                 SUB.W           SP, SP, #0x20C

__text:00E7B13C                 MOVW            R0, #(:lower16:(___stack_chk_guard_ptr - 0xE7B14C))

__text:00E7B140                 MOVS            R5, #0

__text:00E7B142                 MOVT.W          R0, #(:upper16:(___stack_chk_guard_ptr - 0xE7B14C))

__text:00E7B146                 MOVS            R1, #0xE

__text:00E7B148                 ADD             R0, PC ; ___stack_chk_guard_ptr

__text:00E7B14A                 LDR             R4, [R0] ; ___stack_chk_guard

__text:00E7B14C                 LDR             R0, [R4]

__text:00E7B14E                 STR             R0, [sP,#0x214+var_C]

__text:00E7B150                 MOVS            R0, #1

__text:00E7B152                 STR             R0, [sP,#0x214+var_1C]

__text:00E7B154                 STR             R1, [sP,#0x214+var_18]

__text:00E7B156                 STR             R5, [sP,#0x214+var_1F8]

__text:00E7B158                 STR             R0, [sP,#0x214+var_14]

__text:00E7B15A                 BLX             _getpid

__text:00E7B15E                 STR             R0, [sP,#0x214+var_10]

__text:00E7B160                 MOV.W           R0, #0x1EC

__text:00E7B164                 STR             R0, [sP,#0x214+var_20C]

__text:00E7B166                 ADD             R0, SP, #0x214+var_1C ; int *

__text:00E7B168                 ADD             R2, SP, #0x214+var_208 ; void *

__text:00E7B16A                 ADD             R3, SP, #0x214+var_20C ; size_t *

__text:00E7B16C                 MOVS            R1, #4  ; u_int

__text:00E7B16E                 STR             R5, [sP,#0x214+var_214] ; void *

__text:00E7B170                 STR             R5, [sP,#0x214+var_210] ; size_t

__text:00E7B172                 BLX             _sysctl

__text:00E7B176                 CBZ             R0, loc_E7B194

__text:00E7B178                 MOV             R0, #(aSSysctlFailedW - 0xE7B18C) ; "%s: sysctl failed while trying to get k"...

__text:00E7B180                 MOV             R1, #(aClsprocessdebu - 0xE7B18E) ; "CLSProcessDebuggerAttached"

__text:00E7B188                 ADD             R0, PC  ; "%s: sysctl failed while trying to get k"...

__text:00E7B18A                 ADD             R1, PC  ; "CLSProcessDebuggerAttached"

__text:00E7B18C                 BL              sub_E77FF4

__text:00E7B190                 MOVS            R0, #0

__text:00E7B192                 B               loc_E7B19E

__text:00E7B194 ; ---------------------------------------------------------------------------

__text:00E7B194

__text:00E7B194 loc_E7B194                              ; CODE XREF: sub_E7B134+42j

__text:00E7B194                 LDRB.W          R0, [sP,#0x214+var_1F8+1]

__text:00E7B198                 AND.W           R0, R0, #8

__text:00E7B19C                 LSRS            R0, R0, #3

__text:00E7B19E

__text:00E7B19E loc_E7B19E                              ; CODE XREF: sub_E7B134+5Ej

__text:00E7B19E                 LDR             R1, [sP,#0x214+var_C]

__text:00E7B1A0                 LDR             R2, [R4]

__text:00E7B1A2                 SUBS            R1, R2, R1

__text:00E7B1A4                 ITT EQ

__text:00E7B1A6                 ADDEQ.W         SP, SP, #0x20C

__text:00E7B1AA                 POPEQ           {R4,R5,R7,PC}

__text:00E7B1AC                 BLX             ___stack_chk_fail

__text:00E7B1AC ; End of function sub_E7B134

__text:00E7B1AC

 

PS this sub is being by another that have this

text:00E75C24 loc_E75C24                              ; CODE XREF: sub_E75A2C+1DCj

__text:00E75C24                 BL              sub_E7B134

__text:00E75C28                 LDR             R1, [R5]

__text:00E75C2A                 STRB            R0, [R1,#1]

__text:00E75C2C                 LDR             R0, [R5]

__text:00E75C2E                 LDR.W           R1, [R8,#4]

__text:00E75C32                 STR             R1, [R0,#0x10]

__text:00E75C34                 LDR.W           R1, [R8,#0xC]

__text:00E75C38                 STR             R1, [R0,#0x14]

__text:00E75C3A                 LDRB.W          R1, [R8,#8]

__text:00E75C3E                 STRB            R1, [R0,#0x18]

__text:00E75C40                 ADDS            R0, #0x34

__text:00E75C42                 BL              sub_E762C8

__text:00E75C46                 LDRD.W          R0, R1, [R5]

__text:00E75C4A                 MOVW            R2, #0x3008

__text:00E75C4E                 ADD             R1, R2

__text:00E75C50                 ADD.W           R0, R0, #0x184

__text:00E75C54                 BL              sub_E7E22C

__text:00E75C58                 LDRD.W          R0, R1, [R5]

__text:00E75C5C                 ADDS            R1, #8

__text:00E75C5E                 ADDS            R0, #0x1C

__text:00E75C60                 BL              sub_E5FB3C

__text:00E75C64                 LDR             R0, [R5]

__text:00E75C66                 LDRB            R1, [R0,#1]

__text:00E75C68                 CMP             R1, #0

__text:00E75C6A                 BEQ             loc_E75C86

__text:00E75C6C                 MOV             R0, #(aSDebuggerPrese - 0xE75C80) ; "%s: Debugger present - not installing h"...

__text:00E75C74                 MOV             R1, #(aClscontextinit - 0xE75C82) ; "CLSContextInitialize"

__text:00E75C7C                 ADD             R0, PC  ; "%s: Debugger present - not installing h"...

__text:00E75C7E                 ADD             R1, PC  ; "CLSContextInitialize"

__text:00E75C80                 BL              sub_E77FF4

__text:00E75C84                 B               loc_E75CAC

Updated by DarkArrow

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Our picks

    • Slay Quest v1.3.12 [+3 Cheats]
      Modded/Hacked App: Slay Quest By Quest Lab Games Korlatolt Felelossegu Tarsasag
      Bundle ID: com.questlab.slayquest
      App Store Link: https://apps.apple.com/us/app/slay-quest/id6670221918?uo=4



      🤩 Hack Features

      - Unlimited Resources
      - Never Die
      - One Hit Kill
       
      • 7 replies
    • Slay Quest v1.3.12 [+3 Jailed Cheats]
      Modded/Hacked App: Slay Quest By Quest Lab Games Korlatolt Felelossegu Tarsasag
      Bundle ID: com.questlab.slayquest
      App Store Link: https://apps.apple.com/us/app/slay-quest/id6670221918?uo=4

       

      🤩 Hack Features

      - Unlimited Resources
      - Never Die
      - One Hit Kill
      • 5 replies
    • Forest Survival - Zombie War v4.0 [+3 Cheats]
      Modded/Hacked App: Forest Survival - Zombie War By APPWILL COMPANY LTD
      Bundle ID: com.g1.forest.survival
      App Store Link: https://apps.apple.com/us/app/forest-survival-zombie-war/id6450904348?uo=4



      🤩 Hack Features

      - Enemy Can't Attack
      - Add Resources
      - Auto Win
       
      • 2 replies
    • Forest Survival - Zombie War v4.0 [+3 Jailed Cheats]
      Modded/Hacked App: Forest Survival - Zombie War By APPWILL COMPANY LTD
      Bundle ID: com.g1.forest.survival
      App Store Link: https://apps.apple.com/us/app/forest-survival-zombie-war/id6450904348?uo=4



      🤩 Hack Features

      - Enemy Can't Attack
      - Add Resources
      - Auto Win
      • 3 replies
    • NFL Rivals 26 Mobile Football v3.2.3 [ +3 Cheats ] AI Stupid
      Modded/Hacked App: NFL Rivals - Football Game By Mythical, Inc.
      Bundle ID: com.mythical.superteam
      iTunes Store Link: https://apps.apple.com/us/app/nfl-rivals-football-game/id1640028998?uo=4


      Hack Features:
      - AI ON Your Team 
      - Tackle 
      - No Interceptions
      • 66 replies
    • NFL Rivals 26 Mobile Football v3.2.3 [ +3 Jailed ] AI Stupid
      Modded/Hacked App: NFL Rivals - Football Game By Mythical, Inc.
      Bundle ID: com.mythical.superteam
      iTunes Store Link: https://apps.apple.com/us/app/nfl-rivals-football-game/id1640028998?uo=4


      Hack Features:

      - AI ON Your Team 
      - Tackle No
      - No Interceptions
      • 66 replies
    • Legend of Gladiator v1.7.0 [+5 Jailed Cheats]
      Modded/Hacked App: Legend of Gladiator By TapNation
      Bundle ID: com.onestepstudio.legendofgladiator
      App Store Link: https://apps.apple.com/us/app/legend-of-gladiator/id6745028264?uo=4



      🤩 Hack Features

      - Add Gems
      - Add Gold
      - Never Die
      - No Stamina Cost (Enable inside battle)
      - Remove Ads (Not rewarded)
      • 18 replies
    • Legend of Gladiator v1.7.0 [+5 Cheats]
      Modded/Hacked App: Legend of Gladiator By TapNation
      Bundle ID: com.onestepstudio.legendofgladiator
      App Store Link: https://apps.apple.com/us/app/legend-of-gladiator/id6745028264?uo=4

       

      🤩 Hack Features

      - Add Gems
      - Add Gold
      - Never Die
      - No Stamina Cost (Enable inside battle)
      - Remove Ads (Not rewarded)
      • 4 replies
    • Defense Legend 5: TD Strategy v1.0.44 [ +14 Cheats ] Currency Max
      Modded/Hacked App: Defense Legend 5: Survivor TD By GCENTER VIET NAM TECHNOLOGY JOINT STOCK COMPANY
      Bundle ID: com.Gcenter.DefenseLegend.TowerDefense.TD.survivor.V5
      App Store Link: https://apps.apple.com/us/app/defense-legend-5-survivor-td/id6449526611?uo=4

      🤩 Hack Features

      - ADS NO / Rewards Free
      - Unlimited Currency
      - Unlimited Resources
      - Heroes Unlocked
      - Heroes Skin Unlocked
      - Gun Unlocked
      - Unlimited Battle Items
      - Unlimited Skill Points
      - Premium Pass Active
      - Premium Pass / Claim Unlimited
      - Free Pass / Claim Unlimited
      - Unlimited Battle Cash / Sell Tower
      - Unlimited Tower Range
      • 2 replies
    • Defense Legend 5: TD Strategy v1.0.44 [ +14 Jailed ] Currency Max
      Modded/Hacked App: Defense Legend 5: Survivor TD By GCENTER VIET NAM TECHNOLOGY JOINT STOCK COMPANY
      Bundle ID: com.Gcenter.DefenseLegend.TowerDefense.TD.survivor.V5
      App Store Link: https://apps.apple.com/us/app/defense-legend-5-survivor-td/id6449526611?uo=4

      🤩 Hack Features

      - ADS NO / Rewards Free
      - Unlimited Currency
      - Unlimited Resources
      - Heroes Unlocked
      - Heroes Skin Unlocked
      - Gun Unlocked
      - Unlimited Battle Items
      - Unlimited Skill Points
      - Premium Pass Active
      - Premium Pass / Claim Unlimited
      - Free Pass / Claim Unlimited
      - Unlimited Battle Cash / Sell Tower
      - Unlimited Tower Range
      • 3 replies
    • Gear Truck! v1.0.20 [+3 Jailed Cheats]
      Modded/Hacked App: Gear Truck! By treeplla Inc.
      Bundle ID: com.tree.hybrid.geartank
      App Store Link: https://apps.apple.com/us/app/gear-truck/id6747216965?uo=4



      🤩 Hack Features

      - Never Die
      - High Wheel Speed Gain
      - One Hit Kill
      • 4 replies
    • Gear Truck! v1.0.20 [+3 Cheats]
      Modded/Hacked App: Gear Truck! By treeplla Inc.
      Bundle ID: com.tree.hybrid.geartank
      App Store Link: https://apps.apple.com/us/app/gear-truck/id6747216965?uo=4



      🤩 Hack Features

      - Never Die
      - High Wheel Speed Gain
      - One Hit Kill
       
      • 4 replies
×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines