Jump to content

3 posts in this topic

Recommended Posts

Posted

After i loaded a binary in IDA, i search for ptrace and sysctl in Import. I did not found any ptrace but i found sysctl.

Does this mean the binary does not have any ptrace to block me from attach with gdb but it has sysctl to block it? (when i try to debugserver host: binary, i got error segment fail 11). and i foudn this too .

 BLX             _sysctl
CBZ             R0, loc_E7B194
MOV            R0, #(aSSysctlFailedW - 0xE7B18C) ; "%s: sysctl failed while trying to get k"...
MOV            R1, #(aClsprocessdebu - 0xE7B18E) ; "CLSProcessDebuggerAttached"
ADD             R0, PC  ; "%s: sysctl failed while trying to get k"...
ADD             R1, PC  ; "CLSProcessDebuggerAttached"
BL                sub_E77FF4
MOVS          R0, #0

B                  loc_E7B19E

 

any one have any idea to how deal with this

Posted

@@DarkArrow

 

Look for the function which has memset, getpid near sysctl and then NOP if you see something like this:

 

MOVS R1, #0x1F

mov #r0,0x1F

mov r1,#0x1F

Posted (edited)

@@DarkArrow

 

Look for the function which has memset, getpid near sysctl and then NOP if you see something like this:

 

MOVS R1, #0x1F

mov #r0,0x1F

mov r1,#0x1F

i am confuse.

 

@@DarkArrow

 

Look for the function which has memset, getpid near sysctl and then NOP if you see something like this:

 

MOVS R1, #0x1F

mov #r0,0x1F

mov r1,#0x1F

i dont see any thing like

MOVS R1, #0x1F

mov #r0,0x1F

mov r1,#0x1F

Also the only function i see is sub_E77FF4 and it does not contain _menset or getpid.

i look at other sub at contain sysctl but they dont have any sub around them only loc_x

 

__text:00E7B134 sub_E7B134                              ; CODE XREF: sub_E75A2C:loc_E75C24p

__text:00E7B134

__text:00E7B134 var_214         = -0x214

__text:00E7B134 var_210         = -0x210

__text:00E7B134 var_20C         = -0x20C

__text:00E7B134 var_208         = -0x208

__text:00E7B134 var_1F8         = -0x1F8

__text:00E7B134 var_1C          = -0x1C

__text:00E7B134 var_18          = -0x18

__text:00E7B134 var_14          = -0x14

__text:00E7B134 var_10          = -0x10

__text:00E7B134 var_C           = -0xC

__text:00E7B134

__text:00E7B134                 PUSH            {R4,R5,R7,LR}

__text:00E7B136                 ADD             R7, SP, #8

__text:00E7B138                 SUB.W           SP, SP, #0x20C

__text:00E7B13C                 MOVW            R0, #(:lower16:(___stack_chk_guard_ptr - 0xE7B14C))

__text:00E7B140                 MOVS            R5, #0

__text:00E7B142                 MOVT.W          R0, #(:upper16:(___stack_chk_guard_ptr - 0xE7B14C))

__text:00E7B146                 MOVS            R1, #0xE

__text:00E7B148                 ADD             R0, PC ; ___stack_chk_guard_ptr

__text:00E7B14A                 LDR             R4, [R0] ; ___stack_chk_guard

__text:00E7B14C                 LDR             R0, [R4]

__text:00E7B14E                 STR             R0, [sP,#0x214+var_C]

__text:00E7B150                 MOVS            R0, #1

__text:00E7B152                 STR             R0, [sP,#0x214+var_1C]

__text:00E7B154                 STR             R1, [sP,#0x214+var_18]

__text:00E7B156                 STR             R5, [sP,#0x214+var_1F8]

__text:00E7B158                 STR             R0, [sP,#0x214+var_14]

__text:00E7B15A                 BLX             _getpid

__text:00E7B15E                 STR             R0, [sP,#0x214+var_10]

__text:00E7B160                 MOV.W           R0, #0x1EC

__text:00E7B164                 STR             R0, [sP,#0x214+var_20C]

__text:00E7B166                 ADD             R0, SP, #0x214+var_1C ; int *

__text:00E7B168                 ADD             R2, SP, #0x214+var_208 ; void *

__text:00E7B16A                 ADD             R3, SP, #0x214+var_20C ; size_t *

__text:00E7B16C                 MOVS            R1, #4  ; u_int

__text:00E7B16E                 STR             R5, [sP,#0x214+var_214] ; void *

__text:00E7B170                 STR             R5, [sP,#0x214+var_210] ; size_t

__text:00E7B172                 BLX             _sysctl

__text:00E7B176                 CBZ             R0, loc_E7B194

__text:00E7B178                 MOV             R0, #(aSSysctlFailedW - 0xE7B18C) ; "%s: sysctl failed while trying to get k"...

__text:00E7B180                 MOV             R1, #(aClsprocessdebu - 0xE7B18E) ; "CLSProcessDebuggerAttached"

__text:00E7B188                 ADD             R0, PC  ; "%s: sysctl failed while trying to get k"...

__text:00E7B18A                 ADD             R1, PC  ; "CLSProcessDebuggerAttached"

__text:00E7B18C                 BL              sub_E77FF4

__text:00E7B190                 MOVS            R0, #0

__text:00E7B192                 B               loc_E7B19E

__text:00E7B194 ; ---------------------------------------------------------------------------

__text:00E7B194

__text:00E7B194 loc_E7B194                              ; CODE XREF: sub_E7B134+42j

__text:00E7B194                 LDRB.W          R0, [sP,#0x214+var_1F8+1]

__text:00E7B198                 AND.W           R0, R0, #8

__text:00E7B19C                 LSRS            R0, R0, #3

__text:00E7B19E

__text:00E7B19E loc_E7B19E                              ; CODE XREF: sub_E7B134+5Ej

__text:00E7B19E                 LDR             R1, [sP,#0x214+var_C]

__text:00E7B1A0                 LDR             R2, [R4]

__text:00E7B1A2                 SUBS            R1, R2, R1

__text:00E7B1A4                 ITT EQ

__text:00E7B1A6                 ADDEQ.W         SP, SP, #0x20C

__text:00E7B1AA                 POPEQ           {R4,R5,R7,PC}

__text:00E7B1AC                 BLX             ___stack_chk_fail

__text:00E7B1AC ; End of function sub_E7B134

__text:00E7B1AC

 

PS this sub is being by another that have this

text:00E75C24 loc_E75C24                              ; CODE XREF: sub_E75A2C+1DCj

__text:00E75C24                 BL              sub_E7B134

__text:00E75C28                 LDR             R1, [R5]

__text:00E75C2A                 STRB            R0, [R1,#1]

__text:00E75C2C                 LDR             R0, [R5]

__text:00E75C2E                 LDR.W           R1, [R8,#4]

__text:00E75C32                 STR             R1, [R0,#0x10]

__text:00E75C34                 LDR.W           R1, [R8,#0xC]

__text:00E75C38                 STR             R1, [R0,#0x14]

__text:00E75C3A                 LDRB.W          R1, [R8,#8]

__text:00E75C3E                 STRB            R1, [R0,#0x18]

__text:00E75C40                 ADDS            R0, #0x34

__text:00E75C42                 BL              sub_E762C8

__text:00E75C46                 LDRD.W          R0, R1, [R5]

__text:00E75C4A                 MOVW            R2, #0x3008

__text:00E75C4E                 ADD             R1, R2

__text:00E75C50                 ADD.W           R0, R0, #0x184

__text:00E75C54                 BL              sub_E7E22C

__text:00E75C58                 LDRD.W          R0, R1, [R5]

__text:00E75C5C                 ADDS            R1, #8

__text:00E75C5E                 ADDS            R0, #0x1C

__text:00E75C60                 BL              sub_E5FB3C

__text:00E75C64                 LDR             R0, [R5]

__text:00E75C66                 LDRB            R1, [R0,#1]

__text:00E75C68                 CMP             R1, #0

__text:00E75C6A                 BEQ             loc_E75C86

__text:00E75C6C                 MOV             R0, #(aSDebuggerPrese - 0xE75C80) ; "%s: Debugger present - not installing h"...

__text:00E75C74                 MOV             R1, #(aClscontextinit - 0xE75C82) ; "CLSContextInitialize"

__text:00E75C7C                 ADD             R0, PC  ; "%s: Debugger present - not installing h"...

__text:00E75C7E                 ADD             R1, PC  ; "CLSContextInitialize"

__text:00E75C80                 BL              sub_E77FF4

__text:00E75C84                 B               loc_E75CAC

Updated by DarkArrow

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Our picks

    • Homematch - Home Design Games v2.17.2 +2 Jailed Cheats [ Unlimited Currencies ]
      Modded/Hacked App: Homematch - Home Design Games By TAPBLAZE, LLC
      Bundle ID: com.tapblaze.homecraft
      iTunes Store Link: https://apps.apple.com/us/app/homematch-home-design-games/id1438898374?uo=4


      Hack Features:
      - Unlimited Coins
      - Unlimited Gems


      Jailbreak required hack(s): [Mod Menu Hack] Homematch - Home Design Games v1.92.3 +2 Cheats [ Unlimited Currencies ] - Free Jailbroken Cydia Cheats - iOSGods
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
        • Like
      • 13 replies
    • Homematch - Home Design Games v2.17.2 +2 Cheats [ Unlimited Currencies ]
      Modded/Hacked App: Homematch - Home Design Games By TAPBLAZE, LLC
      Bundle ID: com.tapblaze.homecraft
      iTunes Store Link: https://apps.apple.com/us/app/homematch-home-design-games/id1438898374?uo=4


      Hack Features:
      - Unlimited Coins
      - Unlimited Gems


      Non-Jailbroken & No Jailbreak required hack(s): [Non-Jailbroken Hack] Homematch - Home Design Games v1.92.3 +2 Jailed Cheats [ Unlimited Currencies ] - Free Non-Jailbroken IPA Cheats - iOSGods
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
      • 7 replies
    • Hero's Adventure v1.2.117 +6 Jailed Cheats [ Damage & Defence ]
      Modded/Hacked App: Hero's Adventure By X.D. Network Inc.
      Bundle ID: com.xd.dxlzz.global
      iTunes Store Link: https://apps.apple.com/us/app/heros-adventure/id6711347049?uo=4

       


      🤩 Hack Features

      - Damage Multiplier
      - Defence Multiplier
      - Give All Items -> Head into Settings > Other and toggle the User Agreement button.
      - Unlock All Achievements -> Head into Settings > Other and toggle the Privacy Policy button.
      -- All DLC Purchased
      -- Guest Login Enabled
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 138 replies
    • Hero's Adventure v1.2.117 +6 Cheats [ Damage & Defence ]
      Modded/Hacked App: Hero's Adventure By X.D. Network Inc.
      Bundle ID: com.xd.dxlzz.global
      iTunes Store Link: https://apps.apple.com/us/app/heros-adventure/id6711347049?uo=4

       
       

      🤩 Hack Features

      - Damage Multiplier
      - Defence Multiplier
      - Give All Items -> Head into Settings > Other and toggle the User Agreement button.
      - Unlock All Achievements -> Head into Settings > Other and toggle the Privacy Policy button.
      -- All DLC Purchased
      -- Guest Login Enabled
        • Informative
        • Agree
        • Thanks
        • Winner
        • Like
      • 31 replies
    • Pal Go: Tower Defense TD v0.3.86 [+7 Cheats]
      Modded/Hacked App: Pal Go: Tower Defense TD By Playwind Ltd
      Bundle ID: com.playwindgames.freedefender
      iTunes Store Link: https://apps.apple.com/us/app/pal-go-tower-defense-td/id6479316663?uo=4


       

      🚀 Hack Features

      - [VIP] Freeze Currency (Currency will not decrease when used)

      - [VIP] Currency Always Enough (Buy even when you don't have enough currency)

      - [Free] Higher Recruit Energy (Gives 500 Recruit Energy Every Wave)

      - [Free] Always Can Drag Hero

      - [Free] Skip Ads

      - [Free] No Attack Cooldown

      - [Free] Global Speed Multiplier (Enable Inside Battle)

       

      Warning


      Do not use on main account. There is a chance of ban. Not responsible for any bans.

       


      🍏 For Non-Jailbroken & No Jailbreak required hacks: https://iosgods.com/forum/79-no-jailbreak-section/
      🤖 Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        • Informative
        • Agree
        • Thanks
        • Winner
        • Like
      • 54 replies
    • Pal Go: Tower Defense TD v0.3.86 [+7 Jailed Cheats]
      Modded/Hacked App: Pal Go: Tower Defense TD By Playwind Ltd
      Bundle ID: com.playwindgames.freedefender
      iTunes Store Link: https://apps.apple.com/us/app/pal-go-tower-defense-td/id6479316663?uo=4


       

      Hack Features

      - [VIP] Freeze Currency (Currency will not decrease when used)

      - [VIP] Currency Always Enough (Buy even when you don't have enough currency)

      - [Free] Higher Recruit Energy (Gives 500 Recruit Energy Every Wave)

      - [Free] Always Can Drag Hero

      - [Free] Skip Ads

      - [Free] No Attack Cooldown

      - [Free] Global Speed Multiplier (Enable Inside Battle)

       

      Warning


      Do not use on main account. There is a chance of ban. Not responsible for any bans.

       

      Jailbreak required iOS hacks: https://iosgods.com/forum/5-game-cheats-hack-requests/
      Modded Android APKs: https://iosgods.com/forum/68-android-section/
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 79 replies
    • Exfil: Loot & Extract v6.1.1 Debug Menu [+10 Cheats]
      Modded/Hacked App: Exfil: Loot & Extract By Kwalee Ltd
      Bundle ID: com.eightsec.roguehero
      iTunes Store Link: https://apps.apple.com/us/app/exfil-loot-extract/id6448720577?uo=4


       

      🤩 Hack Features

      - Debug Menu (Enable and debug menu will appear)
       
        • Agree
        • Thanks
        • Winner
        • Like
      • 17 replies
    • Exfil: Loot & Extract v6.1.1 Debug Menu [+10 Jailed Cheats]
      Modded/Hacked App: Exfil: Loot & Extract By Kwalee Ltd
      Bundle ID: com.eightsec.roguehero
      iTunes Store Link: https://apps.apple.com/us/app/exfil-loot-extract/id6448720577?uo=4

       

      🤩 Hack Features

      - Debug Menu (Enable and debug menu will appear)
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 18 replies
    • Eterspire - Fantasy MMORPG v54.0 +2 Jailed Cheats [ Damage & Defence ]
      Modded/Hacked App: Eterspire - Fantasy MMORPG By Stonehollow Workshop LLC
      Bundle ID: com.stonehollow-workshop.Eterspire
      iTunes Store Link: https://apps.apple.com/us/app/eterspire-fantasy-mmorpg/id1658183817?uo=4

       
       

      🤩 Hack Features

      - Damage Multiplier
      - Defence Multiplier
        • Informative
        • Agree
        • Like
      • 24 replies
    • Eterspire - Fantasy MMORPG v54.0 +2 Cheats [ Damage & Defence ]
      Modded/Hacked App: Eterspire - Fantasy MMORPG By Stonehollow Workshop LLC
      Bundle ID: com.stonehollow-workshop.Eterspire
      iTunes Store Link: https://apps.apple.com/us/app/eterspire-fantasy-mmorpg/id1658183817?uo=4

       
       

      🤩 Hack Features

      - Damage Multiplier
      - Defence Multiplier
        • Agree
        • Thanks
        • Winner
        • Like
      • 95 replies
    • Modern Warships Cheats v0.94.2 +7
      Modded/Hacked App: Modern Warships By Sergiy Petrov
      Bundle ID: com.Shooter.ModernWarships
      iTunes Store Link: https://apps.apple.com/us/app/modern-warships/id1541751298?uo=4


      Hack Features:
      - Multiply Attack
      - Multiply Defense
      - Infinite Ammo
      - No Reload
      - Freeze Boosters
      - Free Subscription?
       + 10% EXP
       + 50% Cash + Gold


      iOS Hack Download Link: https://iosgods.com/topic/146309-modern-warships-cheats-v0450-6/
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 1,251 replies
    • Subway Surfers v3.48.10 +22 Jailed Cheats [ Currencies + More ]
      Modded/Hacked App: Subway Surfers By Sybo Games ApS
      Bundle ID: com.kiloo.subwaysurfers
      iTunes Store Link: https://apps.apple.com/us/app/subway-surfers/id512939461?uo=4


      Hack Features:
      - Unlimited Currencies
      - Freeze Currencies
      - Free In-App Purchases
      - All Characters Unlocked
      - All Boards Unlocked
      - God Mode
      - No Stumble
      - Score Multiplier
      - Speed Multiplier
      - Gravity Multiplier
      - Jump Height Multiplier
      - Air Jump Height Multiplier
      - Unlimited Jumps
      - Unlimited Powers
      - Instant Lane Change
      - Freeze Trains
      - No Clip
      - Disable All Pickup
      - No Revive Cost
      - Unlimited Jetpack Time
      - Camera Stops
      - Camera Follows


      Jailbreak required hack(s): [Mod Menu Hack] Subway Surfers v3.40.0 +20 Cheats [ Currencies + More ] - ViP Cheats - iOSGods
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 48 replies
×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines