Help/Support Any good Anti-Debug for a Gameloft game ?

0xSolana · November 18, 2020

Hello,

I tried to attach a Gameloft game (Blitz Brigade) with lldb but i keep getting this error :

error: attach failed: attach failed: lost connection

I get only this message when trying debugging BBG game.

I also had the info that BBG have an anti-debug. So i installed "LetMeDebug" but the game crash when opening

I search for "Ptrace pwner" but xarold repo is dead and i couldn't find a deb for it.

So do u guys know if there is any other anti-debug to finally attach the Gameloft game ? (and if someone have the Ptrace pwner file i don't say no 🙃)

Rook · November 18, 2020

Hey!

I think @Nini has an up to date Ptrace Pwner or anti anti debugger.

0xSolana · November 20, 2020

@Nini could you please check this topic

sn0wqt · November 20, 2020

21 minutes ago, D red said:

@Nini could you please check this topic

[Tool] LetMeDebug - bypass anti debugger - Tools - iOSGods

0xSolana · November 20, 2020

Just now, Nini said:

[Tool] LetMeDebug - bypass anti debugger - Tools - iOSGods

It crashed when i open the Gameloft game...

(I also had the info that Blitz Brigade have an anti-debug. So i installed "LetMeDebug" but the game crash when opening)

sn0wqt · November 20, 2020

Just now, D red said:
It crashed when i open the Gameloft game...
(I also had the info that Blitz Brigade have an anti-debug. So i installed "LetMeDebug" but the game crash when opening)

it's not supposed to work on every game tho, for blitz brigade, I assume you need to patch aslr (anti-debugging) manually

0xSolana · November 20, 2020

8 minutes ago, Nini said:

it's not supposed to work on every game tho, for blitz brigade, I assume you need to patch aslr (anti-debugging) manually

So to do that i do like if i had to find an offset (by subtracting the aslr to the offset that I got from iGameGod ?) but then i don't know what to do ?

ps : i had to use lldb (gdb not working on my device so i can use the fonction to "bypass" the aslr)

i found that https://iosgods.com/topic/687-tool-remove-aslr-v200/

am i right ?

Updated November 20, 2020 by D red

sn0wqt · November 20, 2020

3 minutes ago, D red said:

So to do that i do like if i had to find an offset (by subtracting the aslr to the offset that I got from iGameGod ?) but then i don't know what to do ?

ps : i had to use lldb (gdb not working on my device so i can use the fonction to "bypass" the aslr)

i found that https://iosgods.com/topic/687-tool-remove-aslr-v200/

am i right ?

wait wait sorry lol, I kinda mixed sh!t up, aslr is different from anti debugging, you disable anti debugging which is most likely called syscall and some other functions close to it in certain situations, however aslr is kinda what you said, and that tool is quite old, it only works for armv7 binaries which isn't really around anymore. I cannot rlly go into details about either aslr or the anti debugging atm cuz i'm quite busy, hopefully someone will show up.

also from what I've read from you, you aren't that experienced to be able to hack Blitz Brigade at least not yet, or at least that's what I got from how you don't know what to do to the address you get from iGameGod.

0xSolana · November 20, 2020

4 minutes ago, Nini said:

wait wait sorry lol, I kinda mixed sh!t up, aslr is different from anti debugging, you disable anti debugging which is most likely called syscall and some other functions close to it in certain situations, however aslr is kinda what you said, and that tool is quite old, it only works for armv7 binaries which isn't really around anymore. I cannot rlly go into details about either aslr or the anti debugging atm cuz i'm quite busy, hopefully someone will show up.

When i looked into Blitz Brigade binary file with iDA, i found 2-3 strings with "Syscall" inside, should i RET them or NOP ? and try debugging the game after ?

Anyway, Thanks for all those explains, i will take a look on google if i can find informations about that and if not i will create a support topic and if you have time, i will tag you