Help/Support Possible Memory checks

asianqueen · May 4, 2021

So I was hacking Castlevania sotn. All watchpoint and breakpoints are flagging the same address/offset in IDA. If anybody knows how to disable a possible memory checks/glitch so it flags the correct offsets; I think I can comeup with 50+ codes for this game.

Laxus · May 4, 2021

Did you subtract aslr slide yet?

asianqueen · May 4, 2021

15 hours ago, Laxus said:

Did you subtract aslr slide yet?

Yep. All hp, mp, gold etc... are triggering the same offset address.

Alright; so here is the steps I took.

1. Make sure the game is cracked.

2. Play the game and search for the address for HP (103b4deac)

3. Launch lldb and attach the game.

4. Throw the image list to display the aslr prefix of the game.

[ 0] F8FC4D51-DA9F-3B7E-994A-3D051659E13D 0x0000000102e8c000 /private/var/containers/Bundle/Application/884C3F0B-5C80-4423-B5ED-19FB67B2F1FA/sotn_iOS.app/sotn_iOS (0x0000000102e8c000)

5. Set a watchpoint on 103b4deac and landed on
sotn_iOS`___lldb_unnamed_symbol1868$$sotn_iOS:
-> 0x102ef0818 <+1280>: b 0x102ef0870 ; <+1368>
0x102ef081c <+1284>: mov w8, #0x0
0x102ef0820 <+1288>: ubfx w10, w9, #21, #5
0x102ef0824 <+1292>: add x12, x19, #0x8 ; =0x8

6. 102ef0818 - 2e8c000 = 100064818

7. Repeat searching for the next offset for MP, Heart, etc... all landed at 102ef0818 (-> 0x102ef0818 <+1280>: b 0x102ef0870 ; <+1368>)

Updated May 5, 2021 by asianqueen
Updated with more details.