Jump to content
  • Sky
  • Mint
  • Azure
  • Indigo
  • Blueberry
  • Blackcurrant
  • Watermelon
  • Strawberry
  • Pomegranate
  • Ruby Red
  • Orange
  • Banana
  • Apple
  • Emerald
  • Teal
  • Chocolate
  • Slate
  • Midnight
  • Maastricht
  • Charcoal
  • Matte Black
ZahirSher

TuT IDA Hacking Tutorial #2

By ZahirSher , in Tutorials

21 posts in this topic

Recommended Posts

ZahirSher     122,686

ZahirSher
Posted

My old tutorial xD when I was extremely n00b but might help :)

Requirements:
- IDA Pro/Demo - Demo just works fine xD
- Hex Editor
- Arm Converter (http://armconverter.com/)
- The game you are hacking
- The cracked binary of that game ( I am using Infection )

Instructions:
1. Open IDA and Copy the binary inside IDA
2. See the settings here:

Jwk6uFV.jpg




3. After that the IDA will start loading and wait until it finishes loading fully
4. Now after everything is loaded, you can search for anything you like [Press Alt+T to search]
5. Since the game I am hacking is Infection, the main thing in there is DNA
6. So I will search for DNA
7. Now it's time to find the right function, I have found this function called DNA - SPEND
8. Which means this function represents when you Spend your DNA what happens
9. Now this is the function:

v9fTXzS.jpg



10. As the function says spend it means it subtracts :)
11. So the only subtraction function is SUBS r0, r2, r0
12. Highlight that function and go to Hex View-A (At the top category)
13. This is how it looks like in Hex View-A:

I1Hyya5.jpg



14. Now go back to IDA View and copy the function (SUBS R0, R2, R0)
15. Open up http://armconverter.tk or ARM To Hex and paste the function there
16. Click submit and it show Thumb Output there which is 101A
17. Go to Hex View-A again and check if it's same as the one which showed in armconverter.tk
18. Now it's time to hack the function
19. Open up Hex Editor and copy the binary inside
20. Now it's time to locate the place of the function in Hex Editor
21. You can find the hex location from here:

ejBKleC.jpg



22. Now go to Hex Editor and go to Search > Go to...

oDz6lls.jpg



23. Now write the location you have found in IDA:

V44ZMkY.jpg



24. Now it will take you to the right location that you have found in IDA
25. Now it's time to hack that function

There are several ways to hack it (The Ones I have learnt till now):




1. SUBS R0, R2, R0   =>  ADD R0, R2, R0 [In HEX: 1018] (It will give you the money it took instead of substracting)
2. SUBS R0, R2, R0   =>  MOVS  R0, R7 [In Hex: 38 1C] (Will give you millions instead of substracting)
3. SUBS R0, R2, R0   =>  NOP [In Hex: C0 46] (it will be FREE)

26. Now change the function SUBS to any of them you like!
27. When you have changed it will be red (The place you have changed)
28. Now you can save it and go test your hack
29. Enjoy!

----------------------

There is another method you can use :)

STR R0, [1] - Stored 0 in 1
Change it to STR R7, [1] - Stores 668 Millon in 1 :p

Done! xD

IDA Hacking Tutorial #3: http://iosgods.com/topic/1470-tutorial-ida-hacking-tutorial-3/

  • Like 2
  • Upvote 9
  • Informative 1

Share this post

Link to post
Share on other sites

Rinoqp    4

Rinoqp
Posted

I have a question every time I open Ida pro with a cracked file it opens everything looking like this

ADD X29, X21 why are they not R1 and R2 I have watched every video on YouTube and looked at every post I could find on this website so I got the basics of doing it but I can't change anything because it is all X and numbers instead of R0 please help

Share this post

Link to post
Share on other sites

Goggwell    11,414

Goggwell
Posted

I have a question every time I open Ida pro with a cracked file it opens everything looking like this

ADD X29, X21 why are they not R1 and R2 I have watched every video on YouTube and looked at every post I could find on this website so I got the basics of doing it but I can't change anything because it is all X and numbers instead of R0 please help

Cause you're looking at the ARM64 portion of the binary. If you want to see Rs instead of Xs and Ws, use the 32-bit portion

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing Tutorials

  • Similar Content

    • Zimon
      [Starter Pack] iOS Hacking [IDA, MS, MS HOOK, ETC]
      By Zimon
      This is a start pack/list with everything about iOS Hacking. We will try and keep this up to date as much as we can but you should also always use the search function on iOSGods to find new topics. If you have any questions or problems, make a Help & Support topic. We also have a Coding Center where people share their offsets and code for you to study and learn.

      Here is a list of some general tools/requirements for hacking iOS applications:
       
      How to Install Theos: 
       
       

      Have you never hacked on iOS? This is what I recommend you do:
       
       
       
       
      After that you've practiced the previous method of hacking (MS) on multiple games, you are ready to move on to the "next step", which is MS Hooking.
       
       
      Now when you know how to hack a game using MS hooking, you are ready for the last step, which is hacking games using IDA.
       
      How to Hack Games with IDA:
       
       
       
      Other useful things to know: 
       
      How to Thin a Binary:
       
      How to Crack an Application: 
       
      How to Remove ASLR from a Binary:
       
    • Basmal121
      Easier way to run theos (shortened command)
      By Basmal121
      Instead of typing /var/theos/bin/nic.pl every time you want to run theos...
      1. Open iFile or FIlza File Manager, then navigate to /bin
      2. Make a new file named "theos"
      2. Open file with text editor and Inside the file, type
      /var/theos/bin/nic.pl Note: If You are using Filza Set the permission of the file to 0777. Thanks @Amuyea
      Now, whenever you want to run theos, just type "theos" in any Terminal.
    • Najku
      Banned? No worries, look here! Get unbanned from Apps! [2018 UPDATE]
      By Najku
      UPDATED AS OF 2018
       
      This method will probably ALWAYS work. I've read through some of the comments and people say they aren't unbanned. Most game developers ban both your device and your account, some only your device or your account. This method can't unban your account ( no method can ). But it clears your phone, so you are able to play the game, on a new account ofcourse.
       
       
       
       
      So, first of all, there are probably many different guides out there regarding how to remove your own bans.

      Now, I have found a way, that is in my opinion the most effective way to get rid of a ban AND it always works. No matter what ban you get, this will remove it, unless you are IP (then just switch to Mobile Networkd if it happened at home, or the other way around). Some people mean this is too much, and not needed and what not, but I mean that, if you want to get unbanned, then why not? It takes 2 minute of your time, and you're done.

      Now, this method will remove all saved passwords/information on your phone. Meaning you will have to type in your iCloud credentials, Facebook, WiFi Password & whatever else you have. It could possibly cause even more issues with your iDevice so use this at your own risk. 
       
       
      I have heard people are having issues with this method. Again, I warn you to use this method as unexpected issues can occur if you use this method. There are other, easier methods you should try first, and ask around. I posted this since I have friends in different countries with no real knowledge about anything regarding this. So the easiest way for them to do it, is to remove the Keychains. I myself use this method aswell, without anything happened, except loosing some game data and passwords.
       
      You have been warned.
      MAKE SURE TO ALWAYS MAKE A BACKUP
       
      USE AT OWN RISK
      A safer way to do this is to remove the App's tables via a SQL command like on this topic which shows you how to get unbanned from Gameloft Games: http://iosgods.com/topic/5595-tutorial-how-to-get-unbanned-from-gameloft-games-on-your-idevice/
       
      This method can be called "hardcore" as it removes Data from your phone. You can read more about it if you just google it. I highly recommend using the above method before anything else. This method will work, if you really really like a game and will go through hell to be unbanned.
      This method can also remove your Game Data of some games. For example Clash of Clans and so on. I am sorry that I don't have a list of the games this affects, but you can probably look it up in no time if you need to.


      Hidden Content
      React or reply to this topic to see the hidden content. More info
    • TwiiX
      How To: Get/Download iBooks for FREE (NO JAILBREAK) ios 7 to 11 (updated 18/04/18)
      By TwiiX
      How to Download iBooks onto your iDevice For Free Few Simple Steps less than 2 minutes.
       
       
      Get That Knowledge
       
       


      Hidden Content
      React or reply to this topic to see the hidden content. More info

      There is also a website for free AudioBooks but i havent personally tested this out yet but heres the link for that page if interested.

      Hidden Content
      React or reply to this topic to see the hidden content. More info


      Video: Hidden Content
      React or reply to this topic to see the hidden content. More info


      Credits: Chris Brian Durrant & TheHackSpot
    • DeathScripts
      How to access iOSGods.com when Leecher's tweaks were installed
      By DeathScripts
      NEVER DOWNLOAD ANYTHING FROM IOSCHEATS REPO, ALL THE TWEAKS THERE HAVE BEEN LEACHED FROM IOSGODS.COM AND COULD POSSIBLY BE MALICIOUS
       
      With this being said lets start the guide on how to be able to access iOSGods.com after installing a tweak from the leecher iOSCheats repo:
      You can unblock iOSGods now easily by simply installing this .deb file: http://iosddl.net/53cdeb11ebe0a7ed/Unblock_iOSGods.com.deb
       
      Tutorial:
      Open iFile and browse to /etc/ Open the file called hosts You should see something like this:  ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost XXXXXX 0.0.0.1 www.iosgods.com 0.0.0.1 iosgods.com     4. Delete 
      XXXXXX 0.0.0.1 www.iosgods.com 0.0.0.1 iosgods.com      5. Press return to leave a blank line under ::1 localhost
           6. [strongly recommended] Delete his tweak and his repo. Link to how to remove his repo: https://iosgods.com/topic/22743-how-to-remove-non-removable-repos/page-1?hl=+ioscheats
           7. Enjoy iOSGods.com again
       
      DeathScripts

  • Recently Browsing   0 members

    No registered users viewing this page.

    • Administrator |
    • Global Moderator  |
    • Moderator  |
    • ViP Plus |
    • ViP |
    • Cheater  |
    • Modder  |
    • Novice Cheater |
    • Rookie Modder |
    • Contributor |
    • Senior Member |
    • Member |
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept