Help/Support Assistance in True or False in IDA ARM64

Haidar92 · August 13, 2022

Hello every one,

i'm new to ida pro & and i always using flex to patch some apps

but i wanted to change to ida for better experience

i have a question about Boolean ( True / False ) in ida

as you see below i have this function which i can change it to true of false in flex easily

but i want to know how to make This Function TRUE in ida

STP             X20, X19, [SP,#-0x10+var_10]!
STP             X29, X30, [SP,#0x10+var_s0]
ADD             X29, SP, #0x10
ADRP            X8, #_OBJC_IVAR_$_TitleModel.titleTextView@PAGE ; TextViewWithColor *titleTextView;
LDRSW           X8, [X8,#_OBJC_IVAR_$_TitleModel.titleTextView@PAGEOFF] ; TextViewWithColor *titleTextView;
LDR             X0, [X0,X8] ; void *
ADRP            X8, #selRef_font@PAGE
LDR             X1, [X8,#selRef_font@PAGEOFF] ; char *
BL              _objc_msgSend
MOV             X29, X29
BL              _objc_retainAutoreleasedReturnValue
MOV             X19, X0
ADRP            X8, #selRef_familyName@PAGE
LDR             X1, [X8,#selRef_familyName@PAGEOFF] ; char *
BL              _objc_msgSend
MOV             X29, X29
BL              _objc_retainAutoreleasedReturnValue
MOV             X20, X0
MOV             X0, X19
BL              _objc_release
ADRP            X8, #classRef_TitleModel@PAGE
LDR             X0, [X8,#classRef_TitleModel@PAGEOFF] ; void *
ADRP            X8, #selRef_fontFantasyIncludesFontFamilyName_@PAGE
LDR             X1, [X8,#selRef_fontFantasyIncludesFontFamilyName_@PAGEOFF] ; char *
MOV             X2, X20
BL              _objc_msgSend
MOV             X19, X0
MOV             X0, X20
BL              _objc_release
MOV             X0, X19
LDP             X29, X30, [SP,#0x10+var_s0]
LDP             X20, X19, [SP+0x10+var_10],#0x20
RET
; End of function -[TitleModel IsPremium]

Updated August 13, 2022 by Haidar92
explain more

Rook · August 14, 2022

To return this whole function to TRUE or FALSE, you need to write

20 00 80 52 C0 03 5F D6 -> TRUE

00 00 80 52 C0 03 5F D6 -> FALSE

At the beginning of the function. In your case: STP X20, X19, [SP,#-0x10+var_10]!

Live Offset Patcher may be able to help you with testing!

Haidar92 · August 14, 2022

5 hours ago, Rook said:
To return this whole function to TRUE or FALSE, you need to write
20 00 80 52 C0 03 5F D6 -> TRUE

00 00 80 52 C0 03 5F D6 -> FALSE
At the beginning of the function. In your case: STP X20, X19, [SP,#-0x10+var_10]!

Live Offset Patcher may be able to help you with testing!

Thanks for reply

I solve the issue FINALLY with your method

but there is some functions don't start with STP Like this one :

ADRP            X8, #selRef_ownsSubscription_@PAGE
LDR             X1, [X8,#selRef_ownsSubscription_@PAGEOFF]
ADRP            X2, #cfstr_Oneyearunlockv@PAGE ; "Unlock"
ADD             X2, X2, #cfstr_Oneyearunlockv@PAGEOFF ; "Unlock"
B               _objc_msgSend

And this one also :

SUB             SP, SP, #0x140
STP             X28, X27, [SP,#0x130+var_50]
STP             X26, X25, [SP,#0x130+var_40]
STP             X24, X23, [SP,#0x130+var_30]
STP             X22, X21, [SP,#0x130+var_20]
STP             X20, X19, [SP,#0x130+var_10]
STP             X29, X30, [SP,#0x130+var_s0]
ADD             X29, SP, #0x130
MOV             X19, X0
ADRP            X8, #___stack_chk_guard_ptr@PAGE
LDR             X8, [X8,#___stack_chk_guard_ptr@PAGEOFF]
LDR             X8, [X8]
ADRP            X9, #cfstr_Oneyearunlockv@PAGE ; "OneYearUnlock"
ADD             X9, X9, #cfstr_Oneyearunlockv@PAGEOFF ; "OneYearUnlock"
STUR            X8, [X29,#var_58]
ADRP            X8, #cfstr_Halfyearunlock@PAGE ; "HalfYearUnlock"
ADD             X8, X8, #cfstr_Halfyearunlock@PAGEOFF ; "HalfYearUnlock"
ADRP            X10, #cfstr_Monthlyunlockv@PAGE ; "MonthlyUnlock"
ADD             X10, X10, #cfstr_Monthlyunlockv@PAGEOFF ; "MonthlyUnlock"
STP             X9, X8, [X29,#var_70]
STUR            X10, [X29,#var_60]
ADRP            X8, #classRef_NSArray@PAGE
LDR             X0, [X8,#classRef_NSArray@PAGEOFF] ; void *
ADRP            X8, #selRef_arrayWithObjects_count_@PAGE
LDR             X1, [X8,#selRef_arrayWithObjects_count_@PAGEOFF] ; char *
SUB             X2, X29, #-var_70
MOV             W3, #3
BL              _objc_msgSend
MOV             X29, X29
BL              _objc_retainAutoreleasedReturnValue
MOVI            V0.16B, #0
STP             Q0, Q0, [SP,#0x130+var_130]
STP             Q0, Q0, [SP,#0x130+var_110]
BL              _objc_retain
MOV             X20, X0
ADRP            X8, #selRef_countByEnumeratingWithState_objects_count_@PAGE
LDR             X21, [X8,#selRef_countByEnumeratingWithState_objects_count_@PAGEOFF]
MOV             X2, SP
ADD             X3, SP, #0x130+var_F0
MOV             X1, X21 ; char *
MOV             W4, #0x10
BL              _objc_msgSend
CBZ             X0, loc_1001631D0

What should i edit ?

Updated August 14, 2022 by Haidar92
i solve the issue ,, but there is more