Tutorial Non-Unity Game Hacking Tutorial [Godus] - PART 1 - (LLDB)

0xSolana · March 16, 2023

Hello againnn

On this series, we gonna see modding for games that aren't made with Unity3D. It's a bit more complicated since we do not have well written function names and class struct or whatever Il2cpp games offer us.

If you are going to hack your first game, it's not a good idear to start here, it would be better to start on Unity games. Please refer you to my other tutorials.

Tho don't worry, i will add some kinda small comments to explain you things. If you are an advanced dev, you can skip all the notes

Requirements:
- iOS device
- Mac + Xcode
- ARM notions.

Thanks to @Happy Secret, for showing us that it was possible to debug a game on a jailed device if we sign the app with our Apple ID (Sideloadly). At least i learned it from him

Tho if you don't have a Mac, you can still use a JB device with lldb / lldb-10 installed like on the linked tutorial below.

This tutorial is based on another one that has already been published and is very well written, please check it first to understand what we are going to do, since it will be similar.

Hidden Content

React or reply to this topic to see the hidden content & download link. 👀

Hope you learned something, if you have questions or need some clarification, write a comment i will answer once i have the time.

Credits :

- Me

- @Happy Secret

- @Ted2 for the old tutorial

Updated March 16, 2023 by Rook

LeePham · February 23, 2023

nice bro

K_K · February 23, 2023

Lets see this

Happy Secret · February 23, 2023

Well written! Cool.

Flugel · February 23, 2023

Pertamax

Puddin · February 23, 2023

Doesn’t lldb only work on iOS 12 and below or something?

Happy Secret · February 24, 2023

To supplement a bit here:

The key reason behind:

1. The watchpoint break right after the triggering instruction:
Default watchpoint type (w or write) only trigger when the address that we watch changed. So, it will always be after the fact (value changed). The trigger instruction will always be one instruction before the one got highlighted.

2.We saw long random value in the watch result:
That number could be float or double (or some Boolean) which has a very different representation in memory. What we see is, LLDB try to understand the underlying hex as a normal decimal number. For Floating point, we can apply formatter to our memory read. For Double, I always need to refer to online Double tool like this one - https://gregstoll.com/~gregstoll/floattohex/

Please do let me know if there are simple way to read Double in LLBD.

Updated February 24, 2023 by Happy Secret

Happy Secret · February 24, 2023

@Puddin I am on latest iOS (non-jailbroken). No issue.

0xSolana · February 24, 2023

38 minutes ago, Puddin said:

Doesn’t lldb only work on iOS 12 and below or something?

depends on which Xcode version you use (and so lldb) but nah, the tutorial is based on a jailed iOS 15.1

if you used a lldb version from Xcode with compatibly iOS 12 then yeah it might not support anything higher

Updated February 24, 2023 by 𓄼 . f v c k . 𓄹

0xSolana · February 24, 2023

40 minutes ago, Happy Secret said:

To supplement a bit here:

The key reason behind:

1. The watchpoint break right after the triggering instruction:
Default watchpoint type (w or write) only trigger when the address that we watch changed. So, it will always be after the fact (value changed). The trigger instruction will always be one instruction before the one got highlighted.

2.We saw long random value in the watch result:
That number could be float or double (or some Boolean) which has a very different representation in memory. What we see is, LLDB try to understand the underlying hex as a normal decimal number. For Floating point, we can apply formatter to our memory read. For Double, I always need to refer to online Double tool like this one - https://gregstoll.com/~gregstoll/floattohex/

Please do let me know if there are simple way to read Double in LLBD.

mhhh i seem not understanding what you are trying to tell me 😅, in this case it was an int, as shown on iGG, float would have been FADD.

To read double values, i guess you can use the 'p' command with a few parameter or the 'x' one

https://www.nesono.com/sites/default/files/lldb cheat sheet.pdf

Updated February 24, 2023 by 𓄼 . f v c k . 𓄹