Help/Support Help with IDA

[Losep 0 8 9.0.2]

Hey! 

 

Let me start off by saying I'm not close to fully understand how IDA works but I'm learning day by day. I've been looking a lot at the IDA tutorials out there by EvillyG00d and ZAHiR but I'm still stuck and need some guidance. So my goal is to try to remove the cooldown of the skills. I first started searching for a function that assembles the skill cooldowns and picked this one up:

 

 

I tried changing both ''ADD R7, SP, #4'' and ''SUB  SP, SP, #8'' to a Null Header (NOP) and loaded up the game. While in a mission when I press the skill either nothing happens and there is no cd or the game crashes completely.

 

I'm not even sure I'm on the right function to start off but any tips is appreciated. 

[ipaarchive.com 11.1k]

following your posts you have an i5s

1. you are hacking the wrong bin

2. you are doing it on the wrong place

3. the game is kritika

[Losep 0 8 9.0.2]

following your posts you have an i5s

1. you are hacking the wrong bin

2. you are doing it on the wrong place

3. the game is kritika

Yes. I thought I'd give it a try and learn something rather than just waiting for a hack. The bin is ''normal'' and found in Kritikas files, is there a different one? 

[ipaarchive.com 11.1k]

you need x64

[Losep 0 8 9.0.2]

you need x64

You mean here?: lipo Originalbinaryname -thin armv7 -o Newbinaryname

Change the armv7 to arm64?

Updated November 1, 2015 by Losep

[castix 18.4k iPhone X 12.1.1]

You mean here?: lipo Originalbinaryname -thin armv7 -o Newbinaryname

Change the armv7 to arm64?

No need to thin

[Losep 0 8 9.0.2]

No need to thin

Oh well, I did thin it. Now waiting for IDA to process everything and then I need to look in the right place as iosv64 said. I'll update if i find something.

 

EDIT: I'm assuming that the armv7 headers aren't as the arm64? It looks way different now than it did with the armv7 binary. 

Will these still work on x64 bin? http://iosgods.com/topic/853-list-of-arm-headers/ 

Updated November 1, 2015 by Losep

[Losep 0 8 9.0.2]

2. you are doing it on the wrong place

Any hints where to look? Do you mean it's a different function or string?

[Guest]

set *0x13e858=0x20004770

 

changes the function to

MOV R0, #0

BX LR

 

move 0 into R0 (timer) and then be done

[Losep 0 8 9.0.2]

set *0x13e858=0x20004770

 

changes the function to

MOV R0, #0

BX LR

 

move 0 into R0 (timer) and then be done

Not working. The picture shows the armv7 binary and my phone is an arm64.