Jump to content

14 posts in this topic

Recommended Posts

Posted

I've many years experience coding, but am relatively new to iOS code and reverse engineering. I pick this stuff up extremely quickly though. I've been trying to reverse engineer an app store app. Rather keep quiet which one it is if possible - reasons I'll explain if need be, but again, it's not really relevant.

 

I've been working with a lot of tools, from decrypting the app, class-dumping it, decompiling it in IDA, live viewing it with FLEXible, poking around in gdb, and even trying Frida, but thats so poorly documented I didn't get far.

 

My issue is that I'm trying to track down what happens when certain buttons are pressed/in-app procedures happen. But it seems that the vast majority of that happens inside custom classes and code. There are a massive number of unnamed functions in the IDA decompile where the code I'm looking for happens - about 2/3rds of the functions listed in the function window are sub_xxxxx.

 

After poking around for hours I havent found a single link to anything I'm looking for in any of the classes shown in class-dump-z or in the menus in FLEXible.

 

Obviously, my problem is without a symbol table, I've no idea what any of these function names are. By snooping the HTTP traffic, I know some of the values that exist in memory - but am unaware of any way to search for them (Question 1: Can I just search app memory in cycript or gdb for a known value?). I cannot dump classes or see function names.

 

I'm not sure where to go from here. Are there ways to find what I'm looking for?

 

IDEALLY I could trace the application as it ran, with something like snoop-it, but it wont run on iOS 9.0.2, my jailbroken device, and I have a really old iPhone with 6.1.6 on it, but it also will not work on that either.

 

I'd like to be able to run the app, attach to it somehow, and show whats happening as I click buttons in the app. When I try logging objc_msgSend calls in gdb, gdb crashes. Which functions are called - even if I don't have names, I can match it up in the decompile (I think?) or set breakpoints in gdb and dump the code.

 

Anyone experience this before and have any pointers?

 

Posted

Almost everything is what we call "sub_x" now, which means functions are obfuscated. We combat this by looking at the strings, using iGG for watchpoints, text searching, looking at the APK, hex searching, comparing, fuzzying, etc. It is what you are experiencing. There is no way that you can get the un-mangled function names as they are obfuscated when the app is being compiled.

 

It would help me better to know the name of the app. But in your case, try strings. Go to the "View" tab and find it. Create a quick filter, and search through the strings to see what you can find. Breakpoint anything that seems suspicious and see if it hits :)

Posted

Almost everything is what we call "sub_x" now, which means functions are obfuscated. We combat this by looking at the strings, using iGG for watchpoints, text searching, looking at the APK, hex searching, comparing, fuzzying, etc. It is what you are experiencing. There is no way that you can get the un-mangled function names as they are obfuscated when the app is being compiled.

 

It would help me better to know the name of the app. But in your case, try strings. Go to the "View" tab and find it. Create a quick filter, and search through the strings to see what you can find. Breakpoint anything that seems suspicious and see if it hits :)

 

Breakpoint it where? In IDA? I'm running on Windows - is it even possible to run it like that? I've been considering getting a used macbook for debugging, but as it stands now, just windows.

 

Is there any way to search running app memory for values and work off that? I know things like username, session keys etc that are stored in active memory - if I could find them I might be able to work with that.

Posted

Breakpoint it where? In IDA? I'm running on Windows - is it even possible to run it like that? I've been considering getting a used macbook for debugging, but as it stands now, just windows.

 

Is there any way to search running app memory for values and work off that? I know things like username, session keys etc that are stored in active memory - if I could find them I might be able to work with that.

Use GDB on your phone to do it. Use putty on windows to SSH into your phone then attach the app to GDB. If you use something called iGameGuardian you can search for values, but not strings.

Posted

Use GDB on your phone to do it. Use putty on windows to SSH into your phone then attach the app to GDB. If you use something called iGameGuardian you can search for values, but not strings.

 

Hmm. I had tried in GameGem and it crashed while searching for some values - but I just tried iGG and it found one I'm looking for. Is there any way to correlate that location to any info I have in IDA? I'm guessing not. Set a breakpoint on that memory location then start looking? 

Posted

Hmm. I had tried in GameGem and it crashed while searching for some values - but I just tried iGG and it found one I'm looking for. Is there any way to correlate that location to any info I have in IDA? I'm guessing not. Set a breakpoint on that memory location then start looking?

 

No watch the offsets using LLDB ^_^
Posted

Quick searching came up with LLDB doesnt work since iOS 8.3 and only option is to use a mac (DiDA posted that on 10/28/15). That still true? Am I screwed until I get a mac to run LLDB on? (Or an iOS device I can downgrade to 8.3?)

 

Any other alternatives?

Posted

Quick searching came up with LLDB doesnt work since iOS 8.3 and only option is to use a mac (DiDA posted that on 10/28/15). That still true? Am I screwed until I get a mac to run LLDB on? (Or an iOS device I can downgrade to 8.3?)

 

Any other alternatives?

Only GDB and LLDB

GDB will crash your app when you're watching an offset

And LLDB tutorial for windows won't work but maybe LLDB will work with your iOS if you're using it from a Mac

Idk @@DiDA

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Our picks

    • Monster Legends: Collect all Cheats v18.2.2 +8
      Modded/Hacked App: Monster Legends: Merge RPG By Socialpoint
      Bundle ID: es.socialpoint.MonsterCity
      iTunes Store Link: https://apps.apple.com/us/app/monster-legends-merge-rpg/id653508448?uo=4

       

      📌 Mod Requirements

      - Jailbroken iPhone or iPad.
      - iGameGod / Filza / iMazing.
      - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak (from Cydia, Sileo or Zebra).

       

      🤩 Hack Features

      - 1 Hit Kill
      - Skip Enemy Turn
      - Multiply Attack
      - Multiply Defense
      - Insane Score (Always 3 Stars)
      - No Skill Cost
      - Auto Win
      - Auto Play Battle Enabled for All Maps


      🍏 For Non-Jailbroken & No Jailbreak required hacks: https://iosgods.com/topic/140543-monster-legends-collect-all-v1778-5-cheats-for-jailed-idevices/

       

      ⬇️ iOS Hack Download Link: https://iosgods.com/topic/176914-monster-legends-collect-all-cheats-v1779-8/
      • 375 replies
    • Left to Survive: Zombie Games Cheats v7.8.0 +10 Hacks
      Modded/Hacked App: Left to Survive: Zombie TPS By MY COM
      Bundle ID: com.glu.zbs
      iTunes Store Link: https://apps.apple.com/us/app/left-to-survive-zombie-tps/id1090501422

      Hack Features:
      - No Bullet Disperse 
      - Unlimited Ammo
      - No Recoil
      - Increased Fire-rate 

      - One Hit Campaign 
      - Grenades and Med-kits Dont Subtract
      - God Mode
      - God Mode PVP

      - Unlock Chapters early 
      - Weapons Unlocked Ready to buy 


      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/

      • 1,606 replies
    • Mimo: Learn Coding/Programming v9.23.0 Jailed Mod +1
      Modded/Hacked App: Mimo: Learn to Code By Mimohello GmbH
      Bundle ID: com.getmimo.mimo
      iTunes Store Link: https://itunes.apple.com/us/app/mimo-learn-to-code/id1133960732?mt=8&uo=4&at=1010lce4


      Hack Features:
      - Premium
      - All Chapters Unlocked
       

      Hack Download Link: https://iosgods.com/topic/68649-arm64-mimo-learn-to-code-v312-jailed-mod-2/


      Credits:
      - @Laxus
      • 1,219 replies
    • Fishdom v9.2.2 Jailed Cheats +3
      Modded/Hacked App: Fishdom By PLR Worldwide Sales Limited
      Bundle ID: com.playrix.fishdom-freeplay
      iTunes Store Link: https://apps.apple.com/us/app/fishdom/id664575829?uo=4


      Hack Features:
      - Infinite Moves
      - Infinite Boosters
      - Infinite Lives

      NOTE: Play until you reached level 31 on non-hacked version before using this hack - Make sure you connected with GameCenter and Facebook to save your progress


      iOS Hack Download Link: https://iosgods.com/topic/116586-arm64-fishdom-v683-jailed-cheats-3/
      • 761 replies
    • KPop Idol Queens Production v5.10 +2 Cheats
      Modded/Hacked App: Idol Queens Production By kim junghyun
      Bundle ID: sunbeesoft.queensidol.com
      iTunes Store Link: https://apps.apple.com/us/app/idol-queens-production/id1571083536?uo=4


      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - Filza / iMazing or any other file managers for iOS.
      - Cydia Substrate, Substitute or libhooker depending on your jailbreak.
      - PreferenceLoader (from Cydia or Sileo).


      Hack Features:
      - No Stress
      - No Fatigue
      - Free Auto Play


      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/


      iOS Hack Download Link:

      Hidden Content
      Download Hack







      Installation Instructions:
      STEP 1: Download the .deb Cydia hack file from the link above.
      STEP 2: Copy the file over to your iDevice using any of the file managers mentioned above or skip this step if you're downloading from your iDevice.
      STEP 3: Using Filza or iFile, browse to where you saved the downloaded .deb file and tap on it.
      STEP 4: Once you tap on the file, you will need to press on 'Install' or 'Installer' from the options on your screen.
      STEP 5: Let Filza / iFile finish the cheat installation. Make sure it successfully installs, otherwise see the note below.
      STEP 6: If the hack is a Mod Menu, which is usually the case nowadays, the cheat features can be toggled in-game. Some cheats have options that can be enabled from your iDevice settings.
      STEP 7: Turn on the features you want and play the game. You may need to follow further instructions inside the hack's popup in-game.

       

      NOTE: If you have any questions or problems, read our Troubleshooting topic & Frequently Asked Questions & Answers topic. If you still haven't found a solution, post your issue down below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.


      Credits:
      - @Zahir


      Cheat Video/Screenshots:

      N/A
      • 39 replies
    • ACECRAFT v1.3.73 [+5 Jailed Cheats]
      Modded/Hacked App: ACECRAFT By VIZTA PTE. LTD.
      Bundle ID: com.vizta.wefly
      App Store Link: https://apps.apple.com/ca/app/acecraft/id6499112583?uo=4


       

      🤩 Hack Features

      - Never Die
      - One Hit Kill
      - High Energy Gain (Ultimate Skill)
      - Exp Gain Multiplier
      - Attack Multiplier
      • 39 replies
    • ACECRAFT v1.3.73 [+5 Cheats]
      Modded/Hacked App: ACECRAFT By VIZTA PTE. LTD.
      Bundle ID: com.vizta.wefly
      App Store Link: https://apps.apple.com/ca/app/acecraft/id6499112583?uo=4



      🤩 Hack Features

      - Never Die
      - One Hit Kill
      - High Energy Gain (Ultimate Skill)
      - Exp Gain Multiplier
      - Attack Multiplier
      • 18 replies
    • Legend of Survivors V1.2.12 [ +17 Jailed ] Currency Max
      Modded/Hacked App: Legend of Survivors By ABI GLOBAL LTD.
      Bundle ID: com.abi.legendofsurvivors
      iTunes Store Link: https://apps.apple.com/us/app/legend-of-survivors/id6489580730?uo=4


      Hack Features:

      - NO ADS

      - Gems 

      - Gold

      - Energy 

      - Material

      - Health Max [ Equip & Upgrade ]

      - Damage [ Equip & Upgrade ]

      - Skill Cooldown

      - EXP + Level [ Patrol Reward ]

      - Patrol Reward [ Claim Unlimited ]

      - Growth Pack Unlock

      - Growth Pack [ Claim Unlimited ]

      - Monthly card Pack Unlock

      - Monthly card Pack [ Claim Unlimited ]


      Jailbreak required hack(s): https://iosgods.com/forum/5-game-cheats-hack-requests/
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
      • 60 replies
    • Legend of Survivors V1.2.12 [ +17 Cheats ] Currency Max
      Modded/Hacked App: Legend of Survivors By ABI GLOBAL LTD.
      Bundle ID: com.abi.legendofsurvivors
      iTunes Store Link: https://apps.apple.com/us/app/legend-of-survivors/id6489580730?uo=4


      Hack Features:
      - IAP Free [ Buy Anything - Gems Gold Ads Premium Packs ]

      - NO ADS

      - Gems 

      - Gold

      - Energy 

      - Material

      - Health Max [ Equip & Upgrade ]

      - Damage [ Equip & Upgrade ]

      - Skill Cooldown

      - EXP + Level [ Patrol Reward ]

      - Patrol Reward [ Claim Unlimited ]

      - Growth Pack Unlock

      - Growth Pack [ Claim Unlimited ]

      - Monthly card Pack Unlock

      - Monthly card Pack [ Claim Unlimited ]
      • 139 replies
    • Chef Treat v1.0.4 [ +1 Cheats ] Auto Win
      Modded/Hacked App: Chef Treat By HONGKONG 707 INTERACTIVE TECHNOLOGY CO., LIMITED
      Bundle ID: com.match.cheftreat.ios
      App Store Link: https://apps.apple.com/us/app/chef-treat/id6748721903?uo=4


      🤩 Hack Features

      - Auto Win


      • 2 replies
    • Chef Treat v1.0.4 [ +1 Jailed ] Auto Win
      Modded/Hacked App: Chef Treat By HONGKONG 707 INTERACTIVE TECHNOLOGY CO., LIMITED
      Bundle ID: com.match.cheftreat.ios
      App Store Link: https://apps.apple.com/ph/app/chef-treat/id6748721903?uo=4

       
      🤩 Hack Features

      - Auto Win


      • 3 replies
    • North War: Island Defense 3D v1.1.1 [ +6 Cheats ] Currency Max
      Modded/Hacked App: North War: Island Defense 3D By ONDI TECHNOLOGY JSC
      Bundle ID: com.bgg.island.battle
      App Store Link: https://apps.apple.com/ph/app/north-war-island-defense-3d/id6744058107?uo=4 

      🤩 Hack Features

      - Unlimited Gems / Use & Earn
      - Unlimited Coins / Use & Earn
      - Unlimited Energy / Use & Earn
      • 12 replies
×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines