Jump to content

14 posts in this topic

Recommended Posts

Posted

I've many years experience coding, but am relatively new to iOS code and reverse engineering. I pick this stuff up extremely quickly though. I've been trying to reverse engineer an app store app. Rather keep quiet which one it is if possible - reasons I'll explain if need be, but again, it's not really relevant.

 

I've been working with a lot of tools, from decrypting the app, class-dumping it, decompiling it in IDA, live viewing it with FLEXible, poking around in gdb, and even trying Frida, but thats so poorly documented I didn't get far.

 

My issue is that I'm trying to track down what happens when certain buttons are pressed/in-app procedures happen. But it seems that the vast majority of that happens inside custom classes and code. There are a massive number of unnamed functions in the IDA decompile where the code I'm looking for happens - about 2/3rds of the functions listed in the function window are sub_xxxxx.

 

After poking around for hours I havent found a single link to anything I'm looking for in any of the classes shown in class-dump-z or in the menus in FLEXible.

 

Obviously, my problem is without a symbol table, I've no idea what any of these function names are. By snooping the HTTP traffic, I know some of the values that exist in memory - but am unaware of any way to search for them (Question 1: Can I just search app memory in cycript or gdb for a known value?). I cannot dump classes or see function names.

 

I'm not sure where to go from here. Are there ways to find what I'm looking for?

 

IDEALLY I could trace the application as it ran, with something like snoop-it, but it wont run on iOS 9.0.2, my jailbroken device, and I have a really old iPhone with 6.1.6 on it, but it also will not work on that either.

 

I'd like to be able to run the app, attach to it somehow, and show whats happening as I click buttons in the app. When I try logging objc_msgSend calls in gdb, gdb crashes. Which functions are called - even if I don't have names, I can match it up in the decompile (I think?) or set breakpoints in gdb and dump the code.

 

Anyone experience this before and have any pointers?

 

Posted

Almost everything is what we call "sub_x" now, which means functions are obfuscated. We combat this by looking at the strings, using iGG for watchpoints, text searching, looking at the APK, hex searching, comparing, fuzzying, etc. It is what you are experiencing. There is no way that you can get the un-mangled function names as they are obfuscated when the app is being compiled.

 

It would help me better to know the name of the app. But in your case, try strings. Go to the "View" tab and find it. Create a quick filter, and search through the strings to see what you can find. Breakpoint anything that seems suspicious and see if it hits :)

Posted

Almost everything is what we call "sub_x" now, which means functions are obfuscated. We combat this by looking at the strings, using iGG for watchpoints, text searching, looking at the APK, hex searching, comparing, fuzzying, etc. It is what you are experiencing. There is no way that you can get the un-mangled function names as they are obfuscated when the app is being compiled.

 

It would help me better to know the name of the app. But in your case, try strings. Go to the "View" tab and find it. Create a quick filter, and search through the strings to see what you can find. Breakpoint anything that seems suspicious and see if it hits :)

 

Breakpoint it where? In IDA? I'm running on Windows - is it even possible to run it like that? I've been considering getting a used macbook for debugging, but as it stands now, just windows.

 

Is there any way to search running app memory for values and work off that? I know things like username, session keys etc that are stored in active memory - if I could find them I might be able to work with that.

Posted

Breakpoint it where? In IDA? I'm running on Windows - is it even possible to run it like that? I've been considering getting a used macbook for debugging, but as it stands now, just windows.

 

Is there any way to search running app memory for values and work off that? I know things like username, session keys etc that are stored in active memory - if I could find them I might be able to work with that.

Use GDB on your phone to do it. Use putty on windows to SSH into your phone then attach the app to GDB. If you use something called iGameGuardian you can search for values, but not strings.

Posted

Use GDB on your phone to do it. Use putty on windows to SSH into your phone then attach the app to GDB. If you use something called iGameGuardian you can search for values, but not strings.

 

Hmm. I had tried in GameGem and it crashed while searching for some values - but I just tried iGG and it found one I'm looking for. Is there any way to correlate that location to any info I have in IDA? I'm guessing not. Set a breakpoint on that memory location then start looking? 

Posted

Hmm. I had tried in GameGem and it crashed while searching for some values - but I just tried iGG and it found one I'm looking for. Is there any way to correlate that location to any info I have in IDA? I'm guessing not. Set a breakpoint on that memory location then start looking?

 

No watch the offsets using LLDB ^_^
Posted

Quick searching came up with LLDB doesnt work since iOS 8.3 and only option is to use a mac (DiDA posted that on 10/28/15). That still true? Am I screwed until I get a mac to run LLDB on? (Or an iOS device I can downgrade to 8.3?)

 

Any other alternatives?

Posted

Quick searching came up with LLDB doesnt work since iOS 8.3 and only option is to use a mac (DiDA posted that on 10/28/15). That still true? Am I screwed until I get a mac to run LLDB on? (Or an iOS device I can downgrade to 8.3?)

 

Any other alternatives?

Only GDB and LLDB

GDB will crash your app when you're watching an offset

And LLDB tutorial for windows won't work but maybe LLDB will work with your iOS if you're using it from a Mac

Idk @@DiDA

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Our picks

    • Fishing Hook2 v1.0.2 [ +3 Cheats ] Currency Max
      Modded/Hacked App: Fishing Hook2 By MOBIRIX
      Bundle ID: com.mobirix.fishinghook2
      App Store Link: https://apps.apple.com/ph/app/fishing-hook2/id6751476015?uo=4


      🤩 Hack Features

      - Unlimited Gold / Sell Fish
      - Unlimited EXP / Sell Fish / Tested Not
      - Easy Catch
        • Informative
        • Winner
        • Like
      • 5 replies
    • Fishing Hook2 v1.0.2 [ +3 Jailed ] Currency Max
      Modded/Hacked App: Fishing Hook2 By MOBIRIX
      Bundle ID: com.mobirix.fishinghook2
      App Store Link: https://apps.apple.com/ph/app/fishing-hook2/id6751476015?uo=4
       

      🤩 Hack Features

      - Unlimited Gold / Sell Fish
      - Unlimited EXP / Sell Fish / Tested Not
      - Easy Catch
        • Informative
        • Winner
        • Like
      • 5 replies
    • dropcult v1.3.4 +3 Jailed Cheats [ Damage & Defence ]
      Modded/Hacked App: dropcult By SMOKESPOT GAMES, LLC
      Bundle ID: com.SmokeSpotGames.SkreetFigherzGame
      App Store Link: https://apps.apple.com/us/app/dropcult/id1550684098?uo=4

       
       

      🤩 Hack Features

      - Damage Multiplier
      - Defence Multiplier
      - God Mode
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 35 replies
    • dropcult v1.3.4 +3 Cheats [ Damage & Defence ]
      Modded/Hacked App: dropcult By SMOKESPOT GAMES, LLC
      Bundle ID: com.SmokeSpotGames.SkreetFigherzGame
      App Store Link: https://apps.apple.com/us/app/dropcult/id1550684098?uo=4

       


      🤩 Hack Features

      - Damage Multiplier
      - Defence Multiplier
      - God Mode
        • Agree
        • Thanks
        • Winner
        • Like
      • 21 replies
    • Night Slashers: Remake v1.0.6 +4 Jailed Cheats [ God Mode + More ]
      Modded/Hacked App: Night Slashers: Remake By Forever Entertainment S.A.
      Bundle ID: com.forever-entertainment.NightSlashersRemake
      App Store Link: https://apps.apple.com/us/app/night-slashers-remake/id6739348927?uo=4

       


      🤩 Hack Features

      - God Mode
      - One-Hit Kill
      - Point Multiplier
      - Free In-App Purchases
      • 0 replies
    • Night Slashers: Remake v1.0.6 +4 Cheats [ God Mode + More ]
      Modded/Hacked App: Night Slashers: Remake By Forever Entertainment S.A.
      Bundle ID: com.forever-entertainment.NightSlashersRemake
      App Store Link: https://apps.apple.com/us/app/night-slashers-remake/id6739348927?uo=4

       
       

      🤩 Hack Features

      - God Mode
      - One-Hit Kill
      - Point Multiplier
      - Free In-App Purchases
      • 0 replies
    • Dead Impact: Survival MMORPG v1.09 +11 Jailed Cheats [ Unlimited Everything ]
      Modded/Hacked App: Dead Impact: Survival MMORPG By SYNTHEZ GAMES LIMITED
      Bundle ID: games.synthez.zombie.survival.multiplayer
      App Store Link: https://apps.apple.com/us/app/dead-impact-survival-mmorpg/id6444281832?uo=4

       
       

      🤩 Hack Features

      - Freeze Currencies
      - Freeze Items
      - 1 Stat Point Requirement
      - Level Threshold Modifier -> Amount of XP required to advance to the next level.
      - No Craft Item Requirement
      - Unlimited Durability
      - No Consumable Cooldown

      VIP
      - Unlimited Currencies -> Will increase instead of decrease.
      - Unlimited Items -> Will increase instead of decrease.
      - Unlock All
      - Unlock All Classes
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 180 replies
    • Dead Impact: Survival MMORPG v1.09 +11 Cheats [ Unlimited Everything ]
      Modded/Hacked App: Dead Impact: Survival MMORPG By SYNTHEZ GAMES LIMITED
      Bundle ID: games.synthez.zombie.survival.multiplayer
      App Store Link: https://apps.apple.com/us/app/dead-impact-survival-mmorpg/id6444281832?uo=4

       


      🤩 Hack Features

      - Freeze Currencies
      - Freeze Items
      - 1 Stat Point Requirement
      - Level Threshold Modifier -> Amount of XP required to advance to the next level.
      - No Craft Item Requirement
      - Unlimited Durability
      - No Consumable Cooldown

      VIP
      - Unlimited Currencies -> Will increase instead of decrease.
      - Unlimited Items -> Will increase instead of decrease.
      - Unlock All
      - Unlock All Classes
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 72 replies
    • Space Outpost: Drone War v0.4.8 [+2 Jailed Cheats]
      Modded/Hacked App: Space Outpost: Drone War By CYBERJOY LIMITED
      Bundle ID: com.cyberjoy.spaceoutpost
      App Store Link: https://apps.apple.com/us/app/space-outpost-drone-war/id6747959347?uo=4



      🤩 Hack Features

      - High Damage
      - Activate SVip
        • Thanks
      • 0 replies
    • Space Outpost: Drone War v0.4.8 [+2 Cheats]
      Modded/Hacked App: Space Outpost: Drone War By CYBERJOY LIMITED
      Bundle ID: com.cyberjoy.spaceoutpost
      App Store Link: https://apps.apple.com/us/app/space-outpost-drone-war/id6747959347?uo=4



      🤩 Hack Features

      - High Damage
      - Activate SVip
       
        • Winner
      • 9 replies
    • Archero Cheats v7.2.0 +5 [ God Mode & More ]
      Modded/Hacked App: Archero by HABBY PTE. LTD.
      Bundle ID: com.habby.archero
      iTunes Store Link: https://apps.apple.com/us/app/archero/id1453651052?uo=4&at=1010lce4



      Hack Features:
      - Multiply Defense to
      - Multiply Damage to
      - God Mode
      - OHK (Must use with God Mode)
      - Freeze Enemies

      NOTE: If you want to use god mode and ohk turn off multiply damage and defense first. I added multiply damage and defense there to avoid ban


      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/topic/100710-archero-v210-enemies-dont-attack-x30-attack/


      Hack Download Link: https://iosgods.com/topic/96783-arm64-archero-cheats-v220-5/
        • Informative
        • Agree
        • Haha
        • Thanks
        • Winner
        • Like
      • 15,886 replies
    • ONE PIECE トレジャークルーズ v15.1.2 +5 Jailed Cheats
      Modded/Hacked App: ONE PIECE トレジャークルーズ By Bandai Namco Entertainment Inc.
      Bundle ID: jp.co.bandainamcogames.NBGI0199
      iTunes Store Link: https://apps.apple.com/jp/app/one-piece-%E3%83%88%E3%83%AC%E3%82%B8%E3%83%A3%E3%83%BC%E3%82%AF%E3%83%AB%E3%83%BC%E3%82%BA/id824116884?uo=4


      Mod Requirements:
      - Non-Jailbroken/Jailed or Jailbroken iPhone/iPad/iPod Touch.
      - Sideloadly / Cydia Impactor or alternatives.
      - A Computer Running Windows/macOS/Linux with iTunes installed.


      Hack Features:
      - One Hit Kill
      - Never Die
      - Character Box 
      - Auto Win
      - Skill Turn


      Jailbreak required hack(s): 


      iOS Hack Download IPA Link:

      Hidden Content

      Download via the iOSGods App








      PC Installation Instructions:
      STEP 1: If necessary, uninstall the app if you have it installed on your iDevice. Some hacked IPAs will install as a duplicate app. Make sure to back it up so you don't lose your progress.
      STEP 2: Download the pre-hacked .IPA file from the link above to your computer. To download from the iOSGods App, see this tutorial topic.
      STEP 3: Download Sideloadly and install it on your PC.
      STEP 4: Open/Run Sideloadly on your computer, connect your iOS Device, and wait until your device name shows up.
      STEP 5: Once your iDevice appears, drag the modded .IPA file you downloaded and drop it inside the Sideloadly application.
      STEP 6: You will now have to enter your iTunes/Apple ID email login, press "Start" & then you will be asked to enter your password. Go ahead and enter the required information.
      STEP 7: Wait for Sideloadly to finish sideloading/installing the hacked IPA. If there are issues during installation, please read the note below.
      STEP 8: Once the installation is complete and you see the app on your Home Screen, you will need to go to Settings -> General -> Profiles/VPN & Device Management. Once there, tap on the email you entered from step 6, and then tap on 'Trust [email protected]'.
      STEP 9: Now go to your Home Screen and open the newly installed app and everything should work fine. You may need to follow further per app instructions inside the hack's popup in-game.

      NOTE: iOS/iPadOS 16 and later, you must enable Developer Mode. For free Apple Developer accounts, you will need to repeat this process every 7 days. Jailbroken iDevices can also use Sideloadly/Filza/IPA Installer to normally install the IPA with AppSync. If you have any questions or problems, read our Sideloadly FAQ section of the topic and if you don't find a solution, please post your issue down below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.


      Credits:
      - AlyssaX64


      Cheat Video/Screenshots:

      N/A
        • Informative
        • Agree
        • Haha
        • Winner
        • Like
      • 32 replies
×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines