TuT [Tutorial] How to use IDA to hack iOS Apps

--Techarmor-- · December 31, 2015

Hacking a Binary has never been easy for me. Well I don't know for you, because I am gonna be sharing some of my knowledge about IDA. Which you might find it hard to do because I am your trainer. So I am gonna start now.

When using IDA always remember that when Always choose the processor type to ARM Little Endian And

DO NOT open the Binary as Binary File open it as what your phone supports For example my phone supports ARMv7 or ARMv7s

After opening the Binary wait for it to load. You will know that it is fully loaded when the Bar on top is Blue.

And if hacking always search for the Fuction Name. For example Bucks. Use the little window on the left that is labeled "Function Name". And press Alt + T to search for the functions.

Then after you have found the Function its time to edit the instruction. The instructions are the things that makes the Function a Function. An example of an instruction is:

MOV R0, R7
BX LR 
ADD R0, R1, R0
SUB SP,SP,

And many more.

So now let's really start.

For example the instruction that I will edit is:

 LDRD.W          R0, R1, [R0,#0x334] (in hex: D0 E9 CD 01 - Which is 4 bytes)

And As I said that I will hack the bucks so that is the Loader. Loader, this thing loads the value into a register.

To hack this you must edit this to

MOV R0, R7 (in hex: 381C - Which is 2 bytes)

Changing it to MOV is not just changing it's name, you must edit it's hex.

After changing the hex. Save it, then the binary is hacked!

But if you're hacking the Buy price for example:

SUBS            R1, R0, R1

You could null, or instead of your money decreasing it will give you millions! This is how to do it.

The original instruction is

SUBS R1, R0, R1 (in hex: 41 1A - 2 bytes)

to null it you must make it to

NOP (in hex: C0 46 - 2 bytes)

change the SUBS R1, R0, R1

Hex to C0 46 to make it Free!!

or make it

MOV R0, R7 (in hex: 38 1C - 2 Bytes)

And if it's just a simple BOOL, it's instruction is

MOV R0, #1   -    TRUE

MOV R0, #0   -    False

I am not sure on everything that I have posted because I am just really a beginner at IDA, this is just a little tut that might help you.

Source:

http://iosgods.com/topic/1469-ida-hacking-tutorial-2/

http://iosgods.com/topic/1470-tutorial-ida-hacking-tutorial-3/

http://iosgods.com/topic/852-tutorial-how-to-hack-using-ida/

I just summarized it.

And @Salman1700 here it is.

Updated December 31, 2015 by --Techarmor--

ITz_kser · December 31, 2015

--Techarmor-- · December 31, 2015

MojDaGreat · January 12, 2016

nice ty

ITz_kser · January 17, 2016

i forgot to say if you want to know if the binary is fully loaded just see this circle

if it green then the binary is fully loaded

sorry because i forgot

@@--Techarmor--

Updated January 18, 2016 by ITz_kser

FazeGod · September 11, 2016

Good

Adi2k18 · January 20, 2018

Bro this was really helpful can you do a another tut please?

Sign In

TuT [Tutorial] How to use IDA to hack iOS Apps

7 posts in this topic

Recommended Posts

--Techarmor-- 5.2k 6 9.0.2

ITz_kser 1.5k 1 7.0.3

--Techarmor-- 5.2k 6 9.0.2

MojDaGreat 394 27 8.1.2

ITz_kser 1.5k 1 7.0.3

FazeGod 2

Adi2k18 83 iPhone 6 Plus 11.1.2

Create an account or sign in to comment

Create an account

Sign in

Our picks

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Important Information

--Techarmor-- 5.2k
6

9.0.2

ITz_kser 1.5k
1

7.0.3

--Techarmor-- 5.2k
6

9.0.2

MojDaGreat 394
27

8.1.2

ITz_kser 1.5k
1

7.0.3

Adi2k18 83
iPhone 6 Plus

11.1.2