TuT [Tutorial] How to use IDA to hack iOS Apps

[--Techarmor-- 5.2k 6 9.0.2]

Hacking a Binary has never been easy for me. Well I don't know for you, because I am gonna be sharing some of my knowledge about IDA. Which you might find it hard to do because I am your trainer. So I am gonna start now.

 

When using IDA always remember that when Always choose the processor type to ARM Little Endian And

DO NOT open the Binary as Binary File open it as what your phone supports For example my phone supports ARMv7 or ARMv7s

 

---

 

After opening the Binary wait for it to load. You will know that it is fully loaded when the Bar on top is Blue.

 

And if hacking always search for the Fuction Name. For example Bucks. Use the little window on the left that is labeled "Function Name". And press Alt + T to search for the functions.

 

Then after you have found the Function its time to edit the instruction. The instructions are the things that makes the Function a Function. An example of an instruction is:

MOV R0, R7
BX LR 
ADD R0, R1, R0
SUB SP,SP,

And many more.

 

So now let's really start.

 

For example the instruction that I will edit is:

 LDRD.W          R0, R1, [R0,#0x334] (in hex: D0 E9 CD 01 - Which is 4 bytes)

And As I said that I will hack the bucks so that is the Loader. Loader, this thing loads the value into a register.

 

To hack this you must edit this to

MOV R0, R7 (in hex: 381C - Which is 2 bytes)

Changing it to MOV is not just changing it's name, you must edit it's hex.

After changing the hex. Save it, then the binary is hacked!

 

But if you're hacking the Buy price for example:

SUBS            R1, R0, R1

You could null, or instead of your money decreasing it will give you millions! This is how to do it.

The original instruction is

SUBS R1, R0, R1 (in hex: 41 1A - 2 bytes)

to null it you must make it to

NOP (in hex: C0 46 - 2 bytes)

 

change the SUBS R1, R0, R1

Hex to C0 46 to make it Free!!

 

or make it

MOV R0, R7 (in hex: 38 1C - 2 Bytes)

And if it's just a simple BOOL, it's instruction is

MOV R0, #1   -    TRUE

MOV R0, #0   -    False

I am not sure on everything that I have posted because I am just really a beginner at IDA, this is just a little tut that might help you.

 

Source:

 

http://iosgods.com/topic/1469-ida-hacking-tutorial-2/          

 

http://iosgods.com/topic/1470-tutorial-ida-hacking-tutorial-3/

 

http://iosgods.com/topic/852-tutorial-how-to-hack-using-ida/

 

I just summarized it.

 

And @Salman1700 here it is.

Updated December 31, 2015 by --Techarmor--

[ITz_kser 1.5k 1 7.0.3]

[--Techarmor-- 5.2k 6 9.0.2]

[MojDaGreat 392 27 8.1.2]

nice ty

[ITz_kser 1.5k 1 7.0.3]

 i forgot to say if you want to know if the binary is fully loaded just see this circle

 

 

if it green then the binary is fully loaded

 

 

sorry because i forgot

@@--Techarmor--

Updated January 18, 2016 by ITz_kser

[FazeGod 2]

Good

[Adi2k18 81 iPhone 6 Plus 11.1.2]

Bro this was really helpful can you do a another tut please?