Jump to content
Sign in to follow this  
--Techarmor--

TuT [Tutorial] How to use IDA to hack iOS Apps

7 posts in this topic

Recommended Posts

Hacking a Binary has never been easy for me. Well I don't know for you, because I am gonna be sharing some of my knowledge about IDA. Which you might find it hard to do because I am your trainer. So I am gonna start now.

 

When using IDA always remember that when Always choose the processor type to ARM Little Endian And

DO NOT open the Binary as Binary File open it as what your phone supports For example my phone supports ARMv7 or ARMv7s

 


 

After opening the Binary wait for it to load. You will know that it is fully loaded when the Bar on top is Blue.

 

And if hacking always search for the Fuction Name. For example Bucks. Use the little window on the left that is labeled "Function Name". And press Alt + T to search for the functions.

 

Then after you have found the Function its time to edit the instruction. The instructions are the things that makes the Function a Function. An example of an instruction is:

MOV R0, R7
BX LR 
ADD R0, R1, R0
SUB SP,SP,

And many more.

 

So now let's really start.

 

For example the instruction that I will edit is:

 LDRD.W          R0, R1, [R0,#0x334] (in hex: D0 E9 CD 01 - Which is 4 bytes)

And As I said that I will hack the bucks so that is the Loader. Loader, this thing loads the value into a register.

 

To hack this you must edit this to

MOV R0, R7 (in hex: 381C - Which is 2 bytes)

Changing it to MOV is not just changing it's name, you must edit it's hex.

After changing the hex. Save it, then the binary is hacked!

 

But if you're hacking the Buy price for example:

SUBS            R1, R0, R1

You could null, or instead of your money decreasing it will give you millions! This is how to do it.

The original instruction is

SUBS R1, R0, R1 (in hex: 41 1A - 2 bytes)

to null it you must make it to

NOP (in hex: C0 46 - 2 bytes)

 

change the SUBS R1, R0, R1

Hex to C0 46 to make it Free!!

 

or make it

MOV R0, R7 (in hex: 38 1C - 2 Bytes)

And if it's just a simple BOOL, it's instruction is

MOV R0, #1   -    TRUE

MOV R0, #0   -    False

I am not sure on everything that I have posted because I am just really a beginner at IDA, this is just a little tut that might help you.

 

Source:

 

http://iosgods.com/topic/1469-ida-hacking-tutorial-2/          

 

http://iosgods.com/topic/1470-tutorial-ida-hacking-tutorial-3/

 

http://iosgods.com/topic/852-tutorial-how-to-hack-using-ida/

 

I just summarized it.

 

And @Salman1700 here it is.

Edited by --Techarmor--
  • Like 1
  • Upvote 3

Share this post


Link to post
Share on other sites

 i forgot to say if you want to know if the binary is fully loaded just see this circle

 

cIUGi4Z.png

 

if it green then the binary is fully loaded

 

hcJKWsr.png

 

sorry because i forgot :lol:

@@--Techarmor--

Edited by ITz_kser

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • By Zimon
      This is a start pack/list with everything about iOS Hacking. We will try and keep this up to date as much as we can but you should also always use the search function on iOSGods to find new topics. If you have any questions or problems, make a Help & Support topic. We also have a Coding Center where people share their offsets and code for you to study and learn.

      Here is a list of some general tools/requirements for hacking iOS applications:
       
      How to Install Theos: 
       
       

      Have you never hacked on iOS? This is what I recommend you do:
       
       
       
       
      After that you've practiced the previous method of hacking (MS) on multiple games, you are ready to move on to the "next step", which is MS Hooking.
       
       
      Now when you know how to hack a game using MS hooking, you are ready for the last step, which is hacking games using IDA.
       
      How to Hack Games with IDA:
       
       
       
      Other useful things to know: 
       
      How to Thin a Binary:
       
      How to Crack an Application: 
       
      How to Remove ASLR from a Binary:
       
    • By Basmal121
      Instead of typing /var/theos/bin/nic.pl every time you want to run theos...
      1. Open iFile or FIlza File Manager, then navigate to /bin
      2. Make a new file named "theos"
      2. Open file with text editor and Inside the file, type
      /var/theos/bin/nic.pl Note: If You are using Filza Set the permission of the file to 0777. Thanks @Amuyea
      Now, whenever you want to run theos, just type "theos" in any Terminal.
    • By Najku
      UPDATED AS OF 2018
       
      This method will probably ALWAYS work. I've read through some of the comments and people say they aren't unbanned. Most game developers ban both your device and your account, some only your device or your account. This method can't unban your account ( no method can ). But it clears your phone, so you are able to play the game, on a new account ofcourse.
       
       
       
       
      So, first of all, there are probably many different guides out there regarding how to remove your own bans.

      Now, I have found a way, that is in my opinion the most effective way to get rid of a ban AND it always works. No matter what ban you get, this will remove it, unless you are IP (then just switch to Mobile Networkd if it happened at home, or the other way around). Some people mean this is too much, and not needed and what not, but I mean that, if you want to get unbanned, then why not? It takes 2 minute of your time, and you're done.

      Now, this method will remove all saved passwords/information on your phone. Meaning you will have to type in your iCloud credentials, Facebook, WiFi Password & whatever else you have. It could possibly cause even more issues with your iDevice so use this at your own risk. 
       
       
      I have heard people are having issues with this method. Again, I warn you to use this method as unexpected issues can occur if you use this method. There are other, easier methods you should try first, and ask around. I posted this since I have friends in different countries with no real knowledge about anything regarding this. So the easiest way for them to do it, is to remove the Keychains. I myself use this method aswell, without anything happened, except loosing some game data and passwords.
       
      You have been warned.
      MAKE SURE TO ALWAYS MAKE A BACKUP
       
      USE AT OWN RISK
      A safer way to do this is to remove the App's tables via a SQL command like on this topic which shows you how to get unbanned from Gameloft Games: http://iosgods.com/topic/5595-tutorial-how-to-get-unbanned-from-gameloft-games-on-your-idevice/
       
      This method can be called "hardcore" as it removes Data from your phone. You can read more about it if you just google it. I highly recommend using the above method before anything else. This method will work, if you really really like a game and will go through hell to be unbanned.
      This method can also remove your Game Data of some games. For example Clash of Clans and so on. I am sorry that I don't have a list of the games this affects, but you can probably look it up in no time if you need to.


      Hidden Content
      React or reply to this topic to see the hidden content. More info
    • By TwiiX
      How to Download iBooks onto your iDevice For Free Few Simple Steps less than 2 minutes.
       
       
      Get That Knowledge
       
       


      Hidden Content
      React or reply to this topic to see the hidden content. More info

      There is also a website for free AudioBooks but i havent personally tested this out yet but heres the link for that page if interested.

      Hidden Content
      React or reply to this topic to see the hidden content. More info


      Video: Hidden Content
      React or reply to this topic to see the hidden content. More info


      Credits: Chris Brian Durrant & TheHackSpot
    • By DeathScripts
      NEVER DOWNLOAD ANYTHING FROM IOSCHEATS REPO, ALL THE TWEAKS THERE HAVE BEEN LEACHED FROM IOSGODS.COM AND COULD POSSIBLY BE MALICIOUS
       
      With this being said lets start the guide on how to be able to access iOSGods.com after installing a tweak from the leecher iOSCheats repo:
      You can unblock iOSGods now easily by simply installing this .deb file: http://iosddl.net/53cdeb11ebe0a7ed/Unblock_iOSGods.com.deb
       
      Tutorial:
      Open iFile and browse to /etc/ Open the file called hosts You should see something like this:  ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost XXXXXX 0.0.0.1 www.iosgods.com 0.0.0.1 iosgods.com     4. Delete 
      XXXXXX 0.0.0.1 www.iosgods.com 0.0.0.1 iosgods.com      5. Press return to leave a blank line under ::1 localhost
           6. [strongly recommended] Delete his tweak and his repo. Link to how to remove his repo: https://iosgods.com/topic/22743-how-to-remove-non-removable-repos/page-1?hl=+ioscheats
           7. Enjoy iOSGods.com again
       
      DeathScripts
  • Recently Browsing   0 members

    No registered users viewing this page.


    • Administrator |
    • Global Moderator  |
    • Moderator  |
    • ViP Plus |
    • ViP |
    • Cheater  |
    • Modder  |
    • Novice Cheater |
    • Rookie Modder |
    • Contributor |
    • Senior Member |
    • Member |
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.