Help/Support [IDA] Trying to modify Agar.io CalculateZoom value.

Smvueno · February 20, 2016

Hello there folks!
If you are good at IDA modding i would love to get some help!
I'm trying to figure out how to change the zoom level in Agar.io 1.2.2 for android.

I've extracted libgame.so from the apk.
Opened it in IDA.
Found the CalculateZoom level sub part.
And is now trying to figure out what number to edit and how.

This is the part i am playing around with:

sub_7C59C8                              ; DATA XREF: .data:00F0AAC4o
.text:007C59C8                 STMFD           SP!, {R4-R11,LR}
.text:007C59CC                 ADD             R11, SP, #0x1C
.text:007C59D0                 SUB             SP, SP, #4
.text:007C59D4                 MOV             R4, R0
.text:007C59D8                 LDR             R0, =(_GLOBAL_OFFSET_TABLE_ - 0x7C59EC)
.text:007C59DC                 LDR             R1, =(aNsnumber - 0xF870E8)
.text:007C59E0                 MOV             R8, R3
.text:007C59E4                 ADD             R5, PC, R0 ; _GLOBAL_OFFSET_TABLE_
.text:007C59E8                 ADD             R0, R1, R5 ; "NSNumber"
.text:007C59EC                 MOV             R6, R2
.text:007C59F0                 BL              sub_42004C
.text:007C59F4                 LDR             R9, =(off_F0B040 - 0xF870E8)
.text:007C59F8                 MOV             R2, R6
.text:007C59FC                 ADD             R7, R9, R5 ; off_F0B040
.text:007C5A00                 ADD             R1, R7, #0x158
.text:007C5A04                 BL              sub_424F20
.text:007C5A08                 MOV             R6, R0
.text:007C5A0C                 LDR             R0, [R4,#0xC4]
.text:007C5A10                 ADD             R1, R7, #0x218
.text:007C5A14                 MOV             R2, R6
.text:007C5A18                 BL              sub_424F20
.text:007C5A1C                 MOV             R5, R0
.text:007C5A20                 ADD             R1, R7, #0x200
.text:007C5A24                 BL              sub_424F20
.text:007C5A28                 MOV             R10, R0
.text:007C5A2C                 ADD             R1, R7, #0x230
.text:007C5A30                 MOV             R0, R5
.text:007C5A34                 BL              sub_424F20
.text:007C5A38                 TST             R0, #0xFF
.text:007C5A3C                 BEQ             loc_7C5A5C
.text:007C5A40                 LDR             R0, =(_GLOBAL_OFFSET_TABLE_ - 0x7C5A50)
.text:007C5A44                 MOV             R2, #1
.text:007C5A48                 ADD             R0, PC, R0 ; _GLOBAL_OFFSET_TABLE_
.text:007C5A4C                 ADD             R0, R9, R0 ; off_F0B040
.text:007C5A50                 ADD             R1, R0, #0x118
.text:007C5A54                 MOV             R0, R10
.text:007C5A58                 BL              sub_424F20
.text:007C5A5C
.text:007C5A5C loc_7C5A5C                              ; CODE XREF: sub_7C59C8+74j
.text:007C5A5C                 LDR             R1, =(_GLOBAL_OFFSET_TABLE_ - 0x7C5A70)
.text:007C5A60                 LDR             R0, [R4,#0xC4]
.text:007C5A64                 MOV             R2, R6
.text:007C5A68                 ADD             R1, PC, R1 ; _GLOBAL_OFFSET_TABLE_
.text:007C5A6C                 ADD             R5, R9, R1 ; off_F0B040
.text:007C5A70                 ADD             R1, R5, #0x238
.text:007C5A74                 BL              sub_424F20
.text:007C5A78                 LDR             R0, [R4,#0xCC]
.text:007C5A7C                 ADD             R1, R5, #0x308
.text:007C5A80                 MOV             R2, R6
.text:007C5A84                 BL              sub_424F20
.text:007C5A88                 TST             R8, #0xFF
.text:007C5A8C                 BEQ             loc_7C5AB0
.text:007C5A90                 LDR             R0, =(_GLOBAL_OFFSET_TABLE_ - 0x7C5A9C)
.text:007C5A94                 ADD             R0, PC, R0 ; _GLOBAL_OFFSET_TABLE_
.text:007C5A98                 ADD             R0, R9, R0 ; off_F0B040
.text:007C5A9C                 ADD             R1, R0, #0x48
.text:007C5AA0                 MOV             R0, R4
.text:007C5AA4                 SUB             SP, R11, #0x1C
.text:007C5AA8                 LDMFD           SP!, {R4-R11,LR}
.text:007C5AAC                 B               sub_424F20
.text:007C5AB0 ; ---------------------------------------------------------------------------
.text:007C5AB0
.text:007C5AB0 loc_7C5AB0                              ; CODE XREF: sub_7C59C8+C4j
.text:007C5AB0                 SUB             SP, R11, #0x1C
.text:007C5AB4                 LDMFD           SP!, {R4-R11,PC}
.text:007C5AB4 ; End of function sub_7C59C8

If i change
LDR R0, [R4,#0xC4]
to
MOV R0, R7
It becomes crazy zoomed out and craches.

If i modify it with:
MOV R0, #0x7D0
It just craches again.

I've also been experimenting with a lot of the other values but they all end up in crash.
Anyone got an idea of how to find the right value?

Thanks on forehand!

Agario libgame.so download
Agario Apk download

ITz_kser · February 20, 2016

Maybe it can be

MOV R0, #1

Idk

February 20, 2016

LDR R0, [R4, #C4] modify it again and find out where the crash comes from. Then try patching the crash

Smvueno · February 21, 2016

Seems like the LDR R0, [R4, #C4] is not the key.
It just crashes, sometimes it is small, sometimes normal size and sometimes just crashes with nothing at all there..

Smvueno · February 21, 2016

I have been sitting here this evening too trying to figure this out.

Seems like that no matter what i change, the size is still the same and it will end up in crash :S

Anyone else who are brave enough to try ?