Help/Support LLDB: Issue finding wrong offset for IDA!

Ynotsend · March 28, 2016

Hello, this is not going well at all. So fyi, the game I'm trying to hack right now is, N.O.V.A 3 Freedom Edition. I am not asking for help, on how to hack the game, I know that already. My problem is, after removing ASLR, and disabling ptrace/syscall, I'm still getting an error. My error is: "unable to find section for section 32". Now I believe this error is getting in the way into finding the create IDA offset. So here is the code in LLDB:

(lldb) process connect connect://192.168.0.9:8018
error: unable to find section for section 32
Process 32237 stopped
* thread #1: tid = 0x7ded, 0x373750a4 libsystem_kernel.dylib`_kernelrpc_mach_port_insert_member_trap + 8, stop reason = signal SIGSTOP
frame #0: 0x373750a4 libsystem_kernel.dylib`_kernelrpc_mach_port_insert_member_trap + 8
libsystem_kernel.dylib`_kernelrpc_mach_port_insert_member_trap + 8:
-> 0x373750a4: bx lr

libsystem_kernel.dylib`_kernelrpc_mach_port_extract_member_trap:
   0x373750a8: mvn    r12, #0x16
   0x373750ac: svc    #0x80
(lldb) (lldb) b s -a 0x00F9CB48
Breakpoint 1: no locations (pending).
WARNING: Unable to resolve breakpoint to any actual locations.
(lldb) Breakpoint 2: no locations (pending).
WARNING: Unable to resolve breakpoint to any actual locations.
(lldb) w s e -- 0x00F9CB48
Watchpoint created: Watchpoint 1: addr = 0x00f9cb48 size = 4 state = enabled type = w
    new value: 109760
(lldb) c
Process 32237 resuming
(lldb) Process 32237 stopped
* thread #11: tid = 0x7e5a, 0x37421f88 libsystem_platform.dylib`<redacted> + 112, stop reason = EXC_BREAKPOINT (code=EXC_ARM_DA_DEBUG, subcode=0x19d57fe)
    frame #0: 0x37421f88 libsystem_platform.dylib`<redacted> + 112
libsystem_platform.dylib`<redacted> + 112:
-> 0x37421f88: vst1.8 {d0, d1, d2, d3}, [r12:128]!
   0x37421f8c: bhi    0x37421f80                ; <redacted> + 104
   0x37421f90: add    r12, r12, r3
register read $pc
      pc = 0x37421f88 libsystem_platform.dylib`<redacted> + 112
(lldb)

As you can see, if you look at the pc=0x37421f88, that doesn't match the format in IDA which is something like this: text:00374230(0x00374230). So whats wrong? Why isn't it matching? All of the "text", start with two zero's, so I don't know what I did wrong. This game is server sided, and there is a different version of the game, also called N.O.V.A 3, and its red. And this "red" version, it was super easy to hack. But I did remove ASLR as said before, and removed ptrace/syscall, but still finding these two main issues: "unable to find section for section 32" and the other issue is not matching offsets. PLEASE PLEASE HELP ME.

NitroxicDemon · March 28, 2016

Did you remove ASLR

EDIT: nvm

Updated March 28, 2016 by Alyce Fan

Rook · March 28, 2016

The unable to find section for section 32 is not an error from what I know. Just a warning.

Is your binary thinned?

Ynotsend · March 28, 2016

No, I don't know how to do that. Link?

K3NNNY · March 28, 2016

No, I don't know how to do that. Link?

https://iosgods.com/topic/11571-tutorial-how-to-use-rasticrac-to-crack-an-app-then-thin-the-binary/

Rook · March 30, 2016

@@Ynotsend

Is this solved now?

Ynotsend · March 30, 2016

Well actually sort of, my binary is already thinned. My issue was that I was finding offsets, I wasn't suppose to find. Any tips on finding the right offset for a server sided game?