Help/Support IDA Function - What can I change?

Ted2 · June 27, 2016

Hey there,

I am trying to understand IDA Game Hacking, but I am not really getting it.

Did read all tutorials like 947845874 times...

I think this function is hackable:

bool __cdecl -[CurrencyWallet spendValue:](struct CurrencyWallet *self, SEL, unsigned int)
__text:00071F40 __CurrencyWallet_spendValue__           ; DATA XREF: __objc_const:00DAA128o
__text:00071F40                 PUSH            {R4,R7,LR}
__text:00071F42                 ADD             R7, SP, #4
__text:00071F44                 MOV             R4, R0
__text:00071F46                 MOV             R0, #(_OBJC_IVAR_$_CurrencyWallet._quantity - 0x71F52) ; unsigned int _quantity;
__text:00071F4E                 ADD             R0, PC  ; unsigned int _quantity;
__text:00071F50                 LDR             R0, [R0] ; unsigned int _quantity;
__text:00071F52                 LDR             R1, [R4,R0]
__text:00071F54                 CMP             R1, R2

I though the 'MOV R4, R0' could be hacked or 'PUSH {R4,R7,LR}'

I have this problem with like any game, I've no idea what to do...

any help?

Thanks in advance,

cu_rry · June 27, 2016

IDK

Try this

PUSH {R4,R7,LR} > Mov r0, r7 bx lr

Ted2 · June 27, 2016

IDK

Try this

PUSH {R4,R7,LR} > Mov r0, r7 bx lr

Crash..

Zahir · June 27, 2016

do u see any sub instruction

Updated June 27, 2016 by ZahirSher

Ted2 · June 27, 2016

do u see any sub instruction

Will check in a few minutes. Pc randomly turned off so have to load it again.

Ted2 · June 27, 2016

do u see any sub instruction

I see this:

bool __cdecl -[CurrencyWallet spendValue:](struct CurrencyWallet *self, SEL, unsigned int)
__text:00071F40 __CurrencyWallet_spendValue__
__text:00071F40                 PUSH            {R4,R7,LR}
__text:00071F42                 ADD             R7, SP, #4
__text:00071F44                 MOV             R4, R0
__text:00071F46                 MOV             R0, #(_OBJC_IVAR_$_CurrencyWallet._quantity - 0x71F52) ; unsigned int _quantity;
__text:00071F4E                 ADD             R0, PC  ; unsigned int _quantity;
__text:00071F50                 LDR             R0, [R0] ; unsigned int _quantity;
__text:00071F52                 LDR             R1, [R4,R0]
__text:00071F54                 CMP             R1, R2
__text:00071F56                 ITT CC
__text:00071F58                 MOVCC           R0, #0
__text:00071F5A                 POPCC           {R4,R7,PC}
__text:00071F5C                 MOVW            R3, #(:lower16:(selRef_notifyChanges - 0x71F6C))
__text:00071F60                 SUBS            R1, R1, R2
__text:00071F62                 MOVT.W          R3, #(:upper16:(selRef_notifyChanges - 0x71F6C))
__text:00071F66                 STR             R1, [R4,R0]
__text:00071F68                 ADD             R3, PC ; selRef_notifyChanges
__text:00071F6A                 MOV             R0, R4
__text:00071F6C                 LDR             R1, [R3] ; "notifyChanges"
__text:00071F6E                 BLX.W           _objc_msgSend
__text:00071F72                 MOV             R0, #(selRef_persistQuantity - 0x71F7E)
__text:00071F7A                 ADD             R0, PC ; selRef_persistQuantity
__text:00071F7C                 LDR             R1, [R0] ; "persistQuantity"
__text:00071F7E                 MOV             R0, R4
__text:00071F80                 BLX.W           _objc_msgSend
__text:00071F84                 MOVS            R0, #1
__text:00071F86                 POP             {R4,R7,PC}

I assumed that after "__text:00071F56 ITT CC" something else started.. not sure tho...

AnotherLurker · June 27, 2016

I see this:

bool __cdecl -[CurrencyWallet spendValue:](struct CurrencyWallet *self, SEL, unsigned int)
__text:00071F40 __CurrencyWallet_spendValue__
__text:00071F40                 PUSH            {R4,R7,LR}
__text:00071F42                 ADD             R7, SP, #4
__text:00071F44                 MOV             R4, R0
__text:00071F46                 MOV             R0, #(_OBJC_IVAR_$_CurrencyWallet._quantity - 0x71F52) ; unsigned int _quantity;
__text:00071F4E                 ADD             R0, PC  ; unsigned int _quantity;
__text:00071F50                 LDR             R0, [R0] ; unsigned int _quantity;
__text:00071F52                 LDR             R1, [R4,R0]
__text:00071F54                 CMP             R1, R2
__text:00071F56                 ITT CC
__text:00071F58                 MOVCC           R0, #0
__text:00071F5A                 POPCC           {R4,R7,PC}
__text:00071F5C                 MOVW            R3, #(:lower16:(selRef_notifyChanges - 0x71F6C))
__text:00071F60                 SUBS            R1, R1, R2
__text:00071F62                 MOVT.W          R3, #(:upper16:(selRef_notifyChanges - 0x71F6C))
__text:00071F66                 STR             R1, [R4,R0]
__text:00071F68                 ADD             R3, PC ; selRef_notifyChanges
__text:00071F6A                 MOV             R0, R4
__text:00071F6C                 LDR             R1, [R3] ; "notifyChanges"
__text:00071F6E                 BLX.W           _objc_msgSend
__text:00071F72                 MOV             R0, #(selRef_persistQuantity - 0x71F7E)
__text:00071F7A                 ADD             R0, PC ; selRef_persistQuantity
__text:00071F7C                 LDR             R1, [R0] ; "persistQuantity"
__text:00071F7E                 MOV             R0, R4
__text:00071F80                 BLX.W           _objc_msgSend
__text:00071F84                 MOVS            R0, #1
__text:00071F86                 POP             {R4,R7,PC}

I assumed that after "__text:00071F56 ITT CC" something else started.. not sure tho...

You can NOP the

sub r1, r1, r2

or just hook the method:

%hook CurrencyWallet
- (bool)spendValue:(unsigned int)value {
   return YES;
}
%end

Ted2 · June 27, 2016

You can NOP the

sub r1, r1, r2

or just hook the method:

%hook CurrencyWallet
- (bool)spendValue:(unsigned int)value {
   return YES;
}
%end

Hmm not working. Guess the function isn't hackable then?

Tyramisu · June 27, 2016

mov r0, r7

bx lr

voila

-happy life

tyra

Sign In

Help/Support IDA Function - What can I change?

9 posts in this topic

Recommended Posts

Ted2 39.1k iPhone 13 Pro 16.0 Donor

cu_rry 10.8k iPhone 7 Plus 11.2

Ted2 39.1k iPhone 13 Pro 16.0 Donor

Zahir 394.8k iPad Mini 4 13.6

Ted2 39.1k iPhone 13 Pro 16.0 Donor

Ted2 39.1k iPhone 13 Pro 16.0 Donor

AnotherLurker 1.5k

Ted2 39.1k iPhone 13 Pro 16.0 Donor

Tyramisu 4 19 6.1.6

Create an account or sign in to comment

Create an account

Sign in

Our picks

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Important Information

Ted2 39.1k
iPhone 13 Pro

16.0

Donor

cu_rry 10.8k
iPhone 7 Plus

11.2

Ted2 39.1k
iPhone 13 Pro

16.0

Donor

Zahir 394.8k
iPad Mini 4

13.6

Ted2 39.1k
iPhone 13 Pro

16.0

Donor

Ted2 39.1k
iPhone 13 Pro

16.0

Donor

Ted2 39.1k
iPhone 13 Pro

16.0

Donor

Tyramisu 4
19

6.1.6