Help/Support [IDA Attempt] Trouble with IDA Hacking! >_<

[TripMX 17 23 5.1.1]

Hello everyone, TripMX here!  I've recently taken up interest in IDA Hacking.

 

I'm a freelance coder and have used other such tools like THEOS, GamePlayer, Game Guardian, GameGem Flex, Flex 2, etc., and I even dabbled with the GDB (iPad x iPhone) in the past.  With that being said, I want to get into IDA hacking, which seems to be a more powerful means of hacking iOS games in comparison to the other tools...I must admit though, THEOS did a great job when it worked on x version of x iOS of x device....in my case that was iPad 2 on iOS 5.1.1.....that is, until I unwittingly updated THEOS from sdk3 thinking the sdk6+ would still work. ;  Oh well, haha!  I have THEOS installed on my iPad Air 2 (iOS 8.3) with the supposed "fix", but I haven't bothered using it in fear of being disappointed.

 

 

ANYWAYS!  Back to the point; I've done a little bit of research on the ARM documentation as well as followed some tutorials INCLUDING the ones here on iOS Gods, but I STILL can't seem to get even the simplest of IDA hacks to work.  I've thoroughly read EvillyG00d's and ZahirSher's IDA hacking tutorials and followed them, but STILL I fail.

 

 

There must be something either wrong with my setup or the tutorial:

 

LET ME SHOW YOU:

 

My Hardware and Tools

• Jailbroken iPad Air 2 (iOS 8.3)
• Laptop running Windows 10
• IDA Pro v6.8
• HxD Hex Editor
• iFunBox
• Cracked IPA for the game Infection Bio War Free v1.0.14 (same one ZahirSher used in the tutorial)

 

 

HERE'S WHAT I DID:

 

 

^: FIRST, I loaded the cracked binary file like this.

 

 

 

 

 

 

^: SECOND, I selected YES...I tried "No" in later attempts, but it made no difference, as I still failed.

 

 

 

 

 

 

 

^: THIRD, this message pops up.  What does this mean in layman's terms?  If the register ( R ) is 0, [R0]?, then ARM mode is used, otherwise THUMB mode is used?  I can change the value of the virtual register T by pressing ALT-G...........can't I just change the register value in the HEX view instead?  The real value changing occurs in the HxD Hex Editor, right?

 

 

 

 

 

 

 

^: FOURTH, I've successfully loaded up the cracked binary and searched for DNA and found the spendPoints function just like ZahirSher's tutorial showed.

 

 

 

 

 

 

 

 

 

 

 

^: FIFTH, just like ZahirSher's tutorial suggested, I changed the appropriate bytes in the appropriate offset:

 

  Quote

1. SUBS R0, R2, R0   =>  ADD R0, R2, R0 [In HEX: 1018] (It will give you the money it took instead of substracting)
2. SUBS R0, R2, R0   =>  MOVS  R0, R7 [In Hex: 38 1C] (Will give you millions instead of substracting)
3. SUBS R0, R2, R0   =>  NOP [In Hex: C0 46] (it will be FREE)

There is another method you can use 

STR R0, [1] - Stored 0 in 1
Change it to STR R7, [1] - Stores 668 Millon in 1 

Done!   

 

 

^: I tried all three of the above changes, and it still failed.  His last suggestion for changing STR R0, [1] into THUMB HEX does not convert, however, the converter can convert STR R0, [R1] into THUMB HEX....it is not clear whether [R1] and [1] are the same thing or not.  Either way, I went ahead and converted STR R0, [R1] into STR R7, [R1], but the hack STILL failed.

 

 

 

 

 

 

 

 

All in all, I have no idea why the hack failed to execute on my device.  All permissions were set to 777, and the game was unaffected by the hacks.  The DNA subtracted normally.

 

 

So, am I doing something wrong?  Where could have I screwed up?  Can any of you try to crack and hack the binary of the game and see what's the problem?

 

LINK TO GAME: https://itunes.apple.com/us/app/infection-bio-war-free/id805807843?mt=8

 

 

 

 

Sorry for the long post, but thanks for any help in advance!

[AnotherLurker 1.5k]

Are you using a hex editor to modify? You can't modify files right in IDA's hex-view

[TripMX 17 23 5.1.1]

  On 7/20/2016 at 9:50 AM, JustRick said:

Are you using a hex editor to modify? You can't modify files right in IDA's hex-view

 

Yes, I'm using HxD Hex Editor to modify and save the modified cracked binary hex code.

[AnotherLurker 1.5k]

Are you going to the hex offset in the hex editor? (Different than the offset in IDA)

[TripMX 17 23 5.1.1]

  On 7/20/2016 at 9:56 AM, JustRick said:

Are you going to the hex offset in the hex editor? (Different than the offset in IDA)

 

I'm going off the offset based on the offset shown in IDA, which is located in the bottom-left corner of the IDA window.

 

Also, on the IDA screen, it shows this part:

__text:00126CB4                 SUBS            R0, R2, R0

^: The bottom-left of the IDA window has this same 00126CB4 offset (Hex View matches this as well).  In the Hex Editor, I search for this same offset (without the first two zero digits).

[Guest]

  On 7/20/2016 at 9:50 AM, JustRick said:

Are you using a hex editor to modify? You can't modify files right in IDA's hex-view

Yes you can if you click save patches to binary file

 

  On 7/20/2016 at 10:02 AM, TripMX said:

I'm going off the offset based on the offset shown in IDA, which is located in the bottom-left corner of the IDA window.

 

Also, on the IDA screen, it shows this part:

 

__text:00126CB4                 SUBS            R0, R2, R0

^: The bottom-left of the IDA window has this same 00126CB4 offset (Hex View matches this as well).  In the Hex Editor, I search for this same offset (without the first two zero digits).

I think the offset you need is next to it

[TripMX 17 23 5.1.1]

  On 7/20/2016 at 2:26 PM, shmoo said:

I think the offset you need is next to it

 

What do you mean?

 

 

 

 

 

 

^: The current offset is to the bottom-left while the current location is next to it, and they look pretty much the same minus a bunch of zeros.

[TripMX 17 23 5.1.1]

Anybody able to help me with this issue?

[TripMX 17 23 5.1.1]

Anyone out there able to help me with this?

[Yassin Amr 1 iPhone 5 10.3.3]

i wanned to ask is it possible to have a app to run scripts on ios 10.3.3