Jump to content

Help with disabling _syscall


Go to solution Solved by Aswag1,

36 posts in this topic

Recommended Posts

Posted (edited)

I'm trying to hack NOVA 3: Freedom Edition, so obviously, being gameloft, they added in _syscall. I've attempted to remove it before but all that happens is that the app would freeze or crash. Here is what I NOP'ed:

 

 

__text:0055F054                 MOV             SP, R4
__text:0055F056                 VST1.64         {D8-D11}, [R4@128]!
__text:0055F05A                 VST1.64         {D12-D15}, [R4@128]
__text:0055F05E                 SUB.W           SP, SP, #0x250
__text:0055F062                 MOV             R10, R0
__text:0055F064                 MOV             R0, #(___stack_chk_guard_ptr - 0x55F072)
__text:0055F06C                 MOV             R8, R1
__text:0055F06E                 ADD             R0, PC ; ___stack_chk_guard_ptr
__text:0055F070                 MOVS            R5, #0
__text:0055F072                 MOVS            R1, #0x1F
__text:0055F074                 MOVS            R2, #0
__text:0055F076                 LDR             R6, [R0] ; ___stack_chk_guard
__text:0055F078                 MOVS            R3, #0
__text:0055F07A                 LDR             R0, [R6]
__text:0055F07C                 STR             R0, [sP,#0x24C]
__text:0055F07E                 MOVS            R0, #0x1A
__text:0055F080                 STR             R5, [sP]
__text:0055F082                 BLX             _syscall
__text:0055F086                 ADD             R4, SP, #0x24
__text:0055F088                 MOV.W           R0, #0x1EC
__text:0055F08C                 STR             R0, [sP,#0x210]
__text:0055F08E                 MOVS            R1, #0
__text:0055F090                 MOV             R0, R4
__text:0055F092                 MOV.W           R2, #0x1EC
__text:0055F096                 BLX             _memset
__text:0055F09A                 MOVS            R0, #1
__text:0055F09C                 MOVS            R1, #0xE
__text:0055F09E                 STR             R0, [sP,#0x14]
__text:0055F0A0                 STR             R1, [sP,#0x18]
__text:0055F0A2                 STR             R0, [sP,#0x1C]
__text:0055F0A4                 BLX             _getpid
__text:0055F0A8                 STR             R0, [sP,#0x20]
__text:0055F0AA                 ADD             R0, SP, #0x14
__text:0055F0AC                 ADD             R3, SP, #0x210
__text:0055F0AE                 MOVS            R1, #4
__text:0055F0B0                 MOV             R2, R4
__text:0055F0B2                 STR             R5, [sP]
__text:0055F0B4                 STR             R5, [sP,#4]
__text:0055F0B6                 BLX             _sysctl
__text:0055F0BA                 MOV             R4, R0
 
After I NOP'ed that the app would crash upon startup. I then NOP'ed:
 
__text:0055F054                 MOV             SP, R4
__text:0055F056                 VST1.64         {D8-D11}, [R4@128]!
__text:0055F05A                 VST1.64         {D12-D15}, [R4@128]
__text:0055F05E                 SUB.W           SP, SP, #0x250
__text:0055F062                 MOV             R10, R0
__text:0055F064                 MOV             R0, #(___stack_chk_guard_ptr - 0x55F072)
__text:0055F06C                 MOV             R8, R1
__text:0055F06E                 ADD             R0, PC ; ___stack_chk_guard_ptr
__text:0055F070                 MOVS            R5, #0
__text:0055F072                 MOVS            R1, #0x1F
__text:0055F074                 MOVS            R2, #0
__text:0055F076                 LDR             R6, [R0] ; ___stack_chk_guard
__text:0055F078                 MOVS            R3, #0
__text:0055F07A                 LDR             R0, [R6]
__text:0055F07C                 STR             R0, [sP,#0x24C]
__text:0055F07E                 MOVS            R0, #0x1A
__text:0055F080                 STR             R5, [sP]
__text:0055F082                 BLX             _syscall
__text:0055F086                 ADD             R4, SP, #0x24
__text:0055F088                 MOV.W           R0, #0x1EC
__text:0055F08C                 STR             R0, [sP,#0x210]
__text:0055F08E                 MOVS            R1, #0
__text:0055F090                 MOV             R0, R4
__text:0055F092                 MOV.W           R2, #0x1EC
__text:0055F096                 BLX             _memset
__text:0055F09A                 MOVS            R0, #1
__text:0055F09C                 MOVS            R1, #0xE
__text:0055F09E                 STR             R0, [sP,#0x14]
__text:0055F0A0                 STR             R1, [sP,#0x18]
__text:0055F0A2                 STR             R0, [sP,#0x1C]
__text:0055F0A4                 BLX             _getpid
__text:0055F0A8                 STR             R0, [sP,#0x20]
__text:0055F0AA                 ADD             R0, SP, #0x14
__text:0055F0AC                 ADD             R3, SP, #0x210
__text:0055F0AE                 MOVS            R1, #4
__text:0055F0B0                 MOV             R2, R4
__text:0055F0B2                 STR             R5, [sP]
__text:0055F0B4                 STR             R5, [sP,#4]
__text:0055F0B6                 BLX             _sysctl
__text:0055F0BA                 MOV             R4, R0
 
Again, same thing. It would crash. So the last thing I did was I changed 
 
__text:0055F072                 MOVS            R1, #0x1F
 
to
 
__text:0055F072                 MOVS            R1, #0x0
 
and the app did not crash this time, it only froze right at the gameloft logo. So I tried to attach it to GDB, because it is technically running if it is frozen, and it gave me segmentation fault: 11. Please, if any of you could help me solve this problem, I would be so happy, its been driving me crazy since the new year :/
 
Thanks!
Updated by Guest
Posted

 

I'm trying to hack NOVA 3: Freedom Edition, so obviously, being gameloft, they added in _syscall. I've attempted to remove it before but all that happens is that the app would freeze or crash. Here is what I NOP'ed:

 

 

__text:0055F054                 MOV             SP, R4
__text:0055F056                 VST1.64         {D8-D11}, [R4@128]!
__text:0055F05A                 VST1.64         {D12-D15}, [R4@128]
__text:0055F05E                 SUB.W           SP, SP, #0x250
__text:0055F062                 MOV             R10, R0
__text:0055F064                 MOV             R0, #(___stack_chk_guard_ptr - 0x55F072)
__text:0055F06C                 MOV             R8, R1
__text:0055F06E                 ADD             R0, PC ; ___stack_chk_guard_ptr
__text:0055F070                 MOVS            R5, #0
__text:0055F072                 MOVS            R1, #0x1F
__text:0055F074                 MOVS            R2, #0
__text:0055F076                 LDR             R6, [R0] ; ___stack_chk_guard
__text:0055F078                 MOVS            R3, #0
__text:0055F07A                 LDR             R0, [R6]
__text:0055F07C                 STR             R0, [sP,#0x24C]
__text:0055F07E                 MOVS            R0, #0x1A
__text:0055F080                 STR             R5, [sP]
__text:0055F082                 BLX             _syscall
__text:0055F086                 ADD             R4, SP, #0x24
__text:0055F088                 MOV.W           R0, #0x1EC
__text:0055F08C                 STR             R0, [sP,#0x210]
__text:0055F08E                 MOVS            R1, #0
__text:0055F090                 MOV             R0, R4
__text:0055F092                 MOV.W           R2, #0x1EC
__text:0055F096                 BLX             _memset
__text:0055F09A                 MOVS            R0, #1
__text:0055F09C                 MOVS            R1, #0xE
__text:0055F09E                 STR             R0, [sP,#0x14]
__text:0055F0A0                 STR             R1, [sP,#0x18]
__text:0055F0A2                 STR             R0, [sP,#0x1C]
__text:0055F0A4                 BLX             _getpid
__text:0055F0A8                 STR             R0, [sP,#0x20]
__text:0055F0AA                 ADD             R0, SP, #0x14
__text:0055F0AC                 ADD             R3, SP, #0x210
__text:0055F0AE                 MOVS            R1, #4
__text:0055F0B0                 MOV             R2, R4
__text:0055F0B2                 STR             R5, [sP]
__text:0055F0B4                 STR             R5, [sP,#4]
__text:0055F0B6                 BLX             _sysctl
__text:0055F0BA                 MOV             R4, R0
 
After I NOP'ed that the app would crash upon startup. I then NOP'ed:
 
__text:0055F054                 MOV             SP, R4
__text:0055F056                 VST1.64         {D8-D11}, [R4@128]!
__text:0055F05A                 VST1.64         {D12-D15}, [R4@128]
__text:0055F05E                 SUB.W           SP, SP, #0x250
__text:0055F062                 MOV             R10, R0
__text:0055F064                 MOV             R0, #(___stack_chk_guard_ptr - 0x55F072)
__text:0055F06C                 MOV             R8, R1
__text:0055F06E                 ADD             R0, PC ; ___stack_chk_guard_ptr
__text:0055F070                 MOVS            R5, #0
__text:0055F072                 MOVS            R1, #0x1F
__text:0055F074                 MOVS            R2, #0
__text:0055F076                 LDR             R6, [R0] ; ___stack_chk_guard
__text:0055F078                 MOVS            R3, #0
__text:0055F07A                 LDR             R0, [R6]
__text:0055F07C                 STR             R0, [sP,#0x24C]
__text:0055F07E                 MOVS            R0, #0x1A
__text:0055F080                 STR             R5, [sP]
__text:0055F082                 BLX             _syscall
__text:0055F086                 ADD             R4, SP, #0x24
__text:0055F088                 MOV.W           R0, #0x1EC
__text:0055F08C                 STR             R0, [sP,#0x210]
__text:0055F08E                 MOVS            R1, #0
__text:0055F090                 MOV             R0, R4
__text:0055F092                 MOV.W           R2, #0x1EC
__text:0055F096                 BLX             _memset
__text:0055F09A                 MOVS            R0, #1
__text:0055F09C                 MOVS            R1, #0xE
__text:0055F09E                 STR             R0, [sP,#0x14]
__text:0055F0A0                 STR             R1, [sP,#0x18]
__text:0055F0A2                 STR             R0, [sP,#0x1C]
__text:0055F0A4                 BLX             _getpid
__text:0055F0A8                 STR             R0, [sP,#0x20]
__text:0055F0AA                 ADD             R0, SP, #0x14
__text:0055F0AC                 ADD             R3, SP, #0x210
__text:0055F0AE                 MOVS            R1, #4
__text:0055F0B0                 MOV             R2, R4
__text:0055F0B2                 STR             R5, [sP]
__text:0055F0B4                 STR             R5, [sP,#4]
__text:0055F0B6                 BLX             _sysctl
__text:0055F0BA                 MOV             R4, R0
 
Again, same thing. It would crash. So the last thing I did was I changed 
 
__text:0055F072                 MOVS            R1, #0x1F
 
to
 
__text:0055F072                 MOVS            R1, #0x0
 
and the app did not crash this time, it only froze right at the gameloft logo. So I tried to attach it to GDB, because it is technically running if it is frozen, and it gave me segmentation fault: 11. Please, if any of you could help me solve this problem, I would be so happy, its been driving me crazy since the new year :/
 
Thanks!

 

bro GameLoft's game are not that easy lol u should learn save game hack then ms then ida then code inject :3 

Posted (edited)

bro GameLoft's game are not that easy lol u should learn save game hack then ms then ida then code inject :3

 

I know that already, this is one of the first forums I've signed up with. I know how to use GDB to find offsets in IDA and I know how to patch a binary. My first hack was a savegame for COD: BOZ for v1.3.3, I already learned MS, MSHook, and I'm doing IDA and code inject (writeData) right now and I'm working on Dead Trigger 2 but decided to take a break and do this because I get angry very easily lol

 

so im not really a beginner ;)

 

@ 

@

Updated by Guest
Posted

@

:facepalm: he already understands arm, no need to go through all that outdated crap

 

@@Shmoo419

hmmm... me and Swag had the same issue with Brothers In arms 3...

 

trying disabling calls to _dlsym

hmm Its work for me :/

Posted

@@Laxus

 

O.o really?, with syscall patched? try brothers in arms 3, me and Swag had it crash on our devices :/

Works fine on my iP5, not sure about 64 bit devices

Posted (edited)

@

:facepalm: he already understands arm, no need to go through all that outdated crap

 

@@Shmoo419

hmmm... me and Swag had the same issue with Brothers In arms 3...

 

trying disabling calls to _dlsym

OK, I'll try that. Thanks for an answer, I'll see what happenes once I do it. But who is Swag?

 

@

Updated by Guest

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Our picks

    • Tiny Bookshop +2 Jailed Cheats [ Full Game Unlocked ]
      Modded/Hacked App: Tiny Bookshop By Skystone Games Inc.
      Bundle ID: com.neoludic.tbs
      App Store Link: https://apps.apple.com/us/app/tiny-bookshop/id6766267906?uo=4

       

      🤩 Hack Features

      - Unlimited Money & Books -> Earn or spend some.
      -- Full Game Unlocked
      • 0 replies
    • ZakuzakuSlash +5 Mods [ Damage & Defence ]
      Mod APK Game Name: ZakuzakuSlash By nekosuko
      Rooted Device: Not Required.
      Google Play Store Link: https://play.google.com/store/apps/details?id=jp.nekosuko.zakuzakuslash

       

      🤩 Hack Features

      - Damage Multiplier
      - Defence Multiplier
      - God Mode
      - XP Multiplier
      - Unlimited Gold -> Will increase instead of decrease.
      • 0 replies
    • Gun and Girls : Gunner Maker +10 Jailed Cheats [ Damage & Defence ]
      Modded/Hacked App: Gun and Girls : Gunner Maker By MouseDuck Co., Ltd.
      Bundle ID: com.mouseduck.gungame
      App Store Link: https://apps.apple.com/us/app/gun-and-girls-gunner-maker/id1587842780?uo=4

       

      🤩 Hack Features

      - Damage Multiplier
      - Defence Multiploer
      - God Mode
      - Monster Count Modifier

      VIP
      - Add Gold
      - Add Diamonds
      - Add Shell Casings
      - Add Event Currency
      - Unlock All Skills
      - Unlock All Costumes
      • 1 reply
    • Undying Hero: Idle RPG +3 Jailed Cheats [ Damage + More ]
      Modded/Hacked App: Undying Hero: Idle RPG By SUPERBOX. Inc
      Bundle ID: com.superpixel.undyinghero
      App Store Link: https://apps.apple.com/us/app/undying-hero-idle-rpg/id6758293735?uo=4

       

      🤩 Hack Features

      - Damage Multiplier
      - One-Hit Kill
      - Freeze Currencies
      • 5 replies
    • Real Survival: Not Fake v1.0.1 [ +5 APK MOD ] Currency Max
      Mod APK Game Name: Real Survival: Not Fake
      Rooted Device: Not Required.
      Google Play Store Link: https://play.google.com/store/apps/details?id=com.devdop.realsurvivalnotfake

      🤩 Hack Features

      - Auto ADS No
      - Unlimited Gems
      - Unlimited Coins
      - Unlimited Wood
      - Unlimited Meet
      • 1 reply
    • Real Survival: Not Fake v1.1.0 [ +5 Cheats ] Currency Max
      Modded/Hacked App: Real Survival: Not Fake By Dan Lespect
      Bundle ID: com.devdop.realsurvivalnotfake
      App Store Link: https://apps.apple.com/us/app/real-survival-not-fake/id6777072156?uo=4

       

       

      📌 Mod Requirements

      - Jailbroken iPhone or iPad.
      - iGameGod / Filza / iMazing.
      - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak (from Sileo, Cydia or Zebra).

       

      🤩 Hack Features

      - Auto ADS No
      - Unlimited Gems
      - Unlimited Coins
      - Unlimited Wood
      - Unlimited Meet

       

      ⬇️ iOS Hack Download Link


      Hidden Content

      Download Hack







       

      📖 iOS Installation Instructions

      STEP 1: Download the .deb hack file from the link above. Use Safari, Google Chrome or other iOS browsers to download.
      STEP 2: Once the file has downloaded, tap on it and then you will be prompted on whether you want to open the deb with iGameGod or copy it to Filza.
      STEP 3: If needed, tap on the downloaded file again, then select ‘Normal Install’ from the options on your screen.
      STEP 4: Let iGameGod/Filza finish the cheat installation. If it doesn’t install successfully, see the note below.
      STEP 5: Open the game, log in to your iOSGods account when asked, then toggle on the features you want and enjoy!

       

      NOTE: If you have any questions or problems, read our Jailbreak iOS Hack Troubleshooting & Frequently Asked Questions & Answers topic. If you still haven't found a solution, post your issue below and we'll do our best to help! If the hack does work for you, please post your feedback below and help out other fellow members that are encountering issues.

       

      🙌 Credits

      - IK_IK

       

      📷 Cheat Video/Screenshots

      N/A

       

      More iOS App Hacks
      If you’re looking for Non-Jailbroken & No Jailbreak required iOS IPA hacks, visit the iOS Game Cheats & Hacks or the iOSGods App for a variety of modded games and apps for non-jailbroken iOS devices.

      Modded Android APKs
      Need modded apps or games for Android? Check out the latest custom APK mods, cheats & more in our Android Section.
      • 3 replies
    • Real Survival: Not Fake v1.1.0 [ +5 Jailed ] Currency Max
      Modded/Hacked App: Real Survival: Not Fake By Dan Lespect
      Bundle ID: com.devdop.realsurvivalnotfake
      App Store Link: https://apps.apple.com/us/app/real-survival-not-fake/id6777072156?uo=4

      🤩 Hack Features

      - Auto ADS No
      - Unlimited Gems
      - Unlimited Coins
      - Unlimited Wood
      - Unlimited Meet
      • 6 replies
    • 거너거너 Guner Guner v1.0.1 [ +2 APK MOD ] ATK MAX
      Mod APK Game Name: 거너거너 Guner Guner
      Rooted Device: Not Required.
      Google Play Store Link: https://play.google.com/store/apps/details?id=com.brightdawn.android.gngn

      🤩 Hack Features

      - HP MAX
      - ATK MAX
      • 0 replies
    • 거너거너 Guner Guner v1.0 [ +2 Cheats ] ATK MAX
      Modded/Hacked App: 거너거너 Guner Guner By Brightdawn Inc.
      Bundle ID: com.brightdawn.ios.gngn
      App Store Link: https://apps.apple.com/kr/app/%EA%B1%B0%EB%84%88%EA%B1%B0%EB%84%88/id6777852933?uo=4

      🤩 Hack Features

      - HP MAX
      - ATK MAX
      • 1 reply
    • 거너거너 Guner Guner v1.0 [ +2 Jailed ] ATK MAX
      Modded/Hacked App: 거너거너 Guner Guner By Brightdawn Inc.
      Bundle ID: com.brightdawn.ios.gngn
      App Store Link: https://apps.apple.com/kr/app/%EA%B1%B0%EB%84%88%EA%B1%B0%EB%84%88/id6777852933?uo=4
      🤩 Hack Features

      - HP MAX
      - ATK MAX
      • 2 replies
    • Guildmaster v1.3.19 [ +3 APK MOD ] Currency Max
      Mod APK Game Name: Guildmaster Idle
      Rooted Device: Not Required.
      Google Play Store Link: https://play.google.com/store/apps/details?id=com.ElvenryStudios.Guildmaster&hl=en

      🤩 Hack Features

      - Runes Max
      - Gold Max
      - Inventory Items Max ++30
      • 0 replies
    • Guildmaster Idle v1.3.19 [ +3 Cheats ] Currency Max
      Modded/Hacked App: Guildmaster Idle By Elvenry Studios Limited
      Bundle ID: com.ElvenryStudios.Guildmaster
      App Store Link: https://apps.apple.com/us/app/guildmaster-idle/id1588390905?uo=4

      🤩 Hack Features

      - Runes Max
      - Gold Max
      - Inventory Items Max ++30
      • 0 replies
×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines