Jump to content

Help with disabling _syscall


Go to solution Solved by Aswag1,

36 posts in this topic

Recommended Posts

Posted (edited)

I'm trying to hack NOVA 3: Freedom Edition, so obviously, being gameloft, they added in _syscall. I've attempted to remove it before but all that happens is that the app would freeze or crash. Here is what I NOP'ed:

 

 

__text:0055F054                 MOV             SP, R4
__text:0055F056                 VST1.64         {D8-D11}, [R4@128]!
__text:0055F05A                 VST1.64         {D12-D15}, [R4@128]
__text:0055F05E                 SUB.W           SP, SP, #0x250
__text:0055F062                 MOV             R10, R0
__text:0055F064                 MOV             R0, #(___stack_chk_guard_ptr - 0x55F072)
__text:0055F06C                 MOV             R8, R1
__text:0055F06E                 ADD             R0, PC ; ___stack_chk_guard_ptr
__text:0055F070                 MOVS            R5, #0
__text:0055F072                 MOVS            R1, #0x1F
__text:0055F074                 MOVS            R2, #0
__text:0055F076                 LDR             R6, [R0] ; ___stack_chk_guard
__text:0055F078                 MOVS            R3, #0
__text:0055F07A                 LDR             R0, [R6]
__text:0055F07C                 STR             R0, [sP,#0x24C]
__text:0055F07E                 MOVS            R0, #0x1A
__text:0055F080                 STR             R5, [sP]
__text:0055F082                 BLX             _syscall
__text:0055F086                 ADD             R4, SP, #0x24
__text:0055F088                 MOV.W           R0, #0x1EC
__text:0055F08C                 STR             R0, [sP,#0x210]
__text:0055F08E                 MOVS            R1, #0
__text:0055F090                 MOV             R0, R4
__text:0055F092                 MOV.W           R2, #0x1EC
__text:0055F096                 BLX             _memset
__text:0055F09A                 MOVS            R0, #1
__text:0055F09C                 MOVS            R1, #0xE
__text:0055F09E                 STR             R0, [sP,#0x14]
__text:0055F0A0                 STR             R1, [sP,#0x18]
__text:0055F0A2                 STR             R0, [sP,#0x1C]
__text:0055F0A4                 BLX             _getpid
__text:0055F0A8                 STR             R0, [sP,#0x20]
__text:0055F0AA                 ADD             R0, SP, #0x14
__text:0055F0AC                 ADD             R3, SP, #0x210
__text:0055F0AE                 MOVS            R1, #4
__text:0055F0B0                 MOV             R2, R4
__text:0055F0B2                 STR             R5, [sP]
__text:0055F0B4                 STR             R5, [sP,#4]
__text:0055F0B6                 BLX             _sysctl
__text:0055F0BA                 MOV             R4, R0
 
After I NOP'ed that the app would crash upon startup. I then NOP'ed:
 
__text:0055F054                 MOV             SP, R4
__text:0055F056                 VST1.64         {D8-D11}, [R4@128]!
__text:0055F05A                 VST1.64         {D12-D15}, [R4@128]
__text:0055F05E                 SUB.W           SP, SP, #0x250
__text:0055F062                 MOV             R10, R0
__text:0055F064                 MOV             R0, #(___stack_chk_guard_ptr - 0x55F072)
__text:0055F06C                 MOV             R8, R1
__text:0055F06E                 ADD             R0, PC ; ___stack_chk_guard_ptr
__text:0055F070                 MOVS            R5, #0
__text:0055F072                 MOVS            R1, #0x1F
__text:0055F074                 MOVS            R2, #0
__text:0055F076                 LDR             R6, [R0] ; ___stack_chk_guard
__text:0055F078                 MOVS            R3, #0
__text:0055F07A                 LDR             R0, [R6]
__text:0055F07C                 STR             R0, [sP,#0x24C]
__text:0055F07E                 MOVS            R0, #0x1A
__text:0055F080                 STR             R5, [sP]
__text:0055F082                 BLX             _syscall
__text:0055F086                 ADD             R4, SP, #0x24
__text:0055F088                 MOV.W           R0, #0x1EC
__text:0055F08C                 STR             R0, [sP,#0x210]
__text:0055F08E                 MOVS            R1, #0
__text:0055F090                 MOV             R0, R4
__text:0055F092                 MOV.W           R2, #0x1EC
__text:0055F096                 BLX             _memset
__text:0055F09A                 MOVS            R0, #1
__text:0055F09C                 MOVS            R1, #0xE
__text:0055F09E                 STR             R0, [sP,#0x14]
__text:0055F0A0                 STR             R1, [sP,#0x18]
__text:0055F0A2                 STR             R0, [sP,#0x1C]
__text:0055F0A4                 BLX             _getpid
__text:0055F0A8                 STR             R0, [sP,#0x20]
__text:0055F0AA                 ADD             R0, SP, #0x14
__text:0055F0AC                 ADD             R3, SP, #0x210
__text:0055F0AE                 MOVS            R1, #4
__text:0055F0B0                 MOV             R2, R4
__text:0055F0B2                 STR             R5, [sP]
__text:0055F0B4                 STR             R5, [sP,#4]
__text:0055F0B6                 BLX             _sysctl
__text:0055F0BA                 MOV             R4, R0
 
Again, same thing. It would crash. So the last thing I did was I changed 
 
__text:0055F072                 MOVS            R1, #0x1F
 
to
 
__text:0055F072                 MOVS            R1, #0x0
 
and the app did not crash this time, it only froze right at the gameloft logo. So I tried to attach it to GDB, because it is technically running if it is frozen, and it gave me segmentation fault: 11. Please, if any of you could help me solve this problem, I would be so happy, its been driving me crazy since the new year :/
 
Thanks!
Updated by Guest
Posted

 

I'm trying to hack NOVA 3: Freedom Edition, so obviously, being gameloft, they added in _syscall. I've attempted to remove it before but all that happens is that the app would freeze or crash. Here is what I NOP'ed:

 

 

__text:0055F054                 MOV             SP, R4
__text:0055F056                 VST1.64         {D8-D11}, [R4@128]!
__text:0055F05A                 VST1.64         {D12-D15}, [R4@128]
__text:0055F05E                 SUB.W           SP, SP, #0x250
__text:0055F062                 MOV             R10, R0
__text:0055F064                 MOV             R0, #(___stack_chk_guard_ptr - 0x55F072)
__text:0055F06C                 MOV             R8, R1
__text:0055F06E                 ADD             R0, PC ; ___stack_chk_guard_ptr
__text:0055F070                 MOVS            R5, #0
__text:0055F072                 MOVS            R1, #0x1F
__text:0055F074                 MOVS            R2, #0
__text:0055F076                 LDR             R6, [R0] ; ___stack_chk_guard
__text:0055F078                 MOVS            R3, #0
__text:0055F07A                 LDR             R0, [R6]
__text:0055F07C                 STR             R0, [sP,#0x24C]
__text:0055F07E                 MOVS            R0, #0x1A
__text:0055F080                 STR             R5, [sP]
__text:0055F082                 BLX             _syscall
__text:0055F086                 ADD             R4, SP, #0x24
__text:0055F088                 MOV.W           R0, #0x1EC
__text:0055F08C                 STR             R0, [sP,#0x210]
__text:0055F08E                 MOVS            R1, #0
__text:0055F090                 MOV             R0, R4
__text:0055F092                 MOV.W           R2, #0x1EC
__text:0055F096                 BLX             _memset
__text:0055F09A                 MOVS            R0, #1
__text:0055F09C                 MOVS            R1, #0xE
__text:0055F09E                 STR             R0, [sP,#0x14]
__text:0055F0A0                 STR             R1, [sP,#0x18]
__text:0055F0A2                 STR             R0, [sP,#0x1C]
__text:0055F0A4                 BLX             _getpid
__text:0055F0A8                 STR             R0, [sP,#0x20]
__text:0055F0AA                 ADD             R0, SP, #0x14
__text:0055F0AC                 ADD             R3, SP, #0x210
__text:0055F0AE                 MOVS            R1, #4
__text:0055F0B0                 MOV             R2, R4
__text:0055F0B2                 STR             R5, [sP]
__text:0055F0B4                 STR             R5, [sP,#4]
__text:0055F0B6                 BLX             _sysctl
__text:0055F0BA                 MOV             R4, R0
 
After I NOP'ed that the app would crash upon startup. I then NOP'ed:
 
__text:0055F054                 MOV             SP, R4
__text:0055F056                 VST1.64         {D8-D11}, [R4@128]!
__text:0055F05A                 VST1.64         {D12-D15}, [R4@128]
__text:0055F05E                 SUB.W           SP, SP, #0x250
__text:0055F062                 MOV             R10, R0
__text:0055F064                 MOV             R0, #(___stack_chk_guard_ptr - 0x55F072)
__text:0055F06C                 MOV             R8, R1
__text:0055F06E                 ADD             R0, PC ; ___stack_chk_guard_ptr
__text:0055F070                 MOVS            R5, #0
__text:0055F072                 MOVS            R1, #0x1F
__text:0055F074                 MOVS            R2, #0
__text:0055F076                 LDR             R6, [R0] ; ___stack_chk_guard
__text:0055F078                 MOVS            R3, #0
__text:0055F07A                 LDR             R0, [R6]
__text:0055F07C                 STR             R0, [sP,#0x24C]
__text:0055F07E                 MOVS            R0, #0x1A
__text:0055F080                 STR             R5, [sP]
__text:0055F082                 BLX             _syscall
__text:0055F086                 ADD             R4, SP, #0x24
__text:0055F088                 MOV.W           R0, #0x1EC
__text:0055F08C                 STR             R0, [sP,#0x210]
__text:0055F08E                 MOVS            R1, #0
__text:0055F090                 MOV             R0, R4
__text:0055F092                 MOV.W           R2, #0x1EC
__text:0055F096                 BLX             _memset
__text:0055F09A                 MOVS            R0, #1
__text:0055F09C                 MOVS            R1, #0xE
__text:0055F09E                 STR             R0, [sP,#0x14]
__text:0055F0A0                 STR             R1, [sP,#0x18]
__text:0055F0A2                 STR             R0, [sP,#0x1C]
__text:0055F0A4                 BLX             _getpid
__text:0055F0A8                 STR             R0, [sP,#0x20]
__text:0055F0AA                 ADD             R0, SP, #0x14
__text:0055F0AC                 ADD             R3, SP, #0x210
__text:0055F0AE                 MOVS            R1, #4
__text:0055F0B0                 MOV             R2, R4
__text:0055F0B2                 STR             R5, [sP]
__text:0055F0B4                 STR             R5, [sP,#4]
__text:0055F0B6                 BLX             _sysctl
__text:0055F0BA                 MOV             R4, R0
 
Again, same thing. It would crash. So the last thing I did was I changed 
 
__text:0055F072                 MOVS            R1, #0x1F
 
to
 
__text:0055F072                 MOVS            R1, #0x0
 
and the app did not crash this time, it only froze right at the gameloft logo. So I tried to attach it to GDB, because it is technically running if it is frozen, and it gave me segmentation fault: 11. Please, if any of you could help me solve this problem, I would be so happy, its been driving me crazy since the new year :/
 
Thanks!

 

bro GameLoft's game are not that easy lol u should learn save game hack then ms then ida then code inject :3 

Posted (edited)

bro GameLoft's game are not that easy lol u should learn save game hack then ms then ida then code inject :3

 

I know that already, this is one of the first forums I've signed up with. I know how to use GDB to find offsets in IDA and I know how to patch a binary. My first hack was a savegame for COD: BOZ for v1.3.3, I already learned MS, MSHook, and I'm doing IDA and code inject (writeData) right now and I'm working on Dead Trigger 2 but decided to take a break and do this because I get angry very easily lol

 

so im not really a beginner ;)

 

@ 

@

Updated by Guest
Posted

@

:facepalm: he already understands arm, no need to go through all that outdated crap

 

@@Shmoo419

hmmm... me and Swag had the same issue with Brothers In arms 3...

 

trying disabling calls to _dlsym

hmm Its work for me :/

Posted

@@Laxus

 

O.o really?, with syscall patched? try brothers in arms 3, me and Swag had it crash on our devices :/

Works fine on my iP5, not sure about 64 bit devices

Posted (edited)

@

:facepalm: he already understands arm, no need to go through all that outdated crap

 

@@Shmoo419

hmmm... me and Swag had the same issue with Brothers In arms 3...

 

trying disabling calls to _dlsym

OK, I'll try that. Thanks for an answer, I'll see what happenes once I do it. But who is Swag?

 

@

Updated by Guest

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Our picks

    • Metal Slug Rush v1.0.0 [ +9 Cheats ] Currency Max
      Modded/Hacked App: Metal Slug Rush By REVIVECONTENTS CO.,LTD.
      Bundle ID: com.ringgames.msm
      App Store Link: https://apps.apple.com/us/app/metal-slug-rush/id6775727338?uo=4

      🤩 Hack Features

      - Unlimited Gold
      - Unlimited Gems
      - Unlimited Energy
      - Unlimited Silver keys
      - Unlimited Golden Keys
      - Unlimited Special Keys
      - Unlimited Blueprint
      - Unlimited Token
      - Unlimited Ticket +3
        • Thanks
      • 1 reply
    • Metal Slug Rush v1.0.0 [ +9 jailed ] Currency Max
      Modded/Hacked App: Metal Slug Rush By REVIVECONTENTS CO.,LTD.
      Bundle ID: com.ringgames.msm
      App Store Link: https://apps.apple.com/us/app/metal-slug-rush/id6775727338?uo=4

      🤩 Hack Features

      - Unlimited Gold
      - Unlimited Gems
      - Unlimited Energy
      - Unlimited Silver keys
      - Unlimited Golden Keys
      - Unlimited Special Keys
      - Unlimited Blueprint
      - Unlimited Token
      - Unlimited Ticket +3
      • 0 replies
    • Pixel Mage: Idle RPG +10 Mods [ Unlimited Currencies ]
      Mod APK Game Name: Pixel Mage: Idle RPG By StreetComplete
      Rooted Device: Not Required.
      Google Play Store Link: https://play.google.com/store/apps/details?id=com.streetcomplete.pixelmagician

       

      🤩 Hack Features

      - Damage Multiplier
      - Attack/Move Speed Multiplier
      - Freeze Gold
      - Unlimited Gold -> Will increase instead of decrease.
      - Freeze Blue Diamonds
      - Unlimited Blue Diamonds -> Will increase instead of decrease.
      - Freeze Red Diamonds
      - Unlimited Red Diamonds -> Will increase instead of decrease.
      - Freeze Purple Diamonds
      - Unlimited Purple Diamonds -> Will increase instead of decrease.
        • Like
      • 0 replies
    • Pixel Mage: Idle RPG +10 Jailed Cheats [ Unlimited Currencies ]
      Modded/Hacked App: Pixel Mage: Idle RPG By YONGJIN JO
      Bundle ID: com.streetcomplete.pixelmagician
      App Store Link: https://apps.apple.com/us/app/pixel-mage-idle-rpg/id6741889270?uo=4

       


      🤩 Hack Features

      - Damage Multiplier
      - Attack/Move Speed Multiplier
      - Freeze Gold
      - Unlimited Gold -> Will increase instead of decrease.
      - Freeze Blue Diamonds
      - Unlimited Blue Diamonds -> Will increase instead of decrease.
      - Freeze Red Diamonds
      - Unlimited Red Diamonds -> Will increase instead of decrease.
      - Freeze Purple Diamonds
      - Unlimited Purple Diamonds -> Will increase instead of decrease.
        • Winner
        • Like
      • 4 replies
    • Toy Brawlers: Arena Fight +3 Mods [ Damage & Defence ]
      Mod APK Game Name: Toy Brawlers: Arena Fight By Studıo Gamebıt Yazılım Ve Teknoloji Ltd. Şti.
      Rooted Device: Not Required.
      Google Play Store Link: https://play.google.com/store/apps/details?id=com.studiogamebit.toybrawlers

       

      🤩 Hack Features

      - Damage Multiplier
      - Defence Multiplier
      - God Mode
        • Winner
      • 0 replies
    • Bullet Boy v41 [ +1 Cheats ] Gems Max
      Modded/Hacked App: Bullet Boy By Outbox SRL
      Bundle ID: com.pomelogames.BulletBoy
      App Store Link: https://apps.apple.com/us/app/bullet-boy/id899606169?uo=4

      🤩 Hack Features

      - Gems Max
        • Like
      • 0 replies
    • Bullet Boy v41 [ +1 Jailed ] Gems Max
      Modded/Hacked App: Bullet Boy By Outbox SRL
      Bundle ID: com.pomelogames.BulletBoy
      App Store Link: https://apps.apple.com/us/app/bullet-boy/id899606169?uo=4

      🤩 Hack Features

      - Gems Max
        • Like
      • 2 replies
    • AmaZeus: Merge & Shoot v1.4.37 [ +6 Jailed ] ATK MAX
      Modded/Hacked App: AmaZeus: Merge & Shoot By Geisha Tokyo Inc.
      Bundle ID: com.merge.shooter
      App Store Link: https://apps.apple.com/us/app/amazeus-merge-shoot/id6742771024?uo=4

      🤩 Hack Features

      - Energy Max
      - Always Last Wave
      - AKF Rewards
      Hero Stats
      - HP Freeze
      - ATK MAX
      Enemy Stats
      - ATK 0
        • Like
      • 2 replies
    • AmaZeus: Merge & Shoot v1.4.37 [ +6 Cheats ] ATK MAX
      Modded/Hacked App: AmaZeus: Merge & Shoot By Geisha Tokyo Inc.
      Bundle ID: com.merge.shooter
      App Store Link: https://apps.apple.com/us/app/amazeus-merge-shoot/id6742771024?uo=4
      🤩 Hack Features

      - Energy Max
      - Always Last Wave
      - AKF Rewards
      Hero Stats
      - HP Freeze
      - ATK MAX
      Enemy Stats
      - ATK 0
        • Like
      • 3 replies
    • Mini DAYZ 2 +4 Jailed Cheats [ ESP Boxes, Lines ]
      Modded/Hacked App: Mini DAYZ 2 By Bohemia Interactive AS
      Bundle ID: com.bistudio.minidayz2
      App Store Link: https://apps.apple.com/us/app/mini-dayz-2/id1482111801?uo=4

       


      🤩 Hack Features

      - Ally ESP Boxes
      - Ally ESP Lines
      - Ally ESP Health
      - Ally ESP Distance
      - Enemy ESP Boxes
      - Enemy ESP Lines
      - Enemy ESP Health
      - Enemy ESP Distance
        • Agree
        • Haha
        • Like
      • 7 replies
    • Haikyuu!! ( ハイキュー!! ) TOUCH AND CONNECT +4 Mods [ Auto Win ]
      Mod APK Game Name: ハイキュー!! TOUCH AND CONNECT By G Holdings co., ltd.
      Rooted Device: Not Required.
      Google Play Store Link: https://play.google.com/store/apps/details?id=com.gholdings.haicone

       

      🤩 Hack Features

      - Unlimited Score
      - Freeze Moves
      - Freeze In-Game Timer
      - Auto Win
        • Winner
        • Like
      • 0 replies
    • Haikyuu!! ( ハイキュー!! ) TOUCH AND CONNECT +4 Jailed Cheats [ Auto Win ]
      Modded/Hacked App: ハイキュー!! TOUCH AND CONNECT By G HOLDINGS CO., LTD.
      Bundle ID: com.gholdings.haicone
      App Store Link: https://apps.apple.com/jp/app/%E3%83%8F%E3%82%A4%E3%82%AD%E3%83%A5%E3%83%BC-touch-and-connect/id6755984289?uo=4

       

      🤩 Hack Features

      - Unlimited Score
      - Freeze Moves
      - Freeze In-Game Timer
      - Auto Win
        • Winner
        • Like
      • 1 reply
×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines