Help/Support Need Help Updating Offsets

[FateEX 1.6k iPhone Xs Max 13.4.1]

I am not that great at updating offsets. I'm trying to update cheats for Brave Frontier 1.2.2 to 1.2.4, and I'm starting off with Brave Burst Fill. I am using the quick/simple method using IDA to open up the two binaries and text searching the functions to find similar matches, then using the same hex edits to make it work, only it doesnt. What am I doing wrong? Are they not the same? any tips will surely help I changed the hex to 64 20 70 47

 

You can side by side compare the two in Imgur or check them out yourself: BINARY FOR 1.2.2 & 1.2.4

 

Alternatively the screenshots are provided below

 

1.2.2 IDA View

 

1.2.4 IDA View

 

1.2.2 Hex View

 

1.2.4 Hex View

[Gh0stByte 3.2k 4 6.1.2]

Just use iGG and gdb and find the offsets yourself

[Rook 549.3k iPad Pro (2nd gen) 17.4 Donor]

Have you seen this? 

 

http://iosgods.com/topic/74-how-to-update-binary-hacks-video-tutorial/

 

It might help you out. 

[Zahir 392.7k iPad Mini 4 13.6]

Lol

 

Hex Compring and Updating is the worst way ever, there could be some similar stuff in binary, u never know

 

So just use strings method , how did u find the function in 1.2.2, use the same way

[FateEX 1.6k iPhone Xs Max 13.4.1]

Lol

 

Hex Compring and Updating is the worst way ever, there could be some similar stuff in binary, u never know

 

So just use strings method , how did u find the function in 1.2.2, use the same way

Bro, you give me too much credit. I'm still learning. Another guy found those, I used to work with the guy 'cause he didn't have an iPhone So I'm trying to update those

Updated January 22, 2015 by Javi Tech

[jx1992 0]

Lol

 

Hex Compring and Updating is the worst way ever, there could be some similar stuff in binary, u never know

 

So just use strings method , how did u find the function in 1.2.2, use the same way

 

I respectfully disagree. Ultimately, even via strings, you'd be led to functions that seem similar because similar functions can reference the same string. Finally for BF (at least for 1.2.2), strings are referenced dynamically so they don't show up as cross references in IDA. Strings method can work but it'll be as tedious as hex comparing.

[Gh0stByte 3.2k 4 6.1.2]

@@Javi Tech here's how you do it

 

 

Open up both binarys side by side

 

Jump (in the old binary) to the offset that you have (g)

Next copy something around it that is uniqueish (like the CMP r2, #0)

Then jump to the old offset in the new binary (It's closser to the new one)

Then search (alt +t) that (start with down) and find a function that looks like the graph view of the old function and it has the same arm code.

If you can't find it with down, then jump in the new binary hack to the old offset and search ip, or search something else

There you go

 

Credit: Lawivido (just taught me like 2 min ago)

 

@@ZahirSher This is a lot better then hex compare

Updated January 22, 2015 by Gh0stByte