Help/Support IDA SUB_X HELP

[Mr. Hyperion 624 9 9.0.2]

So I'm hacking coins in Hungry Shark Evolution and LLDB landed me at the highlighted MOVE (in the pic linked below). So I look around and I found LDR R0, [R0] (thinking that R0 is Coins and R0 is loading into R0! (Confused, sorry bout that). I modified that to MOV R0, R7 (in hex it's 381C) and put binary back into device iPhone 6 iOS 9.0.2! I open game and that coins aren't infinite! Why is this??

 

I used the tut of bypassing ASLR but Ida didn't show the outcome (what I'm supposed to search in Ida) of subtracting ASLR from address LLDB gave me!

 

So what the hell do I do?. I'm a beginner at SUB_X and I already know how to do MSHOOK and modify plist and also hex edit and also Ida functions (no subx)! (I know. I get it. so much for a 14 year old) I need help with sub X! Please!

 

What do I do/what do I modify??

 

Picture: http://imgur.com/lG7A91p

Updated November 11, 2016 by Asianplus

[NitroxicDemon 3.2k 8.1.2]

For armv7 binary i would recommend removing aslr because i tried it once without aslr removed and got an offset

 

Thrn i tried it again with aslr, and did the trick to bypass aslr with lldb and got a different offset

 

 

Thr aslr trick does work with lldb for arm64 however

[Mr. Hyperion 624 9 9.0.2]

For armv7 binary i would recommend removing aslr because i tried it once without aslr removed and got an offset

Thrn i tried it again with aslr, and did the trick to bypass aslr with lldb and got a different offset

Thr aslr trick does work with lldb for arm64 however

But it crashes the game when putting aslr removed thinned binary in the games .app folder. So I dunno what to do what aslr removed crashes the game

 

So therefore I can't search values because the damn game crashes

Updated November 11, 2016 by Asianplus

[NitroxicDemon 3.2k 8.1.2]

So post again a pic of ida of the offset u got from lldb and no aslr

 

 

Use armconverter.com

 

And once u put the binary with aslr back to ur device, sign it first

 

ldid -s BinaryName

 

 

And make sure permissions are set correctly then replace the bin then rehack it

[Mr. Hyperion 624 9 9.0.2]

So post again a pic of ida of the offset u got from lldb and no aslr

Use armconverter.com

And once u put the binary with aslr back to ur device, sign it first

ldid -s BinaryName

And make sure permissions are set correctly then replace the bin then rehack it

Did that and still no work!

[NitroxicDemon 3.2k 8.1.2]

But it crashes the game when putting aslr removed thinned binary in the games .app folder. So I dunno what to do what aslr removed crashes the game

So therefore I can't search values because the damn game crashes

https://iosgods.com/topic/10447-tutorial-how-to-make-removeaslr-work-on-ios-83-84/

 

Works on ios 9 too

[Mr. Hyperion 624 9 9.0.2]

https://iosgods.com/topic/10447-tutorial-how-to-make-removeaslr-work-on-ios-83-84/

Works on ios 9 too

 

Tried it just now and doesn't work for me

[NitroxicDemon 3.2k 8.1.2]

Tried it just now and doesn't work for me

It works perfectly for me you sure you did everything right?

 

There are also strings you can use to hack with

I dont know the exact name but they are something like

SetSessionStandardCurrency

SetSessionPremiumCurrency

[Mr. Hyperion 624 9 9.0.2]

It works perfectly for me you sure you did everything right?

There are also strings you can use to hack with

I dont know the exact name but they are something like

SetSessionStandardCurrency

SetSessionPremiumCurrency

I did everything right! Nothing ever fricking works for me!

[Taylor Meyer 258 iPad Air 2 15.8]

I did everything right! Nothing ever fricking works for me!

i read this again i was like oh shit MEM checks look at this https://iosgods.com/topic/6995-ida-tutorialhow-to-disable-memory-checks/page-1

 

maybe im not for sure that its MEM checks i could be wrong 

Updated November 11, 2016 by Taylor Meyer