Help/Support Anti Debugging Protection

[Archangel04 33.1k iPhone 7 14.3]

Hi guys,

 

In IDA, I am hacking Star Wars: Force Arena currently

 

I had a question regarding breaking the anti debugging protection (sysctl). Should I NOP the main function which I get from imports or go to each xref branching to that function and NOP those functions?

 

If i go with the first route,  (NOP on first command), the game crashes on launch. 

 

If I NOP any one of the xrefs i get crash on launch.

 

Any tips? Ive done trial and error, but would like a tip on how to proceed

[Rook 567.6k iPad Pro (2nd gen) 17.4 Donor]

Have you seen the Anti Anti Debugger protection tooic by shmoo?

 

https://iosgods.com/topic/26721-breaking-securityhow-to-disable-syscall-anti-debugging-protection/

[fahadxmb 10.3k iPhone 6 dunno]

see this

https://iosgods.com/topic/26721-breaking-securityhow-to-disable-syscall-anti-debugging-protection/

[Guest]

Hi guys,

 

In IDA, I am hacking Star Wars: Force Arena currently

 

I had a question regarding breaking the anti debugging protection (sysctl). Should I NOP the main function which I get from imports or go to each xref branching to that function and NOP those functions?

 

If i go with the first route,  (NOP on first command), the game crashes on launch. 

 

If I NOP any one of the xrefs i get crash on launch.

 

Any tips? Ive done trial and error, but would like a tip on how to proceed

Do you even get segfault 11 when attaching

[Archangel04 33.1k iPhone 7 14.3]

Do you even get segfault 11 when attaching

I dont get segfault but GDB says that there are anti debugging protections and something about "dirty" 

Have you seen the Anti Anti Debugger protection tooic by shmoo?

 

https://iosgods.com/topic/26721-breaking-securityhow-to-disable-syscall-anti-debugging-protection/

yes, i did follow that. Game crashes on doing that

 

The error in GDB was

 

"Possible sections of anti debug trick detected at segment"

Updated January 15, 2017 by Archangel04

[Guest]

I dont get segfault but GDB says that there are anti debugging protections and something about "dirty"

 

yes, i did follow that. Game crashes on doing that

 

The error in GDB was

 

"Possible sections of anti debug trick detected at segment"

Don't worry about the dirty data error. You can ignore it. Redownload the game to get a fresh binary or if you backed one up use that and try again because you probably modified the current binary very badly Updated January 15, 2017 by Guest

[Archangel04 33.1k iPhone 7 14.3]

Don't worry about the dirty data error. You can ignore it

Even if there are like 60-70 of them? Also, my offset from Gameplayer shows a VERY different value as compared to that in game

[Guest]

Even if there are like 60-70 of them? Also, my offset from Gameplayer shows a VERY different value as compared to that in game

If you are hacking floats they'll be around 1120403456 in LLDB, don't worry about it. And yes just ignore the dirty data thing even if there are alot of them you can debug as normal

[Archangel04 33.1k iPhone 7 14.3]

Don't worry about the dirty data error. You can ignore it. Redownload the game to get a fresh binary or if you backed one up use that and try again because you probably modified the current binary very badly

I have multiple copies of the original binary. I always mod the copy rather than the original

 

They arent floats, but DWBs

Updated January 15, 2017 by Archangel04

[Guest]

I have multiple copies of the original binary. I always mod the copy rather than the original

 

They arent floats, but DWBs

No idea then You probably have a wrong mem address