Help/Support [LLDB] New value [null]

Galmin · January 30, 2017

Hello,

I decided to hack Restaurant Paradise.

I downloaded it using iTunes and then cracked it.

Furthermore, I used http://armconverter.com/binarytools/index.php in order to thin and remove ASLR from the binary...

Then I went to the terminal and signed it... then moved to the app location... app opens...

Now after adding a watchpoint from iGG, it says the following:


/**************** GIKDBG - LLDB.build140515.1 ****************/

Welcome to visit www.gikir.com for more information!

If you have any suggestions, please email to [email protected].
Thank you very much to improve gikdbg!

(lldb) process connect connect://127.0.0.1:23
error: unable to find section for section 32
(lldb) Process 826295 stopped
* thread #1: tid = 0xc9bb7, 0x2281f8a8 libsystem_kernel.dylib`mach_msg_trap + 20, stop reason = signal SIGSTOP
    frame #0: 0x2281f8a8 libsystem_kernel.dylib`mach_msg_trap + 20
libsystem_kernel.dylib`mach_msg_trap + 20:
-> 0x2281f8a8:  pop    {r4, r5, r6, r8}
   0x2281f8ac:  bx     lr

libsystem_kernel.dylib`mach_msg_overwrite_trap:
   0x2281f8b0:  mov    r12, sp
c
Process 826295 resuming
(lldb) error: Process is running.  Use 'process interrupt' to pause execution.
(lldb) Process 826295 stopped
* thread #1: tid = 0xc9bb7, 0x2281f8a8 libsystem_kernel.dylib`mach_msg_trap + 20, stop reason = signal SIGSTOP
    frame #0: 0x2281f8a8 libsystem_kernel.dylib`mach_msg_trap + 20
libsystem_kernel.dylib`mach_msg_trap + 20:
-> 0x2281f8a8:  pop    {r4, r5, r6, r8}
   0x2281f8ac:  bx     lr

libsystem_kernel.dylib`mach_msg_overwrite_trap:
   0x2281f8b0:  mov    r12, sp
w s e - 0x006C65EC
Watchpoint created: Watchpoint 1: addr = 0xffffffffff939a14 size = 4 state = enabled type = w
    new value: (null)
(lldb) c
Process 826295 resuming
(lldb) error: Process is running.  Use 'process interrupt' to pause execution.
(lldb) Process 826295 stopped
* thread #1: tid = 0xc9bb7, 0x2281f8a8 libsystem_kernel.dylib`mach_msg_trap + 20, stop reason = signal SIGSTOP
    frame #0: 0x2281f8a8 libsystem_kernel.dylib`mach_msg_trap + 20
libsystem_kernel.dylib`mach_msg_trap + 20:
-> 0x2281f8a8:  pop    {r4, r5, r6, r8}
   0x2281f8ac:  bx     lr

libsystem_kernel.dylib`mach_msg_overwrite_trap:
   0x2281f8b0:  mov    r12, sp
w s e - 0x0109419C
Watchpoint created: Watchpoint 2: addr = 0xfffffffffef6be64 size = 4 state = enabled type = w
    new value: (null)
(lldb) c
Process 826295 resuming
(lldb)

Nothing changes in LLDB but the value in iGG changes... brb.

Regards,

Galmin

Galmin · January 30, 2017

Anyone?

Mr. Hyperion · January 30, 2017

If the game is online then it cant be hacked by igg. Null is mostly online cause i kept getting null when hacking online games. Maybe the value is checked by the server.

Galmin · January 31, 2017

If the game is online then it cant be hacked by igg. Null is mostly online cause i kept getting null when hacking online games. Maybe the value is checked by the server.

Could be but iGG successfully modified values and I could buy things...

EDIT: It worked with the first offset but I couldn't continue the game it kept debugging... after I closed everything and started all over again I used a different offset but this time I kept getting "new value=null"

Updated January 31, 2017 by Galmin

Mr. Hyperion · January 31, 2017

Could be but iGG successfully modified values and I could buy things...

EDIT: It worked with the first offset but I couldn't continue the game it kept debugging... after I closed everything and started all over again I used a different offset but this time I kept getting "new value=null"

It then means that the game is protected by anti debuggi software