Help/Support Encoding Branch and Link BL sub_x

Zahir · February 26, 2015

Yeah, he pretty much explains what I already know. I just want to know how to encode BL.W sub_X to hex or if there's a program that can do it for me.

BL.W sub_44F08 -> CA F0 43 F5

Where the heck does CA F0 43 F5 come from?

ITS A BRACH ..

FateEX · February 26, 2015

ITS A BRACH ..

Okay, it's a branch. Now what?

castix · February 26, 2015

Do what I said ..

jayvee · February 26, 2015

Just follow his/her guide. I already understand how he got that hex value but too lazy to do it cause my PC is so slow it takes 30 minutes to do a string search in IDA

FateEX · February 26, 2015

Just follow his/her guide. I already understand how he got that hex value but too lazy to do it cause my PC is so slow it takes 30 minutes to do a string search in IDA

Wow, 30 minutes? I don't need string search, I can find the new functions in less than a minute. The problem is how to encode sub_B9D800 to hex. Otherwise, I would have whipped out my hack by now.

If you say you know it, please explain how to encode sub_B9D800. Because that's all I need.

Updated February 26, 2015 by Javi Tech

castix · February 26, 2015

This discussion is awkward. You can't encode sub headers as the real functions are not existing. Read tutorials how to hack branches it's really an ease.

@@Javi Tech @ you differ from the topic. Your way to get the HEX doesn't make any sense

jayvee · February 28, 2015

Yeah, he pretty much explains what I already know. I just want to know how to encode BL.W sub_X to hex or if there's a program that can do it for me.

BL.W sub_44F08 -> CA F0 43 F5

Where the heck does CA F0 43 F5 come from?

BL.W sub_4D7F8

0X0004D7F8 - (0X006E0618 + 4) = FF96D1DC

1111 1111 1001 0110 1101 0001 1101 1110

1111111 1 1 0 0101101101 0001110111 10

s i1 i2 H L

j1 = 1

j2 = 0

11110 1 0101101101 11 1 1 0 0001110111 0

s H j1 j2 L

1111 0101 0110 1101 1111 0000 1110 1110

F56DF0EE --> 6DF5EEF0

BL.W sub_BAB09C

0000 0000 0100 1100 1010 1010 1000 0110

0000000 0 0 1 0011001010 1010100001 1

s i1 i2 H L

j1 = 1

j2 = 1

1111 0000 1100 1010 1111 0101 0100 0011

F0CAF543 --> CAF043F5

Updated February 28, 2015 by akosijv

jayvee · February 28, 2015

http://web.eecs.umich.edu/~prabal/teaching/resources/eecs373/ARMv7-M_ARM.pdf page 248 for BL encoding guide

You can also use the Branch Finder online by DiDA: http://armconverter.com/branchfinder/

Sign In

Help/Support Encoding Branch and Link BL sub_x

18 posts in this topic

Recommended Posts

Zahir 394.9k iPad Mini 4 13.6

FateEX 1.6k iPhone Xs Max 13.4.1

castix 18.5k iPhone X 12.1.1

jayvee 3.4k iPhone SE (2020) 14.4

FateEX 1.6k iPhone Xs Max 13.4.1

castix 18.5k iPhone X 12.1.1

jayvee 3.4k iPhone SE (2020) 14.4

jayvee 3.4k iPhone SE (2020) 14.4

Create an account or sign in to comment

Create an account

Sign in

Our picks

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Important Information

Zahir 394.9k
iPad Mini 4

13.6

FateEX 1.6k
iPhone Xs Max

13.4.1

castix 18.5k
iPhone X

12.1.1

jayvee 3.4k
iPhone SE (2020)

14.4

FateEX 1.6k
iPhone Xs Max

13.4.1

castix 18.5k
iPhone X

12.1.1

jayvee 3.4k
iPhone SE (2020)

14.4

jayvee 3.4k
iPhone SE (2020)

14.4