Help/Support Code Injection doesn't work, except credit popup.

Ted2 · May 4, 2017

Heyyy it's me again..

I used this tutorial also: https://www.dropbox.com/s/y3rcskg8uigt5lm/IDA PRO Code Inject Tutorial.pdf?dl=0

I'm kind of practicing to work with IDA on Pou,

So I figured out how to hack some functions by editing the binary using a hex editor.

Now I wanted to try to make a code injection tweak out of it.

The function is:

; Coins - (int)have
__text:0003EBD4 ; Attributes: bp-based frame
__text:0003EBD4
__text:0003EBD4 ; int __cdecl -[Coins have](struct Coins *self, SEL)
__text:0003EBD4 __Coins_have_                           ; DATA XREF: __objc_const:0045C890o
__text:0003EBD4                 PUSH            {R4-R7,LR}
__text:0003EBD6                 ADD             R7, SP, #0xC
__text:0003EBD8                 MOV             R4, R0
__text:0003EBDA                 MOV             R0, #(_OBJC_IVAR_$_Coins.given - 0x3EBEA) ; int given;
__text:0003EBE2                 MOVW            R1, #:lower16:(selRef_collected - 0x3EBF0)

well the function is longer, but in the hex editor I changed

 ; Coins - (int)have
__text:0003EBD4 ; Attributes: bp-based frame
__text:0003EBD4
__text:0003EBD4 ; int __cdecl -[Coins have](struct Coins *self, SEL)
__text:0003EBD4 __Coins_have_                           ; DATA XREF: __objc_const:0045C890o
__text:0003EBD4                 PUSH            {R4-R7,LR}
__text:0003EBD6                 ADD             R7, SP, #0xC

TO:
 ; Coins - (int)have
__text:0003EBD4 ; Attributes: bp-based frame
__text:0003EBD4
__text:0003EBD4 ; int __cdecl -[Coins have](struct Coins *self, SEL)
__text:0003EBD4 __Coins_have_                           ; DATA XREF: __objc_const:0045C890o
__text:0003EBD4                 MOV            R0,R7
__text:0003EBD6                 BX LR

This worked.

So the HEX Offsets I need are

0003ebd4 & 0003ebd6

Right?

So what I did in my tweak.xm was:

%ctor {
	if(GetPrefBool(@"key1")) {
		writeData(0x3ebd4, 0x38467047);
		writeData(0x3ebd6, 0x7047);
	} else {
}

It had no effect, however I got the credit popup which is automaticly added in the tweak.xm

So after that I tried this, which didn't make sense to me since the BX LR had another hex adress

%ctor {
	if(GetPrefBool(@"key1")) {
		writeData(0x3ebd4, 0x38467047);
	} else {
}

}

but this didn't work either..

It doesn't make any sense I try this on Pou, since this can be hooked too,

but for me it's just practicing & playing around lol

Someone knows what the problem can be?

Am I doing something wrong?

Thankyou in advance!

Updated May 4, 2017 by Ted2

Rook · May 4, 2017

Seems like you only hacked armv7 and likely didn't think your binary.

If the Pou binary has both armv7 & arm64, you'll likely need to integrate armv7 binary into your deb so it automatically thins it.

According to your profile fields, your iPhone 6s is loading the arm64 portion. But you only hacked armv7 portion so that's why you need to thin it.

Ted2 · May 4, 2017

2 minutes ago, DiDA said:

Seems like you only hacked armv7 and likely didn't think your binary.

If the Pou binary has both armv7 & arm64, you'll likely need to integrate armv7 binary into your deb so it automatically thins it.

According to your profile fields, your iPhone 6s is loading the arm64 portion. But you only hacked armv7 portion so that's why you need to thin it.

I did thin the binary to armv7 using shmoo's tutorial about 'How to perform a Binary patch'

edit: you're right.. I redownloaded because otherwise it would've loaded my hacks still into it. Sh*t man, lol sorry.. I feel so stupidd

My bad & thankyou for helping

Updated May 4, 2017 by Ted2
im stupid xd

Ted2 · May 4, 2017

7 minutes ago, DiDA said:

Seems like you only hacked armv7 and likely didn't think your binary.

If the Pou binary has both armv7 & arm64, you'll likely need to integrate armv7 binary into your deb so it automatically thins it.

According to your profile fields, your iPhone 6s is loading the arm64 portion. But you only hacked armv7 portion so that's why you need to thin it.

ehmm, it still doesn't work.. I've defenitly thinned it this time

Rook · May 4, 2017

1 minute ago, Ted2 said:

ehmm, it still doesn't work.. I've defenitly thinned it this time

Did you enable the switch with key 'key1'?

Also, use 381c7047

Ted2 · May 4, 2017

1 minute ago, DiDA said:

Did you enable the switch with key 'key1'?

Also, use 381c7047

Lol I feel so stupid sometimes.. It was switched off -.-

Works now.

Why 381c7047 though?

Rook · May 4, 2017

8 minutes ago, Ted2 said:

Lol I feel so stupid sometimes.. It was switched off -.-

Works now.

Why 381c7047 though?

Nevermind, 38467047 is the same

Ted2 · May 4, 2017

2 minutes ago, DiDA said:

Nevermind, 38467047 is the same

haha alright, thanks DiDa, you're my hero

CorruptedHxR · May 5, 2017

4 hours ago, Ted2 said:

haha alright, thanks DiDa, you're my hero

Already hacked:

Ted2 · May 5, 2017

1 minute ago, CorruptedHxR said:

Already hacked:

Iknow, I wrote in my post I'm just practicing.

Sign In

Help/Support Code Injection doesn't work, except credit popup.

12 posts in this topic

Recommended Posts

Ted2 39.1k iPhone 13 Pro 16.0 Donor

Rook 559.2k iPad Pro (2nd gen) 17.4 Donor

Ted2 39.1k iPhone 13 Pro 16.0 Donor

Ted2 39.1k iPhone 13 Pro 16.0 Donor

Rook 559.2k iPad Pro (2nd gen) 17.4 Donor

Ted2 39.1k iPhone 13 Pro 16.0 Donor

Rook 559.2k iPad Pro (2nd gen) 17.4 Donor

Ted2 39.1k iPhone 13 Pro 16.0 Donor

CorruptedHxR 100 iPhone 6 9.0.2

Ted2 39.1k iPhone 13 Pro 16.0 Donor

Create an account or sign in to comment

Create an account

Sign in

Our picks

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Picked By

Important Information

Ted2 39.1k
iPhone 13 Pro

16.0

Donor

Rook 559.2k
iPad Pro (2nd gen)

17.4

Donor

Ted2 39.1k
iPhone 13 Pro

16.0

Donor

Ted2 39.1k
iPhone 13 Pro

16.0

Donor

Rook 559.2k
iPad Pro (2nd gen)

17.4

Donor

Ted2 39.1k
iPhone 13 Pro

16.0

Donor

Rook 559.2k
iPad Pro (2nd gen)

17.4

Donor

Ted2 39.1k
iPhone 13 Pro

16.0

Donor

CorruptedHxR 100
iPhone 6

9.0.2

Ted2 39.1k
iPhone 13 Pro

16.0

Donor