Help/Support Value changed but doesn't work

vinhthai222006 · May 22, 2017

I searched for offset coins by lldb. The results are as follows:

(lldb) c
Process 3706 resuming

Watchpoint 1 hit:
old value: 999999749
new value: 999999599
Process 3706 stopped
* thread #1: tid = 0x835b, 0x00c581f0 mytalkingtom`_mh_execute_header + 12927472, queue = 'com.apple.main-thread', stop reason = watchpoint 1
    frame #0: 0x00c581f0 mytalkingtom`_mh_execute_header + 12927472
mytalkingtom`_mh_execute_header:
->  0xc581f0 <+12927472>: ldr    r0, [r10]
    0xc581f4 <+12927476>: ldr    r0, [r0, #0x48]
    0xc581f8 <+12927480>: ldr    r4, [r0, #0x50]
    0xc581fc <+12927484>: ldr    r8, [r0, #0x54]
(lldb) c
Process 3706 resuming

Watchpoint 1 hit:
old value: 999999599
new value: 999999449
Process 3706 stopped
* thread #1: tid = 0x835b, 0x00c581f0 mytalkingtom`_mh_execute_header + 12927472, queue = 'com.apple.main-thread', stop reason = watchpoint 1
    frame #0: 0x00c581f0 mytalkingtom`_mh_execute_header + 12927472
mytalkingtom`_mh_execute_header:
->  0xc581f0 <+12927472>: ldr    r0, [r10]
    0xc581f4 <+12927476>: ldr    r0, [r0, #0x48]
    0xc581f8 <+12927480>: ldr    r4, [r0, #0x50]
    0xc581fc <+12927484>: ldr    r8, [r0, #0x54]
(lldb) c
Process 3706 resuming

in IDA:

__text:00C581E8                 SUB             R0, R5, R6
__text:00C581EC                 STR             R0, [R11,#0xC]
__text:00C581F0                 LDR             R0, [R10]
__text:00C581F4                 LDR             R0, [R0,#0x48]
__text:00C581F8                 LDR             R4, [R0,#0x50]
__text:00C581FC                 LDR             R8, [R0,#0x54]
__text:00C58200                 CMP             R4, #0
__text:00C58204                 BNE             loc_C58210
__text:00C58208                 MOV             R0, R8
__text:00C5820C                 BLX             sub_1B2720C

I have read the instructions on IDA. I'm not good at English. I do not know how to change the code values to get unlimited coins. Give me a tutorial!

Updated May 22, 2017 by vinhthai222006
update

K_K · May 22, 2017

There are tutorials on here change where it subs to an add or a mov

change the Add to a mov R0,Pc

7846 and you'll need to do it with a hex editor

Archangel04 · May 22, 2017

Change STR at C581EC to NOP, see what happens.

Also, open C57E80 offset and show us the area around it

vinhthai222006 · May 22, 2017

26 minutes ago, K0NG said:

There are tutorials on here change where it subs to an add or a mov

change the Add to a mov R0,Pc

7846 and you'll need to do it with a hex editor

don't find ADD

vinhthai222006 · May 22, 2017

C57E80 offset :

__text:00C57E58 loc_C57E58                              ; CODE XREF: sub_C57E04+34j
__text:00C57E58                 CMP             R8, #0
__text:00C57E5C                 BEQ             loc_C58098
__text:00C57E60                 LDR             R4, [R7,#arg_4]
__text:00C57E64                 CMP             R10, #0
__text:00C57E68                 LDR             R0, [R8,#0xC]
__text:00C57E6C                 STR             R0, [SP,#0x34+var_1C]
__text:00C57E70                 BEQ             loc_C57EB0
__text:00C57E74                 LDR             R0, [SP,#0x34+var_1C]
__text:00C57E78                 ADD             R0, R0, R10
__text:00C57E7C                 STR             R0, [R8,#0xC]
__text:00C57E80                 LDR             R0, [R11]
__text:00C57E84                 LDR             R0, [R0,#0x48]
__text:00C57E88                 LDR             R5, [R0,#0x50]
__text:00C57E8C                 LDR             R6, [R0,#0x54]
__text:00C57E90                 CMP             R5, #0
__text:00C57E94                 BNE             loc_C57EA0
__text:00C57E98                 MOV             R0, R6
__text:00C57E9C                 BLX             sub_1B2720C
__text:00C57EA0
__text:00C57EA0 loc_C57EA0                              ; CODE XREF: sub_C57E04+90j
__text:00C57EA0                 MOV             R0, R11