Help/Support Bypassing Gameloft _syscall

Valathene · May 22, 2017

Hi guys so i have been slowly learning and reading tutorials on here and needed some help,

I am learning how to bypass the Gameloft Syscall protection they have on a app called City Mania (just using that so i can learn + want to hack it)

I have read the tutorials and am following them but something is not working,

So first step I am doing the following

Download the app from Itunes
Crack the app using Rasticrac
Thin the Binary and remove the ASLR on the binary and upload it to the fame folder
Test the game out to make sure its working with those removed
Open the game and open putty and run the following command - debugserver 127.0.0.1:23 --attach=CityMania
I get the following error
debugserver-@(#)PROGRAM:debugserver PROJECT:debugserver-320.2.89
for arm64.
Attaching to process CityMania...
Segmentation fault: 11
Now doing a little research it seems like thats a protection on the app and I need to bypass it on the app in IDA
I load the app into IDA and go to the imports tab
I search for _Syscall and then double click on it to take me to the area i need to edit, I then get the below image - http://imgur.com/a/Qwire
Now I am not sure if I am doing this right but here is what I think I should be doing, I then I double click on int _syscall(int,...) that takes me to the following - http://imgur.com/a/TU3Fx - Just to clarify the only reason its colour brown is because I have been trying to NOP those fields as you will read
Okay so once I am there I then go to the HEX view tab and change the fields to C046C046 i then click on apply changes and it changes to brown
I save it and then patch it and apply all changes to input file,
i then upload it back into the game and set permissions and one of two things happen