Help/Support Help with my offset

[Anonymonk 1.9k iPad Air 2 8-9-11]

hi again,

so i finally have a debugger working,

i got my first offset for assassin creed unity, that the health offset.

Spoiler

(lldb) w s e -- 0x118696d90

Watchpoint created: Watchpoint 1: addr = 0x118696d90 size = 8 state = enabled type = w

    new value: 1132476854

(lldb) c

Process 5331 resuming

 

Watchpoint 1 hit:

old value: 1132476854

new value: 1127244276

Process 5331 stopped

* thread #1: tid = 0x91ca, 0x000000010048866c acier`___lldb_unnamed_function18218$$acier + 4, queue = 'com.apple.main-thread', stop reason = watchpoint 1

    frame #0: 0x000000010048866c acier`___lldb_unnamed_function18218$$acier + 4

acier`___lldb_unnamed_function18218$$acier:

->  0x10048866c <+4>: ret    

 

acier`___lldb_unnamed_function18219$$acier:

    0x100488670 <+0>: stp    x29, x30, [sp, #-16]!

    0x100488674 <+4>: mov    x29, sp

    0x100488678 <+8>: mov    x8, x0

(lldb)

the problem i have is when i open the binary in ida, the last offset is 0271EB2C...

i also looked at 0x00488670.. but it doesnt match.

what have i done wrong?  there is not much tuto with lldb, its mainly gdb on iosgods

thank you

 

edit: ida show that

Spoiler

__text:00488660                 MOV             R1, #(off_2421FA8 - 0x48866C)
__text:00488668                 ADD             R1, PC ; off_2421FA8
__text:0048866A                 LDR             R1, [R1] ; unk_2632754
__text:0048866C                 STR             R0, [R1]
__text:0048866E                 MOV             R0, #0x8000165E
__text:00488676                 BL.W            sub_E09F44
__text:0048867A                 MOV             R1, #(off_2421FB8 - 0x488686)
__text:00488682                 ADD             R1, PC ; off_2421FB8
__text:00488684                 LDR             R1, [R1] ; unk_2632758
__text:00488686                 STR             R0, [R1]
__text:00488688                 MOVS            R0, #1
__text:0048868A                 STRB            R0, [R5]

 

Updated June 15, 2017 by Anonymonk

[Ted2 39.1k iPhone 13 Pro 16.0 Donor]

Removed ASLR?

[Anonymonk 1.9k iPad Air 2 8-9-11]

 

5 hours ago, Ted2 said:

Removed ASLR?

yes, thinned and removed

i will try again later to see if i get the same offset, and to type "dis"

Updated June 15, 2017 by Anonymonk

[Ted2 39.1k iPhone 13 Pro 16.0 Donor]

19 minutes ago, Anonymonk said:

 

yes, thinned and removed

i will try again later to see if i get the same offset, and to type "dis"

U loaded same binay in IDA too?

[Anonymonk 1.9k iPad Air 2 8-9-11]

2 hours ago, Ted2 said:

U loaded same binay in IDA too?

oh sh!t, thats true, i just reinstall the game because i had some loggin problem and i forgot to paste the thinned bin...

hahaha, i feel ashamed ^^ thank you 

Updated June 16, 2017 by Anonymonk

[Anonymonk 1.9k iPad Air 2 8-9-11]

/delete

Updated June 16, 2017 by Anonymonk

[Guest]

13 hours ago, Anonymonk said:

/delete

you have the 32 bit binary disassembled in IDA not the 64 bit one. The 64 bit one contains that health offset.

[Anonymonk 1.9k iPad Air 2 8-9-11]

Yep, as pointed Ted2

when i put the thinned bin in assassin creed and debugg from that one, it was all right

but still the journey seems to be long