Help/Support Boolean in ARM64?

Ted2 · July 5, 2017

Hey,

So I'm trying to make my hack support arm64 devices too, lazy too use AutoLipo & since most devices are arm64 it's good to understand it I think.

So the hack is done for armv7, I got a boolean function which looks like this in armv7:

__text:003D5A58 sub_3D5A58                            
__text:003D5A58                                        
__text:003D5A58                 CMP             R0, #0
__text:003D5A5A                 ITTT EQ
__text:003D5A5C                 MOVEQ           R0, #0
__text:003D5A5E                 SXTBEQ          R0, R0
__text:003D5A60                 BXEQ            LR
__text:003D5A62                 MOV             R1, #(_OBJC_IVAR_$_Something) ; char _somethign;
__text:003D5A6A                 ADD             R1, PC  ; char _something;
__text:003D5A6C                 LDR             R1, [R1] ; char _something;
__text:003D5A6E                 LDRB            R0, [R0,R1]
__text:003D5A70                 SXTB            R0, R0
__text:003D5A72                 BX              LR

What I did here was,

Change CMP R0, #0 to MOV R0, #1

and change MOVEQ R0, #0 to MOVEQ R0, #1.

This worked.

Now I went to the same function in arm64, and my mind was like

This is the code:

sub_10041D8DC                           ; CODE XREF: sub_10031C83C+228�p
__text:000000010041D8DC                                        
__text:000000010041D8DC                 CBZ             X0, locret_10041D8F4
__text:000000010041D8E0                 ADRP            X8, #_OBJC_IVAR_$_something._something@PAGE ; bool _something;
__text:000000010041D8E4                 LDRSW           X8, [X8,#_OBJC_IVAR_$_Something._something@PAGEOFF] ; bool _something;
__text:000000010041D8E8                 LDRB            W8, [X0,X8]
__text:000000010041D8EC                 CMP             W8, #0
__text:000000010041D8F0                 CSET            W0, NE
__text:000000010041D8F4
__text:000000010041D8F4 locret_10041D8F4                        ; CODE XREF: sub_10041D8DC�j
__text:000000010041D8F4                 RET

So I was actually looking for a boolean, which I thought was: MOV X0, #0 or MOV W0, #0.

The only function I see which I have to include is the CMP.

So my question, what's the boolean function? Is it diffrent named in arm64 binary's?

Thankyou in advance

July 5, 2017

4 minutes ago, Ted2 said:
Hey,

So I'm trying to make my hack support arm64 devices too, lazy too use AutoLipo & since most devices are arm64 it's good to understand it I think.

So the hack is done for armv7, I got a boolean function which looks like this in armv7:
__text:003D5A58 sub_3D5A58                            
__text:003D5A58                                        
__text:003D5A58                 CMP             R0, #0
__text:003D5A5A                 ITTT EQ
__text:003D5A5C                 MOVEQ           R0, #0
__text:003D5A5E                 SXTBEQ          R0, R0
__text:003D5A60                 BXEQ            LR
__text:003D5A62                 MOV             R1, #(_OBJC_IVAR_$_Something) ; char _somethign;
__text:003D5A6A                 ADD             R1, PC  ; char _something;
__text:003D5A6C                 LDR             R1, [R1] ; char _something;
__text:003D5A6E                 LDRB            R0, [R0,R1]
__text:003D5A70                 SXTB            R0, R0
__text:003D5A72                 BX              LR
What I did here was,

Change CMP R0, #0 to MOV R0, #1

and change MOVEQ R0, #0 to MOVEQ R0, #1.

This worked.

Now I went to the same function in arm64, and my mind was like

This is the code:
sub_10041D8DC                           ; CODE XREF: sub_10031C83C+228�p
__text:000000010041D8DC                                        
__text:000000010041D8DC                 CBZ             X0, locret_10041D8F4
__text:000000010041D8E0                 ADRP            X8, #_OBJC_IVAR_$_something._something@PAGE ; bool _something;
__text:000000010041D8E4                 LDRSW           X8, [X8,#_OBJC_IVAR_$_Something._something@PAGEOFF] ; bool _something;
__text:000000010041D8E8                 LDRB            W8, [X0,X8]
__text:000000010041D8EC                 CMP             W8, #0
__text:000000010041D8F0                 CSET            W0, NE
__text:000000010041D8F4
__text:000000010041D8F4 locret_10041D8F4                        ; CODE XREF: sub_10041D8DC�j
__text:000000010041D8F4                 RET
So I was actually looking for a boolean, which I thought was: MOV X0, #0 or MOV W0, #0.

The only function I see which I have to include is the CMP.

So my question, what's the boolean function? Is it diffrent named in arm64 binary's?

Thankyou in advance

CSET W0, NE is setting W0 to 1 if W8 is not zero. Try modding that to MOV W0, #1

Ted2 · July 5, 2017

6 minutes ago, shmoo said:

CSET W0, NE is setting W0 to zero if W8 is not zero. Try modding that to MOV W0, #1

Crashes :S

Edit: did the CMP to MOV W0, #1, should've been MOV W8, #1.

Works fine now, thankyou Shmoo!

July 5, 2017

2 minutes ago, Ted2 said:

Crashes :S

Refresh I made a typo in the explanation. try changing the LDRB to MOV W8, #1. that way W8 will always be 1 making it so that W0 will always be 1

4 minutes ago, Ted2 said:

Crashes :S

Edit: did the CMP to MOV W0, #1, should've been MOV W8, #1.

Works fine now, thankyou Shmoo!

Haha good job

Rook · July 5, 2017

In ARM64

MOV X0, #1 = True

http://armconverter.com/submissions.php

Ted2 · July 5, 2017

8 minutes ago, DiDA said:

In ARM64

MOV X0, #1 = True

http://armconverter.com/submissions.php

Yea, I was looking there. But got confused when in the arm64 function wasn't a boolean to false like it was in the armv7 function

10 minutes ago, shmoo said:

Refresh I made a typo in the explanation. try changing the LDRB to MOV W8, #1. that way W8 will always be 1 making it so that W0 will always be 1

Haha good job

The LDRB to MOV W8, #1 doesn't seem to work, but I'll just keep it with the other ine