Help/Support Offset from LLDB

[Ted2 39.2k iPhone 13 Pro 16.0 Donor]

Hi,

I was trying to see if I could hack a game with ammo in it, since I've never played games like this lol

 

So I used lldb to set watchpoints from iGG adress, got a ida offset & removed aslr from it.

 

Then I loaded it in IDA, got the same instructions as lldb gave me, but for me it doesn't seem usefull at all.

 

1. It is a loc_.....

2. The sub_x function is long as hell & only used once

 

The loc_ function is this:

 

loc_1526D0                              ; CODE XREF: sub_150320+26F8�j
__text:001526D0                 LDR             R0, [R10,#0x88]
__text:001526D4                 MOV             R1, R0
__text:001526D8                 VLDR            S0, [R1,#0x9C]
__text:001526DC                 VCVT.F64.F32    D2, S0
__text:001526E0                 LDR             R1, [R10,#0x1CC]
__text:001526E4                 VMOV            S0, R1
__text:001526E8                 VCVT.F32.S32    S0, S0
__text:001526EC                 VCVT.F64.F32    D3, S0
__text:001526F0                 LDR             R1, [R10,#0x88]
__text:001526F4                 VLDR            S0, [R1,#0xA4]
__text:001526F8                 VCVT.F64.F32    D4, S0
__text:001526FC                 VMUL.F64        D3, D3, D4
__text:00152700                 VADD.F64        D2, D2, D3
__text:00152704                 VCVT.F32.F64    S0, D2
__text:00152708                 VSTR            S0, [R0,#0xA8]
__text:0015270C                 LDR             R0, [R10,#0x88]
__text:00152710                 VLDR            S0, [R0,#0xA8]
__text:00152714                 VCVT.F64.F32    D3, S0 <------------> lldb drops me here
__text:00152718                 LDR             R0, [R10,#0x88]
__text:0015271C                 VLDR            S0, [R0,#0xA0]
__text:00152720                 VCVT.F64.F32    D2, S0
__text:00152724                 VCMP.F64        D2, D3
__text:00152728                 VMRS            APSR_nzcv, FPSCR
__text:0015272C                 BVS             loc_15274C
__text:00152730                 BGE             loc_15274C
__text:00152734                 LDR             R0, [R10,#0x88]
__text:00152738                 MOV             R1, R0
__text:0015273C                 VLDR            S0, [R1,#0xA0]
__text:00152740                 VCVT.F64.F32    D2, S0
__text:00152744                 VCVT.F32.F64    S0, D2
__text:00152748                 VSTR            S0, [R0,#0xA8]

 

I suppose for hacking ammo I need a LDR, STR or a SUB right? 

 

The function just looks strange to me, but maybe it is good one..

 

Anyone knows if this can be a usefull function at all?

[Guest]

Did you remove the ASLR from the binary BEFORE using IGG to find the offset?