Help/Support I got This in LLDB now what in IDA PRO?

[Goran 1.9k]

24 minutes ago, Ted2 said:

You don't need to enter something lldb. You already got everything you need.

So, what then i need to search in ida???

Is that address or offset?

Also, am i looking R2 address? in ida?

if you can tell me that exacly so i can understand..

[Ted2 39.2k iPhone 13 Pro 16.0 Donor]

Just now, Goran said:

So, what then i need to search in ida???

Is that address or offset?

Also, am i looking R2 address? in ida?

if you can tell me that exacly so i can understand..

Go to the offset you got from your watchpoint. You told me R1 holds your coins so hack instructions with R1 in it.

[Goran 1.9k]

14 minutes ago, Ted2 said:

Go to the offset you got from your watchpoint. You told me R1 holds your coins so hack instructions with R1 in it.

R1... So what is that offset in this case? which one exact? write me in numbers...

Updated August 23, 2017 by Goran

[Ted2 39.2k iPhone 13 Pro 16.0 Donor]

1 minute ago, Goran said:

R1... So what is that offset in this case? which one exact? write me in numbers...

The offset your watchpoint gave you R1 holds 186b2 value (hex value) converted to decimal is ur coin value u said

[Goran 1.9k]

2 minutes ago, Ted2 said:

The offset your watchpoint gave you R1 holds 186b2 value (hex value) converted to decimal is ur coin value u said

yeap.... in ida that offset is....

PUSH            {R4-R7,LR}
ADD             R7, SP, #0xC
PUSH.W          {R8,R10,R11}
SUB.W           R4, SP, #0x40
BFC.W           R4, #0, #4
MOV             SP, R4
VST1.64         {D8-D11}, [R4@128]!
VST1.64         {D12-D15}, [R4@128]
SUB             SP, SP, #0x40
MOV             R4, R0
MOV             R0, #(selRef_class - 0x1C6C2)
MOV             R2, #(classRef_AVKitVideoPlayback - 0x1C6C4)
ADD             R0, PC ; selRef_class
ADD             R2, PC ; classRef_AVKitVideoPlayback
LDR             R1, [R0] ; "class"
LDR             R0, [R2] ; _OBJC_CLASS_$_AVKitVideoPlayback
BLX.W           j__objc_msgSend
MOV             R5, R0
MOV             R0, #(___gxx_personality_sj0_ptr - 0x1C6DA)
LDR             R1, =(unk_199EFCC - 0x1C6DC)
ADD             R0, PC ; ___gxx_personality_sj0_ptr
ADD             R1, PC ; unk_199EFCC
LDR             R0, [R0] ; ___gxx_personality_sj0
STR             R0, [SP,#0x58+var_34]
LDR             R0, =(sub_1C7BC - 0x1C6EC)
STR             R1, [SP,#0x58+var_30]
ORR.W           R0, R0, #1
STR             R7, [SP,#0x58+var_2C]
ADD             R0, PC ; sub_1C7BC
STR.W           SP, [SP,#0x58+var_24]
STR             R0, [SP,#0x58+var_28]
ADD             R0, SP, #0x58+var_4C
BLX.W           j___Unwind_SjLj_Register
CMP             R5, R4
BNE             loc_1C7A0

 

in what to change and why? i ask so i can understand...

Updated August 23, 2017 by Goran

[Ted2 39.2k iPhone 13 Pro 16.0 Donor]

35 minutes ago, Goran said:

yeap.... in ida that offset is....

PUSH            {R4-R7,LR}
ADD             R7, SP, #0xC
PUSH.W          {R8,R10,R11}
SUB.W           R4, SP, #0x40
BFC.W           R4, #0, #4
MOV             SP, R4
VST1.64         {D8-D11}, [R4@128]!
VST1.64         {D12-D15}, [R4@128]
SUB             SP, SP, #0x40
MOV             R4, R0
MOV             R0, #(selRef_class - 0x1C6C2)
MOV             R2, #(classRef_AVKitVideoPlayback - 0x1C6C4)
ADD             R0, PC ; selRef_class
ADD             R2, PC ; classRef_AVKitVideoPlayback
LDR             R1, [R0] ; "class"
LDR             R0, [R2] ; _OBJC_CLASS_$_AVKitVideoPlayback
BLX.W           j__objc_msgSend
MOV             R5, R0
MOV             R0, #(___gxx_personality_sj0_ptr - 0x1C6DA)
LDR             R1, =(unk_199EFCC - 0x1C6DC)
ADD             R0, PC ; ___gxx_personality_sj0_ptr
ADD             R1, PC ; unk_199EFCC
LDR             R0, [R0] ; ___gxx_personality_sj0
STR             R0, [SP,#0x58+var_34]
LDR             R0, =(sub_1C7BC - 0x1C6EC)
STR             R1, [SP,#0x58+var_30]
ORR.W           R0, R0, #1
STR             R7, [SP,#0x58+var_2C]
ADD             R0, PC ; sub_1C7BC
STR.W           SP, [SP,#0x58+var_24]
STR             R0, [SP,#0x58+var_28]
ADD             R0, SP, #0x58+var_4C
BLX.W           j___Unwind_SjLj_Register
CMP             R5, R4
BNE             loc_1C7A0

 

in what to change and why? i ask so i can understand...

doesn't seem to be right.

Don't tell me you jumped to adress: 186b2 please  

[Goran 1.9k]

15 minutes ago, Ted2 said:

doesn't seem to be right.

Don't tell me you jumped to adress: 186b2 please  

YES I AM SIR LOL

Where i need to jump, that is reason, why i tell you you need to write me EXACT what you will do in this case... with adress and everything

[Ted2 39.2k iPhone 13 Pro 16.0 Donor]

4 minutes ago, Goran said:

YES I AM SIR LOL

Where i need to jump, that is reason, why i tell you you need to write me EXACT what you will do in this case... with adress and everything

Rip, that;s not what the register read command is for. It's a number in hex, which you need to convert to decimal to see which registers holds your value 

[Goran 1.9k]

1 hour ago, Ted2 said:

Rip, that;s not what the register read command is for. It's a number in hex, which you need to convert to decimal to see which registers holds your value 

ok, i undestand now, but where is adress on this picture that i need to find in IDA PRO... can you mark that address on picture or write it down here...?
And thanks for learning me...

[Ted2 39.2k iPhone 13 Pro 16.0 Donor]

17 minutes ago, Goran said:

ok, i undestand now, but where is adress on this picture that i need to find in IDA PRO... can you mark that address on picture or write it down here...?
And thanks for learning me...

It's the address u got from ' w s e -- 0x*****