Jump to content
Community Announcements, Giveaways & More!

IDA + LLDB Tutorial [Noob Friendly]

Ted2

By Ted2
Updated in Tutorials

 Share

95 posts in this topic

Recommended Posts

Recommended

Posted by Ted2,

Please see this updated tutorial on arm64:   armv7 hacks are useless nowadays.
Recommended by Ted2
  • Like

1 reaction

Go to this post
Guest

Guest

Posted
Posted (edited)

@Ted2

 

Damn this is a good ass tutorial, I'm gathering up some tuts for Drapes and I stumbled across this one. There's some errors though

  

LDR             R1, [R0,#0xAC] //Loads the value of R0,#0xAC into R1 (ammo)
SUB             R1, R1, #1 // Substracts the value of one from R1 (ammo) into R1 (ammo)
STR             R1, [R0,#0xAC] //Stores R1 (ammo) into R0,#0xAC]
LDR             R1, =(unk_C80D00 - 0x15281C) //I've no idea, it does load something into our ammo atleast.

The LDR R1, [R0, #0xAC] isn't loading the value of R0,#0xAC because that isn't a value. It's loading the value stored in R0+0xac. R0 is holding the address for some object, and R0+0xAC is the instance variable (or something similar) for ammo. The value held in R0 (0x1501c9c0) is the address for the object stored in memory. 0x1501c9c0 + 0xac (which is 0x1501CA6C) is the memory address for the instance variable of the object at 0x1501c9c0 that holds ammo. Same issue here with the STR R1, [R0, #0xac], its not putting ammo back into R0,#0xAC, its storing the updated value into R0(our object address)+0xac(our ammo instance variable).

 

Edit: go back to your watchpoints and check out the memory address for ammo. its 0x1501ca6c! again, you set a watchpoint on the instance variable for ammo :)

On September 9, 2017 at 8:58 PM, Ted2 said:

We can see in the 'register read' output we wrote down, R0 = 0x1501c9c0 in hex decimal, which is 352438720 in decimal value.
This is a big number & get's loaded into our ammo it says. 
This doesn't make sense to me, because  if that's true we had lots of ammo xD

You should update the comments in the assembly and this part with what I typed.

 

On September 9, 2017 at 8:58 PM, Ted2 said:

How we hack the LDR: 


- LDR R1, [R0,#0xAC] to LDR R1, [R7,#0xAC] --> What this does is load R7 (803 million) into our ammo instead of what the normal value should be.

This is incorrect. R7 typically stores a large garbage number so if the game tries to access R7+0xAC, it 99.9% will crash because its trying to access memory that doesn't exist. Or maybe it won't crash, but it will fail to load the ammo, leaving ammo to be a large uninitialized garbage number when its stored back, making it infinite. Its the same concept as above. R0 is the correct address of our object, R7 is some random thing. R0+0xac = where our ammo instance variable is stored, R7+0xac = ???? And your description of the hacked LDR is wrong, its loading uninitialized memory into R1, and that's what makes it infinite.

 

 

Updated by Guest
  • Replies 94
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Ted2
Ted2

NOTE: iOS 11 is NOT able to run armv7, most devices run on iOS 11. I suggest NOT to hack armv7 binary, so this tutorial is KINDA useless. You can use this tutorial to reduce your knowledge. I wi

Rook
Rook

Wow! This is very detailed!

Ted2
Ted2

@Goran this is not Coin Dozer, coin dozer will be in my more 'advanced tutorial' the watchpoints you get from coin dozer, are not directly the right addresses. So that's why I'll cover that in my

Ted2 Supporter

Ted2 39.1k
  •   iPhone 13 Pro 
  •   16.0
  • Donor
  •  

    • Posted
    • Author
    Posted (edited)
    5 hours ago, shmoo said:

    @Ted2

     

    Damn this is a good ass tutorial, I'm gathering up some tuts for Drapes and I stumbled across this one. There's some errors though

      

    
LDR             R1, [R0,#0xAC] //Loads the value of R0,#0xAC into R1 (ammo)
SUB             R1, R1, #1 // Substracts the value of one from R1 (ammo) into R1 (ammo)
STR             R1, [R0,#0xAC] //Stores R1 (ammo) into R0,#0xAC]
LDR             R1, =(unk_C80D00 - 0x15281C) //I've no idea, it does load something into our ammo atleast.

    The LDR R1, [R0, #0xAC] isn't loading the value of R0,#0xAC because that isn't a value. It's loading the value stored in R0+0xac. R0 is holding the address for some object, and R0+0xAC is the instance variable (or something similar) for ammo. The value held in R0 (0x1501c9c0) is the address for the object stored in memory. 0x1501c9c0 + 0xac (which is 0x1501CA6C) is the memory address for the instance variable of the object at 0x1501c9c0 that holds ammo. Same issue here with the STR R1, [R0, #0xac], its not putting ammo back into R0,#0xAC, its storing the updated value into R0(our object address)+0xac(our ammo instance variable).

     

    Edit: go back to your watchpoints and check out the memory address for ammo. its 0x1501ca6c! again, you set a watchpoint on the instance variable for ammo :)

    You should update the comments in the assembly and this part with what I typed.

     

    This is incorrect. R7 typically stores a large garbage number so if the game tries to access R7+0xAC, it 99.9% will crash because its trying to access memory that doesn't exist. Or maybe it won't crash, but it will fail to load the ammo, leaving ammo to be a large uninitialized garbage number when its stored back, making it infinite. Its the same concept as above. R0 is the correct address of our object, R7 is some random thing. R0+0xac = where our ammo instance variable is stored, R7+0xac = ???? And your description of the hacked LDR is wrong, its loading uninitialized memory into R1, and that's what makes it infinite.

     

     

    Thanks, will read & fix when i'm on pc ??. Also, isnt the 0x AC in here [R0,#0xAC] some kind of variable, cause I thought it was, I've never really added it or never seen someone added it to the offset. In unity games, you can actually see what thess #0x.... numbers mean, not that I use that while hacking.

    Updated by Ted2
    Guest

    Guest

    Posted
    Posted
    3 hours ago, Ted2 said:

    Thanks, will read & fix when i'm on pc ??. Also, isnt the 0x AC in here [R0,#0xAC] some kind of variable, cause I thought it was, I've never really added it or never seen someone added it to the offset. In unity games, you can actually see what thess #0x.... numbers mean, not that I use that while hacking.

    read the LDR and STR locations as register+number. The LDR loads whatever is at R0+0xAC into R1

    trumansh0tmail.de Newbie

    trumansh0tmail.de 0

    Posted
    Posted

    F*ck, iOS 11 is not supported, I guess, LLDB have to be rebuilt.

      

    lldb
dyld: Library not loaded: @rpath/liblldb.3.8.dylib
  Referenced from: /usr/bin/lldb
  Reason: no suitable image found.  Did find:
    /usr/bin/../lib/liblldb.3.8.dylib: code signing blocked mmap() of '/usr/bin/../lib/liblldb.3.8.dylib'
    /usr/lib/liblldb.3.8.dylib: code signing blocked mmap() of '/usr/lib/liblldb.3.8.dylib'
Abort trap

    Installed libffi, readline via dpkg and Python via cydia.radare

    On latest Electra.

    Juku Newbie

    Juku 5k
  •   iPhone SE 
  •   11.3.1

    • Posted
    Posted
    On 3/11/2018 at 7:29 AM, trumansh0tmail.de said:

    F*ck, iOS 11 is not supported, I guess, LLDB have to be rebuilt.

      

    
lldb
dyld: Library not loaded: @rpath/liblldb.3.8.dylib
  Referenced from: /usr/bin/lldb
  Reason: no suitable image found.  Did find:
    /usr/bin/../lib/liblldb.3.8.dylib: code signing blocked mmap() of '/usr/bin/../lib/liblldb.3.8.dylib'
    /usr/lib/liblldb.3.8.dylib: code signing blocked mmap() of '/usr/lib/liblldb.3.8.dylib'
Abort trap

    Installed libffi, readline via dpkg and Python via cydia.radare

    On latest Electra.

    ios 11 is supported 

    Guest
    This topic is now closed to further replies.
     Share
    Go to topic listing

    • Our picks

      • Three Kingdoms All-Star : Idle v3.5 +3 Cheat

        Three Kingdoms All-Star : Idle v3.5 +3 Cheat

        Puddin posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Three Kingdoms All-Star : Idle By Highbrow
        Bundle ID: com.highbrow.games.tki
        iTunes Store Link: https://apps.apple.com/us/app/three-kingdoms-all-star-idle/id6737404289?uo=4

         


        🤩 Hack Features

        - No Skill Cooldown
        • 35 replies
        Laxus

        Picked By

        Laxus ,
      • Angry Birds Dream Blast Cheats v1.96.0 +3

        Angry Birds Dream Blast Cheats v1.96.0 +3

        Laxus posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Angry Birds Dream Blast By Rovio Entertainment Oyj
        Bundle ID: com.rovio.dream
        iTunes Store Link: https://apps.apple.com/us/app/angry-birds-dream-blast/id1432579280?uo=4


        Hack Features:
        - Infinite Moves
        - Infinite Lives
        - Infinite Boosters


        Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/topic/149687-angry-birds-dream-blast-v1340-jailed-cheats-3/


        iOS Hack Download Link: https://iosgods.com/topic/149684-angry-birds-dream-blast-cheats-all-versions-3/
        • 110 replies
        Laxus

        Picked By

        Laxus ,
      • Tap Tap Fish - AbyssRium Cheats v1.89.0 +1

        Tap Tap Fish - AbyssRium Cheats v1.89.0 +1

        Laxus posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Tap Tap Fish - AbyssRium By SangHeon Kim
        Bundle ID: com.idleif.abyssrium
        iTunes Store Link: https://itunes.apple.com/us/app/tap-tap-fish-abyssrium/id1068366937?mt=8&uo=4&at=1010lce4



        Hack Features:
        - Infinite Vitality, Gem, etc ... (Increase When Used) / Untested with Pearl
         

        Hack Download Link: https://iosgods.com/topic/81337-arm64-tap-tap-fish-abyssrium-cheats-v179-1/
        • 372 replies
        Laxus

        Picked By

        Laxus ,
      • Jujutsu Kaisen Phantom Parade v2.9.0 +5 Cheats

        Jujutsu Kaisen Phantom Parade v2.9.0 +5 Cheats

        AlyssaX64  posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Jujutsu Kaisen Phantom Parade By BILIBILI HK LIMITED
        Bundle ID: com.bilibilihk.jujutsuphanparaios
        iTunes Store Link: https://apps.apple.com/us/app/jujutsu-kaisen-phantom-parade/id6475925341?uo=4


        Mod Requirements:
        - Jailbroken iPhone/iPad/iPod Touch.
        - iGameGod / Filza / iMazing or any other file managers for iOS.
        - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak.
        - PreferenceLoader (from Cydia, Sileo or Zebra).


        Hack Features:
        - Damage Multiplier
        - Defense Multiplier
        - Unlimited BP
        - Unlimited EN
        - Special Skills Always Active


        Non-Jailbroken & No Jailbreak required hack(s): 


        iOS Hack Download Link:

        Hidden Content

        Download Hack








        Installation Instructions:
        STEP 1: Download the .deb Cydia hack file from the link above. Use Safari/Google Chrome or other iOS browsers to download.
        STEP 2: Once the file has downloaded, tap on it and then you will be prompted on whether you want to open the deb with iGameGod or copy it to Filza.
        STEP 3: If necessary, tap on the downloaded file, and then, you will need to press 'Install' from the options on your screen.
        STEP 4: Let iGameGod/Filza finish the cheat installation. Make sure it successfully installs, otherwise see the note below.
        STEP 5: If the hack is a Mod Menu — which is usually the case nowadays — the cheat features can be toggled in-game. Some cheats have options that can be enabled from your iDevice settings.
        STEP 6: Turn on the features you want and play the game. You may need to follow further instructions inside the hack's popup in-game.

         

        NOTE: If you have any questions or problems, read our Troubleshooting topic & Frequently Asked Questions & Answers topic. If you still haven't found a solution, post your issue down below and we'll do our best to help! If the hack does work for you, please post your feedback below and help out other fellow members that are encountering issues.


        Credits:
        - AlyssaX64


        Cheat Video/Screenshots:

        N/A
        • 206 replies
        AlyssaX64

        Picked By

        AlyssaX64 ,
      • Jujutsu Kaisen Phantom Parade v2.9.0 +5 Jailed Cheats

        Jujutsu Kaisen Phantom Parade v2.9.0 +5 Jailed Cheats

        AlyssaX64  posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Jujutsu Kaisen Phantom Parade By BILIBILI HK LIMITED
        Bundle ID: com.bilibilihk.jujutsuphanparaios
        iTunes Store Link: https://apps.apple.com/us/app/jujutsu-kaisen-phantom-parade/id6475925341?uo=4


        Mod Requirements:
        - Non-Jailbroken/Jailed or Jailbroken iPhone/iPad/iPod Touch.
        - Sideloadly / Cydia Impactor or alternatives.
        - A Computer Running Windows/macOS/Linux with iTunes installed.


        Hack Features:
        - Damage Multiplier
        - Defense Multiplier
        - Unlimited BP
        - Unlimited EN
        - Special Skills Always Active


        Jailbreak required hack(s): 


        iOS Hack Download IPA Link:

        Hidden Content

        Download via the iOSGods App








        PC Installation Instructions:
        STEP 1: If necessary, uninstall the app if you have it installed on your iDevice. Some hacked IPAs will install as a duplicate app. Make sure to back it up so you don't lose your progress.
        STEP 2: Download the pre-hacked .IPA file from the link above to your computer. To download from the iOSGods App, see this tutorial topic.
        STEP 3: Download Sideloadly and install it on your PC.
        STEP 4: Open/Run Sideloadly on your computer, connect your iOS Device, and wait until your device name shows up.
        STEP 5: Once your iDevice appears, drag the modded .IPA file you downloaded and drop it inside the Sideloadly application.
        STEP 6: You will now have to enter your iTunes/Apple ID email login, press "Start" & then you will be asked to enter your password. Go ahead and enter the required information.
        STEP 7: Wait for Sideloadly to finish sideloading/installing the hacked IPA. If there are issues during installation, please read the note below.
        STEP 8: Once the installation is complete and you see the app on your Home Screen, you will need to go to Settings -> General -> Profiles/VPN & Device Management. Once there, tap on the email you entered from step 6, and then tap on 'Trust [email protected]'.
        STEP 9: Now go to your Home Screen and open the newly installed app and everything should work fine. You may need to follow further per app instructions inside the hack's popup in-game.

        NOTE: iOS/iPadOS 16 and later, you must enable Developer Mode. For free Apple Developer accounts, you will need to repeat this process every 7 days. Jailbroken iDevices can also use Sideloadly/Filza/IPA Installer to normally install the IPA with AppSync. If you have any questions or problems, read our Sideloadly FAQ section of the topic and if you don't find a solution, please post your issue down below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.


        Credits:
        - AlyssaX64


        Cheat Video/Screenshots:

        N/A
        • 417 replies
        AlyssaX64

        Picked By

        AlyssaX64 ,
      • Fairy vs Devil v1.0 [ +2 Cheats ] Currency Max

        Fairy vs Devil v1.0 [ +2 Cheats ] Currency Max

        IK_IK posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Fairy vs Devil By NADDIC GAMES Co Ltd.
        Bundle ID: com.maf.FairyGuardians
        App Store Link: https://apps.apple.com/us/app/fairy-vs-devil/id6753863880?uo=4

        🤩 Hack Features

        - Unlimited Currency / Before The Battle OFF
        - Unlimited Resources / Before The Battle OFF
        • 1 reply
        IK_IK

        Picked By

        IK_IK,
      • Fairy vs Devil v1.0 [ +2 Jailed ] Currency Max

        Fairy vs Devil v1.0 [ +2 Jailed ] Currency Max

        IK_IK posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Fairy vs Devil By NADDIC GAMES Co Ltd.
        Bundle ID: com.maf.FairyGuardians
        App Store Link: https://apps.apple.com/us/app/fairy-vs-devil/id6753863880?uo=4

        🤩 Hack Features

        - Unlimited Currency / Before The Battle OFF
        - Unlimited Resources / Before The Battle OFF
        • 0 replies
        IK_IK

        Picked By

        IK_IK,
      • Goblin Miner: Idle Merger v3.7.1 [ +5 Cheats ] Coins Unlimited

        Goblin Miner: Idle Merger v3.7.1 [ +5 Cheats ] Coins Unlimited

        IK_IK posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Goblin Miner: Idle Merger By ProGamesLab LTD
        Bundle ID: com.goblins.idle.merge.game
        App Store Link: https://apps.apple.com/us/app/goblin-miner-idle-merger/id6751527945?uo=4

        🤩 Hack Features

        - Unlimited Coins / Mine Upgrade
        - Unlimited Goblin Drop / No Limite
        - Goblin LvL Higher / Easy To Skip Time Mine / First Drop Goblin Then Chose Higher LvL
        - Unlimited Magic Dust
        - Ruby Pass
        • 0 replies
        IK_IK

        Picked By

        IK_IK,
      • Goblin Miner: Idle Merger v3.7.1 [ +5 Jailed ] Coins Unlimited

        Goblin Miner: Idle Merger v3.7.1 [ +5 Jailed ] Coins Unlimited

        IK_IK posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Goblin Miner: Idle Merger By ProGamesLab LTD
        Bundle ID: com.goblins.idle.merge.game
        App Store Link: https://apps.apple.com/us/app/goblin-miner-idle-merger/id6751527945?uo=4

        🤩 Hack Features

        - Unlimited Coins / Mine Upgrade
        - Unlimited Goblin Drop / No Limite
        - Goblin LvL Higher / Easy To Skip Time Mine / First Drop Goblin Then Chose Higher LvL
        - Unlimited Magic Dust
        - Ruby Pass
        • 2 replies
        IK_IK

        Picked By

        IK_IK,
      • Gear Truck! v1.0.23 [+3 Jailed Cheats]

        Gear Truck! v1.0.23 [+3 Jailed Cheats]

        Cashlaz  posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Gear Truck! By treeplla Inc.
        Bundle ID: com.tree.hybrid.geartank
        App Store Link: https://apps.apple.com/us/app/gear-truck/id6747216965?uo=4



        🤩 Hack Features

        - Never Die
        - High Wheel Speed Gain
        - One Hit Kill
        • 5 replies
        Cashlaz

        Picked By

        Cashlaz ,
      • Gear Truck! v1.0.23 [+3 Cheats]

        Gear Truck! v1.0.23 [+3 Cheats]

        Cashlaz  posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Gear Truck! By treeplla Inc.
        Bundle ID: com.tree.hybrid.geartank
        App Store Link: https://apps.apple.com/us/app/gear-truck/id6747216965?uo=4



        🤩 Hack Features

        - Never Die
        - High Wheel Speed Gain
        - One Hit Kill
         
        • 5 replies
        Cashlaz

        Picked By

        Cashlaz ,
      • Soul Huntress: Dungeon Crawler v1.1.4 [+3 Jailed Cheats]

        Soul Huntress: Dungeon Crawler v1.1.4 [+3 Jailed Cheats]

        Cashlaz  posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Soul Huntress: Dungeon Crawler By Panthera Joint Stock Company
        Bundle ID: com.pantheraplay.soulhuntress
        App Store Link: https://apps.apple.com/ph/app/soul-huntress-dungeon-crawler/id6743422594?uo=4


        🤩 Hack Features

        - Never Die
        - Unlimited Currency (Always Will Increase Spend)
        - Always Can Use Items (Even when has cooldown)
        • 48 replies
        Cashlaz

        Picked By

        Cashlaz ,
      View All
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines