Jump to content

IDA + LLDB Tutorial [Noob Friendly]


95 posts in this topic

Recommended Posts

Posted (edited)

@Ted2

 

Damn this is a good ass tutorial, I'm gathering up some tuts for Drapes and I stumbled across this one. There's some errors though

 

LDR             R1, [R0,#0xAC] //Loads the value of R0,#0xAC into R1 (ammo)
SUB             R1, R1, #1 // Substracts the value of one from R1 (ammo) into R1 (ammo)
STR             R1, [R0,#0xAC] //Stores R1 (ammo) into R0,#0xAC]
LDR             R1, =(unk_C80D00 - 0x15281C) //I've no idea, it does load something into our ammo atleast.

The LDR R1, [R0, #0xAC] isn't loading the value of R0,#0xAC because that isn't a value. It's loading the value stored in R0+0xac. R0 is holding the address for some object, and R0+0xAC is the instance variable (or something similar) for ammo. The value held in R0 (0x1501c9c0) is the address for the object stored in memory. 0x1501c9c0 + 0xac (which is 0x1501CA6C) is the memory address for the instance variable of the object at 0x1501c9c0 that holds ammo. Same issue here with the STR R1, [R0, #0xac], its not putting ammo back into R0,#0xAC, its storing the updated value into R0(our object address)+0xac(our ammo instance variable).

 

Edit: go back to your watchpoints and check out the memory address for ammo. its 0x1501ca6c! again, you set a watchpoint on the instance variable for ammo :)

On September 9, 2017 at 8:58 PM, Ted2 said:

We can see in the 'register read' output we wrote down, R0 = 0x1501c9c0 in hex decimal, which is 352438720 in decimal value.
This is a big number & get's loaded into our ammo it says. 
This doesn't make sense to me, because  if that's true we had lots of ammo xD

You should update the comments in the assembly and this part with what I typed.

 

On September 9, 2017 at 8:58 PM, Ted2 said:

How we hack the LDR:


- LDR R1, [R0,#0xAC] to LDR R1, [R7,#0xAC] --> What this does is load R7 (803 million) into our ammo instead of what the normal value should be.

This is incorrect. R7 typically stores a large garbage number so if the game tries to access R7+0xAC, it 99.9% will crash because its trying to access memory that doesn't exist. Or maybe it won't crash, but it will fail to load the ammo, leaving ammo to be a large uninitialized garbage number when its stored back, making it infinite. Its the same concept as above. R0 is the correct address of our object, R7 is some random thing. R0+0xac = where our ammo instance variable is stored, R7+0xac = ???? And your description of the hacked LDR is wrong, its loading uninitialized memory into R1, and that's what makes it infinite.

 

 

Updated by Guest
Posted (edited)
5 hours ago, shmoo said:

@Ted2

 

Damn this is a good ass tutorial, I'm gathering up some tuts for Drapes and I stumbled across this one. There's some errors though

 


LDR             R1, [R0,#0xAC] //Loads the value of R0,#0xAC into R1 (ammo)
SUB             R1, R1, #1 // Substracts the value of one from R1 (ammo) into R1 (ammo)
STR             R1, [R0,#0xAC] //Stores R1 (ammo) into R0,#0xAC]
LDR             R1, =(unk_C80D00 - 0x15281C) //I've no idea, it does load something into our ammo atleast.

The LDR R1, [R0, #0xAC] isn't loading the value of R0,#0xAC because that isn't a value. It's loading the value stored in R0+0xac. R0 is holding the address for some object, and R0+0xAC is the instance variable (or something similar) for ammo. The value held in R0 (0x1501c9c0) is the address for the object stored in memory. 0x1501c9c0 + 0xac (which is 0x1501CA6C) is the memory address for the instance variable of the object at 0x1501c9c0 that holds ammo. Same issue here with the STR R1, [R0, #0xac], its not putting ammo back into R0,#0xAC, its storing the updated value into R0(our object address)+0xac(our ammo instance variable).

 

Edit: go back to your watchpoints and check out the memory address for ammo. its 0x1501ca6c! again, you set a watchpoint on the instance variable for ammo :)

You should update the comments in the assembly and this part with what I typed.

 

This is incorrect. R7 typically stores a large garbage number so if the game tries to access R7+0xAC, it 99.9% will crash because its trying to access memory that doesn't exist. Or maybe it won't crash, but it will fail to load the ammo, leaving ammo to be a large uninitialized garbage number when its stored back, making it infinite. Its the same concept as above. R0 is the correct address of our object, R7 is some random thing. R0+0xac = where our ammo instance variable is stored, R7+0xac = ???? And your description of the hacked LDR is wrong, its loading uninitialized memory into R1, and that's what makes it infinite.

 

 

Thanks, will read & fix when i'm on pc ??. Also, isnt the 0x AC in here [R0,#0xAC] some kind of variable, cause I thought it was, I've never really added it or never seen someone added it to the offset. In unity games, you can actually see what thess #0x.... numbers mean, not that I use that while hacking.

Updated by Ted2
Posted
3 hours ago, Ted2 said:

Thanks, will read & fix when i'm on pc ??. Also, isnt the 0x AC in here [R0,#0xAC] some kind of variable, cause I thought it was, I've never really added it or never seen someone added it to the offset. In unity games, you can actually see what thess #0x.... numbers mean, not that I use that while hacking.

read the LDR and STR locations as register+number. The LDR loads whatever is at R0+0xAC into R1

Posted

F*ck, iOS 11 is not supported, I guess, LLDB have to be rebuilt.

 

lldb
dyld: Library not loaded: @rpath/liblldb.3.8.dylib
  Referenced from: /usr/bin/lldb
  Reason: no suitable image found.  Did find:
    /usr/bin/../lib/liblldb.3.8.dylib: code signing blocked mmap() of '/usr/bin/../lib/liblldb.3.8.dylib'
    /usr/lib/liblldb.3.8.dylib: code signing blocked mmap() of '/usr/lib/liblldb.3.8.dylib'
Abort trap

Installed libffi, readline via dpkg and Python via cydia.radare

On latest Electra.

Posted
On 3/11/2018 at 7:29 AM, trumansh0tmail.de said:

F*ck, iOS 11 is not supported, I guess, LLDB have to be rebuilt.

 


lldb
dyld: Library not loaded: @rpath/liblldb.3.8.dylib
  Referenced from: /usr/bin/lldb
  Reason: no suitable image found.  Did find:
    /usr/bin/../lib/liblldb.3.8.dylib: code signing blocked mmap() of '/usr/bin/../lib/liblldb.3.8.dylib'
    /usr/lib/liblldb.3.8.dylib: code signing blocked mmap() of '/usr/lib/liblldb.3.8.dylib'
Abort trap

Installed libffi, readline via dpkg and Python via cydia.radare

On latest Electra.

ios 11 is supported 

Guest
This topic is now closed to further replies.
  • Our picks

    • Dawn of Ages: Medieval Games v2.0.9 +5 Jailed Cheats [ Damage & Defence ]
      Modded/Hacked App: Dawn of Ages: total war battle By BoomBit, Inc.
      Bundle ID: com.stratospheregames.dawnofages
      App Store Link: https://apps.apple.com/us/app/dawn-of-ages-total-war-battle/id6477473268?uo=4

       


      🤩 Hack Features

      - Damage Multiplier
      - Defence Multiplier
      - God Mode
      - Dumb Enemy
      - Premium Enabled
      • 13 replies
    • Dawn of Ages: Medieval Games v2.0.9 +5 Cheats [ Damage & Defence ]
      Modded/Hacked App: Dawn of Ages: total war battle By BoomBit, Inc.
      Bundle ID: com.stratospheregames.dawnofages
      App Store Link: https://apps.apple.com/us/app/dawn-of-ages-total-war-battle/id6477473268?uo=4

       

      📌 Mod Requirements

      - Jailbroken iPhone or iPad.
      - iGameGod / Filza / iMazing.
      - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak (from Sileo, Cydia or Zebra).

       

      🤩 Hack Features

      - Damage Multiplier
      - Defence Multiplier
      - God Mode
      - Dumb Enemy
      - Premium Enabled

       

      ⬇️ iOS Hack Download Link


      Hidden Content

      Download Hack







       

      📖 iOS Installation Instructions

      STEP 1: Download the .deb hack file from the link above. Use Safari, Google Chrome or other iOS browsers to download.
      STEP 2: Once the file has downloaded, tap on it and then you will be prompted on whether you want to open the deb with iGameGod or copy it to Filza.
      STEP 3: If needed, tap on the downloaded file again, then select ‘Normal Install’ from the options on your screen.
      STEP 4: Let iGameGod/Filza finish the cheat installation. If it doesn’t install successfully, see the note below.
      STEP 5: Open the game, log in to your iOSGods account when asked, then toggle on the features you want and enjoy!

       

      NOTE: If you have any questions or problems, read our Jailbreak iOS Hack Troubleshooting & Frequently Asked Questions & Answers topic. If you still haven't found a solution, post your issue below and we'll do our best to help! If the hack does work for you, please post your feedback below and help out other fellow members that are encountering issues.

       

      🙌 Credits

      - @Puddin
      - @Laxus

       

      📷 Cheat Video/Screenshots

      N/A

       

      More iOS App Hacks
      If you’re looking for Non-Jailbroken & No Jailbreak required iOS IPA hacks, visit the iOS Game Cheats & Hacks or the iOSGods App for a variety of modded games and apps for non-jailbroken iOS devices.

      Modded Android APKs
      Need modded apps or games for Android? Check out the latest custom APK mods, cheats & more in our Android Section.
        • Haha
      • 22 replies
    • MONOPOLY: The Board Game v1.15.0 +1 Jailed Cheat [ Everything Owned ]
      Modded/Hacked App: MONOPOLY: The Board Game By Marmalade Game Studio Limited
      Bundle ID: com.marmalade.monopoly
      iTunes Store Link: https://apps.apple.com/us/app/monopoly-the-board-game/id1477966166?uo=4


      Hack Features:
      - Everything Owned -> All packs, themes, boards, tokens, all purchased and owned.


      Jailbreak required hack(s): https://iosgods.com/topic/169254-monopoly-classic-board-game-all-versions-1-cheat-everything-owned/
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
      • 413 replies
    • First Team Manager Season 2026 v1.0.0 +4 Jailed Cheats [ Unlimited Currencies ]
      Modded/Hacked App: First Team Manager Season 2026 By Go Play Games
      Bundle ID: com.GoPlayGames.FTM26
      iTunes Store Link: https://apps.apple.com/us/app/first-team-manager-season-2026/id6743993781

       
       

      🤩 Hack Features

      - Freeze Coins
      - Freeze Cash
      - Freeze Tokens
      - Free In-App Purchases
      • 0 replies
    • First Team Manager Season 2026 v1.0.0 +4 Cheats [ Unlimited Currencies ]
      Modded/Hacked App: First Team Manager Season 2026 By Go Play Games
      Bundle ID: com.GoPlayGames.FTM26
      iTunes Store Link: https://apps.apple.com/us/app/first-team-manager-season-2026/id6743993781

       
       

      🤩 Hack Features

      - Freeze Coins
      - Freeze Cash
      - Freeze Tokens
      - Free In-App Purchases
      • 0 replies
    • Red Bull Playgrounds v1.0.0 +1 Jailed Cheat [ Score Multiplier ]
      Modded/Hacked App: Red Bull Playgrounds By Red Bull Media House GmbH
      Bundle ID: com.red.bull.playgrounds
      App Store Link: https://apps.apple.com/us/app/red-bull-playgrounds/id6737554653?uo=4

       


      🤩 Hack Features

      - Score Multiplier
      • 3 replies
    • Red Bull Playgrounds v1.0.0 +1 Cheat [ Score Multiplier ]
      Modded/Hacked App: Red Bull Playgrounds By Red Bull Media House GmbH
      Bundle ID: com.red.bull.playgrounds
      App Store Link: https://apps.apple.com/us/app/red-bull-playgrounds/id6737554653?uo=4

       
       

      🤩 Hack Features

      - Score Multiplier
      • 4 replies
    • MONOPOLY: The Board Game v1.15.0 +1 Cheat [ Everything Owned ]
      Modded/Hacked App: MONOPOLY: The Board Game By Marmalade Game Studio Limited
      Bundle ID: com.marmalade.monopoly
      iTunes Store Link: https://apps.apple.com/us/app/monopoly-the-board-game/id1477966166?uo=4


      Hack Features:
      - Everything Owned -> All packs, themes, boards, tokens, all purchased and owned.


      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/topic/169256-monopoly-classic-board-game-v189-1-jailed-cheat-everything-owned/
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
      • 203 replies
    • Last War:Survival v1.0.301 [+1 Jailed Cheats]
      Modded/Hacked App: Last War:Survival By FUNFLY PTE. LTD.
      Bundle ID: com.lastwar.ios
      App Store Link: https://apps.apple.com/us/app/last-war-survival/id6448786147?uo=4



      Important


      Only work on Pve contents

      Enable on loading screen!

       

      🤩 Hack Features

      - Never Die
       
        • Like
      • 25 replies
    • Last War:Survival v1.0.301 [+1 Cheats]
      Modded/Hacked App: Last War:Survival By FUNFLY PTE. LTD.
      Bundle ID: com.lastwar.ios
      App Store Link: https://apps.apple.com/us/app/last-war-survival/id6448786147?uo=4



      Important


      Only work on Pve contents

      Enable on loading screen!

       

       

      🤩 Hack Features

      - Never Die
       
      • 28 replies
    • Arcanterra: A Story Driven RPG v0.18.1 +2 Jailed Cheats [ Damage + More ]
      Modded/Hacked App: Arcanterra: A Story Driven RPG By Funventure P S A
      Bundle ID: eu.funventure.arcanterra
      iTunes Store Link: https://apps.apple.com/us/app/arcanterra-a-story-driven-rpg/id6744968165

       
       

      🤩 Hack Features

      - Damage Multiplier
      - God Mode
      • 3 replies
    • Arcanterra: A Story Driven RPG v0.18.1 +2 Cheats [ Damage + More ]
      Modded/Hacked App: Arcanterra: A Story Driven RPG By Funventure P S A
      Bundle ID: eu.funventure.arcanterra
      iTunes Store Link: https://apps.apple.com/us/app/arcanterra-a-story-driven-rpg/id6744968165

       


      🤩 Hack Features

      - Damage Multiplier
      - God Mode
      • 3 replies
×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines