Jump to content
Community Announcements, Giveaways & More!

IDA + LLDB Tutorial [Noob Friendly]

Ted2

By Ted2
Updated in Tutorials

 Share

95 posts in this topic

Recommended Posts

Recommended

Posted by Ted2,

Please see this updated tutorial on arm64:   armv7 hacks are useless nowadays.
Recommended by Ted2
  • Like

1 reaction

Go to this post
Guest

Guest

Posted
Posted (edited)

@Ted2

 

Damn this is a good ass tutorial, I'm gathering up some tuts for Drapes and I stumbled across this one. There's some errors though

  

LDR             R1, [R0,#0xAC] //Loads the value of R0,#0xAC into R1 (ammo)
SUB             R1, R1, #1 // Substracts the value of one from R1 (ammo) into R1 (ammo)
STR             R1, [R0,#0xAC] //Stores R1 (ammo) into R0,#0xAC]
LDR             R1, =(unk_C80D00 - 0x15281C) //I've no idea, it does load something into our ammo atleast.

The LDR R1, [R0, #0xAC] isn't loading the value of R0,#0xAC because that isn't a value. It's loading the value stored in R0+0xac. R0 is holding the address for some object, and R0+0xAC is the instance variable (or something similar) for ammo. The value held in R0 (0x1501c9c0) is the address for the object stored in memory. 0x1501c9c0 + 0xac (which is 0x1501CA6C) is the memory address for the instance variable of the object at 0x1501c9c0 that holds ammo. Same issue here with the STR R1, [R0, #0xac], its not putting ammo back into R0,#0xAC, its storing the updated value into R0(our object address)+0xac(our ammo instance variable).

 

Edit: go back to your watchpoints and check out the memory address for ammo. its 0x1501ca6c! again, you set a watchpoint on the instance variable for ammo :)

On September 9, 2017 at 8:58 PM, Ted2 said:

We can see in the 'register read' output we wrote down, R0 = 0x1501c9c0 in hex decimal, which is 352438720 in decimal value.
This is a big number & get's loaded into our ammo it says. 
This doesn't make sense to me, because  if that's true we had lots of ammo xD

You should update the comments in the assembly and this part with what I typed.

 

On September 9, 2017 at 8:58 PM, Ted2 said:

How we hack the LDR: 


- LDR R1, [R0,#0xAC] to LDR R1, [R7,#0xAC] --> What this does is load R7 (803 million) into our ammo instead of what the normal value should be.

This is incorrect. R7 typically stores a large garbage number so if the game tries to access R7+0xAC, it 99.9% will crash because its trying to access memory that doesn't exist. Or maybe it won't crash, but it will fail to load the ammo, leaving ammo to be a large uninitialized garbage number when its stored back, making it infinite. Its the same concept as above. R0 is the correct address of our object, R7 is some random thing. R0+0xac = where our ammo instance variable is stored, R7+0xac = ???? And your description of the hacked LDR is wrong, its loading uninitialized memory into R1, and that's what makes it infinite.

 

 

Updated by Guest
  • Replies 94
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Ted2
Ted2

NOTE: iOS 11 is NOT able to run armv7, most devices run on iOS 11. I suggest NOT to hack armv7 binary, so this tutorial is KINDA useless. You can use this tutorial to reduce your knowledge. I wi

Rook
Rook

Wow! This is very detailed!

Ted2
Ted2

@Goran this is not Coin Dozer, coin dozer will be in my more 'advanced tutorial' the watchpoints you get from coin dozer, are not directly the right addresses. So that's why I'll cover that in my

Ted2 Supporter

Ted2 39.1k
  •   iPhone 13 Pro 
  •   16.0
  • Donor
  •  

    • Posted
    • Author
    Posted (edited)
    5 hours ago, shmoo said:

    @Ted2

     

    Damn this is a good ass tutorial, I'm gathering up some tuts for Drapes and I stumbled across this one. There's some errors though

      

    
LDR             R1, [R0,#0xAC] //Loads the value of R0,#0xAC into R1 (ammo)
SUB             R1, R1, #1 // Substracts the value of one from R1 (ammo) into R1 (ammo)
STR             R1, [R0,#0xAC] //Stores R1 (ammo) into R0,#0xAC]
LDR             R1, =(unk_C80D00 - 0x15281C) //I've no idea, it does load something into our ammo atleast.

    The LDR R1, [R0, #0xAC] isn't loading the value of R0,#0xAC because that isn't a value. It's loading the value stored in R0+0xac. R0 is holding the address for some object, and R0+0xAC is the instance variable (or something similar) for ammo. The value held in R0 (0x1501c9c0) is the address for the object stored in memory. 0x1501c9c0 + 0xac (which is 0x1501CA6C) is the memory address for the instance variable of the object at 0x1501c9c0 that holds ammo. Same issue here with the STR R1, [R0, #0xac], its not putting ammo back into R0,#0xAC, its storing the updated value into R0(our object address)+0xac(our ammo instance variable).

     

    Edit: go back to your watchpoints and check out the memory address for ammo. its 0x1501ca6c! again, you set a watchpoint on the instance variable for ammo :)

    You should update the comments in the assembly and this part with what I typed.

     

    This is incorrect. R7 typically stores a large garbage number so if the game tries to access R7+0xAC, it 99.9% will crash because its trying to access memory that doesn't exist. Or maybe it won't crash, but it will fail to load the ammo, leaving ammo to be a large uninitialized garbage number when its stored back, making it infinite. Its the same concept as above. R0 is the correct address of our object, R7 is some random thing. R0+0xac = where our ammo instance variable is stored, R7+0xac = ???? And your description of the hacked LDR is wrong, its loading uninitialized memory into R1, and that's what makes it infinite.

     

     

    Thanks, will read & fix when i'm on pc ??. Also, isnt the 0x AC in here [R0,#0xAC] some kind of variable, cause I thought it was, I've never really added it or never seen someone added it to the offset. In unity games, you can actually see what thess #0x.... numbers mean, not that I use that while hacking.

    Updated by Ted2
    Guest

    Guest

    Posted
    Posted
    3 hours ago, Ted2 said:

    Thanks, will read & fix when i'm on pc ??. Also, isnt the 0x AC in here [R0,#0xAC] some kind of variable, cause I thought it was, I've never really added it or never seen someone added it to the offset. In unity games, you can actually see what thess #0x.... numbers mean, not that I use that while hacking.

    read the LDR and STR locations as register+number. The LDR loads whatever is at R0+0xAC into R1

    trumansh0tmail.de Newbie

    trumansh0tmail.de 0

    Posted
    Posted

    F*ck, iOS 11 is not supported, I guess, LLDB have to be rebuilt.

      

    lldb
dyld: Library not loaded: @rpath/liblldb.3.8.dylib
  Referenced from: /usr/bin/lldb
  Reason: no suitable image found.  Did find:
    /usr/bin/../lib/liblldb.3.8.dylib: code signing blocked mmap() of '/usr/bin/../lib/liblldb.3.8.dylib'
    /usr/lib/liblldb.3.8.dylib: code signing blocked mmap() of '/usr/lib/liblldb.3.8.dylib'
Abort trap

    Installed libffi, readline via dpkg and Python via cydia.radare

    On latest Electra.

    Juku Newbie

    Juku 5k
  •   iPhone SE 
  •   11.3.1

    • Posted
    Posted
    On 3/11/2018 at 7:29 AM, trumansh0tmail.de said:

    F*ck, iOS 11 is not supported, I guess, LLDB have to be rebuilt.

      

    
lldb
dyld: Library not loaded: @rpath/liblldb.3.8.dylib
  Referenced from: /usr/bin/lldb
  Reason: no suitable image found.  Did find:
    /usr/bin/../lib/liblldb.3.8.dylib: code signing blocked mmap() of '/usr/bin/../lib/liblldb.3.8.dylib'
    /usr/lib/liblldb.3.8.dylib: code signing blocked mmap() of '/usr/lib/liblldb.3.8.dylib'
Abort trap

    Installed libffi, readline via dpkg and Python via cydia.radare

    On latest Electra.

    ios 11 is supported 

    Guest
    This topic is now closed to further replies.
     Share
    Go to topic listing

    • Our picks

      • Zooba: Zoo Battle Royale Game v6.0.0 Jailed Cheats +2

        Zooba: Zoo Battle Royale Game v6.0.0 Jailed Cheats +2

        Laxus posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Zooba: Zoo Battle Royale Games By Wildlife Studios Limited
        Bundle ID: com.fungames.battleroyale
        iTunes Store Link: https://apps.apple.com/us/app/zooba-zoo-battle-royale-games/id1459402952?uo=4


        Hack Features:
        - Map Hacks
        - Allow Shoot in Water


        Jailbreak required hack(s): https://iosgods.com/topic/131104-arm64-zooba-zoo-battle-royale-game-cheats-all-versions-2/


        iOS Hack Download Link: https://iosgods.com/topic/131134-arm64-zooba-zoo-battle-royale-game-v320-jailed-cheats-2/
        • 1,369 replies
        Laxus

        Picked By

        Laxus ,
      • Cat Game - The Cats Collector! v1.98.29 Jailed Cheats +2

        Cat Game - The Cats Collector! v1.98.29 Jailed Cheats +2

        Laxus posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Cat Game - The Cats Collector! By MinoMonsters Inc.
        Bundle ID: com.minogames.cats.beta
        App Store Link: https://apps.apple.com/us/app/cat-game-the-cats-collector/id1125011102?uo=4

         

        📌 Mod Requirements

        - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
        - Sideloadly or alternatives.
        - Computer running Windows/macOS/Linux with iTunes installed.

         

        🤩 Hack Features

        - Infinite Currencies

         

        Jailbroken Hack: https://iosgods.com/topic/105377-cat-game-the-cats-collector-cheats-auto-update-1/

         

        ⬇️ iOS Hack Download IPA Link: https://iosgods.com/topic/105379-cat-game-the-cats-collector-v19829-jailed-cheats-2/
        • 126 replies
        Laxus

        Picked By

        Laxus ,
      • [ ReDive TW ] 超異域公主連結!Re:Dive Cheats v5.5.0 +2

        [ ReDive TW ] 超異域公主連結!Re:Dive Cheats v5.5.0 +2

        Laxus posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: 超異域公主連結!Re:Dive By So-net Entertainment Taiwan Limited
        Bundle ID: tw.sonet.princessconnect
        iTunes Store Link: https://apps.apple.com/tw/app/%E8%B6%85%E7%95%B0%E5%9F%9F%E5%85%AC%E4%B8%BB%E9%80%A3%E7%B5%90-re-dive/id1390473317?uo=4

         

        📌 Mod Requirements

        - Jailbroken iPhone or iPad.
        - iGameGod / Filza / iMazing.
        - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak (from Sileo, Cydia or Zebra).

         

        🤩 Hack Features

        - Multiply Attack
        - Multiply Defense

         

        Non-Jailbroken Hack: https://iosgods.com/topic/186660-redive-tw-%E8%B6%85%E7%95%B0%E5%9F%9F%E5%85%AC%E4%B8%BB%E9%80%A3%E7%B5%90%EF%BC%81redive-hack/

         

        ⬇️ iOS Hack Download Link: https://iosgods.com/topic/134431-redive-tw-%E8%B6%85%E7%95%B0%E5%9F%9F%E5%85%AC%E4%B8%BB%E9%80%A3%E7%B5%90%EF%BC%81redive-cheats-v500-3/
        • 285 replies
        Laxus

        Picked By

        Laxus ,
      • Match Factory! v1.59.46 +3 Jailed Cheats [ Unlimited Everything ]

        Match Factory! v1.59.46 +3 Jailed Cheats [ Unlimited Everything ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Match Factory! By Peak Games
        Bundle ID: net.peakgames.match
        iTunes Store Link: https://apps.apple.com/gb/app/match-factory/id6449094229?uo=4


        Hack Features:
        - Unlimited Everything -> Will increase instead of decrease. Use coins for energy.
        - Auto Win -> Pick up an item.
        - Unlimited Time -> Will not decrease.
        • 73 replies
        Puddin

        Picked By

        Puddin,
      • Good Pizza, Great Pizza v5.43.0 +8 Jailed Cheats [ Unlimited Currencies ]

        Good Pizza, Great Pizza v5.43.0 +8 Jailed Cheats [ Unlimited Currencies ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Good Pizza, Great Pizza By TAPBLAZE, LLC
        Bundle ID: com.tapblaze.pizzabusiness
        iTunes Store Link: https://apps.apple.com/us/app/good-pizza-great-pizza/id911121200?uo=4


        Hack Features:
        - Unlimited Cash
        - Unlimited Diamonds
        - Unlimited Ad Tickets

        VIP
        -̶ ̶U̶n̶l̶i̶m̶i̶t̶e̶d̶ ̶P̶i̶z̶z̶a̶ ̶P̶a̶s̶s̶ ̶T̶o̶k̶e̶n̶s̶
        ̶-̶ ̶C̶h̶e̶f̶ ̶P̶a̶s̶s̶ ̶U̶n̶l̶o̶c̶k̶e̶d̶
        ̶-̶ ̶M̶a̶x̶ ̶P̶i̶z̶z̶a̶ ̶P̶a̶s̶s̶ ̶L̶e̶v̶e̶l̶
         ̶-̶ ̶S̶t̶a̶r̶t̶e̶r̶ ̶B̶u̶n̶d̶l̶e̶ ̶U̶n̶l̶o̶c̶k̶e̶d̶
        - Unlimited Paint Tickets
        - Unlimited Event Currency
        - Max Event Level
        - Unlimited Event Score
        - All Achievements Completed
        • 453 replies
        Puddin

        Picked By

        Puddin,
      • Disney Emoji Blitz Game v74.0.0 +1++ Jailed Cheat [ Unlimited Currencies ]

        Disney Emoji Blitz Game v74.0.0 +1++ Jailed Cheat [ Unlimited Currencies ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Disney Emoji Blitz Game By Jam City, Inc.
        Bundle ID: com.disney.emojimatch
        iTunes Store Link: https://apps.apple.com/us/app/disney-emoji-blitz-game/id1017551780
         

        Hack Features:
        - Unlimited Currencies -> Earn some.


        Jailbreak required hack(s): https://iosgods.com/topic/168886-disney-emoji-blitz-game-all-versions-1-cheats-unlimited-currencies/
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 224 replies
        Puddin

        Picked By

        Puddin,
      • Tsukuyomi: The Divine Hunter v1.1.3 +3 Jailed Cheats [ Damage & Defence ]

        Tsukuyomi: The Divine Hunter v1.1.3 +3 Jailed Cheats [ Damage & Defence ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Tsukuyomi: The Divine Hunter By COLOPL, Inc.
        Bundle ID: jp.colopl.mask
        App Store Link: https://apps.apple.com/us/app/tsukuyomi-the-divine-hunter/id6505051119?uo=4

         
         

        🤩 Hack Features

        - Damage Multiplier
        - Defence Multiplier
        - God Mode
        • 12 replies
        Puddin

        Picked By

        Puddin,
      • EverMerge: Merge & Match Game v1.67.5 +30 Jailed Cheats [ Cheat Menu ]

        EverMerge: Merge & Match Game v1.67.5 +30 Jailed Cheats [ Cheat Menu ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: EverMerge: Merge & Match Game By Big Fish Games, Inc
        Bundle ID: com.bigfishgames.mergetalesios
        iTunes Store Link: https://apps.apple.com/us/app/evermerge-merge-match-game/id1446344746?uo=4

         


        🚀 Hack Features

        - Cheat Menu -> Head into Settings and toggle the Support button.
        • 9 replies
        Puddin

        Picked By

        Puddin,
      • Dungeon's Call: Into the Abyss v1.0.7 +4 Jailed Cheats [ Damage & Defence ]

        Dungeon's Call: Into the Abyss v1.0.7 +4 Jailed Cheats [ Damage & Defence ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Dungeon's Call: Into the Abyss By Satoshi Masui
        Bundle ID: com.seg-soft.dungeonscall
        iTunes Store Link: https://apps.apple.com/us/app/dungeons-call-into-the-abyss/id6739310989?uo=4

         


        🤩 Hack Features

        - Damage Multiplier
        - Defence Multiplier
        - Unlimited Gold -> Will increase instead of decrease.
        - Unlimited Gems -> Will increase instead of decrease.
        • 8 replies
        Puddin

        Picked By

        Puddin,
      • Arcane Knight : Idle RPG v1.0.45 +6 Jailed Cheats [ Damage & Defence ]

        Arcane Knight : Idle RPG v1.0.45 +6 Jailed Cheats [ Damage & Defence ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Arcane Knight : Idle RPG By DongSik Moon
        Bundle ID: com.eastmoon.gk2live
        App Store Link: https://apps.apple.com/us/app/arcane-knight-idle-rpg/id6744289685?uo=4

         


        🤩 Hack Features

        - Damage Multiplier
        - Defence Multiplier
        - God Mode
        - Move Speed Multiplier
        - Freeze Coins
        - Freeze Gems
        • 14 replies
        Puddin

        Picked By

        Puddin,
      • Super Marine Defense v1.4.0 +1 Jailed Cheat [ Damage ]

        Super Marine Defense v1.4.0 +1 Jailed Cheat [ Damage ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Super Marine Defense By Game Duo Co.,Ltd.
        Bundle ID: net.gameduo.smd
        App Store Link: https://apps.apple.com/us/app/super-marine-defense/id6749679878?uo=4

         


        🤩 Hack Features

        - Damage Multiplier
        • 2 replies
        Puddin

        Picked By

        Puddin,
      • OnceWorld v1.2.1 +2 Jailed Cheats [ Damage + More ]

        OnceWorld v1.2.1 +2 Jailed Cheats [ Damage + More ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: OnceWorld By PONIX LLC
        Bundle ID: work.ponix.onceworld
        App Store Link: https://apps.apple.com/us/app/onceworld/id6753948618?uo=4

         


        🤩 Hack Features

        - Damage Multiplier
        - God Mode
        • 35 replies
        Puddin

        Picked By

        Puddin,
      View All
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines