Help/Support Let me get this right

B2r · October 20, 2017

hello cheaters

im working on hacking game but let me get the steps and want 2 see if im wrong with something

First step : Crack the Game By Rasticrac and Mterminal Tools

and 2 do that if you are ios 9 or above is by download the game from itunes in the pc and install the game to your iphone by IfunBox

then crack the Game by Rasticrac Tool to get the Binary after that u use this command for the binary lipo nameofbinary -thin arm64 -o tempnameofbinary

and i don't why we do that and what about this website http://armconverter.com/binarytools/index.php

and what is ASLR and which Binary we use in the website that one we get it from Rasticrac or with the command lipo nameofbinary -thin arm64 -o tempnameofbinary ?

Step 2 : Debugserver with Putty and LLDB

And 2 do that u need to download debugserver https://www.dropbox.com/s/501sg030hhpiuxi/debugserver?dl=0 From @DiDA Tut

and doing the stuff in Dida Tut

and why we have to do that ? i mean is it necessary for step 3 ?

Step 3 : Hack the game by IDA

i dont have 2 much info about this one but i think every step is attach with this one

Step 4 : Theos

i think is for this topic from @shmoo

and that's it so correct me if i'm wrong . thx

iDavie · October 20, 2017

Though this was a question not a tutorial ? Wrong section dude !! ?

B2r · October 20, 2017

2 minutes ago, iDavie said:

Though this was a question not a tutorial ? Wrong section dude !! ?

no it's help

i want 2 just get it right

Updated October 20, 2017 by Deluxe4

Archangel04 · October 21, 2017

If you crack the binary, you can thin it and remove aslr by using the site.

A binary by default contains both armv7 and arm64. Thinning it removes either of them depending on how you thin it. The lipo command you wrote thins the binary and if you write armv7 instead of arm64 you will get 32-bit portion (for all iOS <11)

Amuyea · October 21, 2017

Depends on what Device you have. x32 can crack and the binary will be x32. While on x64, you need to install the app from iTunes to be able to crack ipa with both x32 and x64.

x32 or ARMv7 iDevices: iPhone 3GS, 4, 4s, 5, 5C, iPod 3G, 4G, 5G, iPad 2, 3, 4 & iPad Mini 1.

x64 or ARM64 iDevices: iPhone 5s, 6, 6 Plus, 6s, 6s Plus, 7, 7 Plus, 8, 8 Plus, X, SE, iPod Touch 6G, iPad Air, Air 2, Pro & iPad Mini 2, 3, 4 and later.

Terminal: (Can do this on mac as well)

x32

lipo nameofbinary -thin armv7 -o tempnameofbinary

x64

lipo nameofbinary -thin arm64 -o tempnameofbinary

Removing ASLR allows you to use GDB/LLDB to find offsets which you can search in IDA. (Replace the binary with ASLR to app's binary folder and put permission as 777)

Updated October 21, 2017 by Amuyea

B2r · October 21, 2017

20 minutes ago, Archangel04 said:

If you crack the binary, you can thin it and remove aslr by using the site.

A binary by default contains both armv7 and arm64. Thinning it removes either of them depending on how you thin it. The lipo command you wrote thins the binary and if you write armv7 instead of arm64 you will get 32-bit portion (for all iOS <11)

10 minutes ago, Amuyea said:

Depends on what Device you have. x32 can crack and the binary will be x32. While on x64, you need to install the app from iTunes to be able to crack ipa with both x32 and x64.

x32 or ARMv7 iDevices: iPhone 3GS, 4, 4s, 5, 5C, iPod 3G, 4G, 5G, iPad 2, 3, 4 & iPad Mini 1.

x64 or ARM64 iDevices: iPhone 5s, 6, 6 Plus, 6s, 6s Plus, 7, 7 Plus, 8, 8 Plus, X, SE, iPod Touch 6G, iPad Air, Air 2, Pro & iPad Mini 2, 3, 4 and later.

Terminal: (Can do this on mac as well)

x32

lipo nameofbinary -thin armv7 -o tempnameofbinary

x64

lipo nameofbinary -thin arm64 -o tempnameofbinary

Removing ASLR allows you to use GDB/LLDB to find offsets which you can search in IDA. (Replace the binary with ASLR to app's binary folder and put permission as 777)

thx

Archangel04 · October 21, 2017

Dont forget, after removing ASLR (either by site or otherwise), you need to do "ldid -s binaryname" in MTerminal or via SSH. OTherwise it will crash

B2r · October 22, 2017

On 10/20/2017 at 9:43 PM, Archangel04 said:

Dont forget, after removing ASLR (either by site or otherwise), you need to do "ldid -s binaryname" in MTerminal or via SSH. OTherwise it will crash

Thanks

Solved