Tutorial [ARM64] IDA + LLDB Tutorial [Noob Friendly]

[0xNoctis 9.7k iPad Pro (5th gen) 13.3 Donor]

@Ted2    So my Phone is Ios 13.3 when i do attack Pid    it says illigal instructions 4      is that whats not working for IOs 12/13 users  or Does breakpoints Like not actually work anymore cause my Ipad is like ios 13.2 or somesh!t and it works with breakpoints i just cant seem to Actually hack a game   are the breakpoints invalid or missleading info ?? 

[Draiko 1 iPhone 11 Pro Max 13.5]

Looking for a little assistance.  I have followed the instructions to install Theos and LLDB.  Everything seems to have installed ok, so I used putty to ssh into my phone and run lldb.  I looked up the PID of the app using GameGemiOs.  When I then try to attach to the PID (example: attach 22338), I end up getting Illegal instruction: 4.  Tried on a couple different apps but getting the same Illegal instruction: 4 each time.

Thought it might be an issue with Theos from some searches I was doing.  So I reinstalled using  cd /var && git clone git://github.com/coolstar/theos.git  but still no go.  Any recommendations?

[ppAtahTesreveR 1.5k iPhone 11.3.1]

it's great post, thanks

On 4/19/2020 at 7:03 AM, yoelb00 said:

thank you!

now i have other problem,

i found this 2 address for the ammo:

0x107DE1E10

0x10DC48EF0

 

when i write the first w s e -- 0x107DE1E10 it's work,

the second one  w s e --0x10DC48EF0 give me this:

why is that ?

It's typo, should be w s e -- 0x10DC48EF0

[trolino 4 iPhone 6s Plus 13.6]

this seems much more complicated than Android holy sh!t!  Anyways, is there a way to just dump the ipa and metadata after removing FairPlay or being cracked, then edit with IDA Pro? These tutorials are not very clear where as in android is more straight forward, get APK, find the il2cpp, edit with ida and put it back on the apk directory.

 

Im assuming that all of these tutorials are different ways of modding? Theres just so much stuff and nothing clear.. kind off. Like what are the core tools needed to mod and ipa and create a deb file?

[Ted2 39.1k iPhone 13 Pro 16.0 Donor]

3 hours ago, trolino said:

this seems much more complicated than Android holy sh!t!  Anyways, is there a way to just dump the ipa and metadata after removing FairPlay or being cracked, then edit with IDA Pro? These tutorials are not very clear where as in android is more straight forward, get APK, find the il2cpp, edit with ida and put it back on the apk directory.

 

Im assuming that all of these tutorials are different ways of modding? Theres just so much stuff and nothing clear.. kind off. Like what are the core tools needed to mod and ipa and create a deb file?

1. Decrypt IPA

2. Open the binary in payload

3. Dump it if it’s a gay unity game

4. Load in IDA 

5. Use theos to compile

 

The reason why this is unclear for you, is because you have only done Unity games, which is easy & not to compare to advanced modding. It’s like reading a book basically.

[trolino 4 iPhone 6s Plus 13.6]

51 minutes ago, Ted2 said:

1. Decrypt IPA

2. Open the binary in payload

3. Dump it if it’s a gay unity game

4. Load in IDA 

5. Use theos to compile

 

The reason why this is unclear for you, is because you have only done Unity games, which is easy & not to compare to advanced modding. It’s like reading a book basically.

Dump if its gay 😂😂😂😂 hahaha!! 

Thanks for the response, gotta learn wth Theos and payload is. Will be making some research on that as well. 

 

One thing though that I'm still trying to figure out before I even start is how to get the cracked IPA to my PC. 😑 This iFunBox is being retarded saying I dont have a jailbroken iPhone, (which I clearly do 6S Plus 13.6), so I'm not able to access the root and drag that cracked IPA file to my PC using iFunBox.

 

I have installed Apple File Conduit 2 and still cant access Raw File System.

[Ted2 39.1k iPhone 13 Pro 16.0 Donor]

15 hours ago, trolino said:

Dump if its gay 😂😂😂😂 hahaha!! 

Thanks for the response, gotta learn wth Theos and payload is. Will be making some research on that as well. 

 

One thing though that I'm still trying to figure out before I even start is how to get the cracked IPA to my PC. 😑 This iFunBox is being retarded saying I dont have a jailbroken iPhone, (which I clearly do 6S Plus 13.6), so I'm not able to access the root and drag that cracked IPA file to my PC using iFunBox.

 

I have installed Apple File Conduit 2 and still cant access Raw File System.

Try the solution here:

 

 

otherwise do openssh

[Said9321 2 iPhone 11 13.4.1]

watchpoint or breakpoint won't hit .. why it's getting skipped ??

[chuxiao12345 5 iPhone 7 11.0]

Do you have a more advanced tutorial? For example, find the invincible of some games! There are many games that are not suitable for your method!

[0xSolana 25.1k iPhone 14 18.1]

On 8/22/2018 at 3:30 PM, Ted2 said:

if(GetPrefBool(@"key1")) { vm_writeData(0x10092DEE8, 0x1F2003D5); // }

Hello,

I used the live offset patcher to test that but, when i finished enter values, the game freeze when i switch the weapon. (Phone is not connect to lldb)

Here is the offset + hex :

Offset : 10092DEE8 // no 0x bcz Live Offset Patcher don't support it
Patched Hex : C0035FD6

(ARM64)