Jump to content



- - - - -

how to hack apps using IDA PRO


8 replies to this topic

#1 Earwaxking

    iphone game hacker

  • Members
  • 3,177 posts
  • iPhone:iPhone 3G

Posted 07 December 2011 - 08:25 PM

this is prob a crummy tut cuz its my first so i can use teamveiwer and show u how if u want.

it is a long and complicated process, ur going to need ida pro so u can google for that u can either crack it or get the trial. once u have that u need the app u want to hack sooo ill use deathnight as an example for this.

1. download the cracked version of the game u want to hack ( u will not be able to hack app downloaded form the app store cuz they are encrypted )

2. once u have the app open it up using winrar, and open the payload folder, in there you should see a bunch of files look for the binary file (EX. most of the time it is the largest file in there. also it does not have an extension on it and most of the time its the same name as the app.)

3. open it up in IDA pro, if you have a iphone 3g or ipod touch 2G and lower click on the arm 6 option if u have a 3GS or 3G ipod and up choose arm 7, then click on the drop down menu and select the top option. (it should say arm) and click done (just hit ok on all the other popups u get there should only be 2)

4. let it finish decompileing it. and when its done click on the left box that says function and press ALT+T.

5. here is when u figure out wut u wanna hack, i wanna hack the amount of money i get for killing someone. sooo search for something that would make sence like money so type that in and look for a function that sounds like wut we need, so i found the fuction "DeathKnight::AddMoney(int)" that sounds right so double click on it.

6. now here comes the hard part it requires u to use ur brain :). once u found the function and double click on it, hit space (this is optional i think its easy to read in the flow chart.). now u will see the whole function and wut it does. this is wut it should look like (note every function has different code).

Quote


; DeathKnight::AddMoney(int)
EXPORT __ZN11DeathKnight8AddMoneyEi
__ZN11DeathKnight8AddMoneyEi
LDR R2, =(__ZN11DeathKnight6g_cashE - 0x4B4E)
ADD R2, PC ; DeathKnight::g_cash
LDR R3, [R2]
ADDS R0, R0, R3
STR R0, [R2]
CMP R0, #0
BGE locret_4B5A


now u need to think wut it does and wut all the R's mean, we now that R2 is our cash becouse it tells us in the first line. i will now show u wut this function does and means (remember u need to think, u wont always be right the first time.) i know wut it means becouse i have already hacked it before.

Quote


; DeathKnight::AddMoney(int)
EXPORT __ZN11DeathKnight8AddMoneyEi
__ZN11DeathKnight8AddMoneyEi
LDR R2, - this is loading our current money into the game
ADD R2, PC-this is loading our money into a holding area so if we quit the game it we revert back to wut we had.
LDR R3, [R2] - R3 is the enemy so when we kill him his money loads into ours
ADDS R0, R0, R3 - R0 is how much money we get, so its adding the money into the enemy
STR R0, [R2] - now it is storing the money we get into our current money ( this is the command we wanted hacked)
CMP R0, #0 - compares money to see if it is empty, if it is then that means we got the money and the function restarts.
BGE locret_4B5A


now remember each regester means something different in each function. so R0 in another function wont be money it could be health, strength etc depending on the function u hack sometimes it could be a place holder and not mean anything.

7. so now that we know what we need to change we need to know wut to change it too, since the function is storing money into our player we dont need to change the header (meaning the STR in the begining of the line) we just need to tell it to store something bigger into our money. there is a regester that is most of the times never used it is the heavenly R7 regester that regester hold the number 312,000,000 so lets use it we want to change the function STR R0, [R2] to STR R7, [R2} so that we get a buttlaod of money.

8. now u cant change the function inside of IDA for that u need to hex it useing a hex editor, so look and IDA and hilight wut we need to chage. and click the tab Hex Veiw and look at the bottom left corner for an adress. it should look something like this "00003B50" that is were u need to go in the hex editor. once there change the hex into the new one (for that u need a ARM to HEX converter). save the file and there u go u got a new hack. :)

hope this helped u, if u want me to show u via Team Viewer message me and u can watch my computer and ill do it.

#2 Earwaxking

    iphone game hacker

  • Members
  • 3,177 posts
  • iPhone:iPhone 3G

Posted 07 December 2011 - 08:27 PM

dont flam me on my punctuation i know it sucks

#3 Dashti

    Hala Madrid

  • Members
  • 7,309 posts

Posted 07 December 2011 - 08:31 PM

You are awesome lol

#4 Earwaxking

    iphone game hacker

  • Members
  • 3,177 posts
  • iPhone:iPhone 3G

Posted 07 December 2011 - 08:41 PM

i am -_-?

#5 Dashti

    Hala Madrid

  • Members
  • 7,309 posts

Posted 07 December 2011 - 08:58 PM

..No

#6 Earwaxking

    iphone game hacker

  • Members
  • 3,177 posts
  • iPhone:iPhone 3G

Posted 07 December 2011 - 09:13 PM

:(

#7 TECH

    Member

  • Members
  • 8,537 posts

Posted 29 December 2011 - 04:52 PM

Nice tut

#8 Lalex

  • Members
  • 1 posts

Posted 29 December 2011 - 08:34 PM

Cool tutorial...
I have followed your guide but I'm stuck in the phase 8 when you says... "it should look something like this "00003B50", I can read "00003B6C" for now all its ok but when I go to the hex editor i don't understand how i can do this other "(for that u need a ARM to HEX converter)" How must I to change "STR R0, [R2] to STR R7, [R2}" In the hex editor? Can you upload an image please?
Thank you in advance.

#9 Earwaxking

    iphone game hacker

  • Members
  • 3,177 posts
  • iPhone:iPhone 3G

Posted 01 January 2012 - 10:35 PM

link to the ARM to HEX converter
http://www.mediafire.com/?js6xw1yjsa6vghj