häçking a Binary has never been easy for me. Well I don't know for you, because I am gonna be sharing some of my knowledge about IDA. Which you might find it hard to do because I am your trainer. So I am gonna start now.
When using IDA always remember that when Always choose the processor type to ARM Little Endian And
DO NOT open the Binary as Binary File open it as what your phone supports For example my phone supports ARMv7 or ARMv7s
After opening the Binary wait for it to load. You will know that it is fully loaded when the Bar on top is Blue.
And if häçking always search for the Fuction Name. For example Bucks. Use the little window on the left that is labeled "Function Name". And press Alt + T to search for the functions.
Then after you have found the Function its time to edit the instruction. The instructions are the things that makes the Function a Function. An example of an instruction is:
MOV R0, R7
BX LR
ADD R0, R1, R0
SUB SP,SP,
And many more.
So now let's really start.
For example the instruction that I will edit is:
LDRD.W R0, R1, [R0,#0x334] (in hex: D0 E9 CD 01 - Which is 4 bytes)
And As I said that I will häçk the bucks so that is the Loader. Loader, this thing loads the value into a register.
To häçk this you must edit this to
MOV R0, R7 (in hex: 381C - Which is 2 bytes)
Changing it to MOV is not just changing it's name, you must edit it's hex.
After changing the hex. Save it, then the binary is häçked!
But if you're häçking the Buy price for example:
SUBS R1, R0, R1
You could null, or instead of your money decreasing it will give you millions! This is how to do it.
The original instruction is
SUBS R1, R0, R1 (in hex: 41 1A - 2 bytes)
to null it you must make it to
NOP (in hex: C0 46 - 2 bytes)
change the SUBS R1, R0, R1
Hex to C0 46 to make it Free!!
or make it
MOV R0, R7 (in hex: 38 1C - 2 Bytes)
And if it's just a simple BOOL, it's instruction is
MOV R0, #1 - TRUE
MOV R0, #0 - False
I am not sure on everything that I have posted because I am just really a beginner at IDA, this is just a little tut that might help you.
Special Credit to: TechArmor
When using IDA always remember that when Always choose the processor type to ARM Little Endian And
DO NOT open the Binary as Binary File open it as what your phone supports For example my phone supports ARMv7 or ARMv7s
After opening the Binary wait for it to load. You will know that it is fully loaded when the Bar on top is Blue.
And if häçking always search for the Fuction Name. For example Bucks. Use the little window on the left that is labeled "Function Name". And press Alt + T to search for the functions.
Then after you have found the Function its time to edit the instruction. The instructions are the things that makes the Function a Function. An example of an instruction is:
MOV R0, R7
BX LR
ADD R0, R1, R0
SUB SP,SP,
And many more.
So now let's really start.
For example the instruction that I will edit is:
LDRD.W R0, R1, [R0,#0x334] (in hex: D0 E9 CD 01 - Which is 4 bytes)
And As I said that I will häçk the bucks so that is the Loader. Loader, this thing loads the value into a register.
To häçk this you must edit this to
MOV R0, R7 (in hex: 381C - Which is 2 bytes)
Changing it to MOV is not just changing it's name, you must edit it's hex.
After changing the hex. Save it, then the binary is häçked!
But if you're häçking the Buy price for example:
SUBS R1, R0, R1
You could null, or instead of your money decreasing it will give you millions! This is how to do it.
The original instruction is
SUBS R1, R0, R1 (in hex: 41 1A - 2 bytes)
to null it you must make it to
NOP (in hex: C0 46 - 2 bytes)
change the SUBS R1, R0, R1
Hex to C0 46 to make it Free!!
or make it
MOV R0, R7 (in hex: 38 1C - 2 Bytes)
And if it's just a simple BOOL, it's instruction is
MOV R0, #1 - TRUE
MOV R0, #0 - False
I am not sure on everything that I have posted because I am just really a beginner at IDA, this is just a little tut that might help you.
Special Credit to: TechArmor