Tutorial Hacking a game with IDA & Strings

SecretMyAss

Platinian
Original poster
Skilled
Jul 16, 2018
17
55
13
23
Netherlands
This "tutorial" will require you to know how to load a binary into IDA & basic ARM modding.


When hacking currency, I like to search for the keywords "spend, consume, award, reward" before "gold, coins, gem etc", since those have less hits & xrefs if they exist.
So when I searched for "consume", I got this interesting string:
RD6qUDn.png


This is a log the devs probably added while testing, or this gets send to the server.
Anyways, if we double click it, we get to this screen:
YD7Cjkk.png


What you now wanna do is, click on aThePlayerHasSL & hit X on your keyboard (so it shows all the xrefs):
0jNmDxV.png


Only one hit, which saves us time for checking each XRef :p.
Click "OK" or double click the sub_x. You'll end up here:
PkpYo3e.png


What's interesting is the following:
The string is writting in a loc_, loc_s are only getting used whether a specific condition is true.
In this case possibly: if players currency is less than price, go to this.
So what we wanna do is, xref the loc_ & see where it's getting called:
FqSWAQL.png


What's interesting is this: the BMI instructions mean: branch if mi (negative).
Above the branch, you see a SUBS.W (substract). If the substracion is negative, then branch to the loc_x

Example:
Player Currency: 900
Cost: 1000
900 - 1000 = negative, meaning it will go to the loc_x with the string we found instead of continuing.

If we change the SUBS.W to a ADD, it won't ever get negative, so it won't go to the loc_x.

The results:
If you spend, it gets added instead of subtracted.

That's it, resources are hacked :)

If you have any questions, feel free to ask.
 
Tags
hacking ida strings