In today’s tutorial, we will learn how to MOD Obfuscated Native Android games in IDA Pro. This is not a beginner’s tutorial, you will need to have basic knowledge about modding games in IDA Pro, so please make sure you know that.
Have you ever tried to load a binary of a game and saw the function names as sub_12498? This is a form of Obfuscated that developers use in order to hide the real names of the functions, making it difficult to read the code and modifying it.
We have previously talked about string hacking in IDA Pro which we normally do in obfuscated games, however the approach we are going to use now is much easier and allows you to know what you are modding. Though, this will not work with every game. It will only work if the oldest version of the game’s binary was NOT Obfuscated. We use that version as reference to hack the newest one.
If none of the
Requirements:
1) IDA Pro
2) Basic understanding of IDA Pro and How to MOD in IDA Pro
Let’s begin!
For this method to work, we need 2 versions of the game, one which is the latest and one which is the oldest. In this tutorial, we will be modding a game called Robotics ZeptoLab.
The newest version of the game is now Obfuscated, but the older versions were not.
1) Download the Newest version of the game from Apkcombo.com
2) Download the older version of the game from uptodown.com – Preferable version 2.0.0 of the game.
3) Once you have downloaded both versions, extract the librobotics.so file from the armeabi-v7a folder from the OLD Version of the game. Ignore the others. Rename this binary file to like libroboticsOLD.so
4) Now extract from the NEW version and delete all the folders from the Lib folder except the armeabi-v7a
5) You can delete the old version APK file, we won’t need it since we only need the binary file.
6) LOAD both of these binary files in IDA Pro separately, and then wait for IDA to finish analyzing the files.
7) Now, once it is done, we will analyze the OLD version to find interesting functions that we can do. Since I have already Modded this game, there was a function called Game::Duel::opponentHealth which basically set the opponent’s health.
Now this is how i normally mod the game, others may have a different approach. So I will teach you what I would do here.
8) Look for a string near this function, above or below this function.
When I scrolled a bit below the function, I found this string called current_duel_opponent
9) So now we move to the latest binary file which is obfuscated and open all strings in the game Or press SHIFT + f12
10) Once all the strings are loaded, right click on Strings window and select Quick Filter
11) Now we need to search for the string which was – current_duel_opponent
We found two results, let’s click on the first one. Though, the second one doesn’t match with our string, so we ignore that and focus on the first one only.
XREFS it we found 1 Result, it is being called two times inside the same function. So this is the one we found the OLD version of the binary as well.
12) Click and go to the function and compare it with the OLD one.
We are looking at the correct function.
13) Now in the OLD binary file, open the Game::Duel::opponentHealth function again
14) In the NEW Binary file, we have to scroll up a little until we find a function that looks similar to the one above.
Scrolling up a little and I found this function that is identical to the one in the OLD binary file.
AND yes this is the correct function which is Game::Duel::opponentHealth so now we got our function, we just need to hack it now.
15) Load the NEW Binary file in HEX editor and copy the offset/address of the function
Remember, We’re working on modding ARM code that handles 8-byte data (64-bit) operations so we will return NUMBER 1 to this, which will make the opponent’s health 1
Now you will have ONE HIT ability in the game. You can ADD MOD MENU if you want to it. Check out our MOD MENU tutorial.
That’s it.
Thank you for reading, and if you have any questions then leave them in the comments and I will get back to you ASAP.
