1 / 30

Memory Cheating

Memory Cheating. Mobile Game Hacking. NHN BuisenessPlatfrom Ahn SeongBhum. AGENDA. Processor ARM Basic Disassembly Android Testing Environment Mobile Game Hacking Android Memory Cheating Demo. Processor. System-on-a-chip Cortex-A8 Frequency from 600MHz to 1GHz and above

monte
Download Presentation

Memory Cheating

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Memory Cheating Mobile Game Hacking NHN BuisenessPlatfrom Ahn SeongBhum

  2. (c) 2008 Hex-Rays SA AGENDA • Processor • ARM Basic • Disassembly • Android • Testing Environment • Mobile Game Hacking • Android Memory Cheating • Demo

  3. (c) 2008 Hex-Rays SA Processor • System-on-a-chip • Cortex-A8 • Frequency from 600MHz to 1GHz and above • High-performance, Superscalar microarchitecture • NEON technology for multi-media and SIMD processing • Jazelle RCT • Cortex-A9 • Unrivalled performance with 2GHz typical operation with the TSMC 40G hard macro implementation • Low power targeted single core implementations into cost sensitive devices • Scalable up to four coherent cores with advanced MPCore technology

  4. (c) 2008 Hex-Rays SA Processor

  5. (c) 2008 Hex-Rays SA ARM Basics • Acorn RISC Machine • Thumb • 16,32bit Registers r0-r15 • Stack pointer r13 • Link Register r14 • Program counter r15 • Function arguments passed in registers, not on stack • Return address not always stored on stack

  6. (c) 2008 Hex-Rays SA ARM Basics • ARMv7

  7. (c) 2008 Hex-Rays SA ARM Basics • System-on-a-chip • Cortex-A8 • Frequency from 600MHz to 1GHz and above • High-performance, Superscalar microarchitecture • NEON technology for multi-media and SIMD processing • Jazelle RCT • Cortex-A9 • Unrivalled performance with 2GHz typical operation with the TSMC 40G hard macro implementation • Low power targeted single core implementations into cost sensitive devices • Scalable up to four coherent cores with advanced MPCore technology

  8. (c) 2008 Hex-Rays SA Disassembly IDA vsObjdump • IDA 6.0 • IDA 5.2

  9. (c) 2008 Hex-Rays SA Android

  10. (c) 2008 Hex-Rays SA Android

  11. (c) 2008 Hex-Rays SA Testing Environment

  12. (c) 2008 Hex-Rays SA Testing Environment

  13. (c) 2008 Hex-Rays SA Testing Environment rooting

  14. (c) 2008 Hex-Rays SA Testing Environment

  15. (c) 2008 Hex-Rays SA Android Game Hacking Memory Searching Code Injection Packet Manipulation File Manipulation

  16. (c) 2008 Hex-Rays SA Mobile Game Hacking Mobile Game Attack Vectors File Packet Memory Hacking SQLite repackaging Lisence

  17. (c) 2008 Hex-Rays SA Android Memory Cheating ptrace /proc

  18. (c) 2008 Hex-Rays SA Android Memory Cheating Memory mapping

  19. (c) 2008 Hex-Rays SA Android Memory Cheating • typedef struct Object • { • /* ptr to class object */ • ClassObject* clazz; • u4 lock; • } Object;

  20. (c) 2008 Hex-Rays SA Android Memory Cheating • struct ClassObject { • 0 Object obj; • 8 u4 instanceData[CLASS_FIELD_SLOTS]; • 24 const char* descriptor; • 28 char* descriptorAlloc; • .. • … • 140 StaticField* sfields; • 144 int ifieldCount; • 148 int ifieldRefCount; • 152 InstField* ifields; • 156 u4 refOffsets; • 160 const char* sourceFile; • };

  21. (c) 2008 Hex-Rays SA Android Memory Cheating

  22. (c) 2008 Hex-Rays SA Android Memory Cheating

  23. (c) 2008 Hex-Rays SA Android Memory Cheating • Realtime decompile

  24. (c) 2008 Hex-Rays SA Android Memory Cheating

  25. (c) 2008 Hex-Rays SA Android Memory Cheating

  26. (c) 2008 Hex-Rays SA Inline hooking PC-relative address

  27. (c) 2008 Hex-Rays SA License bind_service LVL ARM

  28. DEMO

  29. Questions

  30. Thank you

More Related