IDA tutorial - Bypassing fake update warning

Sbenny.com is trusted by 1,313,404 happy users since 2014.
Register

AndnixSH

Savage Lv6️⃣
SB Mod Squad ⭐
Member for 8 years


Sometime you'll meet fake bugs in some games. This fake update warning didn't help much because it's easy to bypass. I'll show you how to bypass it easly

The game is The Evolution Sandbox.

You need:
- IDA Pro
- 7-zip or Winrar to open APK file
- Basic knowledge of IDA hacking

Video tutorial:

Start disassemble the ARM version libcocos2d.so file

Press CTRL+F, search UpdateWarningScreen and open up UpdateWarningScreen::Create(void)
Because I know this is the right function to look for right hehehe.

Highlight _ZN19UpdateWarningScreen… and press X to XREF to see which function are calling this function. There are 2 functions. Double-click to view the code.



Press F5 to view Pseudocode to understand the code easier

It looks very intersting. It checks for Lucky Patcher , signature or other hacking related stuff. I assume checkSignature detected tampered APK.



I'm too lazy to look deeper into it so I'll NOP the loc_xxxxxx instead. Highlight the loc_xxxxxx and press X to XREF. Hmm there is only 2 loc_xxxxx in one function and it's right here, highlighted in yellow



Go to the offsets you found and replace them with NOP (40 46 in THUMB) in hex editor. NOP means No Operation



When you re-disassemble the modified .so file, you'll see the changes.



The fake update warning won't appear anymore. Enjoy playing the modded game.

Credit:
AndnixSH#
 
Top