Memory cheating
Download
1 / 30

Memory Cheating - PowerPoint PPT Presentation


  • 81 Views
  • Uploaded on

Memory Cheating. Mobile Game Hacking. NHN BuisenessPlatfrom Ahn SeongBhum. AGENDA. Processor ARM Basic Disassembly Android Testing Environment Mobile Game Hacking Android Memory Cheating Demo. Processor. System-on-a-chip Cortex-A8 Frequency from 600MHz to 1GHz and above

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Memory Cheating' - monte


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Memory cheating
Memory Cheating

Mobile Game Hacking

NHN BuisenessPlatfrom

Ahn SeongBhum


Agenda

(c) 2008 Hex-Rays SA

AGENDA

  • Processor

  • ARM Basic

  • Disassembly

  • Android

  • Testing Environment

  • Mobile Game Hacking

  • Android Memory Cheating

  • Demo


Processor

(c) 2008 Hex-Rays SA

Processor

  • System-on-a-chip

  • Cortex-A8

    • Frequency from 600MHz to 1GHz and above

    • High-performance, Superscalar microarchitecture

    • NEON technology for multi-media and SIMD processing

    • Jazelle RCT

  • Cortex-A9

    • Unrivalled performance with 2GHz typical operation with the TSMC 40G hard macro implementation

    • Low power targeted single core implementations into cost sensitive devices

    • Scalable up to four coherent cores with advanced MPCore technology



Arm basics

(c) 2008 Hex-Rays SA

ARM Basics

  • Acorn RISC Machine

  • Thumb

  • 16,32bit Registers r0-r15

  • Stack pointer r13

  • Link Register r14

  • Program counter r15

  • Function arguments passed in registers, not on stack

  • Return address not always stored on stack


Arm basics1

(c) 2008 Hex-Rays SA

ARM Basics

  • ARMv7


Arm basics2

(c) 2008 Hex-Rays SA

ARM Basics

  • System-on-a-chip

  • Cortex-A8

    • Frequency from 600MHz to 1GHz and above

    • High-performance, Superscalar microarchitecture

    • NEON technology for multi-media and SIMD processing

    • Jazelle RCT

  • Cortex-A9

    • Unrivalled performance with 2GHz typical operation with the TSMC 40G hard macro implementation

    • Low power targeted single core implementations into cost sensitive devices

    • Scalable up to four coherent cores with advanced MPCore technology


Disassembly

(c) 2008 Hex-Rays SA

Disassembly

IDA vsObjdump

  • IDA 6.0

  • IDA 5.2




Testing environment

(c) 2008 Hex-Rays SA

Testing Environment


Testing environment1

(c) 2008 Hex-Rays SA

Testing Environment


Testing environment2

(c) 2008 Hex-Rays SA

Testing Environment

rooting


Testing environment3

(c) 2008 Hex-Rays SA

Testing Environment


Android game hacking

(c) 2008 Hex-Rays SA

Android Game Hacking

Memory Searching

Code Injection

Packet Manipulation

File Manipulation


Mobile game hacking

(c) 2008 Hex-Rays SA

Mobile Game Hacking

Mobile Game Attack Vectors

File

Packet

Memory Hacking

SQLite

repackaging

Lisence


Android memory cheating

(c) 2008 Hex-Rays SA

Android Memory Cheating

ptrace

/proc


Android memory cheating1

(c) 2008 Hex-Rays SA

Android Memory Cheating

Memory mapping


Android memory cheating2

(c) 2008 Hex-Rays SA

Android Memory Cheating

  • typedef struct Object

  • {

    • /* ptr to class object */

    • ClassObject* clazz;

    • u4 lock;

  • } Object;


Android memory cheating3

(c) 2008 Hex-Rays SA

Android Memory Cheating

  • struct ClassObject {

  • 0 Object obj;

  • 8 u4 instanceData[CLASS_FIELD_SLOTS];

  • 24 const char* descriptor;

  • 28 char* descriptorAlloc;

  • ..

  • 140 StaticField* sfields;

  • 144 int ifieldCount;

  • 148 int ifieldRefCount;

  • 152 InstField* ifields;

  • 156 u4 refOffsets;

  • 160 const char* sourceFile;

  • };


Android memory cheating4

(c) 2008 Hex-Rays SA

Android Memory Cheating


Android memory cheating5

(c) 2008 Hex-Rays SA

Android Memory Cheating


Android memory cheating6

(c) 2008 Hex-Rays SA

Android Memory Cheating

  • Realtime decompile


Android memory cheating7

(c) 2008 Hex-Rays SA

Android Memory Cheating


Android memory cheating8

(c) 2008 Hex-Rays SA

Android Memory Cheating


Inline hooking

(c) 2008 Hex-Rays SA

Inline hooking

PC-relative address


License

(c) 2008 Hex-Rays SA

License

bind_service

LVL

ARM





ad