I tried to modify one byte from the money, by computing the offset from R0 where it’s located and modifying its value – for example, from 500 to 900. So my idea was to modify memory before it’s encrypted. Do a x/30s $r0 and you can see the plaintext XML file 😃. Prototype is CBH_XorCrypt::Cipher(char *, int), meaning that R0 holds the unencrypted data and R1 its size. If you breakpoint on the Cipher method and try to buy some bullets, debugger will break. These are binary and seem packed/crypted (by the way, if you want to have fun with virtual fishes and don’t want to wait, you can use the same trick with iQuarium – edit the plist file with the properties, it’s not encrypted nor packed – BBEdit can handle it fine).Ĭhecking around the disassembly (don’t forget you need to decrypt the binary, use Crackulous for example) you find two interesting methods: CBH_XorCrypt::Decypher and CBH_XorCrypt::Cipher ( CSaveManager class is also interesting, it calls the encryption method).
This can be found at the Documents/default folder, with the name savebh.dat (by the way, the app has the name BountyHunter.app). The credits information is written into a save game file. A reversing brain is a dangerous brain 😉. Of course I was already more interested in exploring a way to remove that limitation than playing (I played a few rounds, it gets boring). After a while you need to buy energy credits so you can proceed in the game. I really like Apple in some points, but this one pisses me off!īack to the interesting juice… I was reading today some articles and I saw the announcement of this game, Contract Killer, based on a freemium business model, in app purchases. Apple should allow a Little Snitch like app, so users can have some control about what is going out of their devices. If I want to firewall your shitty ad-network, let me, don’t try to fight it.Īll this spyware crap is one of the reasons why I’m not fully using the iPad for web browsing and other more personal tasks. The argument of high-availability for such behavior is weak – there are many HA solutions. It sucks, seriously! It sucks so much, that I tried to firewall one of the ad networks and it starts connecting to different Amazon EC instances, more or less like a botnet client (this should be an interesting reversing project). If I was the CSO or CIO I would fight against this, and I mean real hard fighting. I can’t even conceive why the enterprise world will adopt the iPad with these kind of problems. Well, for me it’s damn spyware because I’m not authorizing the apps to send any information, much less unique pieces of information that can identify you forever. One might argue that it’s not spyware, it’s just sending bits of information.
#Contract killer 2 cheats full#
The iPad is a great product but it’s full of “spyware” and that sucks big time. Let me start this post with a little rant.
0 kommentar(er)
