IDA PRO BASIC (INSTRUCTION OF IDA )

Understanding ARM Assembly for Game Modding

Here is a comprehensive tutorial for anyone interested in learning the basics of ARM assembly language and how to utilize it for game modding. This guide will be especially useful for understanding basic instructions in IDA.

Steps to Follow:

1. Analyze the Game: Identify potential hacks and hypothesize function names.
2. Load the Binary: Load the lib file from the game's lib folder into IDA. Ensure the "load resources" option is checked.
3. Wait for IDA: Allow IDA ample time to load the binary completely.
4. Use a Hex Editor: Open the binary file in a hex editor for further examination.

Useful Search Keywords:

Consider the following keywords when searching for functions:

• Player's Life: life, health, damage, hp, live, power
• Examples: CSoldierHero::takeDamage, CPlayer::removeHealth
• Points: points, score, mp
• Examples: Game::UpdatePoints, Game::AddPoints, Game::loadScore
• Ammo: ammo, shoot, shot, fire, weapon
• Examples: CPlayer::processShooting, CPlayer::fire, xxx:ubAmmo

Additional Keywords:

• Level: For level-up cheats.
• Power-ups: For features like mega jump or doodle jump.
• Miscellaneous: Keywords depend on the game type (e.g., RPG, action, fun).
• Kill: For games like Splinter Cell.
• Unlock: An important keyword for unlocking features.

Modifying Instructions:

When modifying game code, use the following guidelines:

• ADD (e.g., score): Set to MOV R0, #480000000* to set high values.
• SUB (e.g., ammo): Change to ADD, NOP it, or set the SUB to #0.
• RSB (reverse subtract, e.g., take damage): NOP it or set to low values or change to ADD.
• LDR (e.g., score): Change the register to R7 or MOV R0, #480000000*.
• STR (e.g., setLife): Change the register to R7 or MOV R0, #480000000*.

Common Assembly Codes:

• ADD R3, R3 #1: 01 30 83 E2
• SUB R3, R3 #1: 01 30 43 E2
• ADD R1, R3, R3: 01 30 83 E0
• SUB R1, R3, R3: 01 30 43 E0
• MOV R0, #48000000: 12 03 A0 E3 (high value)
• MOV R0, #1: 01 00 A0 E3 (used for boolean functions)
• MOV R0, #0: 00 00 A0 E3 (used for boolean functions)
• 2Byte BX LR: 7047 (deletes a function)
• 2Byte NOP: C046 (no operation)
• 4Byte BX LR: 1EFF2FE1 (deletes a function)
• 4Byte NOP: 0000A0E1 (no operation)

Branch Commands:

Branch commands are influenced by a preceding CMP (compare) instruction:

• BEQ: Branch if equal (cmp r2, r2)
• BNE: Branch if not equal (cmp r3, r11)
• BLT: Branch if lower than (cmp r2, r3)
• BGT: Branch if greater than (cmp r3, r1)

Note: Experimentation is key to success. Try different approaches to achieve your goals.

Tips for Practice:

• Plist Editing: Download games and re-hack plists.
• Hex Editing: Compare save files to learn about hex values.
• IDA Hacking: Use the Offset DB to locate functions in IDA and download binaries for comparison.

Example: Unlocking Features in Brothers in Arms: Hour of Heroes

To unlock all weapons:

1. Locate the CSoldierHero UnlockAllWeapons function.
2. Make an XRef from the title of the function (highlight the function and press X).
3. Find the BNE (branch not equal) instruction and change it to a B (branch no conditions) instruction. This forces the function to always branch, unlocking all weapons.

Additional Tips:

• GDB: Use GDB for checking functions and their registers when needed.
• CMP: Look for CMP instructions above branches to modify conditions effectively.

With persistence and practice, you'll master ARM assembly for game modding. Good luck and happy modding!