> whoami
RevelariOS - A technical memory scanning tool and document for developers
Capere - An Apple Silicon hooking library written in C
Machium - A debugger for iOS
Developing an Instruction Set for the ENIAC
I have disclosed some content to Supercell in the past, but haven't ever touched their anti cheat. After all, I didn't have a reason to until recent months. Once I completed my hooking library and debugger (shameless plug) I found that I had difficulty testing it in Supercell games. My testing ground had been Clash of Clans for many years, but nothing ever came of my countless hours of poking around the game. That's until October of 2021, when Supercell released an update where they included a few new protections in the game. Within a few hours of testing, I discovered a all-in-one bypass to Clash of Clans' debugger protection, modification prevention, and jailbreak detection.
Continue reading...Honors projects are an excellent excuse to complete projects that have been sitting on a to-do list for a while. After all, when you're given an excuse to make anything, why not take the opportunity to build what you want?
My mind immediately went to a project I've wanted to create for a while. I've used debuggers a million times, but I never really understood how they worked. Of course, it's easy to just google "how do debuggers work", but that's not really fun, is it? Also - I forgot to add an important detail. I wanted to know how ARM debuggers work, which is a lot more niche than debugging on x86. Wait, scratch that. I wanted to know how ARM debuggers work on iOS, or as Tim Cook would like you to say, debugging on Apple Silicion. Are there even any resources out there on the internet to help with that? Let's find out and take a trap filled journey (pun intended) into debugging Apple Silicion.
Searching through memory on iOS to find a specific value isn't a new idea. There's plenty of tools available for searching memory on iOS, and source code is available for most of them. However, the source code only explains the how behind the project but not the why. The goal of RevelariOS was to create a technical version of these tools with a how and why explaination available through a combination of this blog post and the source code. SearchKit is meant to be a development toolkit so developers can add memory searching in their own projects, while RevelariOS is built to show off the power of SearchKit and its potential uses in research and development. In order to explain how RevelariOS and similar programs work, we have to take a dive into the vm_region().
Continue reading...In Supercell games, asset files are stored as .csv files for general information used in the game while .sc files contain the graphics. All .csv file contents are stored as primitive data types (int, bool, String, etc). Prior to December of 2019, for over 7 years after Clash of Clans' launch, asset files were not scanned by the game for modification or signed to check integrity. The implications of this being that any user could write their own edits into the .csv files and load them into the game. Most data stored in the .csv files is checked against the server, so trying to modify an achievement and getting 9 million gems for completing it will cause the game to "Out of Sync" and reset since the client calculations are different than what the server expected. Although this system is mostly bulletproof, occasionally a few bugs slip through the cracks.
Continue reading...