> whoamiBefore I begin, it should be known that everything reported in this write-up was discovered with permission, in a controlled environment, and all content has been patched and responsibly disclosed to Supercell. The noticable 3 month gap in between the date this blog post was written and released was due a disclosure period I gave to the developers, so there was plenty of time for this work to be analyzed and patched by the team. Over the last few years, I have disclosed various vulnerabilites and bugs to Supercell, but I never touched their anti cheat. The reason being that I didn't have a purpose to until recently, which was true until October of 2021, when Supercell released an update where they included some new protections inside of the game. After some time spent reverse engineering the game, I discovered a all-in-one bypass to Clash of Clans' debugger protection, modification prevention, and jailbreak detection.
Continue reading...Honors projects are an excellent excuse to complete projects that have been sitting on a to-do list for a while. After all, when you're given an excuse to make anything, why not take the opportunity to build what you want?
My mind immediately went to a project I've wanted to create for a while. I've used debuggers a million times, but I never really understood how they worked. Of course, it's easy to just google "how do debuggers work", but that's not really fun, is it? Also - I forgot to add an important detail. I wanted to know how ARM debuggers work, which is a lot more niche than debugging on x86. Wait, scratch that. I wanted to know how ARM debuggers work on iOS, or as Tim Cook would like you to say, debugging on Apple Silicon. Are there even any resources out there on the internet to help with that? Let's find out and take a trap filled journey (pun intended) into debugging Apple Silicon.
Searching through memory on iOS to find a specific value isn't a new idea. There's plenty of tools available for searching memory on iOS, and source code is available for most of them. However, the source code only explains the how behind the project but not the why. The goal of RevelariOS was to create a technical version of these tools with a how and why explaination available through a combination of this blog post and the source code. SearchKit is meant to be a development toolkit so developers can add memory searching in their own projects, while RevelariOS is built to show off the power of SearchKit and its potential uses in research and development. In order to explain how RevelariOS and similar programs work, we have to take a dive into the vm_region().
Continue reading...In Supercell games, asset files are stored as .csv files for general information used in the game while .sc files contain the graphics. All .csv file contents are stored as primitive data types (int, bool, String, etc). Prior to December of 2019, for over 7 years after Clash of Clans' launch, asset files were not scanned by the game for modification or signed to check integrity. The implications of this being that any user could write their own edits into the .csv files and load them into the game. Most data stored in the .csv files is checked against the server, so trying to modify an achievement and getting 9 million gems for completing it will cause the game to "Out of Sync" and reset since the client calculations are different than what the server expected. Although this system is mostly bulletproof, occasionally a few bugs slip through the cracks.
Continue reading...