One: Modify the value of the register
Take the BLX R3 function shown in the figure as an example. After the execution is complete, its return value is in the R0 register on the right. Modify it.
1. Move the mouse to the R0 register, right-click, and select the "Modify value" option to modify it to any value, as shown in the figure below.
2. In addition to selecting the "Modify value" option, you can also select the "Zero value" option to set zero directly, as shown in the figure below.
Friends who need relevant information, can [join here to get it in a package]
Two: tampering with memory data
At the break point in the function head, click F9, the program is successfully broken in the function head, and then F8 goes down. When it comes to the instruction "ADD R2, PC, R2", the instruction uses relative addressing mode , The value of the PC register plus the value of the R2 register is an address, which stores a string, namely Activity, as shown in the figure below.
1. Click on the hexadecimal window to synchronize the R2 register, as shown in the figure below.
2. The synchronized value is as shown in the figure below.
3. Direct F2 to modify, as shown in the figure below.
4. "31" represents "1", as shown in the figure below.
5. After completing the above process, the effect after submission is shown in the figure below.
Three: NOP function or code
Take the BL zhengchu function as an example.
When the program is executed to this point, if you continue to single step, the following function will be executed, as shown in the figure below.
If you do not want to execute this function, proceed with the following operation flow:
1. Enter the hexadecimal window, click the right mouse button, select Synchronize with and then select IDA View PC to synchronize PC registers, as shown in the figure below.
2. The effect after synchronization is shown in the figure below.
3. The value of the PC register always points to the current instruction, so the value of the current PC register is the value of the function BL to be executed at the moment. Right-click and select edit or direct shortcut key F2, as shown in the figure below.
4. Modify them all to zero, as shown in the figure below.
5. After the modification, continue to right-click and F2 to submit, as shown in the figure below.
6. After completing the above process and checking the original function, it has become an invalid instruction, as shown in the figure below.
7. Step down directly without entering the function again, but execute the next instruction, as shown in the figure below.
At this point, the function has been successfully NOPed and turned into an invalid null instruction.
summary
We know how to modify the value of the corresponding register: right-click and select the "Modify value" option to change to any value, or select the "Zero value" option to directly set to zero, and modify the value of the register to tamper with the memory data, here It should be noted that the NOP function or code implementation does not jump or execute.
**Interested friends can follow the official account "Chendao Mobile Security Team".