Lesson 1.1: More about How To Hack Using a Hex Editor
Requirements
- File browser
- Hex Editor
- Decimal to Hex Converter: http://www.binaryhexconverter.com/decimal-to-hex-converter
- Hex to Decimal Converter:http://www.binaryhexconverter.com/hex-to-decimal-converter
Gathering Data
For this tutorial I’m going to use Candy Crush Saga. I’ll be changing lives, score, and stars. Hex editing requires you to play the game’s first few levels so actual data shows up in the .dat file, unlike .plist editing which usually already has the parameters setup whether you’ve played or not.
So the first thing I’m going to do is play the first 3 levels of the game. My sav.dat file looks like this
In the case of Candy Crush, the FFs and 00s are placeholders. If you want to enter new data, you would do so in between and not overwrite the placeholders. Some apps are different and require you to write over the 00s. It’s a toss-up which system apps use, so make sure you backup your .dat file, as picking the wrong one usually results in a crash and/or data wipe. Alternatively you could play the game a bit further until you figure out which is correct.
Here are my stats from playing the first 3 levels:
4 lives
Level 1 score: 3000 (3 stars)
Level 2 score: 8220 (3 stars)
Level 3 score: 12980 (3 stars)
Procedure
Taking the data above and converting it to hex yields:
04 lives
Level 1 score: 0BB8 (03 stars)
Level 2 score: 201C (03 stars)
Level 3 score: 32B4 (03 stars)
Compare that with the screenshot of the sav.dat file. There is a single 04 toward the top, next to all the FFs. That must be our lives. We can change it to FF to make it 255.
Toward the bottom there are a few 03s. Those must be our stars, and it’s only logical our score is nearby. Candy Crush is a good example of an app that uses reverse hex! As you can see, the level scores are listed as B80B, 1C20, and B432. Some apps use regular hex and others use reverse - it’s another toss-up which app uses which, so write down both variants so you can search for both.
Hex can only be broken down into bytes, which is 2 digits (called bits). This is why “reversed” hex isn’t completely reversed. Here’s an example:
Now that it’s confirmed the reversed values are truly the scores, we can edit them to, say, FF FF FF (16,777,215). Remember that Candy Crush wants us to write in between the placeholders. In other words, there should always be two sets of 00 between the score and stars:
- File browser
- Hex Editor
- Decimal to Hex Converter: http://www.binaryhexconverter.com/decimal-to-hex-converter
- Hex to Decimal Converter:http://www.binaryhexconverter.com/hex-to-decimal-converter
Gathering Data
For this tutorial I’m going to use Candy Crush Saga. I’ll be changing lives, score, and stars. Hex editing requires you to play the game’s first few levels so actual data shows up in the .dat file, unlike .plist editing which usually already has the parameters setup whether you’ve played or not.
So the first thing I’m going to do is play the first 3 levels of the game. My sav.dat file looks like this
In the case of Candy Crush, the FFs and 00s are placeholders. If you want to enter new data, you would do so in between and not overwrite the placeholders. Some apps are different and require you to write over the 00s. It’s a toss-up which system apps use, so make sure you backup your .dat file, as picking the wrong one usually results in a crash and/or data wipe. Alternatively you could play the game a bit further until you figure out which is correct.
Here are my stats from playing the first 3 levels:
4 lives
Level 1 score: 3000 (3 stars)
Level 2 score: 8220 (3 stars)
Level 3 score: 12980 (3 stars)
Procedure
Taking the data above and converting it to hex yields:
04 lives
Level 1 score: 0BB8 (03 stars)
Level 2 score: 201C (03 stars)
Level 3 score: 32B4 (03 stars)
Compare that with the screenshot of the sav.dat file. There is a single 04 toward the top, next to all the FFs. That must be our lives. We can change it to FF to make it 255.
Toward the bottom there are a few 03s. Those must be our stars, and it’s only logical our score is nearby. Candy Crush is a good example of an app that uses reverse hex! As you can see, the level scores are listed as B80B, 1C20, and B432. Some apps use regular hex and others use reverse - it’s another toss-up which app uses which, so write down both variants so you can search for both.
Hex can only be broken down into bytes, which is 2 digits (called bits). This is why “reversed” hex isn’t completely reversed. Here’s an example:
Normal: 12 34
Reversed (incorrect): 43 21
Reversed (correct): 34 12
/* It helps to break the hex into chunks of 2-digits to see the pattern better */
Now that it’s confirmed the reversed values are truly the scores, we can edit them to, say, FF FF FF (16,777,215). Remember that Candy Crush wants us to write in between the placeholders. In other words, there should always be two sets of 00 between the score and stars:
Old score: B8 0B 00 00 03
New score (incorrect): FF FF FF 00 03
New score (correct): FF FF FF 00 00 03
/* Remember that other apps have these outcomes flipped,
so remember to try both and backup your .dat file */
0 comments: