Jump to content
Community Announcements, Giveaways & More!

Dealing with ASLR in Palera1n Jailbreak

tat5

By tat5
Updated in Tutorials

 Share

5 posts in this topic

Recommended Posts

tat5 Newbie

tat5 0
  •   iPhone 7 
  •   13.3.1

    • Updated
    Updated (edited)

    I have been getting the virtual memory address slide amount of the application by 

    #include <mach-o/dyld.h>
_dyld_get_image_vmaddr_slide(0);

    _dyld_get_image_vmaddr_slide: https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/dyld.3.html

    However, on Palera1n (v1.4.1), "/usr/lib/substitute-loader.dylib" seems to be the 0th image index.
    Therefore, the argument to _dyld_get_image_vmaddr_slide must be 1. 

    uint64_t getRealOffset(uint64_t offset) {
    return _dyld_get_image_vmaddr_slide(1) + offset;
    // return _dyld_get_image_vmaddr_slide(0) + offset;
}

     

    With Framework

    If the image index is not fixed as in Unity, it can be done as follows 

    #include <string.h>
#include <stdlib.h>

uint64_t getRealOffset$Palera1n(const char *image_name, uint64_t offset) {
    if (image_name == NULL) {
        const char *progname = getprogname();
        if (progname) {
            return getRealOffset$Palera1n(progname, offset);
        }
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), image_name)) {
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }
    // error...
    return offset;
}

    getprogname: https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/getprogname.3.html

    Example argument for image_name: 

    // PUBG
getRealOffset$Palera1n("ShadowTrackerExtra", 0x100345678);
// or
getRealOffset$Palera1n(NULL, 0x100345678);

// YouTube
getRealOffset$Palera1n("YouTube", 0x100345678);
// or
getRealOffset$Palera1n(NULL, 0x100345678);

// Unity - (e.g. Survivor!.io)
getRealOffset$Palera1n("UnityFramework", 0x345678);

     

    Conclusion

    The following may only work with Palera1n or only with the current version of Palera1n. 

    const uint64_t slide = _dyld_get_image_vmaddr_slide(1);
MSHookFunction((void *)(0x100345678 + slide), ...);
MSHookFunction((void *)(0x100789ABC + slide), ...);

    It might be better to specify by image name so that it works without worrying about the argument to _dyld_get_image_vmaddr_slide. 

    const uint64_t slide = getRealOffset$Palera1n("ImageName", 0x0);
if (slide) {
    MSHookFunction((void *)(0x100345678 + slide), ...);
    MSHookFunction((void *)(0x100789ABC + slide), ...);
}

     

    Updated by tat5
    Conclusion was not good.
    quatorze Collaborator

    quatorze 5.6k
  •   iPhone 8 

    • Posted
    Posted (edited)

    Could you try this?
      

    uint64_t getRealOffset(uint64_t offset) {

    if (strstr(_dyld_get_image_name(0), "substitute")) { 
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), "UnityFramework")) { 
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }

    return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?
}



     

    Updated by quatorze
    tat5 Newbie

    tat5 0
  •   iPhone 7 
  •   13.3.1

    • Posted
    • Author
    Posted
    46 minutes ago, quatorze said:

    Could you try this?
      

    uint64_t getRealOffset(uint64_t offset) {
 
    const uint32_t image_count = _dyld_image_count();
     for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
            return _dyld_get_image_vmaddr_slide(1) + offset;
        } else if (strstr(_dyld_get_image_name(i), "UnityFramework")) { // check for unityframework
                return _dyld_get_image_vmaddr_slide(i) + offset;
            } else {
                   return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?  
            }

       NSLog(@"An error occured");
       return offset;
}

    Wouldn't it terminate the for loop once?
    I don't think it works well when UnityFramework is the target.

    Is this what you mean? 

    uint64_t getRealOffset(uint64_t offset) {
    if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), "UnityFramework")) { // check for unityframework
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }

    return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?
}

    It may not be able to deal with the case where the next of substitute is not the correct answer. I don't know if such a case can happen... 

    if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
    return _dyld_get_image_vmaddr_slide(1) + offset;// Absolutely?
}

    I just think your code is cleaner and better.🙆‍♂️

     

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share
    Go to topic listing

    • Our picks

      • Transcender : Idle RPG +3 Cheats

        Transcender : Idle RPG +3 Cheats

        AlyssaX64 posted a topic in Free Android Modded APKs,

        Mod APK Game Name: Transcender : Idle RPG By Rookie Project Co., Ltd.
        Rooted Device: Not Required.
        Google Play Store Link: https://play.google.com/store/apps/details?id=com.playgames.transcender

         

        🤩 Hack Features

        - Damage Multiplier
        - Never Die
        - Guest Login

         

        ⬇️ Android Mod APK Download Link


        Hidden Content

        Download Modded APK







         

        📖 Android Installation Instructions

        STEP 1: Download the modded APK file from the link above using your preferred Android browser or download manager.
        STEP 2: Once the download is complete, open your file manager and locate the downloaded .apk file (usually in the Downloads folder).
        STEP 3: Tap the APK file, then select Install. If prompted, enable Install from Unknown Sources in your device settings.
        STEP 3A: If the mod includes an OBB file, extract it if it’s inside an archive. Then move the folder to: /Android/obb/
        STEP 3B: If the mod includes a DATA file, extract it if it’s archived. Then move the folder to: /Android/data/
        STEP 4: Once installed, open the game and toggle your desired cheats & features through the APK mod menu. Enjoy!

         

        NOTE: If you have any questions or issues, read our Frequently Asked Questions topic. If you still need help, post your issue below and we’ll assist you as soon as possible. If the mod works for you, please share your feedback to help other members!

         

        🙌 Credits

        - AlyssaX64

         

        📷 Cheat Video/Screenshots

        N/A

         

         iOS & iPadOS App Hacks
        If you’re looking for Non-Jailbroken & No Jailbreak required iOS IPA hacks, visit the iOS Game Cheats & Hacks or the iOSGods App for a variety of modded games and apps for non-jailbroken iOS devices.
        • 18 replies
        AlyssaX64

        Picked By

        AlyssaX64,
      • (18+) Lust Goddess +1 Jailed Cheat

        (18+) Lust Goddess +1 Jailed Cheat

        AlyssaX64 posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Lust Goddess By EroLabs
        Bundle ID: com.brawea.chickgoddess
        App Store Link: https://www.ero-labs.com/en/game/lust-goddess

        📌 Mod Requirements

        - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
        - Sideloadly or alternatives.
        - Computer running Windows/macOS/Linux with iTunes installed.

         

        🤩 Hack Features

        - Never Die

         

        ⬇️ iOS Hack Download IPA Link


        Hidden Content

        Download via the iOSGods App







         

        📖 PC Installation Instructions

        STEP 1: Download the pre-hacked .IPA file from the link above to your computer. To download from the iOSGods App, see our iOSGods App IPA Download Tutorial which includes a video example.
        STEP 2: Download Sideloadly and install it on your Windows or Mac.
        STEP 3: Open Sideloadly on your computer, connect your iOS device, and wait until your device name appears in Sideloadly.
        STEP 4: Once your iDevice is recognized, drag the modded .IPA file you downloaded and drop it into the Sideloadly application.
        STEP 5: Enter your Apple Account email, then press “Start.” You’ll then be asked to enter your password. Go ahead and provide the required information.
        STEP 6: Wait for Sideloadly to finish sideloading/installing the hacked IPA. If there are issues during installation, please read the note below.
        STEP 7: Once the installation is complete and you see the app on your Home Screen, you will need to go to Settings -> General -> Profiles / VPN & Device Management. Once there, tap on the email you entered from step 6, and then tap on 'Trust [email protected]'.
        STEP 8: Now go to your Home Screen and open the newly installed app and everything should work fine. You may need to follow further per app instructions inside the hack's popup in-game.

        NOTE: iOS/iPadOS 16 and later, you must enable Developer Mode. For free Apple Developer accounts, you will need to repeat this process every 7 days. If you have any questions or problems, read our Sideloadly FAQ section of the topic and if you don't find a solution, please post your issue below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.

         

        🙌 Credits

        - AlyssaX64

         

        📷 Cheat Video/Screenshots

        N/A

         
        • 0 replies
        AlyssaX64

        Picked By

        AlyssaX64,
      • (18+) Lust Goddess +1 Cheat

        (18+) Lust Goddess +1 Cheat

        AlyssaX64 posted a topic in Free Jailbreak Cheats,

        https://P No Advertising Allowed!.com/attachments/1717254929904-png.635270/
        Modded/Hacked App: Lust Goddess By EroLabs
        Bundle ID: com.brawea.chickgoddess
        App Store Link: https://www.ero-labs.com/en/game/lust-goddess

         

        📌 Mod Requirements

        - Jailbroken iPhone or iPad.
        - iGameGod / Filza / iMazing.
        - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak (from Sileo, Cydia or Zebra).

         

        🤩 Hack Features

        - Never Die

         

        ⬇️ iOS Hack Download Link


        Hidden Content

        Download Hack







         

        📖 iOS Installation Instructions

        STEP 1: Download the .deb hack file from the link above. Use Safari, Google Chrome or other iOS browsers to download.
        STEP 2: Once the file has downloaded, tap on it and then you will be prompted on whether you want to open the deb with iGameGod or copy it to Filza.
        STEP 3: If needed, tap on the downloaded file again, then select ‘Normal Install’ from the options on your screen.
        STEP 4: Let iGameGod/Filza finish the cheat installation. If it doesn’t install successfully, see the note below.
        STEP 5: Open the game, log in to your iOSGods account when asked, then toggle on the features you want and enjoy!

         

        NOTE: If you have any questions or problems, read our Jailbreak iOS Hack Troubleshooting & Frequently Asked Questions & Answers topic. If you still haven't found a solution, post your issue below and we'll do our best to help! If the hack does work for you, please post your feedback below and help out other fellow members that are encountering issues.

         

        🙌 Credits

        - AlyssaX64

         

        📷 Cheat Video/Screenshots

        N/A

         

        More iOS App Hacks
        If you’re looking for Non-Jailbroken & No Jailbreak required iOS IPA hacks, visit the iOS Game Cheats & Hacks or the iOSGods App for a variety of modded games and apps for non-jailbroken iOS devices.

        Modded Android APKs
        Need modded apps or games for Android? Check out the latest custom APK mods, cheats & more in our Android Section.
        • 0 replies
        AlyssaX64

        Picked By

        AlyssaX64,
      • Hero Wars: Alliance +2 Cheats

        Hero Wars: Alliance +2 Cheats

        AlyssaX64 posted a topic in Free Android Modded APKs,

        Mod APK Game Name: Hero Wars: Alliance Fantasy By Nexters Global LTD
        Rooted Device: Not Required.
        Google Play Store Link: https://play.google.com/store/apps/details?id=com.nexters.herowars

         

        🤩 Hack Features

        - Damage Multiplier
        - Defense Multiplier

         

        ⬇️ Android Mod APK Download Link


        Hidden Content

        Download Modded APK







         

        📖 Android Installation Instructions

        STEP 1: Download the modded APK file from the link above using your preferred Android browser or download manager.
        STEP 2: Once the download is complete, open your file manager and locate the downloaded .apk file (usually in the Downloads folder).
        STEP 3: Tap the APK file, then select Install. If prompted, enable Install from Unknown Sources in your device settings.
        STEP 3A: If the mod includes an OBB file, extract it if it’s inside an archive. Then move the folder to: /Android/obb/
        STEP 3B: If the mod includes a DATA file, extract it if it’s archived. Then move the folder to: /Android/data/
        STEP 4: Once installed, open the game and toggle your desired cheats & features through the APK mod menu. Enjoy!

         

        NOTE: If you have any questions or issues, read our Frequently Asked Questions topic. If you still need help, post your issue below and we’ll assist you as soon as possible. If the mod works for you, please share your feedback to help other members!

         

        🙌 Credits

        - AlyssaX64

         

        📷 Cheat Video/Screenshots

        N/A

         

         iOS & iPadOS App Hacks
        If you’re looking for Non-Jailbroken & No Jailbreak required iOS IPA hacks, visit the iOS Game Cheats & Hacks or the iOSGods App for a variety of modded games and apps for non-jailbroken iOS devices.
        • 33 replies
        AlyssaX64

        Picked By

        AlyssaX64,
      • Soccer Super Hero v0.30.6 [ +4 Cheats ] Currency Max

        Soccer Super Hero v0.30.6 [ +4 Cheats ] Currency Max

        IK_IK posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Soccer Super Hero By Omnithos Games HongKong Limited
        Bundle ID: com.soccer.football.score.ios
        App Store Link: https://apps.apple.com/ph/app/soccer-super-hero/id6754830171?uo=4

        🤩 Hack Features

        - ADS NO / Rewards Free
        - Unlimited Gems
        - Unlimited Coins
        - Market Value / Easy To Unlock All LvL & Rank
        • 6 replies
        IK_IK

        Picked By

        IK_IK,
      • Soccer Super Hero v0.30.6 [ +4 Jailed ] Currency Max

        Soccer Super Hero v0.30.6 [ +4 Jailed ] Currency Max

        IK_IK posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Soccer Super Hero By Omnithos Games HongKong Limited
        Bundle ID: com.soccer.football.score.ios
        App Store Link: https://apps.apple.com/ph/app/soccer-super-hero/id6754830171?uo=4

        🤩 Hack Features

        - ADS NO / Rewards Free
        - Unlimited Gems
        - Unlimited Coins
        - Market Value / Easy To Unlock All LvL & Rank
        • 8 replies
        IK_IK

        Picked By

        IK_IK,
      • Viking Hero TD: Roguelike RTS v1.0.4 [ +7 Cheats ] Currency Max

        Viking Hero TD: Roguelike RTS v1.0.4 [ +7 Cheats ] Currency Max

        IK_IK posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Viking Hero TD: Roguelike RTS By SimpleBit Studios ApS
        Bundle ID: com.SimpleBitStudios.VikingHeroTD
        App Store Link: https://apps.apple.com/us/app/viking-hero-td-roguelike-rts/id6749671654?uo=4

        🤩 Hack Features

        - Unlimited Coins
        - Unlimited Amber
        - Unlimited Keys +3
        - Unlimited Ascend
        - HP MAX
        - ATK MAX
        - ATK Range
        • 2 replies
        IK_IK

        Picked By

        IK_IK,
      • Viking Hero TD: Roguelike RTS v1.0.4 [ +7 Jailed ] Currency Max

        Viking Hero TD: Roguelike RTS v1.0.4 [ +7 Jailed ] Currency Max

        IK_IK posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Viking Hero TD: Roguelike RTS By SimpleBit Studios ApS
        Bundle ID: com.SimpleBitStudios.VikingHeroTD
        App Store Link: https://apps.apple.com/us/app/viking-hero-td-roguelike-rts/id6749671654?uo=4
        🤩 Hack Features

        - Unlimited Coins
        - Unlimited Amber
        - Unlimited Keys +3
        - Unlimited Ascend
        - HP MAX
        - ATK MAX
        - ATK Range
        • 2 replies
        IK_IK

        Picked By

        IK_IK,
      • 스페이스 미니언즈: 디펜스 Space Minions: Defense v0.0.11 [ +9 Cheats ] Never Die

        스페이스 미니언즈: 디펜스 Space Minions: Defense v0.0.11 [ +9 Cheats ] Never Die

        IK_IK posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Space Minions: Defense By Teamsparta Inc.
        Bundle ID: com.TeamSparta.SpaceMinions
        App Store Link: https://apps.apple.com/kr/app/space-minions-defense/id6758454845?uo=4

        🤩 Hack Features

        - Currency / No Need
        - Resources / No Need
        - DMG MAX
        - Never Die
        - Enemy Speed
        • 5 replies
        IK_IK

        Picked By

        IK_IK,
      • 스페이스 미니언즈: 디펜스 Space Minions: Defense v0.0.11 [ +9 Jailed ] Never Die

        스페이스 미니언즈: 디펜스 Space Minions: Defense v0.0.11 [ +9 Jailed ] Never Die

        IK_IK posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Space Minions: Defense By Teamsparta Inc.
        Bundle ID: com.TeamSparta.SpaceMinions
        App Store Link: https://apps.apple.com/kr/app/space-minions-defense/id6758454845?uo=4

        🤩 Hack Features

        - Currency / No Need
        - Resources / No Need
        - DMG MAX
        - Never Die
        - Enemy Speed
        • 5 replies
        IK_IK

        Picked By

        IK_IK,
      • Crazy Gunner: Pixel Survivor v1.2.3 [ +4 Cheats ] DMG MAX

        Crazy Gunner: Pixel Survivor v1.2.3 [ +4 Cheats ] DMG MAX

        IK_IK posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Crazy Gunner: Pixel Survivor By LEGUAS INTREPIDAS UNIPESSOAL LDA
        Bundle ID: com.leguas.gunstorm
        App Store Link: https://apps.apple.com/us/app/crazy-gunner-pixel-survivor/id6757685841?uo=4

        🤩 Hack Features

        - Golden Chest 2500 Buy FREE
        - HP Max / Check Hero Stats
        - DMG Max / Check Gun Stats
        - Speed Movement
        • 6 replies
        IK_IK

        Picked By

        IK_IK,
      • Crazy Gunner: Pixel Survivor v1.2.3 [ +4 Jailed ] DMG MAX

        Crazy Gunner: Pixel Survivor v1.2.3 [ +4 Jailed ] DMG MAX

        IK_IK posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Crazy Gunner: Pixel Survivor By LEGUAS INTREPIDAS UNIPESSOAL LDA
        Bundle ID: com.leguas.gunstorm
        App Store Link: https://apps.apple.com/us/app/crazy-gunner-pixel-survivor/id6757685841?uo=4

        🤩 Hack Features

        - Golden Chest 2500 Buy FREE
        - HP Max / Check Hero Stats
        - DMG Max / Check Gun Stats
        - Speed Movement
        • 3 replies
        IK_IK

        Picked By

        IK_IK,
      View All
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines