Jump to content

Dealing with ASLR in Palera1n Jailbreak


5 posts in this topic

Recommended Posts

Updated (edited)

I have been getting the virtual memory address slide amount of the application by

#include <mach-o/dyld.h>
_dyld_get_image_vmaddr_slide(0);

_dyld_get_image_vmaddr_slide: https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/dyld.3.html

However, on Palera1n (v1.4.1), "/usr/lib/substitute-loader.dylib" seems to be the 0th image index.
Therefore, the argument to _dyld_get_image_vmaddr_slide must be 1.

uint64_t getRealOffset(uint64_t offset) {
    return _dyld_get_image_vmaddr_slide(1) + offset;
    // return _dyld_get_image_vmaddr_slide(0) + offset;
}

 

With Framework

If the image index is not fixed as in Unity, it can be done as follows

#include <string.h>
#include <stdlib.h>

uint64_t getRealOffset$Palera1n(const char *image_name, uint64_t offset) {
    if (image_name == NULL) {
        const char *progname = getprogname();
        if (progname) {
            return getRealOffset$Palera1n(progname, offset);
        }
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), image_name)) {
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }
    // error...
    return offset;
}

getprogname: https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/getprogname.3.html

Example argument for image_name:

// PUBG
getRealOffset$Palera1n("ShadowTrackerExtra", 0x100345678);
// or
getRealOffset$Palera1n(NULL, 0x100345678);

// YouTube
getRealOffset$Palera1n("YouTube", 0x100345678);
// or
getRealOffset$Palera1n(NULL, 0x100345678);

// Unity - (e.g. Survivor!.io)
getRealOffset$Palera1n("UnityFramework", 0x345678);

 

Conclusion

The following may only work with Palera1n or only with the current version of Palera1n.

const uint64_t slide = _dyld_get_image_vmaddr_slide(1);
MSHookFunction((void *)(0x100345678 + slide), ...);
MSHookFunction((void *)(0x100789ABC + slide), ...);

It might be better to specify by image name so that it works without worrying about the argument to _dyld_get_image_vmaddr_slide.

const uint64_t slide = getRealOffset$Palera1n("ImageName", 0x0);
if (slide) {
    MSHookFunction((void *)(0x100345678 + slide), ...);
    MSHookFunction((void *)(0x100789ABC + slide), ...);
}

 

Updated by tat5
Conclusion was not good.
Posted (edited)

Could you try this?
 

uint64_t getRealOffset(uint64_t offset) {

    if (strstr(_dyld_get_image_name(0), "substitute")) { 
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), "UnityFramework")) { 
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }

    return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?
}



 

Updated by quatorze
Posted
46 minutes ago, quatorze said:

Could you try this?
 

uint64_t getRealOffset(uint64_t offset) {
 
    const uint32_t image_count = _dyld_image_count();
     for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
            return _dyld_get_image_vmaddr_slide(1) + offset;
        } else if (strstr(_dyld_get_image_name(i), "UnityFramework")) { // check for unityframework
                return _dyld_get_image_vmaddr_slide(i) + offset;
            } else {
                   return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?  
            }

       NSLog(@"An error occured");
       return offset;
}

Wouldn't it terminate the for loop once?
I don't think it works well when UnityFramework is the target.

Is this what you mean?

uint64_t getRealOffset(uint64_t offset) {
    if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), "UnityFramework")) { // check for unityframework
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }

    return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?
}

It may not be able to deal with the case where the next of substitute is not the correct answer. I don't know if such a case can happen...

if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
    return _dyld_get_image_vmaddr_slide(1) + offset;// Absolutely?
}

I just think your code is cleaner and better.🙆‍♂️

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Our picks

    • Disney Solitaire v1.4.1 +2++ Jailed Cheats [ Unlimited Everything ]
      Modded/Hacked App: Disney Solitaire By SuperPlay LTD
      Bundle ID: com.superplaystudios.disneysolitairedreams
      iTunes Store Link: https://apps.apple.com/us/app/disney-solitaire/id6475757306?uo=4

       
       

      🤩 Hack Features

      - Unlimited Everything -> Will increase instead of decrease.
      - Free In-App Purchases
      • 30 replies
    • Disney Solitaire v1.4.1 +2++ Cheats [ Unlimited Everything ]
      Modded/Hacked App: Disney Solitaire By SuperPlay LTD
      Bundle ID: com.superplaystudios.disneysolitairedreams
      iTunes Store Link: https://apps.apple.com/us/app/disney-solitaire/id6475757306?uo=4

       


      🤩 Hack Features

      - Unlimited Everything -> Will increase instead of decrease.
      - Free In-App Purchases
      • 8 replies
    • Disney Solitaire v1.4.1 [ +7 Cheats ] Auto Win
      Modded/Hacked App: Disney Solitaire By SuperPlay LTD
      Bundle ID: com.superplaystudios.disneysolitairedreams
      iTunes Store Link: https://apps.apple.com/ph/app/disney-solitaire/id6475757306?uo=4
       

      🤩 Hack Features

      - Coins [ Win Match ]

      - Task [ No Need Star ]

      - Stars

      - Undo

      - Wild Card

      - Free Ticket

      - Auto Win
      • 19 replies
    • Disney Solitaire v1.4.1 [ +7 Jailed ] Auto Win
      Modded/Hacked App: Disney Solitaire By SuperPlay LTD
      Bundle ID: com.superplaystudios.disneysolitairedreams
      iTunes Store Link: https://apps.apple.com/ph/app/disney-solitaire/id6475757306?uo=4


      🤩 Hack Features

      - Coins [ Win Match ]

      - Task [ No Need Star ]

      - Stars

      - Undo

      - Wild Card

      - Free Ticket

      - Auto Win
      • 26 replies
    • Wanderland: Angel Hunters RPG v2025.8.5 +3 Jailed Cheats [ Damage & Defence ]
      Modded/Hacked App: Wanderland: Angel Hunters RPG By ELEMENT6 TECHNOLOGIES COMPANY LIMITED
      Bundle ID: tech.element6.rpg
      App Store Link: https://apps.apple.com/us/app/wanderland-angel-hunters-rpg/id6742121766?uo=4

       
       

      🤩 Hack Features

      - Damage Multiplier
      - Defence Multiplier
      - God Mode
      • 1 reply
    • Wanderland: Angel Hunters RPG v2025.8.5 +3 Cheats [ Damage & Defence ]
      Modded/Hacked App: Wanderland: Angel Hunters RPG By ELEMENT6 TECHNOLOGIES COMPANY LIMITED
      Bundle ID: tech.element6.rpg
      App Store Link: https://apps.apple.com/us/app/wanderland-angel-hunters-rpg/id6742121766?uo=4

       


      🤩 Hack Features

      - Damage Multiplier
      - Defence Multiplier
      - God Mode
      • 3 replies
    • Gladiator Survival・A Roman RPG v1.36.4 +2 Jailed Cheats
      Modded/Hacked App: Gladiators・Survival in Rome By Colossi Games Ltd
      Bundle ID: com.colossi.survival.gladiators
      iTunes Store Link: https://apps.apple.com/us/app/gladiators-survival-in-rome/id1559909807?uo=4


      Mod Requirements:
      - Non-Jailbroken/Jailed or Jailbroken iPhone/iPad/iPod Touch.
      - Sideloadly / Cydia Impactor or alternatives.
      - A Computer Running Windows/macOS/Linux with iTunes installed.


      Hack Features:
      - Damage Multiplier
      - Defense Multiplier


      Jailbreak required hack(s): 


      iOS Hack Download IPA Link:

      Hidden Content

      Download via the iOSGods App








      PC Installation Instructions:
      STEP 1: If necessary, uninstall the app if you have it installed on your iDevice. Some hacked IPAs will install as a duplicate app. Make sure to back it up so you don't lose your progress.
      STEP 2: Download the pre-hacked .IPA file from the link above to your computer. To download from the iOSGods App, see this tutorial topic.
      STEP 3: Download Sideloadly and install it on your PC.
      STEP 4: Open/Run Sideloadly on your computer, connect your iOS Device, and wait until your device name shows up.
      STEP 5: Once your iDevice appears, drag the modded .IPA file you downloaded and drop it inside the Sideloadly application.
      STEP 6: You will now have to enter your iTunes/Apple ID email login, press "Start" & then you will be asked to enter your password. Go ahead and enter the required information.
      STEP 7: Wait for Sideloadly to finish sideloading/installing the hacked IPA. If there are issues during installation, please read the note below.
      STEP 8: Once the installation is complete and you see the app on your Home Screen, you will need to go to Settings -> General -> Profiles/VPN & Device Management. Once there, tap on the email you entered from step 6, and then tap on 'Trust [email protected]'.
      STEP 9: Now go to your Home Screen and open the newly installed app and everything should work fine. You may need to follow further per app instructions inside the hack's popup in-game.

      NOTE: iOS/iPadOS 16 and later, you must enable Developer Mode. For free Apple Developer accounts, you will need to repeat this process every 7 days. Jailbroken iDevices can also use Sideloadly/Filza/IPA Installer to normally install the IPA with AppSync. If you have any questions or problems, read our Sideloadly FAQ section of the topic and if you don't find a solution, please post your issue down below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.


      Credits:
      - AlyssaX64


      Cheat Video/Screenshots:

      N/A
      • 73 replies
    • Gladiator Survival・A Roman RPG v1.36.4 +2 Cheats
      Modded/Hacked App: Gladiators: Survival in Rome By Colossi Games Ltd
      Bundle ID: com.colossi.survival.gladiators
      iTunes Store Link: https://apps.apple.com/us/app/gladiators-survival-in-rome/id1559909807?uo=4


      Hack Features:
      - Freeze Currencies
      - Freeze Energy


      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
      • 452 replies
    • Critical Strike CS: Online FPS v14.003 +6 Cheats [ Damage + More ]
      Modded/Hacked App: Critical Strike CS: Online FPS By VERTIGOGAMES OU
      Bundle ID: com.vertigo.criticalforce
      App Store Link: https://apps.apple.com/us/app/critical-strike-cs-online-fps/id1467648713?uo=4

       
       

      🤩 Hack Features

      - Damage Multiplier
      - Fire Rate Multiplier
      - Move Speed Multiplier
      - Freeze Ammo
      - All Weapon Skins Unlocked
      - All Gloves Unlocked
      • 5 replies
    • Crossy Road v7.5 +5 Jailed Cheats [ Unlimited Coins ]
      Modded/Hacked App: Crossy Road By Hipster Whale Pty Ltd
      Bundle ID: com.hipsterwhale.crossy
      iTunes Store Link: https://apps.apple.com/us/app/crossy-road/id924373886?uo=4


      Hack Features:
      - Unlimited Coins -> Earn some.
      - God Mode
      - Score Hack -> Earn 100 points for every jump.
      -- All Characters Unlocked
      -- No Ads


      Jailbreak required hack(s): [Mod Menu Hack] Crossy Road v6.5.0 +5 Cheats [ Unlimited Coins ] - Free Jailbroken Cydia Cheats - iOSGods
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
      • 54 replies
    • Critical Strike CS: Online FPS v14.003 +6 Jailed Cheats [ Damage + More ]
      Modded/Hacked App: Critical Strike CS: Online FPS By VERTIGOGAMES OU
      Bundle ID: com.vertigo.criticalforce
      iTunes Store Link: https://apps.apple.com/us/app/critical-strike-cs-online-fps/id1467648713?uo=4


      Mod Requirements:
      - Non-Jailbroken/Jailed or Jailbroken iPhone/iPad/iPod Touch.
      - Sideloadly / Cydia Impactor or alternatives.
      - A Computer Running Windows/macOS/Linux with iTunes installed.


      Hack Features:
      - Damage Multiplier
      - Fire Rate Multiplier
      - Move Speed Multiplier
      - Unlimited Ammo -> Will not decrease.
      - All Weapon Skins Unlocked
      - All Gloves Unlocked


      Jailbreak required hack(s): [Mod Menu Hack] Critical Strike CS: Online FPS v12.709 +6 Cheats [ Damage + More ] - Free Jailbroken Cydia Cheats - iOSGods
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
      • 174 replies
    • Whispers - Interactive Stories v2.3.6 +2 Jailed Cheats [ Free Choices ]
      Modded/Hacked App: Whispers: Interactive Stories By GAMEHAUS LIMITED
      Bundle ID: com.twincat.stories
      iTunes Store Link: https://apps.apple.com/us/app/whispers-interactive-stories/id1546336250
       

      Hack Features:
      - All Chapters Unlocked
      - Free Premium Choices


      Jailbreak required hack(s): [Mod Menu Hack] Whispers: Interactive Stories v1.4.9 +2 Cheats [ Free Choices ] - Free Jailbroken Cydia Cheats - iOSGods
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
      • 295 replies
×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines