Jump to content
Community Announcements, Giveaways & More!

Dealing with ASLR in Palera1n Jailbreak

tat5

By tat5
Updated in Tutorials

 Share

5 posts in this topic

Recommended Posts

tat5 Newbie

tat5 0
  •   iPhone 7 
  •   13.3.1

    • Updated
    Updated (edited)

    I have been getting the virtual memory address slide amount of the application by 

    #include <mach-o/dyld.h>
_dyld_get_image_vmaddr_slide(0);

    _dyld_get_image_vmaddr_slide: https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/dyld.3.html

    However, on Palera1n (v1.4.1), "/usr/lib/substitute-loader.dylib" seems to be the 0th image index.
    Therefore, the argument to _dyld_get_image_vmaddr_slide must be 1. 

    uint64_t getRealOffset(uint64_t offset) {
    return _dyld_get_image_vmaddr_slide(1) + offset;
    // return _dyld_get_image_vmaddr_slide(0) + offset;
}

     

    With Framework

    If the image index is not fixed as in Unity, it can be done as follows 

    #include <string.h>
#include <stdlib.h>

uint64_t getRealOffset$Palera1n(const char *image_name, uint64_t offset) {
    if (image_name == NULL) {
        const char *progname = getprogname();
        if (progname) {
            return getRealOffset$Palera1n(progname, offset);
        }
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), image_name)) {
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }
    // error...
    return offset;
}

    getprogname: https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/getprogname.3.html

    Example argument for image_name: 

    // PUBG
getRealOffset$Palera1n("ShadowTrackerExtra", 0x100345678);
// or
getRealOffset$Palera1n(NULL, 0x100345678);

// YouTube
getRealOffset$Palera1n("YouTube", 0x100345678);
// or
getRealOffset$Palera1n(NULL, 0x100345678);

// Unity - (e.g. Survivor!.io)
getRealOffset$Palera1n("UnityFramework", 0x345678);

     

    Conclusion

    The following may only work with Palera1n or only with the current version of Palera1n. 

    const uint64_t slide = _dyld_get_image_vmaddr_slide(1);
MSHookFunction((void *)(0x100345678 + slide), ...);
MSHookFunction((void *)(0x100789ABC + slide), ...);

    It might be better to specify by image name so that it works without worrying about the argument to _dyld_get_image_vmaddr_slide. 

    const uint64_t slide = getRealOffset$Palera1n("ImageName", 0x0);
if (slide) {
    MSHookFunction((void *)(0x100345678 + slide), ...);
    MSHookFunction((void *)(0x100789ABC + slide), ...);
}

     

    Updated by tat5
    Conclusion was not good.
    quatorze Collaborator

    quatorze 5.6k
  •   iPhone 8 

    • Posted
    Posted (edited)

    Could you try this?
      

    uint64_t getRealOffset(uint64_t offset) {

    if (strstr(_dyld_get_image_name(0), "substitute")) { 
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), "UnityFramework")) { 
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }

    return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?
}



     

    Updated by quatorze
    tat5 Newbie

    tat5 0
  •   iPhone 7 
  •   13.3.1

    • Posted
    • Author
    Posted
    46 minutes ago, quatorze said:

    Could you try this?
      

    uint64_t getRealOffset(uint64_t offset) {
 
    const uint32_t image_count = _dyld_image_count();
     for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
            return _dyld_get_image_vmaddr_slide(1) + offset;
        } else if (strstr(_dyld_get_image_name(i), "UnityFramework")) { // check for unityframework
                return _dyld_get_image_vmaddr_slide(i) + offset;
            } else {
                   return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?  
            }

       NSLog(@"An error occured");
       return offset;
}

    Wouldn't it terminate the for loop once?
    I don't think it works well when UnityFramework is the target.

    Is this what you mean? 

    uint64_t getRealOffset(uint64_t offset) {
    if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), "UnityFramework")) { // check for unityframework
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }

    return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?
}

    It may not be able to deal with the case where the next of substitute is not the correct answer. I don't know if such a case can happen... 

    if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
    return _dyld_get_image_vmaddr_slide(1) + offset;// Absolutely?
}

    I just think your code is cleaner and better.🙆‍♂️

     

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share
    Go to topic listing

    • Our picks

      • Nightfall: Kingdom Frontier TD v1.0.545 +8 Jailed Cheats [ Currencies + More ]

        Nightfall: Kingdom Frontier TD v1.0.545 +8 Jailed Cheats [ Currencies + More ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Nightfall: Kingdom Frontier TD By Fansipan Limited
        Bundle ID: com.fansipan.nightfall.tower.simulation.strategy.td.game
        iTunes Store Link: https://apps.apple.com/us/app/nightfall-kingdom-frontier-td/id6621272416?uo=4


        Hack Features:
        - God Mode
        - Unlimited In-Game Coins -> Will increase instead of decrease.
        - Unlimited Currencies -> Will increase instead of decrease.
        - No Ads
        - Add 1K Currency -> Head over to Settings and toggle the Discord button. [ VIP ]
        - Unlock All Features -> Head over to Settings and toggle the Discord button. [ VIP ]
        - Unlock All / Everything ->  Head over to Settings and toggle the Discord button. [ VIP ]
        - Complete Tutorial -> Head over to Settings and toggle the Discord button. [ VIP ]


        Jailbreak required hack(s): [Mod Menu Hack] Nightfall: Kingdom Frontier TD v1.0.41 +8 Cheats [ Unlimited Currencies ] - Free Jailbroken Cydia Cheats - iOSGods
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 118 replies
        Puddin

        Picked By

        Puddin,
      • Merge Crime: Mystery & Romance v1.8.2 [ +3 APK MOD ] Currency Max

        Merge Crime: Mystery & Romance v1.8.2 [ +3 APK MOD ] Currency Max

        IK_IK posted a topic in ViP APK Hacks & Mods,

        Mod APK Game Name: Merge Crime: Mystery & Romance
        Rooted Device: Not Required.
        Google Play Store Link: https://play.google.com/store/apps/details?id=com.standegg.mergecrime&hl=en

         

        🤩 Hack Features

        - Unlimited Gems
        - Unlimited Coins
        - Unlimited Energy

         

        ⬇️ Android Mod APK Download Link


        Hidden Content

        Download Modded APK







         

        📖 Android Installation Instructions

        STEP 1: Download the modded APK file from the link above using your preferred Android browser or download manager.
        STEP 2: Once the download is complete, open your file manager and locate the downloaded .apk file (usually in the Downloads folder).
        STEP 3: Tap the APK file, then select Install. If prompted, enable Install from Unknown Sources in your device settings.
        STEP 3A: If the mod includes an OBB file, extract it if it’s inside an archive. Then move the folder to: /Android/obb/
        STEP 3B: If the mod includes a DATA file, extract it if it’s archived. Then move the folder to: /Android/data/
        STEP 4: Once installed, open the game and toggle your desired cheats & features through the APK mod menu. Enjoy!

         

        NOTE: If you have any questions or issues, read our Frequently Asked Questions topic. If you still need help, post your issue below and we’ll assist you as soon as possible. If the mod works for you, please share your feedback to help other members!

         

        🙌 Credits

        - IK_IK

         

        📷 Cheat Video/Screenshots

        N/A

         

         iOS & iPadOS App Hacks
        If you’re looking for Non-Jailbroken & No Jailbreak required iOS IPA hacks, visit the iOS Game Cheats & Hacks or the iOSGods App for a variety of modded games and apps for non-jailbroken iOS devices.
        • 0 replies
        IK_IK

        Picked By

        IK_IK,
      • Coop TD v1.4.15 +3 Jailed Cheats [ Damage + More ]

        Coop TD v1.4.15 +3 Jailed Cheats [ Damage + More ]

        Puddin posted a topic in ViP Non-Jailbroken Hacks & Cheats,

        Modded/Hacked App: Coop TD By Supermagic Inc.
        Bundle ID: com.supermagic.ios.cooptd
        iTunes Store Link: https://apps.apple.com/us/app/coop-td/id6503702666?uo=4

         


        🤩 Hack Features

        - Damage Multiplier
        - Unlimited In-Game Gold
        - Unlimited In-Game Main Stones
        • 77 replies
        Puddin

        Picked By

        Puddin,
      • Slime Castle - Idle TD v2.6.5 +8 Jailed Cheats [ Damage & Defence ]

        Slime Castle - Idle TD v2.6.5 +8 Jailed Cheats [ Damage & Defence ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Slime Castle - Idle TD By AZUR INTERACTIVE GAMES LIMITED
        Bundle ID: com.redtailworks.slimetd
        iTunes Store Link: https://apps.apple.com/us/app/slime-castle-idle-td/id6480410032?uo=4


        Hack Features:
        - Unlimited Coins -> Will increase instead of decrease.
        - Unlimited Diamonds -> Will increase instead of decrease.
        - Unlimited Silver -> Will increase instead of decrease.
        - God Mode
        - x5 Speed Unlocked
        - No Ads


        Jailbreak required hack(s): [Mod Menu Hack] Slime Castle - Idle TD v0.9.2 +6 Cheats [ Unlimited Currencies ] - Free Jailbroken Cydia Cheats - iOSGods
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 240 replies
        Puddin

        Picked By

        Puddin,
      • Hello Kitty My Dream Store v1.7.1 +5 Jailed Cheats [ Unlimited Currencies ]

        Hello Kitty My Dream Store v1.7.1 +5 Jailed Cheats [ Unlimited Currencies ]

        Puddin posted a topic in ViP Non-Jailbroken Hacks & Cheats,

        Modded/Hacked App: Hello Kitty My Dream Store By ACTGames Co., Ltd.
        Bundle ID: com.actgames.HelloKittyMDS
        iTunes Store Link: https://apps.apple.com/us/app/hello-kitty-my-dream-store/id6736896540?uo=4

         

         
         

        🤩 Hack Features

        - Unlimited Gold
        - Unlimited Energy
        - Unlimited Diamonds
        - Unlimited Gacha Coins
        - Unlimited Stars
        • 43 replies
        Puddin

        Picked By

        Puddin,
      • Zerowake GATES : BL RPG v1.4.2 +3 Jailed Cheats [ Damage & Defence ]

        Zerowake GATES : BL RPG v1.4.2 +3 Jailed Cheats [ Damage & Defence ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Zerowake GATES : BL RPG By Storytaco.inc
        Bundle ID: com.storytaco.p33client
        App Store Link: https://apps.apple.com/us/app/zerowake-gates-bl-rpg/id6747482230?uo=4

         


        🤩 Hack Features

        - Damage Multiplier
        - Defence Multiplier
        - God Mode
        • 8 replies
        Puddin

        Picked By

        Puddin,
      • Merge Studio: Fashion Makeover v4.1.4 +50++ Jailed Cheats [ Debug Menu ]

        Merge Studio: Fashion Makeover v4.1.4 +50++ Jailed Cheats [ Debug Menu ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Merge Studio: Fashion Makeover By Paxie Games Oyun ve Yazilim Anonim Sirketi
        Bundle ID: com.paxiegames.mergestudio
        iTunes Store Link: https://apps.apple.com/us/app/merge-studio-fashion-makeover/id1615964753?uo=4


        Hack Features:
        - Debug Menu -> Head over to Settings and toggle the Sound button.


        Jailbreak required hack(s): [Mod Menu Hack] Merge Studio: Fashion Makeover v2.3.0 +50++ Cheats [ Debug Menu ] - Free Jailbroken Cydia Cheats - iOSGods
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 96 replies
        Puddin

        Picked By

        Puddin,
      • Backpack Brawl v2.1.2 +1++ Jailed Cheats [ Unlimited Currencies ]

        Backpack Brawl v2.1.2 +1++ Jailed Cheats [ Unlimited Currencies ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Backpack Brawl By 1986 GAMES SIA
        Bundle ID: com.rapidfiregames.backpackbrawl
        iTunes Store Link: https://apps.apple.com/us/app/backpack-brawl/id6479175676?uo=4


        Hack Features:
        - Unlimited Currencies -> Earn some.


        Jailbreak required hack(s): [Mod Menu Hack] Backpack Brawl v0.14.0 +1++ Cheats [ Unlimited Currencies ] - Free Jailbroken Cydia Cheats - iOSGods
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 85 replies
        Puddin

        Picked By

        Puddin,
      • Soccer Superstar v1.7.8 +3 Jailed Cheats [ Unlimited Rewinds ]

        Soccer Superstar v1.7.8 +3 Jailed Cheats [ Unlimited Rewinds ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Soccer Superstar By SIMFACE LIMITED
        Bundle ID: soccer.score.star
        iTunes Store Link: https://apps.apple.com/us/app/soccer-superstar/id1550945606?uo=4


        Hack Features:
        - Unlimited Rewinds
        - Big Goals
        - Free In-App Purchases -> Toggle via iGMenu.


        Jailbreak required hack(s): [Mod Menu Hack] Soccer Superstar v1.5.1 +3 Cheats [ Unlimited Rewinds ] - Free Jailbroken Cydia Cheats - iOSGods
        • 92 replies
        Puddin

        Picked By

        Puddin,
      • Mob Control v3.10.0 +7 Mods [ Unlimited Currencies ]

        Mob Control v3.10.0 +7 Mods [ Unlimited Currencies ]

        Puddin posted a topic in Free Android Modded APKs,

        Mod APK Game Name: Mob Control
        Rooted Device: Not Required.
        Google Play Store Link: https://play.google.com/store/apps/details?id=com.vincentb.MobControl

         

        🤩 Hack Features

        - Unlimited Coins -> Will increase instead of decrease.
        - Unlimited Skip'Its -> Will increase instead of decrease.
        - Unlimited Stars -> Earn some.
        - Unlimited Bricks
        - Unlimited Earnt Bricks
        - Unlimited Cards -> Will increase instead of decrease.
        - No Card Requirement
        • 1 reply
        Puddin

        Picked By

        Puddin,
      • Fortias Saga: Idle RPG v1.1.02 +5 Cheats

        Fortias Saga: Idle RPG v1.1.02 +5 Cheats

        AlyssaX64  posted a topic in Free Android Modded APKs,

        Mod APK Game Name: Fortias Saga: Idle RPG By ONDI TECHNOLOGY JSC
        Rooted Device: Not Required.
        Google Play Store Link: https://play.google.com/store/apps/details?id=com.ondi.fortias.saga

         

        🤩 Hack Features

        - Damage Multiplier
        - Defense Multiplier
        - Shards & Items Multiplier → Disable When Do Spending
        - Currencies Multiplier → Disable When Do Spending
        - No Ads

         

        ⬇️ Android Mod APK Download Link


        Hidden Content

        Download Modded APK







         

        📖 Android Installation Instructions

        STEP 1: Download the modded APK file from the link above using your preferred Android browser or download manager.
        STEP 2: Once the download is complete, open your file manager and locate the downloaded .apk file (usually in the Downloads folder).
        STEP 3: Tap the APK file, then select Install. If prompted, enable Install from Unknown Sources in your device settings.
        STEP 3A: If the mod includes an OBB file, extract it if it’s inside an archive. Then move the folder to: /Android/obb/
        STEP 3B: If the mod includes a DATA file, extract it if it’s archived. Then move the folder to: /Android/data/
        STEP 4: Once installed, open the game and toggle your desired cheats & features through the APK mod menu. Enjoy!

         

        NOTE: If you have any questions or issues, read our Frequently Asked Questions topic. If you still need help, post your issue below and we’ll assist you as soon as possible. If the mod works for you, please share your feedback to help other members!

         

        🙌 Credits

        - AlyssaX64

         

        📷 Cheat Video/Screenshots

        N/A

         

         iOS & iPadOS App Hacks
        If you’re looking for Non-Jailbroken & No Jailbreak required iOS IPA hacks, visit the iOS Game Cheats & Hacks or the iOSGods App for a variety of modded games and apps for non-jailbroken iOS devices.
        • 1 reply
        AlyssaX64

        Picked By

        AlyssaX64 ,
      • Royal Kingdom v24409 +4 Jailed Cheats [ Coins + More ]

        Royal Kingdom v24409 +4 Jailed Cheats [ Coins + More ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Royal Kingdom By Dream Games
        Bundle ID: com.dreamgames.royalkingdom
        iTunes Store Link: https://apps.apple.com/ph/app/royal-kingdom/id1606549505
         

        Hack Features:
        - Freeze Coins
        - Freeze Lives
        - Freeze Boosters
        - Freeze Moves


        Jailbreak required hack(s): [Mod Menu Hack] Royal Kingdom v3987 +4 Cheats [ Unlimited Coins ] - Free Jailbroken Cydia Cheats - iOSGods
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 173 replies
        Puddin

        Picked By

        Puddin,
      View All
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines