Jump to content
Community Announcements, Giveaways & More!

Dealing with ASLR in Palera1n Jailbreak

tat5

By tat5
Updated in Tutorials

 Share

5 posts in this topic

Recommended Posts

tat5 Newbie

tat5 0
  •   iPhone 7 
  •   13.3.1

    • Updated
    Updated (edited)

    I have been getting the virtual memory address slide amount of the application by 

    #include <mach-o/dyld.h>
_dyld_get_image_vmaddr_slide(0);

    _dyld_get_image_vmaddr_slide: https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/dyld.3.html

    However, on Palera1n (v1.4.1), "/usr/lib/substitute-loader.dylib" seems to be the 0th image index.
    Therefore, the argument to _dyld_get_image_vmaddr_slide must be 1. 

    uint64_t getRealOffset(uint64_t offset) {
    return _dyld_get_image_vmaddr_slide(1) + offset;
    // return _dyld_get_image_vmaddr_slide(0) + offset;
}

     

    With Framework

    If the image index is not fixed as in Unity, it can be done as follows 

    #include <string.h>
#include <stdlib.h>

uint64_t getRealOffset$Palera1n(const char *image_name, uint64_t offset) {
    if (image_name == NULL) {
        const char *progname = getprogname();
        if (progname) {
            return getRealOffset$Palera1n(progname, offset);
        }
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), image_name)) {
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }
    // error...
    return offset;
}

    getprogname: https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/getprogname.3.html

    Example argument for image_name: 

    // PUBG
getRealOffset$Palera1n("ShadowTrackerExtra", 0x100345678);
// or
getRealOffset$Palera1n(NULL, 0x100345678);

// YouTube
getRealOffset$Palera1n("YouTube", 0x100345678);
// or
getRealOffset$Palera1n(NULL, 0x100345678);

// Unity - (e.g. Survivor!.io)
getRealOffset$Palera1n("UnityFramework", 0x345678);

     

    Conclusion

    The following may only work with Palera1n or only with the current version of Palera1n. 

    const uint64_t slide = _dyld_get_image_vmaddr_slide(1);
MSHookFunction((void *)(0x100345678 + slide), ...);
MSHookFunction((void *)(0x100789ABC + slide), ...);

    It might be better to specify by image name so that it works without worrying about the argument to _dyld_get_image_vmaddr_slide. 

    const uint64_t slide = getRealOffset$Palera1n("ImageName", 0x0);
if (slide) {
    MSHookFunction((void *)(0x100345678 + slide), ...);
    MSHookFunction((void *)(0x100789ABC + slide), ...);
}

     

    Updated by tat5
    Conclusion was not good.
    quatorze Collaborator

    quatorze 5.6k
  •   iPhone 8 

    • Posted
    Posted (edited)

    Could you try this?
      

    uint64_t getRealOffset(uint64_t offset) {

    if (strstr(_dyld_get_image_name(0), "substitute")) { 
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), "UnityFramework")) { 
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }

    return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?
}



     

    Updated by quatorze
    tat5 Newbie

    tat5 0
  •   iPhone 7 
  •   13.3.1

    • Posted
    • Author
    Posted
    46 minutes ago, quatorze said:

    Could you try this?
      

    uint64_t getRealOffset(uint64_t offset) {
 
    const uint32_t image_count = _dyld_image_count();
     for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
            return _dyld_get_image_vmaddr_slide(1) + offset;
        } else if (strstr(_dyld_get_image_name(i), "UnityFramework")) { // check for unityframework
                return _dyld_get_image_vmaddr_slide(i) + offset;
            } else {
                   return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?  
            }

       NSLog(@"An error occured");
       return offset;
}

    Wouldn't it terminate the for loop once?
    I don't think it works well when UnityFramework is the target.

    Is this what you mean? 

    uint64_t getRealOffset(uint64_t offset) {
    if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), "UnityFramework")) { // check for unityframework
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }

    return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?
}

    It may not be able to deal with the case where the next of substitute is not the correct answer. I don't know if such a case can happen... 

    if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
    return _dyld_get_image_vmaddr_slide(1) + offset;// Absolutely?
}

    I just think your code is cleaner and better.🙆‍♂️

     

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share
    Go to topic listing

    • Our picks

      • Dead Target: Zombie Games 3D v4.166.0 [ +10 APK MOD ] Currency Max

        Dead Target: Zombie Games 3D v4.166.0 [ +10 APK MOD ] Currency Max

        IK_IK posted a topic in Free Android Modded APKs,

        Mod APK Game Name: DEAD TARGET: FPS Zombie Games By VNG SINGAPORE PTE LTD
        Rooted Device: Not Required.
        Google Play Store Link: https://play.google.com/store/apps/details?id=com.vng.g6.a.zombie&hl=en

         

        🤩 Hack Features

        - Unlimited Gold
        - Unlimited Cash
        - Unlimited Diamonds
        - Unlimited Grenades
        - Unlimited MedKits
        - Unlimited Ammo
        - One Hit Kill
        - God Mode
        - High Accuracy
        - ADS NO

         

        ⬇️ Android Mod APK Download Link


        Hidden Content

        Download Modded APK







         

        📖 Android Installation Instructions

        STEP 1: Download the modded APK file from the link above using your preferred Android browser or download manager.
        STEP 2: Once the download is complete, open your file manager and locate the downloaded .apk file (usually in the Downloads folder).
        STEP 3: Tap the APK file, then select Install. If prompted, enable Install from Unknown Sources in your device settings.
        STEP 3A: If the mod includes an OBB file, extract it if it’s inside an archive. Then move the folder to: /Android/obb/
        STEP 3B: If the mod includes a DATA file, extract it if it’s archived. Then move the folder to: /Android/data/
        STEP 4: Once installed, open the game and toggle your desired cheats & features through the APK mod menu. Enjoy!

         

        NOTE: If you have any questions or issues, read our Frequently Asked Questions topic. If you still need help, post your issue below and we’ll assist you as soon as possible. If the mod works for you, please share your feedback to help other members!

         

        🙌 Credits

        - IK_IK

         

        📷 Cheat Video/Screenshots

        N/A

         

         iOS & iPadOS App Hacks
        If you’re looking for Non-Jailbroken & No Jailbreak required iOS IPA hacks, visit the iOS Game Cheats & Hacks or the iOSGods App for a variety of modded games and apps for non-jailbroken iOS devices.
        • 3 replies
        IK_IK

        Picked By

        IK_IK,
      • Snake.io - Fun Snake .io Games v2.2.108 [ +6 APK MOD ] AI Stupid

        Snake.io - Fun Snake .io Games v2.2.108 [ +6 APK MOD ] AI Stupid

        IK_IK posted a topic in Free Android Modded APKs,

        Mod APK Game Name: Snake.io - Fun Snake .io Games
        Rooted Device: Not Required.
        Google Play Store Link: https://play.google.com/store/apps/details?id=com.amelosinteractive.snake&hl=en

         

        🤩 Hack Features

        - No ADS
        - AI Stupid 
        - Skin Unlocked 
        - Revive Unlimited
        - Immortal 
        - Wall Hack
        • 4 replies
        IK_IK

        Picked By

        IK_IK,
      • Boom Castle Tower Defense TD v1.7.2 [ +6 APK MOD ] Easy Win

        Boom Castle Tower Defense TD v1.7.2 [ +6 APK MOD ] Easy Win

        IK_IK posted a topic in Free Android Modded APKs,

        Mod APK Game Name: Boom Castle: Tower Defense TD By Terahype s.r.o.
        Rooted Device: Not Required.
        Google Play Store Link: https://play.google.com/store/apps/details?id=castle.heroes.tower.defense.kingdom.magic.battle.archer&hl=en

         

        🤩 Hack Features

        - Enemy Status [ HP DEF ]
        - Base HP
        - Battle Cost 1
        - Stage Unlocked [ Play Any Stage ]
        - Battle Pass Unlocked
        - Battle Pass Claim Unlimited [ Gems Gold ]

         

        ⬇️ Android Mod APK Download Link


        Hidden Content

        Download Modded APK







         

        📖 Android Installation Instructions

        STEP 1: Download the modded APK file from the link above using your preferred Android browser or download manager.
        STEP 2: Once the download is complete, open your file manager and locate the downloaded .apk file (usually in the Downloads folder).
        STEP 3: Tap the APK file, then select Install. If prompted, enable Install from Unknown Sources in your device settings.
        STEP 3A: If the mod includes an OBB file, extract it if it’s inside an archive. Then move the folder to: /Android/obb/
        STEP 3B: If the mod includes a DATA file, extract it if it’s archived. Then move the folder to: /Android/data/
        STEP 4: Once installed, open the game and toggle your desired cheats & features through the APK mod menu. Enjoy!

         

        NOTE: If you have any questions or issues, read our Frequently Asked Questions topic. If you still need help, post your issue below and we’ll assist you as soon as possible. If the mod works for you, please share your feedback to help other members!

         

        🙌 Credits

        - IK_IK

         

        📷 Cheat Video/Screenshots

        N/A

         

         iOS & iPadOS App Hacks
        If you’re looking for Non-Jailbroken & No Jailbreak required iOS IPA hacks, visit the iOS Game Cheats & Hacks or the iOSGods App for a variety of modded games and apps for non-jailbroken iOS devices.
        • 4 replies
        IK_IK

        Picked By

        IK_IK,
      • Temple Run 3 v0.2.3 [ +5 APK MOD ] Never Die

        Temple Run 3 v0.2.3 [ +5 APK MOD ] Never Die

        IK_IK posted a topic in Free Android Modded APKs,

        Mod APK Game Name: Temple Run 3 By Imangi Studios, LLC
        Rooted Device: Not Required.
        Google Play Store Link: https://play.google.com/store/apps/details?id=com.imangi.tr3&hl=en

         

        🤩 Hack Features

        - Currency / No Need
        - Resources / No Need
        - Score Multiplier 
        - Jump
        - Never Die

         

        ⬇️ Android Mod APK Download Link


        Hidden Content

        Download Modded APK







         

        📖 Android Installation Instructions

        STEP 1: Download the modded APK file from the link above using your preferred Android browser or download manager.
        STEP 2: Once the download is complete, open your file manager and locate the downloaded .apk file (usually in the Downloads folder).
        STEP 3: Tap the APK file, then select Install. If prompted, enable Install from Unknown Sources in your device settings.
        STEP 3A: If the mod includes an OBB file, extract it if it’s inside an archive. Then move the folder to: /Android/obb/
        STEP 3B: If the mod includes a DATA file, extract it if it’s archived. Then move the folder to: /Android/data/
        STEP 4: Once installed, open the game and toggle your desired cheats & features through the APK mod menu. Enjoy!

         

        NOTE: If you have any questions or issues, read our Frequently Asked Questions topic. If you still need help, post your issue below and we’ll assist you as soon as possible. If the mod works for you, please share your feedback to help other members!

         

        🙌 Credits

        - IK_IK

         

        📷 Cheat Video/Screenshots

        N/A

         

         iOS & iPadOS App Hacks
        If you’re looking for Non-Jailbroken & No Jailbreak required iOS IPA hacks, visit the iOS Game Cheats & Hacks or the iOSGods App for a variety of modded games and apps for non-jailbroken iOS devices.
        • 2 replies
        IK_IK

        Picked By

        IK_IK,
      • Treasure Party: Puzzle Fun! v3.18.3 [ +3 APK MOD ] Coins Max

        Treasure Party: Puzzle Fun! v3.18.3 [ +3 APK MOD ] Coins Max

        IK_IK posted a topic in Free Android Modded APKs,

        Mod APK Game Name: Treasure Party: Puzzle Fun
        Rooted Device: Not Required.
        Google Play Store Link: https://play.google.com/store/apps/details?id=net.playq.treasureparty4&hl=en

         

        🤩 Hack Features

        - Unlimited Coins
        - Unlimited Lives / Visual But Works
        - Unlimited Moves

         

        ⬇️ Android Mod APK Download Link


        Hidden Content

        Download Modded APK







         

        📖 Android Installation Instructions

        STEP 1: Download the modded APK file from the link above using your preferred Android browser or download manager.
        STEP 2: Once the download is complete, open your file manager and locate the downloaded .apk file (usually in the Downloads folder).
        STEP 3: Tap the APK file, then select Install. If prompted, enable Install from Unknown Sources in your device settings.
        STEP 3A: If the mod includes an OBB file, extract it if it’s inside an archive. Then move the folder to: /Android/obb/
        STEP 3B: If the mod includes a DATA file, extract it if it’s archived. Then move the folder to: /Android/data/
        STEP 4: Once installed, open the game and toggle your desired cheats & features through the APK mod menu. Enjoy!

         

        NOTE: If you have any questions or issues, read our Frequently Asked Questions topic. If you still need help, post your issue below and we’ll assist you as soon as possible. If the mod works for you, please share your feedback to help other members!

         

        🙌 Credits

        - IK_IK

         

        📷 Cheat Video/Screenshots

        N/A

         

         iOS & iPadOS App Hacks
        If you’re looking for Non-Jailbroken & No Jailbreak required iOS IPA hacks, visit the iOS Game Cheats & Hacks or the iOSGods App for a variety of modded games and apps for non-jailbroken iOS devices.
        • 1 reply
        IK_IK

        Picked By

        IK_IK,
      • Piggy Kingdom v2.4.1 [ +5 APK MOD ] Currency Max

        Piggy Kingdom v2.4.1 [ +5 APK MOD ] Currency Max

        IK_IK posted a topic in Free Android Modded APKs,

        Mod APK Game Name: Piggy Kingdom
        Rooted Device: Not Required.
        Google Play Store Link: https://play.google.com/store/apps/details?id=com.olleyo.piggy.king.free&hl=en

         

        🤩 Hack Features

        - Unlimited Coins / Disable After Hack
        - Unlimited Lives
        - Build Coins / Use Then Get / Disable After Hack
        - Unlimited Moves / Earn Coins Win Match
        - Booster / Don't Use Crash
        - Color Move Only [ Without Matching Move Anywhere ]

         

        ⬇️ Android Mod APK Download Link


        Hidden Content

        Download Modded APK







         

        📖 Android Installation Instructions

        STEP 1: Download the modded APK file from the link above using your preferred Android browser or download manager.
        STEP 2: Once the download is complete, open your file manager and locate the downloaded .apk file (usually in the Downloads folder).
        STEP 3: Tap the APK file, then select Install. If prompted, enable Install from Unknown Sources in your device settings.
        STEP 3A: If the mod includes an OBB file, extract it if it’s inside an archive. Then move the folder to: /Android/obb/
        STEP 3B: If the mod includes a DATA file, extract it if it’s archived. Then move the folder to: /Android/data/
        STEP 4: Once installed, open the game and toggle your desired cheats & features through the APK mod menu. Enjoy!

         

        NOTE: If you have any questions or issues, read our Frequently Asked Questions topic. If you still need help, post your issue below and we’ll assist you as soon as possible. If the mod works for you, please share your feedback to help other members!

         

        🙌 Credits

        - IK_IK

         

        📷 Cheat Video/Screenshots

        N/A

         

         iOS & iPadOS App Hacks
        If you’re looking for Non-Jailbroken & No Jailbreak required iOS IPA hacks, visit the iOS Game Cheats & Hacks or the iOSGods App for a variety of modded games and apps for non-jailbroken iOS devices.
        • 1 reply
        IK_IK

        Picked By

        IK_IK,
      • Dragon Wings: RPG Shoot em up v3.2.1 [ +5 APK MOD ] Currency Max

        Dragon Wings: RPG Shoot em up v3.2.1 [ +5 APK MOD ] Currency Max

        IK_IK posted a topic in ViP APK Hacks & Mods,

        Mod APK Game Name: Dragon Wings: RPG Shoot 'em up By Spirit Bomb Company Limited
        Rooted Device: Not Required.
        Google Play Store Link: https://play.google.com/store/apps/details?id=rpg.arcade.space.shooter.dragon.wings&hl=en

         

        🤩 Hack Features

        - Super Card Active
        - Unlimited Gems
        - Unlimited Gold
        - Never Die
        - ATK

        Tut Skip Then Use

        ⬇️ Android Mod APK Download Link


        Hidden Content

        Download Modded APK







         

        📖 Android Installation Instructions

        STEP 1: Download the modded APK file from the link above using your preferred Android browser or download manager.
        STEP 2: Once the download is complete, open your file manager and locate the downloaded .apk file (usually in the Downloads folder).
        STEP 3: Tap the APK file, then select Install. If prompted, enable Install from Unknown Sources in your device settings.
        STEP 3A: If the mod includes an OBB file, extract it if it’s inside an archive. Then move the folder to: /Android/obb/
        STEP 3B: If the mod includes a DATA file, extract it if it’s archived. Then move the folder to: /Android/data/
        STEP 4: Once installed, open the game and toggle your desired cheats & features through the APK mod menu. Enjoy!

         

        NOTE: If you have any questions or issues, read our Frequently Asked Questions topic. If you still need help, post your issue below and we’ll assist you as soon as possible. If the mod works for you, please share your feedback to help other members!

         

        🙌 Credits

        - IK_IK

         

        📷 Cheat Video/Screenshots

        N/A

         

         iOS & iPadOS App Hacks
        If you’re looking for Non-Jailbroken & No Jailbreak required iOS IPA hacks, visit the iOS Game Cheats & Hacks or the iOSGods App for a variety of modded games and apps for non-jailbroken iOS devices.
        • 2 replies
        IK_IK

        Picked By

        IK_IK,
      • Goblins Wood: Tycoon Idle Sim v2.55.5 +1++ Mod [ Unlimited Currencies ]

        Goblins Wood: Tycoon Idle Sim v2.55.5 +1++ Mod [ Unlimited Currencies ]

        Puddin posted a topic in Free Android Modded APKs,

        Mod APK Game Name: Goblins Wood: Tycoon Idle Sim
        Rooted Device: Not Required.
        Google Play Store Link: https://play.google.com/store/apps/details?id=idle.goblins.wood.tycoon&hl=en_GB

         

        🤩 Hack Features

        - Unlimited Currencies -> Will increase instead of decrease.
        • 0 replies
        Puddin

        Picked By

        Puddin,
      • Glow Tales: Merge & Makeover v1.0.5 +100 Jailed Cheats [ Debug Menu ]

        Glow Tales: Merge & Makeover v1.0.5 +100 Jailed Cheats [ Debug Menu ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Glow Tales: Merge & Makeover By Paxie Games Oyun ve Yazilim Anonim Sirketi
        Bundle ID: com.paxiegames.glowtales
        App Store Link: https://apps.apple.com/us/app/glow-tales-merge-makeover/id6754087834?uo=4

         


        🤩 Hack Features

        - Debug Menu -> Head into Settings and toggle the Inbox button.
        • 3 replies
        Puddin

        Picked By

        Puddin,
      • Dawn of Ages: Medieval Games v2.6.5 +5 Jailed Cheats [ Damage & Defence ]

        Dawn of Ages: Medieval Games v2.6.5 +5 Jailed Cheats [ Damage & Defence ]

        Puddin posted a topic in Secret ViP,

        Modded/Hacked App: Dawn of Ages: total war battle By BoomBit, Inc.
        Bundle ID: com.stratospheregames.dawnofages
        App Store Link: https://apps.apple.com/us/app/dawn-of-ages-total-war-battle/id6477473268?uo=4

         


        🤩 Hack Features

        - Damage Multiplier
        - Defence Multiplier
        - God Mode
        - Dumb Enemy
        - Premium Enabled
        • 119 replies
        Puddin

        Picked By

        Puddin,
      • Pudgy Party - Battle Royale v0.15.4 +7 Jailed Cheats [ Speed, Gravity + More ]

        Pudgy Party - Battle Royale v0.15.4 +7 Jailed Cheats [ Speed, Gravity + More ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Pudgy Party - Battle Royale By Mythical, Inc.
        Bundle ID: com.mythical.pudgyparty
        App Store Link: https://apps.apple.com/us/app/pudgy-party-battle-royale/id6744258913?uo=4

         
         

        🤩 Hack Features

        - Jump Height Multiplier -> Affects bots too. Use with Freeze/Dumb Bots.
        - Gravity Multiplier -> Affects bots too. Use with Freeze/Dumb Bots.
        - Speed Multiplier -> Affects bots too. Use with Freeze/Dumb Bots.
        - Friction Multiplier -> Affects bots too. Use with Freeze/Dumb Bots.
        - Freeze Bots
        - Dumb Bots
        - Free In-App Purchases
        • 29 replies
        Puddin

        Picked By

        Puddin,
      • Loot Heroes v1.18.1 +28 Jailed Cheats [ Unlimited Everything ]

        Loot Heroes v1.18.1 +28 Jailed Cheats [ Unlimited Everything ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Loot Heroes: Fantasy RPG Games By BoomBit, Inc.
        Bundle ID: com.bbp.lootheroes
        iTunes Store Link: https://apps.apple.com/us/app/loot-heroes-fantasy-rpg-games/id6642699678?uo=4


        Hack Features:
        - Freeze Everything -> Currencies, Hero Cards, Hero Skill Points will all freeze.
        - God Mode -> Traps still cause damage.
        - One-Hit Kill
        - No Attack Delay
        - All Critical Hits
        - All Heroes Unlocked
        - All Skins Unlocked
        - No Skill Cooldown
        - Nickname Edit Unlocked
        - No Nickname Filter
        - No Guild Name Filter
        - No Dash Cooldown
        - Unlimited Boosters
        - Auto Play
        - No Camp Upgrade Cost
        - Unlimited Bolts
        - No Ads

        VIP
        - Unlimited Everything -> Currencies, Hero Cards, Hero Skill Points will all increase instead of decrease.
        - Currency Modifier -> Earn or spend some.
        - Unlimited Hero Cards -> Earn some.
        - Unlimited Hero Skill Points -> Earn some.
        - Trophy Modifier -> Earn or lose some to stick to the leaderboard.
        - Guild Score Modifier -> Earn some.
        - Unlimited Event Score -> Earn some.
        - Max Hero Mastery Level
        - Auto Win
        - Battle Pass Unlocked
        - VIP Enabled
        • 224 replies
        Puddin

        Picked By

        Puddin,
      View All
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines