Jump to content
Community Announcements, Giveaways & More!

Dealing with ASLR in Palera1n Jailbreak

tat5

By tat5
Updated in Tutorials

 Share

5 posts in this topic

Recommended Posts

tat5 Newbie

tat5 0
  •   iPhone 7 
  •   13.3.1

    • Updated
    Updated (edited)

    I have been getting the virtual memory address slide amount of the application by 

    #include <mach-o/dyld.h>
_dyld_get_image_vmaddr_slide(0);

    _dyld_get_image_vmaddr_slide: https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/dyld.3.html

    However, on Palera1n (v1.4.1), "/usr/lib/substitute-loader.dylib" seems to be the 0th image index.
    Therefore, the argument to _dyld_get_image_vmaddr_slide must be 1. 

    uint64_t getRealOffset(uint64_t offset) {
    return _dyld_get_image_vmaddr_slide(1) + offset;
    // return _dyld_get_image_vmaddr_slide(0) + offset;
}

     

    With Framework

    If the image index is not fixed as in Unity, it can be done as follows 

    #include <string.h>
#include <stdlib.h>

uint64_t getRealOffset$Palera1n(const char *image_name, uint64_t offset) {
    if (image_name == NULL) {
        const char *progname = getprogname();
        if (progname) {
            return getRealOffset$Palera1n(progname, offset);
        }
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), image_name)) {
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }
    // error...
    return offset;
}

    getprogname: https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/getprogname.3.html

    Example argument for image_name: 

    // PUBG
getRealOffset$Palera1n("ShadowTrackerExtra", 0x100345678);
// or
getRealOffset$Palera1n(NULL, 0x100345678);

// YouTube
getRealOffset$Palera1n("YouTube", 0x100345678);
// or
getRealOffset$Palera1n(NULL, 0x100345678);

// Unity - (e.g. Survivor!.io)
getRealOffset$Palera1n("UnityFramework", 0x345678);

     

    Conclusion

    The following may only work with Palera1n or only with the current version of Palera1n. 

    const uint64_t slide = _dyld_get_image_vmaddr_slide(1);
MSHookFunction((void *)(0x100345678 + slide), ...);
MSHookFunction((void *)(0x100789ABC + slide), ...);

    It might be better to specify by image name so that it works without worrying about the argument to _dyld_get_image_vmaddr_slide. 

    const uint64_t slide = getRealOffset$Palera1n("ImageName", 0x0);
if (slide) {
    MSHookFunction((void *)(0x100345678 + slide), ...);
    MSHookFunction((void *)(0x100789ABC + slide), ...);
}

     

    Updated by tat5
    Conclusion was not good.
    Link to comment
    Share on other sites
    quatorze Collaborator

    quatorze 4.4k
  •   iPhone 8 

    • Posted
    Posted (edited)

    Could you try this?
      

    uint64_t getRealOffset(uint64_t offset) {

    if (strstr(_dyld_get_image_name(0), "substitute")) { 
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), "UnityFramework")) { 
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }

    return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?
}



     

    Updated by quatorze
    Link to comment
    Share on other sites
    tat5 Newbie

    tat5 0
  •   iPhone 7 
  •   13.3.1

    • Posted
    • Author
    Posted
    46 minutes ago, quatorze said:

    Could you try this?
      

    uint64_t getRealOffset(uint64_t offset) {
 
    const uint32_t image_count = _dyld_image_count();
     for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
            return _dyld_get_image_vmaddr_slide(1) + offset;
        } else if (strstr(_dyld_get_image_name(i), "UnityFramework")) { // check for unityframework
                return _dyld_get_image_vmaddr_slide(i) + offset;
            } else {
                   return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?  
            }

       NSLog(@"An error occured");
       return offset;
}

    Wouldn't it terminate the for loop once?
    I don't think it works well when UnityFramework is the target.

    Is this what you mean? 

    uint64_t getRealOffset(uint64_t offset) {
    if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), "UnityFramework")) { // check for unityframework
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }

    return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?
}

    It may not be able to deal with the case where the next of substitute is not the correct answer. I don't know if such a case can happen... 

    if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
    return _dyld_get_image_vmaddr_slide(1) + offset;// Absolutely?
}

    I just think your code is cleaner and better.🙆‍♂️

     

    Link to comment
    Share on other sites

    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below. For more information, please read our Posting Guidelines.
    Reply to this topic... Posting Guidelines

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×
     Share
    Go to topic listing

    • Our picks

      • Disney Speedstorm v1.7.0 +2 Jailed Cheats [ Unlimited Nitro ]

        Disney Speedstorm v1.7.0 +2 Jailed Cheats [ Unlimited Nitro ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Disney Speedstorm By Gameloft
        Bundle ID: com.gameloft.disneyspeedstorm
        iTunes Store Link: https://apps.apple.com/us/app/disney-speedstorm/id6449708682?uo=4


        Hack Features:
        - Unlimited Nitro -> Will not decrease.
        - Instant Nitro Max


        Jailbreak required hack(s): [Mod Menu Hack] Disney Speedstorm v1.5.0 +2 Cheats [ Unlimited Nitro ] - Free Jailbroken Cydia Cheats - iOSGods
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 30 replies
        Puddin

        Picked By

        Puddin,
      • Disney Speedstorm v1.7.0 +2 Cheats [ Unlimited Nitro ]

        Disney Speedstorm v1.7.0 +2 Cheats [ Unlimited Nitro ]

        Puddin posted a topic in Free Jailbroken Cydia Cheats,

        Modded/Hacked App: Disney Speedstorm By Gameloft
        Bundle ID: com.gameloft.disneyspeedstorm
        iTunes Store Link: https://apps.apple.com/us/app/disney-speedstorm/id6449708682?uo=4


        Hack Features:
        - Unlimited Nitro -> Will not decrease.
        - Instant Nitro Max


        Non-Jailbroken & No Jailbreak required hack(s): [Non-Jailbroken Hack] Disney Speedstorm v1.5.0 +2 Jailed Cheats [ Unlimited Nitro ] - Free Non-Jailbroken IPA Cheats - iOSGods
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 24 replies
        Puddin

        Picked By

        Puddin,
      • Survivors.io China - 弹壳特攻队 v2.10.0 +5 Cheats

        Survivors.io China - 弹壳特攻队 v2.10.0 +5 Cheats

        AlyssaX64  posted a topic in Free Jailbroken Cydia Cheats,

        Modded/Hacked App: 弹壳特攻队 By Shanghai Lezuan Technology Co.,Ltd.
        Bundle ID: com.habby.danke
        iTunes Store Link: https://apps.apple.com/cn/app/%E5%BC%B9%E5%A3%B3%E7%89%B9%E6%94%BB%E9%98%9F/id1628270358?uo=4


        Mod Requirements:
        - Jailbroken iPhone/iPad/iPod Touch.
        - iGameGod / Filza / iMazing or any other file managers for iOS.
        - Cydia Substrate, Substitute or libhooker depending on your jailbreak.
        - PreferenceLoader (from Cydia, Sileo or Zebra).


        Hack Features:
        - God Mode
        - No Skills Cooldown
        - Jailbreak Check Removed


        Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/


        iOS Hack Download Link:

        Hidden Content
        Download Hack







        Installation Instructions:
        STEP 1: Download the .deb Cydia hack file from the link above. Use Safari/Google Chrome or other iOS browsers to download.
        STEP 2: Once the file has downloaded, tap on it and then you will be prompted on whether you want to open the deb with iGameGod or copy it to Filza.
        STEP 3: If necessary, tap on the downloaded file, and then, you will need to press 'Install' from the options on your screen.
        STEP 4: Let iGameGod/Filza finish the cheat installation. Make sure it successfully installs, otherwise see the note below.
        STEP 5: If the hack is a Mod Menu — which is usually the case nowadays — the cheat features can be toggled in-game. Some cheats have options that can be enabled from your iDevice settings.
        STEP 6: Turn on the features you want and play the game. You may need to follow further instructions inside the hack's popup in-game.

         

        NOTE: If you have any questions or problems, read our Troubleshooting topic & Frequently Asked Questions & Answers topic. If you still haven't found a solution, post your issue down below and we'll do our best to help! If the hack does work for you, please post your feedback below and help out other fellow members that are encountering issues.


        Credits:
        - AlyssaX64


        Cheat Video/Screenshots:

        N/A
        • 292 replies
        AlyssaX64

        Picked By

        AlyssaX64 ,
      • Bloons TD 6 NETFLIX v43.2 +8 Cheats

        Bloons TD 6 NETFLIX v43.2 +8 Cheats

        AlyssaX64  posted a topic in Free Jailbroken Cydia Cheats,

        Modded/Hacked App: Bloons TD 6 NETFLIX By Netflix, Inc.
        Bundle ID: com.netflix.NGP.BloonsTDSix
        iTunes Store Link: https://apps.apple.com/us/app/bloons-td-6-netflix/id1671633204?uo=4


        Mod Requirements:
        - Jailbroken iPhone/iPad/iPod Touch.
        - iGameGod / Filza / iMazing or any other file managers for iOS.
        - Cydia Substrate, Substitute or libhooker depending on your jailbreak.
        - PreferenceLoader (from Cydia, Sileo or Zebra).


        Hack Features:
        - God Mode
        - Unlimited Cash
        - Unlimited Monkey Money
        - Unlimited Consumes
        - Unlocked All Heroes
        - Unlocked All Towers
        - Unlocked All Upgrades


        Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/


        iOS Hack Download Link:

        Hidden Content
        Download Hack







        Installation Instructions:
        STEP 1: Download the .deb Cydia hack file from the link above. Use Safari/Google Chrome or other iOS browsers to download.
        STEP 2: Once the file has downloaded, tap on it and then you will be prompted on whether you want to open the deb with iGameGod or copy it to Filza.
        STEP 3: If necessary, tap on the downloaded file, and then, you will need to press 'Install' from the options on your screen.
        STEP 4: Let iGameGod/Filza finish the cheat installation. Make sure it successfully installs, otherwise see the note below.
        STEP 5: If the hack is a Mod Menu — which is usually the case nowadays — the cheat features can be toggled in-game. Some cheats have options that can be enabled from your iDevice settings.
        STEP 6: Turn on the features you want and play the game. You may need to follow further instructions inside the hack's popup in-game.

         

        NOTE: If you have any questions or problems, read our Troubleshooting topic & Frequently Asked Questions & Answers topic. If you still haven't found a solution, post your issue down below and we'll do our best to help! If the hack does work for you, please post your feedback below and help out other fellow members that are encountering issues.


        Credits:
        - AlyssaX64


        Cheat Video/Screenshots:

        N/A
        • 84 replies
        AlyssaX64

        Picked By

        AlyssaX64 ,
      • The Demonized: Idle RPG v1.3.5 +5 Cheats

        The Demonized: Idle RPG v1.3.5 +5 Cheats

        AlyssaX64  posted a topic in Free Jailbroken Cydia Cheats,

        Modded/Hacked App: The Demonized: Idle RPG By Game Duo Co.,Ltd.
        Bundle ID: com.deepgames.release.becamethedevil
        iTunes Store Link: https://apps.apple.com/us/app/the-demonized-idle-rpg/id6477870177?uo=4


        Mod Requirements:
        - Jailbroken iPhone/iPad/iPod Touch.
        - iGameGod / Filza / iMazing or any other file managers for iOS.
        - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak.
        - PreferenceLoader (from Cydia, Sileo or Zebra).


        Hack Features:
        - Damage Multiplier
        - Never Die
        - Dumb Enemies
        - Attack Speed Multiplier
        - Freeze Resources


        Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/


        iOS Hack Download Link:

        Hidden Content
        Download Hack







        Installation Instructions:
        STEP 1: Download the .deb Cydia hack file from the link above. Use Safari/Google Chrome or other iOS browsers to download.
        STEP 2: Once the file has downloaded, tap on it and then you will be prompted on whether you want to open the deb with iGameGod or copy it to Filza.
        STEP 3: If necessary, tap on the downloaded file, and then, you will need to press 'Install' from the options on your screen.
        STEP 4: Let iGameGod/Filza finish the cheat installation. Make sure it successfully installs, otherwise see the note below.
        STEP 5: If the hack is a Mod Menu — which is usually the case nowadays — the cheat features can be toggled in-game. Some cheats have options that can be enabled from your iDevice settings.
        STEP 6: Turn on the features you want and play the game. You may need to follow further instructions inside the hack's popup in-game.

         

        NOTE: If you have any questions or problems, read our Troubleshooting topic & Frequently Asked Questions & Answers topic. If you still haven't found a solution, post your issue down below and we'll do our best to help! If the hack does work for you, please post your feedback below and help out other fellow members that are encountering issues.


        Credits:
        - AlyssaX64


        Cheat Video/Screenshots:

        N/A
        • 62 replies
        AlyssaX64

        Picked By

        AlyssaX64 ,
      • Warhammer 40,000: Freeblade v6.0.8 +1 Cheat

        Warhammer 40,000: Freeblade v6.0.8 +1 Cheat

        AlyssaX64  posted a topic in Free Jailbroken Cydia Cheats,

        Modded/Hacked App: Warhammer 40,000: Freeblade By Pixel Toys Ltd.
        Bundle ID: com.PixelToys.W40kFreeblade
        iTunes Store Link: https://apps.apple.com/us/app/warhammer-40-000-freeblade/id1043640363?uo=4


        Mod Requirements:
        - Jailbroken iPhone/iPad/iPod Touch.
        - iGameGod / Filza / iMazing or any other file managers for iOS.
        - Cydia Substrate, Substitute or libhooker depending on your jailbreak.
        - PreferenceLoader (from Cydia, Sileo or Zebra).


        Hack Features:
        - Unlimited Currencies -> Increase When Use


        Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/


        iOS Hack Download Link:

        Hidden Content
        Download Hack







        Installation Instructions:
        STEP 1: Download the .deb Cydia hack file from the link above. Use Safari/Google Chrome or other iOS browsers to download.
        STEP 2: Once the file has downloaded, tap on it and then you will be prompted on whether you want to open the deb with iGameGod or copy it to Filza.
        STEP 3: If necessary, tap on the downloaded file, and then, you will need to press 'Install' from the options on your screen.
        STEP 4: Let iGameGod/Filza finish the cheat installation. Make sure it successfully installs, otherwise see the note below.
        STEP 5: If the hack is a Mod Menu — which is usually the case nowadays — the cheat features can be toggled in-game. Some cheats have options that can be enabled from your iDevice settings.
        STEP 6: Turn on the features you want and play the game. You may need to follow further instructions inside the hack's popup in-game.

         

        NOTE: If you have any questions or problems, read our Troubleshooting topic & Frequently Asked Questions & Answers topic. If you still haven't found a solution, post your issue down below and we'll do our best to help! If the hack does work for you, please post your feedback below and help out other fellow members that are encountering issues.


        Credits:
        - AlyssaX64


        Cheat Video/Screenshots:

        N/A
        • 59 replies
        AlyssaX64

        Picked By

        AlyssaX64 ,
      • Dice Dreams™ v1.78.1 +2 Cheats

        Dice Dreams™ v1.78.1 +2 Cheats

        Zahir posted a topic in Free Jailbroken Cydia Cheats,

        Modded/Hacked App: Dice Dreams™ By SuperPlay LTD
        Bundle ID: com.superplaystudios.dicedreams
        iTunes Store Link: https://apps.apple.com/us/app/dice-dreams/id1484468651?uo=4


        Hack Features:
        - Custom Rolls
        - Unlimited Coins - afford regardless of if you have enough


        iOS Hack Download Link: https://iosgods.com/topic/138011-dice-dreams%E2%84%A2-v1692-2-cheats/
        • 554 replies
        Laxus

        Picked By

        Laxus ,
      • Left to Survive v7.1.0 Jailed Cheats +3

        Left to Survive v7.1.0 Jailed Cheats +3

        Laxus posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Left to Survive: Shooter PVP By My.com B.V.
        Bundle ID: com.glu.zbs
        iTunes Store Link: https://apps.apple.com/us/app/left-to-survive-shooter-pvp/id1090501422?uo=4


        Hack Features:
        - Infinite Ammo
        - No Reload
        - No Spread


        Jailbreak required hack(s): https://iosgods.com/topic/71233-arm64-left-to-survive-pvp-shooter-cheats-all-versions-3/


        Hack Download Link: https://iosgods.com/topic/71998-arm64-left-to-survive-v470-jailed-cheats-3/
        • 916 replies
        Laxus

        Picked By

        Laxus ,
      • Idle Outpost: Business Game v0.14.79 +1++ Jailed Cheat [ Free Shopping ]

        Idle Outpost: Business Game v0.14.79 +1++ Jailed Cheat [ Free Shopping ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Idle Outpost: Business Game By AppQuantum Publishing Ltd
        Bundle ID: com.rockbite.zombieoutpost
        iTunes Store Link: https://apps.apple.com/us/app/idle-outpost-business-game/id6463128982?uo=4


        Hack Features:
        - Free Shopping -> Currencies will go negative.


        Jailbreak required hack(s): [Mod Menu Hack] Idle Outpost: Business Game v0.14.53 +1++ Cheat [ Free Shopping ] - Free Jailbroken Cydia Cheats - iOSGods
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 22 replies
        Puddin

        Picked By

        Puddin,
      • Idle Outpost: Business Game v0.14.79 +1++ Cheat [ Free Shopping ]

        Idle Outpost: Business Game v0.14.79 +1++ Cheat [ Free Shopping ]

        Puddin posted a topic in Free Jailbroken Cydia Cheats,

        Modded/Hacked App: Idle Outpost: Business Game By AppQuantum Publishing Ltd
        Bundle ID: com.rockbite.zombieoutpost
        iTunes Store Link: https://apps.apple.com/us/app/idle-outpost-business-game/id6463128982?uo=4


        Hack Features:
        - Free Shopping -> Currencies will go negative.


        Non-Jailbroken & No Jailbreak required hack(s): [Non-Jailbroken Hack] Idle Outpost: Business Game v0.14.53 +1++ Jailed Cheat [ Free Shopping ] - Free Non-Jailbroken IPA Cheats - iOSGods
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 25 replies
        Puddin

        Picked By

        Puddin,
      • Good Pizza, Great Pizza v5.13.1 +2 Jailed Cheats [ Unlimited Currencies ]

        Good Pizza, Great Pizza v5.13.1 +2 Jailed Cheats [ Unlimited Currencies ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Good Pizza, Great Pizza By TAPBLAZE, LLC
        Bundle ID: com.tapblaze.pizzabusiness
        iTunes Store Link: https://apps.apple.com/us/app/good-pizza-great-pizza/id911121200?uo=4


        Hack Features:
        - Unlimited Cash
        - Unlimited Diamonds


        Jailbreak required hack(s): [Mod Menu Hack] Good Pizza, Great Pizza v5.5.6 +2 Cheats [ Unlimited Currencies ] - Free Jailbroken Cydia Cheats - iOSGods
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 79 replies
        Puddin

        Picked By

        Puddin,
      • Good Pizza, Great Pizza v5.13.1 +2 Cheats [ Unlimited Currencies ]

        Good Pizza, Great Pizza v5.13.1 +2 Cheats [ Unlimited Currencies ]

        Puddin posted a topic in Free Jailbroken Cydia Cheats,

        Modded/Hacked App: Good Pizza, Great Pizza By TAPBLAZE, LLC
        Bundle ID: com.tapblaze.pizzabusiness
        iTunes Store Link: https://apps.apple.com/us/app/good-pizza-great-pizza/id911121200?uo=4


        Hack Features:
        - Unlimited Cash
        - Unlimited Diamonds


        Non-Jailbroken & No Jailbreak required hack(s): [Non-Jailbroken Hack] Good Pizza, Great Pizza v5.5.6 +2 Jailed Cheats [ Unlimited Currencies ] - Free Non-Jailbroken IPA Cheats - iOSGods
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 52 replies
        Puddin

        Picked By

        Puddin,
      View All
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines