Jump to content
Community Announcements, Giveaways & More!

Dealing with ASLR in Palera1n Jailbreak

tat5

By tat5
Updated in Tutorials

 Share

5 posts in this topic

Recommended Posts

tat5 Newbie

tat5 0
  •   iPhone 7 
  •   13.3.1

    • Updated
    Updated (edited)

    I have been getting the virtual memory address slide amount of the application by 

    #include <mach-o/dyld.h>
_dyld_get_image_vmaddr_slide(0);

    _dyld_get_image_vmaddr_slide: https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/dyld.3.html

    However, on Palera1n (v1.4.1), "/usr/lib/substitute-loader.dylib" seems to be the 0th image index.
    Therefore, the argument to _dyld_get_image_vmaddr_slide must be 1. 

    uint64_t getRealOffset(uint64_t offset) {
    return _dyld_get_image_vmaddr_slide(1) + offset;
    // return _dyld_get_image_vmaddr_slide(0) + offset;
}

     

    With Framework

    If the image index is not fixed as in Unity, it can be done as follows 

    #include <string.h>
#include <stdlib.h>

uint64_t getRealOffset$Palera1n(const char *image_name, uint64_t offset) {
    if (image_name == NULL) {
        const char *progname = getprogname();
        if (progname) {
            return getRealOffset$Palera1n(progname, offset);
        }
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), image_name)) {
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }
    // error...
    return offset;
}

    getprogname: https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/getprogname.3.html

    Example argument for image_name: 

    // PUBG
getRealOffset$Palera1n("ShadowTrackerExtra", 0x100345678);
// or
getRealOffset$Palera1n(NULL, 0x100345678);

// YouTube
getRealOffset$Palera1n("YouTube", 0x100345678);
// or
getRealOffset$Palera1n(NULL, 0x100345678);

// Unity - (e.g. Survivor!.io)
getRealOffset$Palera1n("UnityFramework", 0x345678);

     

    Conclusion

    The following may only work with Palera1n or only with the current version of Palera1n. 

    const uint64_t slide = _dyld_get_image_vmaddr_slide(1);
MSHookFunction((void *)(0x100345678 + slide), ...);
MSHookFunction((void *)(0x100789ABC + slide), ...);

    It might be better to specify by image name so that it works without worrying about the argument to _dyld_get_image_vmaddr_slide. 

    const uint64_t slide = getRealOffset$Palera1n("ImageName", 0x0);
if (slide) {
    MSHookFunction((void *)(0x100345678 + slide), ...);
    MSHookFunction((void *)(0x100789ABC + slide), ...);
}

     

    Updated by tat5
    Conclusion was not good.
    quatorze Collaborator

    quatorze 5.4k
  •   iPhone 8 

    • Posted
    Posted (edited)

    Could you try this?
      

    uint64_t getRealOffset(uint64_t offset) {

    if (strstr(_dyld_get_image_name(0), "substitute")) { 
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), "UnityFramework")) { 
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }

    return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?
}



     

    Updated by quatorze
    tat5 Newbie

    tat5 0
  •   iPhone 7 
  •   13.3.1

    • Posted
    • Author
    Posted
    46 minutes ago, quatorze said:

    Could you try this?
      

    uint64_t getRealOffset(uint64_t offset) {
 
    const uint32_t image_count = _dyld_image_count();
     for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
            return _dyld_get_image_vmaddr_slide(1) + offset;
        } else if (strstr(_dyld_get_image_name(i), "UnityFramework")) { // check for unityframework
                return _dyld_get_image_vmaddr_slide(i) + offset;
            } else {
                   return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?  
            }

       NSLog(@"An error occured");
       return offset;
}

    Wouldn't it terminate the for loop once?
    I don't think it works well when UnityFramework is the target.

    Is this what you mean? 

    uint64_t getRealOffset(uint64_t offset) {
    if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), "UnityFramework")) { // check for unityframework
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }

    return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?
}

    It may not be able to deal with the case where the next of substitute is not the correct answer. I don't know if such a case can happen... 

    if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
    return _dyld_get_image_vmaddr_slide(1) + offset;// Absolutely?
}

    I just think your code is cleaner and better.🙆‍♂️

     

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share
    Go to topic listing

    • Our picks

      • Prison Empire Tycoon-Idle Game Cheats v3.9.2 +2

        Prison Empire Tycoon-Idle Game Cheats v3.9.2 +2

        Laxus posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Prison Empire Tycoon-Idle Game by Digital Things Sociedad Limitada
        Bundle ID: com.codigames.idle.prison.empire.manager.tycoon
        iTunes Store Link: https://apps.apple.com/us/app/prison-empire-tycoon-idle-game/id1508490923?uo=4&at=1010lce4


        Hack Features:
        - Infinite Cash
        - No Ads


        Non-Jailbroken & No Jailbreak required hack(s):  https://iosgods.com/topic/128324-arm64-prison-empire-tycoon%EF%BC%8Didle-game-v102-jailed-cheats-2/

         
        iOS Hack Download Link: https://iosgods.com/topic/128322-arm64-prison-empire-tycoon%EF%BC%8Didle-game-cheats-all-versions-2/
          • Agree
          • Like
        • 1,160 replies
        Laxus

        Picked By

        Laxus ,
      • Left to Survive: Zombie Games Cheats v7.6.0 +10 Hacks

        Left to Survive: Zombie Games Cheats v7.6.0 +10 Hacks

        iOSGods Dev Team posted a topic in ViP Cheats,

        Modded/Hacked App: Left to Survive: Zombie TPS By MY COM
        Bundle ID: com.glu.zbs
        iTunes Store Link: https://apps.apple.com/us/app/left-to-survive-zombie-tps/id1090501422

        Hack Features:
        - No Bullet Disperse 
        - Unlimited Ammo
        - No Recoil
        - Increased Fire-rate 

        - One Hit Campaign 
        - Grenades and Med-kits Dont Subtract
        - God Mode
        - God Mode PVP

        - Unlock Chapters early 
        - Weapons Unlocked Ready to buy 


        Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/

          • Informative
          • Agree
          • Haha
          • Thanks
          • Winner
          • Like
        • 1,592 replies
        Laxus

        Picked By

        Laxus ,
      • [ Seven Deadly Sins KR ] 일곱 개의 대죄: GRAND CROSS Cheats v8.6.72 +5

        [ Seven Deadly Sins KR ] 일곱 개의 대죄: GRAND CROSS Cheats v8.6.72 +5

        Laxus posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: 일곱 개의 대죄: GRAND CROSS By Netmarble Corporation
        Bundle ID: com.netmarble.nanakr
        iTunes Store Link: https://apps.apple.com/kr/app/%EC%9D%BC%EA%B3%B1-%EA%B0%9C%EC%9D%98-%EB%8C%80%EC%A3%84-grand-cross/id1449552940?uo=4


        Hack Features:
        - God Mode
        - One Hit Kill
        - Multiply Attack
        - Multiply Defense
        - Make Enemies God Mode for some quests


        iOS Hack Download Link: https://iosgods.com/topic/154899-seven-deadly-sins-kr-%EC%9D%BC%EA%B3%B1-%EA%B0%9C%EC%9D%98-%EB%8C%80%EC%A3%84-grand-cross-cheats-v750-5/
          • Like
        • 177 replies
        Laxus

        Picked By

        Laxus ,
      • Zooba: Zoo Battle Royale Game v5.19.0 Jailed Cheats +2

        Zooba: Zoo Battle Royale Game v5.19.0 Jailed Cheats +2

        Laxus posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Zooba: Zoo Battle Royale Games By Wildlife Studios Limited
        Bundle ID: com.fungames.battleroyale
        iTunes Store Link: https://apps.apple.com/us/app/zooba-zoo-battle-royale-games/id1459402952?uo=4


        Hack Features:
        - Map Hacks
        - Allow Shoot in Water


        Jailbreak required hack(s): https://iosgods.com/topic/131104-arm64-zooba-zoo-battle-royale-game-cheats-all-versions-2/


        iOS Hack Download Link: https://iosgods.com/topic/131134-arm64-zooba-zoo-battle-royale-game-v320-jailed-cheats-2/
          • Agree
          • Like
        • 1,300 replies
        Laxus

        Picked By

        Laxus ,
      • The Seven Deadly Sins Cheats v2.81.0 +5

        The Seven Deadly Sins Cheats v2.81.0 +5

        Laxus posted a topic in ViP Cheats,

        Modded/Hacked App: The Seven Deadly Sins by Netmarble Corporation
        Bundle ID: com.netmarble.nanagb
        iTunes Store Link: https://apps.apple.com/us/app/the-seven-deadly-sins/id1475440231?uo=4&at=1010lce4


        Hack Features:
        - God Mode
        - OHK
        - Infinite MP


        iOS Hack Download Link: https://iosgods.com/topic/131686-arm64-the-seven-deadly-sins-cheats-v117-3/
          • Informative
          • Agree
          • Haha
          • Thanks
          • Winner
          • Like
        • 2,050 replies
        Laxus

        Picked By

        Laxus ,
      • Zombastic: Time to Survive v1.12.4 [ +1+++ Jailed ] Currency Max

        Zombastic: Time to Survive v1.12.4 [ +1+++ Jailed ] Currency Max

        Ik_Ik posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Zombastic: Time to Survive By Playmotional Limited
        Bundle ID: com.playmotional.survival
        iTunes Store Link: https://apps.apple.com/us/app/zombastic-time-to-survive/id6475173073?uo=4


        Hack Features:
        - Currency & Resources Unlimited [ Disable When Playing ] 





        Jailbreak required hack(s): https://iosgods.com/forum/5-game-cheats-hack-requests/
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 52 replies
        Ik_Ik

        Picked By

        Ik_Ik,
      • Zombastic: Time to Survive v1.12.4 [ +1+++ Cheats ] Currency Max

        Zombastic: Time to Survive v1.12.4 [ +1+++ Cheats ] Currency Max

        Ik_Ik posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Zombastic: Time to Survive By Playmotional Limited
        Bundle ID: com.playmotional.survival
        iTunes Store Link: https://apps.apple.com/us/app/zombastic-time-to-survive/id6475173073?uo=4


        Hack Features:
        - Currency & Resources Unlimited [ Disable When Playing ] 





        Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 50 replies
        Ik_Ik

        Picked By

        Ik_Ik,
      • Dawn of Ages: Medieval Games v2.0.9 +5 Jailed Cheats [ Damage & Defence ]

        Dawn of Ages: Medieval Games v2.0.9 +5 Jailed Cheats [ Damage & Defence ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Dawn of Ages: total war battle By BoomBit, Inc.
        Bundle ID: com.stratospheregames.dawnofages
        App Store Link: https://apps.apple.com/us/app/dawn-of-ages-total-war-battle/id6477473268?uo=4

         


        🤩 Hack Features

        - Damage Multiplier
        - Defence Multiplier
        - God Mode
        - Dumb Enemy
        - Premium Enabled
        • 13 replies
        Puddin

        Picked By

        Puddin,
      • Dawn of Ages: Medieval Games v2.0.9 +5 Cheats [ Damage & Defence ]

        Dawn of Ages: Medieval Games v2.0.9 +5 Cheats [ Damage & Defence ]

        Puddin posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Dawn of Ages: total war battle By BoomBit, Inc.
        Bundle ID: com.stratospheregames.dawnofages
        App Store Link: https://apps.apple.com/us/app/dawn-of-ages-total-war-battle/id6477473268?uo=4

         

        📌 Mod Requirements

        - Jailbroken iPhone or iPad.
        - iGameGod / Filza / iMazing.
        - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak (from Sileo, Cydia or Zebra).

         

        🤩 Hack Features

        - Damage Multiplier
        - Defence Multiplier
        - God Mode
        - Dumb Enemy
        - Premium Enabled

         

        ⬇️ iOS Hack Download Link


        Hidden Content

        Download Hack







         

        📖 iOS Installation Instructions

        STEP 1: Download the .deb hack file from the link above. Use Safari, Google Chrome or other iOS browsers to download.
        STEP 2: Once the file has downloaded, tap on it and then you will be prompted on whether you want to open the deb with iGameGod or copy it to Filza.
        STEP 3: If needed, tap on the downloaded file again, then select ‘Normal Install’ from the options on your screen.
        STEP 4: Let iGameGod/Filza finish the cheat installation. If it doesn’t install successfully, see the note below.
        STEP 5: Open the game, log in to your iOSGods account when asked, then toggle on the features you want and enjoy!

         

        NOTE: If you have any questions or problems, read our Jailbreak iOS Hack Troubleshooting & Frequently Asked Questions & Answers topic. If you still haven't found a solution, post your issue below and we'll do our best to help! If the hack does work for you, please post your feedback below and help out other fellow members that are encountering issues.

         

        🙌 Credits

        - @Puddin
        - @Laxus

         

        📷 Cheat Video/Screenshots

        N/A

         

        More iOS App Hacks
        If you’re looking for Non-Jailbroken & No Jailbreak required iOS IPA hacks, visit the iOS Game Cheats & Hacks or the iOSGods App for a variety of modded games and apps for non-jailbroken iOS devices.

        Modded Android APKs
        Need modded apps or games for Android? Check out the latest custom APK mods, cheats & more in our Android Section.
        • 22 replies
        Puddin

        Picked By

        Puddin,
      • MONOPOLY: The Board Game v1.15.0 +1 Jailed Cheat [ Everything Owned ]

        MONOPOLY: The Board Game v1.15.0 +1 Jailed Cheat [ Everything Owned ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: MONOPOLY: The Board Game By Marmalade Game Studio Limited
        Bundle ID: com.marmalade.monopoly
        iTunes Store Link: https://apps.apple.com/us/app/monopoly-the-board-game/id1477966166?uo=4


        Hack Features:
        - Everything Owned -> All packs, themes, boards, tokens, all purchased and owned.


        Jailbreak required hack(s): https://iosgods.com/topic/169254-monopoly-classic-board-game-all-versions-1-cheat-everything-owned/
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
          • Thanks
          • Like
        • 413 replies
        Puddin

        Picked By

        Puddin,
      • First Team Manager Season 2026 v1.0.0 +4 Jailed Cheats [ Unlimited Currencies ]

        First Team Manager Season 2026 v1.0.0 +4 Jailed Cheats [ Unlimited Currencies ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: First Team Manager Season 2026 By Go Play Games
        Bundle ID: com.GoPlayGames.FTM26
        iTunes Store Link: https://apps.apple.com/us/app/first-team-manager-season-2026/id6743993781

         
         

        🤩 Hack Features

        - Freeze Coins
        - Freeze Cash
        - Freeze Tokens
        - Free In-App Purchases
        • 1 reply
        Puddin

        Picked By

        Puddin,
      • First Team Manager Season 2026 v1.0.0 +4 Cheats [ Unlimited Currencies ]

        First Team Manager Season 2026 v1.0.0 +4 Cheats [ Unlimited Currencies ]

        Puddin posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: First Team Manager Season 2026 By Go Play Games
        Bundle ID: com.GoPlayGames.FTM26
        iTunes Store Link: https://apps.apple.com/us/app/first-team-manager-season-2026/id6743993781

         
         

        🤩 Hack Features

        - Freeze Coins
        - Freeze Cash
        - Freeze Tokens
        - Free In-App Purchases
        • 0 replies
        Puddin

        Picked By

        Puddin,
      View All
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines