Jump to content
Community Announcements, Giveaways & More!

Dealing with ASLR in Palera1n Jailbreak

tat5

By tat5
Updated in Tutorials

 Share

5 posts in this topic

Recommended Posts

tat5 Newbie

tat5 0
  •   iPhone 7 
  •   13.3.1

    • Updated
    Updated (edited)

    I have been getting the virtual memory address slide amount of the application by 

    #include <mach-o/dyld.h>
_dyld_get_image_vmaddr_slide(0);

    _dyld_get_image_vmaddr_slide: https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/dyld.3.html

    However, on Palera1n (v1.4.1), "/usr/lib/substitute-loader.dylib" seems to be the 0th image index.
    Therefore, the argument to _dyld_get_image_vmaddr_slide must be 1. 

    uint64_t getRealOffset(uint64_t offset) {
    return _dyld_get_image_vmaddr_slide(1) + offset;
    // return _dyld_get_image_vmaddr_slide(0) + offset;
}

     

    With Framework

    If the image index is not fixed as in Unity, it can be done as follows 

    #include <string.h>
#include <stdlib.h>

uint64_t getRealOffset$Palera1n(const char *image_name, uint64_t offset) {
    if (image_name == NULL) {
        const char *progname = getprogname();
        if (progname) {
            return getRealOffset$Palera1n(progname, offset);
        }
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), image_name)) {
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }
    // error...
    return offset;
}

    getprogname: https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/getprogname.3.html

    Example argument for image_name: 

    // PUBG
getRealOffset$Palera1n("ShadowTrackerExtra", 0x100345678);
// or
getRealOffset$Palera1n(NULL, 0x100345678);

// YouTube
getRealOffset$Palera1n("YouTube", 0x100345678);
// or
getRealOffset$Palera1n(NULL, 0x100345678);

// Unity - (e.g. Survivor!.io)
getRealOffset$Palera1n("UnityFramework", 0x345678);

     

    Conclusion

    The following may only work with Palera1n or only with the current version of Palera1n. 

    const uint64_t slide = _dyld_get_image_vmaddr_slide(1);
MSHookFunction((void *)(0x100345678 + slide), ...);
MSHookFunction((void *)(0x100789ABC + slide), ...);

    It might be better to specify by image name so that it works without worrying about the argument to _dyld_get_image_vmaddr_slide. 

    const uint64_t slide = getRealOffset$Palera1n("ImageName", 0x0);
if (slide) {
    MSHookFunction((void *)(0x100345678 + slide), ...);
    MSHookFunction((void *)(0x100789ABC + slide), ...);
}

     

    Updated by tat5
    Conclusion was not good.
    quatorze Collaborator

    quatorze 5.6k
  •   iPhone 8 

    • Posted
    Posted (edited)

    Could you try this?
      

    uint64_t getRealOffset(uint64_t offset) {

    if (strstr(_dyld_get_image_name(0), "substitute")) { 
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), "UnityFramework")) { 
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }

    return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?
}



     

    Updated by quatorze
    tat5 Newbie

    tat5 0
  •   iPhone 7 
  •   13.3.1

    • Posted
    • Author
    Posted
    46 minutes ago, quatorze said:

    Could you try this?
      

    uint64_t getRealOffset(uint64_t offset) {
 
    const uint32_t image_count = _dyld_image_count();
     for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
            return _dyld_get_image_vmaddr_slide(1) + offset;
        } else if (strstr(_dyld_get_image_name(i), "UnityFramework")) { // check for unityframework
                return _dyld_get_image_vmaddr_slide(i) + offset;
            } else {
                   return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?  
            }

       NSLog(@"An error occured");
       return offset;
}

    Wouldn't it terminate the for loop once?
    I don't think it works well when UnityFramework is the target.

    Is this what you mean? 

    uint64_t getRealOffset(uint64_t offset) {
    if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
        return _dyld_get_image_vmaddr_slide(1) + offset;
    }

    const uint32_t image_count = _dyld_image_count();
    for (int i = 0; i < image_count; ++i) {
        if (strstr(_dyld_get_image_name(i), "UnityFramework")) { // check for unityframework
            return _dyld_get_image_vmaddr_slide(i) + offset;
        }
    }

    return _dyld_get_image_vmaddr_slide(0) + offset; // if not our base executable is the traditional?
}

    It may not be able to deal with the case where the next of substitute is not the correct answer. I don't know if such a case can happen... 

    if (strstr(_dyld_get_image_name(0), "substitute")) { // check if substitute loaded as 1st image
    return _dyld_get_image_vmaddr_slide(1) + offset;// Absolutely?
}

    I just think your code is cleaner and better.🙆‍♂️

     

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share
    Go to topic listing

    • Our picks

      • Mergevia: Match Tiles & Merge v1.2.1 +1 Jailed Cheat [ Unlimited Everything ]

        Mergevia: Match Tiles & Merge v1.2.1 +1 Jailed Cheat [ Unlimited Everything ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Mergevia: Match Tiles & Merge By FUNJOY TECHNOLOGY LIMITED
        Bundle ID: com.starfish.mergevia.tile.match.ios
        App Store Link: https://apps.apple.com/us/app/mergevia-match-tiles-merge/id6740308450?uo=4

         
         

        🤩 Hack Features

        - Unlimited Everything
          • Like
        • 4 replies
        Puddin

        Picked By

        Puddin,
      • Resident Evil Survival Unit v1.3.2 +6 Jailed Cheats [ Damage & Defence ]

        Resident Evil Survival Unit v1.3.2 +6 Jailed Cheats [ Damage & Defence ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Resident Evil Survival Unit By Aniplex Inc.
        Bundle ID: com.aniplex.resu
        App Store Link: https://apps.apple.com/us/app/resident-evil-survival-unit/id6744668327?uo=4

         
         

        🤩 Hack Features

        - Damage Multiplier [ Battle ]
        - Defence Multiplier [ Battle ]
        - God Mode [ Battle ]
        - God Mode [ Explore ]
        - One-Hit Kill [ Explore ]
        - Freeze Items & Ammo
          • Informative
          • Agree
          • Haha
          • Thanks
          • Winner
          • Like
        • 79 replies
        Puddin

        Picked By

        Puddin,
      • The Kingdom: Medieval Tales v1.1.7.14 +3 Jailed Cheats [ Damage & Defence ]

        The Kingdom: Medieval Tales v1.1.7.14 +3 Jailed Cheats [ Damage & Defence ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: The Kingdom: Medieval Tales By BoomBit, Inc.
        Bundle ID: com.stratospheregames.The.Kingdom.Medieval.Tales.Strategy.Building.Games
        App Store Link: https://apps.apple.com/us/app/the-kingdom-medieval-tales/id6744967226?uo=4

         
         

        🤩 Hack Features

        - Damage Multiplier
        - Defence Multiplier
        - God Mode
          • Thanks
          • Winner
          • Like
        • 31 replies
        Puddin

        Picked By

        Puddin,
      • Earn to Die Rogue v1.20.220 +15 Jailed Cheats [ Unlimited Currencies ]

        Earn to Die Rogue v1.20.220 +15 Jailed Cheats [ Unlimited Currencies ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Earn to Die Rogue By Not Doppler Pty Limited
        Bundle ID: com.notdoppler.earntodierogue
        iTunes Store Link: https://apps.apple.com/us/app/earn-to-die-rogue/id1564024870?uo=4


        Hack Features:
        - Unlimited Cash
        - Unlimited Gold
        - Unlimited Skill Tree Tokens


        Jailbreak required hack(s): [Mod Menu Hack] Earn to Die Rogue v1.00.96 +2 Cheats [ Unlimited Currencies ] - Free Jailbroken Cydia Cheats - iOSGods
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
          • Informative
          • Agree
          • Haha
          • Thanks
          • Winner
          • Like
        • 333 replies
        Puddin

        Picked By

        Puddin,
      • Project Makeover v2.131.1 +4 Jailed Cheats [ Unlimited Currencies ]

        Project Makeover v2.131.1 +4 Jailed Cheats [ Unlimited Currencies ]

        Puddin posted a topic in ViP Non-Jailbroken Hacks & Cheats,

        Modded/Hacked App: Project Makeover By Magic Tavern, Inc.
        Bundle ID: com.bgg.jump
        App Store Link: https://apps.apple.com/us/app/project-makeover/id1483058899?uo=4

         
         

        🤩 Hack Features

        - Unlimited Cash
        - Unlimited Coins
        - Unlimited Gems
        - Unlimited Lives

        This hack was made by @Cashlaz. Give him all your love & appreciation! ❤️
          • Informative
          • Agree
          • Haha
          • Thanks
          • Winner
          • Like
        • 45 replies
        Puddin

        Picked By

        Puddin,
      • Hunt Royale: Action RPG Battle v3.23.0 +3 Jailed Cheats [ Damage & Defence ]

        Hunt Royale: Action RPG Battle v3.23.0 +3 Jailed Cheats [ Damage & Defence ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Hunt Royale: Action RPG Battle By BoomBit, Inc.
        Bundle ID: com.hunt.royale
        iTunes Store Link: https://apps.apple.com/us/app/hunt-royale-action-rpg-battle/id1537379121?uo=4

         
         

        🚀 Hack Features

        - Dumb Enemies

        VIP
        - Damage Multiplier
        - Defence Multiplier
          • Informative
          • Agree
          • Haha
          • Thanks
          • Like
        • 234 replies
        Puddin

        Picked By

        Puddin,
      • Moonlight Crush: Fantasy Otome v1.2.1 +1 Jailed Cheat [ Free Premium Choices ]

        Moonlight Crush: Fantasy Otome v1.2.1 +1 Jailed Cheat [ Free Premium Choices ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Moonlight Crush: Fantasy Otome By Storytaco.inc
        Bundle ID: com.storytaco.p35client
        iTunes Store Link: https://apps.apple.com/us/app/moonlight-crush-fantasy-otome/id6480089694?uo=4


        Hack Features:
        - Free Premium Choices


        Jailbreak required hack(s): [Mod Menu Hack] Moonlight Crush: Fantasy Otome v1.1.0 +1 Cheat [ Free Premium Choices ] - Free Jailbroken Cydia Cheats - iOSGods
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
          • Informative
          • Agree
          • Haha
          • Thanks
          • Like
        • 14 replies
        Puddin

        Picked By

        Puddin,
      • He-Man MOTU Battle for Eternia +2 Jailed Cheats

        He-Man MOTU Battle for Eternia +2 Jailed Cheats

        AlyssaX64 posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: He-Man MOTU Battle for Eternia By Block Tackle, Inc.
        Bundle ID: io.blocktackle.bcg
        App Store Link: https://apps.apple.com/us/app/he-man-motu-battle-for-eternia/id6504121387?uo=4

         

         

        📌 Mod Requirements

        - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
        - Sideloadly or alternatives.
        - Computer running Windows/macOS/Linux with iTunes installed.

         

        🤩 Hack Features

        - Damage Multiplier
        - Defense Multiplier

         

        ⬇️ iOS Hack Download IPA Link


        Hidden Content

        Download via the iOSGods App







         

        📖 PC Installation Instructions

        STEP 1: Download the pre-hacked .IPA file from the link above to your computer. To download from the iOSGods App, see our iOSGods App IPA Download Tutorial which includes a video example.
        STEP 2: Download Sideloadly and install it on your Windows or Mac.
        STEP 3: Open Sideloadly on your computer, connect your iOS device, and wait until your device name appears in Sideloadly.
        STEP 4: Once your iDevice is recognized, drag the modded .IPA file you downloaded and drop it into the Sideloadly application.
        STEP 5: Enter your Apple Account email, then press “Start.” You’ll then be asked to enter your password. Go ahead and provide the required information.
        STEP 6: Wait for Sideloadly to finish sideloading/installing the hacked IPA. If there are issues during installation, please read the note below.
        STEP 7: Once the installation is complete and you see the app on your Home Screen, you will need to go to Settings -> General -> Profiles / VPN & Device Management. Once there, tap on the email you entered from step 6, and then tap on 'Trust [email protected]'.
        STEP 8: Now go to your Home Screen and open the newly installed app and everything should work fine. You may need to follow further per app instructions inside the hack's popup in-game.

        NOTE: iOS/iPadOS 16 and later, you must enable Developer Mode. For free Apple Developer accounts, you will need to repeat this process every 7 days. If you have any questions or problems, read our Sideloadly FAQ section of the topic and if you don't find a solution, please post your issue below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.

         

        🙌 Credits

        - AlyssaX64

         

        📷 Cheat Video/Screenshots

        N/A
          • Agree
          • Like
        • 4 replies
        AlyssaX64

        Picked By

        AlyssaX64,
      • SuperStar STARSHIP Cheats v3.29.0 +3

        SuperStar STARSHIP Cheats v3.29.0 +3

        Laxus posted a topic in ViP Jailbreak Cheats,

        Modded/Hacked App: SuperStar STARSHIP By Dalcomsoft Inc.
        Bundle ID: com.dalcomsoft.sss
        iTunes Store Link: https://apps.apple.com/us/app/superstar-starship/id1480181152?uo=4


        Hack Features:
        - Never Lose
        - Auto Dance
        - Always S.Perfect


        iOS Hack Download Link: https://iosgods.com/topic/164185-superstar-starship-cheats-v378-3/
          • Agree
          • Haha
          • Like
        • 157 replies
        Laxus

        Picked By

        Laxus ,
      • Lava Survival +2 Jailed Cheats

        Lava Survival +2 Jailed Cheats

        AlyssaX64 posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Lava Survival By Game Legends Establishment For Information Technology
        Bundle ID: com.gamelegendstudio.lavasurvival
        App Store Link: https://apps.apple.com/us/app/lava-survival/id6748965384?uo=4

         

        📌 Mod Requirements

        - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
        - Sideloadly or alternatives.
        - Computer running Windows/macOS/Linux with iTunes installed.

         

        🤩 Hack Features

        - Damage Multiplier
        - Defense Multiplier

         

        ⬇️ iOS Hack Download IPA Link


        Hidden Content

        Download via the iOSGods App







         

        📖 PC Installation Instructions

        STEP 1: Download the pre-hacked .IPA file from the link above to your computer. To download from the iOSGods App, see our iOSGods App IPA Download Tutorial which includes a video example.
        STEP 2: Download Sideloadly and install it on your Windows or Mac.
        STEP 3: Open Sideloadly on your computer, connect your iOS device, and wait until your device name appears in Sideloadly.
        STEP 4: Once your iDevice is recognized, drag the modded .IPA file you downloaded and drop it into the Sideloadly application.
        STEP 5: Enter your Apple Account email, then press “Start.” You’ll then be asked to enter your password. Go ahead and provide the required information.
        STEP 6: Wait for Sideloadly to finish sideloading/installing the hacked IPA. If there are issues during installation, please read the note below.
        STEP 7: Once the installation is complete and you see the app on your Home Screen, you will need to go to Settings -> General -> Profiles / VPN & Device Management. Once there, tap on the email you entered from step 6, and then tap on 'Trust [email protected]'.
        STEP 8: Now go to your Home Screen and open the newly installed app and everything should work fine. You may need to follow further per app instructions inside the hack's popup in-game.

        NOTE: iOS/iPadOS 16 and later, you must enable Developer Mode. For free Apple Developer accounts, you will need to repeat this process every 7 days. If you have any questions or problems, read our Sideloadly FAQ section of the topic and if you don't find a solution, please post your issue below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.

         

        🙌 Credits

        - AlyssaX64

         

        📷 Cheat Video/Screenshots

        N/A
          • Agree
          • Haha
          • Like
        • 7 replies
        AlyssaX64

        Picked By

        AlyssaX64,
      • ULTRAMAN Puzzle Shuwatch!! +3 Jailed Cheats

        ULTRAMAN Puzzle Shuwatch!! +3 Jailed Cheats

        AlyssaX64 posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: ULTRAMAN Puzzle Shuwatch!! By Meta Field Inc.
        Bundle ID: com.ultraman.puzzshuwa
        App Store Link: https://apps.apple.com/us/app/ultraman-puzzle-shuwatch/id6744716764?uo=4

         

         

        📌 Mod Requirements

        - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
        - Sideloadly or alternatives.
        - Computer running Windows/macOS/Linux with iTunes installed.

         

        🤩 Hack Features

        - Damage Multiplier
        - Always Our Turn
        - No ADS

         

        ⬇️ iOS Hack Download IPA Link


        Hidden Content

        Download via the iOSGods App







         

        📖 PC Installation Instructions

        STEP 1: Download the pre-hacked .IPA file from the link above to your computer. To download from the iOSGods App, see our iOSGods App IPA Download Tutorial which includes a video example.
        STEP 2: Download Sideloadly and install it on your Windows or Mac.
        STEP 3: Open Sideloadly on your computer, connect your iOS device, and wait until your device name appears in Sideloadly.
        STEP 4: Once your iDevice is recognized, drag the modded .IPA file you downloaded and drop it into the Sideloadly application.
        STEP 5: Enter your Apple Account email, then press “Start.” You’ll then be asked to enter your password. Go ahead and provide the required information.
        STEP 6: Wait for Sideloadly to finish sideloading/installing the hacked IPA. If there are issues during installation, please read the note below.
        STEP 7: Once the installation is complete and you see the app on your Home Screen, you will need to go to Settings -> General -> Profiles / VPN & Device Management. Once there, tap on the email you entered from step 6, and then tap on 'Trust [email protected]'.
        STEP 8: Now go to your Home Screen and open the newly installed app and everything should work fine. You may need to follow further per app instructions inside the hack's popup in-game.

        NOTE: iOS/iPadOS 16 and later, you must enable Developer Mode. For free Apple Developer accounts, you will need to repeat this process every 7 days. If you have any questions or problems, read our Sideloadly FAQ section of the topic and if you don't find a solution, please post your issue below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.

         

        🙌 Credits

        - AlyssaX64

         

        📷 Cheat Video/Screenshots

        N/A
          • Winner
          • Like
        • 29 replies
        AlyssaX64

        Picked By

        AlyssaX64,
      • 32 Heroes: Retro RPG +4 Jailed Cheats

        32 Heroes: Retro RPG +4 Jailed Cheats

        AlyssaX64 posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: 32 Heroes: Retro RPG By Lunosoft Inc.
        Bundle ID: com.lunosoft.ttheroes
        App Store Link: https://apps.apple.com/us/app/32-heroes-retro-rpg/id6737118316?uo=4

         

         

        📌 Mod Requirements

        - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
        - Sideloadly or alternatives.
        - Computer running Windows/macOS/Linux with iTunes installed.

         

        🤩 Hack Features

        - Damage Multiplier
        - Defense Multiplier
        - Freeze Currencies
        - Claim Pass Rewards

         

        ⬇️ iOS Hack Download IPA Link


        Hidden Content

        Download via the iOSGods App







         

        📖 PC Installation Instructions

        STEP 1: Download the pre-hacked .IPA file from the link above to your computer. To download from the iOSGods App, see our iOSGods App IPA Download Tutorial which includes a video example.
        STEP 2: Download Sideloadly and install it on your Windows or Mac.
        STEP 3: Open Sideloadly on your computer, connect your iOS device, and wait until your device name appears in Sideloadly.
        STEP 4: Once your iDevice is recognized, drag the modded .IPA file you downloaded and drop it into the Sideloadly application.
        STEP 5: Enter your Apple Account email, then press “Start.” You’ll then be asked to enter your password. Go ahead and provide the required information.
        STEP 6: Wait for Sideloadly to finish sideloading/installing the hacked IPA. If there are issues during installation, please read the note below.
        STEP 7: Once the installation is complete and you see the app on your Home Screen, you will need to go to Settings -> General -> Profiles / VPN & Device Management. Once there, tap on the email you entered from step 6, and then tap on 'Trust [email protected]'.
        STEP 8: Now go to your Home Screen and open the newly installed app and everything should work fine. You may need to follow further per app instructions inside the hack's popup in-game.

        NOTE: iOS/iPadOS 16 and later, you must enable Developer Mode. For free Apple Developer accounts, you will need to repeat this process every 7 days. If you have any questions or problems, read our Sideloadly FAQ section of the topic and if you don't find a solution, please post your issue below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.

         

        🙌 Credits

        - AlyssaX64

         

        📷 Cheat Video/Screenshots

        N/A
          • Informative
          • Agree
          • Thanks
          • Like
        • 17 replies
        AlyssaX64

        Picked By

        AlyssaX64,
      View All
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines