Help/Support Getting LLDB breakpoint address from IDA

maddo7 · November 28, 2016

I just read tutorials about ASLR and I think it's not necessary to remove it if I add it to the address like I did: ASLR Base + Pointer from IDA.

Now it seems I've found the address, the breakpoint triggers on LLDB when I click the button

Then there's another issue. When the breakpoint hits I get this error:

(lldb) Process 21538 stopped
* thread #13: tid = 0x6538, 0xff76545e, stop reason = EXC_BAD_ACCESS (code=1, address=0xff76545e)
    frame #0: 0xff76545e
error: memory read failed for 0xff765400

And the app continues to run but seems to be bugged. I can see the loading circle spinning but nothing else works.

When I stop the debugserver, the whole phone crashes and restarts.

What is causing this and how can I fix it?

Updated November 28, 2016 by maddo7

Crypto · November 28, 2016

@shmoo

December 2, 2016

I just read tutorials about ASLR and I think it's not necessary to remove it if I add it to the address like I did: ASLR Base + Pointer from IDA.

Now it seems I've found the address, the breakpoint triggers on LLDB when I click the button

Then there's another issue. When the breakpoint hits I get this error:
(lldb) Process 21538 stopped
* thread #13: tid = 0x6538, 0xff76545e, stop reason = EXC_BAD_ACCESS (code=1, address=0xff76545e)
    frame #0: 0xff76545e
error: memory read failed for 0xff765400
And the app continues to run but seems to be bugged. I can see the loading circle spinning but nothing else works.

When I stop the debugserver, the whole phone crashes and restarts.

What is causing this and how can I fix it?

ASLR causes what would be static offsets to be shuffed at runtime. You don't have to disable it but I would suggest it because its a headache to keep having to add the ASLR bias to the offset you want to hack.

Here's my advice. Remove ASLR. Then use GDB for breakpoints. LLDB has to process the binary (at least I think thats why it takes so long), whereas GDB doesn't. GDB is great for breakpoints. When you stop the debugserver, its like pulling the plug on a computer. You're shattering the only connection that the debugserver has with the device. It's supposed to happen, but I don't know why yours reboots. My phone just crashes the app.