Jump to content
Community Announcements, Giveaways & More!

Getting LLDB breakpoint address from IDA

maddo7

By maddo7
in Help & Support

13 posts in this topic

Recommended Posts

maddo7 Newbie

maddo7 0
  •   14 

    • Posted
    • Author
    Posted

    I just read tutorials about ASLR and I think it's not necessary to remove it if I add it to the address like I did: ASLR Base + Pointer from IDA.

     

    Now it seems I've found the address, the breakpoint triggers on LLDB when I click the button

     

    Then there's another issue. When the breakpoint hits I get this error:

    (lldb) Process 21538 stopped
* thread #13: tid = 0x6538, 0xff76545e, stop reason = EXC_BAD_ACCESS (code=1, address=0xff76545e)
    frame #0: 0xff76545e
error: memory read failed for 0xff765400

    And the app continues to run but seems to be bugged. I can see the loading circle spinning but nothing else works.

     

    When I stop the debugserver, the whole phone crashes and restarts.

     

    What is causing this and how can I fix it?

    Guest

    Guest

    Posted
    Posted

    I just read tutorials about ASLR and I think it's not necessary to remove it if I add it to the address like I did: ASLR Base + Pointer from IDA.

     

    Now it seems I've found the address, the breakpoint triggers on LLDB when I click the button

     

    Then there's another issue. When the breakpoint hits I get this error:

     

    (lldb) Process 21538 stopped
* thread #13: tid = 0x6538, 0xff76545e, stop reason = EXC_BAD_ACCESS (code=1, address=0xff76545e)
    frame #0: 0xff76545e
error: memory read failed for 0xff765400
    And the app continues to run but seems to be bugged. I can see the loading circle spinning but nothing else works.

     

    When I stop the debugserver, the whole phone crashes and restarts.

     

    What is causing this and how can I fix it?

    ASLR causes what would be static offsets to be shuffed at runtime. You don't have to disable it but I would suggest it because its a headache to keep having to add the ASLR bias to the offset you want to hack.

     

    Here's my advice. Remove ASLR. Then use GDB for breakpoints. LLDB has to process the binary (at least I think thats why it takes so long), whereas GDB doesn't. GDB is great for breakpoints. When you stop the debugserver, its like pulling the plug on a computer. You're shattering the only connection that the debugserver has with the device. It's supposed to happen, but I don't know why yours reboots. My phone just crashes the app.

    Archived

    This topic is now archived and is closed to further replies.

    Go to topic listing
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines