Jump to content

🛡️ Introducing Shiro Security - Game Security Research & Engineering

×
Community Announcements, Giveaways & More!

When I Remove ASLR and attach in lldb and a watchpoint hits, lldb stops responding

Juku

By Juku
in Help & Support

 Share
Go to solution Solved by Juku,

4 posts in this topic

Recommended Posts

Juku Newbie

Juku 5k
  •   iPhone SE 
  •   11.3.1

    • Posted
    Posted

    Hello. So this is a sort of a follow up on my previous help n support. I know I said earlier my lldb stops responding all the time. I diagnosed the problem and I have more details now. Let me put three instances or the binary, and say which works and which doesn't.

     

    Thinned binary: In lldb it works fine and gives me an offset, but its the wrong offset since aslr is not removed

     

    thinned binary with aslr removed: usually it works fine and gives me the right offset but now lldb stops responding.

     

    non thinned: works fine but idk if its the right arm64 offset since no aslr removed

     

     

    it seems lldb is only doing this with the aslr removed binary which is the most important.... so my question is, why is aslr removed binary causing lldb to not respond? Should i redownload the game and remove aslr again and everything idk.

    Archangel04 Rookie

    Archangel04 33.1k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted

    Use "image list" and see the top listing (its pretty long). Compare that value with the value in IDA and subtract the difference (where the aslr value is greater obviously) from the offsets.

     

    you need to do this for each session as ASLR would change the address every time

    • Solution
    Juku Newbie

    Juku 5k
  •   iPhone SE 
  •   11.3.1

    • Posted
    • Author
    • Solution
    Posted

    Use "image list" and see the top listing (its pretty long). Compare that value with the value in IDA and subtract the difference (where the aslr value is greater obviously) from the offsets.

    you need to do this for each session as ASLR would change the address every time

    yeah. This only works for x64 as far as I know. Gives wrong offset in x32 apparently.

    No real solution atm... Just hacked the x64 binary instead...

    Archangel04 Rookie

    Archangel04 33.1k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted (edited)

    yeah. This only works for x64 as far as I know. Gives wrong offset in x32 apparently.No real solution atm... Just hacked the x64 binary instead...

    I hacked 32 bit binary with 64 bit lldb.

     

    It works correctly but shows the functions in the wrong mode.

    go to the correct offset (after doing what i said), use hex to arm converter. One of them will be the one in IDA, other will be the one which shows you (unless they match which i dont think happens).

     

    This is cause of arm and thumb mode

    Updated by Archangel04

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share
    Go to topic listing
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines