Help/Support How to remove ASLR when the binary is already thinned?

Artgrig1991 · March 8, 2017

i have cracked the binary of an app and when i try to thin it the terminal wrote that it's not a FAT file so it's already thinned but when i try to remove ASLR withe removePIE terminal says that it's not a mach -o file.. so what can i do if it's already thinned but it says that... help please ((

Reply
Report

Joka · March 8, 2017

Just go to http://armconverter.com/binarytools/, upload the binary and click on "Remove ASLR".

Artgrig1991 · March 8, 2017

Thank you but i would like to know how to manually do that..

Pro · March 8, 2017

Just go to http://armconverter.com/binarytools/, upload the binary and click on "Remove ASLR".

rip my reply disappeared when it got moved

Archangel04 · March 8, 2017

Even easier if you dont have a high cap net, use 'remove aslr' app. Then you need to sign the binary with 'ldid -s binaryname' in Mterminal.

LASTLY, set permissions to 755/777.

Alternative method :

If you use GDB, use 'info address _mh_execute_header' and save the value. In IDA, see where _mh_execute_header is, usually it is 4000 and at the top.

For LLDB, use image list and scroll to the top (VERY LONG)

Assuming the address you get is HEXADRESS, and your aslr value from gdb is ASLR, and the actual address is HEXINIDA use a hex calculator (just google) and do

HEXADRESS - ASLR + HEXINIDA.

This is your true address.

Note: As it is hex. simply subtracting 4000 from a value like 100000 or so DOES NOT GIVE YOU REAL VALUE. IT DOES NOT BECOME 96000.