Help/Support arm64 Hacking Questions

xiaov · May 25, 2017

5 hours ago, shmoo said:

since I have to accept that 64 bit hacking is the future, I need to learn arm64. But first I have a few questions:

1. Every time you want to breakpoint, do you have to add the ASLR bias to the offset?

2. Do watchpoints work on arm64?

3. Do you have to wait for LLDB to process a 64 bit binary?

4. What is the 64 bit equivalent to r7?

@ZahirSher @Goggwell

1. Every time you want to breakpoint, do you have to add the ASLR bias to the offset?

YES, arm64 no method to disable ASLR.. so you must type "image list" to list out the ASLR..

2. Do watchpoints work on arm64?

YES, with lldb.

3. Do you have to wait for LLDB to process a 64 bit binary?

YES, sometime takes few mins.

4. What is the 64 bit equivalent to r7?

w23

May 25, 2017

Awesome thanks everyone Adding the bias every time will be annoying so I'll make an application for mac (maybe for windows in java ?)

13 hours ago, cz1993 said:

@ZahirSher

1. Every time you want to breakpoint, do you have to add the ASLR bias to the offset?

yes like a armv7

2. Do watchpoints work on arm64?

yes. most of times works

3. Do you have to wait for LLDB to process a 64 bit binary?

what mean wait lldb? but i know not need to thin the arm64 binary. i tried. works too but if armv7 install the hack will not works because we hack the arm64 binary.

4. What is the 64 bit equivalent to r7?

this better read the register. sometimes is x13,w13,w15,w15.

all my hack i use your mod menu @shmoo . but sometimes got some issue with 2-byte hex. if you have some new version let me know thx!!

arm64 doesn't allow 2 byte instructions

cz1993 · May 25, 2017

1 hour ago, shmoo said:

Awesome thanks everyone Adding the bias every time will be annoying so I'll make an application for mac (maybe for windows in java ?)

arm64 doesn't allow 2 byte instructions

Yeah.. works fine with arm64... only have some i ssue with armv7

i0s_tweak3r · May 26, 2017

On 5/24/2017 at 7:51 PM, ZahirSher said:

1. Every time you want to breakpoint, do you have to add the ASLR bias to the offset?
No clue sorry Dont do lldb hacking

2. Do watchpoints work on arm64?
They should, @cz1993 does em.

3. Do you have to wait for LLDB to process a 64 bit binary?
No clue but you will need to thin it (arm64 binary only) ? So it should process it logically?

4. What is the 64 bit equivalent to r7?
I use w23, x23

3. If you download the app on an arm64 device, you don't need to thin the binary because it is already just the arm64 portion. If you download on computer through iTunes then it will be a fat file, and need to be thinned. Right?

Updated May 26, 2017 by i0s_tweak3r
Sorry I shouldn't have questioned an idol of mine....