Help/Support App crashes with Thinned+ASLR Removed binary

[KillerAE 177 Donor]

2 minutes ago, TheArmKing said:

if you are on ios 9 do try the previous link i mentioned 

 

I will try it

[KillerAE 177 Donor]

1 hour ago, TheArmKing said:

if you are on ios 9 do try the previous link i mentioned 

 

doesn't work.....I have removed the jailbreak then rejailbroken and still the same issue....

[Rook 550.4k iPad Pro (2nd gen) 17.4 Donor]

If you're removing ASLR on a ARMv7 binary, it should work. ARM64 it will just crash.

If it still crashes after signing, then you will just have to bypass it manually as ARMKing linked above.

[KillerAE 177 Donor]

40 minutes ago, DiDA said:

If you're removing ASLR on a ARMv7 binary, it should work. ARM64 it will just crash.

If it still crashes after signing, then you will just have to bypass it manually as ARMKing linked above.

I am not sure which method to use because I am using the IDA 7.0 IOS debugger and I don't know if it is related to GDB or LLDB

[Rook 550.4k iPad Pro (2nd gen) 17.4 Donor]

1 minute ago, steelabood said:

I am not sure which method to use because I am using the IDA 7.0 IOS debugger and I don't know if it is related to GDB or LLDB

I think you should use LLDB first since there are more tutorials on that than the new IDA debugger.

[TheArmKing 60.1k iPad Mini 9.3.5]

1 hour ago, DiDA said:

ARMKing

emphAsis on ARM i lik it 

 

 

41 minutes ago, steelabood said:

I am not sure which method to use because I am using the IDA 7.0 IOS debugger and I don't know if it is related to GDB or LLDB

its not related , but it needs ASLR removed , so just use lldb isntead 
 

 

like both need the aslr gone , but lldb is less painful than IDA

[Archangel04 32.9k iPhone 7 14.3]

Also, try this (if ARMv7. If it's 64 then don't bother, you should use image list to defeat ASLR)

1) Open the binary in a hex editor. 

2) Go to 1A. The code should be "20" or "21" or so. Change the 2 to 0.

3) sign with ldid. Set perm as 755/777. Put binary in app

4) ???

5) Profit.

 

[KillerAE 177 Donor]

12 hours ago, Archangel04 said:

Also, try this (if ARMv7. If it's 64 then don't bother, you should use image list to defeat ASLR)

1) Open the binary in a hex editor. 

2) Go to 1A. The code should be "20" or "21" or so. Change the 2 to 0.

3) sign with ldid. Set perm as 755/777. Put binary in app

4) ???

5) Profit.

 

should I do it with the binary that is "thinned and aslr removed" or just "thinned"?

Nevermind I just saw that it just needs to be thinned

Updated December 12, 2017 by steelabood

[KillerAE 177 Donor]

12 hours ago, Archangel04 said:

Also, try this (if ARMv7. If it's 64 then don't bother, you should use image list to defeat ASLR)

1) Open the binary in a hex editor. 

2) Go to 1A. The code should be "20" or "21" or so. Change the 2 to 0.

3) sign with ldid. Set perm as 755/777. Put binary in app

4) ???

5) Profit.

 

Unfortunately doesn't work....  

[Archangel04 32.9k iPhone 7 14.3]

1 hour ago, steelabood said:

Unfortunately doesn't work....  

Only other way is to use gdb and use the command "info address _mh_execute_header" then subtract 0x4000 from it. Thats your ASLR and you need to add/subtract that depending on usage. For ex, if you get offset from IDA, you add. If offset from gdb, then subtract