IOS reverse | how to avoid ASLR LLDB

Reference source

Ke.qq.com/course/3140…

What is ASLR?

Address Space Layout Randomization

ASLR technology is a kind of safe protection technology to buffer overflow, through the heap, stack, and Shared library mapping linear area layout randomization, by increasing the difficulty of the attacker to predict the destination address, position the attack code in order to prevent the attacker directly, achieve the goal of prevent overflow attack of a technology, introduced since iOS4.3.

The role of ASLR

Simply put, it makes the initial address of the executable file in memory different each time it runs, making it harder to reverse.

To avoid ASLR, set a memory breakpoint

In general, the value of the ASLR offset address is only needed to obtain the actual memory address of the executable file, such as a memory breakpoint.

The implementation is as follows:

1. Enter the LLDB dynamic debugging, if not dynamic debugging, please refer to https://www.jianshu.com/p/0a68d934f074

2. Run the following command to obtain the offset of ASLR.

image list -o -f 
Copy the code

breakpoint set -aThe offset of memory address + ASLR retrieved in Hopper or IDACopy the code

added

Addresses in Hopper and IDA are memory addresses that do not use ASLR.

IOS reverse | how to avoid ASLR LLDB

Reference source

What is ASLR?

The role of ASLR

To avoid ASLR, set a memory breakpoint

added

Related Posts

Six design principles: Interface isolation

Flutter. Framework in iOS project

IOS binary rearrangement