I've put together this small tool which removes ASLR from iOS applications.
https://github.com/peterfillmore/removePIE
This works by flipping the MH_PIE bit used in the MACH-O header of the application.
Since iOS 6.0 this bit is enabled by default in xcode when compiling applications.
**Update**
Still works for the iOS 6.1 update, doesn't require resigning of the binary if using the evasi0n jailbreak as i believe signature checking of apps is patched out.
This is really brilliant work. Never thought of something like this :)
ReplyDeleteIf I run the removePIE by copying into .app directory, it works perfectly.
Ex: removePIE Facebook
But If I run the removePIE by supplying the binary path it is ending with segmentation fault:11.
Ex: removePIE /var/mobile/Applications/[uuid]/Facebook.app/Facebook