aslr-kernel-patch

Tool to patch the ASLR slide generation in the kernel to disable user-land ASLR on 32-bit iOS

Example usage

Run the test program to verify ASLR is enabled.

Billys-N48AP:/var/mobile root# ./test1
ptr 0x23fe4
Billys-N48AP:/var/mobile root# ./test1
ptr 0x82fe4
Billys-N48AP:/var/mobile root# ./test1
ptr 0x7bfe4
Billys-N48AP:/var/mobile root#

The address printed is randomised on each execution.

Run the pwn_aslr program to patch the kernel

Billys-N48AP:/var/mobile root# ./pwn_aslr
[+] KASLR slide is 13000000
[+] Current bytes 4000f021
[+] Patched ASLR random instruction. ASLR disabled.
Billys-N48AP:/var/mobile root#

ASLR should now be disabled.

Re-run the test program to check

Billys-N48AP:/var/mobile root# ./test1
ptr 0xbfe4
Billys-N48AP:/var/mobile root# ./test1
ptr 0xbfe4
Billys-N48AP:/var/mobile root# ./test1
ptr 0xbfe4
Billys-N48AP:/var/mobile root#

The addresses printed are now static! ASLR has been disabled at the kernel level.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README.md		README.md
aslr_test.c		aslr_test.c
kernel_helper.c		kernel_helper.c
kernel_helper.h		kernel_helper.h
patch_aslr.c		patch_aslr.c

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

aslr-kernel-patch

Example usage

About

Uh oh!

Releases

Packages

Languages

Billy-Ellis/aslr-kernel-patch

Folders and files

Latest commit

History

Repository files navigation

aslr-kernel-patch

Example usage

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages