I've put together this small tool which removes ASLR from iOS applications.
This works by flipping the MH_PIE bit used in the MACH-O header of the application.
Since iOS 6.0 this bit is enabled by default in xcode when compiling applications.
Still works for the iOS 6.1 update, doesn't require resigning of the binary if using the evasi0n jailbreak as i believe signature checking of apps is patched out.
This is really brilliant work. Never thought of something like this :)ReplyDelete
If I run the removePIE by copying into .app directory, it works perfectly.
Ex: removePIE Facebook
But If I run the removePIE by supplying the binary path it is ending with segmentation fault:11.
Ex: removePIE /var/mobile/Applications/[uuid]/Facebook.app/Facebook