Debug shared ARM binary

Question

Debug shared ARM binary

I took apart the shared ARM binary with Hopper and found the address of the method of interest to me, 0x00065414. However, when connected to a running application with gdb, all addresses start with a base address that I cannot understand. How to determine the base address of my working application (entry point?) In gdb?

Notes

FairPlay binary DRM file was deleted with Clutch
ASLR was removed by clearing the PIE header flag using python script
Checked Changes with otool

Configure GDB

$ gdb ./MyApplication
(gdb) attach -waitfor MyApplication

Launch the application, and it pauses immediately at startup.

(gdb) where
#0  0x3bbcdb88 in <redacted> ()
#1  0x3bbbc8fc in <redacted> ()
#2  0x3bbc4130 in <redacted> ()
#3  0x3bbc4014 in ccpbkdf2_hmac ()
#4  0x3bb9f9d0 in CCKeyDerivationPBKDF ()
#5  0x0015b750 in dyld_stub_pthread_key_create ()
#6  0x0015ca46 in dyld_stub_pthread_key_create ()
#7  0x0015c69c in dyld_stub_pthread_key_create ()
#8  0x0015b4d0 in dyld_stub_pthread_key_create ()
#9  0x0015c110 in dyld_stub_pthread_key_create ()
#10 0x0001695a in dyld_stub_pthread_key_create ()
#11 0x000ba256 in dyld_stub_pthread_key_create ()
#12 0x00017bde in dyld_stub_pthread_key_create ()
#13 0x33b9eaac in <redacted> ()
#14 0x33b9e4f2 in <redacted> ()
#15 0x33b98b40 in <redacted> ()
#16 0x33b33a06 in <redacted> ()
#17 0x33b32cfc in <redacted> ()
#18 0x33b98320 in <redacted> ()
#19 0x3601876c in <redacted> ()
#20 0x36018356 in <redacted> ()
#21 0x31374776 in <redacted> ()
#22 0x31374712 in <redacted> ()
#23 0x31372ede in <redacted> ()
#24 0x312dd470 in CFRunLoopRunSpecific ()
#25 0x312dd252 in CFRunLoopRunInMode ()
#26 0x33b975c2 in <redacted> ()
#27 0x33b92844 in UIApplicationMain ()
#28 0x0001aaf2 in dyld_stub_pthread_key_create ()
#29 0x00009028 in dyld_stub_pthread_key_create ()

Checking out various places for expected instructions so that I can set a breakpoint:

(gdb) disas 0x65414
No function contains specified address.

, - + 0x65414. 0x33b92844, UIApplicationMain.

(gdb) disas 0x33BF7C58
Dump of assembler code for function <redacted>:
0x33bf7934 <<redacted>+0>:  f0 b5                         push  {r4, r5, r6, r7, lr}

, . .

+4

arm objective-c reverse-engineering gdb

Cameron Lowell Palmer 08 . '14 21:37

2

tangrs · Answer 1 · 2014-02-09T12:16:54+0000

ASLR, , .

ASLR, GDB - .

(gdb) set disable-randomization off
(gdb) start

Igor Skochinsky · Answer 2 · 2014-02-10T11:38:42+0000

info file / info shared .

(gdb) info file
Mac OS X executable:
        <...>/test, file type mach-o-le.
        Entry point: 0x00002104
        0x00001000 - 0x0002b000 is <...>/test
        <...>

Debug shared ARM binary

Notes

Configure GDB

More articles: