Skip to content
This repository was archived by the owner on Feb 2, 2023. It is now read-only.

Patching ASR

Jump to bottom
adam edited this page Aug 14, 2021 · 7 revisions

This guide is out of date. Please don't use this, use bundlegen instead for now.

Patching ASR

  • This guide is an attempt to 'ELI5' patching a 64-bit ASR binary with IDA Pro.

Requirements

  • IDA Pro 7.0 or higher
  • ldid from Homebrew

1 - Preparation

  • When you first open IDA, you'll see this window. Click on New, then navigate to your ASR binary.

  • After you've selected the ASR binary, you'll get to this window. Don't change anything, just click on Ok at the bottom.

  • Wait for IDA to finish autoanalysis on the ASR binary. It'll be finished when the bottom left corner of the window says AU: idle.

2 - Patching

  • Bring up the text search window.

  • Type Image failed into the text box, then click Ok.

  • Right click and click Text View.

  • You should see something similar to this. Write down the highlighted values somewhere.

    • For the rest of the guide, I'll be referring to the green highlighted text as failed_loc, and the purple-bluish highlighted text as failed_loc_addr.

  • Open the text search window again, and search for Image passed.
  • You should see something similar to this. Write down the highlighted values somewhere.
    • For the rest of the guide, I'll be referring to the pink highlighted text as passed_loc, and the orange highlighted text as passed_loc_addr.

  • Search for failed_loc, but make sure to check Find all occurrences before searching.
  • You'll be taken to a view of all occurrences of failed_loc. We'll only be patching the first occurrence, so double click on the first result.
  • You should see something similar to this. Write down the highlighted value somewhere.
    • For the rest of the guide, I'll be referring to the yellow highlighted text as failed_ref_addr, and the gray highlighted text as failed_ref.

  • Highlight failed_ref and switch to the Hex View. This will show you the failed_ref instruction in hex. Write this down somewhere.
    • For the rest of the guide, I'll be referring to it as failed_ref_hex.

  • Go to this hex calculator. Change the operation to subtraction, and enter in passed_loc_addr and failed_ref_addr for the first and second values, respectively. Calculate the result, and write down the hex result somewhere.
    • For the rest of the guide, I'll be referring to it as addr_result.

  • Go to armconverter, and click on the icon with 2 arrows to switch to hex -> arm.
  • On the left, paste failed_ref_hex. On the right, highlight and copy the value under ARM64.
  • Click on the icon with 2 arrows again to switch back to arm -> hex. Paste in the value you got from under ARM64.
  • Change the last value (that ends in 0x) to 0xaddr_result.
    • (e.g. If your addr_result was 6, change the last value to 0x6)

  • Write down the value under ARM64.

    • For the rest of the guide, I'll be referring to it as hex_result.

  • Go back to IDA. Under the Hex View, click on failed_ref_hex (make sure the text cursor is at the beginning of failed_ref_hex), then right click and select Edit.... Type in hex_result, then right click and select Apply changes.

  • At the top, click on Edit -> Patch Program -> Apply patches to input file...

  • You're finished!

  • Before:

  • After:

  • Don't forget to resign the binary with ldid, or else it won't be usable.

    • ldid -e asr > entitlements.xml
    • ldid -Sentitlements.xml <patched ASR binary>
    • rm entitlements.xml

Clone this wiki locally