5

i have an ARMv7 Mach-O Executable on which I want to patch out a certain segment in the binary header which prevents DYLD injection.

more information here under point 3. of preventing dyld injection. TL;DR a __RESTRICT binary header section with a __restrict segment prevents DYLD injection on iOS.

Unfornatunately i'm not sure howto patch the file properly. Do I simply fill the file offset responsible for the LC_SEGMENT with zeros or do I remove it altogether (meaning cutting out and therefore altering file size and probably? breaking offsets)?

Thanks in advance

Malte

Malte
  • 183
  • 4

2 Answers2

2

This tool claims it can move and remove load commands. Might be worth a look.

Timmmm
  • 121
  • 3
  • The interface for this tool is somewhat clumsy, but I was able to remove a segment, but it does not update "relocation bytecodes". In my binary the bytecodes still referenced the removed segment after removal. – neuralmer Aug 25 '21 at 16:03
0

EDIT
Many years later I finally got a mac and can confirm @igors comments - it does not work for mac (: Keeping this here for reference on how to achieve on Linux

Stripping a section from an ELF file is easy enough using the 'strip' command in any Linux (I'd bet in OSX too, though I never tried it myself).

Just do:

strip -R __restrict

It should do the trick

Ishay Peled
  • 137
  • 6
  • 2
    the question is about Mach-O, not ELF. OS X strip does no do section removal. – Igor Skochinsky Dec 14 '16 at 11:30
  • @IgorSkochinsky plain wrong. See man page here (http://www.unix.com/man-page/osx/1/strip/) and -R parameter here: -R filename Remove the symbol table entries for the global symbols listed in filename. This file has the same format as the -s filename option above. This option is usually used in combination with other options that save some symbols, -S, -x, etc. – Ishay Peled Dec 15 '16 at 16:15
  • Also check out the -c flag – Ishay Peled Dec 15 '16 at 16:15
  • 3
    Just as you quoted, -R removes symbols, not sections (this is not GNU strip). As for, -c, while it does remove sections, the resulting file can be only used for linking (and you can't specify what to remove). Perhaps I should have said "does not do user-specified section removal". – Igor Skochinsky Dec 15 '16 at 18:15
  • 1
    Igor is right, Apple's strip can't remove sections. -R removes symbols and -c removes all sections (if I'm reading it right). – Timmmm Mar 05 '18 at 13:50
  • Although this doesn't address the question from OP, I found this helpful because I am also interested in doing this for Linux. – neuralmer Aug 25 '21 at 16:04