matteyeux · June 28, 2024 13:38
diff --git a/ghidra_iboot_rebase.py b/ghidra_iboot_rebase.py
 # Script to rebase 64 bits iBoots
 #@author matteyeux
 #@category iOS
 #@keybinding 
 #@menupath 
 #@toolbar 

 def get_disassembly(address):
 	"""
 	Get disassembly insn at specify addr.
 	"""
 	addr = toAddr(address)
 	insn = currentProgram.getListing().getCodeUnitAt(addr)
 	return insn

 def main():
 	# loop till we find "ldr" insn
 	for i in range(0, 128, 4):
 		insn = str(get_disassembly(i))
 		if "ldr" in insn:
 			print(insn)
 			break

 	# this is where the base addr is located
 	base_addr_location = int(insn.split(',')[1], 16)
 	print("base addr location : {}".format(base_addr_location))

 	base = getDataAt(toAddr(base_addr_location)).getValue()
 	base_addr = toAddr(base.getValue())

 	print("rebasing to 0x{}...".format(base_addr))
 	currentProgram.setImageBase(base_addr, True)

 if __name__ == '__main__':
 	main()
	# Script to rebase 64 bits iBoots
	#@author matteyeux
	#@category iOS
	#@keybinding
	#@menupath
	#@toolbar

	def get_disassembly(address):
	"""
	Get disassembly insn at specify addr.
	"""
	addr = toAddr(address)
	insn = currentProgram.getListing().getCodeUnitAt(addr)
	return insn

	def main():
	# loop till we find "ldr" insn
	for i in range(0, 128, 4):
	insn = str(get_disassembly(i))
	if "ldr" in insn:
	print(insn)
	break

	# this is where the base addr is located
	base_addr_location = int(insn.split(',')[1], 16)
	print("base addr location : {}".format(base_addr_location))

	base = getDataAt(toAddr(base_addr_location)).getValue()
	base_addr = toAddr(base.getValue())

	print("rebasing to 0x{}...".format(base_addr))
	currentProgram.setImageBase(base_addr, True)

	if __name__ == '__main__':
	main()