mhaeuser Posted March 23, 2016 Share Posted March 23, 2016 Hey guys, Does someone happen to know if boot.efi uses KASLR even in no-cache mode (-f), for the versions of OS X that even support it? I don't have the setup to test (only El Capitan, which no longer supports -f), so would be cool if somebody knew. Regards, DF. Link to comment Share on other sites More sharing options...
mhaeuser Posted March 23, 2016 Author Share Posted March 23, 2016 I threw a Mountain Lion boot.efi into IDA and it seems like KASLR is used with no-cache boot. It's used when: 1) prelinkedkernel header (if booting with caches) has a prelinkVersion >=1 AND the kernel's mach_header's flags has MH_PIE set. 2) You are not booting in safe mode. 3) It has not been disabled via the according hotkey. Link to comment Share on other sites More sharing options...
Recommended Posts