Comments on: Very small update…

By: skuret

skuret — Fri, 02 Jul 2010 10:11:10 +0000

thank you very much for the help. and also thanks for pointing out that svn trunk of otx has x64 support. (i guess i read it here somewhere)

By: fG!

fG! — Fri, 25 Jun 2010 23:07:05 +0000

Macserialjunkies.

By: Gunther

Gunther — Fri, 25 Jun 2010 16:40:59 +0000

Hi fG!,

but may i know the website you got the crackmes from MSJ challenge?

Thanks in advance.

BR,
[ Gunther ]

By: fG!

fG! — Mon, 21 Jun 2010 22:03:41 +0000

Check out http://vxheavens.com/lib/vsc04.html

It’s the false breakpoint trick (int3). There is one int3 in the code but that one isn’t breaking. I bet the binary has obfuscated code protecting that int3 that’s confusing gdb. You will have to trace since the entrypoint and manually find where it is (yeah it’s a pain in the ass but works all the time!).
I don’t have the time at the moment to further analyse it! But it seems like an interesting time. First time I ever saw someone using this trick at OS X.
Have fun!

By: fG!

fG! — Mon, 21 Jun 2010 21:43:03 +0000

Hello,
Sorry for the late answer. I think 06 is the error for a anti-debug technique published by Apple. I cannot remember the name right now. I will have to find my notes to see what is it!
Let me see if I can find it. Not sure if it is into one of the removed tutorials.

fG!

By: skuret

skuret — Wed, 16 Jun 2010 15:29:46 +0000

Hi! I could not find out anywhere else to ask you this so I am posting a comment. I am an intermediate reverser. I can write keygens for mac. But I cannot circumvent anti debugging techniques. Nowadays I am working on it. I was looking at Postbox 1.1.5 and i cannot even figure out what anti debugging technique is used. If you have time and see which technique is used i can start to work on it. I know it is a little too much to ask but i figured i should try my chances.

by the way in gdb, program exits with code 06.

thanks for this fantastic blog