Uncategorized

Merry Christmas or whatever applies or not to your particular case, and much more important, Happy New Year!
The world is messed up and it will probably get worse in 2012. Cheer up and be positive!

Let me write some quick notes about some stuff:

- Take a look at Snare’s presentation about OS X Rootkits! Available at Papers section or here.
- Check out the fantastic Hopper disassembler and decompiler here or at the Mac App Store. It’s cheap and it’s great! I was quite surprised by its quality since such tool involves quite an amount of work!
- I have made a quick patch for MachOView to support the LC_ENCRYPTION_INFO command. Grab it here. Applies to the latest SVN version.
- The papers section is updated and better organized. It’s quite a collection!
- @DarkLapu has a new blog featuring a few Mac malware posts. Check it out here – great to see more work being published.
I did some analysis into Flashback-G but I have to ask to the person who submitted the sample if I can write about it. It has what I think will be (“cool”) features to be implemented in the near future. By the way, Flashback author I would love to have a talk with you. My PGP key is in the About page, total confidentiality guaranteed! I am just curious about some things in your code
- @hellais started a sandbox profiles project! The url is https://github.com/hellais/Buckle-Up. Glad to see new stuff coming up.
- Hum I think I am forgetting something else…

I have been working in some interesting stuff related to anti-debugging, rootkits and malware. Maybe I will try to make a presentation of this and submit it somewhere or just publish it here. In 2012 I have to (well, I should) move my ass into a job and stop my damn busy and too fun unemployment status, so let’s see where this ends.

Happy New Year! In crisis lies opportunity.
Live a long and prosper life, and more important, enjoy it!

fG!

This blog is more or less 4 years old (the first draft post is from 2007/09/25) … Uau, time passed by quickly! Mistakes were made, valuable lessons were learnt, new tricks developed, knowledge improved, and most important, fun!

I created this blog because there was so little public information about reversing in OS X. The act of sharing information and knowledge helps you in the research and learning process. Unfortunately I cannot share as much as I wanted to – the world is full of greed and stupidity (read Survival of the Stupidest) and someone will always misuse information. Maybe all the current economic problems make people rethink their objectives in life and the world starts to change for the better. I don’t have lots of hope about this. Let’s see if I am wrong

Anyway, the blog will probably slow down a lot in the next couple of months. My baby girl is almost entering this world and parenting in the first months seems to be a pretty intense activity. It will be an hibernation period until everything is running smooth (I hope! ).

Special thanks go to saure for the little tweaks he gave to the blog design template.

As usual, if you have anything you want to publish or spread the word about, just mail it to me. I always want to learn new things

Have fun,
fG!

I have just finished reading the legal papers served against Geohot regarding the PS3 jailbreaking/cracking/private keys/etc. It shows the sad state that we have reached into reverse engineering and society as a whole. It’s a fight between knowledge and profit, and in the middle there is a grey area called piracy.

My passion for knowledge is very deep and I like to try to understand everything I can. I remember the day I had my Commodore Amiga 500 and someone sent me a disk with a special menu that I never saw before. I spent a few days to understand how it was done. I started into breaking protections because of that magical aura around hardware dongles – they were said to be unbreakable or very hard to beat, which is of course the type of thing that curious people love to heard since they mean a challenge. I love to share information and knowledge because that forces me to keep searching for more, better and innovative information. That’s why I created this blog 3 years ago – very few information regarding OS X reversing was available. The result is that more people are reversing into OS X although the results and tools produced don’t seem to follow such increase.

I deeply understand the motivations behind breaking consoles protections (Bunnie’s “Hacking the XBOX” book is a great read about this) and showing to the world the results. Most of us are purely driven by curiosity and knowledge (and public acknowledgement is always a great ego booster – we Humans require maintenance to our egos!) and usually don’t think about the consequences or down play them (well most are good intentioned).

The problem is that the world these days is driven by greed – everyone wants to have more money, preferably without working too much. And that’s why we arrived to this clash between knowledge and profits. We want our own work to be valued (in the form of a job, for example) but then we don’t respect others work. Of course companies aren’t the good side of this story – they also abuse their customers and took so many bad decisions that we as a society stopped believing them. And so we entered in a war that it’s getting worst everyday. Instead of increasing transparency and public information, like Wikileaks propaganda wants to impose us, everything will get worst – information will be more restricted and penalties for those who are curious will increase, if they come public with their findings. Taking information private will be worse for the society, very few will take a chance to publish it since these new “crimes” are being punished with harsh sentences, in some countries higher than rape and robbery! This is crazy!

It’s sad watching knowledge going private…

Hi!

I just updated the crackmes with #5 from MSJ challenge and added a new tool for encrypting/decrypting apple encrypted binaries. I had planned to do this tool but it’s great that someone did it first! It’s good to see people developing tools for OS X, even if they are very simple. Thank you to the author and to the guy who pointed me to it and sent the crackme

My free time is back to very restricted and so I have been advancing very slowly on some projects. I have yet to fix onyx to 64bits and to release an update to ptool (fixed some bugs, added more output information, and added a simple option to modify the entrypoint).

Anyway, if you find more tools and crackmes feel free to send them to me. I love to collect this stuff and I can centralize that information (no monetary reasons since I don’t have any banners . Btw the original url for the encryptor/decryptor is here.

As usual, have fun! Keep learning but don’t spread your cracks
fG!