Tools

This page will hold local copies of reversing tools and scripts useful for Mac OS X reversing.

gdbinit v.7.4.4 – enhanced gdb output
(SHA256(gdbinit744.gz)= 2b223998571069f00edebd606d055c5b370ede5a8cb2b2fe69093c310e32c547)

gdbinit-ios-v0.4.gz – gdbinit version for iOS devices
(SHA256(gdbinit-ios-v0.4.gz)= 5a943545ad58650bd55d7762945b239802b72cb85d8bf700ec7b23e291a7e977)

0xEd v1.0.7 – hex editor
(SHA1(0xED.tar.bz2)= f64466b2d3cbf7b6d64eccfc1a36f8c0a7e3866d)

HexFiend – another hex editor
(SHA1(HexFiend.dmg)= 690ac9f60ab85ec6430b3db0376d0d20d3cecd9a)

Synalize it v1.0.3 – hex editor with binary file analysis grammar (looks great!!!) – Original website
(SHA256(SynalyzeIt_1.0.3.1.zip)= ab71d0f2e573321946ec144e60594d4155961b42aeafb2f5b5080bf9961348d0)

OTX v0.16b – disassembler
(SHA1(otx.dmg)= ff4987b7f22da6b289ee2bc7daa7c1a3db64ffed)

offset1.3.pl.gz – my offset calculator for fat binaries
(SHA256(offset1.3.pl.gz)= 2b091f2ea5fddce3ca22251b8d81578ba708811d4a3d2fdce8ae0c8a7972f1b3)

ptool1.3.pl.gz – sort of replacement for otool to display mach-o binaries headers
(SHA256(ptool1.3.pl.gz)= 715481e62978c183ccd82311acb6ccced2d12cab76a0c9ffb0345d653bce37ba)

ocalc.c – ghalen’s offset calculator for fat binaries
(SHA1(ocalc.c)= e32da310af2a25a09fc2de9c4826b113ab8ac705)

onyx-the-black-cat.v0.3 – anti anti-debug kernel module
(SHA1(onyx-the-black-cat-v0-3.tgz)= 194c2e7481113b562c6e23a2b5059769bc9e8ffb)

onyx-the-black-cat-v0.4 – version for Snow Leopard (not 64bit compatible, yet!)
(SHA1(onyx-the-black-cat-v0.4.tgz)= 5dff3c4a9246f2886b470aa0ab60b5e237ca3659)

AlanQuatermain-appencryptor – encryptor/decryptor for Apple Encrypted Binaries
SHA1(AlanQuatermain-appencryptor-a3da7c5.tar.gz)= 3c7f70fed359b7e259f08d00001ead936baef041

15 comments

Comments feed for this article

Trackback link: http://reverse.put.as/tools/trackback/

alex on August 13, 2009 at 9:46 pm

Hello,
This is Alex from Seattle. I just want to thank you so much for investing your time and energy into this website. It’s got an abundance of *reversing* knowledge for a relative novice such as myself, in addition to many advanced techniques as well.
It’s absolutely awesome!
Keep up the great work,

Cheers,
Alex

Reply
Neo on April 19, 2010 at 12:21 am

Hi friend,

Thanks a lot for sharing! This is the spirit!

This is the perfect place for a beginner like myself.

Please, keep the excellent work.

Neo

Reply
D.Performer on March 21, 2011 at 1:58 pm

Sir,
I really… really enjoy your website. I am a novice, but not without a brain, and I would really love to see a video of you using your recommended tools to show the mechanics of how to locate and negotiating a challenge/response authorization. If not, could you please direct me toward a resource that can illustrate the process from a hands on perspective? My interest right now involve an Audio Unit plug-in called Fielding DSP Reviver. You’re right, everyone seems to love One-Byte… Maybe it’s time for you to have an apprentice that will be your next Vader.

Take Care,

D.P

Reply
1. fG! on March 21, 2011 at 11:05 pm
  
  Hello,
  
  Sorry but I do not support anymore public cracking of protections. Any Windows tutorial on challenge/response authentication schemes should help to understand common implementations.
  
  Have fun,
  fG!
  
  Reply
  1. DP on March 23, 2011 at 5:51 pm
    
    fG,
    Thanks for the heads up, I kinda felt that you might say that. I appreciate your suggestion. Could you please help shed some light on using IDA to compile (patch?) edited assembly. Google brought up a few variations of “ida_patcher.c” to use on a IDA diff export. Can IDA directly change and save assembly code within a Unix Executable without having to go through the patching process?
    
    I’m using 10.6 SL OSX…
    
    Also, could you please help me compile this
    http://www.idabook.com/examples/chapter_14/ida_patcher.c
    
    I tried in terminal using the command
    gcc ida_patcher.c
    
    and got this:
    ida_patcher.c: In function ‘main’:
    ida_patcher.c:51: warning: incompatible implicit declaration of built-in function ‘exit’
    ida_patcher.c:61: warning: incompatible implicit declaration of built-in function ‘exit’
    ida_patcher.c:70: warning: incompatible implicit declaration of built-in function ‘exit’
    ida_patcher.c:86: warning: incompatible implicit declaration of built-in function ‘exit’
    
    Any suggestions? Thank you kindly.
    
    DP
    
    Reply
    1. fG! on March 24, 2011 at 3:17 am
      
      Best method to patch is using an hex-editor. IDA_patcher from IDA book is a good tool if the patch is very big, else it’s usually faster with an hex editor.
      Those are warnings that do not pose any problem to your compiled ida_patcher.c.
      
      Reply
      1. DP on March 24, 2011 at 4:42 am
        
        Thanks fG… I ran into another problem. I’m trying to get IDA to debug an Audio Unit without success. How would you go about loading an A.U into IDA’s debugger? Is it because A.U’s extension is “.component”, not “.app” Thank you again… Master.
        
        Reply
        
        fG! on March 24, 2011 at 1:07 pm
        
        You will have to do your homework on that problem
        IDA can disassemble any binary that uses a supported processor. You just need to point it to the right place/binary
        
        Reply
        
        D.Performer on March 24, 2011 at 2:43 pm
        
        fG, have you considered making a guide to assembly reading / interpreting, and the mechanics of code manipulation, video tutorials? Reading text versus a human tutor are two different animals.
        
        I got IDA to disassemble the binary located within the macos directory of an audio unit “.component”. The wall I’m running into is IDA telling me that it needs to be pointed to a host application; the debugger won’t run the binary. I’m assuming its because of the identity of the package is .component, not .app. I have no problems running the debugger with any other “.app” binary.
        
        IDA has three criteria for the debugger to run
        Application
        Input File
        Directory
        
        The debugger will run an .app but not .component.
        
        If you don’t want to tell me, for the sake of learning, could you please push me in the right direction so I may find an answer.
        
        Thank you.
        
        Reply
        
        fG! on March 24, 2011 at 3:31 pm
        
        There are excellent guides about assembly for Windows around the web. They apply without any big problems to OS X.
        
        Audio units are not applications that run on themselves, they need a host application. Gdb is the answer (never used ida debugger so I’m not sure if it’s capable of doing what is required in this case).
        
        Reply
Jerome on May 20, 2011 at 6:08 am

I just really got into learn gdb today, and cracked a couple programs. I bought igetter for my imac but it won’t register on my macbook pro. I spent all day in gdb trying to crack it. It has so many different sources from which it runs. I don’t believe the main check it in the igetter program itself but an extension.

Reply
Stan on June 28, 2011 at 6:44 am

Hey,I just come here to say thank,thanks for sharing your knowledge

Reply
egon on August 13, 2011 at 10:31 am

Great work on the site man, keep it up. I’ve found it very useful.

I found another tool you might want to add to the list: http://www.synalysis.net

I’ve been using to decode firmware images.

Reply
1. egon on August 31, 2011 at 11:41 am
  
  Another tool I’ve been using for the same purpose is 010 Editor, it’s not free though.
  
  http://www.sweetscape.com/010editor/
  
  Reply
bpr on September 5, 2011 at 2:51 pm

@DP:

just add two additional include statements to include stdlib.h and string.h

Reply

Tools

15 comments

Reply