Tools

This page will hold local copies of reversing tools and scripts useful for Mac OS X reversing.

gdbinit – enhanced gdb output

0xEd v1.0.7 – hex editor
(SHA1(0xED.tar.bz2)= f64466b2d3cbf7b6d64eccfc1a36f8c0a7e3866d)

HexFiend – another hex editor
(SHA1(HexFiend.dmg)= 690ac9f60ab85ec6430b3db0376d0d20d3cecd9a)

Synalize it v1.0.3 – hex editor with binary file analysis grammar (looks great!!!) – Original website
(SHA256(SynalyzeIt_1.0.3.1.zip)= ab71d0f2e573321946ec144e60594d4155961b42aeafb2f5b5080bf9961348d0)

OTX v0.16b – disassembler
(SHA1(otx.dmg)= ff4987b7f22da6b289ee2bc7daa7c1a3db64ffed)

offset1.3.pl.gz – my offset calculator for fat binaries
(SHA256(offset1.3.pl.gz)= 2b091f2ea5fddce3ca22251b8d81578ba708811d4a3d2fdce8ae0c8a7972f1b3)

ptool1.3.pl.gz – sort of replacement for otool to display mach-o binaries headers
(SHA256(ptool1.3.pl.gz)= 715481e62978c183ccd82311acb6ccced2d12cab76a0c9ffb0345d653bce37ba)

ocalc.c – ghalen’s offset calculator for fat binaries
(SHA1(ocalc.c)= e32da310af2a25a09fc2de9c4826b113ab8ac705)

onyx-the-black-cat.v0.3 – anti anti-debug kernel module
(SHA1(onyx-the-black-cat-v0-3.tgz)= 194c2e7481113b562c6e23a2b5059769bc9e8ffb)

onyx-the-black-cat-v0.4 – version for Snow Leopard (not 64bit compatible, yet!)
(SHA1(onyx-the-black-cat-v0.4.tgz)= 5dff3c4a9246f2886b470aa0ab60b5e237ca3659)

AlanQuatermain-appencryptor – encryptor/decryptor for Apple Encrypted Binaries
SHA1(AlanQuatermain-appencryptor-a3da7c5.tar.gz)= 3c7f70fed359b7e259f08d00001ead936baef041

26 thoughts on “Tools

  1. Hello,
    This is Alex from Seattle. I just want to thank you so much for investing your time and energy into this website. It’s got an abundance of *reversing* knowledge for a relative novice such as myself, in addition to many advanced techniques as well. ;)
    It’s absolutely awesome!
    Keep up the great work,

    Cheers,
    Alex

  2. Hi friend,

    Thanks a lot for sharing! This is the spirit!

    This is the perfect place for a beginner like myself.

    Please, keep the excellent work.

    Neo

  3. Sir,
    I really… really enjoy your website. I am a novice, but not without a brain, and I would really love to see a video of you using your recommended tools to show the mechanics of how to locate and negotiating a challenge/response authorization. If not, could you please direct me toward a resource that can illustrate the process from a hands on perspective? My interest right now involve an Audio Unit plug-in called Fielding DSP Reviver. You’re right, everyone seems to love One-Byte… Maybe it’s time for you to have an apprentice that will be your next Vader.

    Take Care,

    D.P

    1. Hello,

      Sorry but I do not support anymore public cracking of protections. Any Windows tutorial on challenge/response authentication schemes should help to understand common implementations.

      Have fun,
      fG!

      1. fG,
        Thanks for the heads up, I kinda felt that you might say that. I appreciate your suggestion. Could you please help shed some light on using IDA to compile (patch?) edited assembly. Google brought up a few variations of “ida_patcher.c” to use on a IDA diff export. Can IDA directly change and save assembly code within a Unix Executable without having to go through the patching process?

        I’m using 10.6 SL OSX…

        Also, could you please help me compile this
        http://www.idabook.com/examples/chapter_14/ida_patcher.c

        I tried in terminal using the command
        gcc ida_patcher.c

        and got this:
        ida_patcher.c: In function ‘main’:
        ida_patcher.c:51: warning: incompatible implicit declaration of built-in function ‘exit’
        ida_patcher.c:61: warning: incompatible implicit declaration of built-in function ‘exit’
        ida_patcher.c:70: warning: incompatible implicit declaration of built-in function ‘exit’
        ida_patcher.c:86: warning: incompatible implicit declaration of built-in function ‘exit’

        Any suggestions? Thank you kindly.

        DP

        1. Best method to patch is using an hex-editor. IDA_patcher from IDA book is a good tool if the patch is very big, else it’s usually faster with an hex editor.
          Those are warnings that do not pose any problem to your compiled ida_patcher.c.

          1. Thanks fG… I ran into another problem. I’m trying to get IDA to debug an Audio Unit without success. How would you go about loading an A.U into IDA’s debugger? Is it because A.U’s extension is “.component”, not “.app” Thank you again… Master.

            1. You will have to do your homework on that problem ;-)
              IDA can disassemble any binary that uses a supported processor. You just need to point it to the right place/binary ;-)

              1. fG, have you considered making a guide to assembly reading / interpreting, and the mechanics of code manipulation, video tutorials? Reading text versus a human tutor are two different animals.

                I got IDA to disassemble the binary located within the macos directory of an audio unit “.component”. The wall I’m running into is IDA telling me that it needs to be pointed to a host application; the debugger won’t run the binary. I’m assuming its because of the identity of the package is .component, not .app. I have no problems running the debugger with any other “.app” binary.

                IDA has three criteria for the debugger to run
                Application
                Input File
                Directory

                The debugger will run an .app but not .component.

                If you don’t want to tell me, for the sake of learning, could you please push me in the right direction so I may find an answer.

                Thank you.

                1. There are excellent guides about assembly for Windows around the web. They apply without any big problems to OS X.

                  Audio units are not applications that run on themselves, they need a host application. Gdb is the answer (never used ida debugger so I’m not sure if it’s capable of doing what is required in this case).

  4. I just really got into learn gdb today, and cracked a couple programs. I bought igetter for my imac but it won’t register on my macbook pro. I spent all day in gdb trying to crack it. It has so many different sources from which it runs. I don’t believe the main check it in the igetter program itself but an extension.

    1. It wasn’t yet ready last time I used it. Missing some stuff that gdb is able to do.
      The focus of LLDB is still much in debugging with source code. Need to give a try to latest repo version.

  5. Hi fG!

    Thanks again for your great blog!

    Otx is crashing before finishing the disassemble, under Mountain Lion. Any ideas why?

    Thank you!

  6. Thank you very much for your works and the excellent papers.

    I am using Ida Pro and with the use of your idc script the disassembly are much more readable but I miss one important thing from gdb debug : the po command to show the object

    Is there a method to simulate the same behaviors

    I try with the appcall in Ida with no luck

    Nando

  7. Hello,

    Very nice site. Thank you.

    I’m wondering, has Onxy the Black Cat been tested on Mavericks and if so, does it still work?
    I have a new mac on the way and it is coming with Mavericks and I’m starting to look into reasons I might want to dump it and install Mountain Lion instead.

    Thank you kindly,
    ~cpk

    1. Hummm I have no idea but I am going to find out since I need to use it.
      I am thinking about redesigning it a little bit.
      Anyway, you should use Mavericks due to no security patches available anymore for Mountain Lion.

      1. Thank you for the reply.

        I’ll be keeping an eye on the site for the update notice ;-) – it has been some time since it was updated last anyway. Not that I’m complaining, worked fine for me when I needed it pre-Mavericks.

        1. I already have a working version, just doing a “fancy” Cocoa GUI for it (my Cocoa skills still *suck*).
          Should be out soon :-)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>