Onyx The Black Cat v0.3

Version 0.3 is here. A couple small bugs are fixed, module features can be controled via sysctl variables (enable or disable features) and code is split into different source files (it was a mess in a single file!). Tiger support is removed so it’s ready to work with Leopard 10.5.6. Check the README file for more info.

As a bonus I discovered that DTrace equivalent to PT_DENY_ATTACH (P_LNOATTACH) is bypassed due to our ptrace hijack. Didn’t knew about this one 🙂 Check the source for antidebug.c to understand why this happens.

Code: onyx-the-black-cat-v0-3.tgz (SHA1(onyx-the-black-cat-v0-3.tgz)= 194c2e7481113b562c6e23a2b5059769bc9e8ffb)

12 thoughts on “Onyx The Black Cat v0.3

  1. Hi fG,
    today I tried onyx the black cat and got an kernel panic – this happens while applemail was receiving emails.
    After a restart mail was messed up – no accounts and no emails – all lost. 🙁
    I’m working on a ppc mac with mac os x 10.5.6
    Hope you can fix that.


    1. Hello,

      I’m only supporting Intel x86 because I don’t have access to a PPC Mac. I will try to give a look at the code and try to understand where it can fail. Can you post the crash report so I can give a look ?


    1. Hummmm downloading that one and checking it 🙂 It should be some other trick ! I will give some news as soon as I find them!

    2. I have tested Vector Magic and I can attach gdb without any problem (with Onyx active of course). It doesn’t seem to have the ptrace trick but instead seems to use the sysctl anti-debug trick.

  2. I second your last message fG, no prob here with Vector Magic, too (on ppc)

    btw: any news about the kernel panic prob?


    1. It should be already compatible. If not you just need to modify the Info.plist and change the key com.apple.kernel to 9.7.0, which is 10.5.7 version (you can always grab that from uname -a).
      It’s working without any problem with 10.5.7 on Intel Macs. I use it on my live machine and on a 10.5.0 vmware machine.

Comments are closed.