Very small update…

Hi!

I just updated the crackmes with #5 from MSJ challenge and added a new tool for encrypting/decrypting apple encrypted binaries. I had planned to do this tool but it’s great that someone did it first! It’s good to see people developing tools for OS X, even if they are very simple. Thank you to the author and to the guy who pointed me to it and sent the crackme 😉

My free time is back to very restricted and so I have been advancing very slowly on some projects. I have yet to fix onyx to 64bits and to release an update to ptool (fixed some bugs, added more output information, and added a simple option to modify the entrypoint).

Anyway, if you find more tools and crackmes feel free to send them to me. I love to collect this stuff and I can centralize that information (no monetary reasons since I don’t have any banners ;-). Btw the original url for the encryptor/decryptor is here.

As usual, have fun! Keep learning but don’t spread your cracks 😉
fG!

6 thoughts on “Very small update…

  1. Hi! I could not find out anywhere else to ask you this so I am posting a comment. I am an intermediate reverser. I can write keygens for mac. But I cannot circumvent anti debugging techniques. Nowadays I am working on it. I was looking at Postbox 1.1.5 and i cannot even figure out what anti debugging technique is used. If you have time and see which technique is used i can start to work on it. I know it is a little too much to ask but i figured i should try my chances.

    by the way in gdb, program exits with code 06.

    thanks for this fantastic blog

    1. Hello,
      Sorry for the late answer. I think 06 is the error for a anti-debug technique published by Apple. I cannot remember the name right now. I will have to find my notes to see what is it!
      Let me see if I can find it. Not sure if it is into one of the removed tutorials.

      fG!

    2. Check out http://vxheavens.com/lib/vsc04.html

      It’s the false breakpoint trick (int3). There is one int3 in the code but that one isn’t breaking. I bet the binary has obfuscated code protecting that int3 that’s confusing gdb. You will have to trace since the entrypoint and manually find where it is (yeah it’s a pain in the ass but works all the time!).
      I don’t have the time at the moment to further analyse it! But it seems like an interesting time. First time I ever saw someone using this trick at OS X.
      Have fun!

      1. thank you very much for the help. and also thanks for pointing out that svn trunk of otx has x64 support. (i guess i read it here somewhere)

  2. Hi fG!,

    but may i know the website you got the crackmes from MSJ challenge?

    Thanks in advance.

    BR,
    [ Gunther ]

Leave a Reply

Your email address will not be published. Required fields are marked *