Universe’s best and legal Mac OS X reversing tutorial for newbies (or maybe not!)

I have decided to re-release my beginners tutorial, this time based on a crackme, so it deserves the upgrade to Universe instead of World.

It includes patching, serial fishing and a keygen. I have updated some errors that I found in the original tutorial.

Reversing and breaking protections is a great hobby and fantastic knowledge to possess.
The problem is that many abuse this and want to profit from it. I really don’t like not sharing
knowledge because sharing also allows me to progress, seeking new challenges and learning new things.
I really hope that you make good use of this information and do not share your cracks with the world,
especially in MSJ that is full of idiots just wanting to rip off others work. Don’t do that please.
Enjoy the process, learn, get frustrated, and buy the apps if you really use them in your day to day.

Don’t make me regret once again releasing knowledge that may ease piracy! Don’t rush to MSJ spreading your cracks (ok it might be acceptable if you can teach the one byte fag how to crack real targets and not the easy ones he usually does ;-)). Seriously, don’t spread your cracks, you don’t get any glory from that 🙂

Have fun,

Here it is: beginners tut II.txt

23 thoughts on “Universe’s best and legal Mac OS X reversing tutorial for newbies (or maybe not!)

  1. Look at that, a reversing tutorial whose author claims it is legal… what a load of BS !
    Give a man a fish and he will eat for a day. Teach a man to fish and he will eat for the rest of his life.
    As far as I know, you’re teaching everyone to fish, so you can’t do that and then say you don’t condone or support piracy.
    We all know this is meant to be used on commercial apps eventually, otherwise who would spend time learning to reverse just for the hell of the knowledge?! Proof is, your first tutorial WAS based on a commercial app.
    And that comment about “the one byte fag” (you are no better than him), don’t tell me you have never used one of his realeases 🙂

    1. You miss the point so let me try to explain it to you… 🙂
      Reverse engineering is a very useful skill that goes beyond cracking protections and these days it is a skill that is very well paid in the security world.

      The usage that people do from the information and knowledge they acquire is a personal choice. One of the great things in life is to grow up and learn new things in the process. Because you did something in the past that doesn’t mean you still believe in it and that was the best choice. If anyone wants to crack applications for their private usage, it’s acceptable but I do not condone their distribution. That’s something people shouldn’t do. There are always smart asses thinking like you, probably that’s the reason why there isn’t so much public knowledge (well that’s the reason I will never release some stuff).

      The one byte fag is just another plain idiot who can’t crack anything with an acceptable level of difficulty and then brags about his great skills (and lack of respect for developers) to the rest of the idiots floating around MSJ.

  2. Well said.
    @fg! thank you very much for your great and well explained tutorial.
    Fortunately, there are people who are indeed interested in reverse engineering
    for knowledge and fun.
    Any chances to upload the challenge here?
    As always, keep up the good work and once again
    thanks for your time & effort.

  3. @ fG! :
    Let me clear that up for you: I did not miss your point. But… I like to be provocative (and it worked!), and I obviously do not mean everything I said in my previous comment and here is why.
    Let me first tell you that I am a developer myself, so I have a lot of respect for all developers out there, and their hard work. Then, you probably figured… I did not find your website by “accident”, I actually looked for it. The knowledge reversing brings you is always helpful as a developer, even if it’s just to protect your own app better.
    There are indeed a lot of idiots out there who work on crackmes in their tutorials because it is “legal”, but deep down they just see it as the best way to teach others how to *crack* real apps without getting in trouble. You simply can’t go against that.
    So anyway, I do appreciate your reaction and your arguments. And for the record, I take my comment back: you *are* better than the one byte “fag” as you call him, because instead of releasing cracks you SHARE what you know. And just for that, you deserve respect.
    One last point I would like to make. There is a TON of resources on reverse-engineering out there if you know how to look for it, I did not learn whatever little skills I have by myself. Mostly they are for Microcrap Winshit, but if you are smart enough you can use that knowledge on Mac as well.
    And thankfully, people like you (and me!) who enjoy sharing will make reversing a real learning experience without crossing the borders of legality 🙂

    One thing I didn’t get about this tutorial you made tho: why didnt you use osxdbg (or at least introduce it to people) instead of gdb (easier for newbies)?

    Keep up the good work, you got a great website here.
    NB: I have a tutorial for newbies in preparation if you would like to share it here some day…

    1. I would prefer to release tutorials on real apps because that knowledge could benefit the developers and reversers. This would work in a perfect world but as the case of reversing Pace protection has shown, this world doesn’t exist and most of the peopel are greedy. I come from the BBS times, where knowledge was restricted to very few people and assisted to the information explosion with the massification of the Internet. This was good and bad, as the current state of security shows – it’s almost a lost war for the guys who try to protect systems and networks.
      I created this blog for myself and to share knowledge – when I started there was very little information about OS X reversing. Before this I did the same for Palm OS. There’s no magic in reversing for OS X if you have previous reversing experience, Windows or any other platform. This and other sites just make it easier for those doing the transition and those wanting to learn from the beginning.

      I didn’t use osxdbg because I got used to gdb. The first time I used gdb, many years ago, I hated it because Softice, Ollydbg and others were a much better experience. Gdb with gdbinit is pretty powerful and I’m comfortable with it. Kurt did a great job with osxdbg so it’s a matter of personal choice and taste.

      If the tutorial is based on a legal target, feel free to send 🙂 The blog has some sizeable audience so it’s a good way to spread information!

  4. @ fG:
    I think Joey’s pushing you in the right direction, cause there seems to be a little flaw in your logic: On one hand you write that reversing is much more than cracking and that cracking is just one way to approach it. On the other hand you write these tutorials which are all about cracking and make no secret of the fact that they’re explaining how to crack a commercial product step by step.
    As you mentioned above, we don’t live in a perfect world and experience has taught you that sharing this kind of information can end in quite a bad way.
    You seem to be very dedicated to reversing and hate the idea that people could use your blog to do bad stuff. So why don’t you stop focussing on cracking in your tuts and start writing about the usage of RE in other places. Instead talking about CrackMes, you could talk about FixMes, ExtendMes, FullyunderstandMes and ImplementMes.

    Nevertheless I really like your blog. We need more people like you who distribute their knowledge for the sake of distributing, not for the sake of “click ‘thanks’ below my post if I have shown you how to return a BOOL true for the 1000th time”

    1. Because you have a gun you have no obligation to fire it. The same applies to reversing. And I don’t have any problems with people cracking apps privately.
      What I really hate is greedy people and stupid people, especially the latter. I hate people who just want to suck everything they can without minimal effort.

      It’s a double edge sword and what is required is people to have a little more common sense, less greed and some respect for others work. I would prefer a world where you could publish information and everyone knows how to handle it. That would be much more fun and knowledge would advance at a faster pace.
      I’m not sure if it’s possible to be flawless regarding all this – moral and ethics are grey areas and the only good solution is to stop and delete everything.

      Well, I’m trying to fix this Outlook and iTunes to store email and iPad backups in an encrypted container 😉 The link/alias solution is too ugly for my taste! If I manage to accomplish it, I will create a nice ExtendMe!

      The great benefit of cracking for knowledge and motivation is you have something to beat. It’s inherent to our (competitive) human nature! And there’s not much malware in OS X, yet!

  5. This is awesome! Thanks so much. I agree, reversing is a very important skill and it’s good to have such great tutorials out there. As with anything, it can be used to do unethical things, but that’s up to each person. The information needs to be there.

    A quick question about the awesome .gdbinit you included – mine is having issues because not all the gdb variables are being set at startup, so I messages like “Invalid type combination in equality test.” until I go in and manually set the variables (because they are all void). Do you have any idea what I would be doing wrong?

    1. I should probably add that I’m in snow leopard and GNU gdb 6.3.50-20050815 (Apple version gdb-1510) – configured as “x86_64-apple-darwin”

      While I’m at it, I think some people in these comments are ignoring the fact that REVERSING != CRACKING. Sure, cracking is one of the many uses of reverse engineering, but there are so many more: malware analysis, interoperability, discovering vulnerabilities, etc., all of which are legitimate. And not only legitimate, but necessary.

  6. Hello,
    First of all thank you for putting all this together.
    I transition from MS-Windows to OSX and I was looking for a tutorial like yours.
    I had one for PC.
    My concern is the ergonomy of GDB compared to what I experienced on Windows (like ollydbg for example) !

    And the fact that my GDB displays quite differently from in your tuto (basically it show almost nothing when stopping on BP instead of your views where it shows the regs the code and so on (i spent the whole evening trying to get that the way you have it, I failed (but after a full day of work trying to learn RE from 9 pm to 12 was probably a bit dary 😉 )

    Any way thanks for sharing and if you can detail a bit the basic setup, I guess so wasserkopf like me can use it 🙂

  7. Could someone please give more detail about how to compile otx in Xcode. I get an error about some dumb error in xcode: Mainmenu.nib Unsupported Configuration:Border Width property requires NSCCustomBox type and NSLineBorder type. How do I clear this error and move on with this program?

  8. Hello! Thank you for this guide! However, I have a little problem with gdb
    I’m reversing a 64bit binary, and the offset I got from the break point is like this: 0x7fff95813686
    However, with otx, none of the offsets goes that far up! All of them looks like this: 000000010000aa05
    There must be something wrong on either of these…Please help!
    Thanks you!

  9. I read this tutorial a few years back, and have only just acquired the maturity and technical skills to actually apply this theoretical knowledge.I’d just liek to say a huge thank you for HAWKE’s crackmes, they were a perfect jumping-off point for keygenning.

    Now to the point: I started working on MSJ2009 Challenge 1 today, and was really stumped by the serial checking method, especially the multiplication by the WTF constant and the huge shrs. I figured it out in the end, and wrote a clean little keygen in ruby, but I’d like to point out that whoever wrote this wasn’t multiplying by a huge constant and gratuitously chopping up the result. The intended effect was actually to find the accumulated value modulo 10000. That multiplication is actually a division.

    This was hugely useful in figuring out what was going on, and in determining the division constant. A valuable read if you have the time.

Leave a Reply

Your email address will not be published. Required fields are marked *