Hello,
It seems like things are very quiet and I only push gdbinit updates. Well, I have been very busy with very interesting projects, most of which can’t see yet the “light of the day”. Need to find some time to fool around with some new stuff.
It seems that VMprotect is coming to OS X and that is exciting news. I hope they finish it soon since I am curious about Mac specific implementation and tricks.
This is just a minor release for gdbinit. It fixes a very weird bug that is happening in FreeBSD (many thanks to Evan for reporting it) and adds the (Linux) anti-anti-ptrace command posted here. I finally uploaded it to Github, https://github.com/gdbinit/gdbinit/. Now I need to understand its access control (I think I must add collaborators? I hate to RTFM these days). You can find always the latest version here and there.
I also have a Twitter account, @osxreverser. It is usually used in a passive way, to keep up-to-date of what’s happening – I still have some difficulties to understand Twitter. My web interests are mostly related to Economics and Management, which are topics a bit stretched for a RE audience. Anyway, I just got up some followers after giving a tip to Charllie Miller (I am spending too much time into GDB source hehehe).
From Blackhat US 2011 there’s a very interesting presentation from iSEC Partners regarding APT (Advanced Persistent Threat) in Macs. Original link here. I am pretty sure that new challenges will arise in this area for Macs (if they don’t exist already!). Macs share in the corporate is increasing and this kind of attackers will of course wanting to extract (valuable) information from those machines (top execs usually have a preference for Apple products).
Happy holidays and have fun,
fG!
gdbinit742.gz
SHA256(gdbinit742.gz)= 058b4910320a2370bf4ca5dc10da4f7cea105e73b9a28478c6f3e8475dba1bcf
The latest version can always be found here.
Update:
There’s a bug in Apple’s GDB implementation where you can’t have a commands command inside a define command. Additionally, the catch syscall ptrace doesn’t work in OS X so it will give another error. The solution for now is to comment out the ptraceme function. I have replaced the file with this fix. If you need to use it in Linux just uncomment it out. That’s what you get for copy & paste without proper testing! My fail 😦.
Meanwhile, time to track GDB change logs to find the fix for above’s problem.