Mac Reversing

Using Apple’s sandbox feature for reversing purposes

I was just messing with Apple’s sandbox implementation to see if it was possible to close a “vulnerability” in iTunes (more on that later after Apple answers my email) and decided to experiment with something that has been in my mind for a long time and never bothered to try. The idea is to use the sandbox feature to find, for example, hidden files that applications use for serial numbers, time limits, demo limits, etc, or to trace install scripts or malware....

August 30, 2011 · 2 min · 326 words

Removing iTunes 10.4 m3u processing feature with a small loader

I just discovered that iTunes 10.4 finally introduced support to load m3u files. If you are importing large quantities of MP3 archives like me then you probably will be very annoyed by the mess that iTunes 10.4 will make out of this – playlists will be created and a ugly mess will emerge (and takes longer to process). So it was time to try to remove this feature, which is curious since I always wanted this in iTunes, before I surrended myself to its way of managing MP3s....

August 25, 2011 · 3 min · 442 words

How GDB disables ASLR in Mac OS X Lion

This isn’t a rocket science post but more like some notes for future reference 😄. Lion finally introduces full ASLR and GDB has the possibility to disable that feature when analyzing target binaries. A new GDB setting was added, disable-aslr, which allows to enable or disable this feature. By default this feature appears to be enabled (I am just looking at GDB source code) and it’s set by the variable disable_aslr_flag configured at gdb/macosx/macosx-tdep....

August 11, 2011 · 2 min · 344 words

There’s a new protection in town, Software Passport, from the developers of Armadillo :-)

A reader sent me the link for a new software protection package called Software Passport (here). This is from The Silicons Realms, the makers of Armadillo for Windows. Since I’m as curious as a cat, I started giving a quick look on it, to see if it has any interesting things related to anti-debugging and anti-disassembly. The good news is that there are some new tricks that I haven’t seen before, for example, GDB can’t trace the initial loader....

February 16, 2011 · 1 min · 197 words

It’s not my war but...

I just saw the following at MSJ and the reaction there is simply childish, to not digress much about it. The author of Remote Buddy leaves the post below, asking for them to stop distributing cracks on his software. As a response, tons of links with the crack are published and they start complaining about the price. I really hope that these guys one day get what they deserve, their works pirated or them exploited by their bosses and underpaid....

February 15, 2011 · 5 min · 1009 words