Another gift: Crackme #1 source code from hell!

A reader was asking me some questions related to some stuff I used in my crackme and I decided to release its source code. Enough time went by already and I do not think it has many important secrets. Now, you will have to forgive me but that is one hell of ugly source code! I just cleaned up some dead code and some other minor cleanups. Right now I do not have enough time to fix and clean up the code, even if I really do not like it at all....

June 11, 2013 · 1 min · 204 words · fG!

Clapzok.A: reversing the OS X part of a multiplatform PoC infector

I was lucky enough to get my hands on an updated version of interesting multiplatform virus and decided to reverse the OS X part. The original virus is from 2006 by JPanic and it’s called CAPZLOQ TEKNIQ v1.0. The new version adds support to infect OS X binaries, 32 bit x86 only, although it supports infection of fat binaries (the x86 version only). Source code for the original version is available....

May 31, 2013 · 9 min · 1808 words · fG!

Gimmedebugah: how to embedded a Info.plist into arbitrary binaries

One of the changes introduced by Mountain Lion was the removal of the old procmod convention for applications that want to access the task port of a process (aka for reversers, debuggers). Before this change, any binary that was procmod suid group set could access the task port of other processes (running as the same user). Taskgated configuration in Mountain Lion was changed and removed this possibility. Only signed binaries that contain an embedded Info....

May 28, 2013 · 4 min · 690 words · fG!

The "all" new Onyx The Black Cat!

Suffering from post-conference boredom I decided to redo Onyx The Black Cat kernel extension to kickstart again my brain and get back to serious work. There were also some people asking for an updated version so here it is! This reworked version uses kernel control interface to enable/disable its features. It is much better than sysctl used before. It is also compatible with Snow Leopard, Lion, and Mountain Lion, and, hopefully, it should run without any problems in future versions....

May 24, 2013 · 2 min · 230 words · fG!

NoSuchCon #1 debrief and slides

NoSuchCon is over and I am finally back home. It was a really great conference with great talks and a full room all the time (let me say I am very surprised about this). The only negative thing was the projection “wall” which was really bad and “killed” almost everyone’s slides. While I understand it is an historical building, that thing must be improved, either with a temporary solution or something else....

May 21, 2013 · 2 min · 324 words · fG!