Otool-ng – a set of small patches to Apple’s otool

It’s the lazy post season so I present you otool-ng. It’s a fork of Apple’s otool with small modifications for things that I use often or dislike in current otool. The segment command LC_MAIN was introduced to replace LC_UNIXTHREAD and one information that is lost is the entrypoint address. While ASLR kind of makes it less useful, I still debug a lot of programs and do other stuff, where ASLR is disabled....

November 21, 2012 · 2 min · 282 words

Kextstat_ASLR util or how to start hiding your kernel rootkit in Mountain Lion

Welcome back! This is a small post about a quick util that I created yesterday’s night while working on a side project. Mountain Lion introduced kernel ASLR and the kextstat util output doesn’t support (yet?) this feature. The addresses are not the real ones and this is quite annoying (kgmacros from kernel debugging kit also seem to fail at this!). What this util does is to read the kernel extensions information via the /dev/kmem device (hence this util is probably not useful for a large audience) and display it like kextstat does with the correct address for each kext (just the most important information, the linked against info might be added in the future)....

November 18, 2012 · 2 min · 414 words

5 years of reverse.put.as

Happy birthday to this blog! In 2007 I bought my first-ever Apple computer and started this blog. The amount of (public) reverse-engineering related information was scarce, cracking in particular. It was a whole new platform to me and a blog would be a good way to share my findings with others. I had experienced this with the PalmOS platform, where I created quite a few tutorials but never made them public....

October 10, 2012 · 2 min · 372 words

My first Hackintosh

I really like my non-unibody Macbook Pro (awesome keyboard!) but its 3GB ram limit makes it almost impossible to work with virtual machines, Mac OS VMs in particular. I don’t have a need for another laptop and possibilities were between buying a Mac Pro or build my own Hackintosh. Against the Hackintosh is the fact that my patience for small problems doesn’t exist anymore. I just want something that works and does what I need – time is money....

September 27, 2012 · 6 min · 1136 words

OS X Malware at Confraria de Segurança da Informação presentation slides

I did yesterday a presentation about OS X Malware at Confraria SI in Lisbon, a monthly meeting between IT sec professionals and enthusiasts. The presentation was an update to the HiTCON version, removing some things about old malware and Flashback tricks, adding Crisis slides and small fixes to stuff here and there. Enjoy it 😃 fG! Confraria 2012 Presentation.pdf

September 27, 2012 · 1 min · 59 words