Display Mach-O headers plugin for IDA

This is a simple plugin to display Mach-O headers inside IDA, something I miss from time to time. It was a good excuse to mess a little with IDA SDK. It’s not quite what I had initially in mind but it does the job. I was thinking about something more sophisticated such as allow to display only the segment you wanted and so on. Now I am not sure if it’s worth the effort....

November 3, 2011 · 2 min · 346 words · fG!

How to create IDA C/C++ plugins with Xcode

This is just a simple post about using Xcode to create IDA C/C++ plugins. Nothing fancy here. For great references about IDA SDK plugin writing check out The IDA Pro Book by Chris Eagle and binarypool.com tutorial. Xcode 3.2.6 is the reference version used. The resulting project loads and compiles without any issues into Xcode 4. Why not doing this in 4? Human brain is misterious (3.x still loads by default on my system)....

October 31, 2011 · 2 min · 417 words · fG!

Using OS X TrustedBSD framework to protect critical files

And here we are with a few spare minutes! My baby girl is a little cute devil who, like me, isn’t very found of sleeping all the time. She’s taking a lot of my attention so mom can rest. Well, it’s time well spent while I still have lots of it. Let’s get back to business… There was some fuss around with the latest version of the so called Flashback.C OS X Trojan....

October 27, 2011 · 2 min · 340 words · fG!

Poking around Sentinel HASP Envelope for Mac OS X :-)

I am a sucker for all OS X anti-debug promises I can find. There are so few tricks available that I am always curious to see if there is something new in town. So I started poking around Sentinel HASP Envelope for OS X to see what they use to fool my dear debuggers. Well, we have the usual ptrace and sysctl tricks, a check for a kernel debugger (via kernel boot arguments), and, to my (good) surprise, one of the anti-debug tricks I discovered a few months ago....

October 13, 2011 · 2 min · 269 words · fG!

A small rant about dongles: the developer who can’t correctly implement a HASP!

Dongles always had something mistique about them. Before this new age of packers, cryptors, etc, they were the top target to beat. In practice, that fame was only real in a reduced set of applications that correctly implemented the dongle. Most dongle-protected software feature bad implementations. Developers don’t spend enough time in this area or think that it’s the magic bullet to solve their problems. This program is another fine example of this problem....

October 11, 2011 · 2 min · 335 words · fG!