This blog is more or less 4 years old (the first draft post is from 2007/09/25)… Uau, time passed by quickly! Mistakes were made, valuable lessons were learnt, new tricks developed, knowledge improved, and most important, fun! I created this blog because there was so little public information about reversing in OS X. The act of sharing information and knowledge helps you in the research and learning process. Unfortunately I cannot share as much as I wanted to – the world is full of greed and stupidity (read Survival of the Stupidest) and someone will always misuse information....

Here it is a version I consider good enough to come out of draft status. I have added more information – one thing I was especially interested was to match the available operations in the SBPL syntax with the system/kernel functions that they control. This helps to better understand what is the impact of each operation. Appendix B features the lazy IDC script I used to extract this information from the sandbox kernel module (then I had to match with XNU kernel sources)....

After quite a few hours typing and testing stuff, here it is a very early draft of my attempt to document Apple’s sandbox implementation. The most difficult part in writing technical documentation or business plans is to get the first draft more or less ready. It’s even worse when there’s not much information about the subject. But here it is something with already quite some significant content. In this draft I don’t like the writing style – it’s still very confuse and boring....

I was just messing with Apple’s sandbox implementation to see if it was possible to close a “vulnerability” in iTunes (more on that later after Apple answers my email) and decided to experiment with something that has been in my mind for a long time and never bothered to try. The idea is to use the sandbox feature to find, for example, hidden files that applications use for serial numbers, time limits, demo limits, etc, or to trace install scripts or malware....

I just discovered that iTunes 10.4 finally introduced support to load m3u files. If you are importing large quantities of MP3 archives like me then you probably will be very annoyed by the mess that iTunes 10.4 will make out of this – playlists will be created and a ugly mess will emerge (and takes longer to process). So it was time to try to remove this feature, which is curious since I always wanted this in iTunes, before I surrended myself to its way of managing MP3s....