Using Apple’s sandbox feature for reversing purposes

I was just messing with Apple’s sandbox implementation to see if it was possible to close a “vulnerability” in iTunes (more on that later after Apple answers my email) and decided to experiment with something that has been in my mind for a long time and never bothered to try. The idea is to use the sandbox feature to find, for example, hidden files that applications use for serial numbers, time limits, demo limits, etc, or to trace install scripts or malware....

August 30, 2011 · 2 min · 326 words · fG!

Removing iTunes 10.4 m3u processing feature with a small loader

I just discovered that iTunes 10.4 finally introduced support to load m3u files. If you are importing large quantities of MP3 archives like me then you probably will be very annoyed by the mess that iTunes 10.4 will make out of this – playlists will be created and a ugly mess will emerge (and takes longer to process). So it was time to try to remove this feature, which is curious since I always wanted this in iTunes, before I surrended myself to its way of managing MP3s....

August 25, 2011 · 3 min · 442 words · fG!

Another patch for Apple’s GDB: the define/commands problem

One known problem with Apple’s fork of open source software is their slowness in fixing vulnerabilities and bugs. GDB fork isn’t immune to this; it was forked around release 6.6 or something like that and lots of stuff isn’t kept in sync with GNU’s GDB version. The short story for this bug is that you can’t have a commands command inside a define command. This creates some problems for useful scripting....

August 20, 2011 · 3 min · 483 words · fG!

How GDB disables ASLR in Mac OS X Lion

This isn’t a rocket science post but more like some notes for future reference 😄. Lion finally introduces full ASLR and GDB has the possibility to disable that feature when analyzing target binaries. A new GDB setting was added, disable-aslr, which allows to enable or disable this feature. By default this feature appears to be enabled (I am just looking at GDB source code) and it’s set by the variable disable_aslr_flag configured at gdb/macosx/macosx-tdep....

August 11, 2011 · 2 min · 344 words · fG!

gdbinit v7.4.2, Github and Twitter

Hello, It seems like things are very quiet and I only push gdbinit updates. Well, I have been very busy with very interesting projects, most of which can’t see yet the “light of the day”. Need to find some time to fool around with some new stuff. It seems that VMprotect is coming to OS X and that is exciting news. I hope they finish it soon since I am curious about Mac specific implementation and tricks....

August 11, 2011 · 2 min · 406 words · fG!