A semi-automated way to find sysent

The original method to hijack sysent table was described by Landon Fuller and then Braden Thomas updated it to Snow Leopard due to new location and lack of nsysent symbol. Charlie Miller and Dino Dai Zovi at The Mac Hacker’s Handbook, have some code to try to automate this search for sysent. I never tried it before and today I decided to hack around it. It suffers from the problem of no nsysent symbol (is there a way to fix it?...

November 27, 2010 · 3 min · 532 words · fG!

A new GDB frontend and some pics from the past

Hi, There is a new GDB Cocoa frontend in town courtesy of Kurt. It’s still in early stages but it’s always interesting to have people developing tools for OS X. Congrats to Kurt. You can contact him at kurt@osxdbg.co.cc for bug reporting! I also bring you two pics from an old HardLock dongle that I found while tidying up some drawers. It’s a parallel port HardLock Eye v4.1b, and it has like 8 years or more (can’t really remember heheh)....

October 11, 2010 · 1 min · 188 words · fG!

GDB anti-debug, Otool/otx anti-disassembly… It’s Challenge number 3 !!!

Today I decided to give a look at Challenge #3 since it promised nasty tricks. Now that looks like a challenge and I love challenges! If you think this is a spoiler then stop reading and come back in a week or so. There is no solution for the challenge; I’m more interested in the “nasty” trick used and why the tools are failing. And I don’t need the Challenge itself to analyse this behavior since I can reproduce it with own code....

August 18, 2010 · 6 min · 1149 words · fG!

How to Keygen MSJ Kracking Challenge ’10 – Challenge #1

The MBA is over and I’m enjoying my vacations to clear stuff from the Todo list, to read books, to play some games and to do other stuff. Today the MacSerialJunkies contest started and I decided to give it a go. It’s a very simple crackme with a small twist where you have to bruteforce a MD5 string. I had reversed the serial routine and was starting the bruteforce without thinking much about it (first attempts were by searching online MD5 hashes databases for the correspondent plaintext but no such luck)....

August 2, 2010 · 2 min · 368 words · fG!

Very small update...

Hi! I just updated the crackmes with #5 from MSJ challenge and added a new tool for encrypting/decrypting apple encrypted binaries. I had planned to do this tool but it’s great that someone did it first! It’s good to see people developing tools for OS X, even if they are very simple. Thank you to the author and to the guy who pointed me to it and sent the crackme 😉....

June 8, 2010 · 1 min · 180 words · fG!