I had this one working for a long time but I hadn鈥檛 released it because I was trying to hijack fork and vfork calls. My objective was to introduce an int3 so I could attach the debugger to a selected process. At that time I suspected that VLOK was forking and I couldn鈥檛 debug the new process since follow on fork GDB function isn鈥檛 implemented in OS X (so this looks like a good idea for a protection 馃槈)....
Hello, I have just added a page to collect crackmes for OS X. I have added the ones that I already had and some recommended from user comments. Since corruptfire.com seems down I cannot retrieve the other ones they had. If you have more crackmes please mail them to me so I can add them to the page. It would be nice to start having more crackmes developed for OS X....
I was bored and decided to fix gdbinit to support 64 bit binaries. I had tried it before but the solution was a piece of crap (not that this one is much better). I was testing the registers to see if the binary was 32 or 64 bit. Now there is a default setting to 32 bit (change it if you want to default to 64 bit) and two commands, 32bits and 64bits to change between the two types of targets....
I have been thinking about this and how to get this blog back to life. My free time has been almost zero but I miss the motivation to put my brain to tinker and create new things to publish, because reversing and everything around it sometimes is a great relaxing activity for me. The last couple of days I had to revisit one of my favourite books ever, where it is written that 鈥淒O NOT COVET YOUR IDEAS: Give away everything you know, and more will come back to you....
I just finished my brief analysis on this protection and I have a very macro view about it and how to break it. If my gut is correct (if you have read Blink! you will trust your gut most of the times, if not go read it since it鈥檚 a great book) I can decrypt and run any game so I will not publish any detailed information about it. The protection is based on a keyfile that is sent to you after you register online....