How to dump a MPress packed binary...

Someone at macserialjunkie board posted a problem with the mpress packer. Since packers are a pretty rare thing at OS X and I was bored, I decided to give it a quick look. The result is another tutorial about manually unpacking this kind of binary. It’s not hard and the packer isn’t that great. Objective-C binaries can be dumped but there is a problem with NIB references, I think. I was already investigating this problem with other dumping experiences....

July 22, 2009 · 1 min · 130 words

A memory dumper for Apple crypted binaries! Hurray !!!

Here it is, another example of my super l33t lame coding skills! This wonder code will decrypt an Apple crypted binary via memory dumping. Maybe direct decryption (based on Amit Singh code) would be easier and nicer, but I wanted to do it this way as a test and an exercise. The code has a lot of comments that should help you understand what is being done. Basically the trick is to load the binary and attach ptrace to it, and then dump using mach vm_read function....

July 8, 2009 · 2 min · 345 words

How to dump an Apple protected binary

From the department of useless stuff comes a simple trick… A few days ago, a reader sent me an email asking about obfuscated code, in what appeared to be Apple’s binary protection. I already knew this Amit Singh article, but never played with it. Since I’m very curious (I love cats but Onyx still doesn’t like me very much) and I’m messing around with dumping, I decided to give it a try....

June 30, 2009 · 3 min · 506 words

"Removing" Apple code signing from a binary...

A few months ago while discussing with some user about code signing (PTHPasteboard project), I had the idea to “revirgin” the code signed binary by removing the Mach-O LC_CODE_SIGNATURE command. As usual with my many ideas, I never explored that one, until today when I received an email asking about this idea. I decided to give it a try. My code is a simple Hello world, compiled for i386 only. After binary is compiled, I sign it with my test certificate and mark the process to be killed if code signing fails....

May 29, 2009 · 4 min · 664 words

Cracking a Mac OS X Screensaver

There are days I “hate” my obsessive and curious mind! The day I was checking Apple Just added downloads feed and found this nice screensaver is one of those. 3D Desktop Aquarium Screensaver (available at http://www.uselesscreations.com) grabbed my attention because it looks nice and I love fishes. As usual, I started poking around and decided I had to crack it because I never did a screensaver before. The result is another tutorial 😄....

April 16, 2009 · 1 min · 163 words