Hey, today is a slow day and I got a suggestion to write about serial phishing. Someone else suggest an easy target and here it is a tutorial about serial phishing. The target is a very easy one so you should be able to understand everything and practice your GDB skills a little more. Here are the files: serial-phishing.txt macdvix.dmg (SHA1(MacDviX.dmg)= 9eb463acff18d003c4a0d619171ce0cd93bc53e6) (Unfortunately I lost the installer and can’t find it on my backups 😦)....

Things are a bit slow around here. GMAT is taking most of my free time and day job been busy. Last week I had some free time and decided to take on this small project. By popular demand here it is, a long tutorial explaining how to reverse/crack a Mac OS X application, starting with tools (GDB and otx) and then a step by step of how to crack a time trial protection....

It seems there is a trojan or botnet binary for OS X in the wild. Some details available at http://ithreats.wordpress.com/2009/01/22/latest-os-x-threat-iworkservices/. The iWorkservices binary is available here: iWorkServices-trojan.zip A very quick and dirty strings dump and disassembly seems to show a trojan with botnet capabilities. There are references to p2p and that can be the main clue. There are no clear string references to a specific IP address or URL, which nowadays makes sense since most botnet use p2p features to contact the master nodes....

While searching the web for some GDB patches I stumbled upon this fix to assemble function from gdbinit by Tavis Ormandy (good work!). I modified it a little bit to work with Mac OS X. This function allows you to assemble directly (using nasm, Intel format) to running program or just output the correspondent opcodes for your assembly input. Type help assemble. Very useful to get the opcodes you need to patch the binary....

I wanted to recompile GDB so I can modify its source and add some custom patches to enhance its output… Easier said than done! There’s not much information around about this and my first attempt was by downloading GDB source package from Apple and trying to compile it. Didn’t compile out of the box so I had to fix here and there and finally it compiled, but then it didn’t work....