World’s best Mac OS X reversing tutorial for newbies (or maybe not!)

Things are a bit slow around here. GMAT is taking most of my free time and day job been busy. Last week I had some free time and decided to take on this small project. By popular demand here it is, a long tutorial explaining how to reverse/crack a Mac OS X application, starting with tools (GDB and otx) and then a step by step of how to crack a time trial protection....

February 23, 2009 · 2 min · 223 words · fG!

iWork/Photoshop Trojan or Botnet Binary found

It seems there is a trojan or botnet binary for OS X in the wild. Some details available at http://ithreats.wordpress.com/2009/01/22/latest-os-x-threat-iworkservices/. The iWorkservices binary is available here: iWorkServices-trojan.zip A very quick and dirty strings dump and disassembly seems to show a trojan with botnet capabilities. There are references to p2p and that can be the main clue. There are no clear string references to a specific IP address or URL, which nowadays makes sense since most botnet use p2p features to contact the master nodes....

January 22, 2009 · 2 min · 388 words · fG!

Gdbinit v7.1.6

While searching the web for some GDB patches I stumbled upon this fix to assemble function from gdbinit by Tavis Ormandy (good work!). I modified it a little bit to work with Mac OS X. This function allows you to assemble directly (using nasm, Intel format) to running program or just output the correspondent opcodes for your assembly input. Type help assemble. Very useful to get the opcodes you need to patch the binary....

January 21, 2009 · 1 min · 116 words · fG!

How to compile GDB and other Apple open source packages in Mac OS X

I wanted to recompile GDB so I can modify its source and add some custom patches to enhance its output… Easier said than done! There’s not much information around about this and my first attempt was by downloading GDB source package from Apple and trying to compile it. Didn’t compile out of the box so I had to fix here and there and finally it compiled, but then it didn’t work....

January 14, 2009 · 4 min · 775 words · fG!

Mailing list and IRC channel

I forgot to mention this previously but there is a mailing list available at http://0x90.org/mailman/listinfo/xso and an IRC channel at irc.freenode.net, #osxre. It’s still a small community but more people are showing up and IRC is always a good communication tool. I’m not administrator of both, but YOU are invited to join 😄. fG!

January 5, 2009 · 1 min · 54 words · fG!