Reverse Engineering

Mailing list and IRC channel

I forgot to mention this previously but there is a mailing list available at http://0x90.org/mailman/listinfo/xso and an IRC channel at irc.freenode.net, #osxre. It’s still a small community but more people are showing up and IRC is always a good communication tool. I’m not administrator of both, but YOU are invited to join 😄. fG!

More gdbinit addons!

End of the year is slow and I was a bit inspired so I decided to hack around another features I was missing from gdbinit! First one is about conditional jump display. Original gdbinit doesn’t tell you what will be the decision that will be taken on a conditional jump. You must look at the flags and check that! Well… I can’t memorize this kind of stuff (in reality I can but it’s useless so I refuse to) and computers were created to automate tasks!...

A lazy xmas gift or a lazy addon to gdbinit

While I was messing with gdbinit three weeks ago, I added a small feature that displays the messages being sent to objc_msgSend. Usually I follow the otool or IDA dump and see what’s being sent, but that it’s not very practical! So I made a dirty hack with gdbinit so that information appears automatically into GDB window. It’s not very pretty, but gdbinit is very limited 😦. Example: gdb$ 0x00002bc5 in main () --------------------------------------------------------------------------[regs] EAX: 9FF43924 EBX: 00002B9D ECX: 9FF37B64 EDX: 00403250 o d I t S z a P c ESI: BFFFF8F4 EDI: BFFFF898 EBP: BFFFF838 ESP: BFFFF7F0 EIP: 00002BC5 CS: 0017 DS: 001F ES: 001F FS: 0000 GS: 0037 SS: 001F [001F:BFFFF7F0]----------------------------------------------------------[stack] BFFFF840 : 01 00 00 00 98 F8 FF BF - A0 F8 FF BF F4 F8 FF BF ....

Apple’s GDB Bug?

I was trying to add some features to gdbinit and I needed global variables. I already knew that feature wasn’t working on Mac OS X GDB and I was puzzled why it didn’t work. Some quick tests on a Linux box couldn’t reproduce the same behaviour so something is wrong with Apple’s GDB version. I finally found how it happens ! A very simple .gdbinit to test things would be:...

What’s wrong in this picture?

While browsing around http://www.apple.com/downloads to check for any interesting software (I really like the Featured 3rd party and latest software sections) I found this well designed CD burning app, Disco (http://www.discoapp.com). I really like their website design (I have a big passion for design although I can’t design anything myself) and decided to try their app since it fits two characteristics, well designed interface and a software protection! Hurray. Open it, bang, Little Snitch warns about connection attempt and a nice registration dialogue appears....