Onyx The Black Cat v0.2

Here it is with support for Leopard and extended attributes. All calls related to extended attributes are traced and dumped to /var/log/system.log (I find it more useful than fs_usage for this specific calls). Check the .c file for options related to this. For Leopard support you need to edit the .c file and change the define. I’m still searching for a better way to detect Leopard or Tiger in XCode. Maybe a Makefile flag....

November 16, 2008 · 1 min · 160 words · fG!

Extended attributes in Mac OS X and Remote Buddy

I started working on Remote Buddy (http://www.iospirit.com) to test my module Onyx The Black Cat. Some encrypted files are stored in the hard disk (fs_usage is your friend) but even after deleting all of them, the program still had expired trial. GDB to the rescue! After finding the correct “entrypoint” (I call entrypoint to the correct address which helps you starting to understand or find what you are interested in) and reading lots of code (the code is “unoptimized”, probably to make our reversing job boring) I finally found the interesting call, getxattr....

November 10, 2008 · 2 min · 329 words · fG!

Onyx The Black Cat v0.1 – Anti Anti-debug kernel module

Here it is my crazy idea to create an anti anti-debug kernel module so reversing efforts get a little easier and faster against “hostile” code. This module will protect you against the classic PT_DENY_ATTACH trick and the sysctl debugger detection trick http://developer.apple.com/qa/qa2004/qa1361.html. For now it’s only compatible with Mac OS X Tiger v10.4.11. Soon I will make it compatible with Leopard. Grab the binaries here: onyx-the-black-cat.kext.v0.1.tgz. This is a small program to test the sysctl trick: antidebug....

October 30, 2008 · 1 min · 130 words · fG!

The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler

Excellent book! Recommended if you are into Reverse Engineering and not only IDA specific. Well written with lots of examples. Really enjoyed it. Well worth the money (and even cheaper if you use Amazon Market Place). I’m back with huge amounts of work so my reversing efforts are on a halt. Let’s see if things get calm again so I can try some ideas :-).

October 17, 2008 · 1 min · 65 words · fG!

"Hacker" Challenge

Hello, If you want to have some fun and maybe improve your security/reversing skills, you might try this site http://www.dareyourmind.net. It has some nice challenges in different fields (reversing is only for Windows, but hey you should be able to reverse anything!). Have fun !

September 25, 2008 · 1 min · 45 words · fG!