The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler

Excellent book! Recommended if you are into Reverse Engineering and not only IDA specific. Well written with lots of examples. Really enjoyed it. Well worth the money (and even cheaper if you use Amazon Market Place). I’m back with huge amounts of work so my reversing efforts are on a halt. Let’s see if things get calm again so I can try some ideas :-).

October 17, 2008 · 1 min · 65 words · fG!

"Hacker" Challenge

Hello, If you want to have some fun and maybe improve your security/reversing skills, you might try this site http://www.dareyourmind.net. It has some nice challenges in different fields (reversing is only for Windows, but hey you should be able to reverse anything!). Have fun !

September 25, 2008 · 1 min · 45 words · fG!

PTHPasteboard 4.4.0! Generic Mac OS X protector is found?

Beowulf pointed out to PTHPasteboard application protection looked very similar to You Control Desktops. This got me curious and so I started messing around with it. Facts: License file isn’t crypted like You Control Desktops Binaries don’t have integrity checks like You Control Desktops public.pem has a checksum like You Control Desktops (SHA1 is used) Function names are obfuscated like You Control Desktop Demo is requested via web, altough HTTPS is used instead HTTP Like You Control Desktops, there is a binary named Common Since protection is very similar we can try to conclude about the existence of a generic protector!...

September 10, 2008 · 3 min · 549 words · fG!

News...

A peak of work and vacations results in no reversing for the past weeks :-(. I had some advances on Little Snitch and I will publish them soon. Blackhat USA 2008 had some interesting stuff related to Mac OS X. And older paper related to DTrace (I really need to install Leopard to start messing around with DTrace) and another about Mac OS X Rootkits (very interesting!): RE:Trace – Applied Reverse Engineering on OS X...

September 8, 2008 · 1 min · 117 words · fG!

Little Snitch continued or the broken nib files!

Little Snitch is an awesome target to learn tons of stuff about Mac OS X. It’s a very worthy challenge and I’m loving it… I gave up on it for a while to read some stuff about IPC and mach messaging since I have strong clues it’s being used for Little Snitch components communication. Little Snitch uses threads and other stuff to make reversing much harder. One of my various reversing threads was to try to beat the 3 hour limit but I couldn’t find a good entry point to start tracing the network filter initialization....

August 12, 2008 · 3 min · 552 words · fG!