Little Snitch is a program for which I was very curious to hack around and try to beat it’s protection. I had a feeling it would be a very nice challenge and I can say it didn’t disappointed me! The target is version 2.0.3, running on Tiger 10.4.11. First protection to be defeated was the “classical” PTRACE_DENY_ATTACH. You Control Desktops explains and has links to this protection. If we try to attach gdb to one Little Snitch process (it has at least 3) we get a segmentation fault, so this should be PTRACE_DENY_ATTACH “protection”....

I was looking for a Post-it like program for Mac OS X (I don’t like Stickies!) and found this nice one, Edgies (available at http://www.oneriver.jp/Edgies/index_e.html). It has a very annoying register me protection which shows every few times you open/close a note. My first attempt to bypass this was to go after the serial registration routine (it’s located at RegistrationManager framework) but it appears to be too long and complicated to be worth the trouble....

This is my first Mac OS X reversing tutorial. Target is You Control Desktops, which revealed itself a very nice target to reverse. Download the files below and I hope you learn something from it. There’s no interest whatsoever in piracy, but only in learning and improving things. What you do with this information is YOUR responsability. The keygen (and decrypt.c) make a nice example of OpenSSL API usage. Keygen is non working....

It’s useful to change /etc/hosts, especially with protections requesting online keys. After editing /etc/hosts you need to refresh OS X NetInfo Database. Just run the following command: $ sudo niload -v -m hosts . < /etc/hosts And then flush cache with: $ lookupd -flushcache For Snow Leopard the command has changed. It is now: $ dscacheutil -flushcache And that’s it!

Since there are programs with serial numbers tied to network card MAC address it might be useful to change it. There are some fancy GUI programs for this but it’s faster from terminal: # ifconfig en0 lladdr X:XX:XX:XX:XX:XX And that’s it…