The target for the first essay will be Dashcode, Apple's tool to create Dashboard widgets. At the moment in beta, it will expire on 15th of July.
Yes, as you may have found it by yourself, it's free software and Apple just put an expiration date to not have it float around when the final version is released. I'll not arm anyone's wallet with this first target...
You may download Dashcode from here (you need to register for a free developer account, which you should already have done, btw).
Note: Install XCode, NASM (from Darwinports), otx and an hexeditor to be ready for the essay.
UPDATE: The essay is almost done (miss the patching part and some html formatting), may be posted by friday or at the beginning of next week. Stay tuned...
Target for the upcoming Essay
by KellogS on Sunday, April 29, 2007 5 comments
F!rst P0st (aka What is This)
This log's talk about software reversing on Mac OS X; disassembling, debugging, a bit of coding and other kinds of stuff that may fit.
As I come from a "Windows School of Reversing" (greets to ORC+, Fravia, Spath and Frog's Print - you've showed me the light through the bits), I'll mainly do x86 binary reversing (thanks my employer for my new MacBook) but a lot of concepts should apply to PowerPC OSX Reversing as well (obviously not the ASM part).
As it's stated in my blog's subtitle, a lot of tools than you may need for reversing softwares on OS X are free (even already installed on your Mac!). All you need is some target, work and a lot of practice. I may add than I "quit" Windows softwares cracking some 8 years ago (if you are old enough, you may have guessed from my greetings line above which "school" I did attend to...) because I found it to be a dead-end alley (i.e. commercial protections, massive use of "envelope encryption", more work and less fun to just "study" a software) and I simply loose interest in the platform. Since then I've switched to GNU/Linux and Mac OS X and won't look back. OSX's in a golden age for application reversing.
Next posts will contain the few links/pages than I've found about OS X reversing, the tools that you may find useful and after that I'll start with the first "essay" of a software patching from A to Z.
Obviously English's not my first language, so feel free to correct my mistakes.
Happy Patching!
by KellogS on Wednesday, April 25, 2007 0 comments
Links
Mac OS X Reversing Blog:
Yet Another Reverse Engineering Blog
POP/POP/RET (RE:Trace) Blog
Reverse.put.as
OS X Reversing Related Articles:
The 0xf001's OSX Reversing Section (dead)
Phrack : PowerPC Cracking on OSX with GDB
Phrack : OS X heap exploitation techniques (PPC)
ToxicSoftware's AquaticPrime Warning and AquaticPrime Aftermath
A Brief Tutorial on Reverse Engineering OS X
WikiBooks Reverse Engineering / MacOS X
Cracking Software on the Mac
OS X Hacks:
CocoaDev Page about Input Managers
CocoaReverseEngineering
Debugging (GDB):
Debugging Assembler on Max OS X : Intro to gdb binary debugging.
Cracking Software on the Mac (GDB Cheat Sheet)
Debugging iTunes and other "non-debug" Apps in GDB.
Apple Technical Note TN2032 - Getting Started with GDB
Apple Technical Note TN2124 - Mac OS X Debugging Magic
Debugging with GDB - Richard Stallman, Roland Pesch, Stan Shebs, et al.
GDB Internals
Apple Technical Q&A QA1388 - Symbol to Library in GDB
Apple Technical Q&A QA1361 - Detecting the Debugger
Apple Technical Q&A QA1279 - Remote or Two-Machine Debugging Applications with GDB
Objective-C / Cocoa / OS X Architecture
Inside the Objective-C Runtime Part One and Part Two
GNU Libtool
Mac OS X ABI Dynamic Loader Reference
Assembly:
Intel assembler on Max OS X Small intro to Assembler under Mac OS X (x86).
The Netwide Assembler: NASM - Apple Document for OS X Intel
Apple Introduction to Mac OS X Assembler Guide
PowerPC Assembly Tutorial
Apple's Developers Docs:
Apple Developer Connection Site
OS X Reversers:
McScribble's Blog and his Disassembler project post
Anti Cracking/Debugging, Discussion about Protection:
Unsanity's Pirate-Me-Not Article
CocoaDev CocoaInsecurity
CocoaDev SoftwareSerializationPiracyDiscussion
Five Reasons To Ignore John Gruber’s OS X Security Punditry
Apple Technical Q&A QA1361 - Detecting the Debugger
Further Readings
Exploring Protocols Part 1 and Part 2
Infecting Mach-O Files
Understanding Apple's Binary Protection in Mac OS X from Mac OS X Internals Book, Bonus Chapter
Breaking Mac OS X and Mach-O Infection
Understanding admin to root privilege escalation in Mac OS X and nice Links
Abusing OS X
Related Blogs
Ilfak's HexBlog
Matasano Chargen, his reversing articles and his development ones
Tools
Class-Dump Project Page and the Author's blog and the CocoaDev Page
Code-Dump Project Page (PPC)
Lua Script OTX output -> IDC -> IDA Enhanced disassembly
Misc
Various Mac OS Reversing Text & Tools
Mac Software Security Links
by KellogS on Monday, April 23, 2007 0 comments
Tools
Essentials:
XCode
On your OS X Install disc or may be downloaded from Apple Developer Connection Site, IDE, API Documentations and a lot of tools.
Darwin Ports
not a reversing tool per see but install a BSD like port system, enabling you to compile a lot of *nix applications from a repository. Works like a charm under MacIntel.
Disassemblers:
otool
Apple's objdump equivalent, already installed on your Mac (or installed by XCode).
otx
otool's bastard son, great disassembler, open source.
otoole
Ehnancer for otool's output.
class-dump
not a disassembler, dump classes and other as Obj-C structure.
Machonist
As for now only a PPC disassembler (may be compared to w32dasm), on its way to be opensourced, and who knows, extended to support x86 code...
HexEditors:
0xED
Suavetech's hexadecimal editor, freeware.
HexFiend
Open Source, BSD like licensed hexeditor.
hte
a bit like hiew (I miss you) but missing assembly edit feature. Need to be compiled from source.
Text Editors:
TextEdit
Installed on your Mac, painful to use with big file (allocate all file in memory).
SubEthaEdit
Handles big files well, nice collaborative feature too, trial version downloadable.
TextWrangler
little free brother of the excellent BBEdit which is commercial _and_ expensive...
Debuggers:
gdb
the GNU debugger, installed as part of XCode, powerful but miss some features when you've grown with SoftIce.
Compilers:
gcc
the GNU compiler, installed by XCode. Compiler for C, C++, Objective C and more. Yes, used by Apple to compile OS X binaries.
NASM
The Netwide x86 Assembler, should be installed with Darwin Ports with a sudo port install nasm.
by KellogS on Monday, April 23, 2007