From Collaborative RCE Knowledge Library

Jump to: navigation, search

Mac OS


Item name: Abusing Mach on Mac OS X
Rating: 0.0 (0 votes)
Author: nemo                        
Home URL: felinemenace.org
Last updated: May 2006
Version (if appl.):
Direct D/L link: http://uninformed.org/?v=4&a=3&t=txt
Description: "Abstract: This paper discusses the security implications of Mach being
integrated with the Mac OS X kernel. A few examples are used to illustrate how
Mach support can be used to bypass some of the BSD security features, such as
securelevel. Furthermore, examples are given that show how Mach functions can
be used to supplement the limited ptrace functionality included in Mac OS X.

Hello reader. I am writing this paper for two reasons. The first reason is to provide
some documentation on the Mach side of Mac OS X for people who are unfamiliar
with this and interested in looking into it. The second reason is to document my own
research, as I am fairly inexperienced with Mach programming. Because of this
fact, this paper may contain errors. If this is the case, please email me at
nemo@felinemenace.org and I will try to correct it."
Also listed in: Mac OS Internals Articles, Mac OS Tool Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Advanced MacOS X physical memory analysis
Rating: 0.0 (0 votes)
Author: Matthieu Suiche                        
Home URL: http://www.msuiche.net
Last updated: February 2010
Version (if appl.):
Direct D/L link: http://blackhat.com/presentations/bh-dc-10/Suiche_Matthieu/Blackhat-DC-2010-Advanced-Mac-OS-X-Physical-Memory-Analysis-wp.pdf
Description: In 2008 and 2009, companies and governments (e.g. Law Enforcement agencies) interests for Microsoft Windows physical memory grew significantly. Now it is time to talk about Mac OS X. This paper will introduce basis of Mac OS X Kernel Internals regarding management of processes, threads, files, system calls, kernel extensions and more. Moreover, we are going to details how to initialize and perform a virtual to physical translation under an x86 Mac OS X environment.
Also listed in: Mac OS Internals Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Basic OSX cracking
Rating: 0.0 (0 votes)
Author: ProZaq                        
Home URL: N/A
Last updated: 2006
Version (if appl.):
Direct D/L link: Locally archived copy
Description: "So here it is, a whole new OS. Your favorite tools are useless (with the exception of HexEdit) and you don't know where to begin. Although this tutorial will go through the basics, it is aimed at people who at least have a little knowledge about cracking under PPC and OS9. It's a shame that there isn't a decent file for beginners on PPC cracking. For those of you who are complete beginners, I can recommend that you read one of the dozen of tutorials on 68k cracking. Get the general idea about what it's all about and then move over to PPC (my previous file on PPC cracking might help you in the transition). Then finally, read this file."
Also listed in: Mac OS Internals Tutorials
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Breaking Mac OS X
Rating: 0.0 (0 votes)
Author: Neil Archibald                        
Home URL: http://www.suresec.org
Last updated: April 8, 2007
Version (if appl.):
Direct D/L link: http://felinemenace.org/~nemo/slides/breaking_mac_osx.ppt
Description: This powerpoint is a good sum up of what is possible to do on MacOS X, based on previous research (HD Moore, Nemo, Phrack), the author covers PPC and X86 shellcoding tips as well as most-commons vulnerabilities.
Also listed in: Mac OS Internals Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Class-dump
Rating: 0.0 (0 votes)
Author: Steve Nygard                        
Home URL: http://www.codethecode.com/projects/class-dump/
Last updated:
Version (if appl.):
Direct D/L link: Locally archived copy
Description: "This is a command-line utility for examining the Objective-C segment of Mach-O files. It generates declarations for the classes, categories and protocols. This is the same information provided by using 'otool -ov', but presented as normal Objective-C declarations."
Also listed in: Mac OS Tool Tutorials
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Creating Keygens for Cocoa Applications
Rating: 0.0 (0 votes)
Author: whimsy                        
Home URL: N/A
Last updated: 2006
Version (if appl.):
Direct D/L link: Locally archived copy
Description: "This document is an attempt at giving the reader an overview of basic keygen
techniques as they apply to Cocoa applications on the Macintosh. To accomplish
this, we will go through the steps necessary to create a keygen for the
"Pixadex" application, version 1.5.5, which is like iPhoto for icons."
Also listed in: Mac OS Unpacking Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: dnsbf.py - Python script for Reverse dns search in a subnet (dns brute force)
Rating: 0.0 (0 votes)
Author: t0ka7a                        
Home URL: http://infond.blogspot.com
Last updated: April 5, 2010
Version (if appl.):
Direct D/L link: http://infond.blogspot.com/2010/02/dnsbfpy-python-script-for-reverse-dns.html
Description: The first step of a penetration test is to discover hosts in a subnet. In this aim, DNS is your second best friend (after Google :).
First, to know which subnet (ex: 72.14.204.0/23) is associated to a hostname (ex: www.google.fr), you can use the Whois database (ex: with a site as http://www.robtex.com).
Then, to know which hosts are declared in DNS database in this subnet, you can use dnsbf.py :)
dnsbf.py is a script, written in Python, which conducts a Reverse DNS search for all the IPs in a subnet.
Also listed in: Linux Tool Articles, Mac OS Tool Articles, Windows Tool Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: GDB Reference Card
Rating: 0.0 (0 votes)
Author: Free Software Foundation                        
Home URL: http://www.fsf.org/
Last updated: 1998
Version (if appl.): v4
Direct D/L link: http://users.ece.utexas.edu/~adnan/gdb-refcard.pdf
Description: This reference card immediately gives you the needed options to master GDB on every UNIX-like platforms.
Also listed in: Linux Tool Tidbits, Mac OS Tool Tidbits
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Having fun with Apples IOKit
Rating: 0.0 (0 votes)
Author: Ilja van Sprundel                        
Home URL: http://www.ioactive.com
Last updated: July 4, 2010
Version (if appl.):
Direct D/L link: http://conference.hitb.org/hitbsecconf2010ams/materials/D1T2%20-%20Ilja%20van%20Sprundel%20-%20Having%20Fun%20with%20Apples%20IOKit.pdf
Description: IOKit is the main interface to write drivers in Mac OSX. it’s unlike most other driver interfaces for other operating systems. the data parsing code where the trust boundary is passed is not a simple ioctl() call away, and it’s not written in c (they’re written in c++). A complex system that goes through mach messages and uses rpc is used to communicate with drivers, oh, and it’s virtually undocumented (and the documentation that is there is poorly written at best).

This talk will describe what I’ve found out in my journey as I try to figure out how the IOKit works, and what exactly an attacker has control over (e.g. what pointers are userland pointers, whats the length limitation placed on them, is the buffer already captured by the time it reaches input handling code, …). The IOKit also has several entrypoints, 2 different ways of using 1 entrypoints and offers the possibility to expose 1 system call specifically for your driver.
Also listed in: Mac OS Internals Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: How to use Otool
Rating: 0.0 (0 votes)
Author: TheTuKays                        
Home URL: N/A
Last updated: 2006
Version (if appl.):
Direct D/L link: Locally archived copy
Description: "what will be covered in this article:
how to get the method name of a method call
how to find the place in the real file


using otool as disassembler is not that easy as it seems, as otool does not supply much information.
but with some tricks you can have some more data as well."
Also listed in: Mac OS Tool Tutorials
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Infecting the Mach-O object format
Rating: 0.0 (0 votes)
Author: Neil Archibald                        
Home URL: http://www.suresec.com
Last updated: April 8, 2007
Version (if appl.):
Direct D/L link: http://felinemenace.org/~nemo/slides/mach-o_infection.ppt
Description: Disclaimer: This document is NOT intended to be a HOW-TO guide for Apple virus writers, but rather explore the Mach-o format and illustrate some ways in which infection can occur.

Through these slides Neil Archibald (felinemenace.org) invites you in the Mach-o file format, covers native OS anti debugging techniques and universal binaries.
Also listed in: Mac OS Anti Reversing Articles, Mac OS Internals Articles, Mac OS Malware Analysis Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Intro to OS X Reversing
Rating: 0.0 (0 votes)
Author: KellogS                        
Home URL: http://www.macshadows.com/kb/index.php?title=Main_Page
Last updated: May 2007
Version (if appl.):
Direct D/L link: http://www.macshadows.com/kb/index.php?title=Intro_to_OS_X_Reversing
Description: This knowlegde base article introduces to OS X reversing.

1 0.0 Intro
2 0.1 Tools of the trade
3 0.2 Mac Applications (or what the hell is a ".app" ?)
4 0.3 Dashcode
5 0.4 A few things about x86 assembly language
6 0.5 Locating code in the dead listing
7 0.6 Altering the program flow
8 0.7 Assembling new opcode
9 0.8 modifying our target in a hexadecimal editor
10 0.9 Writing a small patcher in C
11 0.A Conclusion
12 0.B Greetings
13 0.C Appendix
Also listed in: Mac OS Internals Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Introduction to assembly on the PowerPC
Rating: 0.0 (0 votes)
Author: Hollis Blanchard                        
Home URL: http://www.ibm.com
Last updated: January 7, 2002
Version (if appl.):
Direct D/L link: http://www.ibm.com/developerworks/linux/library/l-ppc/?t=egrL24,p=PowerPC
Description: This official guide from IBM introduce PowerPC assembly with a lot of pointers.
Also listed in: Mac OS Internals Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: MacOS X Assembler Reference
Rating: 0.0 (0 votes)
Author: Apple Inc.                        
Home URL: http://www.apple.com/
Last updated: July 1, 2009
Version (if appl.): 1.10
Direct D/L link: http://developer.apple.com/mac/library/documentation/DeveloperTools/Reference/Assembler/000-Introduction/introduction.html
Description: The Mac OS X assembler serves a dual purpose. It assembles the output of gcc, Xcode’s default compiler, for use by the Mac OS X linker. It also provides the means to assemble custom assembly language code written for its supported platforms.

This document provides a reference for the use of the assembler, including basic syntax and statement layout. It also contains a list of the specific directives recognized by the assembler and complete instruction sets for the PowerPC and i386 processor architectures.
Also listed in: Mac OS Internals Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: OSX Cracking 101
Rating: 0.0 (0 votes)
Author: Corsec                        
Home URL: www.corruptfire.com
Last updated:
Version (if appl.):
Direct D/L link: Locally archived copy
Description: "There are a few ways to crack apps. One of them we will be doing in this app, but other should be covered in the future. This process can be used on some shareware apps, but most shareware developers are smarter then
this one, and dont code a serial generating function right into the app. This is rare, and for any of you developers out there, DONT DO THIS! Its VERY VERY BAD!"
Also listed in: Mac OS Unpacking Tutorials
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: OSX cracking 102
Rating: 0.0 (0 votes)
Author: Corsec                        
Home URL: www.corruptfire.com
Last updated:
Version (if appl.):
Direct D/L link: Locally archived copy
Description: "This document will cover simple Nop (No operation) cracks and is slightly more practical in the real world. Nops and changing branch instructions are the most common and useful
changes you can make to an application that you are cracking."
Also listed in: Mac OS Unpacking Tutorials
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: OSX cracking 103
Rating: 0.0 (0 votes)
Author: Corsec                        
Home URL: www.corruptfire.com
Last updated:
Version (if appl.):
Direct D/L link: Locally archived copy
Description: "Lets start off with a little disclaimer. Please note that this is for educational purposes only. It will teach someone how to remove protections from programs, but not encourage it for
illegal purposes. The idea, in the guide is to show how people add protections onto software, and how you can use your skills as a computer expert to undo those protections, etc... I am
not responsible for how you use this information. Once you know this stuff, its out of my hands and i have no control what you do, weather it be to use it for illegal activities or go
masturbate. Don't Crack Software, Stealing is Wrong! With that said, lets get Started :D"
Also listed in: Mac OS Unpacking Tutorials
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: RE:Trace Applied Reverse Engineering on OS X
Rating: 0.0 (0 votes)
Author: Tyler Beauchamp and David Weston                        
Home URL: http://www.saic.com/
Last updated:
Version (if appl.):
Direct D/L link: http://www.recon.cx/2008/a/tiller_beauchamp/RETrace-Applied_Reverse_Engineering_on_OS_X.pdf
Description: Through this REcon 2k8 presentation, the authors are introducing Dtrace for Mac OS X reversing, and a framework based on it: REtrace.
Also listed in: Mac OS Tool Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Reverse Engineering/Mac OS X
Rating: 0.0 (0 votes)
Author: Wikimedia contributors                        
Home URL: http://en.wikibooks.org/wiki/Main_Page
Last updated: January 1, 2010
Version (if appl.): 1690989
Direct D/L link: http://en.wikibooks.org/wiki/Reverse_Engineering/Mac_OS_X
Description: This wiki book is the fruit of collaborative work from the Mac OS reversing community.

1 Hardware Architecture
2 Software Architecture
2.1 Kernel Sections
3 Commonly Used Tools
3.1 Developer Tools Used
4 Reversing Basics
4.1 Architecture
4.2 Symbols
4.2.1 Symbol Types
4.2.1.1 Internal Symbols
4.2.1.1.1 Example
4.2.1.2 External Symbols
4.3 PowerPC
4.3.1 The Stack
4.4 Intel
5 Reversing for security
6 Reversing for 'cracking'
7 Further Reading
8 Special Notes
Also listed in: Mac OS Internals Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)




RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.




No items can be added directly to this category, please rather select one of its sub-categories above to submit an item!

Views