From Collaborative RCE Knowledge Library

Jump to: navigation, search

Mac OS Internals Articles


Item name: Abusing Mach on Mac OS X
Rating: 0.0 (0 votes)
Author: nemo                        
Home URL: felinemenace.org
Last updated: May 2006
Version (if appl.):
Direct D/L link: http://uninformed.org/?v=4&a=3&t=txt
Description: "Abstract: This paper discusses the security implications of Mach being
integrated with the Mac OS X kernel. A few examples are used to illustrate how
Mach support can be used to bypass some of the BSD security features, such as
securelevel. Furthermore, examples are given that show how Mach functions can
be used to supplement the limited ptrace functionality included in Mac OS X.

Hello reader. I am writing this paper for two reasons. The first reason is to provide
some documentation on the Mach side of Mac OS X for people who are unfamiliar
with this and interested in looking into it. The second reason is to document my own
research, as I am fairly inexperienced with Mach programming. Because of this
fact, this paper may contain errors. If this is the case, please email me at
nemo@felinemenace.org and I will try to correct it."
Also listed in: Mac OS Tool Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Advanced MacOS X physical memory analysis
Rating: 0.0 (0 votes)
Author: Matthieu Suiche                        
Home URL: http://www.msuiche.net
Last updated: February 2010
Version (if appl.):
Direct D/L link: http://blackhat.com/presentations/bh-dc-10/Suiche_Matthieu/Blackhat-DC-2010-Advanced-Mac-OS-X-Physical-Memory-Analysis-wp.pdf
Description: In 2008 and 2009, companies and governments (e.g. Law Enforcement agencies) interests for Microsoft Windows physical memory grew significantly. Now it is time to talk about Mac OS X. This paper will introduce basis of Mac OS X Kernel Internals regarding management of processes, threads, files, system calls, kernel extensions and more. Moreover, we are going to details how to initialize and perform a virtual to physical translation under an x86 Mac OS X environment.
Also listed in: (Not listed in any other category)
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Breaking Mac OS X
Rating: 0.0 (0 votes)
Author: Neil Archibald                        
Home URL: http://www.suresec.org
Last updated: April 8, 2007
Version (if appl.):
Direct D/L link: http://felinemenace.org/~nemo/slides/breaking_mac_osx.ppt
Description: This powerpoint is a good sum up of what is possible to do on MacOS X, based on previous research (HD Moore, Nemo, Phrack), the author covers PPC and X86 shellcoding tips as well as most-commons vulnerabilities.
Also listed in: (Not listed in any other category)
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Having fun with Apples IOKit
Rating: 0.0 (0 votes)
Author: Ilja van Sprundel                        
Home URL: http://www.ioactive.com
Last updated: July 4, 2010
Version (if appl.):
Direct D/L link: http://conference.hitb.org/hitbsecconf2010ams/materials/D1T2%20-%20Ilja%20van%20Sprundel%20-%20Having%20Fun%20with%20Apples%20IOKit.pdf
Description: IOKit is the main interface to write drivers in Mac OSX. it’s unlike most other driver interfaces for other operating systems. the data parsing code where the trust boundary is passed is not a simple ioctl() call away, and it’s not written in c (they’re written in c++). A complex system that goes through mach messages and uses rpc is used to communicate with drivers, oh, and it’s virtually undocumented (and the documentation that is there is poorly written at best).

This talk will describe what I’ve found out in my journey as I try to figure out how the IOKit works, and what exactly an attacker has control over (e.g. what pointers are userland pointers, whats the length limitation placed on them, is the buffer already captured by the time it reaches input handling code, …). The IOKit also has several entrypoints, 2 different ways of using 1 entrypoints and offers the possibility to expose 1 system call specifically for your driver.
Also listed in: (Not listed in any other category)
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Infecting the Mach-O object format
Rating: 0.0 (0 votes)
Author: Neil Archibald                        
Home URL: http://www.suresec.com
Last updated: April 8, 2007
Version (if appl.):
Direct D/L link: http://felinemenace.org/~nemo/slides/mach-o_infection.ppt
Description: Disclaimer: This document is NOT intended to be a HOW-TO guide for Apple virus writers, but rather explore the Mach-o format and illustrate some ways in which infection can occur.

Through these slides Neil Archibald (felinemenace.org) invites you in the Mach-o file format, covers native OS anti debugging techniques and universal binaries.
Also listed in: Mac OS Anti Reversing Articles, Mac OS Malware Analysis Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Intro to OS X Reversing
Rating: 0.0 (0 votes)
Author: KellogS                        
Home URL: http://www.macshadows.com/kb/index.php?title=Main_Page
Last updated: May 2007
Version (if appl.):
Direct D/L link: http://www.macshadows.com/kb/index.php?title=Intro_to_OS_X_Reversing
Description: This knowlegde base article introduces to OS X reversing.

1 0.0 Intro
2 0.1 Tools of the trade
3 0.2 Mac Applications (or what the hell is a ".app" ?)
4 0.3 Dashcode
5 0.4 A few things about x86 assembly language
6 0.5 Locating code in the dead listing
7 0.6 Altering the program flow
8 0.7 Assembling new opcode
9 0.8 modifying our target in a hexadecimal editor
10 0.9 Writing a small patcher in C
11 0.A Conclusion
12 0.B Greetings
13 0.C Appendix
Also listed in: (Not listed in any other category)
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Introduction to assembly on the PowerPC
Rating: 0.0 (0 votes)
Author: Hollis Blanchard                        
Home URL: http://www.ibm.com
Last updated: January 7, 2002
Version (if appl.):
Direct D/L link: http://www.ibm.com/developerworks/linux/library/l-ppc/?t=egrL24,p=PowerPC
Description: This official guide from IBM introduce PowerPC assembly with a lot of pointers.
Also listed in: (Not listed in any other category)
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: MacOS X Assembler Reference
Rating: 0.0 (0 votes)
Author: Apple Inc.                        
Home URL: http://www.apple.com/
Last updated: July 1, 2009
Version (if appl.): 1.10
Direct D/L link: http://developer.apple.com/mac/library/documentation/DeveloperTools/Reference/Assembler/000-Introduction/introduction.html
Description: The Mac OS X assembler serves a dual purpose. It assembles the output of gcc, Xcode’s default compiler, for use by the Mac OS X linker. It also provides the means to assemble custom assembly language code written for its supported platforms.

This document provides a reference for the use of the assembler, including basic syntax and statement layout. It also contains a list of the specific directives recognized by the assembler and complete instruction sets for the PowerPC and i386 processor architectures.
Also listed in: (Not listed in any other category)
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Reverse Engineering/Mac OS X
Rating: 0.0 (0 votes)
Author: Wikimedia contributors                        
Home URL: http://en.wikibooks.org/wiki/Main_Page
Last updated: January 1, 2010
Version (if appl.): 1690989
Direct D/L link: http://en.wikibooks.org/wiki/Reverse_Engineering/Mac_OS_X
Description: This wiki book is the fruit of collaborative work from the Mac OS reversing community.

1 Hardware Architecture
2 Software Architecture
2.1 Kernel Sections
3 Commonly Used Tools
3.1 Developer Tools Used
4 Reversing Basics
4.1 Architecture
4.2 Symbols
4.2.1 Symbol Types
4.2.1.1 Internal Symbols
4.2.1.1.1 Example
4.2.1.2 External Symbols
4.3 PowerPC
4.3.1 The Stack
4.4 Intel
5 Reversing for security
6 Reversing for 'cracking'
7 Further Reading
8 Special Notes
Also listed in: (Not listed in any other category)
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)




RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Tools