PDA

View Full Version : OSX reversing


0xf001
April 4th, 2007, 11:41
heyall,

since I recently got a Mac powerbook, I am examining OSX/PPC quite a lot now ...

I have started an OSX reversing section on my page:

http://www.woodmann.com/0xf001/#OSX

Up to now, I have put there some most basic information/links to tools, I will document my experiences there as time allows it ...

Please if somebody has some documents / links which can be of use to play with OSX, ... post 'em

regards,

0xf001

kojii
April 8th, 2007, 07:27
Hi 0xf001,

Thank you for these links, I posted them on a French forum with the source (your site). Here : http://reverseengineering.online.fr/forum/viewtopic.php?t=1064

Links :

http://www.osnews.com/story.php/10366/A-Brief-Tutorial-on-Reverse-Engineering-OS-X
http://www.osnews.com/story.php/10366/A-Brief-Tutorial-on-Reverse-Engineering-OS-X/page2/

ppc asm (some docs about stack, kernel programming, and more ) :
http://www.felinemenace.org/~nemo/docs/ppcasm/

Non eXecutable Stack Lovin on OSX86 ( Kevin Finisterre ) :
http://milw0rm.com/papers/64

regards,

kojii


[ ps : sorry for my bad english ]

LLXX
April 8th, 2007, 07:44
Reversing on a RISC architecture... don't you find the instruction set a bit... boring, and the code rather florid? That was pretty much my experience with doing some reversing on some older Macs briefly several years ago.

If you've read a lot about OS X, you'll find that things are locked down even tighter than Vista, which does get in the way of reversing.

0xf001
April 8th, 2007, 09:57
hi kojii,

thanks for the links, meanwhile i also found them independently (except milw0rm one)

i have completely redone my page, added a lot of stuff, restructured the categories, extended the OSX part, and now its database driven, finallllly ... makes updating so much more easy

LLXX: nope, i find it damn interesting to learn a new assembly , currently i am really (yet?) excited about it.

you know it, rce isnt only about assembler. i love to study the architecture, especially how apple made OSX from darwin. how they extended it, damn cool, i am impressed. there are new terms like quartz, cocoa, objective-C, ... its refreshing to see something new, which is also a bit familiar with the unix background.

but the best is to see it in action hehe. i am infected wih the OSX virus now ...
and i am looking forward to i-phone hacking ;] !!

regards, 0xf001

y0ush4
January 12th, 2008, 02:12
Me too having an iphone and try to play with a Video Recording application which has a limit of 5 sec.Any tutorial on application reversing for iphone?While i am reading on som basic papers on OSX:-)

wbr

yousha

JMI
January 12th, 2008, 14:36
Although you are somewhat "late" to be reviving this older Thread, rather than starting a new one.

Regards,

BS0D
August 25th, 2008, 14:16
Hey all,

I'm kind of interested in studying macOSX apps. Very interested actually
The link to the page in the original post is not working though...


Does any of you have good links to study reverse-engineering on MacOSX applications, by any chance?

Thanks in advance

JMI
August 25th, 2008, 15:16
BSOD:

As a much too frequent first time poster type, it is necessary that I remind you that we have forum rules available in the FAQ and we went to some considerable trouble to call it to your attention on your way in here. Apparently you didn't bother to read it.

If you had read it, you would already know that we expect posters on these Forums to do their own basic research. So far, all you've said is that you are very interested in OSX reversing and that the link on the first page is not working. So what did YOU do to attempt to solve your desire for information about OSX Reversing, besides post your question here?

If you want to find information on OSX Reversing, why didn't/don't YOU put:

OSX Reversing

in your favorite search engine and YOU read some of the 2,150,000 hits which are available on google and other search engines. After YOU have done some of your own basic research, THEN come back and ask a more pointed and intelligent question which shows that you have made a personal effort to help yourself find what YOU need/want. That's the way things are expected to occur here.

How do you expect to actually "learn" OSX Reversing if you appear to give up when the first link you find no longer works?? Reverse engineering is a long and often difficult road and one of the things you most need to learn is how to find what you want on the net and the determination to go find it.

Regards,

BS0D
August 25th, 2008, 17:32
JMI,

I reversed quite a lot back when i was under windows so I'm very familiar with reverse-engineering. For the record, I was coding crackmes and home-made protections and obfuscation (in ASM mostly). I am now interested in studying a different architecture, just something different, with different applications.

I think you misinterpreted my post and classified me as one of those "pain in the a** newbies" who thinks everything will come to them by just asking, and who won't make an effort to self-improve or increase his knowledge. I honestly don't think that description fits me, in any way.

As a matter of fact, I HAVE done my research, which led me here .
I already got a debugger (more than one actually), a disassembler, a hex editor and looked for tutorials on how to reverse mac apps. As far as the tuts are concerned, I didn't get lucky. Most of the stuff I found dates back to the early 2000s and is now totally obsolete!

I'm stuggling to find out which ones I should use and which ones I should not. IDA for example, is almost beyond me -- very esoteric, and difficult to use for someone who is used to OllyDBG!
For what it's worth, I'm sorry I came off as a pain, but if no one here is willing to help me get started with the basics (from which I could evolve more or less on my own), I'll stop bothering you guys.

I'll give the "more pointed and intelligent question" a try though: what debugger should I use to analyze mac apps? Which applications should I get familiar with?

Thanks, again.

Shub-nigurrath
August 25th, 2008, 18:14
on our forum there's a mac section with some recent tutorials, I think will be of your interest