Reverse Engineering
It's the certificates, stupid!
clownpertino - A simple macOS debugger detection trick
Cracking the Crackers
Flare-On 2024 Challenge #5 - sshd
Abusing Go's infrastructure
Attacking the heart of an OpenRG modem
Knock Knock! Who's There? - An NSA VM
How to build a custom and distributable lldb
How to use GitHub Actions and private repositories to deploy a Hugo static site
The Finfisher Tales, Chapter 1: The dropper
Is macOS under the biggest malware attack ever?
Blog Update
FruitFly's dropper script and its missing tricks
Why I Left Twitter
How to make LLDB a real debugger
Crafting an EFI Emulator and Interactive Debugger
Keygenning Carbon Copy Cloner Keychain Password
Reversing and Keygenning qwertyoruiop's Crackme
lldbinit - Improving LLDB
Measuring OS X Meltdown Patches Performance
Exploiting CVE-2017-5123
How to compile AFL's LLVM mode in OS X
Papers
gdbinit
Blog migration to Hugo
Armory Sandbox – Building a USB analyzer with USB armory
EFI Swiss Knife – An IDA plugin to improve (U)EFI reversing
Shut up snitch! – reverse engineering and exploiting a critical Little Snitch vulnerability
Apple EFI firmware passwords and the SCBO myth
SyScan360 Singapore 2016 slides and exploit code
The Italian morons are back! What are they up to this time?
Reversing Apple’s syslogd bug
Gatekeerper – A kernel extension to mitigate Gatekeeper bypasses
London and Asia EFI monsters tour!
Rootfool – a small tool to dynamically disable and enable SIP in El Capitan
Writing Bad @$$ Lamware for OS X
BSides Lisbon and SECUINSIDE 2015 presentations
Reversing Prince Harming’s kiss of death
The Empire Strikes Back Apple – how your Mac firmware security is completely broken
How to fix rootpipe in Mavericks and call Apple’s bullshit bluff about rootpipe fixes
How to bypass Google’s Santa LOCKDOWN mode
BadXNU, a rotten apple! – CodeBlue 2014, SyScan 2015 slides and source code
https is now (finally) supported!
Happy New Year!
Patching what Apple doesn’t want to or how to make your “old” OS X versions a bit safer
Can I SUID: a TrustedBSD policy module to control suid binaries execution
The double free mach port bug: The short story of a dead 0day
Shakacon #6 presentation: Fuck you Hacking Team, From Portugal with Love.
About the processor_set_tasks() access to kernel memory vulnerability
Revisiting Mac OS X Kernel Rootkits Phrack article is finally out!
Rex vs The Romans – Anti Hacking Team Kernel Extension
Teaching Rex another TrustedBSD trick to hide from Volatility
Don’t die GDB, we love you: kgmacros ported to Mavericks.
Analysis of CoinThief/A "dropper"
AppleDoesntGiveAFuckAboutSecurity iTunes Evil Plugin Proof of Concept
Updated version of Onyx The Black Cat
Linux/HackingTeamRDorks.A, a “new” and improved version of Linux/CDorked.A
Breaking OS X signed kernel extensions with a NOP
One small patch for GDB, one giant leap for reversers!
Why ESET’s OS X Rootkit Detector is useless...
SyScan360 Beijing slides
HiTCON 2013 slides
Gone in 59 seconds: tips and tricks to bypass AppMinder’s Jailbreak detection
Another gift: Crackme #1 source code from hell!
Clapzok.A: reversing the OS X part of a multiplatform PoC infector
Gimmedebugah: how to embedded a Info.plist into arbitrary binaries
The "all" new Onyx The Black Cat!
NoSuchCon #1 debrief and slides
Hydra, the sample util I am unable to describe!
There is an error in my SyScan slides!
SyScan13: Revisiting Mac OS X Rootkits presentation
How to compile GDB in Mountain Lion (updated)
OS.X/Boubou – Mach-O infector PoC source code
Ice the Guardian v2, the OS X anti-lamware
Happy new year, 2013 edition!
A quick review of Mac OS X and iOS Internals – To the Apple’s Core
Otool-ng – a set of small patches to Apple’s otool
Kextstat_ASLR util or how to start hiding your kernel rootkit in Mountain Lion
5 years of reverse.put.as
My first Hackintosh
OS X Malware at Confraria de Segurança da Informação presentation slides
Tales from Crisis, Chapter 4: A ghost in the network
Tales from Crisis, Chapter 3: The Italian Rootkit Job
Tales from Crisis, Chapter 2: Backdoor’s first steps
Tales from Crisis, Chapter 1: The dropper’s box of tricks
ExtractMachO: an IDA plugin to extract Mach-O binaries from disassembly
HITCON 2012 Review and slides
Secuinside 2012 Review and Slides
See you in Asia!
"Sandwich" CrackMe tutorial by qwertyoruiop
A little social and economics experiment
How to compile GDB for iOS!
gdbinit v8.0: simultaneous support for x86/x86_64 and ARM architectures!
Dynamic Code Encryption in OS X: the crackme example!
A small improvement to OS X “rootkitery”: bruteforcing sysent discovery, fast & easy!
AV-monster: the monster that loves yummy OS X anti-virus software
Obfuscation #2: Playing entrypoint hide & seek game with dyld
A little more fun with Mach-O headers: adding and spoofing a constructor
Anti-disassembly & obfuscation #1: Apple doesn’t follow their own Mach-O specifications?
Anti-debug trick #1: Abusing Mach-O to crash GDB
We have a crackme winner!!!
My first crackme... from hell, I hope :-)
A Mac OS X port of Phrack’s CheckIDT util by kad, or another way to retrieve sysent address
gdbinit v7.4.4 – the skip command
Some comments about plugin-alliance.com protection...
Merry Christmas, Happy New Year and some notes...
Evil iTunes Plugins from Hell
gdbinit v7.4.3
Display Mach-O headers plugin for IDA
How to create IDA C/C++ plugins with Xcode
Using OS X TrustedBSD framework to protect critical files
Poking around Sentinel HASP Envelope for Mac OS X :-)
A small rant about dongles: the developer who can’t correctly implement a HASP!
Fixes for the TrustedBSD backdoor – Rex the wonder dog v0.2
Abusing OS X TrustedBSD framework to install r00t backdoors...
4th anniversary...
Apple Sandbox Guide v1.0
Apple’s Sandbox Guide v0.1 – early draft release
Using Apple’s sandbox feature for reversing purposes
Removing iTunes 10.4 m3u processing feature with a small loader
Another patch for Apple’s GDB: the define/commands problem
How GDB disables ASLR in Mac OS X Lion
gdbinit v7.4.2, Github and Twitter
gdbinit v7.4
Added a new page, Papers & Presentations
A little vulnerability in The Heist iOS game or how to get (more) free Steam codes for Eets game!
How to remove iPad/iPhone/iPod Touch encrypted backups password if you forgot it
An interview with CrackZ and (incomplete) source code to Contract Killer "trainer"
Newsflash: How to fuck up 40 million USD – The New York Times paywall and its iPad app
Hacking a freemium iOS app: Contract Killer … or unlimited play without spending a dime (or any other currency)
Small update to gdbinit and to the website
Update to GDB patches – fix for a "new" bug
There’s a new protection in town, Software Passport, from the developers of Armadillo :-)
It’s not my war but...
Universe’s best and legal Mac OS X reversing tutorial for newbies (or maybe not!)
Another update to gdbinit for iOS and ARM support to ptool.pl and offset.pl
Need help with code signing in iOS!
gdbinit v0.1 for iOS (iPad at least :-))
How to make an iPad connect thru a ssh SOCKS proxy + iOS "spyware"
Why cracking the vast majority of Mac apps isn’t that sexy...
Reversing the exit(173) from the Mac App Store
The sad state of reverse engineering software/hardware protections
The Mac App Store... Security broken by design?
A semi-automated way to find sysent
A new GDB frontend and some pics from the past
GDB anti-debug, Otool/otx anti-disassembly… It’s Challenge number 3 !!!
How to Keygen MSJ Kracking Challenge ’10 – Challenge #1
Very small update...
Onyx the Black Cat v0.4 for Snow Leopard
OS X Crackmes
gdbinit v7.3
reverse.put.as is back in a new format...
Brief analysis of the VLOK protection
A new util to process Mach-O binaries information (or a replacement to otool -l)
Happy new year and a small christmas gift!
Snow Leopard impact into reverse engineering world...
Small gdbinit update...
GDB patches
Anatomy of a GDB anti-debug trick part II: GDB isn’t alone!
Reversing Pokerstars online poker client (I hope they aren’t from Vegas !!!)
Anatomy of a GDB anti-debug trick
Fix for Apple’s GDB bug or why Apple forks are bad...
Workaround for Apple’s GDB bug...
gdbinit 7.1.7 and some bla bla bla...
A little disassembler for MPress packer...
How to dump a MPress packed binary...
A memory dumper for Apple crypted binaries! Hurray !!!
How to dump an Apple protected binary
"Removing" Apple code signing from a binary...
Cracking a Mac OS X Screensaver
A bunch of old tutorials...
Defeating Little Snitch and thinking about piracy...
Onyx The Black Cat v0.3
Mach-O binary offset calculator
Why is kernel debugging fun?
Mac OS X Kernel debugging with VMware
Serial phishing tutorial !!! It’s hot hot hot ;)
World’s best Mac OS X reversing tutorial for newbies (or maybe not!)
iWork/Photoshop Trojan or Botnet Binary found
Gdbinit v7.1.6
How to compile GDB and other Apple open source packages in Mac OS X
Mailing list and IRC channel
More gdbinit addons!
A lazy xmas gift or a lazy addon to gdbinit
Apple’s GDB Bug?
What’s wrong in this picture?
gdbinit version 7.0 (and 7.1)
Onyx The Black Cat v0.2
Extended attributes in Mac OS X and Remote Buddy
Onyx The Black Cat v0.1 – Anti Anti-debug kernel module
The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler
"Hacker" Challenge
PTHPasteboard 4.4.0! Generic Mac OS X protector is found?
News...
Little Snitch continued or the broken nib files!
Kernel module for syscall interception and fixing ptrace
Mac OS X Age of Empires III 1.0.4 NO CD patch
Mac OS X Code injection
More Mac OS X anti-debugging
How to bypass a protection with a single byte
Reversing You Control Desktops v1.2
How to change /etc/hosts
Change network card MAC address
GDB input radix option
Must have tools
About
Crackmes
Patches