Some tutorials and other information about reversing MAC OS Reversing

[Artic]

i have noticed there are no real good information about how to get started with OSX reversing. i hope thats a little overview and will help any OSX reversing newbies. (im an OSX newbie myself)

 

a few mac crackmes

 

http://reverse.put.as/crackmes/

 

RCE for newbies on MAC

 

http://reverse.put.as/2011/02/12/universes-best-and-legal-mac-os-x-reversing-tutorial-for-newbies-or-maybe-not/

 

(here is the text file on pastebin posted: http://pastebin.com/vqJBfDcX )

 

part I was removed because it contains a commercial program - maybe i can find it somewhere.

 

Tools for OSX reversing

 

http://reverse.put.as/tools/ (the page is holding local copies of the non commercial tools)

 

list

 

gdbinit – enhanced gdb output

0xEd v1.0.7 – hex editor
(SHA1(0xED.tar.bz2)= f64466b2d3cbf7b6d64eccfc1a36f8c0a7e3866d)

HexFiend – another hex editor
(SHA1(HexFiend.dmg)= 690ac9f60ab85ec6430b3db0376d0d20d3cecd9a)

Synalize it v1.0.3 – hex editor with binary file analysis grammar (looks great!!!) – Original website
(SHA256(SynalyzeIt_1.0.3.1.zip)= ab71d0f2e573321946ec144e60594d4155961b42aeafb2f5b5080bf9961348d0)

OTX v0.16b – disassembler
(SHA1(otx.dmg)= ff4987b7f22da6b289ee2bc7daa7c1a3db64ffed)

offset1.3.pl.gz – my offset calculator for fat binaries
(SHA256(offset1.3.pl.gz)= 2b091f2ea5fddce3ca22251b8d81578ba708811d4a3d2fdce8ae0c8a7972f1b3)

ptool1.3.pl.gz – sort of replacement for otool to display mach-o binaries headers
(SHA256(ptool1.3.pl.gz)= 715481e62978c183ccd82311acb6ccced2d12cab76a0c9ffb0345d653bce37ba)

ocalc.c – ghalen’s offset calculator for fat binaries
(SHA1(ocalc.c)= e32da310af2a25a09fc2de9c4826b113ab8ac705)

onyx-the-black-cat.v0.3 – anti anti-debug kernel module
(SHA1(onyx-the-black-cat-v0-3.tgz)= 194c2e7481113b562c6e23a2b5059769bc9e8ffb)

onyx-the-black-cat-v0.4 – version for Snow Leopard (not 64bit compatible, yet!)
(SHA1(onyx-the-black-cat-v0.4.tgz)= 5dff3c4a9246f2886b470aa0ab60b5e237ca3659)

AlanQuatermain-appencryptor – encryptor/decryptor for Apple Encrypted Binaries
SHA1(AlanQuatermain-appencryptor-a3da7c5.tar.gz)= 3c7f70fed359b7e259f08d00001ead936baef041
(if the tools are out dated on that page - you can use google to find the current versions)

Some information Papers

http://reverse.put.as/papers/

 

for the Tools i forgot to add:

 

Hopper Dissambler (2.8.1) which is for Win/MacOS and Linux.

and it seems to be the best alternative on MacOS, if you cant offer IDA Pro.

 

http://www.hopperapp.com/download.html

 

Patcher on MacOS similar to dup on windows is the iPatcher 2.7.1

(took me a bit to find the last version! - just google it)

 

happy reversing.

 

Last Updated: 25. September 2013

Edited September 25, 2013 by Artic

[Artic]

as alternative to OTX you can also use IDA Pro 6.1 and crossover it into MAC - youll be still able debug Mac apps.

for IDA google is your friend.

IDA isnt able to easy save a patched file, but you can use simply a Hex Editor like WinHex or something.

[LilCe]

Hello Artic. Thanks for your tutorials.

Im reading and download some tools. But I can't find that site at :

 

 

The binary version of OTX doesn't support 64bit binaries, so you should download the version from the

SVN repository. The information is available here: http://otx.osxninja.com/subinfo.html

Edited July 2, 2019 by LilCe