Extracting libraries from dyld_shared_cache | Worth Doing Badly
I learned to extract working shared libraries from macOS’s dyld shared cache, and learned a bit about Mach-O executables, Objective-C, and problem solving along the way.
mach-o  ios  apple  objc  jailbreak  reverse-engineer  security 
4 weeks ago
Frida and std::string | stek29.rocks
What’s this about? I was looking through issues on frida-core, and #124 got my attention. Here’s the question:
frida  ios  security  debug  reverse-engineer  jb 
10 weeks ago
RE for Beginners | Reverse Engineering
With Reverse Engineering for Beginners you will learn the basics of x86 and get hands-on experience, all for free!
reverse  reverse-engineer  disassemble  security  hack  guide  dev 
july 2018
Frida Engage Part Three | You Down With XPC? | VerSprite
In the final installment of the Frida Engage blog series, we will demonstrate how to use Frida for hooking and inspecting Apple’s NSXPC API using the CleanMyMac 3 application as our guinea pig.
mac  debug  frida  cocoa  apple  security  reverse-engineer  objc 
march 2018
Reverse engineering Spotify and Chromecast protocols to let my vocal assistant play music
I recently tried a Google Home Mini and the most interesting feature is the ability to play music by Spotify directly on a Chromecast. From my point of view, this is the most interesting feature…
reverse-engineer  security  analysis  network  home-automation  media  article 
february 2018
Devhints — TL;DR for developer documentation
Hey! I'm @rstacruz and this is a modest collection of cheatsheets I've written.
dev  ref  cheatsheet  notes  shell  cli  frontend  js  code  webdev  tips  docs  help 
november 2017
RepairPermissions V3 – Now supports repairing permissions on macOS High Sierra | FireWolf Pl.
In OS X El Capitan, without `diskutil repairPermissions`, we can use `repair_packages` in /usr/libexec/ to verify and repair permissions. But now this handy command line tool has been removed from the latest macOS Sierra by Apple. Since it may not be safe to force use the `repair_packages` in macOS Sierra, it’s time for me to rewrite my `RepairPermissions` to support the new macOS Sierra.

mac  utilities  cli  tool 
september 2017
A journey into Radare 2 – Part 1: Simple crackme – Megabeets
I was playing a lot with radare2 (also known as r2) in the past year, ever since I began participating in CTFs and got deeper into RE and exploitation...
reverse-engineering  radare2  r2  debug  disassembler  assembly  security  tutorial 
september 2017
Defeating IOLI with radare2 in 2017
Four years ago, I wrote a blogpost about how to defeat the IOLI crackmes serie. After giving an unplanned workshop at the r2con 2017 (because the main room was too small to handle the unexpected number of attendees, I ended up giving a workshop with xvilka), without any slides not preparation, after waking up at 3am (it was fun), I realised that I'm not using radare2 like I did 4 years ago, and that radare2 itself has changed quite a lot, hence this refreshed blogpost.

r2  debug  disassembler  assembly  reverse-engineer  security  tutorial 
september 2017
Hooking Swift methods for fun and profit - Blog - Securify B.V.
Hooking C/C++ and Objective-C methods has become more common over the years. More tools and frameworks are available and are still being developed in order to perform (security) research and create custom app modifications. Apple introduced a new programming language called Swift that is built on top of the Objective-C runtime. Swift methods can be hooked in a similar, but slightly different way. This article will describe how Swift methods can be hooked.

apple  ios  mac  objc  mach  cocoa  swift  reverse-engineer  disassembly  debug  security 
august 2017
Debugging with GDB Introduction | Azeria Labs
This is a very brief introduction into compiling ARM binaries and basic debugging with GDB.
debug  reverse-engineer  cli  arm  assembly  security  tutorial 
august 2017
Writing ARM Assembly (Part 1) | Azeria Labs
Welcome to this tutorial series on ARM assembly basics. This is the preparation for the followup tutorial series on ARM exploit development (not published yet). Before we can dive into creating ARM shellcode and build ROP chains, we need to cover some ARM Assembly basics first.

arm  assembly  exploiting  ios  android  mobile  tutorial  reverse-engineer  security 
august 2017
Alexa, are you listening?
The Amazon Echo is vulnerable to a physical attack that allows an attacker to gain a root shell on the underlying Linux operating system and install malware without leaving physical evidence of tampering. Such malware could grant an attacker persistent remote access to the device, steal customer authentication tokens, and the ability to stream live microphone audio to remote services without altering the functionality of the device.

hack  reverse-engineer  hardware  electronics  home-automation  security 
august 2017
Reading iOS app binary files - Solared APPscreener
The Internet is full of posts about how Objective-C runtime works. However, to get a complete understanding of what is going on under the hood, it's a good idea to drill down to the rock bottom and see how iOS app code is packed into binary files. And of course, finding yourself under the hood cannot be avoided when tackling reverse engineering tasks.
ios  objc  cocoa  macho  reverse-engineer  security 
july 2017
Essential apps for switching from Mac to Windows - Charged
If you're making the jump from Mac to Windows like I did, you're probably missing some of your favorite apps. Here's a selection of my favorite Windows apps.
windows  app  mac  software  post 
june 2017
Parsing Mach-O files - Low Level Bits
This article describes how to parse Mach-O file and explains its format a little bit. It’s not a definitive guide, though it might be helpful if you don’t know where to start. For more information consider reading official documentation and header files provided by operating system.
blog  ref  objc  macho  apple  mac  osx  analysis  reverse-engineer  binary  runtime 
may 2017
Fuzzy & Pixelated PDF Copy & Paste from macOS Preview | David Gleich: a notebook
Too long, don't want to read. Symptom. Cutting and pasting sections of PDF files from macOS / OSX Preview results in fuzzy and pixelated images where you were expecting vector PDF data to be copied and pasted. Correlated symptom. You will be able to get vector data if you copy and paste an entire page instead of…
article  mac  debug  research 
may 2017
Filenames and Pathnames in Shell (bash, dash, ash, ksh, and so on): How to do it Correctly
This article explains how to correctly handle filenames in Bourne shells (the primary shell of Unix/Linux/POSIX systems), based on the issues discussed in 'Fixing Unix/Linux/Filenames'. Many programs fail to work properly on filenames that include spaces, begin with dash (-), include newlines, and so on, because developers don't know how to do it properly. Many texts, even good ones, get this wrong.
shell  zsh  bash  cli  article  term 
may 2017
Manual Analysis of ‘NSKeyedArchiver’ Formatted Plist Files - A Review of the NEW OS X 10.11 “Recent Items”
In my iOS Frequent Locations blog post, I mentioned that the locations are
stored in a ‘less than analyst friendly’ format. These plist files are in a
binary plist format – no different than other binary plists except it is
hard to put context to their structure. Rather than directly associate
apple  forensics  security  reverse-engineer  mac  osx  article  cocoa  plist 
may 2017
gdbinit's papers.put.as

This is my archive of papers related to Mac OS X, iOS, and (U)EFI Firmware. It was previously hosted at my blog but moved here for easier management.
osx  mac  ios  objc  mach-o  security  reverse-engineering  reference  docs  guide  cocoa  xnu  darwin  kernel  jailbreak 
may 2017
My Text Corpus in 2017
I've long used nvALT and Dropbox to maintain my collection of notes on my Mac. The benefit of this system is that so many iOS applications sync with Dropbox. I can search and edit my large collection of notes almost anywhere that I'm sitting.
april 2017
cortesi - Things I found on GitHub: shell history
Github recently introduced hugely improved code search, one of those rare moments when a service I use adds a feature that directly and measurably measurably improves my life. Predictably, there was soon a flurry of breathless stories about the security implications. This shouldn't have been news to anyone - by now, it should be clear that better search in almost any context has security or privacy implications, a law of the universe almost as solid as the second law of thermodynamic...
git  github  search  code  dev  cli  find 
march 2017
A Review of ZSH Completion
…the ZSH completion guide has been updated with details of the new completion system. Although it contains some of the structural details required for quickly writing correct completion scripts, completion details common to many utilities aren't included. In response, I've tried to compile some principles, mailing-list wisdom and other disambiguation for this hairy topic.
cli  shell  zsh  terminal  completion  scripting  sysadmin  guide  blog 
march 2017
MacBook Pros and External Displays — Erica Sadun

What I didn’t expect was how awful the text looked on it. I hooked up the monitor to the MBP using my Apple TV HDMI cable. The text was unreadable. I use similar TV-style monitors for my main system and they display text just fine. However, I’m using normal display ports and cables for my mini. This is the first time I’ve gone HDMI direct.
mac  hardware  modify  osx  config 
march 2017
The Confusatory — iOS Debugging: Device Console Without Wires
For years, I’ve wanted to wirelessly view my iOS device’s console log. The system log often contains useful information from the kernel, system daemons, and any currently-running apps. Xcode briefly supported wireless debugging in Xcode 4, and this included wireless console log access, but it was pulled from later versions and has never re-appeared.
ios  apple  cocoa  xcode  debug  log  console 
march 2017
Omni Group Automation
Welcome to OMNI-AUTOMATION.COM, a website dedicated to automation support in the apps from The Omni Group.
automation  omnigroup  mac  ios  apple  scripting  javascript  jxa  applescript  workflow 
march 2017
Reverse Engineering Mac OS X Alias Version 3 Data Objects
Reverse Engineering Mac OS X Alias Version 3 Data Objects for Digital Forensics purposes.
mac  osx  reverse-engineer  debug  analysis  article 
march 2017
Supported Mac models for Night Shift in Sierra 10.12.4
Night Shift was introduced in macOS Sierra 10.12.4 (Build 16E144f and Public Beta-1) and is controlled by the CoreBrightness.framework and you'll need at least one of the following – or later – Mac models: MacBookPro9,x iMac13,x Macmini6,x MacBookAir5,x MacPro6,x MacBook8,x Apple did not release any information about this. Not just yet, but I know this…
mac  osx  tweak  reverse-engineer  hack 
march 2017
Jean-Marc Denis - Black
Black is a wallpaper series using shapes and lights. High resolution rendered using Cinema 4D, for your phone and desktop.
wallpaper  design  ios  mobile 
february 2017
quellish - Measuring Custom App Behavior in Instruments
Measuring Custom App Behavior in Instruments Scrolling, scrolling, scrolling. There I was, scrolling a table view in the Simulator like so many other iOS engineers. And just like them, my table view...
mac  debug  dtrace  instruments  reverse-engineer  cocoa  trace  article  tutorial 
february 2017
Bypassing System Integrity Protection using DeployStudio permanently (?) -
How to use DeployStudio to run a script to change the permissions on a Mac System, and keep these 'less-restricted' permissions while SIP is enabled.
mac  osx  security 
january 2017
Disassembling Sublime Text - Tristan Hume
This afternoon I spent some time with the free trial of the Hopper Disassembler looking through the binary of Sublime Text 3. I found some interesting things and some undocumented settings.
disassembly  reverseengineering  analysis  hopper  debug  sublimetext  python 
december 2016
[0day] Bypassing Apple's System Integrity Protection › abusing the local upgrade process to bypass SIP
Here, let's dive into the technical details of how an attacker can easily bypass Apple's System Integrity Protection (SIP) on a fully patched macOS system. Armed with this 0day attack, hackers can modify protected operating system components or make malware that is itself protected by SIP...and thus quite difficult to delete :/
security  objc  osx  macosx  apple  exploit  mac  article  reverse-engineer  hack  analysis 
december 2016
Computational Methods in the Civic Sphere
Computational Methods in the Civic Sphere
A winter elective on programming and journalism for the Stanford Computational Journalism Lab
code  data-visualization  cli  terminal  data-journalism  education  course  unix  shell  tools  data 
december 2016
Through the Realms of Reverse Engineering: A First Look at Tweak Development: Enabling File URL Support for Safari
I've always been interested in getting into tweak development, but I've been busy doing other things, and I've also not had a jailbroken iPhone (sigh). A few days ago, I got my golden chance. It was a request on the r/jailbreak subreddit, asking for a tweak to enable browsing the filesystem using the Safari browser through the file:// protocol/scheme. I imagined it was a simple tweak to develop, which would be suitable for a first time tweak.
ios  jailbreak  jb  tweak  reverse-engineering  hopper  disasmbler  debug  hack  inspect  objc  mach 
november 2016
» Building libraries for iOS
In this blog we talk about how to build a library in a simple way. This is designed for those who only care about the quickest and easiest way to build a command line program or a dylib for a jailbroken iOS platform. So, it is not an exhaustive manual of all the possibilities but rather a quick reference guide to get you started.

ios  jailbreak  jb  article  guide  blog  cli  terminal  shell  compile  clang  apple 
october 2016
Hacking PLAYBULB candles
PLAYBULB candles are smart LED candles that can be controlled by mobile Android/iOS devices. The official apps are good enough but I'd like to be able to control these candles using say a STACK Box or a NINJA SPHERE (when I'll get them). The candles are Bluetooth Smart (aka Bluetooth Low Energy or BLE) devices so that shouldn't be…
reverse-engineer  hack  analysis  debug  trace  bluetooth  Linux  article  post  hardware 
september 2016
discovering how Dropbox hacks your mac
Following my post revealing Dropbox's Dirty Little Security Hack a few weeks ago, I thought I'd look deeper into how Dropbox was getting around Apple's security. After a little digging around in Apple's vast documentation, it occurred to me to check the authorization database and see if that had been tampered with. According to the…
osx  mac  apple  security  dropbox  accessibility  hack  reverse-engineering  cocoa  debug  article  post 
september 2016
Who needs decrypted kernels anyways?
One major change in iOS 10 is the lack of encryption for 64bit iOS kernelcaches. Prior to iOS 10 the standard technique to investigate the iOS kernel was to ...
ios  objc  jailbreak  jb  kernel  reverse-engineer  security  hack  dump  extract 
september 2016
What every iOS Developer Should Be Doing with Instruments - Universal Mind
Introduction You’ve just wrapped up development on a shiny new iOS project and have done your best to ensure that the app doesn’t crash and it seems to run ok on your test devices, but is it ready to submit? If you haven’t done any profiling in Instruments, the answer is probably no. Just because …
debugging  ios  xcode  apple  article  tutorial  blog  objc  trace  cocoa 
august 2016
How to Turn a Jailbroken iPhone into Jarvis
Or, How to Turn a Jailbroken iPhone into Jarvis

Welcome to the future. The future where you can speak to your phone and have your light come on. Yeah really...
ios  objc  jb  jailbreak  siri  home-automation  hue  ifttt  google  hack  guide  article  tutorial  tweak  lighting 
august 2016
Mac (Pete's notes)
productivitiy enhancements for Mac
apple  mac  macos  osx  sysadmin  scripting  tools  software  apps 
august 2016
theiostream : Patching iphone-gcc binaries to armv7s
Patching iphone-gcc binaries to armv7s Theos Issue #53 is, as described: “ and typing “$THEOS/bin/nic.pl” my MobileTerminal executes: Illegal Instruction: 4 ” So, this means that perl got us an...
ios  jailbreak  jb  gcc  arm  architecture  cli  tweak  assembly 
august 2016
Installing Fonts on iOS
iOS comes with a selection of fonts that cover the major writing systems of the world. Some apps, however, need to install additional fonts for system-wide use. Third party keyboards for iOS, for example, may enable input for writing systems that iOS doesn’t support, and such keyboards are only useful if they also provide fonts for their writing systems. This article describes how such apps can package and install fonts
font  ios  guide  tutorial  article  blog 
august 2016
Obfuscation, Encryption
Like many others I was happy to read the news that team Pangu released a jailbreak for iOS 9.3.3. A jailbroken device is especially useful in the field of security research, where we rely on root
jailbreak  apple  Inject  disassemble  exploit  hack  analysis  debug  reverse-engineer  ios  jb  inspect  article  programming  objc  mach-o  obj-c  blog  cocoa  decompile  decrypt 
august 2016
Shut up snitch! – reverse engineering and exploiting a critical Little Snitch vulnerability
Little Snitch was among the first software packages I tried to reverse and crack when I started using Macs. In the past I reported some weaknesses related to their licensing scheme but I never
mac  apple  reverse-engineer  osx  network  mach-o  reverse-engineering  cocoa  objc 
july 2016
Jonathan Li: Using CFNETWORK_DIAGNOSTICS for network log for iOS
CFNetwork has built-in support to log network activity for iOS device by setting the environment variable CFNETWORK_DIAGNOSTICS.
ios  obj-c  objc  dev  debug  trace  network  log  inspect  http  osx  cocoa  carbon  mac  apple 
july 2016
davidosomething.com | Setting up Vim for JavaScript development
Comparisons and information for useful JavaScript-specific plugins
javascript  vim  ide  ECMAScript  howto  js  plugins  setup  web  article  post  tutorial  guide 
july 2016
Index of resources related to theming OS X
june 2016
mikeash.com: Friday Q&A 2015-08-14: An Xcode Plugin for Unsmoothed Text
Getting Xcode to display unsmoothed text in its editor has been an ongoing battle which finally required me to write an Xcode plugin to impose my will. Several readers asked me to discuss how it works, which is what I'm going to do today.
fonts  programming  xcode  objc  osx  cocoa  reverse-engineering  plugin  hack  debug 
june 2016
BezelServices on OS X - Robert Sesek
Overview BezelServices is a subsystem on Mac OS X that acts as a glue layer between HID device drivers in the kernel, preferences that influence the behavior of those devices stored in CFPreferences,
macosx  mac  apple  objective-c  reverse-engineer  cocoa  mach-o  osx  debug  framework  obj-c  objc 
june 2016
References For Learning & Using Applescript
AppleScript is a rather peculiar scripting language to learn.

Its so-called natural language syntax is loved by some and hated by others.

It has a relatively small core language, but many if not most scriptable applications have
terminology and syntax unique to that app. This means you have to be willing to learn the
quirks of every new app you work with.
applescript  reference  osa  apple  mac  automation  scripting 
june 2016
« earlier      
#automation #osx #productivity (popular (programming *nix 1password 2devon @1password @hardware @ios @keyboard @keyboard_maestro @mac @remote_desktop @tools accessibility accessory ack activerecord activity admin advice ag ai alexa alfred amazon analysis android angularjs api app apple applescript apps arch arch_install architecture arm article asm assembly asus auth automate automation automator awesome awesome-lists backup backups bash best-practice best-practices bestpractices binaries binary blog bluetooth book bookmark bookmarklet bookmarklets bookmarlet books bootable breakpoint brewing bright brightness browser bundle c# cache caching carbon cellular cheatsheet cheatsheets chrome chromebook clang cli client client-side clojurex cloud clutch cocoa code codeguidelines coding coffee coffeescript collection color colors colorscheme comcast command command-line command_line commandline compile compiler compilers completion conference config consolas console course crash cs css css3 cve cycript cydia d dalli daring dark darwin dashboard data data-journalism data-structures data-visualization database datascience db debug debugging decompilation decompile decompiler decrypt defaults design dev development devops devtools dictionaries dictionary directory disasmbler disassemble disassembler disassembly display diy docs docset documentation dom dotfiles dotnet download drafts drafts_app drive drm dropbox dsm dtrace dump dwb dyld ebook echo ecmascript ecommerce editor education electronics emacs email embedded-systems en engineering environment ergonomics exploit exploiting expose extension extract faq faves feed file-format filter find fireball firmware fitness fix flex fluid font fonts for forensics framework free freebsd frida from frontend fscript gcc gdb gem generator git github gitup gmail goods google googlereader grape grep grid gui guide ha hack hacking hammerspoon hardware harmony heart_rate_monitors help hidden home home-automation homebrewing hopper howto howto:linux:synology:nas html http hue icon ide ifttt illustrator image index inject input inspect instruments interesting's internals internet ios ios-development ipa ipad ipc iphone iphone/cydia items jailbreak javascript jb jetsam jit js json jxa karabiner kernel keybindings keyboard keyboard_maestro keyboardmaestro keys language) lastmac launchd layout laziness learning lib library light lighting line links linux linux-kernel lion list lldb log logging logitech mac mac-os-x mach mach-o machine machinelearning macho macos macosx macstories mail markdown media memcache memory metadata mission-control mjolnir mobile model modify module modules monospace moxii2 music nas nerd network networking news node.js nodejs notes obj-c objc objective-c omnigroup onlinetools opensource openwrt operating-systems optimistic optimization organize orm os osa osx other_app overlay overload packer palette parsing pattern pentest perf performance permalink philps photo photography photoshop pinboard pinboard) plain-text player plist plistbuddy plugin plugins plutil pocket podcast polar post practice preference prefs presentation preview product productivity products programming property-list protocol provisioning proxy python pythonista qnap qos quora r2 rack radare2 rails raspberry-pi raspberrypi read redirection redis reduce ref reference regex regular-expressions remote-control-systems repo repos repository research responsive retina reverse reverse-engineer reverse-engineering reverseengineering revert review route router routing rsi rss rsync ruby runtime rwd s3 saas sass saved scheme scrape screen screencast script scripting scro scss sdk search security sensors seo server service setting settings setup sh shell shop shopping shortcut shrink siri size sketch slug snippet snoop software software_mac software_utility sonos source spaces sparsebundle speed spotlight sql ssh ssl stackoverflow stellar storage stuffs style styleguide sublimetext swift swizzle sync synology syntax sys sysadmin tabelle talk temperature template tensorflow term terminal text theme themes theos time time-machine timemachine tips tmux tonight tool tools trace tutorial tutorials tweak tweaks tweet twitter typing typography udp ui undo unix unread update upgrade upload upnp url us user utilities ux vagrant vanity variables vcs vera version-control vi via:popular video view vim vim-colorscheme virtualization vm wallpaper web webapp webdesign webdev wemo wget wifi windowmanager windows workflow wrapper writing wrt x xbox xcode xmpp xnu xpc zsh

Copy this bookmark: