![]() ![]() Usually in targets such as crackmes, DRM, and malware, the constructors contain interesting code that we usually want to reverse (usually to fool novice reverse engineers).Ĭode execution before main can also be obtained in the load or init methods of Objective-C classes. There are seven mod init function pointers and we will verify the code of each one. This is code that will be executed before main (technically most of the times there is a start function previous to main). More interesting is the _DATA segment, where we can see that the binary contains a few constructors. The Mach-O header tells us it is an i386 binary (this shows the crackme age - i386 is being deprecated in macOS!) with ASLR disabled ( MH_PIE flag not set). The first thing I like to do against a new target is to look at its Mach-O headers, either with otool or MachOView. The crackme is a very simple Cocoa app with an input field and a button.Īnd if we input some random data and press Activate we get the following alert: Let’s start by checking what our target looks like and what should be our goal. It is a fun target written by a very young already showing his great talent (I think he was 12 or 14 at the time). Today’s target is CrackMe_nr1_qwertyoruiop.app. You can click the pictures to see the full size version. It is mostly targeted to newcomers to reverse engineering and macOS. I couldn’t find any public write-up about it so I decided to write one. I had a look when he originally sent it but got distracted with something else at the time and never finished it. So I decided to revisit some unfinished business with qwertyoruiop’s crackme. I have spent the past two years or so mostly writing C code (secure C is more like an asymptote but that is why it is a fun challenge) and barely doing any serious reverse engineering and security research. I was bored this weekend and decided to take some rust out of my reversing skills before they disappear for good. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |