I wanted to spend some time looking around different file types in the Apple world, and this is what I’ve got.
Mach-O Mach-O is the executable format used on macOS and iOS. In the Windows world this could be like a .exe file.
A Mach-O file contains a header comprised of a series of load commands – commands telling dyld information about the file. Some load commands specify metadata about the file, such as the version it is compiled for, or the file’s entry point.
Read moreOn mobile assessments, we often report the “No Anti-Tampering” finding, but Id’s like to explore this a bit, and maybe show you a different technique to do this.
A lot of the time, is show by attaching Frida to the application, which is fine, assuming that the reader knows how Fida/Objection work under the hood. But let’s assume the reader does not know how Frida works and they only have our finding to go off.
Read moreLets download them
wget https://github.com/radareorg/radare2book/raw/master/crackmes/ioli/IOLI-crackme.tar.gz \ && tar xvzf ./IOLI-crackme.tar.gz crackme0x00 First lets see what happens when its ran.
% ./crackme0x00 IOLI Crackme Level 0x00 Password: Invalid Password! Lets see where Password: is in the strings of the binary.
% strings ./crackme0x00 | grep -B1 -A1 Password IOLI Crackme Level 0x00 Password: 250382 Invalid Password! Password OK :) GCC: (GNU) 3.4.6 (Gentoo 3.4.6-r2, ssp-3.4.6-1.0, pie-8.7.10) Alright, there is a number there, lets use that as the password.
Read more