Questions tagged [macos]
The macos tag has no usage guidance.
36
questions
0
votes
0
answers
28
views
Serializing and Deserializing XPC objects (xpc_object_t)
As the title suggests, I am interested in serializing/deserializing xpc_object_t type objects. Unfortunately, there does not seem to be an official or private API that supports this in a robust ...
- 11
1
vote
0
answers
22
views
Differences between Mach Services and XPC Services in macOS Sandbox Profiles
I am trying to learn more about IPC implementations (mach/xpc) and how corresponding services are managed using sandbox profiles on macOS.
After looking at many different profiles, I have learned that ...
- 11
0
votes
1
answer
58
views
How can I reverse engineer a self-contained dotnet executable on MacOS?
For a challenge at OWASP WrongSecrets I have build a self-contained binary to be reverse engineered (see https://github.com/OWASP/wrongsecrets-binaries/actions/runs/8244751569), but, I have not been ...
- 101
0
votes
0
answers
28
views
PowerPC Macintosh code injection
I'm reverse engineering a game for the old PowerPC MacOS 9 pc via the static analysis in IDA Pro windows but I want to inject code during runtime(for example via the dynamic library) in an emulator ...
- 33
1
vote
1
answer
438
views
How to extract kext's from kernelcache?
I want to play with reverse engineering the Apple Neural Engine driver, which is a kernel extensions (com.apple.driver.AppleH11ANEInterface). These used to be in /System/Library/Extensions/, but on my ...
- 111
0
votes
0
answers
105
views
Reverse engineering Objective-C blocks
I'm highly experienced with objective-c reverse engineering, but every time I encounter a block representation in the decompiler, right before it is passed as an argument to a function, I can ...
1
vote
1
answer
120
views
Strange entry point for an old Mac OS X x86 32 bit binary
I wanted to reverse engineer an old game for Mac OS X, but I can't figure out how the entry point jumps to other code. The binary is an x86 Macho-O executable and, according to Detect it Easy, it was ...
- 11
2
votes
1
answer
322
views
MachO chained fixups parsing
I'm wondering how the info stored in the chained fixups in the Mach-O file is used to resolve binding and rebases?
My question originated from wanting to parse all the Objective-C classes inside a ...
- 185
0
votes
1
answer
270
views
Extracting obj-c class list from a machO
I'm trying to analyze and get the full list of selectors and their related classes in objective-c by first reading the __objc_classlist section and getting pointers to the struct objc_class list to ...
- 185
0
votes
0
answers
118
views
Ghidra - Mach-O failed to load external libraries
I'm trying to follow the steps in the book "The Art of Mac Malware" and disassemble the malicious part (the patch binary) of the EvilQuest malware with Ghidra instead of Hopper or IDA. (...
- 180
1
vote
0
answers
164
views
How to reverse engineer a USB sump pump controller that is not designed to connect to a computer
I have a sump pump monitor / controller that is USB-enabled. The USB port on the side is designed to hook to a WiFi module or a once-promised, now-canceled, never-produced Z-wave module (which is what ...
- 111
4
votes
0
answers
556
views
How to do live debugging of ARM64 binaries on macOS with M1/M2 chips?
I'm trying to figure out why NSSavePanel fails in my SwiftUI app. I tried every possible documentation, or asking on the Swift programming forums - to no avail.
I'm originally a Windows programmer, ...
- 1,711
4
votes
0
answers
454
views
Ghidra not loading classes and types of external library
I'm analyzing a mac OS framework, and while redefining types in the decompilation view,
I wish to define one of the types as a type defined as NSData class which is defined inside CoureFoundation ...
- 185
1
vote
0
answers
88
views
Patched Mac application throws "Invalid value of (null) for entitlement" when running it
I have patched a specific application that I downloaded from the app store but when I ran the executable, it gave me a signal kill 9. I also reverted back the change I made, but the same error was ...
2
votes
0
answers
213
views
Hopper Disassembler AArch64 assemble instruction syntax error
As the screenshot shown above, I attempt to change cbz to cbnz, hopper gives me "syntax error".
At this moment I can only change it by editing the instruction encoding in hex view as a ...
- 121