Every reverse engineer who handles software for macOS knows about
ptrace(PT_DENY_ATTACH, 0, 0, 0), the infamous kernel-enforced anti-tracing DRM feature added to OS X years back (somewhere around Leopard) and most-notably used in iTunes. There are plenty of resources out there on how to bypass the common use of this feature, ranging from using a debugger to loading up a custom kernel-extension, but clever hackers have found new ways to abuse this feature to try to prevent researchers from debugging their malicious code.
I debated publishing this for a while as this information could misused, but since these techniques are being used in malware in the wild, I think it’s important to document how to defeat them.
For a long time Apple has had a debugger-detection function on their developer site. It’s not very hard to defeat with a debugger, but since this technique is sometimes used by malware to try to prevent debugging, I decided to document how to defeat it.
Recently I was asked if captchas.net is still secure today. My guess was it probably was not very secure, when compared to the fuzzy text of reCAPTCHA, but I wasn’t sure by how much, so I decided to look into it a bit more.
As you may know, Google has deprecated their old reCAPTCHA V1 API, in favor of their new reputation and image recognition based system. Apparently this may also in-part be because advances in text recognition software is starting to make the fuzzy text challenge obsolete.
As a research experiment, I decided to try my hand at solving captchas.net captchas with only software, and see how well I could do.
Recently while reverse engineering a piece of malicious macOS software to study what exactly it does, I noticed something odd in the binary. There seemed to be a little signature or message in the binary.
(c) 2014 - Cryptic Apps SARL - Disassembling not allowed
It’s not every day you get to release a freelance project as open source, but in this case I’m pleased to be able to release flshm as open source on GitHub.
This project was developed for a client who wanted to add some new features to an existing Flash-based project, but was running into some limitations due to the sand-boxing features which are even present when publishing a desktop application.
UPDATE: This is now obsolete, with the adoption of WebExtensions.
Now that Firefox has built-in developer tools, it makes sense for developer add-ons integrate with them. MDN has some examples on creating a developer tools panel, but the examples do not look anything like the built-in tools, and do not offer any information on how to do so.
In order to make an add-on look just like the built-in tools, these are the technologies we will have to use.
If you ever wanted to use scroll events in your web app, you’ve probably found what a mess it is, I know I did when I was developing this the theme used on this website. There are snippets out there to try to resolve legacy browser issues, but all of them are half-baked and missing basic functionality such as proper feature-detection and the ability to remove an event listener. All of these issues seems simple, but are actually quite complex to implement properly, and without memory leaks.
We can do better! That’s why I created this library.