crazylazy.info

txt

IDA with dvtm in iTerm (with mocp and mc)

To make a cloud of terms I now could start with Dtrace/Ktrace, XNU, Mach, BSD, I/O Kit, launchd, Sandbxing (in 10.5.x), IPFW, Objective-C, executable heaps... the entire architecture including the bsd-init...
- And I would just sum up what I know now: I'm sure I'm always just scratching the surface of huge (seldom documented) topics. Upcoming topics: Macs get more popular every day: even in business. Microsoft has ported Office to the Mac, serving absolute compatibility for any business-Office document. Adobe ships the entire suite, with even more features. There are native device drivers for almost any Human Interface Device, printer, camera, smartphone... Stuff people care about. All because Macs matter. If you like them or not. Same thing with Windows: if you like it or not - it matters.

The reasons are simple: both systems don't surprise the average user. They do what a normal type of user expects and they are more or less effective according to research in Human Task Analysis. And that's it: there's just no space for alternative geeky concepts to bring to everyone. People don't want to waste time debugging Gnome or KDE. That's the difference: they don't want a backend to mess with. Or reverse engineered device drivers.
Here's the point again where the tinkering Machacker differs: he wants to know the MacOS X backend structure. And the Mac Hacker's handbook delivers these backgrounds - but not like a lexicon. Like a guide to explore the depths Apple engineers created: from dark spots to very innovative concepts, from exploitation to aware programming, from administrative security hardening to finding bugs and vulnerabilities. And it was almost too late. Mac users have been on a honeymoon far away from any security problems because no one cared. Now the happy couple, the user and his Mac, return: as low hanging fruits - easy to catch victims. Unaware, feeling secure, and illuminated by - I must say - great marketing and advertisement strategies.

If you seek deep technical facts and the beginning of a journey near to the truth: it's the best book I ever started to read about constructively hacking with Macs. I read MacOS Internals and was wondering why we created Wikipedia. I read lots of White-Papers and background from CanSecWest, Charlie Miller, and Dino Dai Zovi, because they regularly appear on Blackhat, Webcasts, and as names on top of (Wifi injection) exploits... ;) I guess this is the summary; and by the way: this book even focuses post-exploitation, advanced debugging, and reversing with IDA.
But I think they could have used the Mac-variant and the CLI (with iTerm). The disassembling in Windows is - as far as I read for now - unnecessary. Using IDA's native debugger is not a problem any more. The pydbg stuff therefore - as far as I see it - is... not my style of debugging and therefore not the most pragmatic and fastest way to get results.
Furthermore the printouts of source-code (ADC OpenSource repro) seems strangely misplaced, because without proper syntax-highlighting and Objective C's brackets, that's unreadable. I think they used an X11 dependent version of Wireshark ;).

Anyhow: it's a very good book, if you don't mind these details. A little criticism should be allowed - and I hope you don't misunderstand this: it's very deep and very motivating. Worth every site, every dot of ink and every hour you need to read it. Not just for Geeks or Hackers btw.: it's introducing and not too technical that a normal IT person couldn't understand it. It's just a start point. So no worries to begin the journey. You may end up somewhere in a security aware Mac software development or system administration in future.


Stay updated, even with a Mac and habe fun,
wishi