Some notes, tools, and techniques for reverse engineering macOS binaries.
Rase 52617365
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ipaddress | |
| def is_ip_in_cidr(ip_address, cidr_range): | |
| try: | |
| network = ipaddress.ip_network(cidr_range, strict=False) | |
| ip = ipaddress.ip_address(ip_address) | |
| return ip in network | |
| except ValueError as e: | |
| return f"Error: {e}" |
52617365
/ custom_scanner_split.go
Last active
September 8, 2024 12:34
A gist that shows how you how to create a custom split callback for the bufio scanner that lets you go until a delimiter that is more than one byte long.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SplitAt returns a bufio.SplitFunc closure, splitting at a substring | |
| // scanner.Split(SplitAt("\n# ")) | |
| func SplitAt(substring []byte) func(data []byte, atEOF bool) (advance int, token []byte, err error) { | |
| return func(data []byte, atEOF bool) (advance int, token []byte, err error) { | |
| // Return nothing if at the end of the file and no data passed | |
| if atEOF && len(data) == 0 { | |
| return 0, nil, nil | |
| } |
52617365
/ debugserver_path.txt
Created
August 18, 2024 08:36
debugserver path on m2 mac, what the fuck
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /Applications/Xcode.app/Contents/SharedFrameworks/LLDB.framework/Versions/A/Resources/debugserver |
52617365
/ rename_objc_stubs_binja.py
Created
August 11, 2024 11:39
This script gets all the stub functions from the __objc_stubs section and renames them depending on the function it's calling
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Example stub caller function that this binary ninja script renames would be like this: | |
| # 1001dc540 int64_t sub_8282828818(void* arg1) | |
| # 1001dc550 return _objc_msgSend(self: arg1, cmd: "_finalRestoreBlock") __tailcall | |
| # Result will be: | |
| # 1001dc540 int64_t objc_stub_caller__finalRestoreBlock(void* arg1) | |
| # 1001dc550 return _objc_msgSend(self: arg1, cmd: "_finalRestoreBlock") __tailcall | |
52617365
/ reverse-engineering-macos.md
Created
August 7, 2024 17:16
— forked from 0xdevalias/reverse-engineering-macos.md
Some notes, tools, and techniques for reverse engineering macOS binaries
52617365
/ initialize_string_table_variables.py
Last active
July 19, 2023 15:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from binaryninja import * | |
| def replace_non_alphanumeric_characters(input_string): | |
| copy = input_string | |
| copy = ''.join(filter(str.isalnum, input_string)) | |
| return copy | |
52617365
/ bn-cheat.md
Created
July 15, 2023 12:27
— forked from alexander-hanel/bn-cheat.md
This is a work in progress by someone who is learning about Binary Ninja.
References
- https://api.binary.ninja/binaryninja.binaryview-module.html
- https://gist.github.com/psifertex/6fbc7532f536775194edd26290892ef7
Get database name
52617365
/ idapython_cheatsheet.md
Last active
August 14, 2024 17:28
— forked from icecr4ck/idapython_cheatsheet.md
Cheatsheet for IDAPython
52617365
/ Cargo.toml
Created
February 26, 2023 07:12
— forked from CoolOppo/Cargo.toml
How to compile to a DLL in rust while using it as a normal rust library
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [package] | |
| name = "test" | |
| version = "0.1.0" | |
| authors = ["YOU <[email protected]>"] | |
| edition = "2018" | |
| [lib] | |
| crate-type = ["cdylib"] |
52617365
/ raflaamoGraphApiResponse.json
Last active
October 15, 2022 08:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "name": "Stone's", | |
| "intervals": [ | |
| { | |
| "from": 1660305600000, | |
| "to": 1660328099000 | |
| } | |
| ], | |
| "seats": 0, |
NewerOlder