Scanning a process' memory using LLDB Mar 23 2020

When performing dynamic analysis, a useful source of information is examining the process’ memory for specific patterns. For example, imagine we would like to obtain information about the current process’ code signature. To get this information, we could search for the specific magic ( CSMAGIC_EMBEDDED_SIGNATURE - 0xfade0cc0 you can verify it in codesign.h), and obtain where that structure is kept in memory. In this post, I’ll show you how to use the Python API provided by the lldb debugger to scan a process’ memory for patterns.

Resigning iOS apps from an IPA for mobile security research Feb 7 2020

When we are asked to perform a black-box security analysis on an iOS app, depending on the scope, we might only have access to the iOS app from the AppStore. But most of the time, the client would give us an IPA. In a black-box analysis, we won’t get access to the source code, so deploying it through Xcode to a Device for testing might be out of the question. One possible solution is to resign the app with a profile that we own and deploy it to our test device. In this post, I’ll explain how to re-sign an iOS app so we can generate an IPA that we can deploy to our test device.

Host naming organisation for your local lab Jan 28 2020

There are many fields in Computer Science, and tech in general, where you’ll want a lab with multiple VMs, containers, or even physical devices running various services. When learning networks, it’s useful to have a local lab. Another example is when doing Reverse Engineering, we sometimes want to work on an ARM processor instead of our desktop x86 processor, so we create a VM.

You get the idea. At some point in your career, you’ll find yourself surrounded by many hosts running services in different ports. Not having a system to reference your host can become a source of confusion. For example, if you stop for the weekend, the following Monday you have to go through your history to figure out if you were using port 2222 or port 2223 to ssh to the VM you were working on last week. In this short post, I’ll show you some techniques I use to keep my lab organised.

Running Raspbian OS on QUEMU to learn ARM assembly Jan 19 2020

If you want to get into mobile security or reverse engineering, you’ll get to a point when you would like to have access to an ARM processor. There are many devices you could use, but one very cheap (in price not in quality) is the Raspberry pi. You can get one for about 35$, which opens up the doors to a lot of learning. But sometimes you don’t want to carry an additional device, so what to do? Well, you can run a virtual machine that is ARM-based. That is what we are going to explore in this short post, how to install Raspbian OS using QUEMU so you can create your own ARM lab.

Understanding buffer overflows using Radare2 Jan 6 2020

Many people have heard about the perils of buffer overflows, but it’s something different to hear about it and another to try to make one yourself and play with it. In this post, we’ll explore the basics of buffer overflow and create an example to understand them better.

We’ll be using radare2, so if you need to install it, go ahead and read the instructions in their GitHub repository.

Let’s start by creating a small program to analyse and exploit with a buffer overflow.

Using Radare2 to patch a binary Dec 28 2019

When reversing a binary, sometimes it’s useful to modify how the binary behaves. We can accomplish this by changing the binary itself. If we had the source code, it’d be easy, but for us, it’ll require looking at the decompiled code and deciding which bytes to modify to get our desired behaviour. We can, for example, change the control flow by changing the jump condition. Or we could modify a string that is used on a comparison, etcetera. The modification of a binary is known as patching. In this post, we are going to learn how to use radare2 to patch a binary.

Using LLDB for reverse engineering Dec 20 2019

I’ve been exploring reverse engineering, and it’s a fascinating topic. There are many ways to analyse a binary. Usually, the analysis is divided into two types, static and dynamic. Static analysis is when you decompile the binary and read the assembly code and try to figure out what it does. On the other hand, in dynamic analysis, you execute the binary and analyse it while running. In general, for dynamic analysis, we use a debugger. As you can imagine, there are many debuggers out there. In this post, we are going to use LLDB to analyse a binary. I’ll explain the basic commands we would use and a general setup that I find useful when doing dynamic analysis.

Let's write some assembly code in macOS for Intel x86_64 Dec 12 2019

This is going to be a small article on the basics of working with Assembly Language. We won’t go deep into building extensive programs in assembly. The main idea of this post is to clarify the workflow for creating an assembly program and some key concepts so you can comfortably begin your assembly explorations.

Let’s first learn about the different assembly syntaxes and types.

Bash Beyond Basics Increase your efficiency and understanding of the shell

If you are interested in this topic you might enjoy my course Bash Byond Basics. This course helps you level up your bash skills. This is not a course on shell-scripting, is a course on improving your efficiency by showing you the features of bash that are seldom discussed and often ignored.

Read More...