|
|
|
|
|
|
by nicolodev
1017 days ago
|
|
|
Ops! Forgot to write about it (otherwise it would be so long). I did not mention the tools, but I was mainly referring to Hopper Decompiler/Disassembler (definitely no no for me). Altough it seemed the natural choice for reverse engineering macOS applications and daemons, it failed disastrousely on reverse engineering fairplayd. This is where obfuscation is really good at: feeling pain. Hopper tried to disassemblate the binary but still no luck (there was an error due to some bogus instructions referred by a dead branch). I'm seeing improvements for Hopper release by release, but there were some regressions that I noticed.. I tried to import it into Ghidra and it missed some informations during the pass of stack analysis. At the end it was a mess result to read, so I ended it up with IDA (free because I'm a student). Binary ninja also needs some license, I'm trying to afford it. |
|
|
Great article overall, thanks for taking the time to write it up.