Ida Pro Mac Os X Download Updated

Ida Pro Mac Os X Download

This writeup is now deprecated. Please come across this resource instead. Also become the related zip file.

This primer shows how to employ the Mac Os X debugger included in IDA v.1. Earlier we kickoff, please download this annal:

macvuln.tgz – a sample vulnerable Mac Bone 10 application which will be used in this primer

Unpack the debugger server files to any directory on Mac OS 10. The debugger server is stand up-alone and information technology is not necessary to have installed the Bone X version of IDA to use it. For this tutorial, we will use the Windows version of IDA. Simply, if you lot prefer, y'all may likewise use the Mac Os X version of IDA, or even the Linux version, they offer the same functionalty.

In club to connect to other applications and debug them, we showtime have to fix the advisable permissions for the debugger server: nosotros need to make information technology setgid "procmod". Hither is how to do information technology:

Please notation the 's' bit in the file permissions. The file grouping should be "procmod". We are at present gear up to launch the the debugger server:

We're all ready! Nosotros can either create new processes or attach to existing ones. Do not forget to protect your debugger server from the outside world. If you forget to password-protect it, anyone tin can connect to the debugger server and launch any plan on the automobile. If your debugger server is direct accessible from the Net (a strategy we practice not recommend!), or if you are working in a sniffable local environment, consider adding encryption such as a SSH tunnel to prevent password sniffing.

Lets at present take a expect at our somewhat artificial macvuln demo application. Nosotros modified the tool we use to generate IDA bulletin files to brand it vulnerable. If you run information technology with a malformed output file proper noun, it crashes:

Let's start IDA on our Windows machine and run into if we can figure out what causes the crash. We begin our session past loading the macvuln file into the database:

and fix the process options in the Debugger,cess options dialog box:

In this dialog we explicitly specify all fields considering, unfortunately, IDA can't read minds withal! Well, except for the port number when it happens to use the default value…

Allow's go for a beginning quick run: nosotros volition but launch the application and allow it crash. This is the easiest mode to locate the crash accost. Pressing F9 will start the application and the immediate result will be a bulletin box virtually a SIGBUS point. The message window will contain this:

To detect out where the sprintf part was called from, nosotros open the stack trace window (Debugger, Tracing, Stack trace):

Obviously, the supplied control line argument has been used as a format cord to the sprintf function. Double clicking on the adjacent line (with the address 757B on information technology) volition brandish the offending code:

Allow'southward rerun the application and suspend it but earlier the sprintf call. This will allow the states to verify our guess about the format string. End the current debugger session with Ctrl-F2 (End process), create a breakpoint with F2 (Toggle breakpoint) and restart the debugger with F9:

When the execution reaches our breakpoint, nosotros double click on the eax register to inspect the memory it points to:

This confirms our guess – yes, the output file name is used equally a format string. Congratulations, you have just discovered your start, somewhat artificial, vunerability in a Mac OS Ten application! Just out of curiosity, nosotros could single step until the call instruction by pressing F7:

If we press F8 to step over, the application will crash. Now that we know what will happen, nosotros better terminate the debugger and fix the application (or clarify other applications to discover more bugs 😉