Nyx0uf's blog

MISC 47

Mac OS X, Security Posted on January 9, 2010 at 7:34 PM

MISC is a french magazine which talk about security.
For the first edit of 2010 there is a very interesting article on Mac OS X code injection, it’s not something new, but what is really cool is that all the injection are 64-bit, and that’s pretty unusual
The article presents 2 different methods, the first one is classic, it’s a simple dynamic library injection, but the second is much more interesting because it uses Thread hijacking.

No Comments Tags : 64-bit, dyld, injection, Library, Misc, Thread Hijacking
Bootcamp64 sur MacBook

Misc Posted on October 18, 2009 at 4:47 PM
Ce matin j’ai installé Windows 7 64-bit sur mon MacBook blanc, je savais pas quoi faire, et puis sa fera plaisir à certaines personnes..
Une fois l’install terminée un problème s’est présenté, quand j’ai voulu installer les drivers Bootcamp, un message tout moche m’a dit “Boot camp x64 is unsupported on this computer model”, n’importe quoi !

Du coup on lance un cmd en tant qu’administrateur :
1 2 3
cd /d D: cd "Boot Camp\Drivers\Apple" BootCamp64.msi
Et voilà, il whine plus, il s’installe et tout fonctionne nickel, bon sur ce je retourne sur Snow Leopard, parce que bon voila quoi !

see u.
5 Comments Tags : 64-bit, Bootcamp, Windows
Forcer le boot en 64-bit sous Snow Leopard

Mac OS X Posted on September 4, 2009 at 6:23 PM

Snow Leopard est sorti, Apple se targue d’avoir un système pleinement 64-bit (enfin..) et pourtant, seulement quelques machines peuvent booter avec un kernel 64-bit, les machines ‘pro’.
Pour les personnes ayant une machine 64-bit et un EFI 64, il peut être frustrant de ne pas profiter d’un Kernel 64-bit, ce qui est mon cas.
Il est néamoins possible d’outrepasser cette limite, ça relève un peu de la bidouille donc ne vous lancez pas tête baissée dedans, d’autant que pour l’utilisateur lambda il n’y a que peu d’intérêt.

Comment Apple a fait pour prévenir d’un boot en 64 ?
Il y a juste une valeur hard-codée dans le fichier boot.efi qui empêche le boot en 64 selon le modèle de votre machine.
Il va donc falloir modifier ce fichier pour permettre le boot en 64-bit, notez que je ne fais pas de SAV en cas de problème.
Read more…

10 Comments Tags : 10.6, 64-bit, boot, EFI, kernel, Mac OS X, Snow Leopard

Mac OS X 10.5, 32-bit ou 64-bit ?

Mac OS X Posted on July 16, 2009 at 2:22 PM

Je vois souvent des gens (des Apple fanboys en fait) qui disent Mac OS X est 64-bit, pas comme windows ou y a 2 versions blablabla..
Qu’en est-il réellement ? ouvrons le terminal, une commande très pratique existe : file, essayons la sur /bin/ls pour commencer.

[Nyxouf@nyx0ufs-macbook ~]$ file /bin/ls
/bin/ls: Mach-O universal binary with 2 architectures
/bin/ls (for architecture i386):	Mach-O executable i386
/bin/ls (for architecture ppc7400):	Mach-O executable ppc

On voit que le binaire contient du code pour 2 architectures, intel et PowerPC (Universal Binaries), pas de trace de 64-bit.

Bon maintenant, essayons sur un truc un peu plus sérieux :

[Nyxouf@nyx0ufs-macbook ~]$ file /mach_kernel
/mach_kernel: Mach-O universal binary with 2 architectures
/mach_kernel (for architecture i386):	Mach-O executable i386
/mach_kernel (for architecture ppc):	Mach-O executable ppc

J’ai le regret d’annoncer aux fanboys que leur kernel n’a rien de 64-bit, et qu’au final y a pas beaucoup d’applications 64-bit, listons les applications dans /bin et dans /usr/bin en filtrant la sortie avec grep :

[Nyxouf@nyx0ufs-macbook ~]$ file /bin/* | grep 64

Résultat : nada.

[Nyxouf@nyx0ufs-macbook ~]$ file /usr/bin/* | grep 64
/usr/bin/appletviewer (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/apt (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/auvaltool (for architecture ppc64):	Mach-O 64-bit executable ppc64
/usr/bin/auvaltool (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/dsymutil (for architecture ppc64):	Mach-O 64-bit executable ppc64
/usr/bin/dsymutil (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/dwarfdump (for architecture ppc64):	Mach-O 64-bit executable ppc64
/usr/bin/dwarfdump (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/extcheck (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/idlj (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/jar (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/jarsigner (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/java (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/javac (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/javadoc (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/javah (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/javap (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/javaws (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/jconsole (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/jdb (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/jhat (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/jinfo (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/jmap (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/jps (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/jsadebugd (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/jstack (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/jstat (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/jstatd (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/keytool (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/ld64:                            Mach-O universal binary with 2 architectures
/usr/bin/ld64 (for architecture i386):	Mach-O executable i386
/usr/bin/ld64 (for architecture ppc7400):	Mach-O executable ppc
/usr/bin/mpic++ (for architecture ppc64):	Mach-O 64-bit executable ppc64
/usr/bin/mpic++ (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/mpicc (for architecture ppc64):	Mach-O 64-bit executable ppc64
/usr/bin/mpicc (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/mpicxx (for architecture ppc64):	Mach-O 64-bit executable ppc64
/usr/bin/mpicxx (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/mpiexec (for architecture ppc64):	Mach-O 64-bit executable ppc64
/usr/bin/mpiexec (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/mpif77 (for architecture ppc64):	Mach-O 64-bit executable ppc64
/usr/bin/mpif77 (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/mpif90 (for architecture ppc64):	Mach-O 64-bit executable ppc64
/usr/bin/mpif90 (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/mpirun (for architecture ppc64):	Mach-O 64-bit executable ppc64
/usr/bin/mpirun (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/native2ascii (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/ompi_info (for architecture ppc64):	Mach-O 64-bit executable ppc64
/usr/bin/ompi_info (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/opal_wrapper (for architecture ppc64):	Mach-O 64-bit executable ppc64
/usr/bin/opal_wrapper (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/orbd (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/orted (for architecture ppc64):	Mach-O 64-bit executable ppc64
/usr/bin/orted (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/orterun (for architecture ppc64):	Mach-O 64-bit executable ppc64
/usr/bin/orterun (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/pack200 (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/policytool (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/rmic (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/rmid (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/rmiregistry (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/serialver (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/servertool (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/tnameserv (for architecture x86_64):	Mach-O 64-bit executable x86_64
/usr/bin/unpack200 (for architecture x86_64):	Mach-O 64-bit executable x86_64

Ca nous fait environ 50 binaires compatibles 64-bit sur plus de 900 dans ce répertoire.

La même commande dans /Applications nous montre que la seule application d’Apple 64-bit est Chess.app.

Voilà, pour conclure un petit schéma qui vient de AppleInsider, et qui montre que peu de choses fonctionnent en 64-bit sur Leopard.

NB : Tous les tests ont été réalisés sur un MacBook4,1 C2D 2,4Ghz tournant sous Mac OS X 10.5.7.

1 Comment Tags : 10.5, 64-bit, Leopard, Mac OS X, UB, universal binaries

M	T	W	T	F	S	S
« Feb
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

MISC 47

Bootcamp64 sur MacBook

Forcer le boot en 64-bit sous Snow Leopard

Mac OS X 10.5, 32-bit ou 64-bit ?

Recent Posts

Recent Comments

Tags

Language

Calendar

Categories

Links