Onyx The Black Cat
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Simplefs | 827 | 3 years ago | 2 | other | C | |||||
| A simple, kernel-space, on-disk filesystem from the scratch | ||||||||||
| Onyx The Black Cat | 205 | 6 months ago | 4 | C | ||||||
| Kernel extension to disable anti-debug tricks and other useful XNU "features" | ||||||||||
| Meetup | 53 | 4 years ago | HTML | |||||||
| Cat System Workshop is a regular meet-up focusing on “system software”. We would like to gather all developers to share their experience regarding system software and learn from each other, making system software more perfect and complete! | ||||||||||
| Lkl | 41 | 6 years ago | Shell | |||||||
| Linux Kernel Library for speed up | ||||||||||
| Sipodev | 19 | 4 years ago | 3 | C | ||||||
| Patch for the SIPODEV SP1064 touchpad | ||||||||||
| Takao | 14 | 2 years ago | gpl-3.0 | D | ||||||
| A kernel made with love, and lots of D. | ||||||||||
| Linux | 9 | 3 years ago | 1 | other | C | |||||
| PLEASE NOTE: L3CAT/CDP, L2 CAT, CQM, MBM, and MBA are all in upstream kernel already. Please refer to upstream kernel for all future development, test, and usage. This tree will be not maintained for RDT features any more. | ||||||||||
| Tinyos | 8 | 5 years ago | mit | C | ||||||
| A simple operating system on x86 | ||||||||||
| Kittykernel | 6 | 5 years ago | gpl-3.0 | Python | ||||||
| Kittykernel - Maow all your kernel needs | ||||||||||
| Dogs_vs_cats | 5 | 7 years ago | Jupyter Notebook | |||||||
_____ \ ____ ..__ ___
/ | \ / < | |\ / /
/ | \ | ___ | > <
_______ /_| / ____|//_
/ // /
The Black Cat
Copyright (c) fG!, 2011, 2012, 2013, 2014 - [email protected] - http://reverse.put.as All rights reserved.
Introduction
A kernel module for Intel Mac OS X that will provide you with some anti anti-debug protection and other features.
This module will allow you to debug programs which use these tricks without need to patch them (no need to patch lots of anti-debug calls and maybe checksum code). Compatible with all OS X versions since Snow Leopard (older probably supported!). Mavericks introduces kernel extension code signing but this still works if you load it manually.
Features can be enabled or disabled using the control program. By default everything is disabled. This util requires root privileges to run. If you want to run it as normal user you can remove CTL_FLAG_PRIVILEGED from kernel_control.c source file.
This code uses diStorm as its disassembler. Due to licensing differences its files are not included. You can download diStorm from: http://code.google.com/p/distorm/ and include the missing files. The only required change is to define SUPPORT_64BIT_OFFSET. You can do it either at diStorm's config.h file or at Xcode project settings.
Included are small test programs to test the anti-debug tricks, and other features.
The weird name is based on a big black cat named Onyx who is always hiding and running from me :). "I'm gonna hug you and kiss you and love you forever (and never use you up)" Elmyra Fudd.
R.I.P. Onyx 2005 - 03/04/2023.
I hope it's useful for you. It is for me. If you find/know any other gdb anti-debug tricks, please drop me an email with some details so I can add them to the module.
Have fun. fG!
Installation
Copy onyx-the-black-cat.kext to /System/Library/Extensions (sudo cp -rf onyx-the-black-cat.kext /System/Library/Extensions)
and then load the module with kextload (sudo kextload /System/Library/Extensions/onyx-the-black-cat.kext)
Unload module with kextunload (sudo kextunload /System/Library/Extensions/onyx-the-black-cat.kext)
Use the control program to enable/disable features. Everything is disabled by default.
You can check dmesg or /var/log/system.log for debug messages and anti-debug hits.
Known Problems
Still some ugly code :-)