I've written a simple Rust program to learn reverse engineering on with a simple loop that breaks when you enter the "correct" password, this is the program:
use std::io;
fn main() {
println!("Enter password:");
let mut pass = String::new();
loop {
io::stdin()
.read_line(&mut pass)
.expect("Failed to read line");
match pass.as_str().trim() {
"reddit" => break,
_ => println!("Wrong password"),
}
}
println!("You've guessed it!");
}
I've located the code in Ghidra responsible for the jump i.e.:
LAB_100002ce4 XREF[1]: 100002ce0(j)
100002ce4 e8 0f 40 b9 ldr w8,[sp, #local_124]
100002ce8 28 01 00 37 tbnz w8,#0x0,LAB_100002d0c
100002cec 0f 00 00 14 b LAB_100002d28
I looked up the tbnz instruction in ARM64 instruction set manual and and based on that "patched the instruction" in the following way:
tbnz w8,#0x0,LAB_100002d0c --> tbnz w8,#0x1,LAB_100002d0c
The decompiler window showed exactly what I would expect:
if ((uVar1 & 1) != 0) break; --> if ((uVar1 >> 1 & 1) != 0) break;
I exported the binary in two ways:
I've then chmod +x the resulting binaries and try to run them. It gets killed (SIGKILL (9)).
What I've tried:
xattributes and so I checked if they are "quarantined" and they weren't. As a matter of fact they didn't have any xattributes.b labels instead but to no availDid anyone encounter a similar problem and could help? I've attached the changes as well just in case the issue might be two fold.
I've resolved the issue.
For anyone who will encounter a similar problem it's due to an invalid certificate and the binary needs to be signed again.
To do this without an Apple Developer ID you need to:
Open 'Keychain Access' -> (Toolbar) Keychain Access -> Certificate Assistant -> Create a Certificate
And create a code signing certificate.
Then to codesign the binary:
codesign -fs name-of-certificate path/to/binary-to-be-signed