分类 MAC 下的文章

antidebugging

#import <UIKit/UIKit.h>
#import "AppDelegate.h"

// For debugger_ptrace. Ref: https://www.theiphonewiki.com/wiki/Bugging_Debuggers
#import <dlfcn.h>
#import <sys/types.h>

// For debugger_sysctl
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/sysctl.h>
#include <stdlib.h>

// For ioctl
#include <termios.h>
#include <sys/ioctl.h>

// For task_get_exception_ports
#include <mach/task.h>
#include <mach/mach_init.h>

typedef int (*ptrace_ptr_t)(int _request, pid_t _pid, caddr_t _addr, int _data);

#if !defined(PT_DENY_ATTACH)
#define PT_DENY_ATTACH 31
#endif // !defined(PT_DENY_ATTACH)

/*!
@brief This is the basic ptrace functionality.
@link http://www.coredump.gr/articles/ios-anti-debugging-protections-part-1/
/
void debugger_ptrace()
{
void
handle = dlopen(0, RTLD_GLOBAL | RTLD_NOW);
ptrace_ptr_t ptrace_ptr = dlsym(handle, "ptrace");
ptrace_ptr(PT_DENY_ATTACH, 0, 0, 0);
dlclose(handle);
}

- 阅读剩余部分 -

How to Disable System Integrity Protection (rootless) in Mac OS X

Enable or Disable System Integrity Protection Rootless in Mac OS X

Apple has enabled a new default security oriented featured called System Integrity Protection, often called rootless, in Mac OS from versions 10.11 onward. The rootless feature is aimed at preventing Mac OS X compromise by malicious code, whether intentionally or accidentally, and essentially what SIP does is lock down specific system level locations in the file system while simultaneously preventing certain processes from attaching to system-level processes.

While the System Integrity Protection security feature is effective and the vast majority of Mac users should leave rootless enabled, some advanced Mac users may find rootless to be overly protective. Thus, if you’re in the group of advanced Mac users who do not want SIP rootless enabled on their OS X installation, we’ll show you how to turn this security feature off.

- 阅读剩余部分 -

优化你的osx

移出osx多余的语言,本机不支持的二进制,
https://ingmarstein.github.io/Monolingual/
其它优化设置
http://www.bresink.com/osx/0TinkerTool/download.php

Create Apache crt & key

When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days we prefer. As it stands this certificate will expire after one year.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout apache.key -out apache.crt

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:NYC
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc
Organizational Unit Name (eg, section) []:Dept of Merriment
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:webmaster@awesomeinc.com