I'm trying to disassemble Dock.app on macOS Sierra, and IDA is giving me this error message:
What does this mean?
Asked
Active
Viewed 650 times
2 Answers
5
If you look in macho.cfg you find:
// Key used to decrypt apple-protected binaries.
// Due to copyright reasons we cannot publish the key,
// but we can give you clues...
// http://www.takwing.idv.hk/tech/virtual/faq/no_more_fakesmc.html
SMC_DEVICE_KEY = "";
The link mentioned no longer works, but there are many other places on the internet where the key can be found.
tbodt
- 223
- 1
- 7
4
Here you have more details about Apple Binary Protection: Creating undetected malware for OS X
Setting SMC_DEVICE_KEY value in ~/.idapro/macho.cfg works fine.
Hopper Disassembler out of the box can decrypt those binaries too.
At last, you can also run deprotect from class-dump to decrypt those binaries (__TEXT,__text) section.
Ninja Inc
- 161
- 2