Wednesday, February 15, 2017

Reverse Engineering Stickies.app

Alex Denisov:

The task becomes easy since the six colors are hardcoded in the binary. I just need to find where exactly and change the values to ones I like more.

[…]

What is important here: three consecutive values starting at 0x10000c790 moved to xmm_ registers. I’m not 100% sure, but I’d assume that they are used to pass parameters into colorWithDeviceRed:green:blue:alpha:.

[…]

Now I know where the colors reside in code. I need to find them in the binary. The address of a first color component is 0x10000c790. To find its on-disk address I need to subtract a base address from it. The base address can be obtained via LLDB as well.

[…]

Now I can use xxd with -s (--seek) and -l (--length) parameters to get exactly 8 bytes at a given address.

Comments RSS · Twitter

Leave a Comment