{"id":16353,"date":"2016-11-12T14:24:15","date_gmt":"2016-11-12T19:24:15","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=16353"},"modified":"2016-11-12T14:24:15","modified_gmt":"2016-11-12T19:24:15","slug":"reversing-apples-syslogd-bug","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2016\/11\/12\/reversing-apples-syslogd-bug\/","title":{"rendered":"Reversing Apple&rsquo;s syslogd Bug"},"content":{"rendered":"<p><a href=\"https:\/\/reverse.put.as\/2016\/01\/22\/reversing-apples-syslogd-bug\/\">fG<\/a> (via <a href=\"https:\/\/news.ycombinator.com\/item?id=10956768\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/reverse.put.as\/2016\/01\/22\/reversing-apples-syslogd-bug\/\"><p>While Apple makes available <a href=\"https:\/\/opensource.apple.com\">the source code<\/a> for many components used in OS X, most of the time there is a significant delay so we need to use binary diffing to find out the differences between the vulnerable and updated binary. The usual tool for this purpose is <a href=\"http:\/\/www.zynamics.com\/bindiff.html\">BinDiff<\/a> but there is also a free alternative called <a href=\"https:\/\/github.com\/joxeankoret\/diaphora\">Diaphora<\/a> made by Joxean Koret. Both tools require IDA and on this post we are going to use Diaphora.<\/p>\n<p>[&#8230;]<\/p>\n<p>The developer of this particular piece of code made a mistake, and the fix can be as simple as adding a set of parenthesis[&#8230;]<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>fG (via Hacker News): While Apple makes available the source code for many components used in OS X, most of the time there is a significant delay so we need to use binary diffing to find out the differences between the vulnerable and updated binary. The usual tool for this purpose is BinDiff but there [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[4],"tags":[131,45,56,30,1199,48],"class_list":["post-16353","post","type-post","status-publish","format-standard","hentry","category-programming-category","tag-bug","tag-c","tag-debugging","tag-mac","tag-mac-os-x-10-11","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/16353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=16353"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/16353\/revisions"}],"predecessor-version":[{"id":16354,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/16353\/revisions\/16354"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=16353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=16353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=16353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}