1. CryptedHelloWorld: App with encrypted mach-o sections

    In a previous post ( constructor and destructor attributes ), I described the constructor attribute and mentioned software protection as a possible use case: A constructor attribute could be used to implement a software protection. You could encrypt your executable with a custom encryption and use a constructor function to decrypt the binary just before it is loaded. In this post I describe such a protection with an example.
    [Read More]
  2. Blowfish operations with key size longer than 448 bits in macOS 10.11.5 / iOS 9.3.2

    Until macOS 10.11.4 and iOS 9.3.1 CommonCrypto/corecrypto supported Blowfish operations with key sizes longer than 448 bits. Starting with macOS 10.11.5 and iOS 9.3.2 this is no longer the case: the minimum and maximum key sizes are now enforced (respectively kCCKeySizeMinBlowfish 8 bytes and kCCKeySizeMaxBlowfish 56 bytes).
    [Read More]