bdash's Avatar

bdash

@bdash.net.nz

Pinball, pinball, pinball. And some computer security nonsense too.

73 Followers  |  27 Following  |  15 Posts  |  Joined: 16.11.2023  |  1.4727

Latest posts by bdash.net.nz on Bluesky

You looked unstoppable on Star Wars!

28.07.2025 20:53 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image Post image Post image

Details about the new hardened-process entitlements. (bsd/kern/kern_exec.c)

07.05.2025 22:02 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Before: Decompilation of Objective-C code with minimal language-specific analysis

Before: Decompilation of Objective-C code with minimal language-specific analysis

After: Decompiled Objective-C code with language-specific analysis and transformations applied, displayed as pseudo-Objective-C

After: Decompiled Objective-C code with language-specific analysis and transformations applied, displayed as pseudo-Objective-C

Crazy thought… what if your decompiled Objective-C code looked like Objective-C code?

Today's journey: implementing an Objective-C β€œpseudo-language” view for Binary Ninja.

#binaryninja #reverseengineering #objectivec

07.05.2025 23:24 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
GitHub - bdash/bn-objc-extras: Experimental improvements to Objective-C analysis for Binary Ninja Experimental improvements to Objective-C analysis for Binary Ninja - bdash/bn-objc-extras

My plug-in providing this additional analysis is available at github.com/bdash/bn-obj....

05.05.2025 15:22 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Before: decompilation of an Objective-C class initializer showing the results given by Binary Ninja out of the box. Retain / release calls clutter the function and the lifted code that initializes instance variables does not make any sense due to missing type information.

Before: decompilation of an Objective-C class initializer showing the results given by Binary Ninja out of the box. Retain / release calls clutter the function and the lifted code that initializes instance variables does not make any sense due to missing type information.

After: Decompilation of the same function, but with retain / release calls removed and the type of [super init] propagated to the local variable. As a result, access to instance variables are correctly recognized and field names are displayed.

After: Decompilation of the same function, but with retain / release calls removed and the type of [super init] propagated to the local variable. As a result, access to instance variables are correctly recognized and field names are displayed.

Before: decompilation of an Objective-C function showing the results given by Binary Ninja out of the box. Reference counting function calls clutter the code so much that it’s hard to see the actual structure of the code.

Before: decompilation of an Objective-C function showing the results given by Binary Ninja out of the box. Reference counting function calls clutter the code so much that it’s hard to see the actual structure of the code.

After: The same Objective-C function but with reference counting function calls hidden. The structure of the function is clear!

After: The same Objective-C function but with reference counting function calls hidden. The structure of the function is clear!

I've been experimenting with improving Binary Ninja's analysis of Objective-C. By hiding reference counting calls and applying types based on [super init] and objc_alloc_init calls, the structure of the decompiled code becomes clearer.

github.com/bdash/bn-obj...

#binaryninja #reverseengineering

05.05.2025 15:21 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Pinball machine being lifted by a tractor with forks on the front. The backbox has not been folded down. This is not how you should transport a pinball machine. This is my father-in-law doing things his way because that's how he is.

Pinball machine being lifted by a tractor with forks on the front. The backbox has not been folded down. This is not how you should transport a pinball machine. This is my father-in-law doing things his way because that's how he is.

"That sign can't stop me because I can't read" – my father-in-law

07.02.2025 06:46 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

I haven’t looked into what the wire protocol looks like between node boards. The CPU talks with a microcontroller on its carrier board via a serial UART, and that MCU is what talks via the RS-485 bus to the other nodes. The RS-485 bus is where you’d need to tie into to observe those state changes

14.01.2025 08:12 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Other than the usual hell that is getting a working cross-compilation toolchain, most of the work was writing a driver that speaks the node bus protocol and synthesizes virtual keyboard events. This meant Doom could handle input without knowing it was coming from something other than a keyboard.

13.01.2025 03:45 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

My fun hack this week: running Doom II on the Spike 2 platform used in Stern #pinball machines.

The main processor is an ARM Cortex A9 running an ancient version of Linux. Switches, including the flipper buttons, are handled by microcontrollers in the cabinet talking over a proprietary "node bus”.

13.01.2025 03:45 β€” πŸ‘ 8    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Doom II running on an Avengers Infinity Quest pinball machine
YouTube video by bdash Doom II running on an Avengers Infinity Quest pinball machine

Pinball got you down? Why not play 1994’s hit video game DOOM II… on your pinball machine!

www.youtube.com/shorts/Nf8uI...

#pinball #sternpinball

13.01.2025 03:36 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 1
Preview
Meet the man keeping hope, and 70-year-old pinball machines, alive Steve Young’s passion built a business that keeps historic tables running.

Cool article! arstechnica.com/gaming/2025/...

06.01.2025 15:32 β€” πŸ‘ 10    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
DUNGEONS & DRAGONS The Tyrant's Eye Pinball Presented by Stern Pinball
YouTube video by Stern Pinball DUNGEONS & DRAGONS The Tyrant's Eye Pinball Presented by Stern Pinball

Happy new Stern Pinball reveal day to all who celebrate!

Dungeons and Dragons: Tyrant's Eye, featuring a gelatinous cube, animatronic dragon, and saved campaign progress. Looks interesting from the software / rules side of things.

www.youtube.com/watch?v=-Lsz...

#pinball #dnd

03.01.2025 17:17 β€” πŸ‘ 9    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Panoramic photograph of the main tournament area at Pincinnati 2024

Panoramic photograph of the main tournament area at Pincinnati 2024

06.12.2024 05:22 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Main tournament area at Pincinnati is looking good for tomorrow. A fun mix of games from all eras, including the traditional whacky Gottlieb's like Diamond Lady and Bad Girls.

Not in photo: Cheetah and most of Big Game. Panorama mode wasn't interested in those ones πŸ€·πŸΌβ€β™‚οΈ

#pinball #pincinnati

06.12.2024 05:21 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
SDTMpinball - Twitch Welcome to SDTM pinball! Just a group of guys streaming pinball for you and throwing in a little shenanigans. Check our pinball show on YouTube for exclusives, machine reviews, top 10 lists, collector...

Yes, at www.twitch.tv/sdtmpinball starting tomorrow afternoon

06.12.2024 05:16 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Flew into Cincinnati today. Getting hyped for Pincinnati and its tournaments coming up this weekend! #pinball #pincinnati

05.12.2024 03:28 β€” πŸ‘ 7    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0
TCC and the macOS Platform Sandbox Policy // Mark Rowe How some macOS privacy prompts are triggered from within the kernel via sandbox policies

New blog post time! I dug into an overlooked part of how TCC works on macOS: how the platform sandbox policy triggers TCC prompts from within the kernel. The post looks at the sandbox features behind this and provides examples of some of the responsible policies.

bdash.net.nz/posts/tcc-an...

02.12.2024 04:29 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

@bdash.net.nz is following 19 prominent accounts