This article introduces the reader to some easy injection that can be used to hijack the runtime of a Mach-O binary. Some techniques can be easy to perform, some are posible due to 3rd party toolings, and some are based on theory.
Fairplay encryption created by Apple to protect digial possession rights. Implemented with a custom chip set for encryption and decryption with a hardcoded key. It is still unknown how to extract the key from the hardware.
Dynamic symbols in Mach-O binary are stored in a form of bytecode and exported symbols are encoded as a prefix-trie. For dynamic symbols, Mach-O also has a stud binding to resolve symbols, which is the same as __got and __plt section on ELF binaries.
Mach-O is a binary format used by Apple for its systems. The binary format contains assembled bytes, data and other information. Structured by a list of load commands, where each load command hold the neccessary pointers to the contents.
The following posts will introduce you to the binary format used by Apple, Mach-O. We first learn the basic format (1), then diving deeper into the import and export tables, and how the loader (dyld) binds these symbols (2).