> We use IDA for convenience in this article, although we must be especially careful when importing the binary into other tools (we will explain why at the end of the article)
Forgive me if I missed this being explained - I was curious what the reasoning for this was and I didn't see it! Could you elaborate? :)
Ops! Forgot to write about it (otherwise it would be so long). I did not mention the tools, but I was mainly referring to Hopper Decompiler/Disassembler (definitely no no for me). Altough it seemed the natural choice for reverse engineering macOS applications and daemons, it failed disastrousely on reverse engineering fairplayd. This is where obfuscation is really good at: feeling pain. Hopper tried to disassemblate the binary but still no luck (there was an error due to some bogus instructions referred by a dead branch). I'm seeing improvements for Hopper release by release, but there were some regressions that I noticed..
I tried to import it into Ghidra and it missed some informations during the pass of stack analysis. At the end it was a mess result to read, so I ended it up with IDA (free because I'm a student). Binary ninja also needs some license, I'm trying to afford it.
Ghidra was somehow usable, I got several crashes with Hopper. One question for more expert people than me: does Hopper employ any telemetry inside its demo version? Some issues I discovered were fixed in two days and I did not report them.
Forgive me if I missed this being explained - I was curious what the reasoning for this was and I didn't see it! Could you elaborate? :)