Post Category Tech hacks

Executable code protection and obfuscation in MacOS

If you, like me, want to distribute a binary executable program for macOS and introduce at least a minimal level of protection—such as hiding text and literals in the binary or obfuscating the code—you may notice that, as of now (end of 2024), few tools are available for this purpose. Unlike Windows, which has numerous EXE protection software options, macOS developers often find themselves at a disadvantage due to the lack of such tools.

This information may be helpful if you are developing in C or C++ and compiling your program using GCC or Clang.

I found “Hikari”, a custom Clang toolchain: https://github.com/HikariObfuscator/Hikari

Although its page says that it is already deprecated as of 2024, it is still usable and has at least a few actively maintained forks.

Hikari is a modified version of LLVM that incorporates several advanced obfuscation techniques to protect software from reverse engineering. Obfuscation in Hikari essentially transforms the code so that it is functionally the same but is much harder for a reverse engineer to analyze and understand. Here’s an overview of the main concepts and techniques involved in Hikari obfuscation:

1. Purpose of Obfuscation

Obfuscation aims to protect intellectual property, software algorithms, and proprietary logic from being extracted or understood through reverse engineering. By making the code harder to read or follow, obfuscation raises the difficulty of tasks like decompiling, debugging, or reconstructing code logic. It can increase the time, resources, and expertise needed to analyze a binary, deterring attackers or making reverse engineering … >>> Click to read the full post...

Signing your executable using a Code Signing certificate

If you, like me, ever need to sign your executable tool or document using a code signing certificate, this guide may be helpful. In this post, I will tell you how to sign your executable using Certum’s SimplySign.

When searching for code signing certificate providers, one of the options is Certum. They offer some of the most affordable certificates (although still expensive). I needed to sign my freeware tool, AFT SonicDecloner, to distribute it to users and prevent it from triggering Windows notifications like “unverified program” or being flagged by antivirus software.

Certum provides a way to sign applications without any hardware tokens or readers. Instead, they offer a desktop tool called SimplySign, which you can install on Windows. It acts like a hardware reader, making your certificate available in Windows.

Here is the procedure:

1. Purchase a Code Signing Certificate

First, you need to register with Certum and purchase one of their Cloud Code Signing certificates—either regular or EV (Extended Validation). EV implies extended verification and is the most expensive option. The EV certificate cost me €379 for one year (as of the end of 2024).

2. Complete Identity Verification

Once purchased, you will need to go through an identity verification process, during which you will be requested to present various documents proving your identity. You will also need to pass a live presence test—an automated procedure using a webcam. The entire process takes about one week.

3. Activate Your Certificate

After your certificate is … >>> Click to read the full post...

AFT SonicDeCloner FREE — The Ultimate Acoustic De-Duplication Solution

I am thrilled to introduce AFT SonicDeCloner, a free tool by AudioWatermarking.com for acoustic audio de-duplication. AFT SonicDeCloner is built to recognize acoustically similar audio files, or “clones,” across various formats by using advanced, patented acoustic fingerprinting technology. Unlike traditional file comparison methods, this tool listens to audio files just like the human ear, identifying duplicates originating from the same performance or recording, regardless of file compression or format.

Key Features:

  • Human-like Acoustic Detection: Matches audio based on sound content, not just byte data, id3 tags or meta information.
  • Format-Agnostic: Compatible with all major audio formats.
  • Robust Performance: Detects duplicates even in altered versions, including pitch shifts or distortions.
  • ABSOLUTELY FREE for Non-Commercial Use: Ideal for personal audio management.
  • Cross-Platform Compatibility: Works on Windows, Mac OS, and Linux.
  • Standalone and Offline: Does not require installation and performs without internet connectivity.

Who It’s For: Designed for audiophiles, DJs, sound engineers, and music enthusiasts, AFT SonicDeCloner helps manage audio collections, removing unnecessary duplicates for a more organized, streamlined library. If you value the quality and organization of your audio collection, AFT SonicDeCloner is the ultimate solution to help you achieve a clean, efficient, and enjoyable music library.

Download AFT SonicDeCloner today at www.AudioWatermarking.com/sonicdecloner and experience acoustic de-duplication that brings clarity to your collection.… >>> Click to read the full post...

Permanently disabling Windows Defender “real-time protection” in Windows 11

If you, like me, do not want your Windows 11 computer’s CPU resources spent on antivirus processes and wish to disable Windows Defender completely, you may have found various methods to disable its components via Group Policy (gpedit.msc) and the Windows Registry (regedit.exe). However, starting from version 23H2, Windows will “self-heal” and restore any such settings upon restart. This can be frustrating, and I disagree with Microsoft deciding what my computer does on my behalf.

Here is how to permanently disable the real-time antivirus protection in Windows 11:

Create a folder on your disk:
For example, C:\Scripts.

Create a new PowerShell script file:
Open Notepad or any text editor.
Save the file as turn-off-rt-protection.ps1 in the C:\Scripts folder.

Add the following line to the script:
Set-MpPreference -DisableRealtimeMonitoring $true

Configure the script to run at startup using Task Scheduler:
Open Task Scheduler (you can search for it in the Start menu).
Click on “Create Task” in the right-hand Actions pane.

General Tab:
Name: Enter a name for the task (e.g., “Disable Real-Time Protection”).
Security options: Check “Run with highest privileges”.

Triggers Tab:
Click “New…” to create a new trigger.
Begin the task: Select “At log on”.
Settings: Choose “Any user” or specify a user.
Check “Delay task for:” and set it to 1 minute.
Click “OK”.

Actions Tab:
Click “New…” to create a new action.
Action: Select “Start a program”.
Program/script: Enter powershell.exe.
Add arguments: Enter -ExecutionPolicy Bypass -File "C:\Scripts\turn-off-rt-protection.ps1">>> Click to read the full post...

Avoid charges for AWS Elastic IP’s — How to automatically update the IP address of a DNS record of a domain defined in Amazon Route53 from an EC2 instance

Your EC2 instance is assigned a fixed public IP from a list of Elastic IPs. But Amazon charges a considerable amount of money for the Elastic IP. Is there a way to automatically update the IP address of a DNS record defined in Amazon Route53 from the EC2 instance? Yes, there is, and it’s not hard. You can write a “bootstrap” script that is executed when the instance is started. The script will update the public DNS record according to the public IP of the instance.

1. Allow EC2 changing Route53 records

Detailed instructions for creating an IAM role

Log into your AWS management console.

Proceed to AIM (“Identity and Access Management”). Click on Roles. Click on Create role.

Select AWS service as the trusted entity type.

Select EC2 for the Use Case, then select EC2 (“Allows EC2 instances to call AWS services on your behalf”)

In the Permission policies, select AmazonRoute53FullAccess.

Click on Next: Tags (optional step, you can add tags to organize and manage your role).

Click on Next: Review.

Name your role. Choose a name that makes sense for its purpose, like EC2Route53UpdateRole.

(Optional) Add a description that explains the role’s purpose, like “Allows EC2 instances to update Route 53 DNS records.”

Review your choices and click on Create role.

Finalize and use the Role

After creating the role, you need to attach it to your EC2 instance:

  • Go back to the EC2 dashboard.
  • Select your instance.
  • Choose
>>> Click to read the full post...

Make MacOS running faster in VMWare

Here is how you can accelerate MacOS running in VMWare virtual machine in Windows 10/11.

The key performance factor: MacOS VM must run with “Virtualize Intel VT-x/EPT or AMD-V/RVI” enabled, otherwise it will run slowly.

You may not be able to enable this checkbox if your processor does not support virtualization. You need to consult with your CPU documentation to figure that out. For example, for Intel i7-10700K, we can see that the virtualization is supported:

If your CPU supports virtualization, you still may experience the following error message when enabling the needed feature in VMWare:

If it happens, do the following:

Reboot, go to BIOS and make sure that:

  • Intel Virtualization is enabled
  • Intel VT-d is enabled

Boot into Windows.

Under Start, search for “Core isolation”, and turn it off:

Under Start, search for “Turn Windows features on and off”, and then:

  • disable “Hyper-V”
  • disable “Virtual Machine Platform”

Reboot.

Go to ‘cmd’, and run the following command: systeminfo

At the very end of the report, if you see this:

then you are good to go.

However, if you see this:

then run ‘cmd’ as administrator, and run the following command:

bcdedit /set hypervisorlaunchtype off

Reboot.

Once done, make sure that the virtualization under ‘systeminfo‘ is reported as:

>>> Click to read the full post...