# Reverse Engineering & Security
All posts in the Reverse Engineering & Security category.
Reversing a Continuously Hardened Target: Why Version Adaptation Is Getting Harder
With the same macOS IM client, each upgrade makes reverse engineering more costly. This is a record of the step up from a “hot update” to a “minor version,” and why the old path of purely scanning memory has collectively failed in newer versions: what can be reused across versions is never hardcoded coordinates, but structural invariants and dynamic observation.
Racing Against WeChat Versions: The Adaptation History of a Local Tool
Turning WeChat on macOS into a local interface for AI agents is not hardest the first time it works; the hard part is keeping it alive after WeChat updates again and again. This covers three generations of methods for obtaining the database key, how background message sending changed its routing approach, and why what truly carries across versions is the method for finding things, not any specific address.
From Soft Methods to Hard Patches — A Methodological Review of a macOS Mach-O Reverse Engineering Session
Methodological notes from an 8-hour macOS binary reverse engineering session — why soft methods fail, when you have to switch to hex patching, how Ghidra/lldb/llvm-objdump work together, and how a “killer patch” mindset can be used in offensive and defensive drills. No specific target is disclosed; this only covers methods, tools, and troubleshooting techniques.
Facing AI Audits: How Can You “Legalize” Your Reverse Engineering Project?
Examines a practical approach to handling decompilation projects by combining Claude Code and Gemini CLI, focusing on the challenge of ownership verification and resolving it through an automated sanitization process.
How I Verified the Local Database Unlock Chain in WeChat macOS 4.0.1.52
A retrospective on engineering-focused forensics conducted on my own device. By tracing static files, runtime open paths, and SQLCipher parameters in sequence, I ultimately confirmed that the local database unlock chain in WeChat macOS 4.0.1.52 is based on an account-level key distribution model.
Designing Browser Automation Offense/Defense: Detection Models and a Layered Control Plane
This article abstracts browser automation in highly adversarial environments into a multidimensional risk scoring system, and builds a layered control plane around three core dimensions: consistency, rarity, and temporal distribution.
Designing Attack and Defense Strategies for Cloudflare Turnstile: System Principles and the Control Plane
Reframes the Turnstile risk model from a capability-token perspective, focusing on issuance/consumption semantics, scope binding, and execution integrity, and provides a defense prioritization for high-adversary environments.
Use agent-browser-stealth Instead of agent-browser
For growth and promotion use cases: improve AI browser operability on high-risk-control sites like Amazon, and support reusing a user’s existing browser state.