Reverse enginering a Linux based USB camera
arm,reverse-engineering,embedded-linux,u-boot,buildroot
First of all, you do not want to replace U-Boot as this may render your device unbootable. On the U-Boot console, check if you can boot from the SD card mmc rescan 0; fatload mmc 0 ${loadaddr} uImage or from the network dhcp ${loadaddr} ${serverip}:uImage. You'll need to look for...
What kind of C++ code would generate this x86 assembly instruction?
c++,assembly,x86,reverse-engineering
Not sure where the data_ prefix comes from, but the ? is the standard marker of decorated (mangled) names and you can use the undname tool to decipher them: >undname [email protected]@@[email protected] Microsoft (R) C++ Name Undecorator Copyright (C) Microsoft Corporation. All rights reserved. Undecoration of :- "[email protected]@@[email protected]" is :- "const...
gdb:How to print value at memory address in ASM
assembly,x86,gdb,reverse-engineering
The $1 there is an immediate value, it's just the number 1. It's not an address. It's checking the return value of sscanf, that is the number of items processed. The converted values are of course placed in memory at the pointers that have been passed to sscanf as arguments....
Call non-exported method from static library
objective-c,c,static-libraries,reverse-engineering
First of all: Why do you need that? Obviously the author of that framework did not see any need for this and things can break, if a method is executed directly. However: Write a category on the receiver with that method and just do it. Objective-C binds dynamically, so this...
Decompile an imported module (e.g. with uncompyle2)
You are going wrong with your initial assumption: As I cannot access the archive, my idea was to import the module and have it decompiled with uncompyle2. Uncompiling an already loaded module is unfortunately not possible. A loaded Python module is not a mirror of the on-disk representation of a...
How to use proguard in cordova android App
android,cordova,apk,proguard,reverse-engineering
You need to uncomment below lines from your project.properties file To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home): proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt Also, if you are using Webview with JS, uncomment following lines in proguard-project.txt and specify the fully qualified class name to the JavaScript interface...
Reverse engineering a Docker deployment on private cloud
If user has root, or he able to use his custom kernel (or even kernel modules), he can do anything - dump memory, stop process, attach debugger - to start reverse engineering. If user has access to hardware, he also can get root or custom kernel. The only way to...
Beginner Software RE help, RAM Addresses, library loading, where to start?
unix,reverse-engineering,code-injection,ram,dylib
Before you get started with reverse engeneering you'll need more than a theoretical knowledge of the C language. Forget C++ for now, C is simpler and it's so low level that once you master it you'll understand how programs work under the hood. Get you a copy of The C...
Unclear behavior DOS application's function
dos,reverse-engineering,pascal,ida,disassembler
As i can recognize, this function encode file content, by xoring with 0CDh constant, and then write it to buffer in memory.
How do you go about knowing what is happening in a JIT'ed code?
debugging,firefox,reverse-engineering,jit,disassembling
or something else is wrong with my understanding Yes: something else is wrong with your understanding. Sections (such as .text and .data) only make sense at static link time (the static linker groups .text from multiple .o files together into a single .text in the final executable). They are...
Is it possible to reverse a bitshift and addition
java,reverse-engineering,bit-shift
You can reverse it with : X = (config >> 6) & 0b11 Y = config & 0b11111; & 0b11 and & 0b11111 are bitwise operations. They respectively gives you the last 2 bits and the last 5 bits of the number they are apply on. What about arbitrary lengths...
How to break code on a click event?
windows,reverse-engineering,ida
IDA PRO is used mostly as disassembler, for static analysis purposes. I'd suggest you to use Ollydbg (or some other debugger, if you want to) because it will suit better to debugging purposes. I don't know if you can set a breakpoint on an API like that. But you can...
Bypassing Windows ASLR by determining the library address using shared pages
windows,security,reverse-engineering,exploit,aslr
You are correct, ASLR is little defense against a local attacker. It is primarily designed to thwart hard-coded addresses in remote exploits. Edit: Some details in my previous answer were incorrect, though the point above still stands. An ASLR-enabled DLL's base address is actually a function of both: (1) a...
What is the algorithm to calculate some values padding?
file,structure,padding,reverse-engineering
It seems to me that the number of 00 padding bytes should be calculated like follows: padding(num_bytes)=ceil(num_bytes/32)*32-num_bytes then we get for first case padding(2*36) = 24 24 additional padding bytes (and 96 in total) and for second case padding(36) = 28 28 additional padding bytes (and 64 in total)....
Output 64 bit integer with hexdump
c++,binary,64bit,reverse-engineering,hexdump
Our final workaround reads as follows: x=`hexdump -n 8 -e '2/4 "%08X " "\n"' {FILENAME} | awk 'BEGIN{printf "0x"}{print $2$1}'` echo $(($x)) Explaination for each part: Extract the eight bytes of the 64-bit integer value from file {FILENAME} as two four byte chunks printed as hexadecimal encoded values. hexdump -n...
Reverse engineering with custom ReverseEgineeringStrategy
maven,reverse-engineering,hibernate-tools
I have tried hibernate3-maven-plugin version 3.0 <groupId>org.codehaus.mojo</groupId> <artifactId>hibernate3-maven-plugin</artifactId> <version>3.0</version> Unfortunately I had errors and I didn't succeeded to make it work (messages of exceptions didn't help me a lot neither). So I tried the version 2.2 and it works perfectly, here my pom.xml <build> <plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>hibernate3-maven-plugin</artifactId>...
UML tool for reverse engineering a Java Project [closed]
java,eclipse,eclipse-plugin,uml,reverse-engineering
StarUML is a good open source tool, I think it have what you desire.
Inflate layout in Xposed module
I fund out it works. I realy had to create a context object for my application. For everyone how is looking for that here is the code with which you can do this: Context context = (Context) XposedHelpers.getObjectField(object, "mContext"); context = context.createPackageContext(packageName, Context.CONTEXT_IGNORE_SECURITY); ...
olly debugger cannot find referenced text
c++,reverse-engineering,ollydbg
Well, I tried and it worked for me: I compiled the code with onlinecompiler.net, which use mingw as far as I know. Here is the link to the executable. It may be a problem with your compiler, but neither gcc/mingw nor cl.exe are modifying hardcoded strings at compile time. Also,...
Can't reproduce working C bitwise encoding function in Python
python,security,python-2.7,encoding,reverse-engineering
This line of C: unsigned long entropy = *((unsigned long *)buf + 2); should translate to entropy = unpack('I', buf[8:12]) because buf is cast to an unsigned long first before adding 2 to the address, which adds the size of 2 unsigned longs to it, not 2 bytes (assuming an...
How to modify OpenFire default password encryption algorithm?
php,xmpp,reverse-engineering,openfire,smack
change the system properties to store plain password in openfire server and encrypt the password(as per your need) before sending the password. To change the system property: Go to Server->Server Manager->System Properties Edit the property user.usePlainPassword and give the property value as true. ...
XOR instruction not working as thought (Intel 8086)
memory,assembly,reverse-engineering,intel,xor
The numbers displayed are all in hex and you have forgotten to use proper endianness. If the user input was ascii 1234 that means the memory contains the bytes 31 32 33 34. Since x86 is little endian, the operand 1234567 is byte sequence 67 45 23 01. Performing the...
Following struct pointers
c,assembly,reverse-engineering,ollydbg
how do I follow the pointers in memory to see the data in memory? I think you should be able to just right-click on the pointer and choose "Follow in Dump". Then you can choose 4-byte layout in the dump and again follow the buf pointer via the same...
Why CLR change meaning of my code?
.net,vb.net,clr,reverse-engineering,cil
Because your original code is incorrect. It should be If ErrorCode = ProcessErrors.NONE OrElse ErrorCode = ProcessErrors.SUBSCRIBER_BUSY_FOR_MT_SMS Then ^^^^^^^^^^^^ You can't use OrElse to test if some value (ErrorCode) is one of two other values....
Editing this Qt program (C++) I think [closed]
On the image you posted, the directory is a Qt build directory, not a source directory. The folder you showed contains some source files automatically generated by Qt, some compiled .o files and a linked binary, but not the original source code. If the authors didn't publish the original C++...
Reverse Engineering: changing AL register without overwriting instructions
debugging,assembly,executable,reverse-engineering,x86-64
You want to replace MOV [0x000000044AB9DA15],AL which is encoded as 88042515DAB94A (7 bytes) with MOV BYTE PTR [0x000000044AB9DA15],1 which is encoded as C6042515DAB94A01 (one byte longer). Try to use RIP-relative encoding. First calculate the difference between the target pointer and the offset of following instruction ($+instruction_size). If it is less...
How to decode a PDF stream?
pdf,adobe,reverse-engineering,malware,exploit
"Two xref tables and two %%EOF"? This alone is not an indication of a malicious PDF file. There can by two or even more instances of each, if the file was generated via the "incremental update" feature. (Each digitally signed PDF file is like that, and each file which...
How to figure out what a .class file does?
java,linux,postgresql,tomcat,reverse-engineering
Use a decompiler like JD and send the .class or the .jar file you want/need to decompile. But note that you probably won't get the real exact code that generated those files, only a very similar representation of them.
C struct to complete assembly code for function
c,assembly,struct,reverse-engineering
In 32-bit mode, a pointer is 4 bytes, and typically aligned on a 4-byte boundary. So n + 12 is actually loading & n.next to %eax. e.g., if y is an unsigned short, there are 2 bytes of padding in the structure before next. movl 16(%eax),%eax is dereferencing with a...
Find where 32-bit ELF Linux binary ends, and padding begins?
linux,format,executable,reverse-engineering,elf
Maybe you could get the position of the section header table and time it with the amount of entries and the entry size? Not entirely sure but that's my best bet.
X64 Disassemblers IDA and WINDBG. IDA doesnt show x64 opcodes
reverse-engineering,windbg,disassembling,ida
You have disassembled the 32-bit Notepad in IDA. Did you open notepad.exe from system32? In that case IDA got the 32-bit version (since it's a 32-bit executable and so is subject to WoW64 filesystem redirection). The easiest way to "fix" this is to copy the file out of the system32...
DotPeek not proper deserialize dll
c#,.net,reverse-engineering,decompiling,dotpeek
Firstly you're breaking the licence agreement by trying to reverse engineer their code. f. Disassembly. You may not reverse engineer, decompile, disassemble or in any other way try to gain access to information regarding the construction of THE PRODUCT. This is because .NET allows for a whole lot more than...
reverse engineering for FosUser Bundle
I got a similiar task to do for a couple of days, you just need to extend the FOSUserBundle User Entity with your UserEntity where you're going to add all the Columns you need that the BaseUser doesn't provide. use FOS\UserBundle\Model\User as BaseUser; /** * user * * @ORM\Table(name="user") *...
How do I bypass IsDebuggerPresent this execute?
encryption,reverse-engineering,ollydbg
You should open the file in a dissembler, find where it makes the call to IsDebuggerPresent and then ultimately closes the application (or shows an error or what ever), this piece of code you can NOP in order to disable the check. You can read the ASM code with dissemblers...
Stuck on reversing TripleDES in .NET
.net,cryptography,reverse-engineering,tripledes
Sorry, not fluent with VB. In C# encryption code could look like this: byte[] serial = { 2, 0x4e, 160, 0xc5, 0xfd, 0xe0, 0x99, 0xf6, 0x9d, 0xad, 0x7a, 0x2f, 0x16, 11, 0xa2, 0xa7, 220, 0x23, 0x9f, 0x3f, 230, 40, 0xc4, 0x5d, 0x36, 0x76, 0x88, 0xc3, 0x86, 230, 0x72, 0xd7, 0x5e,...
Reverse Engineering - Find Missing Values
variables,actionscript,reverse-engineering
Your attempt to solve the puzzle seems to have off-by-one errors. I defined a JavaScript function that should be semantically equivalent to ActionScript's substring function (I based it on the documentation I found here): var substring = function(str, a, b) { var len = Math.abs(b - a); return str.substring(Math.min(a, len),...
Imprecision of ASM jump instructions observed in debugger
assembly,x86,reverse-engineering,machine-code,ollydbg
Jump (or any instruction) is executed after the instruction is read and IP is incremented by the instruction's size (2 bytes) so the jump is relative to 2005FE38.
C loop code from assembly
c,for-loop,assembly,reverse-engineering
In pseudo-code, this is: // ecx <- int *a; edx <- int val; eax <- int n; n = n - 1; if (n < 0) goto end; loop: if (a[n] != val) goto end; n = n - 1; if (n >= 0) goto loop; end: return; // return...
Determining the country of origin for an exe/dll file
windows,security,reverse-engineering,pe,malware-detection
There are no fields or metadata within the PE/COFF format which gives away any indication of a program's country of origin. The PE specification is available here: http://msdn.microsoft.com/en-us/windows/hardware/gg463119.aspx - it does contain a timestamp field which should be set by the compiler, but this is easily forged. I understand (though...
count number of api calls from classes.dex
android,reverse-engineering,dalvik
There's no way to tell how many times an API call is made by just parsing the code. For example, how many times is foo() called?: public static void bar(int x) { for ( int i = 0; i < x; i++ ) { foo(); } } If you just...
Reverse engineer assembly code to c code
c,assembly,reverse-engineering,x86-64,conditional-statements
Don't overthink it. Just gradually replace the assembly with C. Here is a possible sequence of transformations. .LFBO pushq %rbp movq %rsp,%rbp movl %edi,-4(%rbp) movl %esi,-8(%rbp) movl -4(%rbp),%eax compl -8(%rbp),%eax jg .L2 movl -8(%rbp),%eax jmp .L3 .L2: movl -4(%rbp),%eax .L3: popq %rbp ret ---- int LFBO (int edi, int esi)...
NetBeans Hibernate reverse engineering data types mismatch
java,sql-server,hibernate,netbeans,reverse-engineering
I finally found the way to solve this problem. It looks like the hibernate data types should be forced in some cases (I'm not sure and what does it depend on...), and in my case all string and/or text columns coming from SQL Server should be forced to java.lang.String, by...
Bomb lab assembly explanation
assembly,x86,gdb,reverse-engineering
That's basically doing: int array[6]; // at ebp-0x20 int *ebx = &array[2]; // lea -0x18(%ebp),%ebx int *esi = &array[6]; // lea -0x8(%ebp),%esi do { int eax = *(ebx - 1); // mov -0x4(%ebx),%eax eax += *(ebx - 2); // add -0x8(%ebx),%eax if (eax != *ebx) // cmp %eax,(%ebx) explode_bomb(); ebx++;...
lldb read memory pointer
memory,reverse-engineering,lldb
Thanks to @MarkPlotnick this works, mem read '*(int **)$r1' If you need to read a mem address at a certain offset, the following can be done, mem read '*(int **)($r1+4)' Tried and tested against Xcode debugging against ARMv7 and ARM64...
How to do to have a generic Entity for SQL audit tables with JPA or Hibernate?
generics,jpa,entity,reverse-engineering,generic-programming
I found that: AuditReader.getAuditReader().createQuery().forRevisionsOfEntity(EntityClass.class, false, true).getResultList(); to get All data of an Entity X in the Audit Table...
Can a JavaScript method be called with <>: <>?
javascript,methods,reverse-engineering
That is a label, which is used as a target for break and continue statements. It is unrelated to the function argument with the same name. ...
How is following HTTP url string parameter encoded and decoded? &=& vs &&
reverse-engineering,url-encoding
A java.lang.ArrayOutOfBoundsException caused by the Java backend of the page. This exception occurs when a java application is trying to access an element in a Java Array that does not exist. How and why exactly this occurs or how the url parameters are processed is impossible to say without having...
Count function calls in an exectuable without symbol table
assembly,reverse-engineering,instrumentation,intel-pin
I was able to achieve my goal by using frida (http://www.frida.re). Very cool and powerful tool!
can you debug 64bit target apps with Ollydbg 1.1?
debugging,reverse-engineering,ollydbg
OllyDbg currently does not support debugging 64 bit apps, however the developer stated to start the development of a 64 bit version as soon as his free times allows him. For a 64 bit debugger, take a look at WinDBG.
Obfuscation of variable and function names in C++ to prevent basic reverse engineering
c++,assembly,g++,obfuscation,reverse-engineering
Obfuscation will only help for the source code. The executable, with no debugging information, does not contain variable names or function names. The process of reverse engineering would involve: Converting the executable to assembly language code. Converting the assembly code to a high level language code. Making sense of the...
How can I recreate this curl command in php?
Set your headers without any quotes around the keys value: curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Authorization:Token someToken', 'deviceId:someID', // ... all the other headers )); Instead of: curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Authorization:"Token someToken"', 'deviceId:"someID"', // ... all the other headers )); If you use POSTFIELDS with a string body, you need to urlencode...
Understanding small asm code with a strange constant
assembly,64bit,reverse-engineering,nasm,yasm
I'm not sure what "enhance" is supposed to mean, but assuming the upper half of rax is zero, it sign-extends eax into rax. First, observe that adding 0x80000000 and then xoring with 0x80000000 would do exactly nothing to eax. They both invert the highest bit, and an even number of...
Unknown CRC Calculation
reverse-engineering,checksum,crc,crc16
Here you go, in C: #include <stddef.h> unsigned crc16old(unsigned crc, unsigned char *buf, size_t len) { int k; if (buf == NULL) return 0xffff; while (len--) { crc ^= *buf++; for (k = 0; k < 8; k++) crc = crc & 1 ? (crc >> 1) ^ 0x8408 :...
What is the timestamp in a c++ exe (IDL to TLB file using MIDL)
As a reverse engineer, I wouldn't trust any "build date" type literal strings that you would find in the disassembly. What you want is the TimeDateStamp from EXE header (PE Header). If you go to http://msdn.microsoft.com/en-us/library/ms809762.aspx you can see a good guide on what information is located in this header....
Why these “exported” variables are double-defined?
c,binary,reverse-engineering,x86-64,elf
They are stripped in the output. Use -W [[email protected] osboxes]# readelf -sW /usr/sbin/httpd | grep get_open 540: 000000000027bfc8 8 OBJECT GLOBAL DEFAULT 24 ap_hack_ap_hook_get_open_htaccess 1039: 000000000027c040 8 OBJECT GLOBAL DEFAULT 24 ap_hack_ap_hook_get_open_logs 1072: 000000000003ffb0 8 FUNC GLOBAL DEFAULT 13 ap_hook_get_open_logs 1451: 00000000000404d0 8 FUNC GLOBAL DEFAULT 13 ap_hook_get_open_htaccess ...
Low Level Bluetooth Packet Analysis
ios,sockets,networking,bluetooth,reverse-engineering
The best way to get started analyzing the data is finding out where the actual data starts and where it ends. Disclaimer: I have zero experience with Bluetooth but let's give it a try. You have two type of captured packets: Empty PDU (some form of signaling?) and ATT. Searching...
How to understand the output of objdump, about indirect jmp?
linux,kernel,reverse-engineering,x86-64,disassembling
decoding issue Than you have to look at Intel Development Manuals ff is JMP opcode (Jump near, absolute indirect) [1] 24 is a ModR/M byte [2] which means that SIB byte goes after it (JMP opcode has only one operand, so register field is ignored) d5 is a SIB...
Extracting date and time from a binary data string using
python,datetime,struct,reverse-engineering
If you take the 8 bytes immediately before one of the double, and consider it as an integer (low-endian, like the double), then you get the following numbers: 635040567715583464 635040567741183464 635040567766783464 If you divide these numbers by 10**7, then you get the date as a number of seconds (and fractional...
Injecting only function and running it through CreateRemoteThread? c++
windows,winapi,assembly,x86,reverse-engineering
Hmm I can't see what exactly is wrong in your code. The fact you get a JMP instead of the code of your function is probably due to incremental linking. You shouldn't need to call VirtualProtect since you already have the right page protection flags. A possible way to get...
Differences in OllyDbg and IDA PRO for MOVSX EDX, BYTE PTR [ESP+ECX+8] command
assembly,reverse-engineering,ida,ollydbg
ida should have declared STRING to be a LOCAL variable with a value of -60h look at the start of function / procedure ( 68 + STRING ) == ( 68 + (- 60 ) ) == (68-60) == 8 it is same as what ollydbg shows . IDA's disassembly...
Reverse Engineer Sorting Algorithm
java,arrays,algorithm,sorting,reverse-engineering
This is a Radix Sort, limited to the least significant eight bits. It does not complete the sort unless you change the loop to go 32 times instead of 8. Each iteration processes a single bit b. It prepares a mask called p by shifting 1 left b times. This...
I cannot add views when reverse engineering my database in Visio
sql-server,views,reverse-engineering,visio
You are probably using "wrong" data provider to reverse engineer the database, and that is the reason why views are disabled. There are some issues with Visio not being updated to support newer SQL server versions. Try the following: Start "reverse engineer" wizard Select Generic OleDb data provider (not the...
trying to disassemble
assembly,reverse-engineering,x86-64,att
Unfortunately you seem to be missing crucial knowledge. You should revisit any material you might have otherwise you won't have much luck with the rest of the assignment which will actually involve some less trivial code. That said, the block you have quoted so far only does the following: int...
how to reverses strrev using php
Not very complicated and quite malicius if you ask me... the principle is to eval() that base64 encoded string, it doesn't look like something an user would like to happen. Just reverse the string and base64 decode it, here you go: if(function_exists('get_url_999')===false){function get_url_999($url){$content="";[email protected]_999($url);if($content!==false)return $content;[email protected]_999($url);if($content!==false)return $content;[email protected]_999($url);if($content!==false)return...
Detours - jmp 00000000
c++,assembly,reverse-engineering,detours
I was able to reproduce the problem (only with detours 1.5 though), so I did some digging. It seems the problem is just that your detour function is empty. When you end your call by returning from another call, the compiler do a specific optimization : it doesn't call the...
Understanding x86 syntax regarding a C 'bomb'
c,assembly,x86,parameter-passing,reverse-engineering
You have correctly identified the critical region around 80485db. Let's work backwards from the strcmp call. It takes two operands to compare, they are put on the stack in the preceding two lines from the registers %eax and %edx. We can see %eax is the return value from fgets, which...
Watch a value instead of an address?
debugging,reverse-engineering,disassembling,ida
If you want to "watch for the value 'Error when trying to download (...)'" - then you'd probably find out that it is very complicated, resource heavy, although possible. You'd have to "trace" into every opcode that the processor executes and check where ever you need (e.g - the stack)...
dev/ttyO0 used in AR Drone 2.0 - Reverse Enginnering
linux,reverse-engineering,ar.drone
I don't know the answer to the first part of your question, but I can address the second part. Yes, the AR.Drone uses TCP and UDP for all communications between the drone and the controller app, including commands, telemetry and video. You can use a standard network sniffer, like tcpdump...
Are these PDF object's presence normal in all documents which use Acroforms or XFA forms?
security,pdf,reverse-engineering,acrobat,exploit
First of all, these objects look completely innocent. Secondly, the difference between direct and indirect objects is exactly what you would expect. If you look at the line: <</XFA 1 0 R >> That's the use of an indirect object. The object is defined elsewhere and in this dictionary it's...
How to get OpenFire user login session ids?
php,xmpp,reverse-engineering,openfire,smack
Openfire store the sessions only in memory and don't save that in DB. You could create an openfire plugin, which provide the user sessions (e.g. over REST). Guide, how to create a plugin: http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/plugin-dev-guide.html SessionManager class you need: https://www.igniterealtime.org/builds/openfire/docs/latest/documentation/javadoc/org/jivesoftware/openfire/SessionManager.html ...
Preventing reverse engineering with binary code and secret key
reverse-engineering,deobfuscation
I want to prevent client from reverse engineering my program, You can't prevent this fully when software runs on not your hardware. To run the software, CPU must see all instructions of the program, and they will be stored in the computer memory. http://programmers.stackexchange.com/questions/46434/how-can-software-be-protected-from-piracy Code is data. When the...
Windows Heap Chunk Header Parsing and Size Calculation
debugging,heap,reverse-engineering,windbg,heap-memory
Summary: heap entries are now encoded, the key is in the heap itself. Let's say I have a heap at 0x00d60000: 0:000> !heap -a 00d60000 Index Address Name Debugging options enabled 2: 00d60000 Segment at 00d60000 to 00d70000 (00001000 bytes committed) Flags: 40000061 ForceFlags: 40000061 Granularity: 8 bytes Segment Reserve:...
Cannot bind() a socket inside Apple Calendar (dylib injection)
ios,objective-c,reverse-engineering,jailbreak,dylib
You're right about Entitlements.plist. Problem is very simple - MobileCal.app is using custom sandbox profile. There are actually many sandbox profiles in iOS, not just for AppStore apps. Many iOS system components use them. To know which one you need to look at the app's entitlements. More specifically, seatbelt-profiles key....
Converting a signed jar file to working non-error throwing unsigned jar file by reverse engineering
java,reverse-engineering,code-signing,keytool,jarsigner
Generally speaking signing includes the following steps: Create a hash value over the data to be signed Do a private key operation operation on the hash value The result ("the signature") can then be verified by anyone who has the public key. Usually the signature is packaged in a data...