Security researcher Dino Dai Zovi (of Pwn2Own fame) has released a suite of tools to demonstrate how to load an advanced rootkit on Mac OS X machines.
The tools were first discussed at this year's Black Hat security conference where Dai Zovi (right) presented techniques to manipulate the way the Mach micro-kernel uses RPC calls to create hidden system calls or create kernel threads.
[ SEE: Dino Dai Zovi: How Snow Leopard can save Mac OS X from malware attacks ]
On his Trail of Bits blog, Dai Zovi released an inject-bundle tool to demo the steps need to use injected memory and threads to load a Mach-O bundle into another task. He also posted injectable bundles to demonstrate how to capture an image using the Mac's iSight camera, how to log instant messages from iChat and how to log SSL traffic sent through the Apple Security Transport API.
Dai Zovi's rootkit, dubbed Machiavelli, is capable of using Mach RPC proxying to transparently perform Mach RPC to a remote host.
Dai Zovi described the tools as "non-hostile proof of concept" that are not suitable for use in actual rootkit or offensive tools.