Well Documented

Simply Solutions

Archive for the category “Apple”

Spoof MAC Address from Boot using launchd

You can never be too safe. Once upon a time, the lovely people at Apple let you change your MAC address right from the System Preferences. Alas, gone are those days. But I’ve got a better solution for you, and it involves plists.

Firstly, create a Bash script to do the spoofing and place it in a directory you don’t randomly eradicate. I would suggest root. In Terminal type:
cd / && sudo vim .macspoof.sh

Once inside vim, type i to begin “inserting” text. Enter the following text and be certain to follow this formatting exactly:
ifconfig en0 lladdr 00:00:00:00:00:00
ifconfig en1 lladdr 00:00:00:00:00:01

You should choose a MAC address that isn’t as obvious as a series of 0’s. Add 1 to the wireless MAC to simulate a probable setup.

Then hit the escape key to leave “insert” mode, type :wq and hit enter. That will “write” the file and “quit.”

Set the permissions of the script for root access only:
sudo chown -R root:admin .macspoof.sh

Now make the script executable:
sudo chmod u=rwx .macspoof.sh

Now we’ll need to create a .plist file for launchd to handle. Do the following:
cd /Library/LaunchDaemon && sudo vim com.superuser.macspoof.plist

Inside of vim, you can either type or paste the following code:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.superuser.macspoof</string>
<key>ProgramArguments</key>
<array>
<string>/.macspoof.sh</string>
</array>
<key>UserName</key>
<string>root</string>
<key>GroupName</key>
<string>wheel</string>
<key>RunAtLoad</key>
<true></true>
<key>Debug</key>
<true></true>
</dict>
</plist>

“Write” and “quit” the file, then change it’s permissions:
sudo chown -R root:wheel com.superuser.macspoof.plist

Next, we’ll load the plist into launchd:
sudo launchctl load com.superuser.macspoof.plist

Confirm that the plist loaded:
sudo launchctl list | grep macspoof
If the plist name appears, it’s installed.

Reboot your machine and check your MAC address:
ifconfig | grep ether

To remove the .plist, type the following:
sudo launchctl unload -w /Library/LaunchDaemon/com.superuser.macspoof.plist

If you’re familiar with these commands, you know you’ve just created a way to run any Bash script as root from boot. This is both incredibly powerful and extremely dangerous.

Advertisements

Installing Apple OS X 10.6 Snow Leopard on Thumbdrive

Elements tested:
– 2.4GHz mid 2007¬†Macbook Pro 15″ (model #1226) running OS X Snow Leopard 10.6.3
– 32GB Corsair Survivor GTR USB Thumbdrive formatted Mac OS Extended Journaling

Goal: To create a portable Macintosh OS environment.

Conditions: Installed by booting using the Operating System disc.

Results: Inconclusive; ultimately impractical.

Reason for Result: A normal installation with this hardware takes approximately 35 minutes to complete, however installation to the thumbdrive took over 3 hours, the last of which was spent idling at the 1 minute left mark.

Reason for Attempt: The Survivor thumbdrive provided the best read/write speeds available on the market for USB 2.0 drives (34MBs read/28MBs write), giving the drive the best possible chance of competing with an external drive (like the Seagate FreeAgent Go 500GB, with speeds around 30.6MBs read 20MBs write).

Possible Solutions: Enable user permission and extract critical information from the installation CD ahead of time using this walkthrough.

Booting a Macintosh from a USB Thumbdrive

Elements tested:
– 2.4GHz mid 2007 Macbook Pro 15″ (model #1226) running OS X Snow Leopard 10.6.3
– 32GB Corsair Survivor GTR USB Thumbdrive running “The Ultimate Bootable Flashdrive Tool.”
rEFIt boot manager installed from a mac disk image.

Goal: To boot from the Corsair thumbdrive.

Results: Unable to boot from Corsair thumbdrive.

Reason for Result: The rEFIt website clearly states that the Apple firmware has poor support for booting from external devices under their troubleshooting section.

Encryption and Password Protection under Mac OS X

Everyone’s got something to hide. Here’s a great way to encrypt and password protect your sensitive material natively under Macintosh OS X. This guide assumes you have the latest¬† OS 10.6.3, however the encryption feature is nothing new.

Launch Disk Utility either by navigating to /Applications/Utilities with Finder or by using Spotlight.

Select the New Image icon at the top of the main window.

Select a location to save your disk image, then type the name of the disk image in the “Save As:” text field above. Another text field and several drop-down menus appear at the bottom of the window. Name the disk image as you see fit and select a file size appropriate to your needs. This size cannot be changed later, however you can always create additional disk images or create a larger disk image and migrate your data.

I suggest leaving the “Format:” field the default “Mac OS Extended (Journaled), unless you plan on accessing the information from other operating systems, in which case I suggest selecting “MS-DOS FAT.”

Encryption is what makes your data secure, however stronger encryption means more time required to decrypt and re-encrypt data when reading and writing to disk. Under “Encryption:”, Select “128-bit AES encryption (recommended)” if you expect to read and write from the disk image often, or select “256-bit AES encryption (more secure, but slower)” if you’re goal is complete security. You can never be too careful.

Leave “Partitions:” as the default “Single Partition – Apple Partition Map” as well, unless you’re using multiple Operating Systems, in which case you should select “Hard disk”.

Leave “Image Format:” as the default “read/write disk image”.

Selecting the “Create” button at the bottom right will bring up a password window. There’s little point to strong encryption without a decent password, so choose your password carefully. Refer here for tips on creating strong passwords. Deselect “Remember password in my keychain”, otherwise the operating system will store your password and defeat everything we hoped to accomplish here.

What you have effectively done is to create a separate, portable file system on your hard disk which is mobile enough to place on a flash drive or migrate too and from disks. Think of it as a secure folder, but without the expensive and taxing elements of a third-party solution.

Choosing a Strong Password

I’m sure you thought that your dog’s name was an easy thing to remember when checking your email on a daily basis. Unfortunately, this is exactly what hackers and social engineers are counting on. Your password should have absolutely nothing to do with you on a personal level. That means no birthday, middle name, pet name, favorite food, or anything like it. In today’s social networking world, you give up your personal information voluntarily., so don’t rely on it to remember your passwords. Let’s begin with a few common complaints about complex passwords and find some reasonable solutions:

“If I make the password too complicated, I’ll never be able to remember it.”

Write the password down in a “password book” and keep it in a secure location. Never store your passwords and account information digitally (in a file on your computer), otherwise your password might as well be public information, because a single successful attempt to breach your firewall and gain access to your filesystem would also mean easy access to your passwords. Once you’ve referenced the book for your passwords a few times, you’ll remember them as easily as your ex-girlfriend’s phone number (which I still can’t seem to forget). Don’t write it down on a yellow sticky note and place it on your monitor or under your keyboard either. These are common places for social engineers to look (consider the film Terminator and the keys under the sun visor). Not being able to check your email until you get home to look in your password book is much better than leaving your password in an easily accessible place. If you’re going to do that, you might as well print your emails out and leave them on your desk. Never use complete words in your password, even if they aren’t english words. If you absolutely insist on using a word to help you remember a password, consider L33t.

“One secure password is good enough for all of my accounts.”

The problem with this notion is that different accounts use different security protocols. Some of your accounts may not accept more than alphanumerics (letters and numbers). Some accounts may store passwords in insecure locations, leaving you vulnerable every time you sign on. The best safeguard against this is to select a unique password for each account you have.

“I’ll just rely on a password generator to create random passwords for me.”

Generating your own random passwords really is more secure, because it’s based on algorithms that you create. It doesn’t have to be overly complex either. Consider this method: Open a book or other analog document that isn’t personal to you and select every 15th character (or every 7th. This number is random, but generally depends on average sentence length), whether it be a letter, number, or punctuation. Perhaps a mathematics or programming book. Even a cook book would be sufficient. Do this between 12 and 24 times, until you’ve found a reasonable character set. This blog would not be considered a particularly good dataset because it lacks a decent mixture of numbers and punctuation. In the first 15 characters, only one punctuation character appears (hnnci.taie). The longer the selected character string, the greater the variation of the string, allowing you to select a password from within he character string. For example, in the character string “Eqi%v3FW4)saI,vhe%G”, you could select the first 8 characters, or the last 8, or the middle 10 if you desired. Keep in mind that longer passwords are inherently more secure.

“How could they even guess my password? It’s not posted on my Facebook account.”

One type of brute-force password-obtaining method works like a tumbler, working on each character in sequence from the beginning of the password to the end. Most accounts have a minimum character requirement of 6, so modern tumblers don’t bother testing string lengths shorter than 6. Depending on the tumbler method, it may start with the string “aaaaaa”, or “zzzzzz”, or some obscure string based on an algorithm designed to guess obvious passwords, such as by comparing it first to dictionary words. Assuming the first method, a tumbler would be able to break the password “aaaaaa” on the first try. If the tumbler varied string length before characters, any number of ‘a’s would still require very little time to break. If the tumbler attempted capitalization of each character first, the password “Aaaaaa” would be defeated on the second attempt, and the password “AAAAAA” on the seventh (or much later, depending on the algorithm used). If the password contains only lowercase alphabet characters, which insecure passwords often do (and modern tumbler often attempt these combinations first), then each character will be one of 26 possible characters. A string length of 6 means 26^6 attempts are required to exhaust all possible combinations, or approximately 300 million. This may seem like a large enough number, but anyone with access to multiple machines can reduce the time required significantly. An alphanumeric password jumps the attempts to 36^6, or approximately 2 billion combinations. Allowing for capitalization effectively doubles the alphabet to 52, requiring 62^6 attempts to break a 6 character password, or approximately 57 billion combinations. Adding special characters to this (punctuation is one type) increases this number to around 91 (depending on the password protocol), requiring over 560 billion attempts to exhaust all combinations. Since password length increases the attempts exponentially, a bare minimum of 8 is the safest. Thusly, 26^8 is around 208 billion, which quite a deal larger than 300 million, and an extremely secure password might utilize any of the 91 characters 8 times, requiring 4.7 trillion attempts to exhaust all possibilities. This is why “chuckles” is a bad choice.

To sum up: create a randomized password with a bare minimum of 8 characters and utilize capitalization, letters and numbers, and random special characters such as commas and hashes and asterisks. Create your own from texts so that even the source of the password is obscured. Never store your password anywhere digitally and do not write it down anywhere but in one secure location, preferably in a book which only you have access to.

Control Monitor Brightness through the Terminal

This feature is particularly useful in combination with a portable SSH capable device, such as an iPod.

Copy this code and paste it into TextEdit and save it as brightness.c. If you paste this into vim and use a standward terminal width of 80, be prepared for a wrapping issue on line 56.

#include <stdio.h>
#include <unistd.h>
#include <IOKit/graphics/IOGraphicsLib.h>
#include <ApplicationServices/ApplicationServices.h>
const int kMaxDisplays = 16;
const CFStringRef kDisplayBrightness = CFSTR(kIODisplayBrightnessKey);
const char *APP_NAME;

void errexit(const char *fmt, ...) {
  va_list ap;
  va_start(ap, fmt);
  fprintf(stderr, "%s: ", APP_NAME);
  vfprintf(stderr, fmt, ap);
  fprintf(stderr, "\n");
  exit(1);
}

void usage() {
  fprintf(stderr, "usage: %s [-m|-d display] [-v] <brightness>\n", APP_NAME);
  fprintf(stderr, "   or: %s -l [-v]\n", APP_NAME);
  exit(1);
}

int main(int argc, char * const argv[]) {
  APP_NAME = argv[0];
  if (argc == 1)
    usage();

  int verbose = 0;
  unsigned long displayToSet = 0;
  enum { ACTION_LIST, ACTION_SET_ALL, ACTION_SET_ONE } action = ACTION_SET_ALL;
  extern char *optarg;
  extern int optind;
  int ch;

  while ( (ch = getopt(argc, argv, "lmvd:")) != -1) {
    switch (ch) {
    case 'l':
      if (action == ACTION_SET_ONE) usage();
      action = ACTION_LIST;
      break;
    case 'v':
      verbose = 1;
      break;
    case 'm':
      if (action != ACTION_SET_ALL) usage();
      action = ACTION_SET_ONE;
      displayToSet = (unsigned long)CGMainDisplayID();
      break;
    case 'd':
      if (action != ACTION_SET_ALL) usage();
      action = ACTION_SET_ONE;
      errno = 0;
      displayToSet = strtoul(optarg, NULL, 0);
      if (errno == EINVAL || errno == ERANGE)
	errexit("display must be an integer index (0) or a hexadecimal ID (0x4270a80)");
      break;
    default: usage();
    }
  }

  argc -= optind;
  argv += optind;

  float brightness;
  if (action == ACTION_LIST) {
    if (argc > 0) usage();
  } else {
    if (argc != 1) usage();

    errno = 0;
    brightness = strtof(argv[0], NULL);
    if (errno == ERANGE)
      usage();
    if (brightness < 0 || brightness > 1)
      errexit("brightness must be between 0 and 1");
  }

  CGDirectDisplayID display[kMaxDisplays];
  CGDisplayCount numDisplays;
  CGDisplayErr err;
  err = CGGetActiveDisplayList(kMaxDisplays, display, &numDisplays);
  if (err != CGDisplayNoErr)
    errexit("cannot get list of displays (error %d)\n", err);

  CFWriteStreamRef stdoutStream = NULL;
  if (verbose) {
    CFURLRef devStdout =
      CFURLCreateWithFileSystemPath(NULL, CFSTR("/dev/stdout"),
				    kCFURLPOSIXPathStyle, false);
    stdoutStream = CFWriteStreamCreateWithFile(NULL, devStdout);
    if (stdoutStream == NULL)
      errexit("cannot create CFWriteStream for /dev/stdout");
    if (!CFWriteStreamOpen(stdoutStream))
      errexit("cannot open CFWriteStream for /dev/stdout");
  }								  

  for (CGDisplayCount i = 0; i < numDisplays; ++i) {
    CGDirectDisplayID dspy = display[i];
    CFDictionaryRef originalMode = CGDisplayCurrentMode(dspy);
    if (originalMode == NULL)
      continue;

    if (action == ACTION_LIST) {
      printf("display %d: ", i);
      if (CGMainDisplayID() == dspy)
	printf("main display, ");
      printf("ID 0x%x\n", (unsigned int)dspy);
      if (verbose) {
	CFStringRef error = NULL;
	CFPropertyListWriteToStream(originalMode, stdoutStream,
				    kCFPropertyListXMLFormat_v1_0, &error);
	if (error != NULL)
	  errexit("failed to write display info (%s)",
		  CFStringGetCStringPtr(error,
					CFStringGetFastestEncoding(error)));
      }
    }

    io_service_t service = CGDisplayIOServicePort(dspy);
    switch (action) {
    case ACTION_SET_ONE:
      if ((CGDirectDisplayID)displayToSet != dspy && displayToSet != i)
	continue;
    case ACTION_SET_ALL:
      err = IODisplaySetFloatParameter(service, kNilOptions, kDisplayBrightness,
				       brightness);
      if (err != kIOReturnSuccess) {
	fprintf(stderr,
		"%s: failed to set brightness of display 0x%x (error %d)",
		APP_NAME, (unsigned int)dspy, err);
	continue;
      }
      if (!verbose) continue;
    case ACTION_LIST:
      err = IODisplayGetFloatParameter(service, kNilOptions, kDisplayBrightness,
				       &brightness);
      if (err != kIOReturnSuccess) {
	fprintf(stderr,
		"%s: failed to get brightness of display 0x%x (error %d)",
		APP_NAME, (unsigned int)dspy, err);
	continue;
      }
      printf("display %d: brightness %f\n", i, brightness);
    }
  }

  return 0;
}

Open the Terminal application and navigate to the directory containing brightness.c

copy the following code and run it
gcc -std=c99 -o brightness brightness.c -framework IOKit -framework ApplicationServices

Note: as of this writing, using gcc version 4.2.1 (Apple Inc. build 5646) (dot 1) will yield a warning about a deprecated ‘CGDisplayCurrentMode’ at line 101. You can ignore this.

I recommend placing this in your /usr/local/bin directory. To do this, mv the file into the directory as root.
sudo mv brightness /usr/local/bin

Grab your favorite SSH capable device and control your screen brightness from your bed or from a keyboard which doesn’t have brightness keys.

To adjust, type:

<code>brightness .5</code>

Brightness can be adjusted anywhere from 0 to 1, with any decimal inbetween, allowing you a more descrete range than even the keys or slider bar can achieve.

Code author: Nicholas Riley

Time a Compilation in Linux

Time is a part of the bash shell and is a very useful program. With it you can easily determine the time it takes your machine to complete any shell task. The syntax depends on the bash command.

for a simple command like cd, the syntax is:
time cd

for a series of commands separated by &&, the syntax is:
time { cd && ls; }

Timing the amount of time it takes to configure and build an application is probably the best example of this feature. For example:
time { ./configure && make depend && make; }

Another great example is using time with Locate to determine seek time. For example:
time locate manual.pdf

Create an .iso from a CD or DVD using Disk Utility

This is a really useful feature of Disk Utility. Insert your CD or DVD and wait for it to spool up. Launch the Disk Utility and you should see your recently inserted disk in the left column. Click on the disk, then select New Image from the program menu. This will bring up a “save as” menu. At the bottom of this menu are two drop-down menus. Select DVD/CD Master from the one labeled “Image Format:.” Select Save. Rename the saved file from *.cdr to *.iso.

The subsequent ISO can be burned or read on any platform.

Access an Alcohol 120% Image on a Mac

This procedure is not for the light of heart. It involves using the popular linux program Wine to run another program called AnyToISO, which can then be used to convert the Alcohol 120% file images (extension .mdf and .mds) into an .iso image. The .iso image is then readily mountable on any system.

My current system is a MacBook Pro Intel running Mac OS 10.6.2. with Xcode 3.2.1. installed. You will need Xcode to compile Wine.

Download the latest Wine source by visiting this link. We’ll assume that you haven’t changed your default download location and that it downloaded to your Downloads folder. Launch the Terminal application using Spotlight and use it to change directories to your Downloads directory by typing:

cd ~/Downloads.

Extract the tarball by typing:

tar xvf wine-1.1.34.tar.bz2.

If it is a new version of Wine, the filename is obviously going to be different. Make changed accordingly. Change directories into the newly created directory by typing:

cd wine-.1.1.34.

We are going to build Wine from scratch. Wine’s wiki has a section on building for the intel Mac here. As the wiki indicates, we need to run a few exports to build Wine with minimal fuss. Cut and paste the following code into the terminal, making sure to hit enter afterwards.

export CFLAGS="-arch i386 -m32"
export CXXFLAGS="$CFLAGS"
export CPPFLAGS="-I/usr/X11/include"
export LDFLAGS="-L/usr/X11/lib"

Build the package by typing:
./configure
make depend && make

At this point I recommend downloading AnyToISO by clicking here. Change directories backwards by typing:

cd ..

Now run the newly downloaded executable with Wine by typing:

./wine-1.1.34/wine anytoiso.exe

Wine will eventually complain that Gecko isn’t installed. We don’t need it, so click on Cancel. The setup window will finally come up for AnyToIso converter. Click Next until you get to Install, then click Install, the finally Finish. The window that pops up won’t have any font displayed. It doesn’t matter. Click on the top right button with the folder icon on it and locate your .mdf file. Open it. Returning to the previous window, click on the botton left button with a disc and an arrow on it. It will show a progress bar which is converting your .mdf file into a .iso file in the same directory where you were.

Extract .rar Files on Mac OS X

UnRarX

This app is extremely useful for extracting .rar files. It operates quickly and cleanly and you can always run it directly from the disk image!

Post Navigation