tinyapps.org / blog


Breathing new life into a 2006 MacBook #

/mac | Sep 17, 2017

Menu bar firewall status indicator #

BitBar (open source) can be used to display an emoji of choice in the menubar depending on the built-in Application Firewall's state: off (0), on for specific services (1), or on for essential services (aka stealth mode) (2):

Firewall status in menubar via BitBar

  1. Install and launch BitBar
  2. Create a new directory (e.g., ~/bitbar/) to store plugins when prompted
  3. Save the following Bash script as ~/bitbar/firewall_status_indicator.10s.sh and make it executable (chmod +x firewall_status_indicator.10s.sh):
    #!/bin/bash
    
    state=$(defaults read "/Library/Preferences/com.apple.alf" globalstate);
    
    if [ "$state" -eq 2 ]; then
      echo "🔒"
    elif [ "$state" -eq 1 ]; then
      echo "❗️"
    else
      echo "‼️"
    fi
    
    echo "---"
    echo "Open Firewall preference pane| href='x-apple.systempreferences:com.apple.preference.security?Firewall'"
    

GeekTool (free) can display a tiny red or green status LED on the desktop or in the menubar to indicate the firewall status:

Firewall status in menubar via GeekTool

TextBar ($2.99) can be used to display a shield icon and the firewall state (0, 1, or 2 as explained above) in the menu bar:

Firewall status in menubar via TextBar

  1. Install and launch TextBar
  2. Disable the default items
  3. Click the plus symbol to add a new item
  4. Replace echo 'Hello' with defaults read /Library/Preferences/com.apple.alf globalstate
  5. Check the far left box to enable and select the shield image

/mac | Sep 10, 2017

Particulars: BgInfo for OS X / macOS #

Sysinternals' BgInfo has been around for ages, displaying key system info on the Windows Desktop for convenience (especially handy for admins supporting remote users).

Glencode's Particulars offers similar functionality for Mac users, including a lab mode to help ease mass deployment.

/mac | Sep 10, 2017

Recovering saved macOS user passwords #

Users who have (inadvisedly) enabled automatic login often forget the password. It is merely encoded with an XOR cipher and stored in /etc/kcpassword.

A number of sites suggest this Ruby one-liner to recover it:

sudo ruby -e'key=[125,137,82,35,210,188,221,234,163,185,31];IO.read("/etc/kcpassword").bytes.each_with_index{|b,i|break if key.include?(b);print [b^key[i%key.size]].pack("U*")}'

However, only the first four characters were returned in my limited testing.

Joaquin Moreno Garijo's Python script, kcpass.py, did the trick:

  1. Copy /etc/kcpassword via target disk mode, single-user mode, etc.
  2. curl -O https://raw.githubusercontent.com/jjarava/mac-osx-forensics/master/kcpass.py
  3. chmod +x kcpass.py
  4. ./kcpass.py $(xxd -p /path/to/kcpassword)
        Kcpasswd: 0x09e03c5ab3ccad998dd66d1a89b165ae7e8912b851f8f0ff.
        Magic Xor: 0x7d895223d2bcddeaa3b91f.
        Used Magic Xor: 0x7d895223d2bcddeaa3b91f7d895223d2bcddeaa3b91f7d895223d2bcddeaa3b91f.
    
        The password is: "tinyapps.org".
    

See also:

/mac | Sep 07, 2017

Veganism in a nutshell #

If we could live happy and healthy lives without harming others... why wouldn't we?

-- Pam Ahern of Edgar's Mission

/misc | Sep 03, 2017

Cracking Microsoft Office password protection #

A new guide has been added to the dusty docs section: Cracking Microsoft Office password protection via hashcat, locally or in the cloud. Enjoy!

/nix | Aug 22, 2017

Proving the existence and content of a webpage #

ICanProve generates "digitally signed screenshots and session logs for legal evidence, proofs and discovery".

It uses a "remote controlled browser to create screenshots with extended logging of user actions and data transfer to create a timestamped and digitally signed document to give a very reliable proof of the website contents while allowing to selectively exclude sensitive information and transparently decoding ssl (https) sessions".

Would the generated files hold up in court? No idea. I am not a lawyer (thank heavens), this is not legal advice, etc, etc. It may be prudent to have an actual notary (or twelve) verify and notarize as well (after conferring with a phalanx of attorneys, of course).

Related:

/misc | Aug 16, 2017

OS X: Undelete iMessage messages #

/mac | Jul 17, 2017

Download Windows and Office ISOs from Microsoft #

quickly and easily with Jan Krohn's Microsoft Windows and Office ISO Download Tool:
"This tool allows an easy and comfortable way to download genuine Windows 7, Windows 8.1 and Windows 10 disk images (ISO) directly from Microsoft's servers, as well as Office 2007, Office 2010, Office 2013, Office 2016, and Office 2011 for Mac.*

"In the past Microsoft provided disk images for many of their products through their subcontractor "Digital River". These downloads were pulled in early 2014. Afterwards, Microsoft made a limited selection of downloads available on their TechBench site. Our tool accesses that TechBench site, and unlocks a large number of hidden download files on it."

*In my testing, only Windows 8.1, Windows 10, Insider Preview, Office 2013, Office 2016, and Office 2016 for Mac were available. However, there is this promising note on Jan's website:

"Removal of Windows 7 and Office in Version 5.00: These downloads have been blocked by Microsoft. We're working on an update."

/windows | Jun 03, 2017

Incremental disk image backups with auto-pruning, encryption, and more #

Veeam Endpoint Backup was recently upgraded and renamed to Veeam Agent for Microsoft Windows. The freeware edition is even more powerful than before; here are just some of the features:

Backup

Restore

Recovery Media

More

Notes

/windows | May 31, 2017


Subscribe or visit the archives