Long overdue addition to graphics and OS X pages #

LICEcap v1.28 (Win 📺) [230k] & v1.29 (Mac 📺) [864k] {S} Capture an area of your desktop and save it directly to animated .GIF or .LCF.

/misc | Feb 22, 2020

Two rare additions to the OS X page, #

despite having gone nearly read-only (thanks for the kind shout-out, j_s! ;-)

/mac | Feb 20, 2020

Working around Apple's arbitrary limitations, #

or Extracting IPA files from an iPhone

A recent Fantastical update hid previously-paid-for functionality behind a subscription paywall with account creation nags.

Since iTunes backups have long excluded IPAs and Apple Configurator 2 or iMazing only download the latest IPA from Apple, I used an iPhone 6 running iOS 12 to download the previous version (happily, the new version was iOS 13-only) then extracted the IPA for copying to an iPhone 6S running iOS 13:

  1. While Fantastical no longer appears in App Store searches performed under iOS 12, the last compatible version can be downloaded (assuming it is associated with your account) via App Store → Updates → Account icon → Purchased → My Purchases → Search → Fantastical → Download icon → "Download"

  2. Install and run checkra1n, connecting the iPhone 6 to the Mac via USB cable when prompted. Jailbreaking only takes a minute or two.

  3. Install Homebrew

  4. user@Mac ~ % brew install usbmuxd

  5. user@Mac ~ % iproxy 4444 44

  6. In a new Terminal tab: user@Mac ~ % ssh root@localhost -p 4444
    root@localhost's password: alpine

  7. iPhone6:~ root# find /var/containers/Bundle/Application/ -name Fantastical

  8. iPhone6:~ root# exit

  9. user@Mac ~ % mkdir Payload

  10. user@Mac ~ % scp -P 4444 -r root@localhost:/var/containers/Bundle/Application/C5CC3023-C8E7-4AEB-8536-363B96BDB725/Fantastical.app/ Payload/

  11. user@Mac ~ % zip -r Fantastical.ipa Payload/

  12. Find Fantastical.ipa in the Mac's current directory. It can be installed on the iPhone 6S running iOS 13 via iMazing: click iPhone 6S icon → Apps → Copy to Device → browse to recovered Fantastical.ipa → "Select"

Notes & Sources

/misc | Feb 01, 2020

Windows 7 ESU for truly small businesses #

Despite dire warnings and headlines like these:

it is trivial (on the order of a few minutes) and inexpensive ($63.75 per computer for the first year with no minimum order) for small business running Windows 7 Pro or Ultimate to enroll in Microsoft's Extended Security Updates program thanks to Ted and Amy at Harbor Computer Services.

Simply fill out the order form (as mentioned in Ed Bott's updated You want to keep running Windows 7? Good luck with that, small businesses) and run the 3 simple slmgr commands provided by Ted in your order confirmation email.

Deepest thanks to Ted and Amy for helping truly small businesses access critical security updates for legacy systems.

/windows | Jan 22, 2020

On Wisdom #

/misc | Jan 01, 2020

Save ​.ORG #

Help stop the sale of Public Interest Registry to a Private Equity Firm:

/misc | Nov 22, 2019

Crack Mac user password #


Extract hash

sudo ./plist2hashcat.py /Volumes/Target/var/db/dslocal/nodes/Default/users/username.plist


Save the output without the leading "user:" (otherwise you'll need to specify --username when running hashcat) to hash.txt

Start cracking

hashcat -a 0 -m 7100 --status -o found.txt hash.txt wordlist.txt


Additional scripts and a program that accomplish the same goal as plist2hashcat.py (i.e., extracting hashcat-compatible hashes from binary plist shadow files generated by OS X 10.8 and up (SALTED-SHA512-PBKDF2)):

The process can also be done manually:

See also Recovering saved macOS user passwords and Cracking FileVault 2 (HFS+ or APFS).

/mac | Oct 30, 2019

Run Aperture, iPhoto, or iTunes on macOS Catalina #

Retroactive "is an app that lets you run Aperture, iPhoto, and iTunes on macOS Catalina." The author's exhaustive Technical Deep Dive: How does Retroactive work? answers the question in full, but also highlights a number of limitations:

The list differs somewhat in the readme:

/mac | Oct 30, 2019

Dedupe massive wordlists without changing order #

"The duplicut tool finds and removes duplicate entries from a wordlist, without changing the order, and without getting OOM on huge wordlists whose size exceeds available memory. ... [W]ritten in C, and optimized to be as fast and memory frugal as possible."

Refreshingly simple installation and syntax:

make release

UPDATE: Royce Williams kindly alerted me to possible issues around longer line lengths and non-ASCII characters, and the author of duplicut, nil0x42, was kind enough to set me straight: just needed to specify --line-max-size 254 to avoid truncation under that threshold.

/nix | Oct 30, 2019

Cracking hashes in the cloud with hashcat #

posted to the docs section.

/nix | Oct 29, 2019

Subscribe or visit the archives.