Working around Apple's arbitrary limitations, #

or Extracting IPA files from an iPhone

A recent Fantastical update hid previously-paid-for functionality behind a subscription paywall with account creation nags.

Since iTunes backups have long excluded IPAs and Apple Configurator 2 or iMazing only download the latest IPA from Apple, I used an iPhone 6 running iOS 12 to download the previous version (happily, the new version was iOS 13-only) then extracted the IPA for copying to an iPhone 6S running iOS 13:

  1. While Fantastical no longer appears in App Store searches performed under iOS 12, the last compatible version can be downloaded (assuming it is associated with your account) via App Store → Updates → Account icon → Purchased → My Purchases → Search → Fantastical → Download icon → "Download"

  2. Install and run checkra1n, connecting the iPhone 6 to the Mac via USB cable when prompted. Jailbreaking only takes a minute or two.

  3. Install Homebrew

  4. user@Mac ~ % brew install usbmuxd

  5. user@Mac ~ % iproxy 4444 44

  6. In a new Terminal tab: user@Mac ~ % ssh root@localhost -p 4444
    root@localhost's password: alpine

  7. iPhone6:~ root# find /var/containers/Bundle/Application/ -name Fantastical
    /var/containers/Bundle/Application/C5CC3023-C8E7-4AEB-8536-363B96BDB725/Fantastical.app/Fantastical

  8. iPhone6:~ root# exit

  9. user@Mac ~ % mkdir Payload

  10. user@Mac ~ % scp -P 4444 -r root@localhost:/var/containers/Bundle/Application/C5CC3023-C8E7-4AEB-8536-363B96BDB725/Fantastical.app/ Payload/

  11. user@Mac ~ % zip -r Fantastical.ipa Payload/

  12. Find Fantastical.ipa in the Mac's current directory. It can be installed on the iPhone 6S running iOS 13 via iMazing: click iPhone 6S icon → Apps → Copy to Device → browse to recovered Fantastical.ipa → "Select"

Notes & Sources

/misc | Feb 01, 2020

Windows 7 ESU for truly small businesses #

Despite dire warnings and headlines like these:

it is trivial (on the order of a few minutes) and inexpensive ($63.75 per computer for the first year with no minimum order) for small business running Windows 7 Pro or Ultimate to enroll in Microsoft's Extended Security Updates program thanks to Ted and Amy at Harbor Computer Services.

Simply fill out the order form (as mentioned in Ed Bott's updated You want to keep running Windows 7? Good luck with that, small businesses) and run the 3 simple slmgr commands provided by Ted in your order confirmation email.

Deepest thanks to Ted and Amy for helping truly small businesses access critical security updates for legacy systems.

/windows | Jan 22, 2020

On Wisdom #

/misc | Jan 01, 2020

Save ​.ORG #

Help stop the sale of Public Interest Registry to a Private Equity Firm:

/misc | Nov 22, 2019

Crack Mac user password #

Environment

Extract hash

sudo ./plist2hashcat.py /Volumes/Target/var/db/dslocal/nodes/Default/users/username.plist

user:$ml$28328$7215a1faa91e6196fb53884c4320970d9705ae6f19e5b50e0a24243708629a9b$8e0588decbdb347e0b909a7a1b1bc9470fe7dd37e09a64f9d02b82cfba91116b13d7c172b5a65683ac8d2c873324b8d82255a51ced0792656e766fa1a9c23994

Save the output without the leading "user:" (otherwise you'll need to specify --username when running hashcat) to hash.txt

Start cracking

hashcat -a 0 -m 7100 --status -o found.txt hash.txt wordlist.txt

More

Additional scripts and a program that accomplish the same goal as plist2hashcat.py (i.e., extracting hashcat-compatible hashes from binary plist shadow files generated by OS X 10.8 and up (SALTED-SHA512-PBKDF2)):

The process can also be done manually:

See also Recovering saved macOS user passwords.

/mac | Oct 30, 2019

Run Aperture, iPhoto, or iTunes on macOS Catalina #

Retroactive "is an app that lets you run Aperture, iPhoto, and iTunes on macOS Catalina." The author's exhaustive Technical Deep Dive: How does Retroactive work? answers the question in full, but also highlights a number of limitations:

The list differs somewhat in the readme:

/mac | Oct 30, 2019

Dedupe massive wordlists without changing order #

"The duplicut tool finds and removes duplicate entries from a wordlist, without changing the order, and without getting OOM on huge wordlists whose size exceeds available memory. ... [W]ritten in C, and optimized to be as fast and memory frugal as possible."

Refreshingly simple installation and syntax:

make release
./duplicut <WORDLIST_WITH_DUPLICATES> -o <NEW_CLEAN_WORDLIST>

UPDATE: Royce Williams kindly alerted me to possible issues around longer line lengths and non-ASCII characters, and the author of duplicut, nil0x42, was kind enough to set me straight: just needed to specify --line-max-size 254 to avoid truncation under that threshold.

/nix | Oct 30, 2019

Cracking hashes in the cloud with hashcat #

posted to the docs section.

/nix | Oct 29, 2019

Firefox: Enable Night Mode for desktop OSes #

Firefox for iOS offers an "Enable Night Mode" toggle which not only darkens the Firefox interface, but websites as well.

While not available for desktop OSes yet, you can achieve a similar result with ShadowFox (macOS users can install via Homebrew or MacPorts) and Dark Reader. ShadowFox correctly darkens every UI element, including ones that other themes can have trouble with, like the address bar, context menu, and history page.

/misc | Oct 23, 2019

Download webpage to .webarchive in Terminal #

Webarchiver "allows you to create Safari .webarchive files from the command line":

webarchiver -url https://tinyapps.org -output tinyapps.webarchive

With a bash function, we can automate creating the filename from the page's title tag and include the URL in the "Where from" metadata:

function dl() {
  ADDRESS="$1"
  TITLE=`curl -s "$ADDRESS" | grep -o "<title>[^<]*" -m 1 | tail -c+8`
  /Applications/network/webarchiver -url "$ADDRESS" -output "$TITLE.webarchive"
  xattr -w "com.apple.metadata:kMDItemWhereFroms" "$ADDRESS" "$TITLE.webarchive"
}

Add the above to your .bash_profile, reload with source ~/.bash_profile, and use like so:

$ dl https://tinyapps.org/docs/nvme-sanitize.html

Title tags can be tricky to parse correctly, here are some other approaches:

as well as another version wherein you manually supply the title/filename:

function dl() {
  ADDRESS="$1"
  FILENAME="$2"
  /Applications/network/webarchiver -url "$ADDRESS" -output "$FILENAME.webarchive"
  xattr -w "com.apple.metadata:kMDItemWhereFroms" "$ADDRESS" "$FILENAME.webarchive"
}

calling like so:

$ dl https://tinyapps.org/docs/nvme-sanitize.html "NVMe Sanitize"

Acquire webarchiver 0.9 via homebrew (brew install webarchiver) or MacPorts (sudo port install webarchiver), or build easily from source with Xcode.

Thanks to kenorb for his simple title regex; I only had to add -m 1 after running across a page containing multiple title tags (which apparently isn't that rare, in spite of the spec).

/mac | Oct 21, 2019


Subscribe or visit the archives.