Breathing new life into a 2006 MacBook #
- Background (why isn't this easier?)
- CloudReady, based on ChromiumOS (even booting via USB works right out of the box)
- Linux (heaps of rabbit holes)
- Remix OS, based on Android (sloooooooow)
/mac | Sep 17, 2017
Menu bar firewall status indicator #
BitBar (open source) can be used to display an emoji of choice in the menubar depending on the built-in Application Firewall's state: off (0), on for specific services (1), or on for essential services (aka stealth mode) (2):
- Install and launch BitBar
- Create a new directory (e.g., ~/bitbar/) to store plugins when prompted
- Save the following Bash script as ~/bitbar/firewall_status_indicator.10s.sh and make it executable (chmod +x firewall_status_indicator.10s.sh):
#!/bin/bash
state=$(defaults read "/Library/Preferences/com.apple.alf" globalstate);
if [ "$state" -eq 2 ]; then
echo "🔒"
elif [ "$state" -eq 1 ]; then
echo "❗️"
else
echo "‼️"
fi
echo "---"
echo "Open Firewall preference pane| href='x-apple.systempreferences:com.apple.preference.security?Firewall'"
GeekTool (free) can display a tiny red or green status LED on the desktop or in the menubar to indicate the firewall status:
- Steps:
- Install and launch GeekTool
- Check "Enable" and "Automatically launch at login"
- Drag "Shell" to the desktop
- Position: 1007 | 4 (change as needed)
- Size: 95 | 45
- Check "Keep on Top"
- Command: if [ `defaults read "/Library/Preferences/com.apple.alf" globalstate` -eq 2 ];then EX=0;else EX=1;fi;exit $EX
- Refresh every: 60s (change as desired)
- Check "Display status feedback image"
- Notes:
- To check for (1), change "-eq 2" to "-eq 1" and to check for either (1) or (2), change to "-ge 1"
- If your geeklet causes GeekTool to freeze, delete ~/Library/Preferences/org.tynsoe.geeklet.shell.plist to start over.
- Props:
TextBar ($2.99) can be used to display a shield icon and the firewall state (0, 1, or 2 as explained above) in the menu bar:
- Install and launch TextBar
- Disable the default items
- Click the plus symbol to add a new item
- Replace echo 'Hello' with defaults read /Library/Preferences/com.apple.alf globalstate
- Check the far left box to enable and select the shield image
/mac | Sep 10, 2017
Particulars: BgInfo for OS X / macOS #
Sysinternals' BgInfo has been around for ages, displaying key system info on the Windows Desktop for convenience (especially handy for admins supporting remote users).
Glencode's Particulars offers similar functionality for Mac users, including a lab mode to help ease mass deployment.
/mac | Sep 10, 2017
Recovering saved macOS user passwords #
Users who have (inadvisedly) enabled automatic login often forget the password. It is merely encoded with an XOR cipher and stored in /etc/kcpassword.
A number of sites suggest this Ruby one-liner to recover it:
sudo ruby -e'key=[125,137,82,35,210,188,221,234,163,185,31];IO.read("/etc/kcpassword").bytes.each_with_index{|b,i|break if key.include?(b);print [b^key[i%key.size]].pack("U*")}'
However, only the first four characters were returned in my limited testing.
Joaquin Moreno Garijo's Python script, kcpass.py, did the trick:
- Copy /etc/kcpassword via target disk mode, single-user mode, etc.
- curl -O https://raw.githubusercontent.com/jjarava/mac-osx-forensics/master/kcpass.py
- chmod +x kcpass.py
- ./kcpass.py $(xxd -p /path/to/kcpassword)
Kcpasswd: 0x09e03c5ab3ccad998dd66d1a89b165ae7e8912b851f8f0ff.
Magic Xor: 0x7d895223d2bcddeaa3b91f.
Used Magic Xor: 0x7d895223d2bcddeaa3b91f7d895223d2bcddeaa3b91f7d895223d2bcddeaa3b91f.
The password is: "tinyapps.org".
See also:
/mac | Sep 07, 2017
Veganism in a nutshell #
If we could live happy and healthy lives without harming others... why wouldn't we?
-- Pam Ahern of Edgar's Mission
/misc | Sep 03, 2017
Cracking Microsoft Office password protection #
A new guide has been added to the dusty docs section: Cracking Microsoft Office password protection via hashcat, locally or in the cloud. Enjoy!
/nix | Aug 22, 2017
Proving the existence and content of a webpage #
ICanProve generates "digitally signed screenshots and session logs for legal evidence, proofs and discovery".
It uses a "remote controlled browser to create screenshots with extended logging of user actions and data transfer to create a timestamped and digitally signed document to give a very reliable proof of the website contents while allowing to selectively exclude sensitive information and transparently decoding ssl (https) sessions".
Would the generated files hold up in court? No idea. I am not a lawyer (thank heavens), this is not legal advice, etc, etc. It may be prudent to have an actual notary (or twelve) verify and notarize as well (after conferring with a phalanx of attorneys, of course).
Related:
/misc | Aug 16, 2017
OS X: Undelete iMessage messages #
- Find deleted or missing iMessage messages (.ichat files) in ~/Library/Messages/Archive.
- Attachments can be found in ~/Library/Messages/Attachments (view them all at ludicrous speed with Kenny Carruthers' Fileloupe).
- Since .ichat files are in binary property list format, some text search tools may not work, but grep does just fine:
$ grep -R somekeyword ~/Library/Messages/Archive/*
- Convert .ichat files to JSON with matrix-hacks' ichat2json. To handle multiple files, use a simple for loop like so:
$ for i in *; do ichat2json "$i" > "$i.txt"; done
- .ichat files can be converted to XML via plutil as explained by Sean Moubry:
$ plutil -convert xml1 message.ichat.
plutil reportedly supports conversion to JSON as well, but not in my brief testing:
$ plutil -convert json message.ichat
invalid object in plist for destination format
/mac | Jul 17, 2017
Download Windows and Office ISOs from Microsoft #
quickly and easily with Jan Krohn's Microsoft Windows and Office ISO Download Tool:
"This tool allows an easy and comfortable way to download genuine Windows 7, Windows 8.1 and Windows 10 disk images (ISO) directly from Microsoft's servers, as well as Office 2007, Office 2010, Office 2013, Office 2016, and Office 2011 for Mac.*
"In the past Microsoft provided disk images for many of their products through their subcontractor "Digital River". These downloads were pulled in early 2014. Afterwards, Microsoft made a limited selection of downloads available on their TechBench site. Our tool accesses that TechBench site, and unlocks a large number of hidden download files on it."
*In my testing, only Windows 8.1, Windows 10, Insider Preview, Office 2013, Office 2016, and Office 2016 for Mac were available. However, there is this promising note on Jan's website:
"Removal of Windows 7 and Office in Version 5.00: These downloads have been blocked by Microsoft. We're working on an update."
/windows | Jun 03, 2017
Incremental disk image backups with auto-pruning, encryption, and more #
Veeam Endpoint Backup was recently upgraded and renamed to Veeam Agent for Microsoft Windows. The freeware edition is even more powerful than before; here are just some of the features:
Backup
- Full (disk), volume, and file level backups
- For full and volume backups, only blocks changed since the last backup are copied
- Email notifications
- Backup file encryption
- BitLocker support
- Backup to multiple targets / rotated drives*
- Flexible scheduling by day/time or trigger (when a backup drive is connected, a user logs off, etc.)
- Automatic pruning of old backups (keep backups for the past x days when the computer was running)
- Automatic ejecting of USB storage targets post backup to protect against malware
Restore
- Bare metal, volume, and file restore options
- Restore to dissimilar hardware or smaller/larger disks
- Restore computer disks as VMDK, VHD or VHDX files.
- Instant Recovery to Microsoft Hyper-V VM
Recovery Media
- Collect drivers from source OS
- Quick and easy WinPE-based boot/recovery disc builder (does not require downloading Windows Automated Installation Kit (aka WAIK or AIK))
- Built-in recovery tools include: Reset Password (resets the hidden-by-default Administrator account password (Administrator will appear at the login screen on reboot)), Startup Repair (fixes problems that are preventing Windows from starting), Memory Diagnostic (runs Microsoft's Windows Memory Diagnostic), and Command Prompt (cmd.exe).
More
- Support for Windows 7 through 2016 (yes, Server editions are supported!)
- Tons of great documentation:
and a very active support forum.
Notes
- * To setup multiple targets / rotated drives:
- Assign static, unique letters to each drive that will be used (This isn't in the documentation, and may not be required, but I had trouble restoring files when testing two rotated drives which were dynamically assigned the same letter.)
- If you have already setup a backup routine to the first target, skip to step 3. Otherwise, head to Start > Veeam > Tools > Configure Backup and configure and run a backup job to the first target normally.
- Disconenct the first target drive and connect the second target drive
- Start > Veeam > Veeam Agent for Microsoft Windows > Settings > Manage registered storage devices > click "Register" to the right of the second target drive
- Run the backup routine normally
- The keyboard and mouse may hang on the green Veeam Recovery Media screen for a minute or two - just hang tight.
- If after a bare metal restore the PC fails to boot, reboot from the recovery media, click Tools > Load Driver and uncheck "Inject these drivers into operating system while performing bare metal recovery" before reperforming the bare metal restore.
- See also Paul Braren's comprehensive Superguide: Veeam Endpoint Backup FREE
/windows | May 31, 2017
Subscribe or visit the archives