MacOS/Braindumps

From Segfault
Jump to: navigation, search

64-bit Support

Check if 64-bit is even supported on your Mac:

$ ioreg -l -p IODeviceTree | grep firmware-abi
  | |   "firmware-abi" = <"EFI64">

Check if 64-bit is currently enabled:

$ system_profiler -detailLevel mini | grep 64-bit
    64-bit Kernel and Extensions: No

Enable 64-bit permanently:

$ sudo vi /Library/Preferences/SystemConfiguration/com.apple.Boot.plist
[...]
<dict>
   <key>Kernel</key>
   <string>mach_kernel</string>
   <key>Kernel Flags</key>
   <string>arch=x86_64</string>
</dict>

Enable 64-bit permanently by modifying the PRAM:

$ sudo nvram boot-args="arch=x86_64"

Enable 64-bit permanently via systemsetup(8):

$ sudo systemsetup -setkernelbootarchitecture x86_64

CDROM checksum

An inserted CDROM looks something like this:

$ diskutil list disk2
/dev/disk2
  #:                       TYPE NAME                    SIZE       IDENTIFIER
  0:        CD_partition_scheme             *761.9 MB   disk2
  1:     Apple_partition_scheme              663.5 MB   disk2s1
  2:        Apple_partition_map                1.0 KB   disk2s1s1
  3:                  Apple_HFS Foo          663.1 MB   disk2s1s2

To access of the data part of this CD, use {r,}disk2s1. In order to calculate the checksum, something like this would do:

$ openssl sha512 /dev/disk2s1
SHA512(/dev/disk2s1)= a12ba91d1cb4115cd10e[...]

This checksum should be the same as the image used to create this CDROM.

DYLD_LIBRARY_PATH

Under MacOS X, it's DYLD_LIBRARY_PATH instead of LD_LIBRARY_PATH[1]:

$ /opt/pacparser/bin/pactester
dyld: Library not loaded: /usr/lib/libpacparser.1.dylib
  Referenced from: /opt/pacparser/bin/pactester
  Reason: image not found
Trace/BPT trap: 5

$ otool -L /opt/pacparser/bin/pactester
/opt/pacparser/bin/pactester:
       /usr/lib/libpacparser.1.dylib (compatibility version 0.0.0, current version 0.0.0)
       /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 159.1.0)

$ DYLD_LIBRARY_PATH=/opt/pacparser/lib /opt/pacparser/bin/pactester -v
1.3.1-3-g9e32686

Firewall

Disable the Application Layer Firewall (ALF):

defaults write /Library/Preferences/com.apple.alf globalstate -int 0           # Enable with "1"

Now restart ALF:

launchctl unload /System/Library/LaunchAgents/com.apple.alf.useragent.plist
launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist

launchctl load /System/Library/LaunchDaemons/com.apple.alf.agent.plist
launchctl load /System/Library/LaunchAgents/com.apple.alf.useragent.plist

Import .ogg into iTunes

According to the internet[2], this should be possible:

...and then it should "just work". Unfortunately, these components have been abandoned, current (2013) installations if iTunes may not work with this package and continue to fail to import/play .ogg files :-\

Keyboard shortcuts

  • Alt-Tab not working as expected? Try Apple-Tab to switch through applications and Apple-` to switch through windows.
  • To generate a screenshot, press Apple-Shift-3 (or -4 to choose a certain area). The screenshot can be usually found on your ~/Desktop, last I tried it generated a .tiff image :-\
  • Break into OpenFirmware when booting: press Apple-O-F
  • Boot into Single-User mode when booting: press Apple-S
  • Boot from CDROM when booting: just press C

Malware checker

Mac OS X v10.6 Snow Leopard and later checks for malware, and stores visited URLs in an SQLite database. The database is located under:

$ DB=~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2

Example queries go like this:

sqlite3 $DB "select LSQuarantineDataURLString from LSQuarantineEvent" 
sqlite3 $DB "select LSQuarantineAgentName, LSQuarantineDataURLString, \
        date(LSQuarantineTimeStamp + 978307200, "unixepoch") as downloadedDate \
        from LSQuarantineEvent order by LSQuarantineTimeStamp' | sort | grep '|' --color

The schema

$ sqlite3 $DB ".schema LSQuarantineEvent"
CREATE TABLE LSQuarantineEvent (  LSQuarantineEventIdentifier TEXT PRIMARY KEY NOT NULL,  \
        LSQuarantineTimeStamp REAL,  LSQuarantineAgentBundleIdentifier TEXT,  \
        LSQuarantineAgentName TEXT,  LSQuarantineDataURLString TEXT,  LSQuarantineSenderName TEXT, \
        LSQuarantineSenderAddress TEXT,  LSQuarantineTypeNumber INTEGER,  LSQuarantineOriginTitle TEXT, \
        LSQuarantineOriginURLString TEXT,  LSQuarantineOriginAlias BLOB );
CREATE INDEX LSQuarantineEventIndex  ON LSQuarantineEvent (  LSQuarantineEventIdentifier );

Deleting all records from the database:

sqlite3 $DB "delete from LSQuarantineEvent"
sqlite3 $DB "vacuum"

Memory

Memory usage in MacOS X:[3]

$ top -l 1 -ncols 10 -u -n 5 
Processes: 104 total, 3 running, 101 sleeping, 603 threads 
2015/10/18 06:45:48
Load Avg: 0.00, 0.03, 0.00 
CPU usage: 4.0% user, 24.0% sys, 72.0% idle 
SharedLibs: 3076K resident, 4700K data, 0B linkedit.
MemRegions: 21778 total, 1211M resident, 15M private, 105M shared.
PhysMem: 314M wired, 1132M active, 500M inactive, 1946M used, 99M free.
VM: 241G vsize, 1039M framework vsize, 528377(0) pageins, 139918(0) pageouts.
Networks: packets: 32360004/10G in, 28534578/9332M out.
Disks: 13866258/105G read, 18379279/376G written.

PID    COMMAND     %CPU TIME     #TH  #WQ #PORTS #MREGS RPRVT RSHRD
87-    hwmond      0.0  18:43:04 4/1  1   93+    122+   58M+  644K+
18411  firefox     0.0  10:45:29 36   1   252+   8105+  176M+ 50M+ 
77     servermgrd  0.0  08:10:46 6    2   109+   275+   18M+  13M+ 
0      kernel_task 0.0  06:26:26 60/5 0   2+     1096+  20M+  0B   
1      launchd     0.0  04:56:41 3    0   136+   64+    892K+ 476K+
  • Wired - Memory in RAM that cannot be swapped out
  • Active - Memory in RAM that has recently been used.
  • Inactive - Memory in RAM that isn't actively used but was recently used. For example, when an application is closed its memory contents are marked inactive before being released entirely. However, despite being inactive, memory will be given to other programs if needed.
  • Used - Total amount of RAM used.
  • Free - The amount of RAM not being used.

Mount DMG images in Linux

Not really MacOS specifig, but here you go: DMG files are usually compressed, like this:

$ file foo.dmg
foo.dmg: bzip2 compressed data, block size = 100k

However, uncompressing via bzip2 won't work without errors, although the result looks kinda promising:

$ bzip2 -dc foo.dmg > foo.dmg.uncompressed
bzip2: foo.dmg: trailing garbage after EOF ignored
$ file foo.dmg.uncompressed 
foo.dmg.uncompressed: Apple Driver Map, blocksize 512, blockcount 157500, devtype 0, devid 0, descriptors 0, contains[@0x200]: Apple Partition Map, map block count 3, start block 1, block count 63, name Apple, type Apple_partition_map, contains[@0x400]: Apple Partition Map, map block count 3, start block 64, block count 157432, name disk image, type Apple_HFS, contains[@0x600]: Apple Partition Map, map block count 3, start block 157496, block count 4, type Apple_Free

We'll use dmg2img[4][5] to decompress the .dmg:

$ dmg2img foo.dmg foo.dmg.uncompressed
decompressing:
opening partition 0 ...             100.00%  ok
opening partition 1 ...             100.00%  ok
opening partition 2 ...             100.00%  ok
Archive successfully decompressed as foo.dmg.uncompressed

Now we will be able to mount the image:

$ sudo mount -t hfsplus -o ro foo.dmg.uncompressed /mnt/disk
$ mount | tail -1
/tmp/foo.dmg.uncompressed on /mnt/disk type hfsplus (ro,relatime,umask=22,uid=0,gid=0,nls=utf8)

nscurl

The following messages came up in syslog:

CalendarAgent[305]: CFNetwork SSLHandshake failed (-9836)
CalendarAgent[305]: NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9836)
CalendarAgent[305]: [com.apple.calendar.store.log.caldav.queue] 
     [Rectifying principal path either because of an error 
     (Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection 
      to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9836, 
      NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, 
      NSUnderlyingError=0x7fb030e470c0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 
      "An SSL error has occurred and a secure connection to the server cannot be made." 
      UserInfo={NSErrorFailingURLStringKey=https://alice@cal.example.org/caldav/principals/alice/,
[...]

The server presented a self-signed certificate that was unknown to MacOS's trust store. After this was fixed, we can use nscurl to verify that MacOS can successfully communicate with the server:

$ nscurl --verbose --ats-diagnostics https://cal.example.org
Starting ATS Diagnostics
Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://cal.example.org.
A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.
================================================================================
Default ATS Secure Connection
---
ATS Default Connection
ATS Dictionary:
{
}
Result : PASS
[...]

Postfix

As an easy example[6], let a smarthost handle all our mails:

$ postconf -e relayhost=mail.example.org smtp_use_tls=yes

$ grep ^relayhost /etc/postfix/main.cf
relayhost = mail.example.org

Make sure aliases are set up too:

$ grep ^root /etc/postfix/aliases
root:           root@box.example.org

Regenerate /etc/aliases.db:

$ newaliases

Now mailx(1) or any other MUA can be used and mail should be delivered to the smarthost.

rc.local

MacOS StartupItems have been deprecated for a long time[7] and MacOS 10.10 eventually removed[8] the com.apple.SystemStarter.plist[9] entry.

To still use StartupItems like rc.local, we'll create our own[10] LaunchDaemon:[11]

$ cat /Library/LaunchDaemons/local.localhost.startup.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>             <string>local.localhost.startup</string>
    <key>Disabled</key>          <false/>
    <key>RunAtLoad</key>         <true/>
    <key>KeepAlive</key>         <false/>
    <key>LaunchOnlyOnce</key>    <true/>
    <key>ProgramArguments</key>
        <array>
            <string>/etc/rc.local</string>
        </array>
</dict>
</plist>

Create our /etc/rc.local and make sure it's executable:

$ ls -l /etc/rc.local 
-rwxr-xr-x  1 root  wheel  42 Oct 16 16:43 /etc/rc.local

$ cat /etc/rc.local
#!/bin/sh
date >> /tmp/foo

Replace the command with something useful :-)

Enable the .plist with:

sudo launchctl load -w /Library/LaunchDaemons/local.localhost.startup.plist

Note: the dreaded "Could not find domain for" error[12] may appear if this is run in a headless session. Once the executing user logs in locally (or via screen sharing), the error should go away.

Rearrange Menu Bar Items

Hold down the COMMAND key and drag the icon around.

Sleep

Putting the computer to sleep with pmset:

pmset sleepnow

With osascript:

osascript -e 'tell application "System Events" to sleep'

With shutdown:

sudo shutdown -s now

WiFi

List wireless networks:

$ /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s
        SSID BSSID            RSSI CHANNEL HT CC SECURITY (auth/unicast/group)
      mywlan 1a:1b:1c:1d:1e:1f -91  3       Y  -- WPA2(PSK/AES/AES)
     wifi123 2a:2b:2c:2d:2e:2f -83  11      Y  TW NONE
       wrlss 3a:3b:3c:3d:3e:3f -81  2       Y  US WPA(PSK/AES,TKIP/TKIP) WPA2(PSK/AES,TKIP/TKIP)
 
 SSID  -- Service Set Identifier
 BSSID -- Basic Service Set Identifier
 RSSI  -- Received Signal Strength Indicator
 HT    -- Hight Throughput (aka Greenfield mode
 CC    -- Country Code

There's also /System/Library/CoreServices/Wi-Fi Diagnostics.app, a GUI to analyze WiFi networks.

References