Showing posts with label Syngress. Show all posts

A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers

TJ O’Connor


e-books shop
e-books shop
Purchase Now !
Just with Paypal



Book Details
 Price
 2.00
 Pages
 377 p
 File Size 
 1,529 KB
 File Type
 PDF format
 ISBN
 978-1-59749-957-6
 Copyright©   
 2013 Elsevier, Inc 

Lead Author – TJ O’Connor
TJ O’Connor is a Department of Defense expert on information security
and a US Army paratrooper. While assigned as an assistant professor at
the US Military Academy, TJ taught undergraduate courses on forensics,
exploitation and information assurance. He twice co-coached the
winning team at the National Security Agency’s annual Cyber Defense
Exercise and won the National Defense University’s first annual Cyber
Challenge. He has served on multiple red teams, including twice on the
Northeast Regional Team for the National Collegiate Cyber Defense Competition.

TJ holds a Master of Science degree in Computer Science from
North Carolina State, a Master of Science degree in Information Security
Engineering from the SANS Technical Institute, and a Bachelor of
Science degree in Computer Science from the US Military Academy. He
has published technical research at USENIX workshops, ACM
conferences, security conferences, the SANS Reading Room, the Internet
Storm Center, the Army Magazine, and the Armed Forces Journal. He
holds expert cyber security credentials, including the prestigious GIAC
Security Expert (GSE) and Offensive Security Certified Expert (OSCE). TJ
is a member of the elite SANS Red and Blue Team Cyber Guardians.

Contributing Author Bio – Rob Frost
Robert Frost graduated from the United States Military Academy in
2011, commissioning into the Army Signal Corps. He holds a Bachelor of
Science degree in Computer Science with honors, with his thesis work
focusing on open-source information-gathering. Rob was individually
recognized as one of the top two members of the national championship
team for the 2011 Cyber Defense Exercise due to his ability to circumvent rules. 
Rob has participated in and won several cyber security competitions.

Technical Editor Bio – Mark Baggett
Mark Baggett is a Certified SANS Instructor, where he teaches several
courses in SANS penetration-testing curriculum. Mark is the primary
consultant and founder of In Depth Defense, Inc., which provides
incident-response and penetration-testing services. Today, in his role as
the technical advisor to the Department of Defense for SANS, Mark is
focused on the practical application of SANS resources in the
development of military capabilities.

Mark has held a variety of positions in information security for large
international and Fortune 1000 companies. He has been a software
developer, a network and systems engineer, a security manager, and a
CISO. As a CISO, Mark was responsible for policy, compliance, incident
response, and all other aspects of information security operations. Mark
knows firsthand the challenges that information security professionals
face today in selling, implementing, and supporting information security.
Mark is an active member of the information security community and
the founding president of the Greater Augusta ISSA. He holds several
certifications, including SANS’ prestigious GSE. Mark blogs about various
security topics at http://www.pauldotcom.com.

Introduction
Python is a hacker’s language. With its decreased complexity, increased
efficiency, limitless third-party libraries, and low bar to entry, Python
provides an excellent development platform to build your own offensive
tools. If you are running Mac OS X or Linux, odds are it is already
installed on your system. While a wealth of offensive tools already exist,
learning Python can help you with the difficult cases where those tools fail.

Table of Contents
Cover image
Title page
Copyright
Trade marks
Acknowledgements
Dedication
Lead Author – TJ O’Connor
Contributing Author Bio – Rob Frost
Technical Editor Bio – Mark Baggett
Introduction
TARGET AUDIENCE
ORGANIZATION OF THE BOOK
COMPANION WEB SITE
Chapter 1. Introduction
Introduction: A Penetration Test with Python
Setting Up Your Development Environment
The Python Language
Your First Python Programs
Chapter Wrap-Up
References
Chapter 2. Penetration Testing with Python
Introduction: The Morris Worm—Would it Work Today?
Building a Port Scanner
Building an SSH BotNet with Python
Mass Compromise by Bridging FTP and Web
Conficker, Why Trying Hard is Always Good Enough
Writing Your Own Zero-Day Proof of Concept Code
Chapter Wrap Up
References
Chapter 3. Forensic Investigations with Python
Introduction: How Forensics Solved the BTK Murders
Where Have You Been?—Analysis of Wireless Access Points in
the Registry
Using Python to Recover Deleted Items in the Recycle Bin
Metadata
Investigating Application Artifacts with Python
Investigating iTunes Mobile Backups with Python
Chapter Wrap-Up
References
Chapter 4. Network Traffic Analysis with Python
Introduction: Operation Aurora and How the Obvious was
Missed
Where is that IP Traffic Headed?—A Python Answer
Is Anonymous Really Anonymous? Analyzing LOIC Traffic
How H D Moore Solved the Pentagon’s Dilemma
Storm’s Fast-Flux and Conficker’s Domain-Flux
Kevin Mitnick and TCP Sequence Prediction
Foiling Intrusion Detection Systems with Scapy
Chapter Wrap Up
References
Chapter 5. Wireless Mayhem with Python
Introduction: Wireless (IN)Security and the Iceman
Setting up Your Wireless Attack Environment
The Wall of Sheep—Passively Listening to Wireless Secrets
Where Has Your Laptop Been? Python Answers
Intercepting and Spying on UAVs with Python
Detecting FireSheep
Stalking with Bluetooth and Python
Chapter Wrap Up
References
Chapter 6. Web Recon with Python
Introduction: Social Engineering Today
Using the Mechanize Library to Browse the Internet
Scraping Web Pages with AnonBrowser
Research, Investigate, Discovery
Anonymous Email
Mass Social Engineering
Chapter Wrap-Up
References
Chapter 7. Antivirus Evasion with Python
Introduction: Flame On!
Evading Antivirus Programs
Verifying Evasion
Wrap Up
References
Index


Bookscreen
e-books shop

TARGET AUDIENCE
Everyone learns differently. However, whether you are a beginner who
wants to learn how to write Python, or an advanced programmer who
wants to learn how to apply your skills in penetration testing, this book is for you.

Have Fun While Voiding Your Warranty

Joe Grand Author of Stealing the Network

Ryan Russell Author of Stealing the Network and Hack Proofing Your Network, Second Edition

And featuring Kevin D. Mitnick Technical Reviewer
Foreword by Andrew “bunnie” Huang
Lee Barken  Marcus  R. Brown  Job de Haas  Deborah  Kaplan
Bobby  Kinstle  Tom  Owad  Albert  Yarusso

e-books shop
e-books shop
Purchase Now !
Just with Paypal



Book Details
 Price
 4.00 USD
 Pages
 577 p
 File Size
 15,316 KB
 File Type
 PDF format
 ISBN
 1-932266-83-6
 Copyright   
 2004 by Syngress Publishing, Inc   

Technical Editor & Contributor
Joe Grand; Grand Idea Studio, Inc. Joe Grand is the President and CEO of Grand Idea
Studio, a product design and development firm that brings unique inventions to market
through intellectual property licensing. Many of his creations, including consumer electronics,
medical products, video games and toys, are sold worldwide.

A recognized name in computer security and electrical engineering, Joe’s pioneering
research on product design and analysis, mobile devices, and digital forensics is published in
various industry journals. He is a co-author of Hack Proofing Your Network, Second Edition
(Syngress Publishing, ISBN 1-928994-70-9) and Stealing The Network: How to Own the Box
(Syngress, ISBN 1-931836-87-6).

Joe has testified before the United States Senate Governmental Affairs Committee on the
state of government and homeland computer security, and is a former member of the legendary
hacker think-tank, L0pht Heavy Industries. He has presented his work at numerous
academic, industry, and private forums, including the United States Naval Post Graduate
School Center for INFOSEC Studies and Research, the United States Air Force Office of
Special Investigations, the USENIX Security Symposium, and the IBM Thomas J.Watson
Research Center. Joe holds a BSCE from Boston University.

Joe is the author of Chapter 1 “Tools of the Warranty Voiding Trade,” Chapter 2 “Electric
Engineering Basics,” Chapter 3 “Declawing Your CueCat,” and Chapter 13 “Upgrading Memory on
Palm Devices.”

Acknowledgments
We would like to acknowledge the following people for their kindness and support in making this book possible. To Jeff Moss and Ping Look of Black Hat for being great friends and supporters of Syngress.
A special thanks to Kevin Mitnick for sharing his invaluable expertise and knowledge, and to Darci Wood for her support of this book and the Syngress publishing program.
Syngress books are now distributed in the United States by O’Reilly & Associates, Inc.The enthusiasm and work ethic at ORA is incredible and we would like to thank everyone there for their time and effort in bringing Syngress books to market:Tim O’Reilly, Laura Baldwin, Mark Brokering, Mike Leonard, Donna Selenko, Bonnie Sheehan, Cindy Davis, Grant Kikkert, Opol Matsutaro, Lynn Schwartz, Steve Hazelwood, Mark Wilson, Rick Brown, Leslie Becker, Jill Lothrop,Tim Hinton, Kyle Hart, Sara Winge, C. J. Rayhill, Peter Pardo, Leslie Crandell, Valerie Dow, Regina Aggio, Pascal Honscher, Preston Paull, Susan Thompson, Bruce Stewart, Laura Schmier, Sue
Willing, and Mark Jacobsen. The incredibly hard working team at Elsevier Science, including Jonathan Bunkell, Duncan Enright, David Burton, Rosanna Ramacciotti, Robert Fairbrother, Miguel Sanchez, Klaus Beran, and Rosie Moss for making certain that our vision remains worldwide in scope.
David Buckland,Wendi Wong, Daniel Loh, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, and Joseph Chan of STP Distributors for the enthusiasm with which they receive our books. Kwon Sung June at Acorn Publishing for his support. Jackie Gross, Gayle Voycey, Alexia Penny, Anik Robitaille, Craig Siddall, Darlene Morrow, Iolanda Miller, Jane Mackay, and Marie Skelly at Jackie Gross & Associates for all their help and enthusiasm representing our product
in Canada. Lois Fraser, Connie McMenemy, Shannon Russell, and the rest of the great folks at Jaguar Book Group for their help with distribution of Syngress books in Canada.
David Scott,Tricia Wilden, Marilla Burgess,Annette Scott, Geoff Ebbs, Hedley Partis, Bec Lowe, and Mark Langley of Woodslane for distributing our books throughout Australia, New Zealand, Papua New Guinea, Fiji Tonga, Solomon Islands, and the Cook Islands.
Winston Lim of Global Publishing for his help and support with distribution of Syngress books in the Philippines. To all the folks at Malloy who have made things easy for us and especially to Beth Drake and Joe Upton.

Technical Reviewer
Kevin D. Mitnick is a security consultant to corporations worldwide and a
cofounder of Defensive Thinking, a Las Vegas-based consulting firm (www.defensivethinking.com). He has testified before the Senate Committee on Governmental
Affairs on the need for legislation to ensure the security of the government’s information
systems. His articles have appeared in major new magazines and trade journals,
and he has appeared on Court TV, Good Morning America, 60 Minutes, CNN’s
Burden of Proof and Headline News, and has been a keynote speaker at numerous
industry events. He has also hosted a weekly radio show on KFI AM 640, Los
Angeles. Kevin is also author of the best-selling book, The Art of Deception:
Controlling the Human Element of Security.

Table of Contents
Foreword xxvii
Introduction xxxv
Part I Introduction to Hardware Hacking 1
Chapter 1 Tools of the Warranty Voiding Trade 3
Introduction 4
The Essential Tools 4
Taking it to the Next Level 6
Hardcore Hardware Hackers Only 8
Where to Obtain the Tools 10
Chapter 2 Electrical Engineering Basics 13
Introduction 14
Fundamentals 14
Bits, Bytes, and Nibbles 14
Reading Schematics 18
Voltage, Current, and Resistance 20
Direct Current and Alternating Current 21
Resistance 22
Ohm’s Law 22
Basic Device Theory 23
Resistors 23
Capacitors 25
Diodes 28
Transistors 30
Integrated Circuits 32
Soldering Techniques 34
Hands-On Example: Soldering a Resistor to a Circuit
Board 34
Desoldering Tips 36
Hands-On Example: SMD Removal Using ChipQuik 37
Common Engineering Mistakes 40
Web Links and Other Resources 41
General Electrical Engineering Books 41
Electrical Engineering Web Sites 42
Data Sheets and Component Information 43
Major Electronic Component and Parts Distributors 43
Obsolete and Hard-to-Find Component Distributors 43
Part II Hardware Hacks 45
Chapter 3 Declawing Your CueCat 47
Introduction 48
Model Variations 49
Opening the CueCat 51
Preparing for the Hack 51
Opening the Four-Screw PS/2 CueCat 51
Opening the Two-Screw PS/2 CueCat 54
Opening the USB CueCat 55
Removing the Unique Identifier 56
Preparing for the Hack 57
Removing the UID: Four-Screw PS/2CueCat 57
Removing the UID:Two-Screw PS/2CueCat 60
Removing the UID: USB CueCat 62
Under the Hood: How the Hack Works 64
Removing the Proprietary Barcode Encoding 68
Preparing for the Hack 68
Removing the Encoding from the Four-Screw PS/2
CueCat 69
Removing the Encoding from the Two-Screw PS/2
CueCat 71
Removing the Encoding from the USB CueCat 73
Under the Hood: How the Hack Works 74
Technical Information 76
The CueCat Encoding Scheme 76
More Physical Model Variations 78
More History of Political and Legal Issues 80
CueCat Litter Box:Web Links and Other Resources 82
Open-Source CueCat Software and Drivers 83
DigitalConvergence Patents for CueCat Technologies 83
Chapter 4 Case Modification: Building a Custom
Terabyte FireWire Hard Drive 83
Introduction 84
Case Mod Primer 84
Creating a 1.2TB FireWire RAID 85
Preparing for the Hack 85
Performing the Hack 86
Under the Hood: How the Hack Works 92
Custom Case Modification for the FireWire RAID 94
Preparing for the Hack 94
Performing the Hack 95
Under the Hood: How the Hack Works 105
Additional Resources 108
Case Modifications 109
Chapter 5 Macintosh 111
Compubrick SE 112
Preparing for the Hack 113
Performing the Hack 114
Taking Apart the Mac 114
Encasing the Speaker 120
Covering the Mouse and the Keyboard 121
Encasing the Disk Drive 123
Encasing the Hard Drive 125
Encasing the Motherboard 127
Encasing the CRT 129
How the Hack Works 131
Building a UFO Mouse 132
Preparing for the Hack 133
Performing the Hack 134
Opening the Mouse 134
Drilling the Hole 136
Soldering the LED 137
Reassembling the Mouse 138
How the Hack Works 140
Adding Colored Skins to the Power Macintosh G4 Cube 140
Preparing for the Hack 141
Performing the Hack 142
Under the Hood: How the Hack Works 145
Other Hacks and Resources 145
Desktop Hacks 145
Laptop Hacks 146
Electrical and Optical Hacks 146
Case Mods 146
Software 147
Discussion 147
Chapter 6 Home Theater PCs 149
Introduction 150
Before You Begin: Research and Plan 151
How Much Could It Cost? 152
Did Someone Already Build It? 153
The Components of an HTPC Project 154
The Display 155
What Are Your Options for Higher-Quality
Video Display? 157
The Video Card 160
The Case 160
The Hard Drives 161
Speed Considerations 163
Sshhhh... Quiet Operations 164
Optical Drives 164
The CPU 165
The Sound Card 166
The Controller 167
The Software 167
Building a Windows HTPC 171
Preparing for the Hack 171
Performing the Hack: Software 175
Eazylook 177
Using the Launcher 178
Using Guide Plus+ 178
CDex 180
FairUse 180
Windows Summary 185
Building a Linux HTPC 185
Preparing for the Hack 185
Performing the Hack: Hardware 185
Performing the Hack: Software 192
Installing the Video Capture Drivers 192
Install MPlayer and CODECs 194
Installing MythTV 194
Linux Summary 197
Further Hacking and Advanced Topics 198
Chapter 7 Hack Your Atari 2600 and 7800 199
Introduction 200
The Atari 7800 ProSystem 201
Hacks in This Chapter 202
Atari 2600 Left-Handed Joystick Modification 202
Preparing for the Hack 203
Performing the Hack 204
Use an NES Control Pad with Your 2600 207
Preparing for the Hack 207
Performing the Hack 209
Atari 2600 Stereo Audio Output 214
Preparing for the Hack 216
Performing the Hack 216
Under the Hood: How the Hack Works 223
Atari 7800 Blue LED Modification 223
Preparing for the Hack 223
Performing the Hack 224
Under the Hood: How the Hack Works 227
Atari 7800 Game Compatibility Hack to Play Certain
2600 Games 228
Preparing for the Hack 229
Performing the Hack 230
Under the Hood: How the Hack Works 232
Atari 7800 Voltage Regulator Replacement 232
Preparing for the Hack 233
Performing the Hack 233
Under the Hood: How the Hack Works 236
Atari 7800 Power Supply Plug Retrofit 237
Preparing for the Hack 238
Performing the Hack 239
Other Hacks 242
2600 Composite/S-Video Modifications 242
Atari 7800 Composite and S-Video Output 243
Sega Genesis to Atari 7800 Controller Modification 243
NES Control Pad to Atari 7800 Controller Modification 243
Atari 7800 DevOS Modification and Cable Creation 243
Atari Resources on the Web 244
Chapter 8 Hack Your Atari 5200 and 8-Bit Computer 247
Introduction 248
The Atari 5200 SuperSystem 249
Hacks in This Chapter 250
Atari 5200 Blue LED Modification 250
Preparing for the Hack 251
Performing the Hack 251
Under the Hood: How the Hack Works 256
Creating an Atari 5200 Paddle 256
Preparing for the Hack 257
Performing the Hack: Disassembling the Paddle
Controller 258
Performing the Hack: Building the 5200 Paddle
Controller 260
Performing the (Optional) Hack:Weighted Dial 266
Under the Hood: How the Hack Works 267
Free Yourself from the 5200 Four-Port Switchbox 268
Preparing for the Hack 269
Performing the Hack 271
Under the Hood: How the Hack Works 279
Build Atari 8-Bit S-Video and Composite Cables 280
Preparing for the Hack 281
Performing the Hack 282
Cable Hack Alternatives 288
Under the Hood: How the Hack Works 289
Technical Information 289
Other Hacks 290
Atari 5200 Four-Port VCS Cartridge Adapter Fix 290
Atari 5200 Composite/S-Video Modification 290
Atari 8-Bit SIO2PC Cable 291
Atari Resources on the Web 291
Chapter 9 Hacking the PlayStation 2 293
Introduction 294
Commercial Hardware Hacking: Modchips 294
Getting Inside the PS2 296
Mainboard Revisions 296
Identifying Your Mainboard 297
Opening the PS2 298
Installing a Serial Port 302
Preparing for the Hack 303
Performing the Hack 304
Testing 309
Under the Hood: How the Hack Works 310
Booting Code from the Memory Card 310
Preparing for the Hack 310
Performing the Hack: Preparing Title.DB 311
Choosing BOOT.ELF 313
Saving TITLE.DB to the Memory Card 314
Independence! 314
Under the Hood: How the Hack Works 314
Other Hacks: Independent Hard Drives 316
PS2 System Overview 316
Understanding the Emotion Engine 317
The Serial I/O Port 318
The I/O Processor 321
The Sub-CPU Interface 321
Additional Web Resources 321
Chapter 10 Wireless 802.11 Hacks 323
Introduction 324
Wireless NIC/PCMCIA Card Modifications:
Adding an External Antenna Connector 325
Preparing for the Hack 326
Performing the Hack 327
Removing the Cover 327
Moving the Capacitor 329
Attaching the New Connector 331
Under the Hood: How the Hack Works 332
OpenAP (Instant802): Reprogramming Your Access Point
with Linux 332
Preparing for the Hack 333
Performing the Hack 334
Installing the SRAM Card 335
Power Me Up, Scotty! 338
Under the Hood: How the Hack Works 338
Having Fun with the Dell 1184 Access Point 338
Preparing for the Hack 339
Performing the Hack 340
Under the Hood: How the Hack Works 345
Summary 345
Additional Resources and Other Hacks 345
User Groups 345
Research and Articles 346
Products and Tools 346
Chapter 11 Hacking the iPod 349
Introduction 350
Opening Your iPod 353
Preparing for the Hack 354
First Generation iPods 355
Second and Third-Generation iPods 356
Replacing the iPod Battery 359
Preparing for the Hack 360
Battery Replacement: First- and Second-Generation iPods 361
Battery Replacement:Third-Generation iPods 365
Upgrading a 5GB iPod’s Hard Drive 371
Preparing for the Hack 372
Performing the Hack 372
From Mac to Windows and Back Again 381
Preparing for the Hack 381
Going from Windows to Macintosh 381
Going from Macintosh to Windows 383
iPod Diagnostic Mode 384
The Diagnostic Menu 384
Disk Check 387
Additional iPod Hacks 388
Installing Linux on an iPod 388
Repairing the FireWire Port 388
Scroll Wheel Fix 389
iPod Resources on the Web 390
Chapter 12 Can You Hear Me Now? Nokia 6210
Mobile Phone Modifications 391
Introduction 392
Nokia 6210 LED Modification 393
Preparing for the Hack 393
Performing the Hack 395
Opening the Nokia 6210 395
Removing the Old LEDs 400
Inserting the New LEDs 401
Increasing the LED Power 402
Putting the Phone Back Together 403
Under the Hood: How the Hack Works 404
Data Cabling Hacks 406
Data Cables 407
Flashing Cables 410
Net Monitor 411
Other Hacks and Resources 415
Chapter 13 Upgrading Memory on Palm Devices 417
Introduction 418
Model Variations 419
Hacking the Pilot 1000 and Pilot 5000 420
Preparing for the Hack 420
Removing the Memory Card 422
Adding New Memory 423
Under the Hood: How the Hack Works 427
Hacking the PalmPilot Professional and PalmPilot Personal 429
Preparing for the Hack 429
Removing the Memory Card 429
Adding New Memory 430
Under the Hood: How the Hack Works 433
Hacking the Palm m505 436
Preparing for the Hack 436
Opening the Palm 437
Removing the Main Circuit Board 439
Removing the Memory 441
Adding New Memory 442
Under the Hood: How the Hack Works 445
Technical Information 447
Hardware 447
File System 448
Memory Map 448
Database Structure 449
Palm Links on the Web 450
Technical Information 450
Palm Hacks 450
More Memory Upgrades 450
Part III Hardware Hacking Technical Reference 451
Chapter 14 Operating Systems Overview 453
Introduction 454
OS Basics 454
Memory 455
Physical Memory 455
Virtual Memory 457
File Systems 458
Cache 459
Input/Output 460
Processes 460
System Calls 461
Shells, User Interfaces, and GUIs 461
Device Drivers 462
Block and Character Devices 464
Properties of Embedded Operating Systems 466
Linux 467
Open Source 467
History 468
Embedded Linux (uCLinux) 469
Product Examples: Linux on Embedded Systems 470
VxWorks 470
Product Examples:VxWorks on Embedded Systems 470
Windows CE 471
Concepts 471
Product Examples:Windows CE on Embedded
Systems 472
Summary 473
Additional References and Further Reading 473
Chapter 15 Coding 101 475
Introduction 476
Programming Concepts 476
Assignment 477
Control Structures 478
Looping 479
Conditional Branching 480
Unconditional Branching 481
Storage Structures 482
Structures 483
Arrays 484
Hash Tables 485
Linked Lists 486
Readability 488
Comments 488
Function and Variable Names 488
Code Readability: Pretty Printing 489
Introduction to C 490
History and Basics of C 490
Printing to the Screen 490
Data Types in C 493
Mathematical Functions 493
Control Structures 496
ForLoops 496
WhileLoops 496
If/Else 498
Switch 500
Storage Structures 501
Arrays, Pointers, and Character Strings 501
Structures 506
Function Calls and Variable Passing 507
System Calls and Hardware Access 508
Summary 509
Debugging 509
Debugging Tools 509
The printfMethod 510
Introduction to Assembly Language 512
Components of an Assembly Language Statement 513
Labels 513
Operations 515
Operands 515
Sample Program 516
Summary 518
Additional Reading 518
Index 519


Bookscreen
e-books shop

Introduction
.Hardware hacking. Mods.Tweaks.Though the terminology is new, the
concepts are not: A gearhead in the 1950s adding a custom paint job
and turbo-charged engine to his Chevy Fleetline, a ’70s teen converting
his ordinary bedroom into a “disco palace of love,” complete
with strobe lights and a high-fidelity eight-track system, or a technogeek
today customizing his computer case to add fluorescent lighting
and slick artwork.Taking an ordinary piece of equipment and turning
it into a personal work of art. Building on an existing idea to create
something better.These types of self-expression can be found
throughout recorded history.

When Syngress approached me to write this book, I knew they
had hit the nail on the head.Where else could a geek like me become
an artistic genius? Combining technology with creativity and a little
bit of skill opened up the doors to a whole new world: hardware hacking.

But why do we do it? The reasons might be different for all of us,
but the end result is usually the same.We end up with a unique thing
that we can call our own—imagined in our minds and crafted through
hours, days, or years of effort. And doing it on our own terms.
Hardware hacking today has hit the mainstream market like never
before. Computer stores sell accessories to customize your desktop PC.
Web sites are popping up like unemployed stock brokers to show off
the latest hacks. Just about any piece of hardware can serve as a candidate
to be hacked. Creativity and determination can get you much farther
than most product developers could ever imagine. Hardware
hacking is usually an individual effort, like creating a piece of art.

However, just like artists, hackers sometimes collaborate and form communities
of folks working toward a similar goal.
The use of the term hacker is a double-edged sword and often carries a
mythical feel. Contrary to the way major media outlets enjoy using the word
to describe criminals breaking into computer systems, a hacker can simply be
defined as somebody involved in the exploration of technology. And a hack in
the technology world usually defines a new and novel creation or method of
solving a problem, typically in an unorthodox fashion.
The philosophy of most hardware hackers is straightforward:
 Do something with a piece of hardware that has never been done before.
 Create something extraordinary.
 Harm nobody in the process.
Hardware hacking arguably dates back almost 200 years. Charles Babbage
created his difference engine in the early 1800s—a mechanical form of hardware
hacking.William Crookes discovered the electron in the mid-1800s—
possibly the first form of electronics-related hardware hacking.Throughout the
development of wireless telegraphy, vacuum tubes, radio, television, and transistors,
there have been hardware hackers—Benjamin Franklin,Thomas Edison,
and Alexander Graham Bell, to name a few. As the newest computers of the
mid-20th century were developed, the ENIAC, UNIVAC, and IBM mainframes,
people from those academic institutions fortunate enough to have the
hardware came out in droves to experiment.With the development and
release of the first microprocessor (Intel 4004) in November 1971, the general
public finally got a taste of computing.The potential for hardware hacking has
grown tremendously in the past decade as computers and technology have
become more intertwined with the mainstream and everyday living.
Hardware hacks can be classified into four different categories, though
sometimes a hack falls into more than one:
1. Personalization and customization Think “hot rodding for
geeks,” the most prevalent of hardware hacking.This includes things
such as case modifications, custom skins and ring tones, and art projects
like creating an aquarium out of a vintage computer.
2. Adding functionality Making the system or product do something
it wasn’t intended to do.This includes things such as converting the
iPod to run Linux, turning a stock iOpener into a full-fledged PC, or
modifying the Atari 2600 to support stereo sound and composite video output.
3. Capacity or performance increase Enhancing or otherwise
upgrading a product.This includes things such as adding memory to
your favorite personal digital assistant (PDA), modifying your wireless
network card to support an external antenna, or overclocking your PC’s motherboard.
4. Defeating protection and security mechanisms This includes
things such as removing the unique identifier from CueCat barcode
scanners, finding Easter eggs and hidden menus in a TiVo or DVD
player, or creating a custom cable to unlock the secrets of your cell
phone.Theft-of-service hacks fall into this category, but this book
doesn’t cover them.
Creating your own hardware hacks and product modifications requires at
least a basic knowledge of hacking techniques, reverse-engineering skills, and a
background in electronics and coding. All the information you’ll need is in the
pages of this book. And if a topic isn’t covered in intimate detail, we include
references to materials that do. If you just want to do the hack without worrying
about the underlying theory behind it, you can do that, too.The stepby-
step sections throughout each chapter include pictures and “how to”
instructions.The details are in separate sections that you can skip right over
and get to the fun part—voiding your warranty!
This book has something for everyone from the beginner hobbyist with
little to no electronics or coding experience to the self-proclaimed “gadget
geek” and advanced technologist. It is one of the first books to bring hardware
hacking to the mainstream. It is meant to be fun and will demystify many of
the hacks you have seen and heard about.We, all the contributors to this project,
hope you enjoy reading this book and that you find the hacks as exciting
and satisfying as we have.
If your friends say “Damn, now that’s cool,” then you know you’ve done it right.
—Joe Grand, the hardware hacker formerly known as Kingpin
January 2004

THE APPLE OF EVERY HACKER'S EYE

Bruce Potter Technical Editor 

FOREWORD BY TOM OWAD

Ken Caruso
Chris Hurley
Johnny Long
Preston Norvell
Tom Owad

e-books shop
e-books shop
Purchase Now !
Just with Paypal


Book Details
 Price
 3.00 USD
 Pages
 464 p
 File Size
 15,642 KB
 File Type
 PDF format
 ISBN
 1-59749-040-7
 Copyright   
 2005 by Syngress Publishing, Inc  

Technical Editor and Contributing Author
Bruce Potter is a Senior Associate at Booz Allen
Hamilton. Prior to working at Booz Allen Hamilton,
Bruce served as a software security consultant for Cigital
in Dulles,VA. Bruce is the founder of the Shmoo Group
of security professionals. His areas of expertise include
wireless security, large-scale network architectures, smartcards,
and promotion of secure software engineering practices.
Bruce coauthored the books 802.11 Security and Mac OS X
Security. He was trained in computer science at the University of Alaska, Fairbanks.
First and foremost I would like to thank my family for putting up with
me and my time constraints due to the many projects I am dealing with. I’d
also like to thank The Shmoo Group for all the guidance and wisdom they
have imparted on me over the years. Finally, a big thank-you goes to
Syngress, for giving me the opportunity to work on an interesting enjoyable project.
Bruce wrote Chapter 7.

Contributing Authors
Johnny Long is a “clean-living” family guy who just so
happens to like hacking stuff. Recently, Johnny has enjoyed
writing stuff and presenting stuff at conferences, which has
served as yet another diversion to a serious (and billpaying)
job as a professional hacker and security researcher
for Computer Sciences Corporation. Johnny enjoys
spending time with his family, pushing all the shiny buttons
on them thar new-fangled Mac computers, and making much-
too-serious security types either look at him funny or start laughing
uncontrollably. Johnny has written or contributed to several books,
including Google Hacking for Penetration Tester” from Syngress
Publishing, which has secured rave reviews and has lots of pictures.
Johnny can be reached through his website,
Thanks first to Christ without whom I am nothing.To Jen, Makenna,
Trevor and Declan, my love always.Thanks to Bruce Potter for the opportunity
to chime in on this one, and to my fellow co-authors. I hold you all in
the highest regard.Thanks to Anthony K, Al E, Ryan C,Thane E, and
Gilbert V for introducing me to the Mac.Thanks to Jaime Quigley,Andrew
Williams and all of Syngress. I can’t thank you enough.Thanks to Jason
Arnold (Nexus!) for hosting me, and all the mods on JIHS for your help
and support. Shouts to Nathan B, Sujay S, Stephen S, James Foster, Jenny
Yang, SecurityTribe, the Shmoo Group, Sensepost, Blackhat, Defcon, Neal
Stephenson (Baroque), Stephen King (On Writing),Ted Dekker (Thr3e),
P.O.D., Pillar, Project86, Shadowvex,Yoshinori Sunahara. “I’m sealing the
fate of my selfish existence / Pushing on with life from death, no questions
left / I’m giving my life, no less” from A Toast To My former Self by Project86
Johnny wrote Chapter 2 and Chapter 5. He also contributed to the
technical editing of this book.

Ken Caruso is a Senior Systems Engineer for Serials Solutions
a Pro Quest company. Serials Solutions empowers librarians
and enables their patrons by helping them get the most value
out of their electronic serials. Ken plays a key role in the design
and engineering of mission critical customer facing systems
and networks. Previous to this Ken has worked at Alteon, a
Boeing Company, Elevenwireless, and Digital Equipment
Corporation. Ken’s expertises include wireless networking, digital
security, design and implementation of mission critical systems.
Outside of the corporate sector Ken is co-founder of
Seattlewireless.net one of the first community wireless networking projects in the U.S.
Ken studied Computer Science at Daniel Webster College and is
a member of The Shmoo Group of Security Professionals. Ken has
been invited to speak at many technology and security events
including but not limited to Defcon, San Diego Telecom Council,
Society of Broadcast Engineers, and CPSR: Shaping the Network Society.
Ken would like to acknowledge the great support he has always
received from friends and family as well the unflagging patience of
his editor at Syngress. Ken wrote Chapter 3.

Chris Hurley (Roamer) is a Senior Penetration Tester
working in the Washington, DC area. He is the founder of
the WorldWide WarDrive, a four-year effort by INFOSEC
professionals and hobbyists to generate awareness of the
insecurities associated with wireless networks and is the
lead organizer of the DEF CON WarDriving Contest.
Although he primarily focuses on penetration testing
these days, Chris also has extensive experience performing vulnerability
assessments, forensics, and incident response. Chris has spoken
at several security conferences and published numerous whitepapers
on a wide range of INFOSEC topics. Chris is the lead author of
WarDriving: Drive, Detect, Defend (Syngress, ISBN: 1-931836-03-5),
and a contributor to Aggressive Network Self-Defense (Syngress, ISBN:
1-931836-20-5) and InfoSec Career Hacking (Syngress, ISBN: 1-
59749-011-3). Chris holds a bachelor’s degree in computer science.
He lives in Maryland with his wife Jennifer and their daughter
Ashley. Chris wrote Chapter 4.

Tom Owad is a Macintosh consultant in south-central PA
and the D.C. area and vice president of Keystone
MacCentral. He serves on the board of directors of the
Apple I Owners Club, where he is also webmaster and archivist.
Tom is owner and Webmaster of Applefritter, a Macintosh
community of artists and engineers. Applefritter provides its members
with discussion boards for the exchange of ideas and hosts
countless member-contributed hardware hacks and other projects.
Tom holds a BA in computer science and international affairs from
Lafayette College, PA.Tom is the author of the Syngress title, Apple I
Replica Creation: Back to the Garage (ISBN: 1-931836-40-X).
Tom wrote Chapter 7. He is also the foreword contributor.

Preston Norvell is a computer and networking geek. He
has been fortunate to work as an administrator, engineer
and consultant, and currently works as a network architect
for a satellite communications company in the small town
of Alaska, USA. He has pulled Ethernet cable through
sewage melted by body heat, written the bill software for a
utility, co-written a book on Mac OS X Security, designed
and deployed systems and networks in places small and large, ported
Open Source software to Mac OS X, and many other rather silly fun things.
In his off time he tinkers with computers and networks, thinks
about collections databases for museums, purchases entirely too
many DVD’s, wastes too much time, cooks for friends when he can,
enjoys a spot of tea now and again, and continues to add to the
lived-in look of his dwelling at a reasonable pace. He also plans to
take over the world with a vast army of mind-controlled, monkeypiloted robot minions.
I would like to thank Bruce and the folks at Syngress for the opportunity
to tag along on this project, as well as their patience and guidance.
Apologies to my friends and co-workers for my absences and the late mornings
with tired eyes and many thanks for their patience and support.
Thanks also to Hershey for Good & Plenty’s, Republic of Tea for Blackberry
Sage and a little place in Chinatown for their white tea and lapsang souchong.
And thanks much to the social insects all.
Preston wrote Chapter 1. He also contributed to the technical editing of this book.

Table of Contents
Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Chapter 1 A Network Admin’s Guide to Using Mac OS X
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Running a Headless Mac . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Apple Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . . .4
VNC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Serial Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Adding Serial Ports . . . . . . . . . . . . . . . . . . . . . . . . . .10
Booting to the Console Instead of the GUI . . . . . . . .10
Connecting to the Headless Mac . . . . . . . . . . . . . . . .12
Extra Credit: Serial over Bluetooth . . . . . . . . . . . . . .13
Extra Extra Credit: Logging to the Serial Port . . . . . .18
Adding Interfaces to the Mac . . . . . . . . . . . . . . . . . . . . . . .19
Physical Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Interface Aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
GUI Configuration . . . . . . . . . . . . . . . . . . . . . . . . . .21
Command Line Configuration . . . . . . . . . . . . . . . . .22
The Macintosh as a Router . . . . . . . . . . . . . . . . . . . . . . . . .25
Basic Host Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Basic Static Routing . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Basic Dynamic Network Routing . . . . . . . . . . . . . . . . .30
“Real” Routing with Zebra . . . . . . . . . . . . . . . . . . . . .32
Downloading and Installing Zebra . . . . . . . . . . . . . . .33
Configuring Zebra for Routing . . . . . . . . . . . . . . . .36
Mac OS X as a RADIUS server . . . . . . . . . . . . . . . . . . . . .42
FreeRADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Mac OS X Server Integration . . . . . . . . . . . . . . . . . .46
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . .51
Chapter 2 Automation
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Using Automator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Creating a One-shot Automation . . . . . . . . . . . . . . . . . .58
Creating a More Versatile Automation . . . . . . . . . . . . . .61
Saving Automations as Applications and Workflows . . . . .62
Saving Automations as Plug-ins . . . . . . . . . . . . . . . . . . .64
Finder Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64
iCal Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Image Capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Print Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Folder Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Script Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
Hacker-friendly Automator Actions . . . . . . . . . . . . . . . .69
Automator | Run AppleScript . . . . . . . . . . . . . . . .70
Automator | Run Shell Script . . . . . . . . . . . . . . . .70
Automator | Run Web Service . . . . . . . . . . . . . . .71
Automator | View Results . . . . . . . . . . . . . . . . . . .72
Finder | Set the Desktop Picture . . . . . . . . . . . . . .73
Image Capture | Take Picture . . . . . . . . . . . . . . . . .73
Mail | Add Attachments . . . . . . . . . . . . . . . . . . . . .75
PDF | Encrypt PDF Document . . . . . . . . . . . . . . .76
PDF | Watermark PDF . . . . . . . . . . . . . . . . . . . . .76
Safari | Download URLs . . . . . . . . . . . . . . . . . . . .77
Safari | Get Link URLs . . . . . . . . . . . . . . . . . . . . .77
Safari | Filter URLs . . . . . . . . . . . . . . . . . . . . . . . . .78
System | System Profile Action . . . . . . . . . . . . . . . . .80
XCode Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80
Understanding AppleScript . . . . . . . . . . . . . . . . . . . . . . . .81
Introducing the Script Editor . . . . . . . . . . . . . . . . . . . . .81
Hello,World! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Recording Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
AppleScript Save Options . . . . . . . . . . . . . . . . . . . . . . .86
Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86
Application (Applet) . . . . . . . . . . . . . . . . . . . . . . . . .86
Bundles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86
Script Assistant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87
AppleScript Dictionary . . . . . . . . . . . . . . . . . . . . . . . . .88
Not Quite An AppleScript Language Guide . . . . . . . . . .89
Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Line Breaks (The ¬ character) . . . . . . . . . . . . . . . . . .90
Capitalization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91
The “the” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91
Variables and Basic Mathematical Operations . . . . . . .91
Looping (Repeat) . . . . . . . . . . . . . . . . . . . . . . . . . . .93
Learning By Example: Interactive Dialogs . . . . . . . . . . . .95
A Simple Mac Help Script . . . . . . . . . . . . . . . . . . . .95
Interactive Dialog Boxes . . . . . . . . . . . . . . . . . . . . . . . .95
Bash Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
Foundations of Shell Scripting . . . . . . . . . . . . . . . . . . .101
Selecting a Shell . . . . . . . . . . . . . . . . . . . . . . . . . . .102
Permissions and Paths . . . . . . . . . . . . . . . . . . . . . . .102
Common Conventions . . . . . . . . . . . . . . . . . . . . . .103
Pipes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Job Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106
Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Tests and Return Codes . . . . . . . . . . . . . . . . . . . . .110
The All-Important If,Then, and Else . . . . . . . . . . . .113
Loops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114
Harnessing Mac’s UNIX Commands . . . . . . . . . . . . . .119
Cat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
Grep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120
Sed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
Awk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124
Pulling It Together: A bash Mini-project . . . . . . . . . . . .126
Curl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
Lynx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135
Bridging the Gap From bash to AppleScript . . . . . . . . .138
Using Bash, AppleScript, and Automator Together! . . . . . . .139
Overcoming Automator’s Lame Display Dialogs . . . . . .140
Exchanging Data With AppleScript . . . . . . . . . . . . . . .141
Exchanging Data With Bash . . . . . . . . . . . . . . . . . . . .143
Ethereal Auto-Launcher . . . . . . . . . . . . . . . . . . . . . . . .144
Password-protected Zip and Unzip . . . . . . . . . . . . . . . .146
Basic nmap Front-end . . . . . . . . . . . . . . . . . . . . . . . . .153
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156
Links to Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .158
Chapter 3 OS X in a Microsoft Environment
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Who Should Read this Chapter? . . . . . . . . . . . . . . . . .160
Windows Terms You Should Know . . . . . . . . . . . . . . .161
Accessing Network File Systems . . . . . . . . . . . . . . . . . . . .163
Mounting Network File Systems via AppleScript . . . . .166
Mounting Network File Systems via Terminal . . . . . . .168
Using a .nmbrc or nsmb.conf File to Store Login
Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169
Microsoft Distributed File System . . . . . . . . . . . . . . . .171
NTLM Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . .172
Accessing NTLM-Protected Web Servers
via the Command Line . . . . . . . . . . . . . . . . . . . . . . . .173
Using an NTLM-Protected Proxy from the
Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174
Using a Local Proxy to Handle NTLM Authentication .175
Connecting to a Windows PPTP Server . . . . . . . . . . . . . .180
Split Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182
Routing DNS Requests . . . . . . . . . . . . . . . . . . . . . . .184
Zen of Running Windows Boxes from a Mac . . . . . . . . . .185
MS Remote Desktop Client . . . . . . . . . . . . . . . . . . . .185
Opening Remote Desktop Connections from the
Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . .187
Opening Concurrent Remote Desktop Sessions . . .188
Making Local Resources Available on the Remote
Windows Computer . . . . . . . . . . . . . . . . . . . . . . . .189
Rdesktop—The Open Source Remote Desktop Client 191
Installing Rdesktop . . . . . . . . . . . . . . . . . . . . . . . . .192
Setting Up Terminal to Use Your X11 Server . . . . . .193
Using Rdesktop . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Using Shell Scripts to Speed up Rdesktop Logins . .196
Virtual Network Computing . . . . . . . . . . . . . . . . . . . .197
Installing VNC on Windows . . . . . . . . . . . . . . . . . .199
Connecting the VNC Server from OS X . . . . . . . . .201
Synergy—Using a Mac and PC from one
Keyboard/Mouse . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
Installing and Configuring Synergy . . . . . . . . . . . . . . .203
Talking to Windows From the Terminal . . . . . . . . . . . .207
SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207
Installing SSH on Windows . . . . . . . . . . . . . . . . . . .208
Starting and Stopping a Service . . . . . . . . . . . . . . . .211
Windows Command Line Tools . . . . . . . . . . . . . . .212
Samba Command Line Utilities . . . . . . . . . . . . . . . .214
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .221
Chapter 4 WarDriving and Wireless Penetration Testing with OS X
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224
WarDriving with KisMAC . . . . . . . . . . . . . . . . . . . . . . . .224
KisMAC Startup and Initial Configuration . . . . . . . . . .225
Configuring the KisMAC Preferences . . . . . . . . . . . . .226
Scanning Options . . . . . . . . . . . . . . . . . . . . . . . . . .226
Filter Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227
Sound Preferences . . . . . . . . . . . . . . . . . . . . . . . . .228
Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231
.kismac Preferences . . . . . . . . . . . . . . . . . . . . . . . . .231
Mapping WarDrives with KisMAC . . . . . . . . . . . . . . .233
Importing a Map . . . . . . . . . . . . . . . . . . . . . . . . . .233
Practicing WarDriving with KisMAC . . . . . . . . . . . . . .239
Using the KisMAC Interface . . . . . . . . . . . . . . . . . .239
Penetration Testing with OS X . . . . . . . . . . . . . . . . . . . . .244
Attacking WLAN Encryption with KisMAC . . . . . . . .244
Attacking WEP with KisMAC . . . . . . . . . . . . . . . .244
Re-injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246
Attacking WPA with KisMAC . . . . . . . . . . . . . . . . . . .248
Other Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249
Brute Force Attacks Against 40-Bit WEP . . . . . . . .249
Wordlist Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . .250
Other OS X Tools for WarDriving and WLAN Testing . . . .250
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .255
Chapter 5 Mac OS X for Pen Testers
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .258
The OS X Command Shell . . . . . . . . . . . . . . . . . . . . . . . .260
Compiling and Porting Open Source Software . . . . . . . . . .264
OS X Developer Tools . . . . . . . . . . . . . . . . . . . . . . . . .264
Perl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266
Configuring CPAN . . . . . . . . . . . . . . . . . . . . . . . .267
Using CPAN’s Interactive Mode . . . . . . . . . . . . . . .269
Using CPAN in Command-Line Mode . . . . . . . . . .273
Installing XWindows . . . . . . . . . . . . . . . . . . . . . . . . . .273
Compiling Programs on Mac OS X . . . . . . . . . . . . . . .275
Compiling Versus Porting . . . . . . . . . . . . . . . . . . . . . .276
Installing Ported Software on Mac OS X . . . . . . . . . . .277
Why Port: A Source Install Gone Bad! . . . . . . . . . . .277
DarwinPorts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279
Fink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .283
Installing Binary Packages Using apt-get . . . . . . . . .284
Using The “Top 75 Security Tools” List . . . . . . . . . . . . . . .288
Category: Attack (Network) . . . . . . . . . . . . . . . . . . . . .289
Category: Attack (Scanner) . . . . . . . . . . . . . . . . . . . . . .290
Category: Attack (Web) . . . . . . . . . . . . . . . . . . . . . . . .290
Category: Crypto . . . . . . . . . . . . . . . . . . . . . . . . . . . .291
Category: Defense . . . . . . . . . . . . . . . . . . . . . . . . . . . .292
Category: Defense / Forensics . . . . . . . . . . . . . . . . . . .294
Category: Evasion . . . . . . . . . . . . . . . . . . . . . . . . . . . .294
Category: Footprinting . . . . . . . . . . . . . . . . . . . . . . . .294
Category: Monitor (Sniffing) . . . . . . . . . . . . . . . . . . . .295
Category: Multipurpose . . . . . . . . . . . . . . . . . . . . . . . .298
Category: Password Cracking . . . . . . . . . . . . . . . . . . . .298
Category: Password Cracking (Remote) . . . . . . . . . . . .299
Category: Programming . . . . . . . . . . . . . . . . . . . . . . . .300
Category: Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . .300
Installing and Using The “Big”Tools . . . . . . . . . . . . . . . . .301
Ethereal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .301
Nessus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .303
Other OS X “Must Haves” . . . . . . . . . . . . . . . . . . . . . . . .306
Running CD-based Linux Distributions . . . . . . . . . . . .308
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .312
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .312
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .315
Chapter 6 Mac Tricks (Stupid Powerbook Stunts That Make You Look Like a God)
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .318
Desktop Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .318
Screen Savers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .320
Widgets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322
System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322
Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .323
Calculators and Converters . . . . . . . . . . . . . . . . . . . . .326
Fun . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .327
Apple Motion Sensor . . . . . . . . . . . . . . . . . . . . . . . . . . . .328
VNC with Apple Remote Desktop . . . . . . . . . . . . . . . . . .331
Gestures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .334
Sogudi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337
GUI Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .339
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .345
Chapter 7 OS X For the Road Warrior
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .348
Safe and Secure E-mail . . . . . . . . . . . . . . . . . . . . . . . . . . .348
IMAP SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350
STARTTLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .352
GnuPG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .353
Connecting From Anywhere (Almost) . . . . . . . . . . . . .354
GPRS Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .355
Firewalling Your Mac . . . . . . . . . . . . . . . . . . . . . . . . . .359
Battery Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . .361
Conservation Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . .361
Calibration and Total Discharge . . . . . . . . . . . . . . . . . .363
Resetting the Power Manager . . . . . . . . . . . . . . . . . . .364
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .366
Appendix A Hacking the iPod . . . . . . . . . . . . . . . . . . . 369
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370
Opening Your iPod . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .374
Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . .375
First Generation iPods . . . . . . . . . . . . . . . . . . . . . . . . .376
Second and Third-Generation iPods . . . . . . . . . . . . . . .379
Replacing the iPod Battery . . . . . . . . . . . . . . . . . . . . . . . .382
Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . .383
Battery Replacement: First and Second-Generation iPods . .385
Battery Replacement:Third-Generation iPods . . . . . . .390
Upgrading a 5GB iPod’s Hard Drive . . . . . . . . . . . . . . . . .397
Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . .398
Performing the Hack . . . . . . . . . . . . . . . . . . . . . . . . . .399
From Mac to Windows and Back Again . . . . . . . . . . . . . . .409
Preparing for the Hack . . . . . . . . . . . . . . . . . . . . . . . .409
Going from Windows to Macintosh . . . . . . . . . . . . . . .410
Going from Macintosh to Windows . . . . . . . . . . . . . . .411
iPod Diagnostic Mode . . . . . . . . . . . . . . . . . . . . . . . . . . .413
The Diagnostic Menu . . . . . . . . . . . . . . . . . . . . . . . . .413
Disk Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .416
Additional iPod Hacks . . . . . . . . . . . . . . . . . . . . . . . . . . .418
Installing Linux on an iPod . . . . . . . . . . . . . . . . . . . . .418
Repairing the FireWire Port . . . . . . . . . . . . . . . . . . . .418
Scroll Wheel Fix . . . . . . . . . . . . . . . . . . . . . . . . . . . . .419
iPod Resources on the Web . . . . . . . . . . . . . . . . . . . . . . .420
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423


Bookscreen
e-books shop

Foreword
Preston wrote Chapter 1. He also contributed to the technical editing of
“The computer for the rest of us” was never considered much of a hacker’s
platform.The original Mac didn’t even have arrow keys (or a control key, for
that matter), forcing the user to stop what he was doing, take his hands off the
keyboard, and use the mouse.The Mac’s case was sealed so tight, a special tool
known as the “Mac cracker” was made to break it open. It was a closed
machine, an information appliance.The expansionless design and sealed case of
the Mac stood in stark contrast to the Apple II that came before it.

With its rich graphical interface and ease of use, the Mac became the standard
for graphic artists and other creative types. Custom icons and desktop patterns
soon abounded.The users that embraced the Macintosh for its simplicity
began using ResEdit (Resource Editor) to modify system files and to personalize
their machines.The Mac developed a fanatical following, and you could
rest assured that each fanatic’s system was unique, with the icons, menus, program
launchers, windows, sounds, and keyboard shortcuts all scrutinized and
perfected to meet his personal needs. My Color Classic even played Porky Pig’s
“That’s all folks” each time it shut down (although the novelty wore off on that one pretty quick).

Mac OS X was met with some trepidation. It broke every program and
system modification, it didn’t have a proper Apple menu—and what on earth
was this “dock”? Jef Raskin, who gave the Mac its name, wrote of Mac OS X,
“Apple has ignored for years all that has been learned about developing UIs. It’s
unprofessional, incompetent, and it’s hurting users.” Bruce Tognazzini, founder
of the Apple Human Interface Group, even penned an article titled “Top 10
Reasons the Apple Dock Sucks.”

Mac OS X was an entirely different operating system. Most classic Mac OS
applications were compatible, but only when operating inside a special runtime
environment. All system extensions and user interface modifications were
permanently lost. For many users, these changes are what made the computer
“theirs” and they replied heavily upon their customizations to efficiently get
work done.The loss was tremendous. And it was worth it.

Preemptive multitasking, symmetric multiprocessing, multithreading, and
protected memory. Protected memory was the one I wanted most.
At a 1998 keynote, Steve Jobs showed off a mere dialog box, to great
applause.The dialog read:“The application Bomb has unexpectedly quit.You
do not need to restart your computer.” I take it for granted on Mac OS X, but
as I write this, I’m recalling occasions when Internet Explorer brought my
entire system down multiple times in a single day.
Mac OS X promised to combine the power and stability of Unix with the
ease of use of Macintosh. I was cautiously optimistic with early releases (I’ve
been using Mac OS X since Developer Release 4).

Protected memory doesn’t do much good when all your apps are running
in the Classic Environment, and the user interface did indeed leave a lot to be
desired. But with each revision, Mac OS X has improved dramatically.With
Mac OS 10.4 Tiger, I no longer even have the Classic Environment installed,
the user interface has improved to a degree that in many ways I far prefer it to
that of Mac OS 9. Mac OS X has succeeded in combining the best of Unix
with the best of the Macintosh.

The Macintosh has become “the computer for everybody.” For novices, it
remains the easiest computer there is. For enthusiasts, as in the old days, there is
a vast array of third-party applications, utilities, and customizations, to tweak
and improve the way the OS works. For hackers and programmers, there’s the
command line and the BSD Unix compatibility layer.

All the power, all the tools, and all the geekery of Linux is present in Mac
OS X. Shell scripts, X11 apps, processes, kernel extensions… it’s a unix platform.
It’s even possible to forgo Apple’s GUI altogether and run KDE.Why
you’d want to is another matter.While its unix core is what has made Mac OS
X a viable platform for hackers and programmers, it’s the user interface that has made it popular.
Apple’s Terminal application is perpetually running on my PowerBook, but
so is iTunes, iCal, and a slew of Dashboard Widgets.

If Apple hadn’t moved to Mac OS X, I would have two computers.A
classic Macintosh would be home to my “business” work—my email, calendar,
word processor, etc.The other would be a Linux box, which I would probably
connect to via an ssh connection from my Mac. Here would be the toys, the
programming tools, the shell scripts, and everything I couldn’t do within the
confines of the old Mac.Thanks to the elegance and sophistication of Mac OS
X, this isn’t necessary. I’ve got every program I want to run and every tool I
need to use on a single 4.6 lbs, 12” PowerBook.
—Tom Owad
Loading...
DMCA.com Protection Status