Apple – HJFR-INFO

January 2, 2018January 2, 2018

Kernel Apple Vulnerability –

I have been away for some time.

In the first day of my return I have found the following vulnerability related with Apple.

It seems nasty… Although it cannot be remotely exploited it might be used in phishing campaigns that might trick the user to execute some software that takes ownership of the computer.

This local privilege escalation flaw resides in IOHIDFamily, an extension of the macOS kernel which has been designed for human interface devices (HID), like a touchscreen or buttons, allowing an attacker to install a root shell or execute arbitrary code on the system.

More info:

Fuck it, dropping a macOS 0day. Happy New Year, everyone. https://t.co/oG2nOlUOjk

— Siguza (@s1guza) December 31, 2017

Exploit / Proof of concept

https://siguza.github.io/IOHIDeous/

July 26, 2015

How to check if a used iPhone is stolen.

I confess that I just noticed this tool recently, I find it very useful, everyone should have knowledge of it.

Apple is trying to address the situation of the stolen mobile phones. It seems hard and isolated in this hard work but at least it is trying.

Apple phones have a very high demand either as used or new.

Since the release of the IOS7 that apple requires the typing of the previous Apple id activation account and password before it changes to another account.

But this is not enough, Apple now has created a tool to check a phone activation lock status. With this tool we are able to check if the used phone was stolen or not.

This might be very useful if you’re trying to get a used phone over the internet!

No one likes to buy a brick, or not being able to activate the phone with our apple id… Or, even worse, being caught with stolen property.

In order to check the phone status you will need the IMEI or the serial number (International Mobile Equipment Identifier) this numbers are unique identifiers to each phone.

Once you get one of them you can go to the apple activation lock status website ( Apple Activation Lock Status ), type the IMEI or Serial number on the forms and fill the remaining information, press continue.

The next screen will show you if the phone has its activation lock feature enabled.

If activation lock is on, the following things might be going on:

1 – The phone is stolen and the seller can’t disable the activation lock.

2 – The seller forgot to turn off the activation lock and will be able to deactivate it in order to complete the sell.

February 15, 2015

MAC OS X file system Introduction

Knowing the hierarchical organisation of a file system of a determined operating system is very important for every person that works in security.

This is the normal structure of the Apple file system.
For this we consider that the system has the User1 created.

Hidden folders will be coloured in green.

Normal viewable folders will be coloured in Purple.

/ – the root path of the file system.
/Applications – This directory is where you install apps intended for use by all users of a computer.
/Network – This directory contains the list of computers in the local area network.
/System – This directory contains the system resources required by OS X to run.
/Users – This directory contains one or more user home directories.
/Users/User1/Applications – Contains user-specific apps
/Users/User1/Desktop – Contains the items on the user’s desktop.
/Users/User1/Documents – Contains user documents and files.
/Users/User1/Downloads – Contains files downloaded from the Internet.
/Users/User1/Library – Contains user-specific app files (hidden in OS X v10.7 and later)
/Users/User1/Movies – Contains the user’s video files.
/Users/User1/Music – Contains the user’s music files.
/Users/User1/Pictures – Contains the user’s photos.
/Users/User1/Public – Contains content the user wants to share.
/Users/User1/Sites – Contains web pages used by the user’s personal site.

/bin - Contains essential command-line binaries. Typically, you execute these binaries from command-line scripts.
/dev - Contains essential device files, such as mount points for attached hardware.
/etc - Contains host-specific configuration files.
/sbin - Contains essential system binaries.
/tmp - Contains temporary files created by apps and the system.
/usr - Contains non-essential command-line binaries, libraries, header files, and other data.
/var - Contains log files and other files whose content is variable. (Log files are typically viewed using the Console app.)

/Volumes – It is the mount point of all drives connected to the system

/Private – destination of some symbolic links

/Net – shortcut access to network drives

/Home –

/Cores – Directory for the Core Dumps

/Trashes – Everything that we have putted on trash

/Spotlight – Information related with spotlight

/Developer – Path to old Xcode information

There are two primary techniques for identifying the type of content in a file:

Uniform Type Identifiers (UTIs) – string that uniquely identifies a class of entities considered to have a “type.” UTIsprovide consistent identifiers for data that all apps and services can recognise and rely upon.
- public.text—A public type that identifies text data.
- public.jpeg—A public type that identifies JPEG image data.
- com.apple.bundle—An Apple type that identifies a bundle directory.
- com.apple.application-bundle—An Apple type that identifies a bundled app.
Filename extensions – A filename extension is a string of characters appended to the end of a file and separated from the main filename with a period.