Access your Airport disk from anywhere for free

By Ryan | June 30, 2009

One feature of Apple’s MobileMe service is the ability to get to your printers, disks, and Macs from anywhere on the internet. I would be a customer if the Back to my Mac feature worked with both Macs and PCs but you can’t support everything. At around $99 a year MobileMe is expensive. Sure it gives you a lot of features but with a little time on your hands you can get a few of these features for free.

Before I get started let me list the things you will need to accomplish this task.

  • Airport Extreme Base Station, Airport Express, or Time Capsule
  • PC or Mac that is usually always on and connected to the internet
  • Dyndns account (free or paid)
  • Hard drive connected to the supported router

I have a Linux server which my Airport Extreme sits on so I decided to finally figure out how to update my Dyndns account with it. I followed the guide here and it’s working nicely. You can get a Mac widget and just search for a similar one for Windows. Don’t forget to sign up for a free account on the Dyndns website. I suggest you change the update time to 4 hours since it will cache nicely if your update computer ever loses network connectivity.

So now that you have your updating setup complete lets move to the router. I use an Airport Extreme so I am not sure if the screenshots will be exactly the same. First go to the Base Station tab and then click Edit.

Airport Settings

Now simply put your Dyndns account information in and you’re good to go. Just remember to use Dyndns.com and not your custom static url such as “your-username.isa-geek.com” or whatever url you choose on Dyndns.

Dyndns Settings

Before you update your settings be sure to add “Share disks over the Internet using Bonjour” in the disks settings. You can see the option in the screenshot below.

Disks settings

For security reasons you’re going to want to turn off Guest access. Now at this point you’re basically finished. If you use multiple routers like I do you need to make sure you port forward port 548 to your Apple router. So you’re probably wondering “Ok great, now how the hell do I get to my drive?” Well that’s pretty easy.

To get to your drive simply connect to your custom Dyndns url from Finder as seen in the screenshots below.

Finder Select


Connect Screen

That’s it! If you’ve done everything correctly your disk should mount in about 4 to 5 seconds. Finder will query you for your username and password and you will connect to the drive instantly. The latency will also depend on your upload speed at home. I have yet to try printing over the internet as my printer is plugged directly into my Linux server. I’ll be sure to update this post if I decide printing over the internet is a necessity.

Posted in Apple, Guide, Productivity | Tagged , , | It's your turn

The definitive KisMAC article.

By Ryan | June 26, 2009

Having lurked the KisMAC IRC for a few years I have picked up on the in’s and out’s of the application. With the help of quite a few users including Fishman, BugDave, Alchemy Thunder, Jeroenimo, and others. This article is more of a guide for users curious about what KisMAC offers, how to use it properly, and maybe even contribute. At the time of this article version 0.2.99 is the most current.

So lets get started. KisMAC is a wireless stumbler, cracker, and PCAP dumper. What this means for the uninitiated is that you can do a multitude of wi-fi sniffing right within OSX without having to resort to virtual machines or dual boot systems. Not only can KisMAC use compatible USB and PCMCIA cards but all Airport cards are supported for scanning meaning anyone with relatively new portable Mac can use this application.

Before I get into some serious lingo I want to fore warn you that KisMAC is not for the type of people who don’t like to trouble shoot or search for answers. If something doesn’t work you’ll have to search for an answer. A kernel panic can result from manipulating your Macs system files so make sure you know what you’re doing before you break something.

With that out of the way lets learn two new terms. Active and Passive.

Active mode

  • Sends probes
  • Allows for standard stumbling
  • Pretty much garbage

Passive mode (Monitor mode)

  • Ability to see everything within range
  • Allows for injection attacks
  • De-authentication attacks

You can pretty much see that you want Passive mode support if you really want to stir up some packets. All Airport Extreme cards are supported in some sort depending on their chipset. Apple uses a broad name for their wireless card however supports different vendors. My MacBook came with an Atheros card, however I upgraded to a Broadcom based chip which allows for wireless N on 5GHZ. You can read all about the limitations of the Apple Airport Extreme here.

I want to inject and de-authenticate, what card should I buy?

So you’ve got some money burning through your pocket and you want to have the ability to use the advanced features of KisMAC. You can spend anywhere from $20-50 depending on your location and preference. Personally you have two choices for chipsets, the rt73 and the RTL8187L. You can see which specific cards contain those chipsets here. I have the Hawking HWUG1 and the Asus WL-167G. The Hawking has an external R-SMA connector which allows me to connect an external antenna for even better reception. It is highly recommended.

Setup- KisMAC Preferences

Before you can slap your card in and hit scan you need to open the preferences and select your driver. This is a crucial step than many new users over look. KisMAC can’t figure out what card you have on its own so you have to do the work and tell it which driver to use. You can easily find out what chipset your device uses by looking at this chart. Here you can See I have the rt73 driver selected.

kismac-prefs

Now some of the settings are hidden due to the drop down. The screenshot below shows the settings I use. Be sure to check “Keep everything” if you want to import the raw PCAP dumps into your favorite packet analyzer. KisMAC uses a proprietary storage format and you cannot import the files into Aircrack or Wireshark.

KisMAC-Prefs2

Attack! I want to harness the power of my card and inject! How do I do it?

First lets start by defining what injection means. A certain type of packet will query a computer on the network to respond. It’s similar to saying “Hello?” on the phone. If you card supports injection it will send that specific packet out to the network and hopefully the computer will respond back. Take this idea and multiply it hundreds of times and you will start to get a huge number of packets. The more packets the easier it is to crack the key. To inject packets simply go to Network –> Reinject Packets. KisMAC will do the rest.

Where do I use injection?

Injection is currently only used for cracking a WEP networking. WPA networks require a different type of attack. Here you can see what it looks like to use injection.

kismac-injection

How many packets do I need to crack my WEP key?

Assuming you’ve either been streaming video on your network capturing packets like crazy or you’ve succeeded in injecting packets you can crack your WEP key with around 200,000 packets however using a heavier encrypted key you can need as many as a million packets. This is why injection is so important because capturing that many packets manually will take forever. Purchasing a card that can inject is worth your time as opposed to using your built in Airport Extreme.

I’ve got quite a few packets, now what do I do?

By this time you’re getting anxious. You’ve captured what seems to be a lot of packets and you want to see the key. First double check you actually have around 200,000 data packets and then collect some more. The more the better. Now to crack WEP it’s as easy as clicking on Network –> Crack –> Weak Scheduling Attact –> Against 40-bit. If that route doesn’t work you can try the other attacks available to you. If you have the correct amount of packets then one of these attacks should work. If you can’t get any of these to work triple check your data packet count, save your KisMAC file, and start looking through the wiki. If you don’t find anything there either post in the KisMAC forums or try the IRC. Please read the readme and FAQs before posting too!

WEP is easy to crack, I want to crack WPA.

So you want to crack WPA eh? Well for KisMAC it can be either very easy or impossible. The first limitation is that in order to crack WPA you need to capture a handshake. A handshake is when a computer connects to a wireless router. You can get this pretty easily by sending a de-authenticate attack, kicking the computer of the network only to join again quickly. The second limitation is that with KisMAC you test the handshake against a wordlist file. This is similar to a rainbow table except it only contains ASCII words. If the password of the WPA network is in your wordlist file then you are quickly granted access to your network. If the password is not in the file then you are not able to gain access using KisMAC. There are other ways to crack WPA however they are not built into KisMAC.

I have the handshake captured so now what do I do?

First lets make sure you have the actual handshake. In KisMAC this is represented by a red or green icon on the far right of the networks page. You can see in the image below that the handshake for DD-WRT has not been acquired. If that icon glows green you have successfully captured the handshake.

KisMAC WPA Handshake

Assuming you have captured the handshake now go to Network –> Crack –> Wordlist Attack –> Against WPA key. This will open an open dialog box for you to select your wordlist file. If the password is found KisMAC will congratulate you and show you the correct password. I have cracked my WPA password with as little as 6 packets de-authenticating immediately as I start scanning. Again you need to have the password in the wordlist file but it is still fast. Some say this isn’t exactly “cracking” WPA but more of testing it against what you already know but personally with a good wordlist file you can get into normal secured networks, yet I don’t condone that.

I think I just want to use KisMAC for good and not evil.

KisMAC can crack networks yes but it also a great stumbler. It supports just about any GPS adapter that works on Macs and can even export to NetStumbler so you can upload your finds to WiGLE. The map function of KisMAC works pretty well and I’ve used it to war drive a few times. The KisMAC WiGLE team is pretty good too! So grab a copy of KisMAC, a power inverter, a few buddies, some sort of GPS device, and stumble some networks. Be sure to join our WiGLE network or hangout in the KisMAC IRC (#kismac on irc.freenode.net). The KisMAC team is currently looking for coders, graphic designers, and just about anything else. If you want to contribute let us know in the forums or the IRC!

I can’t get this application to work, KisMAC is stupid!

I can’t tell you how many tries it took me to get injection or WPA cracking to work. It took a lot of time reading the wiki, asking questions on the IRC, and being patient. The current build is pretty solid and with some time I’m sure you can get it working. The biggest thing you need to understand is that there are people out there to help you, just be sure to read the FAQ so you don’t start off on the wrong foot.

I hope this article either helps or gets someone interested in KisMAC. I have been working on a better landing page for the application for a little bit and it inspired me to write this article. If you need help you can look for me lurking in the IRC, my handle is post_break.

Posted in Exploits, Guide | Tagged , , | 2 Will Burn

Snow Leopard and 32-bit Macs

By Ryan | June 13, 2009

Back in 2006 I bought the Macbook I’m typing on. At the time Core Duo was the cpu type unlike the now common Core 2 Duo. The difference being Core Duo is a 32-bit chip among cache sizes ect. The biggest selling point of Snow Leopard is the fact that it can run in full 64-bit mode which ran shivers down my spine. Would Snow Leopard run on my Macbook since I didn’t have a 64-bit chip?

All Intel Processors?

All Intel Processors?

Well I installed Snow Leopard 10A380 yesterday and I can tell you it screams on my 32-bit Macbook. It is pretty well documented that Snow Leopard includes both a 64 and 32-bit kernel however until I actually saw it running on a 32-bit Mac I was skeptical. Then I noticed this on the Tech Specs page.

Early adopters are saved!

Early adopters are saved!

Overall I am excited to know that my 3 year old Macbook isn’t stuck running Leopard and I can upgrade in the fall. Also those core solo Mac Minis can run Snow Leopard as well minus the Grand Central feature it appears.

Posted in Apple, Leopard | Tagged , | It's your turn

Change the screen resolution from the terminal

By Ryan | May 31, 2009

Changing your screen resolution can be a laborious affair requiring many clicks. I’m going to show you how to automate the process using automator and a nice application called ScreenUtil.

Step 1. Download ScreenUtil from the link above.

Step 2. Unzip it then do a “chmod 755″ to make sure it’s executable.

Step 3. Copy scrutil to “/usr/local/bin/”

Now running “scrutil c” will till you what your current display setting is. To change your display resolution simply add “t” followed by your resolution and your display will instantly change. A full example is as follows “scrutil t 1280 800 32″ The first two numbers are pretty obvious and the last one being the pixel depth. If you’re unsure what your display’s pixel depth is run “scrutil c” to find out.

Automating this script is very easy. Launch Automator and select “Run Shell Script”. Input  the resolution you want, and save it as an application. Now you can change your resolution much faster by launching that application with Quicksilver or Spotlight.

*The creator of ScreenUtil’s website is http://mowlem-enterprises.co.uk/ however the download link for the actual application is missing.
Posted in Automation, Productivity | It's your turn

Hyperspaces: Review

By Ryan | May 25, 2009

For those of us who use Spaces the lack of advanced options can be aggravating. Allowing you to keep certain applications in specific spaces is great for productivity, however, keeping the same dock in each space is not. Having the option to change the wallpaper of each space is glaringly obvious as well. It’s almost as if Spaces started out as a flagship feature yet got pushed to the back burner after the launch of Leopard. I’m going to take a look at Hyperspaces which restores many features that are absent from Spaces as well as hand out a few copies.

Read More »

Posted in Leopard, Productivity, Reviews | Tagged , , | 1 Will Burn

Airbase-NG, Honeypot Delux

By Ryan | May 6, 2009

Well it’s been a while since I last posted about Airbase-NG and I have been saving a nice script Jeronimo from the Kismac IRC gave me. First let me say that I did not write this script in any way. I was given the script and the only thing I changed was the ability to dump the payload into a plaintext file from ettercap, which isn’t saying much.

So lets get started! The first requirement is Backtrack 4 Beta. I love this build because it appears much more stable than what I have used before. No random lockups while using VMware on my Mac. I’ll be sticking with this build and might even put it on my EeePc if it never sells.

Next you need to update the aircrack suit. The aircrack wiki should suffice if you don’t know how to do that. The biggest piece of advice I can give you is to have patience and look information up if you cannot get something to work.

The last step resides in the script itself so read the comments. In the comments you will see that you need to change some parameters depending on your interface card.

This script differs from the SoftAP script in that it uses ettercap and driftnet to actively show you someone is on your network. You can then log all of the data you want and search for passwords in clear text. While testing this against my iphone I was able to pull just about every password out including: facebook, twitter, gmail, ect.

The script is still limited to around 40kbp/s however in my testing you don’t notice right away until you start loading graphic heavy websites and I doubt a target would notice either.

Here is the download link for the script. Remember to read the comments!

Posted in Site News | Tagged , , | It's your turn

Down time

By Ryan | April 27, 2009

The site was down for a few hours today for an unknown host problem. After rebooting the server everything seems fine.

In the meantime updates have been far and few. Sometime next week the newer Airbase-NG script will be posted along with some more guides for Mac users and an update for Google Voice productivity. I appreciate the patience as this site has gone on the back burner due to personal reasons. I look forward to releasing those articles when I get a chance to finish them. In the mean time sit tight, and know articles are coming.

Posted in Site News | It's your turn

Massive disk corruption and data management

By Ryan | April 5, 2009

I have experienced just about every disk corruption known to OSX and the feeling of despair never seems to go away. Just today I had the dreaded “Invalid B Tree node size” error which means my drive was disconnected before it was unmounted forcing it to write garbage to an important spot on the disk. I have had worse however. Everything from needing to sector edit to regain control to shredding the disk only to cancel so I could format. I have learned a few tricks that might help you before you decide to reformat and lose all your data for good.

How much is your data worth? If you had a drive fail chances are you can get your data back, the only thing limiting you is the amount of money you have in your pocket. Professional data restoration is generally out of reach for normal users and thousands of dollars and hour. We’re left with few options. 

The best way to restore your data is to have a back up. It’s a no brainer however hard drives are getting larger and larger. Backing up your photos is easy, backing up 400GB’s of your movies on the other hand can get costly. That exact scenario is what put me in between a rock and a hard place. I didn’t think to backup my backup.

Tools

There are many tools out for Mac users to take advantage of but I am going to list the three big ones that helped save my important data from certain destruction. I am in no way paid by these developers so don’t worry, money doesn’t back this list. Click the icons to go to the developer’s website.

 

Disk Warrior

Disk Warrior

Disk Warrior was able to repair my “Invalid B Tree” error in about 15 minutes which is pretty fast for all 400GB’s of data I could have lost. This is the go to application when you’ve lost all hope. Is $99 worth your data? Well for me it was money well spent. Some of my files that were restored included homework, TV recordings that came off of VHS tapes, and even a few family trips to the zoo that are irreplaceable. 

Disk Warrior costs $99 and if you own a previous version you can upgrade for $49.

 

 

Drive Genius

Drive Genius

Drive Genius is the application I use when I need to get down and dirty with partitioning a disk. You can do everything from defragment to sector edit as well as advanced formating and repairing. Drive Genius was unable to fix my B Tree problem however I don’t believe that’s what this application is made for. If you need to mess around with advanced features of a disk such as defragmenting and repartitioning on the fly, then this is your application. 

Drive Genius runs $99.

 

Techtool Pro

Techtool Pro

Techtool Pro is the application you can get from Apple with your applecare subscription. If that says anything about the application then you know it’s a powerhouse. I personally don’t use Techtool Pro however some of my other Mac friends swear by it. Costing just about the same as the rest of utilities ($98) I wouldn’t be surprised if it contained the same utilities. Techtool stands out in that it doesn’t just revolve around disk utilities and it can test other hardware as well. 

Techtool Pro costs $98.

Conclusion

Out of all the tools I mention I strongly suggest picking up Disk Warrior. A lot of the specialty disk tools in Drive Genius can be performed by the command line for power users however for the average Mac user that might be a bit too risky. So while I wait for my 354GB of data to copy to my backup drive I hope you never have to resort to one of these applications but like a good locksmith, always have one in your pocket or phone.

Posted in Backup, Leopard | Tagged , , | It's your turn

Updates

By Ryan | April 1, 2009

In between midterms, spring break, and actually having a life outside of my house I finally updated the layout of the site if you haven’t noticed by now. Articles are in short supply however I have a few in the works including a new airbase-ng script, some more AppleTV stuff, and some Geektool information. Hopefully I can get some new material up in the coming week.

Posted in Site News | It's your turn

Google Voice

By Ryan | March 18, 2009

I was lucky enough to get into the private beta of Grand Central last May and Google has finally updated the service into something called Google Voice. Google Voice is basically a forwarding number that can ring multiple phones when called. This is great for people who need a single number that calls both work and home or rings a specific phone depending on the person. You can add groups such as work and make them ring a specific number. 

 

The transcribe service works for the most part.

The transcribe service works for the most part.

 

 

One of the new features is the ability to transcribe your voicemail into text and then forward it to your email accounts. Vonage has had this ability for a while now and to get the service for free is pretty spectacular. Unfortunately Google Voice is currently in closed beta and I don’t even have invites to hand out. I look forward to when this service opens up however I just hope it stays free. International calling still has costs but for right now domestic calls are free. One new bonus to this upgrade is that it no longer requires flash so accessing your account via an iPhone is now a viable option.

Posted in Grand Central | Tagged , , | It's your turn

    Twitter Updates

      follow me on Twitter