iPhone Mac OS X Mac OS X Server Mac Security

MacVoices Podcast With Chuck Joiner About The New Take Control Of OS X Server Book!

Yay, podcasts! Chuck Joiner was kind enough to have me on MacVoices. We did a show, now available at http://www.macvoices.com/macvoices-14223-charles-edge-helps-take-control-os-x-server

Or if you’d like to watch on YouTube or inline:


Bushel iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment

Bushel Goes Into Invitation Mode!

Yesterday the Bushel team finished some new code. This code allows you to refer your friends to Bushel! This skips the codes that everyone was waiting for and lets people create accounts immediately!

Screen Shot 2014-11-24 at 10.07.02 PM

From your home screen, click on Invite Friends. Or from the Account screen, scroll down to the section that says “Invite friends to join Bushel”. From here, you can post codes to Facebook, Tweet codes, post codes to LinkedIn and even email them.

We’re not going into general availability just yet. But we’re definitely making it easier long-term to sign up and use Bushel! We hope you love it as much as we do!

Since we’re still architecting how these final screens look, the final features and stress testing the servers, also if you’re testing the system please feel free to fill out our feedback form so we know what you think of what we’re doing and where we’re going!

Or if you’re still waiting for a code, use this link to skip that process https://signup.bushel.com?r=fd0fcf9e6d914a739d29c90421c0fb45.

Articles and Books Mac OS X Mac OS X Server Mac Security Mass Deployment

My Take Control Of OS X Server Book Now Available!

Thanks to all the awesome work from Adam and Tanya Engst, Tidbits announced today that my Take Control of OS X Server is now available! To quote some of the Tidbits writeup:

Some projects turn out to be harder than expected, and while Charles Edge’s “Take Control of OS X Server” was one of them, we’re extremely pleased to announce that the full 235-page book is now available in PDF, EPUB, and Mobipocket versions to help anyone in a home or small office environment looking to get started with Apple’s OS X Server.

As you’ll likely remember, we published this book chapter by chapter for TidBITS members, finishing it in early September (see “‘Take Control of OS X Server’ Streaming in TidBITS,” 12 May 2014). Doing so got the information out more quickly, broke up the writing and editing effort, and elicited reader comments that helped us refine the text.

Normally, we would have moved right into final editing and published the book quickly, but from mid-September on, our attention has been focused on OS X 10.10 Yosemite, iOS 8, and our new Take Control Crash Course series. We were working non-stop, and while we wanted to release “Take Control of OS X Server,” we felt it was more important to finish the books about Apple’s new operating systems for the thousands of people who rely on Take Control for technical assistance.

During that time, we had the entire book copyedited by Caroline Rose, who’s best known for writing and editing Inside Macintosh Volumes I through III at Apple and being the editor in chief at NeXT. Plus, we went over the book carefully to ensure that it used consistent terminology and examples, optimized the outline, and improved many of the screenshots.

The main problem with this delay was that Apple has now updated OS X Server from version 3.2.2 (Mavericks Server, which is what we used when writing the book) to 4.0 (Yosemite Server, which is all that works in Yosemite). Updating the book for Yosemite Server would delay it even longer. Luckily for us, veteran system administrators say that you should never upgrade OS X Server on a production machine right away. And even luckier, the changes in Yosemite Server turn out to be extremely minor (a sidebar in the Introduction outlines them), so those who want to get started now can use the instructions in the book with no problem. It’s also still possible to buy Mavericks Server and install it on a Mac running Mavericks, as long as you have the right Mac App Store link from the book. We are planning to update the book for Yosemite Server (which mostly involves retaking screenshots and changing the “mavserver” name used in examples) in early 2015 — it will be a free update for all purchasers.

Screen Shot 2014-11-24 at 7.59.44 PM

You can find out more about the book at http://www.takecontrolbooks.com/osx-server. An update will be due out in early 2015, so stay tuned for more!

Bushel iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment Minneapolis

Bushel: The Device Enrollment Program (DEP) In Action

Apple’s Device Enrollment Program (DEP for short) allows you to automatically setup devices with the settings you need on devices that your organization purchases. In Bushel, we give you the ability to link an Apple DEP account up with your Bushel account. This allows devices to add themselves automatically to your Bushel when the devices are activated. We tend to think this is the coolest thing since sliced bread and so we want to make sure you know how to use the feature.

Setup Device Enrollment Program in Bushel

To get started, log into your Bushel and click on Devices. Here, click the button for Device Enrollment Program.


Download your certificate and go to deploy.apple.com and log into your Device Enrollment Program account. Click on Manage Servers in the Deployment Programs sidebar.


Next, click on Add MDM Server and provide the certificate we gave you and a name. Once Bushel has been added to your Device Enrollment Program (DEP) account, click on Assign by Serial Number to add your first device. Assuming the device is part of your DEP account, enter the serial number for the device and choose which server (the one you just added) that the device should reach out to on activation to pull settings from.


Once you’ve added the server, you’ll be greeted by a screen that says Assignment Complete. You can now wipe the device and upon reactivation the device will pull new settings from your Bushel.


The Device Enrollment Program in Bushel

Click OK and you can add more devices. Once your devices are added into the Apple DEP portal they will automatically appear in the DEP screen of your Bushel. Click on a device to assign a username and email address, if you will be using email.


Good luck!

Mac OS X

MacTech 2015

MacTech 2015 is coming in November 2015. Sign up now for the early discount and get a pretty sweet deal!
Thank you for joining us for MacTech Conference 2014. The planning is underway for MacTech Conference 2015 and it is already shaping up to be the best conference yet. Because you have joined us before, you know the value that MacTech Conference brings to you, and the community.
We’ve announced the 2015 dates — and now is your opportunity to sign up at the lowest price possible.  The “Special Early Discount” will be available only until November 30th.  Don’t wait: register now.
MacTech Conference 2015:
November 4-6, 2015 in Los Angeles.
Like 2014, it will be a full three days.
Pre-Conference workshops: November 3rd
For 2015, the multi-track conference is being specifically designed for IT Pros, Enterprise, techs and consultants through sessions, labs, and a variety of ways to interact with experts and your fellow techs.
More than just a “save the date” note — you can sign up now at the best rate we will have available — saving you $700+ on your registration.  And, you’ll be the first to be notified on hotel rooms, which will sell out as they have the past few years.
But this rate will ONLY be available until November 30th.
Seriously, November 30th, and that’s it for this pricing — it’s that special.
Register now at:
iPhone Mac Security Network Infrastructure

Listen To iOS Network Communications

OS X has a command called rvictl, which can be used to proxy network communications from iOS devices through a computer over what’s known as a Remote Virtual Interface, or RVI. To setup an rvi, you’ll need the udid of a device and the device will need to be plugged into a Mac and have the device paired to the Mac. This may seem like a lot but if you’ve followed along with a couple of the other articles I’ve done recently this should be pretty simple. First we’ll pair:

idevicepair pair

Then tap Trust on the device itself. Then we’ll grab that udid with idevice_id:

idevice_id -l

Next, we’ll setup a rvi with rvictl and the -s option (here I’m just going to grab the udid since I only have one device plugged into my computer):

rvictl -s `idevice_id -l`

Then we can list the connections using rvictl with the -l option:

rvictl -l

Next, we’ll run a tcpdump using this newly constructed rvi0:

tcpdump -n -i rvi0

Next, we’ll get a lot of logs. Let’s fire up the Nike FuelBand app and refresh our status. Watching the resultant traffic, we’ll see a line like this:

22:42:29.485691 IP > Flags [S], seq 3936380112, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 706439445 ecr 0,sackOK,eol], length 0

There’s an IP in there, We can look this up and see that the servers are sitting on Amazon Web Services and verify it’s Nike. Watching the traffic with tcpdump we can then obtain GET, POST and other information sent and received. Using wireshark we could get even more detailed data.

Overall though, this article is meant to focus on the iOS side of this and not on debugging and refining the approach to using tcpdump/wireshark. rvictl is a great tool in the iOS development cycle and for security researchers that are looking into how many of the apps on iOS devices exchange data. Enjoy.


Bushel Interview with Tech.mn

Slowly but surely information about what I left 318 to do has been leaking out. And I wouldn’t say leaking. More like being broadcast to the world. I’ve worked on a few little things here and there at JAMF Software since my arrival. But my core duty is to shepherd the development and strategy behind a new Mobile Device Management tool called Bushel. A little more about Bushel is available here, and I’ll likely post more about it here when the time is right:


And to access the Bushel site:


And some of the writing that are now finding their way onto the Bushel blog:




Command Line iOS Device Management

The other day, we installed libimobiledevice and used it to view the logs of an iOS device. But you can do much more with the commands that were installed. In fact, if you have a paired device, you can actually use these commands to do some remedial regression testing and other pretty cool things. So this is going to be part two of that article, basically.

First up, make sure the device is paired (note: not all commands require a device to be unlocked). But, all interaction with a device requires the device to be paired. You can use the command line (e.g. if you’re running this on Linux) to view the logs and manage devices, but if you’re not paired using iTunes or another tool, you’ll need to use idevicepair to pair your device, followed by the pair verb (which is very different from the pear verb):

idevicepair pair

You can also unpair using the unpair verb:

idevicepair unpair

The first command we’ll use is idevicedate, which simply returns with the date and time stamp currently on the device:


The response would look similar to the following:

Thu Nov 13 08:58:30 CST 2014

Next, let’s check the apps installed on a device. We can do this with the ideviceinstaller command (also part of the ilibmobiledevice suite of tools). Here, we’ll use the -l option to just list what’s installed:

/usr/local/bin/ideviceinstaller -l

The output would show the app, along with the version of the app at rest on the device:

com.apple.Pages - Pages 1716

To uninstall one of the listed apps, use the –uninstall option:

ideviceinstaller --uninstall com.protogeo.Moves

You can also install apps provided you’ve cached the ipa file (e.g. via iTunes).

ideviceinstaller --install /Users/charlesedge/Music/iTunes/iTunes\ Media/Mobile\ Applications/Box\ 3.3.0.ipa

Which returns the following:

Copying '/Users/charlesedge/Music/iTunes/iTunes Media/Mobile Applications/Box 3.3.0.ipa' to device... DONE.
Installing 'net.box.BoxNet'
Install - CreatingStagingDirectory (5%)
Install - ExtractingPackage (15%)
Install - InspectingPackage (20%)
Install - TakingInstallLock (20%)
Install - PreflightingApplication (30%)
Install - VerifyingApplication (40%)
Install - CreatingContainer (50%)
Install - InstallingApplication (60%)
Install - PostflightingApplication (70%)
Install - SandboxingApplication (80%)
Install - GeneratingApplicationMap (90%)
Install - Complete

When run against a device, the app can then open apps provided the AppleID owns the app.

There’s also a command for ideviceprovision, which can be used to view provisioning profiles, when run with the list verb:

/usr/local/bin/ideviceprovision list

The ideviceprovision command can also form the basis of a tool like wirelurker by allowing you to install a provisioning profile

/usr/local/bin/ideviceprovision install angrybirds.mobileprovision

The file would look something like the following:

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<string>Angry Birds</string>
<string>Angry Birds</string>

You can also remove this, by feeding in the UUID of the provisioning profile (obtained using the list verb but replacing MYUUID from below codeblock):

/usr/local/bin/ideviceprovision remove MYUUID

Note: I’m going to leave my rant about how wirelurker is about as much a security vulnerability as `rm` is due to the fact that it’s how you test the impact of upgrading apps on devices during the development process to another post – where I’ll also beg Apple not to let a little bad press cause them to rip away some of the few deployment and testing tools we actually have for the platform.

Or you could so something more annoying like put a device into recovery mode, so it would need to be plugged into a computer running iTunes and get a new ipsw installed, which is as simple as feeding the udid into ideviceenterrecovery:

/usr/local/bin/ideviceenterrecovery af36e5d7065d4ad666bf047b6e4de26dd144578c

Which brings up an interesting question, how would you get the udid? You can use ideviceinfo:

ActivationState: Activated
ActivationStateAcknowledged: true
BasebandActivationTicketVersion: V2
BasebandCertId: 3554301762
BasebandChipID: 7282913
AKeyStatus: 2
SKeyHash: 7MQEUyvzG4gjjZc7KsNNAVTS8g4=
SKeyStatus: 0
BasebandMasterKeyHash: AEA5CCE143668D0EFB4CE1F2C94C966A6496CZZZ
BasebandSerialNumber: JErUEw==
BasebandStatus: BBInfoAvailable
BasebandVersion: 3.11.00
BluetoothAddress: 90:fd:61:a6:f6:ZZ
BoardId: 0
BrickState: false
BuildVersion: 12B411
CPUArchitecture: arm64
CFBundleIdentifier: com.apple.Verizon_LTE_US
CFBundleVersion: 18.0
IntegratedCircuitCardIdentity: 89148000001085935ZZZ
InternationalMobileSubscriberIdentity: 311480110469ZZZ
MCC: 311
MNC: 480
SIMGID2: //////////8=
CertID: 3554301762
ChipID: 35168
ChipSerialNo: JErUEw==
DeviceClass: iPhone
DeviceColor: #3b3b3c
DeviceName: OK Computer
DieID: 5177734985296
EthernetAddress: 90:fd:61:a6:f6:13
FirmwareVersion: iBoot-2261.3.32
FusingStatus: 3
HardwareModel: N51AP
HardwarePlatform: s5l8960x
HostAttached: true
IntegratedCircuitCardIdentity: 89148000001085935111
InternationalMobileEquipmentIdentity: 352008065544111
InternationalMobileSubscriberIdentity: 311480110469111
MLBSerialNumber: F3Y34040ZEDF7GRA
MobileEquipmentIdentifier: 35200806554111
MobileSubscriberCountryCode: 311
MobileSubscriberNetworkCode: 480
ModelNumber: NE341
auto-boot: dHJ1ZQ==
backlight-level: MTQ0MA==
bootdelay: MA==
PasswordProtected: false
PhoneNumber: (612) 867-5309
PkHash: 09pXQgM5cjY6TJJNOOzO//R5JuGKqjHElfshBbnxZZZ=
ProductType: iPhone7,1
ProductVersion: 8.1
ProductionSOC: true
ProtocolVersion: 2
RegionInfo: LL/A
SBLockdownEverRegisteredKey: true
SIMGID1: ug==
SIMGID2: /w==
SIMStatus: kCTSIMSupportSIMStatusReady
SIMTrayStatus: kCTSIMSupportSIMTrayInsertedWithSIM
SerialNumber: F97N61XZFZZZ
0: 1
TelephonyCapability: true
TimeIntervalSince1970: 1416017216.873442
TimeZone: America/Chicago
TimeZoneOffsetFromUTC: -21600.000000
TrustedHostAttached: true
UniqueChipID: 5177734985296
UniqueDeviceID: af36e5d7065d4ad666bf047b6e4de26dd1445ZZZ
UseRaptorCerts: true
Uses24HourClock: false
WiFiAddress: 90:fd:61:a6:f6:ZZ
WirelessBoardSerialNumber: D81C55315781
kCTPostponementInfoPRIVersion: 0.1.90
kCTPostponementInfoPRLName: 1
kCTPostponementStatus: kCTPostponementStatusActivated

The ideviceinfo output above shows more information that I knew you could actually get about a device previously. You can grep for the UniqueDeviceID and

ideviceinfo | grep UniqueDeviceID | awk '{ print $2}'

This would just return with the UDID. Since that’s blank when there’s no device connected, you can run a loop that waits a few seconds when empty and then uses that UDID as a $1 in some script. Of course, it’s much easier to use a command they built for this called idevice_id:

idevice_id -l

Next, you can use idevicediagnostics to obtain some information about the current state of the device:

idevicediagnostics diagnostics All -u af36e5d7065d4ad666bf047b6e4de26dd1445789

Which has an output similar to the following:

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>

Or query the IOreg of the device:

idevicediagnostics ioreg IODeviceTree -u af36e5d7065d4ad666bf047b6e4de26dd1445789

The output is way too long to paste in here, but interesting (kinda’). The idevicediagnostics command can also do some basic tasks such as restart, sleep and shutdown (each sent as a verb without a required UDID):

idevicediagnostics restart

The crash reports on a device (which include reports for uninstalled apps, forensically providing a glimpse into what apps were removed from a device and when) can all be extracted from a paired device as well, using idevicecrashreport:

idevicecrashreport -e /test

You can then view the logs or grep through them for specific pieces of information:

cat /Test/Baseband/log-bb-2014-08-06-stats.plist

The last command we’re going to cover in this article is idevicebackup2, used to backup devices. Here, we’re going to feed it the udid (which I’m lazily using the idevice_id command from earlier in backticks to grab the udid and backing up into that /test directory.

idevicebackup2 -u `idevice_id -l` backup /test

Here, we’ve backed up whatever device is plugged in, to the /test directory. Subsequent backups will be incrementals.

Interviewing personal

Bushel and I On The OWC Radio Podcast

Special thanks to Tim Robertson and macsales.com for including me along with some of the great ones like Tidbits’ Engst family!



Update rake For OS X

Rake is basically make for Ruby. I recently needed to update rake for something I was working on. After doing so, I tried to update some stuff in Profile Manager and it seemed to work on the outside, but a lot of stuff in Yosemite and Yosemite Server rely on rake so be careful when doing this kind of thing. So, to update to the latest version of rake, use the gem command along with the install verb and then rake as the gem being updated:

sudo gem update rake

This is an interactive command line environment so you’ll be asked a few questions in order to update the gem. Once complete, you’re running (at the time of this writing) 10.3.2. Run the list verb to see what version of each local gem you are running:

sudo gem list

Because running a newer version of rake can conflict with some built-in OS X stuff, you might find a desire to go back. At the time I’m writing this article, 0.9.6 is the latest and greatest version of rake that OS X uses. We can remove the existing rake using uninstall:

sudo gem uninstall rake

Then we can install a specific version using the install verb, followed by the gem and then the version:

sudo gem install rake 9.6

For a full guide of the gem verbs (or commands) see http://guides.rubygems.org/command-reference/.