One of the things that is awesome and sometimes frustrating about Apple Configurator is that when you do certain tasks, you end up updating the OS on devices. The reason this is awesome is that it allows you to centralize operations. The reason this can be frustrating is that if you’re on a limited bandwidth connection, you may find that you can’t do very basic tasks before downloading a large OS update. And if you’ve got a bunch of Apple Configurator workstations, and you are running a training session, this can get infinitely more annoying.
In these types of lab environments, you’re in luck. If you have an ipsw (the iOS OS update file), you can copy the file from ~/Library/Containers/com.apple.configurator/Data/Library/Caches/com.apple.configurator/Firmware/ onto another machine. To copy them onto a USB drive called bananarama for example, use the following command:
cp -R ~/Library/Containers/com.apple.configurator/Data/Library/Caches/com.apple.configurator/Firmware/ /Volumes/bananarama/ipsws/
And once you’ve moved that drive, to then copy them back:
cp -R /Volumes/bananarama/ipsws/ ~/Library/Containers/com.apple.configurator/Data/Library/Caches/com.apple.configurator/Firmware/
krypted August 22nd, 2015
Posted In: Apple Configurator
Take Control is here to support you! So through August 24th, you can add any number of our books to your Take Control library for 50% off the cover price. All our books are DRM-free and available in PDF, EPUB, and Mobipocket (Kindle) formats, so you can read wherever, whenever, and on whatever device you like. Use this link to pick the titles you need to stay up to date:
(We expect everything to work properly, but if our newly redesigned site is overloaded by sale traffic, try again later in the day when things have settled down.)
Remember, there’s no need to read a Take Control title from front to back; instead, each book has a Quick Start that helps you jump instantly to the information you need.
We have books that will help with numerous Apple-related technology tasks and projects, including:
* Converting from iPhoto to Photos
* Figuring out what the heck iTunes 12 is up to
* Maintaining an AirPort-based Wi-Fi network
* Installing and running OS X Server
* Syncing and sharing files with Dropbox
* Enjoying your Apple Watch
For those new to Take Control and looking for a quick fix, we have a few instant-purchase bundles, also 50% off:
* iWork explained: Apple’s iWork suite — Pages, Numbers, and Keynote — now comes free with every new Mac, and offers a level of power that compares well with the heavyweight Microsoft Office. The three books in our iWork trilogy provide 750 pages of comprehensive documentation. Normally the three books would cost $55, but for this week, they’re only $27.50 — perfect for college papers and projects.
* Automation for everyone: Macs have fabulous time-saving tools that can turn anyone into a power user. This bundle of “Take Control of Automating Your Mac,” “Take Control of LaunchBar,” “Take Control of TextExpander,” and “Take Control of the Mac Command Line with Terminal” would normally cost $50, but is only $25 in the sale.
* Safe computing: Today’s Internet is unfortunately an insecure place, with hackers, malware, and bots threatening your privacy and security. With calm, friendly advice, Joe Kissell explains how you can stay safe in “Take Control of Security for Mac Users,” “Take Control of Your Online Privacy,” “Take Control of Your Passwords,” and “Take Control of FileVault.” Together they’re normally $50, but if you’ve been meaning to lock down your Mac and improve your passwords, you can now pick them up for only $25.
We also have books about Yosemite, iOS 8, Apple Mail, iCloud, Audio Hijack, PDFpen, Scrivener, DEVONthink, Apple TV, and more. So stock your Take Control library today with the titles that you’ve been wanting to read or that might be useful in the future!
Thanks so much for your continued support, and the many useful questions and kind comments you’ve sent over the years. Please do us a quick favor, and spread the word about this sale to your friends and colleagues — it’s the perfect way to introduce someone to the series or to get your mother to switch over to using Photos.
krypted August 18th, 2015
My third podcast in the last couple of months, this time with Chuck Joiner again, of MacVoices. And we talked a pretty good bit about Bushel and Mobile Device Management. Thanks to Chuck formatting this whole thing pretty awesome and helping bring my explanations to a point where they actually make sense!
krypted January 29th, 2015
Apple’s Device Enrollment Program (DEP for short) allows you to automatically setup devices with the settings you need on devices that your organization purchases. In Bushel, we give you the ability to link an Apple DEP account up with your Bushel account. This allows devices to add themselves automatically to your Bushel when the devices are activated. We tend to think this is the coolest thing since sliced bread and so we want to make sure you know how to use the feature.
To get started, log into your Bushel and click on Devices. Here, click the button for Device Enrollment Program.
Download your certificate and go to deploy.apple.com and log into your Device Enrollment Program account. Click on Manage Servers in the Deployment Programs sidebar.
Next, click on Add MDM Server and provide the certificate we gave you and a name. Once Bushel has been added to your Device Enrollment Program (DEP) account, click on Assign by Serial Number to add your first device. Assuming the device is part of your DEP account, enter the serial number for the device and choose which server (the one you just added) that the device should reach out to on activation to pull settings from.
Once you’ve added the server, you’ll be greeted by a screen that says Assignment Complete. You can now wipe the device and upon reactivation the device will pull new settings from your Bushel.
Click OK and you can add more devices. Once your devices are added into the Apple DEP portal they will automatically appear in the DEP screen of your Bushel. Click on a device to assign a username and email address, if you will be using email.
krypted November 21st, 2014
OS X has a command called rvictl, which can be used to proxy network communications from iOS devices through a computer over what’s known as a Remote Virtual Interface, or RVI. To setup an rvi, you’ll need the udid of a device and the device will need to be plugged into a Mac and have the device paired to the Mac. This may seem like a lot but if you’ve followed along with a couple of the other articles I’ve done recently this should be pretty simple. First we’ll pair:
Then tap Trust on the device itself. Then we’ll grab that udid with idevice_id:
Next, we’ll setup a rvi with rvictl and the -s option (here I’m just going to grab the udid since I only have one device plugged into my computer):
rvictl -s `idevice_id -l`
Then we can list the connections using rvictl with the -l option:
Next, we’ll run a tcpdump using this newly constructed rvi0:
tcpdump -n -i rvi0
Next, we’ll get a lot of logs. Let’s fire up the Nike FuelBand app and refresh our status. Watching the resultant traffic, we’ll see a line like this:
22:42:29.485691 IP 192.168.0.12.57850 > 184.108.40.206.443: Flags [S], seq 3936380112, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 706439445 ecr 0,sackOK,eol], length 0
There’s an IP in there, 220.127.116.11. We can look this up and see that the servers are sitting on Amazon Web Services and verify it’s Nike. Watching the traffic with tcpdump we can then obtain GET, POST and other information sent and received. Using wireshark we could get even more detailed data.
Overall though, this article is meant to focus on the iOS side of this and not on debugging and refining the approach to using tcpdump/wireshark. rvictl is a great tool in the iOS development cycle and for security researchers that are looking into how many of the apps on iOS devices exchange data. Enjoy.
krypted November 19th, 2014
You can do some pretty simple testing of ports and network communications using strategies I’ve outlined in the past with tcpdump, trace route, telnet, curl, stroke and of course ping. However, netcat has a few interesting things you can do with it; namely actually run a port super-quickly to test traffic between subnets, forcing scans of ipv6 traffic, debugging sockets, keeping connections alive, parodying through SOCKS 4 and 5 and just checking for daemons that are listening rather than actually sending data to them.
In this first example, we’re going to just check that Apple’s web server is accessible (adding -v for verbose output):
/usr/bin/nc -v www.apple.com 80
The result would be pretty verbose
found 0 associations
found 1 connections:
src 10.10.20.176 port 50575
dst 18.104.22.168 port 80
rank info not available
TCP aux info available
Connection to www.apple.com port 80 [tcp/http] succeeded!
HTTP/1.0 408 Request Time-out
Date: Tue, 29 Jul 2014 15:41:34 GMT
Expires: Tue, 29 Jul 2014 15:41:34 GMT
The server timed out while waiting for the browser’s request.<P>
If we added a -w to timeout we’ll cut out all the cruft (but wouldn’t know that the server’s at Akamai). Next, we’ll get a little more specific and fire up a test to check Apple’s push gateway at, using port 2195:
/usr/bin/nc -v -w 15 gateway.push.apple.com 2195
But, I want the cruft for the purposes of this article. Next, we can add a -4 to force connections over IPv4 and check the Apple feedback server and port 2196, also required for APNs functionality:
/usr/bin/nc -v -4 feedback.push.apple.com 2196
Right about now, something is probably happening at Apple where they’re getting sick of me sending all this data their direction, so let’s add a -z option, to just scan for daemons, without actually sending any data their way:
/usr/bin/nc -vz -4 feedback.push.apple.com 2196
Because of how NAT works, you might notice that the src port keeps changing (incrementing actually). Here’s the thing, we’re gonna’ go ahead and force our source port to stay the same as our destination port using the -p option:
/usr/bin/nc -vz -4 -p 2196 feedback.push.apple.com 2196
Now, what if this is failing? Well, let’s spin up a listener. I like to start on my own subnet, then move to another subnet on the same network and ultimately to another network so I’m checking zone-by-zone so-to-speak, for such a failure. So, we can spin up a listener with netcat in a few seconds using the -l option on another host:
/usr/bin/nc -l 2196
Then I can scan myself:
/usr/bin/nc 127.0.0.1 2196
I could also do this as a range if I forgot which port I used per host:
/usr/bin/nc 127.0.0.1 2195-2196
Now, as is often the case, if our connection problem is because data isn’t parodying, we can also use nc to check that using the -x operator followed by an IP and then : and a port. For example:
/usr/bin/nc -vz -4 -w 10 -p 2196 -x 10.0.0.2:8080 feedback.push.apple.com 2195-2196
Fun times with push notifications. Enjoy.
krypted July 29th, 2014
If you do deployments of Apple products, there are a few conferences to look at. Based on where you are and what industry you are in, some of these are better than others. But if you use the Casper Suite or are considering doing so, it would be really hard to beat JNUC, the JAMF Nation User Conference.
And yes, I’d of said all this and posted this even if I hadn’t of come to work here a week and a half ago! So come one, come all to Minneapolis. And if you’re really nice, we’ll hook you up with some good old fashioned Minnesota lutefisk!
krypted June 11th, 2014
I enjoy going to MacIT so much. Paul Kent ran a great little conference in Monterrey one year and I am so glad that I started going to Macworld around that time. I missed it last year while trying to trim back on the travel and am pretty stoked I got to get there again this year. Special thanks to everyone I saw and was able to hang out with. Considering there isn’t a single person I didn’t want to hang out with, sorry if I didn’t see you or get to spend any time. Thanks to Duncan and Kevin White for making time to do the podcasts (hopefully the background noise is low enough so we can get them posted!).
Also, this is a top-notch production. Kathy, Paul, the board (Arek, Dan, John, Kevin, Duncan, etc) and everyone else I’ve ever interacted with there are absolutely amazing. I would love nothing more than to not get a chance to speak next year because a flood of amazing talks burst on the scene. Start thinking about what you could talk about now so I can show up and sit in the back and watch you do your thing!
And if you were in my session and asked about the presentation when the conference site was on the fritz (which could have also been my fault BTW), the presentation is here: MacIT 2014
krypted March 31st, 2014
The good folks at Amsys have built a nice little app called Services Test for verifying outbound connectivity to critical services to make iOS devices work. If you are having problems connecting to these services or activating devices, simply open the App and tap on the play button in the upper right hand corner of the screen.
Click on the Info button to see what each of these servers do during the activation and management process.
The app can also test a few common server services, including connecting to an OS X Server, Casper and AirWatch. These are typical services used in an iOS and Mac environment.
Overall, this is a really nice little app for testing connectivity to typical iOS services and a very nice tool Amsys is providing to the community!
krypted January 17th, 2014
Posted In: iPhone