• Mac OS X

    Convert File Encoding Types

    Digging into old software, or software written on different systems, often ends up resulting in a mismatch in encoding types. Given how common this can be, most flavors of Linux and macOS come with a built-in utility for converting files between various encoding types in iconv. To use it, simply provide the source format as a -f and the target format as a -t. In the below example we’ll also bring a sourcefile.txt in using the < and kick out a targetfile.txt, or the file with the source converted using a >: iconv -f KOI8-U -t utf-16 < sourcefile.txt > destinationfile.txt You could also pipe the output of an echo…

  • Mac Security

    Find all files with a single character name

    Other than typesetting and indexing tools, most apps shouldn’t be creating files that have single character file names. To find all the files with single character file names on a Mac, you could use find and then awk for the length of the file name: find / -type f -print| awk -F/ ' length($NF)  == 1 ' You could also use mdfind or another tool to list all files and pipe that to the same awk -F/ ‘ length($NF)  == 1 ‘ statement.

  • Mac Security

    Find Running Binaries Masquerading as Files

    Binaries should not be called salesreports.doc or timesheet.pdf. If a file with a document extension is executing then it’s most likely bad. Like rulllll bad. So on a Mac, you can check what’s running in that context by piping ps output to grep and using the \| as an OR statement to check for files that match a few known document types, as follows: ps aux | grep ‘.doc\|.pdf\|.png\|.docx\|.mpkg\|.pkg\|.xls\|.ods\|.xlsx\|.odt\|.key\|.htm\|.txt\|.csv\|.xml\|.json\|.pdf\|.ogg\|.rtf\|.dmp\|.aac\|.mp3\|.psg\|.mp4\|.m4a\|.gz\|.png\|.html\|.jpg\|.rss\|.jpeg\|.vb\|.wav\|.svg\|.bmp\|.pps\|.ppt\|.php\|.pptx\|.tiff\|.tif\|.gzip\|.wmv\|.zip\|.rar\|.bin\|.iso\|.sql\|.ico’

  • Apple TV,  Apple Watch,  Apps,  iPhone,  JAMF,  Mac Security,  MacAdmins Podcast

    Notes from the Underground: Apple WWDC and You

    Apple kicked off the annual WWDC conference yesterday and boy there was a flurry of information. There always is, but for people charged with managing Apple devices and vendors that support Apple devices there were some important releases. Some general themes to think about as you read through this list: Privacy is a thing. This includes securing files in the directories of a user by having the user accept a request to touch them (e.g. My Documents, er, I mean, Documents). This also means apps harvesting user data are doomed. The restrictions continue to flow in from iOS to the Mac. And that’s probably a good thing – as it…

  • iPhone,  JAMF

    Transfer Text In And Out Of The iOS Simulator Using xcrun

    In a previous article, I covered creating, starting, and stopping iOS simulations. macOS comes with a handy tool to interact with the clipboard (aka pasteboard) on a Mac called pbcopy. You can redirect information from a file into your clipboard using the pbcopy command. Here, we’ll simply call pbcopy and then a file path pbcopy ~/Desktop/transfer.txt You can then redirect your text into simctl by doing a pbpaste into xcrun simctl pbpaste booted Once you’ve copied your data, clean up the transfer file: rm ~/Desktop/transfer.txt You can also pull text out. If you write data into the clipboard (e.g. during instrumentation) then you can extract it from that pasteboard using…

  • Mac Security

    Controlling Multiple launchagents and launchdaemons concurrently

    Most of my examples for launchctl have been per-user, per-agent, per-daemon. But you can also control multiple launchctl targets concurrently. One example would be that you can unload everything in the user domain by not specifying a path but providing the userid. In the following example, we’ll just use $userid as a variable, but it’s worth noting that that would be, as an example, 501 for the : sudo launchctl bootout gui/$userid There’s another option that can be used to do the opposite from within single user mode, called bootshell. Bootshell is called similarly from single user mode: sudo launchctl bootshell

  • bash

    One of my uglier scripty bits

    So – sed and awk versions on the Mac are a little behind. Turns out if I write an expression to wrap a forward slash into braces that it doesn’t exactly translate when moving from Linux to a Mac. So this happened (make fun, it’s cool): #!/bin/bash #Extracts occurances of a file path from a text file #Then sorts and counts up each echo "Please make sure to run script from same Original_file PATH" read -p "Enter filename: " original_file cp $original_file tempfile.txt && sed 's/ /\n/g' tempfile.txt > tempfile1.txt && sed -i '.bak' '/^$/d' tempfile1.txt && cat tempfile1.txt | grep '^/' | sort |uniq -c | sort -k2nr |sort…

  • iPhone,  JAMF,  Mac OS X

    Approve Or Deny GSuite Access For Devices

    The Google Directory integration with GSuite allows you to manage which devices have access to GSuite. This allows you to control access based on a variety of factors. Below, you’ll find a Google Cloud Function that is meant to respond to a webhook. This function takes an action to set a device into ‘approve’ or ‘deny’ as a state within Google Directory. Before using the function you’ll want to set CustomerID, ResourceID, and EMAIL_ACCOUNT for your GSuite account before using. To setup a GSuite Account for Google Functions and grab the ResourceID (or JWT), see: https://krypted.com//cloud/setup-google-cloud-functions/ To obtain the customer ID: https://krypted.com//uncategorized/get-your-customerid-from-g-suite/ Once you have all that, you can upload…