Yesterday, I wrote up how to compile your own version of an open source Xcode app and used NoMAD as an example, for those who didn’t want to use the precompiled application bundle. Many software packages have permissions to do do various tasks. NoMAD interacts with the keychain, so will have to use a TeamID, or to expand the term, the Team Identifier Prefix. This means the new version won’t be able to access keychain items created by previous versions of NoMAD, which use the creators prefix (I didn’t reference Joel as “the Creator” – but “a creator” to be clear). Ergo, this article is really just for helping those…
-
-
Quick And Dirty Guide To Compiling Your Own Version Of An Open Source Xcode Project For Testing
There are plenty of apps out there that can be beneficial to an organization, but don’t really make sense to live on an app store. This might be because the app uses private APIs, breaks acceptable design patterns, needs to be customized for every use case, is just proof of concept code, etc, etc, etc. Anyone with an Apple Developer certificate can compile an app to test it on their local machine. We can go into more detail later for people that want to then distribute/re-distribute those apps… To get started, first we’ll clone the project to our local machine. To do so, in Github or Gitlab or wherever it…
-
Test A Fork Of NoMAD Maybe?
tldr: here’s a slightly modernized fork of NoMAD that needs a little testing: https://gitlab.com/krypted1/nomad2 Been working on a fork of NoMAD that will hopefull just modernize code and get merged back in. In general, the changes shouldn’t be noticed with a big exception, it’s a breaking change for machines that run an operating system older than Catalina. Apple changes APIs and so we have the option to either introduce a breaking change or make the code really complicated by retaining existing code or moving to new APIs. So this version starts to transition away from UIKit and towards Swift UI. It also removes Carthage in favor of Swift Package Manager.…
-
Inspecting WebAuthn Traffic
Just released v2 of a Chrome Extension that overrides the navigator.credentials.get and navigator.credentials.create endpoints to show the json that is sent and received from a webauthn transaction. The extension simply produces a dialog box that shows the json submitted to the appropriate endpoints on a server that supports Passkeys. It’s available as an unpacked Chrome extension at https://github.com/krypted/webauthn-inspector. The two primary attributes I was interested in exploring are “id” and “challenge”. Visit webauthn.info and change the “Advanced Settings” it’s easy to see how the other fields change as the settings change and compare these to sites (e.g. bestbuy.com) that have implemented some of the WebAuthn spec. In general, the id…
-
macOS Script To List System Extensions And Their State
Yesterday I posted https://krypted.com/mac-security/script-to-list-extensions-running-on-a-mac/ to scriptify some research on App Extensions and System Extensions. I mentioned that it’s also possible to loop through /Applications or /Applications/Utilities and look for any .systemextension bundles (which includes network extensions as those are .networkextension.systemextension – and ultimately they’re all kinda’ auxiliary kext’s ‘even though’cause kexts are bad – but I digress). So here’s a script that loops through the file hierarchy supplied by $1 and then checks any found against systemextensionsctl to make sure they’re running: https://github.com/krypted/extensionslist/blob/main/systemextensions.sh In action, here are a couple of outputs of what it can look like. Per developer documentation (and with a little experience writing them), the two locations…
-
Free Space Required for Modern macOS Upgrades
The amount of free space required to upgrade a Mac has increased drastically in the run-up to and since the introduction of apfs-based snapshots in 2016. The amount of required free space had been growing steadily in the HFS+-era of file systems, but as more elements of iOS (like a modern file system) came to the Mac, and as the Mac transitioned to a fully 64-bit operating system, that number escalated and never returned now that the transition away from things like 32-bit apps and kexts is finished. Sierra (Mac OS X 10.12) had a minimum drive capacity of 8.8 GB but really needed more like 12 GB; however there…
-
Use UTM To Run Virtual Machines of macOS from macOS
UTM is a virtualization tool available on the Mac App Store at https://apps.apple.com/us/app/utm-virtual-machines/id1538878817?mt=12 with a GitHub at https://github.com/osy. UTM uses the new virtualization framework (documented here) from Apple, so runs the most modern virtualization stack currently available on a Mac. It also emulates via the QEMU system emulation. It can run guest operating systems in Windows, Linux, etc – emulating RISC, ARM, Intel, etc. Installation from the App Store is easy. Once installed, open the UTM app and click on the plus sign to create a new virtual machine. Here, there are options to Virtualize or Emulate. Given that we’ll be installing a beta OS from Apple for this example,…
-
Secure Keyboard Entry on macOS
The Secure Keyboard Entry option has been in Terminal going back almost a decade. Secure Keyboard Entry was added as EnableSecureEventInput way back in Mac OS X 10.3 and was developed to protect the more sensitive inputs people provided, so also made into a public API. It was meant to protect the more sensitive types of data so if we had a login screen with a password field or something else, we’d protect those with it. The purpose was to lock what other processes could use the GetKeys function (once used to write keystroke loggers), tap the IOHIDDeviceInterace and IOHIDOptionsTypeSeizeDevice processes or tap any events that involved any HID system…
-
Lightweight Audio Transcription Script
Quick and dirty audio file transcription script that should be easy to use as a droplet or for desktop transcribing automations at https://github.com/krypted/lightweighttranscription. To use it: Install awsCLI and boto3: pip install boto3 –user (or pip3 install boto3 –user) Mac client available at: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-mac.html Run the $ aws configure setup Set access key, secret key, region and output format Instead of passing the credentials in the script, it is recommanded to install awscli and setup credential profile. If running as a microservice, simply hit the endpoint in the script instead. If running on a computer, keep the Input file and script in the same dir to avoid search path failures. Run script `python3 …
-
Use Sidecar With Unsupported Macs
Sidecar is that spiffy new feature that allows you to extend your Mac desktop to an iPad. It’s cool but only officially supports the following devices; Any 27-inch iMac from Late 2015 or newer Any iMac Pro All MacBook Pros since 2016 2018 MacBook Air Early 2016 12-inch MacBook (or newer of course) 2018 Mac mini 2019 Mac Pro Here’s the thing, those limitations are set based on performance of the machine. The /System/Library/PreferencePanes/Sidecar.prefPane actually shows support for a couple of keys that allow you to use Sidecar even if your device isn’t one of these. Buyer beware though, if you end up with performance issues then run the same…