Thursday, September 27, 2012

Extract and view application signing certs on OS X

To view the certs used to sign executables on OS X binaries, first dump out the cert signing chain:
$ codesign -d --extract-certificates /Applications/Utilities/Adobe\ Flash\ Player\ Install\ Manager.app/
Executable=/Applications/Utilities/Adobe Flash Player Install Manager.app/Contents/MacOS/Adobe Flash Player Install Manager
This will give you all the certs in the embedded cert chain in ASN.1 DER format, with codesign0 being the leaf:
$ ls codesign*
codesign0   codesign1   codesign2   codesign3
Then you can use openssl to look at the attributes in a super-ugly format:
$ openssl asn1parse -in codesign0 -inform DER    
    0:d=0  hl=4 l=1302 cons: SEQUENCE          
    4:d=1  hl=4 l=1022 cons: SEQUENCE          
    8:d=2  hl=2 l=   3 cons: cont [ 0 ]        
   10:d=3  hl=2 l=   1 prim: INTEGER           :02
   13:d=2  hl=2 l=  16 prim: INTEGER           :15E5AC0A487063718E39DA52301A0488
   31:d=2  hl=2 l=  13 cons: SEQUENCE          
   33:d=3  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
   44:d=3  hl=2 l=   0 prim: NULL              
   46:d=2  hl=3 l= 180 cons: SEQUENCE          
   49:d=3  hl=2 l=  11 cons: SET               
   51:d=4  hl=2 l=   9 cons: SEQUENCE          
   53:d=5  hl=2 l=   3 prim: OBJECT            :countryName
   58:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :US
   62:d=3  hl=2 l=  23 cons: SET               
   64:d=4  hl=2 l=  21 cons: SEQUENCE          
   66:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
   71:d=5  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
   87:d=3  hl=2 l=  31 cons: SET               
   89:d=4  hl=2 l=  29 cons: SEQUENCE          
   91:d=5  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
   96:d=5  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
  120:d=3  hl=2 l=  59 cons: SET               
  122:d=4  hl=2 l=  57 cons: SEQUENCE          
  124:d=5  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
  129:d=5  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at https://www.verisign.com/rpa (c)10
  181:d=3  hl=2 l=  46 cons: SET               
  183:d=4  hl=2 l=  44 cons: SEQUENCE          
  185:d=5  hl=2 l=   3 prim: OBJECT            :commonName
  190:d=5  hl=2 l=  37 prim: PRINTABLESTRING   :VeriSign Class 3 Code Signing 2010 CA
  229:d=2  hl=2 l=  30 cons: SEQUENCE          
  231:d=3  hl=2 l=  13 prim: UTCTIME           :101215000000Z
  246:d=3  hl=2 l=  13 prim: UTCTIME           :121214235959Z
  261:d=2  hl=3 l= 221 cons: SEQUENCE          
  264:d=3  hl=2 l=  11 cons: SET               
  266:d=4  hl=2 l=   9 cons: SEQUENCE          
  268:d=5  hl=2 l=   3 prim: OBJECT            :countryName
  273:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :US
  277:d=3  hl=2 l=  19 cons: SET               
  279:d=4  hl=2 l=  17 cons: SEQUENCE          
  281:d=5  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
  286:d=5  hl=2 l=  10 prim: PRINTABLESTRING   :California
  298:d=3  hl=2 l=  17 cons: SET               
  300:d=4  hl=2 l=  15 cons: SEQUENCE          
  302:d=5  hl=2 l=   3 prim: OBJECT            :localityName
  307:d=5  hl=2 l=   8 prim: PRINTABLESTRING   :San Jose
  317:d=3  hl=2 l=  35 cons: SET               
  319:d=4  hl=2 l=  33 cons: SEQUENCE          
  321:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
  326:d=5  hl=2 l=  26 prim: T61STRING         :Adobe Systems Incorporated
  354:d=3  hl=2 l=  28 cons: SET               
  356:d=4  hl=2 l=  26 cons: SEQUENCE          
  358:d=5  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
  363:d=5  hl=2 l=  19 prim: T61STRING         :Information Systems
  384:d=3  hl=2 l=  62 cons: SET               
  386:d=4  hl=2 l=  60 cons: SEQUENCE          
  388:d=5  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
  393:d=5  hl=2 l=  53 prim: PRINTABLESTRING   :Digital ID Class 3 - Microsoft Software Validation v2
  448:d=3  hl=2 l=  35 cons: SET               
  450:d=4  hl=2 l=  33 cons: SEQUENCE          
  452:d=5  hl=2 l=   3 prim: OBJECT            :commonName
  457:d=5  hl=2 l=  26 prim: T61STRING         :Adobe Systems Incorporated
  485:d=2  hl=3 l= 159 cons: SEQUENCE          
  488:d=3  hl=2 l=  13 cons: SEQUENCE          
  490:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
  501:d=4  hl=2 l=   0 prim: NULL              
  503:d=3  hl=3 l= 141 prim: BIT STRING        
  647:d=2  hl=4 l= 379 cons: cont [ 3 ]        
  651:d=3  hl=4 l= 375 cons: SEQUENCE          
  655:d=4  hl=2 l=   9 cons: SEQUENCE          
  657:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
  662:d=5  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
  666:d=4  hl=2 l=  14 cons: SEQUENCE          
  668:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
  673:d=5  hl=2 l=   1 prim: BOOLEAN           :255
  676:d=5  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:03020780
  682:d=4  hl=2 l=  64 cons: SEQUENCE          
  684:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points
  689:d=5  hl=2 l=  57 prim: OCTET STRING      [HEX DUMP]:30373035A033A031862F687474703A2F2F637363332D323031302D63726C2E766572697369676E2E636F6D2F435343332D323031302E63726C
  748:d=4  hl=2 l=  68 cons: SEQUENCE          
  750:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate Policies
  755:d=5  hl=2 l=  61 prim: OCTET STRING      [HEX DUMP]:303B3039060B6086480186F84501071703302A302806082B06010505070201161C68747470733A2F2F7777772E766572697369676E2E636F6D2F727061
  818:d=4  hl=2 l=  19 cons: SEQUENCE          
  820:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
  825:d=5  hl=2 l=  12 prim: OCTET STRING      [HEX DUMP]:300A06082B06010505070303
  839:d=4  hl=2 l= 113 cons: SEQUENCE          
  841:d=5  hl=2 l=   8 prim: OBJECT            :Authority Information Access
  851:d=5  hl=2 l= 101 prim: OCTET STRING      [HEX DUMP]:3063302406082B060105050730018618687474703A2F2F6F6373702E766572697369676E2E636F6D303B06082B06010505073002862F687474703A2F2F637363332D323031302D6169612E766572697369676E2E636F6D2F435343332D323031302E636572
  954:d=4  hl=2 l=  31 cons: SEQUENCE          
  956:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
  961:d=5  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:30168014CF99A9EA7B26F44BC98E8FD7F00526EFE3D2A79D
  987:d=4  hl=2 l=  17 cons: SEQUENCE          
  989:d=5  hl=2 l=   9 prim: OBJECT            :Netscape Cert Type
 1000:d=5  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:03020410
 1006:d=4  hl=2 l=  22 cons: SEQUENCE          
 1008:d=5  hl=2 l=  10 prim: OBJECT            :1.3.6.1.4.1.311.2.1.27
 1020:d=5  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:30060101000101FF
 1030:d=1  hl=2 l=  13 cons: SEQUENCE          
 1032:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
 1043:d=2  hl=2 l=   0 prim: NULL              
 1045:d=1  hl=4 l= 257 prim: BIT STRING      

Wednesday, September 26, 2012

Disable Captive Network Support in OS X

iOS4+ and OS X (10.7+) Devices have a feature called Captive Network Support, which when you connect to an access point tries to download:

http://www.apple.com/library/test/success.html

to see if the device is connected to the internet. If it doesn't get the success response it assumes you are behind a captive portal and pops a webkit window so you can do the portal dance.  This is mostly useful if you are using thick-client apps, since if you're using a browser you're going to see the portal page as soon as you go anywhere.

To disable it, set this preference:

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.captive.control Active -boolean false

Wednesday, September 5, 2012

Prevent OS X from sleeping while ssh connection is active

As of mountain lion, you can stop a mac from sleeping while there is an active ssh session:
caffeinate -i ssh yourhost.something.com
This will prevent idle sleeps, other options are available.

Monday, September 3, 2012

FileVault2 destroyfvkeyonstandby

In their filevault2 doco apple describes the destroyfvkeyonstandby setting:
...the FileVault key is stored in EFI to transparently come out of standby mode. Organizations especially sensitive to a high-attack environment, or potentially exposed to full device access when the device is in standby mode, should mitigate this risk by destroying the FileVault key in firmware. Doing so doesn’t destroy the use of FileVault, but simply requires the user to enter the password in order for the system to come out of standby mode.
To destroy the filevault key on standby:
# pmset destroyfvkeyonstandby 1
And check the setting with:
# pmset -g

Adding items to your start menu on Vista when access has been 'disabled'

As a windows user it is handy to have some programs start on login, like your mail client, web browser, chat client etc. so it is nice to have write access to the 'Startup' folder in your start menu. Write access is often disabled, so here is a possible work around.

First you need to be able to see your start menu. Try mapping your C$ share:

Open explorer and tap the 'Alt' key to bring up the old menu system.
Tools -> Map Network Drive...
\\127.0.0.1\C$
Browse to the share you mounted. Hopefully your start menu is under something like:
Z:\Users\\Start Menu

OR

Z:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu

Create a shortcut to the program you want to start in your 'Startup' folder and you should be good to go.