Archive for March, 2009

So lets check out the iPhones filesystem. Some interesting things to be found.
mobile:/ root# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/disk0s1 500M 448M 48M 91% /
devfs 26K 26K 0 100% /dev
/dev/disk0s2 15G 2.1G 13G 14% /private/var
/dev/disk1 66M 27M 39M 42% /Developer

Some of those actualy may been created by the jailbreak stuff.

/etc, /var link to folders in /private as in osx. /private/var is what seems to be the main working device.  It contains most of the Disks space. Some Folders have been linked to places inside there. /tmp and /Applications are 2 examples.

The basic Layout is very similar to the osx one.  /System/Library is present and organized like the usualy osx. Same goes for /Library. These sure will help to code fore the iPhone since they contain the Libraries that are installed. Some essential stuff in /bin, /sbin, /lib. Seeing the root Disk be almost full, i dont think there will be a lot changes. Looks like this is a stable image.

Generaly we see this concept a lot. If some directory outside /private/var is modified a lot, it gets linked to /var/private in some way.

As mentioned before, the iPhone has 2 main user accounts.

  • root: standart password is alpine home dir is /private/var/root
  • mobile: home dir is /private/var/mobile

Even we have some Log directories (if outside /private/var, they are usualy linked into) the iPhone realy dont like to log stuff to files. Most directory and files are empty. note to myself: have syslog send the stuff to my debug machine somehow.

The realy interesting stuff is mobiles home.

All in all, the iPhones Disk isnt organized too unfamiliar. I sure will have fun.

Flattr this!

Comments Comments Off on Poking around in the iPhone Filesystem

Well, Apple wants 99$ to let one develop for the iPhone. I would even pay that, but they wont sell it wihtout me have a credit card. And that is a definitively no-go for me.

So how to enable iPhone development for me?

Preparations :

  • Xcode :
    Xcode comes with 2 sets of SDKs for the iPhone. The Simulator- and the Device-SDK. The simulator-SDK is intended to run apps on the integrated iPhone simulator. This works out of the box. We talk about some problems with the Simulator later.
    The more tricky thing is to build for the Device. Apple wants all iPhone Apps be signed (a good idea actualy). Aproved Developers (those who pay to Apple) get a Code Signing Certificate and other Stuff from Apple. People like me without this need create that ourself.

    • Create a Code Signing Certificate
      The most convient way is to use the Keychain Manager that came with osx. Use the Assistant in the Programm Menu to create a Code Signing Certificate. By default Xcode checks for a Certificate issued to “iPhone Developer”, so use that as the common name. No need to adjust all the Projects then.
      If Xcode can’t get your Certificate you get a message
      CodeSign error: Code Signing Identity 'iPhone Developer' does not match any code-signing certificate in your keychain. Once added to the keychain, touch a file or clean the project to continue.
    • Open file:///Developer/Platforms/iPhoneOS.platform/Info.plist and add to the OverrideProperties those 2 keys:
      • PROVISIONING_PROFILE_ALLOWED : NO
      • PROVISIONING_PROFILE_REQUIRED : NO

      Without this, you get Errors like
      CodeSign error: a valid provisioning profile is required for product type 'Application' in SDK 'Device - iPhone OS 2.2.1'

    • You must restart Xcode to make those changes work.
  • iPhone setup:

Get your Application to iPhone

  • Build your project for iphone. Double check the SDK set.
    You will see a warning:
    CodeSign warning: provisioning is not applicable for product type 'Application' in SDK 'Device - iPhone OS 2.2.1'; ignoring...
    Ignore it.
  • scp -r [-P <port>] <ProjectRoot>/build/Release-iphoneos/<AppName>.app root@<iPhone ip>:/Applications/
  • ssh into your iPhone; ssh -lroot [-p port] <iPhone ip>
  • To make the application apear on the display, we need reload the SpringBoard. The SpringBoard is the main application you usualy see. We use the internal launchctl application for this :
  • cd to the launchctl directory :cd System/Library/LaunchDaemons/
  • reload the Springboard: launchctl unload com.apple.SpringBoard.plist; launchctl load com.apple.SpringBoard.plist;
  • The iPhone beeps, and after sliding the lock away, your application should be there.

Remove Application

  • ssh into your iPhone, cd into /Applications
  • rm -r <ApplicationBundle>.app
  • reload the Springboard: launchctl unload com.apple.SpringBoard.plist; launchctl load com.apple.SpringBoard.plist;
  • Delete the coresponding entries in User/Library/Caches/com.apple.mobile.installation.plist

Ranting about the Simulator.

So Apple decided to let non-apple-aproved-developers have a way to legaly develop for the iPhone. We shall use the iPhone Simulator. This piece of Software is realy a nice thing, at least i don’t have to set my Application up on the phone, i can use my Keyboard, Mouse, etc.

Well, it would be nice… if its desing wouldnt be completly flawed. First of all it doesnt realy Simulate a iPhone. No arm. It uses x86 code. It uses another SDK. It actualy looks like it just calls the osx frameworks. Unfortunately this differs a little from the iPhone one. An example would be NSTask. On the simulator its there, on the iPhone its not. All this makes the simulator more of a trap than a usefull tool. You can never be sure your code will work on the iPhone just because it worked on the simulator.

Update:
Reloadin the Springboard doesnt always work. Im still unsure what the Problem is.
However, there is a simple workaround. install or remove a Cydia application. Note to myself: poke around in Cydias source to find the problem. This can be annoying after some time, so the most easy thing is to setup your own apt repository. This way you can even install applications from abroad!.

Flattr this!

Comments Comments Off on iPhone developer setup

I worked a lot last months. Got me some $$. So I finaly decided to get myself a present. So here I am with my new iPhone.

It’s a nice device. Nice handling etc, as can be read on a lot places online. First thing to do is to jailbreak it. Easy done if one don’t cares about unlock the SIM. The usual tool to do so didn’t worked with my macBook, due to some weird stuff with the USB. Easy Solution: boot into Windows. Job done.

I got 2 Apllication installers then, Cydia and Installer. I use Cydia because its open source and has thousands of repositories out in the net. Most important was to get a useable way to access the System. Terminal is a nice app from Cydia that offers – drums – a Shell. For sure its limited. But it works, just be carefull with commands that dont finish in some cases (eg, don’t ping or if so, start in background!).

A easier way to access the iPhone is trough ssh.

First i setup my laptop to offer WLAN. To make Things easier, i just setup internet sharing on my WLAN. This way the iPhone can access the net too. Connect to it from the iPhones Settings app. Use ifconfig to find the IP. The usual setup of the network with connections haring should give the iPhone the same IP from now (at least if you connect it to the wlan frequently).

The only login available at this time is the root which has a preset password of alpine. Since this is a public and known default (note to my evil hacker self: Check out public hotspots at train Stations and alike for accessable iphones).

Using this, login to the iPhone. Note roots home Directory (pwd), its /var/root. Now this is a good place to start poke around with the iPhones internals. I will talk about this in a later Post. For now we setup the ssh login in a more convient way.

All my used User Accounts have a RSA-identity. I use those to allow key-based logins on all my computers. So first I go create one for my iPhone. The iPhone actualy has 2 users we need care about. root and one called mobile. For root we place the keys into /var/root/.ssh/, mobiles stuff goes to /var/mobile/.ssh. Adding all my computer public keys to the authorized_keys file for both accounts, and add the public keys of both accounts to all my computers. Now I can login from all my computers to the iPhone and reverse too.

I too have setup my home server to more easy open tunnels from extern. The iPhone was added too to my home-network (not the one from my laptop). I too setup my Gateway (the macMini Server) to enable easy tunneling to all internal hosts.

Since I installed FUSE on my Laptop, i now can access the iPhone trough sshfs, allow me to use the iPhone like any local harddisk.

Last step would be disable the password login on the root account on my iPhone, but first i want make a simple script to turn it on again, which i can run from the iPhone console in case of emergencies.

Flattr this!

Comments Comments Off on new iPhone

Wir kennen das ja alle, Mails mit dem Betreff “FBI: URGENT reply or go jail!”, “POLIZEI: Tauschbörse” etc. Im allgemeinen verschiebt man sowas ja direkt in den Spamordner. Die folgende Mail von heute Morgen war aber doch etwas verwirrend.


X-Account-Key: account2
X-UIDL: UID60118-1158173284
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path:
Delivered-To: spahan00@mbx.unibas.ch
Received: from smtp2pub.unibas.ch (smtp2pub.unibas.ch [131.152.227.82])
by imap1.urz.unibas.ch (Postfix) with ESMTP id D168038C046
for ; Fri, 6 Mar 2009 09:45:24 +0100 (CET)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AlgCAJZxsEnDkaC4mWdsb2JhbACCJiuRdDoBAQEBAQgLCgcRwh+ECAY
X-IronPort-AV: E=Sophos;i="4.38,313,1233529200";
d="scan'208,217";a="12532162"
Received: from relay2.lds.nrw.de ([195.145.160.184])
by smtp2pub.unibas.ch with ESMTP; 06 Mar 2009 09:45:24 +0100
Received: from gg43.gg.nrw.de (gw43.nrw.de [93.184.136.60])
by relay2.lds.nrw.de with ESMTP id n268jJMI002984
for ; Fri, 6 Mar 2009 09:45:19 +0100
Received: from gg43.gg.nrw.de (localhost [127.0.0.1])
by gg43.gg.nrw.de (8.14.0/8.14.0) with ESMTP id n268jYlP018798
for ; Fri, 6 Mar 2009 09:45:34 +0100 (CET)
Received: from MAILHUB1.nrw.de (10.64.112.141) by gg43.gg.nrw.de (smtprelay) with ESMTP Fri Mar 6 09:45:22 2009.
Received: from s564uxg0201.polizei.nrw.de (POLIZEI-MAILER [10.216.241.1])
by MAILHUB1.nrw.de with ESMTP id n268jAC0005480
for ; Fri, 6 Mar 2009 09:45:10 +0100
Received: from smtp-gw-1.polizei.nrw.de (unknown [1.4.112.69])
by s564uxg0201.polizei.nrw.de (Postfix) with ESMTP id 01C8F6F957
for ; Fri, 6 Mar 2009 09:56:59 +0100 (CET)
Received: from smtp-gw-1.polizei.nrw.de (localhost [127.0.0.1])
by smtp-gw-1.polizei.nrw.de (Postfix) with ESMTP id DEDF723CC5
for ; Fri, 6 Mar 2009 09:45:10 +0100 (CET)
Received: from S00PAABEX01.polizei.nrw.de (s00paabex01.polizei.nrw.de [1.1.20.228])
by smtp-gw-1.polizei.nrw.de (Postfix) with ESMTP id D399B23CC4
for ; Fri, 6 Mar 2009 09:45:10 +0100 (CET)
Received: from S00PAADEX02.polizei.nrw.de ([2.1.1.229]) by S00PAABEX01.polizei.nrw.de with Microsoft SMTPSVC(6.0.3790.2668);
Fri, 6 Mar 2009 09:45:10 +0100
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C99E37.DB7C750C"
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: Internetzugang
Date: Fri, 6 Mar 2009 09:45:09 +0100
Message-ID: <45200EA5B54F7A4EB22907EC6E37ADF9114AFB@S00PAADEX02.polizei.nrw.de>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Internetzugang
Thread-Index: AcmeN9tUNgsH6BsLT3W+IoEgm2d21w==
From: "Kuschwart, Herbert"
To:
X-OriginalArrivalTime: 06 Mar 2009 08:45:10.0493 (UTC) FILETIME=[DBCEE8D0:01C99E37]

This is a multi-part message in MIME format.

——_=_NextPart_001_01C99E37.DB7C750C
Content-Type: text/plain;
charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable

Sehr geehrter Herrr Spalinger,

=20

bei der Staatsanwaltschaft K=F6ln / Deutschland ist unter dem =
Aktenzeichen 119 UJs77/09 ein Ermittlungsverfahren wegen Betrug =
anh=E4ngig. Der Betrug wurde unter Verwendung des Internets ver=FCbt. Es =
konnte folgende IP-Adresse festgestellt werden:

=20

08.12.2008 =
um 19:38 UTC / 20:35:48 MEZ

IP =
88.198.56.140

=20

Lt. Auskunft der Fa. Hetzner Online AG, Gunzenhausen, geh=F6rt diese IP =
zu einem Rootserver, den Sie angemietet haben.=20

=20

Ich bitte Sie, mir die verantwortlichen Personaldaten f=FCr den oben =
genannten Internetzugang mitzuteilen.=20

=20

=20

Mit freundlichen Gr=FC=DFen

=20

Herbert Kuschwart

Regionalkommissariat

Telegrafenstra=DFe 35

42929 Wermelskirchen

Tel.: 02196/941441

Fax: 02196/94110441

Mail: herbert.kuschwart@polizei.nrw.de =
=20

=20

——_=_NextPart_001_01C99E37.DB7C750C
Content-Type: text/html;
charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable

xmlns:w=3D”urn:schemas-microsoft-com:office:word” =
xmlns=3D”http://www.w3.org/TR/REC-html40″>
charset=3Diso-8859-1″>


–>

style=3D’font-size:
12.0pt’>Sehr geehrter Herrr Spalinger,

style=3D’font-size:
12.0pt’>

style=3D’font-size:
12.0pt’>bei der Staatsanwaltschaft K=F6ln / Deutschland ist unter dem
Aktenzeichen 119 UJs77/09 ein Ermittlungsverfahren wegen Betrug =
anh=E4ngig. Der
Betrug wurde unter Verwendung des Internets ver=FCbt. Es konnte folgende
IP-Adresse festgestellt werden:

style=3D’font-size:
12.0pt’>

style=3D’font-size:
12.0pt’>=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 08.12.2008
um 19:38 UTC / 20:35:48 MEZ

style=3D’font-size:
12.0pt’>=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 IP
88.198.56.140

style=3D’font-size:
12.0pt’>

style=3D’font-size:
12.0pt’>Lt. Auskunft der Fa. Hetzner Online AG, Gunzenhausen, geh=F6rt =
diese IP
zu einem Rootserver, den Sie angemietet haben. =

style=3D’font-size:
12.0pt’>

style=3D’font-size:
12.0pt’>Ich bitte Sie, mir die verantwortlichen Personaldaten f=FCr den =
oben
genannten Internetzugang mitzuteilen.

style=3D’font-size:
12.0pt’>

style=3D’font-size:
12.0pt’>

style=3D’font-size:
12.0pt’>Mit freundlichen Gr=FC=DFen


style=3D’font-size:12.0pt;font-weight:bold’>

t>

Roman”>
style=3D’font-size:12.0pt’>Herbert =
Kuschwart

style=3D’font-size:
10.0pt’>Regionalkommissariat

style=3D’font-size:
10.0pt’>Telegrafenstra=DFe 35

style=3D’font-size:
10.0pt’>42929 Wermelskirchen

style=3D’font-size:
10.0pt’>Tel.:  02196/941441

style=3D’font-size:
10.0pt’>Fax:   02196/94110441

style=3D’font-size:
10.0pt’>Mail:
href=3D”mailto:herbert.kuschwart@polizei.nrw.de”>
size=3D2 color=3Dblack> style=3D’font-size:10.0pt;color:black’>herbert.kuschwart@polizei.nrw.de span>

style=3D’font-size:
12.0pt’>


Folgende Gründe sprechen für die Echtheit:

  1. Heder: Die Mail stammt offensichtlich von der Domain polizei.nrw.de, die auf http://www.robtex.com/dns/www.polizei-nrw.de.html verweist, was die Domain der Polizei NRW ist.
  2. Keine Viren in der Mail (keine Anhänge)
  3. Herbert Kuschwart wohnt in Wermelskirchen
  4. Es giebt einen Wermelskirchen bei der Polizei NRW

Sollte die Mail echt sein ergeben sich mehrere Fragen:

  1. Wie authentiziert man Mails von Behörden, wenn diese nicht signiert sind?
  2. Was will Herbert Kuschwart von mir?
  3. Was meint Herbert Kuschwart mit “Internetzugang” ?

Ich habe die Polizei NRW angemailt und eine Bestätigung erbeten. Bis ich weitere Infos habe, werde ich mal nichts tun und abwarten.

update: Wie gedacht war die Mail echt. Heute morgen hat mich H. Kuschwart angerufen. Nach einer Erklärung meinerseits wegen des Anhangs (die pgp-Signatur), kam er dann zum Thema. Ob auf dem Server eine Anonymisierungssoftware abreitet?

Bisher hatte ich mit Tor nur mit Urheberrechtsverdrehern Probleme. Aber auf der Tor-Seite wird ja gesagt, dass sich früher oder später auch staatliche Ermittler melden würden.

Ich denke mal, dass ich nicht wirklich in Schwierigkeiten stecke. Herr Kuschwart wollte nicht mehr viel mehr Wissen, als ich ihm vom Tor-Node erzählt habe, er wird wohl wissen, dass da nichts zu finden ist.

Flattr this!

Comments Comments Off on Mail von der Polizei?