Apple Passwords: They All ‘Just Work’

When the Macintosh was released some thirty-odd years ago, to Steve Jobs’ triumphant return in the late 90s, there was one phrase to describe the simplicity of using a Mac. ‘It Just Works’. Whether this was a reference to the complete lack of games on the Mac (Marathon shoutout, tho) or a statement to the user-friendliness of the Mac, one thing is now apparent. Apple has improved the macOS to such a degree that all passwords just work. That is to say, security on the latest versions of macOS is abysmal, and every few weeks a new bug is reported.

The first such security vulnerability in macOS High Sierra was reported by [Lemi Ergin] on Twitter. Simply, anyone could login as root with an empty password after clicking the login button several times. The steps to reproduce were as simple as opening System Preferences, Clicking the lock to make changes, typing ‘root’ in the username field, and clicking the Unlock button. It should go without saying this is incredibly insecure, and although this is only a local exploit, it’s a mind-numbingly idiotic exploit. This issue was quickly fixed by Apple in the Security Update 2017-001

The most recent password flaw comes in the form of unlocking the App Store preferences that can be unlocked with any password. The steps to reproduce on macOS High Sierra are simply:

  • Click on System Preferences
  • Click on App Store
  • Click the padlock icon
  • Enter your username and any password
  • Click unlock

This issue has been fixed in the beta of macOS 10.13.3, which should be released within a month. The bug does not exist in macOS Sierra version 10.12.6 or earlier.

This is the second bug in macOS in as many months where passwords just work. Or don’t work, depending on how cheeky you want to be. While these bugs have been overshadowed with recent exploits of Intel’s ME and a million blog posts on Meltdown, these are very, very serious bugs that shouldn’t have happened in the first place. And, where there are two, there’s probably more.

We don’t know what’s up with the latest version of the macOS and the password problems, but we are eagerly awaiting the Medium post from a member of the macOS team going over these issues. We hope to see that in a decade or two.

Extracting A Vector Font From A Vintage Plotter

There is a huge variety of hardware out there with a font of some form or other baked into the ROM. If it’s got a display it needs a font, and invariably that font is stored as a raster. Finding these fonts is trivial – dump the ROM, render it as a bitmap, and voilà – there’s your font. However, what if you’re trying to dump the font from a vintage Apple 410 Color Plotter? It’s stored in a vector format, and your job just got a whole lot harder.

The problem with a vector font is that the letters aren’t stored as individual images, but as a series of instructions that, when parsed correctly, draw the character. This has many benefits for generating characters in all manner of different sizes, but makes the font itself much harder to find in a ROM dump. You’re looking for both the instructions that generate the characters, as well as the code used to draw them, if you want a full representation of the font.

The project begins by looking at what’s known about the plotter. The first part of any such job is always knowing where to look, of course. It’s quickly determined that the font is definitely stored in the main ROM, and that there is no other special vector drawing chip or ROMs on board. The article then steps through the search process, beginning with plaintext searches of the binary dump, before progressing to a full disassembly of the plotter firmware. After testing out various assumptions and working methodically, the vector data is found and eventually converted into a modern TrueType font.

In the end, the project is successful, and it’s a great guide on how to approach similar projects. The key is to lay out everything you know at the start, and use that to guide your search step by step, testing and discarding assumptions until you hit paydirt. We’ve seen similar works before, like this project to dump the voice from an ancient Chrysler Electronic Voice Alert.

Dig Into the Apple Device Design Guide

Millions of people worldwide have just added new Apple gadgets to their lives thanks to the annual end of December consumerism event. Those who are also Hackaday readers are likely devising cool projects incorporating their new toys. This is a good time to remind everybody that Apple publishes information useful for such endeavors: the Accessory Design Guidelines for Apple Devices (PDF).

This comes to our attention because [Pablo] referenced it to modify an air vent magnet mount. The metal parts of a magnetic mount interferes with wireless charging. [Pablo] looked in Apple’s design guide and found exactly where he needed to cut the metal plate in order to avoid blocking the wireless charging coil of his iPhone 8 Plus. What could have been a tedious reverse-engineering project was greatly simplified by Reading The… Fine… Manual.

Apple has earned its reputation for hacker unfriendliness with nonstandard fasteners and liberal use of glue. And that’s even before we start talking about their digital barriers. But if your project doesn’t involve voiding the warranty, their design guide eliminates tedious dimension measuring so you can focus on the fun parts.

Dimensioned drawing of Apple iPad Pro

This guide is packed full of dimensioned drawings. A cursory review shows that they look pretty good and aren’t terrible at all. Button, connector, camera, and other external locations make this an indispensable tool for anyone planning to mill or print an interface for any of Apple’s hardware.

So let’s see those projects! Maybe a better M&M sorter. Perhaps a time-lapse machine. Or cure your car’s Tesla envy and put a well-integrated iPad into the dashboard.

New Life For An Obscure Apple Plotter

We’ve all at some point or other seen something done online by somebody else, and thought “I’d like to have a go at that!”. When [Phooky] saw the artwork on the #PlotterTwitter hashtag, he remembered a past donation of a plotter to the NYC Resistor hackerspace. Some searching through the loft revealed a dusty cardboard box containing not the lovely Hewlett-Packard he’d hoped for, but instead an Apple 410 Color Plotter. This proved to be such an obscure part of the legacy Apple product line that almost no information was available for it save for a few diagrams showing DIP switch settings for the serial port.

Undeterred, he took a look inside and found a straightforward enough control board featuring a Z80 processor and support chips with 1983 date codes. The ROMs were conveniently socketed, so after dumping their contents, he was able to identify the routine for the plotter’s test program, and thus work from there to deduce its command set.  A small matter of the plotter using hardware handshaking lines to signal a full buffer later, and he was able to use it to produce beautiful plots. Should you be one of the lucky few remaining Apple 410 owners, you may find his software library for it to be of some use.

If you’d like to see some more aged plotter action on these pages, we’ve had an analog Hewlett Packard here in the past, as well as a vintage drum plotter.

Thanks [Sophi] for the tip.

Face ID Defeated With 3D Printed Mask (Maybe)

Information about this one is still tricking in, so take it with a grain of salt, but security company [Bkav] is claiming they have defeated the Face ID system featured in Apple’s iPhone X. By combining 2D images and 3D scans of the owner’s face, [Bkav] has come up with a rather nightmarish creation that apparently fools the iPhone into believing it’s the actual owner. Few details have been released so far, but a YouTube video recently uploaded by the company does look fairly convincing.

For those who may not be keeping up with this sort of thing, Face ID is advertised as an improvement over previous face-matching identification systems (like the one baked into Android) by using two cameras and a projected IR pattern to perform a fast 3D scan of the face looking at the screen. Incidentally, this is very similar to how Microsoft’s Kinect works. While a 2D system can be fooled by a high quality photograph, a 3D based system would reject it as the face would have no depth.

[Bkav] is certainly not the first group to try and con Apple’s latest fondle-slab into letting them in. Wired went through a Herculean amount of effort in their attempt earlier in the month, only to get no farther than if they had just put a printed out picture of the victim in front of the camera. Details on how [Bkav] managed to succeed are fairly light, essentially boiling down to their claim that they are simply more knowledgeable about the finer points of face recognition than their competitors. Until more details are released, skepticism is probably warranted.

Still, even if their method is shown to be real and effective in the wild, it does have the rather large downside of requiring a 3D scan of the victim’s face. We’re not sure how an attacker is going to get a clean scan of someone without their consent or knowledge, but with the amount of information being collected and stored about the average consumer anymore, it’s perhaps not outside the realm of possibility in the coming years.

Since the dystopian future of face-stealing technology seems to be upon us, you might as well bone up on the subject so you don’t get left behind.

Thanks to [Bubsey Ubsey] for the tip.

Continue reading “Face ID Defeated With 3D Printed Mask (Maybe)”

Hackaday Links: September 17, 2017

BREAKING NEWS: APPLE HAS RELEASED A NEW RECTANGLE. IT IS BETTER THAN THE PREVIOUS RECTANGLE, WHICH WAS A LESSER RECTANGLE. SOME PEOPLE ARE UNHAPPY WITH THE NEW RECTANGLE BECAUSE OF [[CHANGES]]. THE NEW RECTANGLE HAS ANIMATED POO.

Mergers and acquisitions? Not this time. Lattice Semiconductor would have been bought by Canyon Bridge — a private equity firm backed by the Chinese government — for $1.3B. This deal was shut down by the US government because of national security concerns.

[Jan] is the Internet’s expert in doing synths on single chips, and now he has something pretty cool. It’s a breadboard synth with MIDI and CV input. Basically, what we’re looking at is [Jan]’s CVS-01 chip for a DCO, DCF, and DCA), a KL5 chip for an LFO, and an envelope chip. Tie everything together with a two-octave captouch keyboard, and you have a complete synthesizer on a breadboard.

As an aside relating to the above, does anyone know what the cool kids are using for a CV/Gate keyboard controller these days? Modular synths are making a comeback, but it looks like everyone is running a MIDI keyboard into a MIDI-CV converter. It seems like there should be a –simple, cheap– controller with quarter-inch jacks labeled CV and Gate. Any suggestions?

World leaders are tweeting. The Canadian PM is awesome and likes Dark Castle.

Way back in July, Square, the ‘POS terminal on an iPad’ company posted some data on Twitter. Apparently, fidget spinner sales peaked during the last week of May, and were declining through the first few weeks of summer. Is this proof the fidget spinner fad was dead by August? I have an alternate hypothesis: fidget spinner sales are tied to middle schoolers, and sales started dropping at the beginning of summer vacation. We need more data, so if some of you could retweet this, that would be awesome.

Remember [Peter Sripol], the guy building an ultralight in his basement? This is going to be a five- or six-part video build log, and part three came out this week. This video features the installation of the control surfaces, the application of turnbuckles, and hardware that is far too expensive for what it actually is.

A Floppy Drive For Apple’s Pippin

The Pippin was Apple’s first and last foray into gaming consoles. At its heart, the Pippin was a strange ‘multimedia device’ with a CD-ROM, the potential for Internet access, a few neat controllers, and the guts of a very bare-bones PowerPC Macintosh. Think of a cross between a 3DO and WebTV, and you’ll get an idea of what Apple was trying to build here.

The Pippin is rare, and that means the related accessories, ranging from magneto-optical drives to floppy drives, are incredibly hard to come by. Now, one of those peripherals isn’t rare anymore; [Pierre] has cloned the (passive) PCB that allows a Macintosh floppy drive to plug directly into the Pippin.

The expansion capabilities for the Pippin are locked away inside a PCI connector strategically located on the bottom of this set-top box. The official floppy drive accessory injection molded case, a standard Mac floppy drive, and a PCB. After finding one of these rare floppy drive accessories, [Pierre] simply took a meter to all the pins, traced out the circuit, and created a PCB with a PCI connector on one end, and 20-pin connector on the other. The PCB is shared on OSH Park if you want to check this out.

Although recreating this hardware was relatively easy, testing it was not. The first test used the Floppy Emu, a neat device that allows old Macs to read disk images off an SD card. This worked beautifully, but testing it out with a real floppy drive did not. Some disks simply didn’t work, although [Pierre] is chalking that one up to a problem with the USB floppy drive and a Mac running Sierra.