Forensic Bookmark.plist from Safari

30/07/10

Posté par Noktec dans OS

Aucun commentaire

I was reading some documents on Mac Os X forensic, and I was searching
how to get back the Bookmark.plist from safari to parse it and read it easily …

I knew that this file is located in the following folder :

~Library/Safary/Bookmarks.plist

I was thinking that plist files where always XML documents and tried with python to read the file, I opened python and typed the following commands.

>>>  import plistlib
>>> plist.readPlist('Bookmarks.plist)

Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/plistlib.py", line 78, in readPlist
rootObject = p.parse(pathOrFile)
File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/plistlib.py", line 405, in parse
parser.ParseFile(fileobj)
xml.parsers.expat.ExpatError: not well-formed (invalid token): line 1, column 9

Yeah ! Error …

I got back to my shell and tried to read it with

$ cat Bookmarsk.plist

[...] it was not an XML output at all !

I directly decide to go to  developer.apple.com/ , to find the plist use, and find out that some plist files are in

BINARY FORMAT PROPERTY LISTS

WTF ??

hopefully the command was given to translate it to XML

plutil -convert xml1 -o - Bookmarks.plist

I tried it, and it gave me a cool XML format.

I could then put the output of this command in an XML file and use it.

  • Share/Bookmark
, , , ,

Ping Script

18/07/10

Posté par Noktec dans Linux

Aucun commentaire

A few minutes ago I completed this little ping script,
for non initiated users.

It first pings the 192.168.1.1
then pings the 192.168.2.1
after that it pings the 8.8.8.8
and finally pings the www.google.com address

Why does it pings 1.1 and 2.1 ?

Because my friend wanted to use it in different areas, ( he his not familiar with the shell ) for example at work 1.1 and home 2.1.

Why does it pings 8.8.8.8 and google.com ?

Similar as above  8.8.8.8 is the DNS of google .. and  google.com is just reaching the web

How does it work ? :

Execute the script.sh and it will print out  5 pings to 1.1  and write the result in GREEN / RED and then 5 pings to 2.1 and the result in GREEN / RED
and so one.

The script : 

#!/bin/sh
GREEN="\\033[1;32m"
NORMAL="\\033[0;39m"
RED="\\033[1;31m"
clear
####################### 1.1 ################
ping -c 5 192.168.1.1
if [ ! "$?" -eq 0 ]; then
echo -e "$RED" "ping 1.1 failed" "$NORMAL"
else
echo -e "$GREEN"  "ping 1.1 passed" "$NORMAL"
fi
########################## 2.1 ##############
ping -c 5 192.168.2.1
if [ ! "$?" -eq 0 ]; then
echo -e "$RED"  "ping 2.1 failed" "$NORMAL"
else
echo -e "$GREEN" "ping 2.1 passed" "$NORMAL"
fi
########################## 8.8 ##############
ping -c 5 8.8.8.8
if [ ! "$?" -eq 0 ]; then
echo-e "$RED" "ping 8.8 failed" "$NORMAL"
else
echo -e "$GREEN" "ping 8.8 passed" "$NORMAL"
fi
########################## GOOGLE ##############
ping -c 5 www.google.com
if [ ! "$?" -eq 0 ]; then
echo -e "$RED" "ping google failed" "$NORMAL"
else
echo -e "$GREEN" "ping google passed" "$NORMAL"
fi

So have fun ;)

  • Share/Bookmark
, , ,

Hidden password in an extended attribute

18/07/10

Posté par Noktec dans Linux

2 commentaires

Today I was playing with some forensic challenges and I got surprised by
one of them. It was going like this : « A password is hidden … but where »

The file was an image, and my first idea was to try some steganography tools,
but after one little hour, some researches … I began to be very bored, and
asked my friend Google about hidden data on OS X.

After a few minutes I found the answer xattr
the EXTENDED ATTRIBUTES … they are kind of similar to the alternate
data stream in Windows.

It’s why I decided to explain you how it was working :

  • Open a shell and enter into Python
>>> xattr.listxattr("test.png")
(u'com.apple.metadata:kMDItemWhereFroms', u'user.comment')
>>>

as you may see … there are some attributes, and one of them is « user.comment », after
some researches on the internet ( 1 min ) I discovered how to print it out :

>>> xattr.getxattr("test.png", "user.comment")
'Password: XnHjst6&'
>>>

And the challenge was finished ! It was the first time I saw the extended attributes … and I found it very interesting.

have fun

  • Share/Bookmark
, , , , ,

fflush vs/and fpurge

13/07/10

Posté par Noktec dans Linux

4 commentaires

  • What are fflush and fpurge  ?

    • Man pages :

    SYNOPSIS :

    #include <stdio.h>

    int  fflush(FILE *stream);

    int fpurge(FILE *stream);

    Description :

    The function fflush() forces a write of all buffered data for the given output or update stream via the stream's underlying write function. The open status of the stream is unaffected.

If the stream argument is NULL, fflush() flushes all open output streams.

The function fpurge() erases any input or output buffered in the given stream. For output streams this discards any unwritten output. For input streams this discards any input read from the underlying object but not yet obtained via getc(3); this includes any text pushed back via ungetc(3).
  • Why am I talking about those functions ?

Today a friend, asked me to review a C code, without any fflush / fpurge and a I got some errors reviewing it, I decided to make some tests with a basic C code.

#include<stdio.h>

#define MAX_SIZE 50

int main(void){
 char sex='\0';
 char name[15];
 printf("name");
 scanf("%s",name);
 printf("sex");
 scanf("%c",&sex);
 printf("%c,%s",sex,name);
 return 0;
}

When I was running this little C code, it skipped all the time the

 scanf("%c",&sex);
 printf("%c,%s",sex,name);

Remembering some C courses ( I’m not using C for this kind of things anymore ;) ) I tried to solve the problem flushing the standard input
with the following function, (Note : fflush may lead to undefined behaviour ! )

#include<stdio.h>

#define MAX_SIZE 50

int main(void){
 char sex='\0';
 char name[15];
 printf("name");
 scanf("%s",name);
fflush(stdin);
 printf("sex");
 scanf("%c",&sex);
 printf("%c,%s",sex,name);
 return 0;
}

but the error appeared again, and again. Finally I decided to purge the standard input ( I have a mac and the fpurge function is a non standard function ) but it was working.

#include<stdio.h>

#define MAX_SIZE 50

int main(void){
 char sex='\0';
 char name[15];
 printf("name");
 scanf("%s",name);
fpurge(stdin);
 printf("sex");
 scanf("%c",&sex);
 printf("%c,%s",sex,name);
 return 0;
}

And all this shit gets away, when you use fgets() to read a line input, or sscanf() functions

anyway another tip could have been to write it like

#include<stdio.h>

#define MAX_SIZE 50

int main(void){
 char sex='\0';
 char name[15];
 printf("name");
 scanf("%s",name);
 printf("sex");
 scanf(" %c",&sex);
 printf("%c,%s",sex,name);
 return 0;
}

notice the space

#include<stdio.h>
scanf(" %c",&sex);

when reading this, the buffer is getting a new line char that was in the buffer from the previous scanf call, and this may arrange the problem too ;)

have fun with C ;)

  • Share/Bookmark
, , ,

Intruded Nº4

29/05/10

Posté par Noktec dans Linux

Aucun commentaire

For the 4th one, we remeber that there was a program called
« level4″ in the /wargame folder, let’s go to it.

first run :

level4@leviathan:/wargame$ ./level4
Enter the password> lol
bzzzzzzzzap. WRONG
level4@leviathan:/wargame$

interesting .. it looks like the 2 challenge, let’s disassemble the main part : 

(gdb) disassemble main
Dump of assembler code for function main:
0x08048523 :	lea    0x4(%esp),%ecx
0x08048527 :	and    $0xfffffff0,%esp
0x0804852a :	pushl  0xfffffffc(%ecx)
0x0804852d :	push   %ebp
0x0804852e :	mov    %esp,%ebp
0x08048530 :	push   %ecx
0x08048531 :	sub    $0x44,%esp
0x08048534 :	mov    0x8048757,%eax
0x08048539 :	mov    %eax,0xfffffff1(%ebp)
0x0804853c :	movzwl 0x804875b,%eax
0x08048543 :	mov    %ax,0xfffffff5(%ebp)
0x08048547 :	movzbl 0x804875d,%eax
0x0804854e :	mov    %al,0xfffffff7(%ebp)
0x08048551 :	mov    0x804875e,%eax
0x08048556 :	mov    %eax,0xffffffe7(%ebp)
0x08048559 :	mov    0x8048762,%eax
0x0804855e :	mov    %eax,0xffffffeb(%ebp)
0x08048561 :	movzwl 0x8048766,%eax
0x08048568 :	mov    %ax,0xffffffef(%ebp)
0x0804856c :	mov    0x8048768,%eax
0x08048571 :	mov    %eax,0xffffffe0(%ebp)
0x08048574 :	movzwl 0x804876c,%eax
0x0804857b :	mov    %ax,0xffffffe4(%ebp)
0x0804857f :	movzbl 0x804876e,%eax
0x08048586 :	mov    %al,0xffffffe6(%ebp)
0x08048589 :	mov    0x804876f,%eax
0x0804858e :	mov    %eax,0xffffffd9(%ebp)
0x08048591 :	movzwl 0x8048773,%eax
0x08048598 :	mov    %ax,0xffffffdd(%ebp)
0x0804859c :	movzbl 0x8048775,%eax
0x080485a3 :	mov    %al,0xffffffdf(%ebp)
0x080485a6 :	mov    0x8048776,%eax
0x080485ab :	mov    %eax,0xffffffcf(%ebp)
0x080485ae :	mov    0x804877a,%eax
0x080485b3 :	mov    %eax,0xffffffd3(%ebp)
0x080485b6 :	movzwl 0x804877e,%eax
0x080485bd :	mov    %ax,0xffffffd7(%ebp)
0x080485c1 :	lea    0xffffffd9(%ebp),%eax
0x080485c4 :	mov    %eax,0x4(%esp)
0x080485c8 :	lea    0xffffffe0(%ebp),%eax
0x080485cb :	mov    %eax,(%esp)
0x080485ce :	call   0x804835c 
0x080485d3 :	test   %eax,%eax
0x080485d5 :	jne    0x80485de 
0x080485d7 :	movl   $0x1,0xfffffff8(%ebp)
0x080485de :	movl   $0x8048742,(%esp)
0x080485e5 :	call   0x80483bc

0x080485ea :	call   0x8048484 
0x080485ef :	add    $0x44,%esp
0x080485f2 :	pop    %ecx
0x080485f3 :	pop    %ebp
0x080485f4 :	lea    0xfffffffc(%ecx),%esp
0x080485f7 :	ret
---Type  to continue, or q  to quit---q
Quit

Again, we can take the interesting part :

0x080485ce :	call   0x804835c 
0x080485d3 :	test   %eax,%eax
0x080485d5 :	jne    0x80485de

let’s make a break point on it, and run it until it ask the password : 

reakpoint 1 at 0x804835c
(gdb) r
Starting program: /wargame/level4 

Breakpoint 1, 0x0804835c in strcmp@plt ()
(gdb) s
Single stepping until exit from function strcmp@plt,
which has no line number information.
0xb7f1eec0 in strcmp () from /lib/tls/i686/cmov/libc.so.6
(gdb) s
Single stepping until exit from function strcmp,
which has no line number information.
0x080485d3 in main ()
(gdb) s
Single stepping until exit from function main,
which has no line number information.
Enter the password> test

/!\ there is an interesting thing, I had to push 3 times « s » to arrive to my break point
( I should analyse this, anyway let’s continue ) /!\

let’s see what’s happening when we analyse $esp 

(gdb) x/2x $esp
0xbffff8bc:	0x080484e6	0xbffff8dd
(gdb) x/s 0xbffff8dd
0xbffff8dd:	 "test\n"

Ok, we got our password back, so, let’s go a bit further

(gdb) x/3x $esp
0xbffff8bc: 0x080484e6 0xbffff8dd 0xbffff9dd
(gdb) x/s 0xbffff9dd
0xbffff9dd: « snlprintf\n »
(gdb)

ok .. here there is a little trick "snlprintf" is the password we are searching for,
they just put a " C " name as string. the clue is "\n" at the end of snlprintf ;)

let's try the password :

level4@leviathan:/wargame$ ./level4
Enter the password> snlprintf
[You've got shell]!
sh-3.1$

yeah let's go to the next lvl ;)

  • Share/Bookmark
, , ,

Intruded Nº3

29/05/10

Posté par Noktec dans Linux

Aucun commentaire

Hi,

ready for the challenge number 3 ?

let’s connect to it 


ssh level3@leviathan.intruded.net -p 10101
*************************************************
*    Welcome to Intruded.net Wargame Server     *
*                                               *
*       * You are playing "Leviathan"           *
*       * Most levels can be found in /wargame  *
*       * Login: level1:leviathan               *
*       * Support: irc.intruded.net #wargames   *
*                                               *
*                                               *
*       ! Server is restarted every 12 hours    *
*       ! Server is cleaned every reboot        *
*       ! /tmp direcotry is writable            *
*                                               *
*                                               *
*************************************************
level3@leviathan.intruded.net's password:
Linux leviathan 2.6.18-6-686 #1 SMP Thu Aug 20 21:56:59 UTC 2009 i686

level3@leviathan:~$

Let’s directly go to the Wargame folder 

level3@leviathan:~$ cd /wargame/
level3@leviathan:/wargame$ ls
check  level4  printfile  prog  sphinx

let’s try one by one the programs, to see what’s our.

level3@leviathan:/wargame$ ls
check  level4  printfile  prog  sphinx
level3@leviathan:/wargame$ ./level4
-bash: ./level4: Permission denied
level3@leviathan:/wargame$ ./printfile
-bash: ./printfile: Permission denied
level3@leviathan:/wargame$ ./sphinx
-bash: ./sphinx: Permission denied
level3@leviathan:/wargame$ ./prog
Cannot find /tmp/file.log
level3@leviathan:/wargame$

It looks like we have to use ./prog

we have to read /home/level4/.passwd …
and ./prog is reading the file /tmp/file.log and printing the content … so let’s link both 

level3@leviathan:/wargame$ ln -s /home/level4/.passwd /tmp/file.log
level3@leviathan:/wargame$ ./prog
R0gBtSP5
level3@leviathan:/wargame$

Yeah … got it !!

ok, next challenges tomorrow :)

  • Share/Bookmark
, , , ,

Intruded nº2

29/05/10

Posté par Noktec dans Linux

Aucun commentaire

Now that we succeeded the first level, let’s go for the second one.

Once connected to the second level you get this :

ssh level2@leviathan.intruded.net -p 10101
*************************************************
*    Welcome to Intruded.net Wargame Server     *
*                                               *
*       * You are playing "Leviathan"           *
*       * Most levels can be found in /wargame  *
*       * Login: level1:leviathan               *
*       * Support: irc.intruded.net #wargames   *
*                                               *
*                                               *
*       ! Server is restarted every 12 hours    *
*       ! Server is cleaned every reboot        *
*       ! /tmp direcotry is writable            *
*                                               *
*                                               *
*************************************************
level2@leviathan.intruded.net's password:
Permission denied, please try again.
level2@leviathan.intruded.net's password:
Linux leviathan 2.6.18-6-686 #1 SMP Thu Aug 20 21:56:59 UTC 2009 i686
level2@leviathan:~$

let’s see what files are available :

level2@leviathan:~$ ls -a
.  ..  .bash_history  .bash_logout  .bash_profile  .bashrc  .passwd
level2@leviathan:~$

Hmm nothing interesting let’s get one folder above,

level2@leviathan:/home$ ls -a
.  ..  level1  level2  level3  level4  level5  level6  level7  level8
level2@leviathan:/home$ cd level3/
-bash: cd: level3/: Permission denied
level2@leviathan:/home$

Hmm we cannot go to the level3 … let’s get to one folder above again

level2@leviathan:/$ ls -a
.    boot   etc     initrd.img  media  proc  srv  usr      wargame
..   cdrom  home    lib         mnt    root  sys  var
bin  dev    initrd  lost+found  opt    sbin  tmp  vmlinuz
level2@leviathan:/$

Haaa , there is a wargame folder, let’s try this one

level2@leviathan:/wargame$ ls
check  level4  printfile  prog  sphinx
level2@leviathan:/wargame$

ok, let’s try the first program :

level2@leviathan:/wargame$ ./check
password: test
Wrong password, Good Bye ...
level2@leviathan:/wargame$

Hmmm it looks like it’s a strcmp in C … if you remember I wrote an article about that,
how to get a password with GDB ( here )

let’s try it here :

 level2@leviathan:/wargame$ gdb  ./check
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".

Let’s disassemble the main function :

(gdb) disassemble main
Dump of assembler code for function main:
0x08048464 :	lea    0x4(%esp),%ecx
0x08048468 :	and    $0xfffffff0,%esp
0x0804846b :	pushl  0xfffffffc(%ecx)
0x0804846e :	push   %ebp
0x0804846f :	mov    %esp,%ebp
0x08048471 :	push   %ecx
0x08048472 :	sub    $0x34,%esp
0x08048475 :	mov    0x8048668,%eax
0x0804847a :	mov    %eax,0xfffffff3(%ebp)
0x0804847d :	mov    0x804866c,%eax
0x08048482 :	mov    %eax,0xffffffec(%ebp)
0x08048485 :	movzwl 0x8048670,%eax
0x0804848c :	mov    %ax,0xfffffff0(%ebp)
0x08048490 :	movzbl 0x8048672,%eax
0x08048497 :	mov    %al,0xfffffff2(%ebp)
0x0804849a :	mov    0x8048673,%eax
0x0804849f :	mov    %eax,0xffffffe8(%ebp)
0x080484a2 :	mov    0x8048677,%eax
0x080484a7 :	mov    %eax,0xffffffe3(%ebp)
0x080484aa :	movzbl 0x804867b,%eax
0x080484b1 :	mov    %al,0xffffffe7(%ebp)
0x080484b4 :	movl   $0x8048638,(%esp)
0x080484bb :	call   0x8048398

0x080484c0 :	call   0x8048338
0x080484c5 :	mov    %al,0xfffffff7(%ebp)
0x080484c8 :	call   0x8048338
0x080484cd :	mov    %al,0xfffffff8(%ebp)
0x080484d0 :	call   0x8048338
0x080484d5 :	mov    %al,0xfffffff9(%ebp)
0x080484d8 :	movb   $0x0,0xfffffffa(%ebp)
0x080484dc :	lea    0xfffffff3(%ebp),%eax
0x080484df :	mov    %eax,0x4(%esp)
0x080484e3 :	lea    0xfffffff7(%ebp),%eax
0x080484e6 :	mov    %eax,(%esp)
0x080484e9 :	call   0x8048348
0x080484ee :	test   %eax,%eax
0x080484f0 :	jne    0x804850c
0x080484f2 :	movl   $0x3ea,(%esp)
0x080484f9 :	call   0x8048358
0x080484fe :	movl   $0x8048643,(%esp)
0x08048505 :	call   0x8048368
0x0804850a :	jmp    0x8048518
0x0804850c :	movl   $0x804864b,(%esp)
0x08048513 :	call   0x8048378

0x08048518 :	add    $0x34,%esp
0x0804851b :	pop    %ecx
0x0804851c :	pop    %ebp
0x0804851d :	lea    0xfffffffc(%ecx),%esp
0x08048520 :	ret
0x08048521 :	nop
0x08048522 :	nop
0x08048523 :	nop
0x08048524 :	nop
0x08048525 :	nop
0x08048526 :	nop
0x08048527 :	nop
0x08048528 :	nop
0x08048529 :	nop
0x0804852a :	nop
0x0804852b :	nop
0x0804852c :	nop
0x0804852d :	nop
0x0804852e :	nop
0x0804852f :	nop
End of assembler dump.

as we can see :

0x080484e9 :	call   0x8048348
0x080484ee :	test   %eax,%eax
0x080484f0 :	jne    0x804850c

this is the interesting part, let’s make a break point on the call and analyse it with x/x

(gdb) b * 0x8048348
Breakpoint 1 at 0x8048348
(gdb) r
Starting program: /wargame/check
password: test

Breakpoint 1, 0x08048348 in strcmp@plt ()
(gdb) x/x $esp
0xbffff9fc:	0x080484ee

as we can see it’s giving us, what is on this moment in the stack, let’s go further,
we are gonna print the stack with x/s and see what happens.

(gdb) x/s 0x080484ee
0x80484ee :	 "\205?u\032?\004$?\003"

it looks not normal let’s try a bit more

(gdb) x/2x $esp
0xbffff9fc:	0x080484ee	0xbffffa2f
(gdb) x/s 0xbffffa2f
0xbffffa2f:	 "tes"

Haaa this is OUR « tes » we can already conclude that the password is only 3 chars, let’s get more inside it
again

(gdb) x/3x $esp
0xbffff9fc:	0x080484ee	0xbffffa2f	0xbffffa2b
(gdb) x/s 0xbffffa2b
0xbffffa2b:	 "sex"
(gdb)

Got it …

let’s run again, tadaaa new shell

level2@leviathan:/wargame$ ./check
password: sex
sh-3.1$

anyway another solution could have been to use the ltrace command:

level2@leviathan:/wargame$ ltrace ./check
__libc_start_main(0x8048464, 1, 0xbffffad4, 0x8048580, 0x8048530
printf("password: ")                                                                                                         = 10
getchar(0x8048638, 0xb7fe0ff4, 0xbffffa28, 0x80483f0, 0xb7fe0ff4password: test
)                                                            = 116
getchar(0x8048638, 0xb7fe0ff4, 0xbffffa28, 0x80483f0, 0xb7fe0ff4)                                                            = 101
getchar(0x8048638, 0xb7fe0ff4, 0xbffffa28, 0x80483f0, 0xb7fe0ff4)                                                            = 115
strcmp("tes", "sex")                                                                                                         = 1
puts("Wrong password, Good Bye ..."Wrong password, Good Bye ...
)                                                                                         = 29
+++ exited (status 29) +++
level2@leviathan:/wargame$

let’s go to the next level ;) 

sh-3.1$ cat /home/level3/.passwd
oc7vaCOg
sh-3.1$
  • Share/Bookmark
, , , , ,

Intruded nº1

28/05/10

Posté par Noktec dans Linux

Aucun commentaire

Today I tried the Intruded Leviathan wargame ( the first levels ),

I will explain how to resolve them easily.

Let’s try the first one.

  1. open a terminal
  2. type « ssh level1@leviathan.intruded.net -p 10101″
  3. type the password  leviathan

and then you should get something like this :

*************************************************
*    Welcome to Intruded.net Wargame Server     *
*                                               *
*       * You are playing "Leviathan"           *
*       * Most levels can be found in /wargame  *
*       * Login: level1:leviathan               *
*       * Support: irc.intruded.net #wargames   *
*                                               *
*                                               *
*       ! Server is restarted every 12 hours    *
*       ! Server is cleaned every reboot        *
*       ! /tmp direcotry is writable            *
*                                               *
*                                               *
*************************************************
level1@leviathan.intruded.net's password:
Linux leviathan 2.6.18-6-686 #1 SMP Thu Aug 20 21:56:59 UTC 2009 i686

Now that we are connected, we should try the first command to see

ls -a = to list the folders even the hidden one

level1@leviathan:~$ ls -a
.  ..  .backup  .bash_history  .bash_logout  .bash_profile  .bashrc  .passwd

Hmmm there is a « backup » folder hidden, let’s enter in it, and list it.

level1@leviathan:~$ cd ./.backup
level1@leviathan:~/.backup$ ls -a
bookmarks.html

Ok, bookmarks let’s see if there are some « passwords »

level1@leviathan:~/.backup$ cat ./bookmarks.html |grep pass
<DT><A HREF="http://nahtaivel.intruded.net/passwordus.html" TEMP: "AFeSdWEf"ADD_DATE="1155384634" LAST_CHARSET="ISO-8859-1" ID="rdf:#$2wIU71">password to level2</A>
level1@leviathan:~/.backup$

Easy … we got it

let’s meet at the next level :)

  • Share/Bookmark
, , ,

How to spy companies?

27/05/10

Posté par Noktec dans Security

1 commentaire

I was looking this on another blog, and find it Interesting to show you, how hackers can retrieves informations about a company. This year I made an Audit on a VoIP architecture for a military agency, and I discovered that a lot of things are often forgotten, it’s why I have to remember this trick for a next audit.

anyway … you should be also a bit afraid about all the (your) informations being spread.

  • Share/Bookmark
, ,

Troubleshooting your mac

27/05/10

Posté par Noktec dans OS

Aucun commentaire

Today, I got a little problem with my mac book pro, I putted the screen down, to put my mac in sleep mode,
and after 5 minutes, I still saw the apple being enlightened. When I tried to open it again and to get it out of
the « sleep mode », I never got the login screen … it looked frozen, so, I decided to clean the Pram.

Pram is the acronym of parameter ram, and sometimes it gets corrupted.
It’s good to reset it, when you are troubleshooting your mac.

Pram contains:

  • Status of AppleTalk
  • Serial Port Configuration and Port definition
  • Alarm clock setting
  • Application font
  • Serial printer location
  • Autokey rate
  • Autokey delay
  • Speaker volume
  • Attention (beep) sound
  • Double-click time
  • Caret blink time (insertion point rate)
  • Mouse scaling (mouse speed)
  • Startup disk
  • Menu blink count
  • Monitor depth
  • 32-bit addressing
  • Virtual memory
  • RAM disk
  • Disk cache

It means that when you’r reseting it, you will loose some parameters like time zone, speakers settings, etc.

How to clean Pram,

  1. Shut the computer down.
  2. Turn on the computer.
  3. Press Alt+ apple + R + P.
  4. wait until the beeps of your mac.

Now that you cleared the Pram the problem may be resolved ( anyway I don’t know if you ever got the same problem, but one of your problem could be resolved with this ).

I also decided to reset the SMC ( which stands for System Management Controler ) which is a microchip used  for a lot of things,
as explained here on the website of apple.

  • Responding to presses of the power button
  • Responding to display lid opening and closing on portable Macs
  • Battery management
  • Thermal management
  • The SMS (Sudden Motion Sensor)
  • Ambient light sensing
  • Keyboard backlighting
  • Status Indicator Light (SIL) management
  • Battery status indicator lights
  • Selecting an external (instead of internal) video source for some iMac displays

How do you reset it :
First apple recommend the following steps

Before Resetting the SMC

Try each of the following steps in this order before you reset the SMC.  Test the issue after completing each troubleshooting step to determine if the issue still occurs.

  1. Press Command + Option + Escape to force quit any application that is not responding.
  2. Put your Mac to sleep by choosing the Apple () menu from the upper-left menu bar and then choosing Sleep. Wake the computer after it has gone to sleep.
  3. Restart your Mac by by choosing the Apple () menu from the upper-left menu bar and then choosing Restart.
  4. Shut down your Mac by by choosing the Apple () menu from the upper-left menu bar and then choosing Shut Down.

(coming from http://support.apple.com/kb/HT3964?viewlocale=en_US )
Then you can reset it like this :

  1. Shut  the computer down.
  2. Remove the MagSafe adapter.
  3. Remove the battery.
  4. Press the power button for 5 seconds.
  5. Replace the battery and MagSafe power adapter.
  6. Turn on the computer.

and done,  I hope this will help you troubleshooting your mac, because my mac seems happy now ;) .

Have fun.

  • Share/Bookmark
, , ,
12345»...Fin »
Get Adobe Flash playerPlugin by wpburn.com wordpress themes