Monday, September 24, 2012

700 ipads in the district, and only one ios6 update to do.

Do we download it 700 times, or do we download it once, and send it out 700 times? Step 1 was hijacking DNS so that was pointed to an internal server. Looking at the logs for apache we see that it's requesting something from the iOS6 folder. - - [24/Sep/2012:18:59:40 -0400] "GET /iOS6/Documentation/041-6937.201209
19.55zYB/com_apple_MobileAsset_SoftwareUpdateDocumentation/1cb29d3c6a86fa0c11d099917f7 HTTP/1.1" 200 574794847 "-" "iTunes-iPad/5.1.1 (2; 16GB; dt:74)" - - [24/Sep/2012:21:11:40 -0400] "HEAD /iOS6/Documentation/041-6937.2012
0919.55zYB/com_apple_MobileAsset_SoftwareUpdateDocumentation/1cb29d3c6a86fa0c11d099917 HTTP/1.1" 200 323 "-" "iTunes-iPad/5.1.1 (2; 16GB; dt:74)" - - [24/Sep/2012:21:11:40 -0400] "GET /iOS6/Documentation/041-6937.20120
919.55zYB/com_apple_MobileAsset_SoftwareUpdateDocumentation/1cb29d3c6a86fa0c11d099917f HTTP/1.1" 200 574794847 "-" "iTunes-iPad/5.1.1 (2; 16GB; dt:74)" - - [24/Sep/2012:21:45:32 -0400] "HEAD /iOS6/Documentation/041-6937.2012
0919.55zYB/com_apple_MobileAsset_SoftwareUpdateDocumentation/1cb29d3c6a86fa0c11d099917 HTTP/1.1" 200 323 "-" "iTunes-iPad/5.1.1 (2; 16GB; dt:74)" - - [24/Sep/2012:21:45:32 -0400] "GET /iOS6/Documentation/041-6937.20120
919.55zYB/com_apple_MobileAsset_SoftwareUpdateDocumentation/1cb29d3c6a86fa0c11d099917f HTTP/1.1" 200 574794847 "-" "iTunes-iPad/5.1.1 (2; 16GB; dt:74)"
  So what now? Well, we need to know the User Agent (check!) and what variables are passed as headers and what cookie values are passed.
 $fp = fopen("/var/www/iOS6/log.txt", w);

 foreach ($_GET as $var=>$value) {
  $tmpLine = $var."=".$value."\n";

  fputs($fp, $tmpLine, strlen($tmpLine));
 fputs($fp, "EOG-\n", 5);

 foreach ($_POST as $var=>$value) {
  $tmpLine = $var."=".$value."\n";

  fputs($fp, $tmpLine, strlen($tmpLine));
 fputs($fp, "EOP-\n", 5);

 foreach ($_SERVER as $var=>$value) {
  $tmpLine = $var."=".$value."\n";

  fputs($fp, $tmpLine, strlen($tmpLine));
 fputs($fp, "EOS-\n", 5);
 foreach ($_COOKIE as $var=>$value) {
  $tmpLine = $var."=".$value."\n";

  fputs($fp, $tmpLine, strlen($tmpLine));
 fputs($fp, "EOC-\n", 5);


This does it, but I had to redirect everything to it and it alone... Mod-Rewrite to the rescue!
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [L,QSA]
So now http://<apache>/iOS6/sjdfhksjdhfksdhfkjsdhf is rewrote straight to index.php. Let's look at log.txt from an iPad request --
HTTP_USER_AGENT=iTunes-iPad/5.1.1 (2; 16GB; dt:74)
HTTP_COOKIE=TrPod=2; X-Dsid=213655354; NSC_JOr1rhwld4dgcvwckxmrdtdtcz21wbq=ffffffff12
923db245525d5f4f58455e445a4a423660; mz_at0=AwQAAAFKAADDtQAAAABQPmH4VMzDTLLoXGWetSyEZt
RBPhe45DY=; Pod=20; s_vi=[CS]v1|281F30F305013F7B-60000106A00F0A64[CE]
Apache/2.2.17 (Ubuntu) Server at Port 80
SERVER_SOFTWARE=Apache/2.2.17 (Ubuntu) SERVER_ADDR= SERVER_PORT=80 REMOTE_ADDR= DOCUMENT_ROOT=/var/www SERVER_ADMIN=webmaster@localhost SCRIPT_FILENAME=/var/www/iOS6/index.php REMOTE_PORT=49162 REDIRECT_QUERY_STRING=q=041-7072.20120901.cfbLY/com_apple_MobileAsset_SoftwareUpdate/ REDIRECT_URL=/iOS6/041-7072.20120901.cfbLY/com_apple_MobileAsset_SoftwareUpdate/250dc GATEWAY_INTERFACE=CGI/1.1 SERVER_PROTOCOL=HTTP/1.1 REQUEST_METHOD=GET QUERY_STRING=q=041-7072.20120901.cfbLY/com_apple_MobileAsset_SoftwareUpdate/250dc5a5e REQUEST_URI=/iOS6/041-7072.20120901.cfbLY/com_apple_MobileAsset_SoftwareUpdate/250dc5 SCRIPT_NAME=/iOS6/index.php PHP_SELF=/iOS6/index.php REQUEST_TIME=1348506471 EOS- TrPod=2 X-Dsid=213655354 NSC_JOr1rhwld4dgcvwckxmrdtdtcz21wbq=ffffffff12923db245525d5f4f58455e445a4a423660 mz_at0=AwQAAAFKAADDtQAAAABQPmH4VMzDTLLoXGWetSyEZtRBPhe45DY= Pod=20 s_vi=[CS]v1|281F30F305013F7B-60000106A00F0A64[CE] EOC-
-- I'm sure this means something to apple, but I'm interested in the headers at the top (before EOS) and the cookies at the bottom (before EOC) I put the cookies in the jar, before this process can get very far! cookies.txt --
-- And then? I download the update..
/var/www/iOS6# wget --load-cookies=cookies.txt "
72.20120901.cfbLY/com_apple_MobileAsset_SoftwareUpdate/250dc5a5ec8dbb05f0f9ae2e28a407" -U "iTunes-iPad/5.1.1 (2; 16GB; dt:74)"

--2012-09-24 12:24:29--


Connecting to||:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 574794525 (548M) [application/octet-stream]

Saving to: `'


11% [==================>                 ] 65,058,644   427K/s  eta 33m 4s  

What now you say? Uhhhh How about sharing it back out for everyone else requesting it?!

Added the following lines to the bottom of index.php


 $tmpFields = split("\/", $_SERVER["REQUEST_URI"]);
 $tmpMax = count($tmpFields);
 $tmpFilename = $tmpFields[$tmpMax-1];

 header("Pragma: public");
 header('Content-disposition: attachment; filename='.$tmpFilename);
 header("Content-type: ".mime_content_type("/var/www/iOS6/"));
 header('Content-Transfer-Encoding: binary');


And that of course, sends the headers that a file is coming, and it's name is the same
 name as requested, but of course it's my

Later on, I got tired of collecting logs so just redirected everyone to my

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ [L,QSA]
-- Now the fun part, this is just a plain vanilla zip... I extracted it and you just see the iPad binarys, images, etc. I'm not sure this is helpful in any means (I'm sure apple CRC's the update before applying it) but it was shocking that this isn't some passworded DMG or something of the like.
Oh well I had fun.. Hopefully you had fun reading!

Wednesday, July 11, 2012

First iPad App!

My first ipad app ever... Didn't take very long to figure out either :-)

Monday, June 25, 2012

Console Cable Adapters (Much better than a console cable!)

So, what great idea did I have this time?

Wouldn't it be nice if I could use an adapter with a normal cat 5 cable (something I carry everyday) to connect to cisco and hp switches at work? Why Yes! That would save me lugging around two more cables...

I searched the web, and found this ( but it wasn't really what I was looking for.. I mean, small cables with rj45 connectors and couplers... That's not really slick. I wanted a sweet end result. Something that looked like it was made to be the way I made it.

Enter china...
I ordered a couple modular adapter plugs DB9 -> RJ45... How sweet is that? Figure out which color goes with which wire in a rj45 connector, and then plug them into the db9 connector as you like. You then close it up, and it looks like it was made that way...

I broke out the multimeter and connected to each pin of my normal everyday cat5 cable, and figured out which color went with what...

(P.S. I don't know where the pad of paper came from...)

Cat 5 connector on the modular plug (pins start from left to right with fastener nub down):
Pin 1: Blue 
Pin 2: Orange
Pin 3: Black
Pin 4: Red
Pin 5: Green
Pin 6: Yellow
Pin 7: Brown
Pin 8: White

So then I went and figured out which pins on the rj45 connector connect to which pins of the db9 connector on the two cables I carry around (cisco-fabulous-blue and hp-black).


Cat 5:  1 2 3 4 5 6 7 8

DB9:    8 6 2 5   3 4 7


Cat 5:  1 2 3 4 5 6 7 8

DB9:    8 6 2 1 5 3 4 7

And so then I connected up the wires into the DB9 once for each cable, and produced these puppies.. :-)

PL2303 USB to Serial on Mac OS X Lion

Many thanks to the creator of the installer on for the installer which makes my USB -> Serial work on lion.


Tuesday, June 19, 2012

Colorful Prompt

Have OSX? Want Colorful Terminal Prompt? ME TOO!

Putting the above in your /etc/bashrc file and then setup PS1 to your liking color wise...

You can stick with mine if you like...

Different Locations

Work in different locations like me?

I got tired of opening system preferences... THERE HAS TO BE AN EASIER WAY!

Found it!

First, I setup a location for each network configuration I might use... SHS SMS JES VES LES CO... etc.

I created /usr/bin/ so that when I start up, I will start up in automatic location mode...

I also have it shut off the Apple Service Diagnostics daemons, and netboot, dhcp and DNS (I use those for troubleshooting using a crossover cable).

Then, I setup aliases in .profile for each location...

The command is

in .profile...

This of course means I can open terminal when I get to a new location, and type 

CO, SMS, SHS, JES, LES, VES, SES to which terminal replies...

I love making life simpler!

Friday, June 15, 2012

Remember the Milk -- Nah, how about Gmail?

So I've been overloaded brain wise with things to remember and sort and todos…

I can remember to look at a todo list when I get somewhere, but I can't remember to carry about a slip of paper with to dos on it.

I looked into Remember the milk -- I used to use it at a previous job -- but I'm cheap and it really is just something else to add into my never ending list of programs I have to work with.

I decided to get funny with Gmail instead!

Gmail allows anyone to send email to themselves with a +something behind their username. For example, if your gmail address is, you could email, and the email will show up in your inbox, but will be listed to

I use this feature to get emails into specific labels inside gmail, and then I added contacts to make emailing things into these lists from my phone a breeze.

Here's how it works…

First, I logged into gmail and went into the Labels area.

I set up labels for each todo list. Things to get done @Home, @Work, While @Shopping and the ability to send things to my @Mileage report.

Next, I setup email filters to mark mail as read and stick it into those labels.

Now, when I email myself +shopping, it gets put in my shopping label…

Next, I went into contacts, and added a contact for each one, so that when I send email from my phone I can say "Send email to x <list>" or can type x<space> and end up with a selection to choose from.

Go into contacts…

Works pretty well for me, and seems to work for the Mrs too…. Since she knows the email addresses, she can add things onto my todo list from her phone. OH BOY!

Using quicksilver? Install the Email and address book plugins.. and then type

". Remember the milk!" *tab* Ema *tab* x shopping

and hit enter...

Up pops an Apple Mail interface with the email already typed out for you... Command-Shift-D sends the email on it's way :-)

Never easier to send email into my GTD Gmail listing!

Thursday, June 14, 2012

Samba on OSX Lion Server

I bumped into problems mounting SMB shares from OSX Lion Server using a Linux based media device I have hooked up in the living room.

The problem is that Apple decided to get rid of SMB (Due to licensing I read) and write their own. It doesn't work properly with a number of linux based set top devices, and mine just happens to be one of them.

No worries! We'll fix this up quick and in a hurry!

First thing I did, nano /etc/services and find entries for 137,138,139 and 445. Modify them to be 19137, 19138, 19139 and 19445. This way, if file sharing accidently gets turned on in the Sharing Preferences, you won't have conflicting services trying to run on the same port.


netbios-ns      19137/udp     # NETBIOS Name Service    
netbios-ns      19137/tcp     # NETBIOS Name Service    
netbios-dgm     19138/udp     # NETBIOS Datagram Service
netbios-dgm     19138/tcp     # NETBIOS Datagram Service
netbios-ssn     19139/udp     # NETBIOS Session Service
netbios-ssn     19139/tcp     # NETBIOS Session Service
microsoft-ds    19445/udp     # Microsoft-DS
microsoft-ds    19445/tcp     # Microsoft-DS


Next, I installed homebrew. I've tried macports before and had luck, but there is a problem with samba on OSX when it's ran by users that are a part of more than 16 groups (root is unfortunately).



/usr/bin/ruby -e "$(/usr/bin/curl -fsSL"


You have to run this as a normal user!

After that was done, I ran these commands to update and install samba.

brew update
brew doctor
brew install autogen
brew install

After samba was installed, I placed the following files in /Library/LaunchDaemons/


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "">
<plist version="1.0">


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "">
<plist version="1.0">


I restarted for good measure, but I don't know that it was required. When the server came back up, I was able to modify /usr/local/Cellar/samba/3.6.3/etc/smb.conf to my liking, and killall -9 smbd.

Connecting over SMB:// to the server shows my entries, and everything is just dandy... Thank you homebrew!

Thursday, June 7, 2012

Create iTunes Accounts en Masse

I work for a school district who is moving towards 1:1 with Apple iPads, and we have a problem with trying to massively create iTunes accounts.

I've created a program which enters data from a .csv into the iTunes account creation form.

How it works:

This program determines which page of the iTunes creation website you're on, and clicks continue to get to the form where you enter data.

It reads the data from a csv, and progresses through the file line by line. Once it's entered data, it scrolls down and focus' on the captcha which is required to be entered before creating an itunes account.

You type in the captcha and hit enter, and it creates an iTunes account.

When it detects you've made it to the "an email has been sent to verify your itunes account", it returns back to the first page, and continues on the form.

Creating itunes accounts for 1:1 takes very little time when you do it this way.


This program can be used to enter usernames and passwords for verifying accounts en masse. You click the link in your email to verify an account, and the program will detect the page and account you are on and fill in the password.

Easy, Peasy, Lemon Squeezy :-)

Wednesday, May 23, 2012

This could be the start of something great. It could also be the start of something very bad.