SilentGob's Blog

To content | To menu | To search

Tuesday 4 September 2012

Study of the Antisec UDID leak

Long time not see guys, this time I will do a little study on the UDID leak from Antisec (Leak on pastebin).


Introduction

During this post , I will assume that the sample provided by Antisec is representative of the whole file, if it is not the case some conclusions may be wrong. More over, I take the hypothesis that this extract is coming from only one application and not from several ones.

This huge text file contains 1 000 001 lines. Each line is a device with the following info (comma separated):

  • UDID (What Is An iPhone UDID?)
  • APNS (token for sending push notifications)
  • Device Name
  • Device Type (iPad, iPhone, iPod touch)

Each field can be of interest so I will describe them.


UDID

First it is important to notice than some UDID are listed several times. If we consider unique UDID only, we are facing 985 117 different devices. We can probably explain this by having pre-configured iPad (some duplicate appears as "Admin" before other name).

I will not disclose more for now on the UDID as I am still working on it. More details in a next post.


APNS tokens

The APNS tokens are used to send notifications to a device. But knowing only the token is not enough so this information is not very valuable.


Device Type

First it is important to note that several lines are bogus, it seems that when the Device Name contains a comma the Device Type is missing or even worse the Device Name field is not complete. As comma is used as a separator for the fields, it mays have corrupted the extract but only Antisec knows.

More over sometimes the Device Type is only containing a version (4.3.3, 5.0.1, etc).

Finally, regarding Device Type, we "only" have 998 828 correct lines.

The device repartition is (considering only good entries):

  • 589 720 iPad (59% of correct lines)
  • 345 384 iPhone (35 % of correct lines)
  • 63 724 iPod touch (6% of correct lines)

This seems to indicate that the information is coming from an application that is well established on the iPad.


Device Name

The Device Name contains what the user sets up. By default the Device Name is "Name_Of_The_User's iPad/iPhone/iPod touch" but a lot of users put other info.

Beyond providing the name of the owner for a vast majority of the lines we have:

  • around 100 people putting a phone number in case of lost device, mostly US phone numbers, but some look french and other with international code (starting with 00)
  • 33 people identifying themselves has medicine doctor ("M.D.") with their name (and 20 more if we consider "MD")
  • around 1 200 people using name with Dr., some are not real ("Dr. Jekyll" seriously ?) but most looks legit
  • 13 PhD, maybe as in France PhD student are too poor to offer iDevices ;)
  • 581 emails addresses (116 gmail, 101 hotmail, 93 yahoo, 19 me.com, 7 from .edu domains and only two .fr ones)
  • 12 339 devices registered to an administrator (670 HP_Administrator and 112 de Compaq_Administrator, maybe automatically set by Mobile Device Management tools). We also have 270 "administrateur" (the french flavor) (and 19 HP_Administrateur, no compaq in France ? or not with a localized name ?).


Conclusion

This was a quick study of the leak (and I am still looking into a few things, particularly the UDID).

Feel free to comment !

Update: APNS tokens appears not to be unique, when sorting we only have 992 971 unique APNS tokens. UDID can be use for a nasty thing: installing ad-hoc apps

Monday 10 October 2011

This one was not planned but it is great: Tinyproxy

Initially I did not find the need for a web proxy, I have got quite a number of computers at home but why a proxy ?

The answer is: because Safari for iOS has not f*cking way to filter ads ! And when you are used to AdBlock seeing ads everywhere is ... annoying.

Before going for the proxy, I searched for alternatives. One of the recommended setup seems to be using adsuck, a small DNS server that spoofs blacklisted addresses (blocking ads at the domain name level). As I am using my ISP box as DHCP server, I am also using its DNS servers so switching to my internal DNS server will required a bit of work and ... sometimes I am a lazy guy :)

Then I looked for privoxy a well known ads blocker proxy, but it is not a light, simple and small one.

So I looked for a small proxy (with URL filtering) and I found Tinyproxy written in C and available as an OpenBSD package. The code is easy to read (I have got a few ideas to patch in but my spare time is running low ...).

I installed it, configured it (not really a lot of things to change from default, just enable filtering with "FilterURLs On").

Then you need to fill the filtering file containing all the blocked URL patterns. I did not find non bloated ad pattern lists so I build my own by browsing my usual websites with my iPad and looking at the URL in tinyproxy logs (you may need to change the log level in tinyproxy conf file).

Finally my filter file looks like this:

http://ads\.
http://ad\.
googleads\.
\/ads\/
partner\.googleadservices\.com
\.admob\.com
iadc\.qwapi\.com
iadsdk\.apple\.com
connect\.decknetwork\.net
\/ad-feed\/
w\.inmobi\.com
\.scorecardresearch\.com
\.adserverpub\.com

This list is obviously targeted toward mobile ads but it is a good start if you are trying to do the same.

Bonus point: it also block ads in the apps ! (you are still loosing the space but a blank space is less aggressive than a blinking groupon ad).

And I found another use to this proxy: when you are working in a place where half of the Internet is denied for some unknown reason you can surf through a SSH tunnel :)

PS: If you have any good ad patterns I can add to my file, just post it in comments !

Tuesday 20 September 2011

Switching from screen to tmux

I have been using screen on linux for ... a long time. I never used a lot of the advanced features but when you are accessing a server via SSH being able to detach a shell or not to loose it when your connection failed is a huge plus.

I could have installed screen on my server but as tmux is part of the base system in OpenBSD why not give it a try ?

First I read this FAQ regarding the difference between screen and tmux: tmux FAQ. I did not find anything that can make me uncomfortable in using tmux so time to start using it.

As usual with OpenBSD the man page is great, but very very long so I searched for a good tutorial. One the best I found is this one (made of 2 articles) from the Hawk Host Blog. Simple to read and to understand.

With this and a bit of experiment I was able to make a simple, basic .tmux.conf :

#Set status bar
set -g status-bg black
set -g status-fg white
set -g status-left '#[fg=green]#h'

#Highlight active window
set-window-option -g window-status-current-bg red

# Automatically set window title
setw -g automatic-rename on

# Set window notifications
setw -g monitor-activity on

# Change split command
unbind %
bind | split-window -h
bind - split-window -v

# last window binding
bind-key C-b last-window

I will not detail each line (most are for cosmetic).

The last line is the command I use heavily, by pressing Ctrl-b twice (Ctrl-b is the equivalent of the Ctrl-a of screen) you can go back and forth between 2 tabs.

Right now I am using two tmux session, the first one usually got 3 tabs:

  • mcabber a xmpp client
  • irssi an irc client (I know about bitlebee to use irssi to replace mcabber, did not had time for now)
  • a shell prompt waiting for my packages intall, configure, reading man pages, etc

My irssi tab is splitted with a small pane on the right to hold the nicklist (nicklist.pl plugin of irssi using the FIFO mode).

The second tmux session is for testing a daemon, it contains 2 tabs:

  • the running daemon (not daemonized so I can see the output)
  • shell for man, test, etc

So I can now add tmux to my resume (kidding don't do that :p ) !

Wednesday 14 September 2011

First steps with OpenBSD

Before describing my first steps with OpenBSD I have to do a short briefing on my history with OS.

I have been a long time Linux user for servers and for desktop (work) until ... 4-5 years ago. At this time I got tired of always playing with my OS to have a good desktop experience (it was fun when I was younger but really got annoying on the long run). So I switched to the devil MacOS X for my laptop and I enjoyed it :)

Now I'm still using MacOSX on laptop, Windows 7 on desktop (I am a gamer guy so ...) and until recently Linux (Gentoo) on a dedicated server.

Why try OpenBSD and not just stay with Linux ? because I am curious and I wanted to try OpenBSD for years but never had the opportunity. OpenBSD focus on security is appealing to me but I also heard of its simplicity and nowadays with things like systemd coming to Linux I will gladly take a cup of that simplicity.

First try - OpenBSD 4.9 stable release

After reading a good cup of documentation (another strength of OpenBSD) I chose what seems to be the simplest path: latest stable release. Too bad for me, my shiny new server is built on the sandy bridge platform ... so it does not went as expected :)

I got stuck at the network configuration as my network card was not recognized ... well ... ok I have to admit with a 6 months release cycle and a smaller team than Linux, OpenBSD may not be the OS of choice for new hardware....

But I am not the kind of guy who drops an idea without fighting so it is time to try ... a snapshot of the upcoming release (5.0).

Second try - OpenBSD 5.0 snapshot

Snapshots are under development versions of the OS, the goal is to test new additions to the OS but without the need to build (compile) the full OS. So between two releases, snapshots are made regularly by the OpenBSD team and released to the public.

As the sandy bridge is not an exotic platform, it has a great chance to be supported. I was not totally right ..

During the install process my network card was still unrecognized ... before raging and begin downloading a Gentoo ISO, I skipped the network part of the install to see how the remaining of the install process looks like. And, except for the network part, everything goes smoothly. For the disk partitioning I was a bit lost as I had no previous experience with OpenBSD so I chose 'Auto partitioning'. 1To is quite a large disk so the automatic partitioner let me with space available if I need to add more.

So install finished, it is was not a GUI install it was shell, it was basic and it was great ! (I know, a lot of people find my love for console quite disturbing considering I am a Mac user).

Reboot TIME !!

No third try - new OS starting

It was really a great surprise to find my network card working on reboot, it seems that the kernel used for the installer is not the same than the one used for the system. So finally I got a working OpenBSD (minus the unconfigured network card as I skipped this during install).

So first thing first, configuring your network card ... I just need to find the place to say "USE DHCP!!" but it was not that easy to spot, mainly because I still have my linux habits so I start poking around, looking for the right file. No luck :(

Finally I did what is the best answer to a problem: man dhcp ... reading 10 lines of well written doc and I got my answer ... as simple as that ... "man dhcp" I teach my students to use the man pages but I was surprised by this one.

Basic configuration

I will not detail all the basic configurations I did, just list what were, for me, the first steps (after reading the afterboot message and some more documentation):

  • Configure shell prompt
  • Configure some environment variables (like PKG_PATH to simplify package installation and use a server close to me)
  • Activate ntpd to keep my server clock on time (just simple ... edit the/etc/rc.conf.local file ... documentation is great, config is simple ... I LOVE THIS !)

OK so now I have got an OpenBSD server up and running, time to start adding some daemons to it.

See you in the next entry !

Tuesday 13 September 2011

Building my home server

A few months ago I started thinking about building a home server. And a few weeks ago the project became reality.

So before describing my server here is the needs I wanted to fulfill:

  • SSH server accessible from anywhere (I don't like being jailed at work)
  • downloading server for my ... Linux ISO ... (and if possible an user friendly one to be used by my wife too)
  • TimeMachine backup for my mac
  • DLNA server

On the DLNA server I have to admit I thought about going for a HTPC style server directly plugged into my TV, but I decided to go the other way for several reasons. First because my TV is DLNA compliant so I can still watch it on TV (less flexible but still ok) and second I wanted to be able to watch it from several places not only my TV (for example from an iPad, iPhone, laptop ...).

I also wanted to try OpenBSD for a while so I decided it was the right time.

My home server is build around:

  • Small Antec ISK300-150 box (I tried the 65W one but the server refused to boot ... it seems that even if the power needs are under 65W when on load the boot required more than that ... so finally I got to switch for the 150W)
  • Pentium G620T (dual core) on a mini ITX Intel mother board (DH67CF)
  • 4 Go of RAM (grabbed from my main desktop, it is clearly overkill)
  • 1 To HDD

At first I tried the 4.9 stable OpenBSD release but I was out of luck because the sandy bridge is a recent platform so I grabbed a 5.0 snapshot and ... It works great !

I will describe my first weeks with OpenBSD in a next entry.

Welcome !

Welcome on SilentGob new blog !

Twitter is great but 140 characters are a bit short for sharing my experiments, so I'm starting a blog (quite late to the party I know :p).

As this blog is mainly aimed to technical experiments it will be written in english (at least mostly). You may find snippet, tips, advices, tests on the projects I am playing with.