ArtsyCat

My buddies just opened their art shop. They have a great water marble (Ebru) art web page where you can purchase them imprinted on iPhone/iPad cases, mugs and greeting cards.

If you want something unique and beautiful for the approaching Valentine’s Day or any other occasion, I recommend you to take a look at their page.

Mac OS X pkg files

PKG FilesSometimes you need to see what’s inside of that pkg file. But you also don’t want to install it. You just want to take a look at the files in it before installing it. Well, here is how to do it:

PKG files usually come in a DMG image. First mount that file by double clicking on it. Then open a Terminal window and go to the folder where it’s mounted. (Look under /Volumes)

Once you are in that folder you will see a file with a .pkg extension. Let’s say it is called Foo.pkg. Copy that file in a folder, I’ll copy it to /tmp.
cp Foo.pkg /tmp
cd /tmp

Mac OS X has a utility called pkgutil. You can do a ton of stuff with it, so check the manual page. (man pkgutil) But for our exercise we will just use it to expand the pkg file.
pkgutil --expand Foo.pkg /tmp/foo_package
cd /tmp/foo_package

This will open the pkg file to a flat structure. You will see some files and folders like Distribution, Resources, Foo.pkg. Go ahead and cd in the directory Foo.pkg:
cd Foo.pkg

In there you will several files. The important ones are Bom, Payload and PackageInfo:

Bom:

This file is called Bill of Materials. It describes what is in this pkg file and where they will be written to. If you will not do file/binary analysis of the contents of the pkg file and you want only to see which files will be written where, this is your file. You can also use this file’s contents to remove the package completely. (I leave this exercise up to you)

Bom is a binary file and there is a tool to list its contents: lsbom. (man lsbom for usage) Basic usage would be:
lsbom Bom

This will print file/directory structure of the contents on the screen.

Payload:

This is the file that contains all the files and directories in this pkg file. It’s a gzipped archive file.
$ file Payload
Payload: gzip compressed data, from Unix
$ mv Payload foo.gz
$ gunzip foo.gz
$ ls
foo

This will give you a file called foo. Now you need to use cpio to extract that archive.
$ cpio -iv < foo
.
./System
./System/Library
./usr
./System/Library/LaunchAgents
./usr/bin
......files files files.......
50002 blocks
$ ls
System foo usr

In my case it unarchived two folders called System and usr.

No you can go and browse these directory to find files you are looking for. Have fun 😉

New blog theme!

My blog changed 4-5 times over the years. A facelift was long overdue. For the last 4 years I’ve been using dfBlog as my theme and the latest release is brilliant.

Enjoy the new look. Hope to be more active in the future!!

Some basic statistics on leaked Sony usernames and passwords data.

I spent some time on analyzing password usage using the data that leaked from couple of Sony hacks few days ago. The results are pretty scary.

The data size: 38698 users on 2 sites.

Top ten most used passwords are:

  1. seinfeld
  2. password
  3. winner
  4. 123456
  5. purple
  6. sweeps
  7. contest
  8. princess
  9. maggie
  10. peanut

So if you have a password that is listed above, you better change it pretty soon.

I also compared how many people were using the same password on two different hacked Sony sites. There were 2421 users who used the same email to register and out of those only 168 users were using different passwords (about 6.5%).

And who wins the email war? Based on the same data, most of the users were using emails from the following providers:

# of users Provider
11281 yahoo.com
7250 other email providers
5077 hotmail.com
4876 aol.com
4837 gmail.com
1600 comcast.net
1263 msn.com
920 sbcglobal.net
676 verizon.net
478 bellsouth.net
440 cox.net

RawCap: A new network sniffer for Windows without winpcap dependencies

Netresec released a new Windows network sniffer tool that looks promising: RawCap. It has no winpcap dependencies and with its small 17kB foot print it does not require installing. (Having said that you still need .NET Framework libraries and DLLs.)

Here are the properties of RawCap from their webpage:

  • Can sniff any interface that has got an IP address, including 127.0.0.1 (localhost/loopback)
  • RawCap.exe is just 17 kB
  • No external libraries or DLL’s needed other than .NET Framework 2.0
  • No installation required, just download RawCap.exe and sniff
  • Can sniff most interface types, including WiFi and PPP interfaces
  • Minimal memory and CPU load
  • Reliable and simple to use

For downloading and some screenshots and more information click here.

Airlink Ultra Mini USB Adapter with Linux

We recently bought this Ultra mini usb wifi adapter for our laptop that had it’s internal wifi card fried. Since this laptop was acting really bad with Windows XP, we installed Ubuntu on it.

At first Ubuntu couldn’t recognize the adapter. Then I wanted to try ndiswrapper. All I had to do was to install ndisgtk (sudo apt-get install ndisgtk). It installs ndiswrapper-utils package as a dependency. Then point the ndisgtk to the .inf file of the driver.  (net8192cu.inf)

Here is a more detailed write-up for generic ndiswrapper configuration from ubuntu.

The ID for this adapter is: 0bda:8176
When you run lsusb it shows as: Bus 001 Device 002: ID 0bda:8176 Realtek Semiconductor Corp.
The manufacturer id is: AWLL5088