Pages

Thursday, 19 October 2017

Lock BlackBerry KEYone With Password When Using Fingerprint

BlackBerry KEYone, an advancement from BlackBerry Passport, which however uses Android, an OS not so great when compared to QNX, but still fine given the fact that it can be hardened and there are apps that makes business get done. Getting required apps on BlackBerry 10 is really a pain, no matter how great the device and OS is. Plus developers like me can program KEYone using any of the supported JVM languages instead of banging my head against C/C++, a pain for any functional programmer accustomed to living in the JVM world.

So, now to the point. BlackBerry KEYone has fingerprint sensor on the spacebar. However, we know fingerprint is a security issue. When confiscated, we are legally required to unlock the phone if the finger is still on the hand. But, that is not the case with passwords. There are a lot of defences against providing authorities with your password. So KEYone can lock the device which will then require you to enter the password even if it is configured to unlock using fingerprint. For that, long press the key K, which opens BlackBerry Launcher and initially it asks whether you need to enable the app to administer the device. Allow access and the device will be locked using that keyboard shortcut, which then requires the password to unlock. Rest of the time, unlock using fingerprint. Makes life easier without compromising security. BlackBerry rocks!

Tuesday, 10 October 2017

jamf equals no privacy

jamf is used for managing Apple devices in the enterprise. However it is a nasty little piece of software. It always sends online, offline status to enterprise JSS endpoint. Few excerpts from /var/log/jamf.log.
Tue Oct 03 15:26:03 purgatory jamf[52]: Daemon starting
Tue Oct 03 15:26:05 purgatory jamf[363]: 
There was an error.

     Connection failure: "The Internet connection appears to be offline."

Tue Oct 03 15:26:06 purgatory jamf[52]: Network state changed, checking for policies...
Tue Oct 03 15:26:06 purgatory jamf[407]: Could not connect to the JSS. Looking for cached policies...
Tue Oct 03 15:26:07 purgatory jamf[52]: Network state changed, checking for policies...
Tue Oct 03 15:26:10 purgatory jamf[52]: Network state changed, checking for policies...
Tue Oct 03 15:26:13 purgatory jamf[52]: Network state changed, checking for policies...
Tue Oct 03 15:26:29 purgatory jamf[52]: Informing the JSS about login for user castiel
Tue Oct 03 15:26:38 purgatory jamf[52]: Network state changed, checking for policies...
Tue Oct 03 15:27:12 purgatory jamf[52]: Network state changed, checking for policies...
Tue Oct 03 15:27:17 purgatory jamf[52]: Network state changed, checking for policies...
Tue Oct 03 15:27:38 purgatory jamf[52]: Network state changed, checking for policies...
Tue Oct 03 15:27:56 purgatory jamf[52]: Network state changed, checking for policies...
Tue Oct 03 15:28:03 purgatory jamf[52]: Network state changed, checking for policies...
Tue Oct 03 15:28:04 purgatory jamf[2573]: Checking for policies triggered by "networkStateChange" for user "castiel"...
Tue Oct 03 15:28:04 purgatory jamf[2356]: Checking for policies triggered by "networkStateChange" for user "castiel"...
Tue Oct 03 15:28:04 purgatory jamf[2087]: Checking for policies triggered by "networkStateChange" for user "castiel"...
Tue Oct 03 15:28:07 purgatory jamf[2573]: Could not connect to the JSS. Looking for cached policies...
Tue Oct 03 15:28:07 purgatory jamf[2087]: Could not connect to the JSS. Looking for cached policies...
***
Wed Oct 04 20:02:06 purgatory jamf[13815]: Checking for policies triggered by "recurring check-in" for user "castiel"...
Wed Oct 04 20:02:10 purgatory jamf[13815]: Could not connect to the JSS. Looking for cached policies...
Wed Oct 04 20:05:33 purgatory jamf[52]: Network state changed, checking for policies...
***
Thu Oct 05 09:26:25 purgatory jamf[99672]: Checking for policies triggered by "networkStateChange"...
Thu Oct 05 10:04:40 purgatory jamf[52]: Informing the JSS about login for user root
***
Sat Oct 07 07:51:30 purgatory jamf[64843]: Checking for policies triggered by "networkStateChange" for user "castiel"...
Sat Oct 07 08:02:52 purgatory jamf[69647]: Checking for policies triggered by "recurring check-in" for user "castiel"...
Sat Oct 07 08:02:55 purgatory jamf[69647]: Executing Policy Enable local firewall
Sat Oct 07 08:02:56 purgatory jamf[69647]: Executing Policy Inventory Daily
Sat Oct 07 08:02:57 purgatory jamf[69647]: Executing Policy Update Username Field in Inventory
Sat Oct 07 08:29:25 purgatory jamf[52]: Network state changed, checking for policies...
Sat Oct 07 08:30:27 purgatory jamf[87635]: Checking for policies triggered by "networkStateChange" for user "castiel"...
Sat Oct 07 08:30:28 purgatory jamf[87262]: Checking for policies triggered by "recurring check-in" for user "castiel"...
Sat Oct 07 08:31:45 purgatory jamf[87635]: Could not connect to the JSS. Looking for cached policies...
Sat Oct 07 08:31:46 purgatory jamf[87262]: Could not connect to the JSS. Looking for cached policies...
Sat Oct 07 08:31:46 purgatory jamf[87262]: Executing Offline Policy Enable local firewall
Sat Oct 07 08:49:57 purgatory jamf[97458]: Checking for policies triggered by "recurring check-in" for user "castiel"...
Sat Oct 07 08:51:15 purgatory jamf[97458]: Could not connect to the JSS. Looking for cached policies...
Sat Oct 07 08:51:15 purgatory jamf[97458]: Executing Offline Policy Enable local firewall
Sat Oct 07 09:09:24 purgatory jamf[8836]: Checking for policies triggered by "recurring check-in" for user "castiel"...
Sat Oct 07 09:10:41 purgatory jamf[8836]: Could not connect to the JSS. Looking for cached policies...
Sat Oct 07 09:10:41 purgatory jamf[8836]: Executing Offline Policy Enable local firewall
***
Mon Oct 09 10:27:46 purgatory jamf[20026]: Checking for policies triggered by "recurring check-in" for user "castiel"...
Mon Oct 09 13:45:26 purgatory jamf[28409]: Checking for policies triggered by "recurring check-in" for user "castiel"...
Mon Oct 09 13:45:29 purgatory jamf[28409]: Executing Policy Inventory Daily
Mon Oct 09 14:16:56 purgatory jamf[28409]: Error running recon: Connection failure: "The request timed out."
Mon Oct 09 14:20:26 purgatory jamf[52]: Daemon shutdown completed
Mon Oct 09 14:20:26 purgatory jamf[52]: Daemon exiting
So every time the jamf infected computer goes online or offline, changed to root etc., the Sauron will be notified about it. More interesting part comes next.

It tracks all applications used by the users and the amount of time spend with it. That treasure is in /Library/Application Support/JAMF/Usage folder. There will be folders like 2017-10-07, 2017-10-08, 2017-10-09. Looking at one of those folders will give logs like (null).plist, idle.plist, castiel.plist, etc.

Let us see what castiel.plist has to offer.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>/Applications/Calendar.app</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>968</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>58112</string>
        <key>version</key>
        <string>9.0</string>
    </dict>
    <key>/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app</key>
    <dict>
        <key>foremost</key>
        <string>1</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>55</string>
        <key>secondsopen</key>
        <string>114686</string>
        <key>version</key>
        <string>4.1.08005</string>
    </dict>
    <key>/Applications/GIMP.app</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114685</string>
        <key>version</key>
        <string>2.8.18</string>
    </dict>
    <key>/Applications/GitHub Desktop.app</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114685</string>
        <key>version</key>
        <string>Hasty Things Done Hastily</string>
    </dict>
    <key>/Applications/Google Chrome.app</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114685</string>
        <key>version</key>
        <string>63.0.3223.8</string>
    </dict>
    <key>/Applications/Mail.app</key>
    <dict>
        <key>foremost</key>
        <string>2</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>134</string>
        <key>secondsopen</key>
        <string>114686</string>
        <key>version</key>
        <string>10.3</string>
    </dict>
    <key>/Applications/Notes.app</key>
    <dict>
        <key>foremost</key>
        <string>1</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>27</string>
        <key>secondsopen</key>
        <string>114686</string>
        <key>version</key>
        <string>4.4</string>
    </dict>
    <key>/Applications/Photos.app</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114685</string>
        <key>version</key>
        <string>2.0</string>
    </dict>
    <key>/Applications/Postman.app</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114685</string>
        <key>version</key>
        <string>5.2.1</string>
    </dict>
    <key>/Applications/Preview.app</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114686</string>
        <key>version</key>
        <string>9.0</string>
    </dict>
    <key>/Applications/Reminders.app</key>
    <dict>
        <key>foremost</key>
        <string>1</string>
        <key>open</key>
        <string>54</string>
        <key>secondsforemost</key>
        <string>31</string>
        <key>secondsopen</key>
        <string>3272</string>
        <key>version</key>
        <string>4.0</string>
    </dict>
    <key>/Applications/Safari Technology Preview.app</key>
    <dict>
        <key>foremost</key>
        <string>65</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>3920</string>
        <key>secondsopen</key>
        <string>114685</string>
        <key>version</key>
        <string>11.1</string>
    </dict>
    <key>/Applications/Slack.app</key>
    <dict>
        <key>foremost</key>
        <string>56</string>
        <key>open</key>
        <string>1892</string>
        <key>secondsforemost</key>
        <string>3381</string>
        <key>secondsopen</key>
        <string>113558</string>
        <key>version</key>
        <string>2.8.1</string>
    </dict>
    <key>/Applications/Sublime Text.app</key>
    <dict>
        <key>foremost</key>
        <string>33</string>
        <key>open</key>
        <string>1662</string>
        <key>secondsforemost</key>
        <string>2026</string>
        <key>secondsopen</key>
        <string>99735</string>
        <key>version</key>
        <string>Build 3143</string>
    </dict>
    <key>/Applications/Utilities/Keychain Access.app</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114685</string>
        <key>version</key>
        <string>9.0</string>
    </dict>
    <key>/Applications/Utilities/Terminal.app</key>
    <dict>
        <key>foremost</key>
        <string>1</string>
        <key>open</key>
        <string>1908</string>
        <key>secondsforemost</key>
        <string>9</string>
        <key>secondsopen</key>
        <string>114527</string>
        <key>version</key>
        <string>2.7.3</string>
    </dict>
    <key>/Applications/VLC.app</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114686</string>
        <key>version</key>
        <string>2.2.6</string>
    </dict>
    <key>/Applications/[...snip..]Crypt.app</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114685</string>
        <key>version</key>
        <string>1.xx</string>
    </dict>
    <key>/Applications/Xcode.app</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114686</string>
        <key>version</key>
        <string>9.0</string>
    </dict>
    <key>/Applications/iTunes.app</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114686</string>
        <key>version</key>
        <string>12.7</string>
    </dict>
    <key>/System/Library/CoreServices/CoreServicesUIAgent.app</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114685</string>
        <key>version</key>
        <string>168.3</string>
    </dict>
    <key>/System/Library/CoreServices/Finder.app</key>
    <dict>
        <key>foremost</key>
        <string>1</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>55</string>
        <key>secondsopen</key>
        <string>114685</string>
        <key>version</key>
        <string>10.12.5</string>
    </dict>
    <key>/System/Library/CoreServices/SystemUIServer.app</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114686</string>
        <key>version</key>
        <string>1.7</string>
    </dict>
    <key>/System/Library/CoreServices/UserNotificationCenter.app</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114686</string>
        <key>version</key>
        <string>3.3.0</string>
    </dict>
    <key>/System/Library/CoreServices/loginwindow.app</key>
    <dict>
        <key>foremost</key>
        <string>1685</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>101144</string>
        <key>secondsopen</key>
        <string>114686</string>
        <key>version</key>
        <string>9.0</string>
    </dict>
    <key>/System/Library/Frameworks/ScreenSaver.framework/Resources/ScreenSaverEngine.app</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114686</string>
        <key>version</key>
        <string>5.0</string>
    </dict>
    <key>/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114686</string>
        <key>version</key>
        <string>9.0</string>
    </dict>
    <key>/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc</key>
    <dict>
        <key>foremost</key>
        <string>0</string>
        <key>open</key>
        <string>1911</string>
        <key>secondsforemost</key>
        <string>0</string>
        <key>secondsopen</key>
        <string>114686</string>
        <key>version</key>
        <string>12603</string>
    </dict>
    <key>/private/var/folders/9m/_fh0czw947g8q7pdhxbfbjdh0000gn/T/AppTranslocation/AB999B43-95BD-4B9E-880D-6C59DFD81558/d/Base64.app</key>
    <dict>
        <key>foremost</key>
        <string>1</string>
        <key>open</key>
        <string>72</string>
        <key>secondsforemost</key>
        <string>7</string>
        <key>secondsopen</key>
        <string>4344</string>
        <key>version</key>
        <string>1.0</string>
    </dict>
</dict>
</plist>
Oops, now the pointy honchos knows which applications I am using and for how long in a day. New age micro-management.


The cure
The cure is very simple however. Turn off the jamf service. And next time when we want to turn it on, say to see if IT has pushed some clever software, clear all the logs before hand, close all apps. Then load the daemon back.
sudo launchctl load /Library/LaunchDaemons/com.jamfsoftware.jamf.daemon.plist 
sudo launchctl load /Library/LaunchDaemons/com.jamfsoftware.task.1.plist #com.jamfsoftware.task.{n}.plist check the folder for correct number
Let the update get pushed to the system, then turn it off.
Also as per policy, we cannot set the OS X firewall in stealth mode, blocking all connections. It automatically changes to "on" mode as the policy will be forced down the throat.

Turn off jamf
sudo launchctl unload /Library/LaunchDaemons/com.jamfsoftware.jamf.daemon.plist 
sudo launchctl unload /Library/LaunchDaemons/com.jamfsoftware.task.1.plist #com.jamfsoftware.task.{n}.plist check the folder for correct number
RIP jamf.

Also jamf can do screen sharing, with or without user consent if configured so. It is a RAT as well.

Monday, 4 September 2017

[RFC 4226] HOTP for BlackBerry 10 (QNX 6)

Implemented RFC 4226 - HOTP: An HMAC based One-Time-Password algorithm for BlackBerry 10 running QNX 6. Uses BlackBerry Cryptographic Kernel version 5.6 (SB-GSE-56). Various things are pending and the app in the current state can be found at github called QAuthenticator. A reference implementation of the algorithm in Groovy is at hotp.groovy.

I must say, BlackBerry cryptography library is just fantastic. And Qt makes C++ fun to program after me programming in higher level languages like Clojure.

Sunday, 3 September 2017

Linking Libraries in a BlackBerry 10 Cascades Project

Usually when developing C/C++ project we specify linked libraries in a Makefile. With BlackBerry 10 Cascades project, the libraries can be added in the <ProjectName>.pro file. This file is less clouded than the Makefile and easily manageable. For example, if you are developing a crypto app, you need to link the crypto library which is huapi. Add the below to the .pro file.
LIBS += -lhuapi
Else we will get errors like undefined reference to symbol and error adding symbols: DSO missing from command line.
Now we are ready to conquer the world!

Monday, 21 August 2017

Getting Started with Cordova and ClojureScript

This is a small writeup about getting started quickly with Cordova and ClojureScript.

1. Install cordova as usual.
$ sudo npm install -g cordova
2. Create an app.
$ cordova create MyApp
3. Add platform.
$ cd MyApp
$ cordova platform add ios
Cordova app is all set. Now instead of JavaScript we want to use ClojureScript. This part can be treated as a separate project. Write ClojureScript, compile it to JavaScript, place it in the www folder of the cordova project and build the project as usual with appropriate overrides in the respective platform folders.

Install leiningen, Java 8, Clojure 1.8.
1. Create a lein project. (We are inside MyApp folder).
$ lein new my-app
2. Update the project.clj as shown.
(defproject myapp "0.1.0"
  :description "My Lovely App"
  :url "http://example.com"
  :plugins [[lein-cljsbuild "1.1.7"]]
  :dependencies [[org.clojure/clojure "1.8.0"]
                 [org.clojure/clojurescript "1.9.521"]]
  :cljsbuild {
    :builds [{
      :id "core"
      :source-paths ["src"]
      :compiler {
        :output-to "../www/js/myapp.js"
        :optimizations :whitespace
        :pretty-print true}}]})
The source folder is the src in the my-app directory. Now we are ready to write some code.
3. The main file inside src is com/example/myapp/core.cljs
(ns com.example.myapp.core)

(defn foo []
  (println "Hello, World!"))  ; Note we use println rather than console.log

(enable-console-print!)  ; this translates the println to console.log
(set! js/foo foo)  ; export the function declared in this module (namespace) to global
3. Compile the ClojureScript to JavaScript. This will watch for modifications and auto compile every time.
lein cljsbuild auto
4. Include the my-app.js in the index.html file and load it in the browser. Open console and type foo(), which will print Hello, World! to the console.

Now we are in the right path to building lovely apps with ClojureScript and Apache Cordova! But there is a caveat. This hello world app generate 32281 lines of code. I do not see much advantage in using ClojureScript as I am a big believer of being a minimalist when doing front-end development and pretty comfortable with all the craziness that JavaScript offers. Plus this has to run on smartphones and consume less energy but I don't have the luxury of going fully native. So my take, pure JavaScript.

Thursday, 17 August 2017

NPE in getUnmarshallerFactory() in OpenSAML 3

If you are getting NullPointerException when trying to get unmarshaller factory in OpenSAML 3, means most likely OpenSAML 3 has not been initialized. I was calling OpenSAML 3 methods in my unit test suite which gave me the below error. Call (InitializationService/initialize) to initialize the library. My main program does the initialization, so I do not get error when running, but unit test does not invoke that code path.
lein test :only com.concur.saml.saml-test/saml-response

ERROR in (saml-response) (XMLObjectProviderRegistrySupport.java:126)
Uncaught exception, not in assertion.
expected: nil
  actual: java.lang.NullPointerException: null
 at org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getUnmarshallerFactory (XMLObjectProviderRegistrySupport.java:126)
    com.concur.saml.core$get_response.invokeStatic (core.clj:253)
    com.concur.saml.core$get_response.invoke (core.clj:249)
    com.concur.saml.saml_test$fn__7679.invokeStatic (saml_test.clj:22)
    com.concur.saml.saml_test/fn (saml_test.clj:19)
 ...
    user$eval85$fn__136.invoke (form-init5596096413821124374.clj:1)
    clojure.lang.AFn.applyToHelper (AFn.java:156)
    clojure.lang.AFn.applyTo (AFn.java:144)
    clojure.core$apply.invokeStatic (core.clj:648)
...
    clojure.lang.AFn.applyToHelper (AFn.java:156)
    clojure.lang.Var.applyTo (Var.java:700)
    clojure.main.main (main.java:37)

Ran 1 tests containing 1 assertions.
0 failures, 1 errors.
Tests failed.

Wednesday, 31 May 2017

Slide - SAML, Variants, Functors, Monads and Exceptions

A presentation I gave at work (SAP Concur) on SAML, using variants and exception handling in Clojure, functors, applicative functors and monads in Haskell and how Maybe and Either monads short circuits during exception and such. Removed some internal code and links.


The variant C code can be downloaded from Github.
Download this slide from Github.