I always like reading about someone's choices for "best" app. I like to see what other people are using and it is a great way to find out about new software. Lifehacker just put out an update to their on going list of the Best Free Mac Downloads. I have almost all of them on my Mac and I have to tell you, they are great apps. So head on over to Lifehacker and see what they say are the best free apps for the Mac.
Our List of the Best Free Mac Downloads via Lifehacker
Monday, August 1, 2011
A Hidden Tax Increase in Debt Deal
A hidden tax increase in the debt deal? Yeah, that doesn't surprise me. It also doesn't surprise me that they (Congress) waited until the last minute to strike up a deal. I am about over all of them in Washington. It seems like they can't get anything done. Check out "A Hidden Tax Increase In Debt Deal" over at the Conservative Nation for more information.
A Hidden Tax Increase in Debt Deal via The Conservative Nation
A Hidden Tax Increase in Debt Deal via The Conservative Nation
How to Get Started with GMail
Gmail is a great email client. I use it as my primary email account. You can configure it to work with Outlook, Mail, Thunderbolt, or just use it in a web browser. However, Gmail can be a little confusing if you've never used it before. To help you overcome the learning curve, head on over to Lifehacker and check out their guide on how to get started with Gmail.
How to Get Started with GMail via Lifehacker
How to Get Started with GMail via Lifehacker
Our First of the Month Financial Routine via Frugal Dad
Personal finance is one of my favorite topics to read and learn about. I am always looking for a better way to handle my finances so that I can save more money every month. I especially like to read about other people's routine in order to adapt it to my situation.
Frugal Dad has a really good article he wrote about his family's first of the month financial routine. He outlines 7 things he does at the beginning of every month that helps him keep track of his finances and that enables him to reach his financial goals.
If you are concerned about your monthly finances or you just want read about how someone else handles theirs, you should head over to Frugal Dad and check it out.
Our First of the Month Financial Routine via Frugal Dad
Frugal Dad has a really good article he wrote about his family's first of the month financial routine. He outlines 7 things he does at the beginning of every month that helps him keep track of his finances and that enables him to reach his financial goals.
If you are concerned about your monthly finances or you just want read about how someone else handles theirs, you should head over to Frugal Dad and check it out.
Our First of the Month Financial Routine via Frugal Dad
Friday, July 29, 2011
How to Take a Screenshot or Picture of What’s On Your Computer Screen
Ok, your computer is acting like it has a mind of its own and it will NOT cooperate with you and you just have to get this paper finished. You have your friend on the phone (you know the one, the guy that always fixes your computer?) but you just can't make him understand what you are seeing on your computer screen. You're frustrated and you are tired of him asking "what do you see now". Don't you just wish you could take a picture of your screen and email it to him.
This isn't the only reason you might want to take a screen shot of your desktop or an open application window. Honestly, taking screen shots is a very useful skill indeed.
Lifehacker has put together a great article on how to take a picture of your screen on a Windows box or a Mac. Click here to read the post!
How to Take a Screenshot via LifeHacker
This isn't the only reason you might want to take a screen shot of your desktop or an open application window. Honestly, taking screen shots is a very useful skill indeed.
Lifehacker has put together a great article on how to take a picture of your screen on a Windows box or a Mac. Click here to read the post!
How to Take a Screenshot via LifeHacker
Why are Some People Successful?
Have you ever wondered why some people succeed while others do not? Is it luck or some special knowledge that successful people have that us normal people don't?
According to Dr. Mani at Entrepreneurs-Journey.com, it mostly has to do with sticking to something no matter what obstacles get in your way. For a good uplifting article that will recharge your interest in becoming successful or any other work you may be doing, visit Entrepreneurs-Journey.
According to Dr. Mani at Entrepreneurs-Journey.com, it mostly has to do with sticking to something no matter what obstacles get in your way. For a good uplifting article that will recharge your interest in becoming successful or any other work you may be doing, visit Entrepreneurs-Journey.
The Secret to Building Wealth Most People Ignore
Do you think building wealth is impossible for you and your family? Have you tried but just can't seem to make it? I am not talking about get rich schemes, or making money from home scams, I am talking about building real sustainable wealth that any family can do.
Head on over to Frugal Dad and read his article on the Secret to Building Wealth that Most People Ignore. If you have never read his blog, it is some great reading with common sense advice that the everyday person can really use. He has no agenda other than to help people become debt free.
Don't forget to check out his Twitter feed @FrugalDad
Head on over to Frugal Dad and read his article on the Secret to Building Wealth that Most People Ignore. If you have never read his blog, it is some great reading with common sense advice that the everyday person can really use. He has no agenda other than to help people become debt free.
Don't forget to check out his Twitter feed @FrugalDad
Thursday, July 28, 2011
Increase your Brain Power by Doing Things the Hard Way
Yes technology makes things easier and quicker. This is especially true with most of our daily tasks. I for one, like the feel of putting pen to paper. I always thought that writing my thoughts out in a Moleskin notebook made me more creative. Well, it looks like I might have been right according to the folks over at the IEET. Head over to their website to learn why doing things the hard way can actually make you smarter!
Increase Your Intelligence by doing things the hard way
Increase Your Intelligence by doing things the hard way
The US Government Approves a Horrible ISP Monitoring Bill
This bill requires all Internet Service Providers (ISPs) to keep a log of all your internet activity, name, social security number, address, and credit card numbers (just to name a few) for at least a year. Head on over to CNet News to get all the details.
Wednesday, July 27, 2011
Props to a Great Company ---HP
As most of my readers know, I love Apple products. I use them a lot. However, Apple is lacking in the enterprise end of the market. For this reason, I use HP products. The agency I work for, uses HP products exclusively. There are a few reasons for this:
HP Products are Just Top Notch
No one can beat their business class desktops, servers, switches, and other hardware. They are built to last and they accomplish that hands down better than any other company out on the market today. In my personal life, I work on a lot of computers. Mostly viruses and malware issues but also hardware failures. I almost never work on an HP. When someone asks me what computer they should buy for their home and family, I always recommend HP for Windows users.
HP Customer Service is Simply the Best
When there is a problem, HP makes it right. Their customer service has always been outstanding. They have quick and reliable service and they are always helpful and friendly. This is true for not only the enterprise support, but also their home user support as well.
HP Has Some of the Best Pricing
At the enterprise level, price is always a concern. However, HP has very competitive pricing with all their products. For the home user, the same is also true. Couple that with reliable products and outstanding customer service, you have a winning combination.
The website I often use is HPDirect The website is easy to use and help is only a click away. Check out @Paul_for_HP on twitter for any questions. He is knowledgable and will be glad to help.
When my friends, family, and clients want a good deal on a Windows machine, I always steer them in HP’s direction. I promise you can’t miss by choosing them!
HP Products are Just Top Notch
No one can beat their business class desktops, servers, switches, and other hardware. They are built to last and they accomplish that hands down better than any other company out on the market today. In my personal life, I work on a lot of computers. Mostly viruses and malware issues but also hardware failures. I almost never work on an HP. When someone asks me what computer they should buy for their home and family, I always recommend HP for Windows users.
HP Customer Service is Simply the Best
When there is a problem, HP makes it right. Their customer service has always been outstanding. They have quick and reliable service and they are always helpful and friendly. This is true for not only the enterprise support, but also their home user support as well.
HP Has Some of the Best Pricing
At the enterprise level, price is always a concern. However, HP has very competitive pricing with all their products. For the home user, the same is also true. Couple that with reliable products and outstanding customer service, you have a winning combination.
The website I often use is HPDirect The website is easy to use and help is only a click away. Check out @Paul_for_HP on twitter for any questions. He is knowledgable and will be glad to help.
When my friends, family, and clients want a good deal on a Windows machine, I always steer them in HP’s direction. I promise you can’t miss by choosing them!
How to Create a Custom Smart Folder in Mac OS X
The Mac Finder is probably among the most used applications on your Mac. It’s the place where you store, navigate, and locate nearly all of the content (e.g., documents, images, and music files) on your hard drive.
The more items you add to your computer, the more challenging it is to locate files when you need them. This is why Apple came up with what are called Smart Folders, which basically consists of a collection of files based on a set of search criteria.
The biggest challenge in creating Smart Folders is figuring out what criteria you need for the type of search you want to do. The more familiar you become with the search options for Smart Folders, the easier it will be to create them.
Lets Create a Smart Folder
In a Finder window, go to File>New Smart Folder
Setting Up Smart Folder Rules
Click on the + button on the far right of the search box by the save button. Notice that the search will be based upon all the contents of your Mac.
1. The first pop-up menu consists of a set of attributes for the kinds of items you want to search for. These attributes include file name, type of file, date created, etc. For this tutorial, let’s use Name, which refers to the name of files.
2. Now click on the second pop-up menu to further refine the search by selecting “ends with”.
3. We’re going to search for Microsoft Word Files, so in the text field, type “docx” --without the quotation marks. If you have Word files in your computer they should automatcally start showing up in this Smart Folder. If you don’t have Word files, you can type, “rtf” for TextEdit files, or “pages” for Pages files.
The search criteria for this Smart Folder looks for and gathers Word documents into one folder, though the documents themselves may be saved in many different folders on your hard drive.
Go ahead and save the Smart Folder. In the next article in this series, I will show you how to add more than one criteria to a Smart Folder to further refine your search.
If you have any questions or comments please feel free to post them in the comment section below, or send me an email directly at jeff.trehern@gmail.com
Thanks for reading and have a wonderful day!
The more items you add to your computer, the more challenging it is to locate files when you need them. This is why Apple came up with what are called Smart Folders, which basically consists of a collection of files based on a set of search criteria.
The biggest challenge in creating Smart Folders is figuring out what criteria you need for the type of search you want to do. The more familiar you become with the search options for Smart Folders, the easier it will be to create them.
Lets Create a Smart Folder
In a Finder window, go to File>New Smart Folder
Setting Up Smart Folder Rules
Click on the + button on the far right of the search box by the save button. Notice that the search will be based upon all the contents of your Mac.
1. The first pop-up menu consists of a set of attributes for the kinds of items you want to search for. These attributes include file name, type of file, date created, etc. For this tutorial, let’s use Name, which refers to the name of files.
2. Now click on the second pop-up menu to further refine the search by selecting “ends with”.
3. We’re going to search for Microsoft Word Files, so in the text field, type “docx” --without the quotation marks. If you have Word files in your computer they should automatcally start showing up in this Smart Folder. If you don’t have Word files, you can type, “rtf” for TextEdit files, or “pages” for Pages files.
The search criteria for this Smart Folder looks for and gathers Word documents into one folder, though the documents themselves may be saved in many different folders on your hard drive.
Go ahead and save the Smart Folder. In the next article in this series, I will show you how to add more than one criteria to a Smart Folder to further refine your search.
If you have any questions or comments please feel free to post them in the comment section below, or send me an email directly at jeff.trehern@gmail.com
Thanks for reading and have a wonderful day!
Friday, July 22, 2011
How to Install OS X Lion
With OS X Lion out in full swing, I have been asked many times, what do I need to do to upgrade? Downloading and installing Apple’s latest iteration of their famous (and sometimes infamous) operating system is very simple and relatively painless. However, to ensure that the upgrade goes as seamlessly as possible, there are a few steps that you should take. Some of the steps listed below are common sense things, and others are out of an abundance of caution.
Step 1. Make sure your Mac is ready for OS X Lion
There are some compatibly and minimum system requirements that you should be aware of. The main idea here is that you need an Intel based Mac. You will also need a recent version of Snow Leopard. To check what version and what kind of processor you have, click on the Apple icon at the top left of the screen and then click “About This Mac”.
Step 2. Do a system update and update your apps
It is a good idea to go ahead and download any updates Apple may have released BEFORE you upgrade to Lion. Apple has released a few small patches (and some large ones) that will ease the transition to Lion. Also, updating your apps is a smart thing to do. Open up the Mac App Store and install any updates that are available.
Step 3. Back up your computer
Backing up your computer is always a good idea and especially so before you install a new operating system. Apple’s Time Machine is a great option for an easy to use backup solution.
Step 4. Download OS X Lion from the Mac App Store
Fire up the Mac App Store and purchase Lion!!! It only cost $29.99 and in my opinion, it is well worth the price. Lion should be very easy to find in the app store. It should be right on top. The download can be a bit lengthly. It should take about an hour maybe 2 depending on the speed of your internet connection.
Step 5. Install Lion
Once the download is complete, click on the continue button and then accept the terms and conditions. You will also need to enter the admin account password. This is all fairly simple as it is about the same procedure as any other software install.
The installer then begins the surprisingly fast task of installing Lion. After it is done, click on the restart button. After your Mac has restarted, you are then ready to start playing around with all the new features that Lion has to offer.
Don’t forget to check out apple.com for some great tutorials and videos that explain all the new features.
Step 1. Make sure your Mac is ready for OS X Lion
There are some compatibly and minimum system requirements that you should be aware of. The main idea here is that you need an Intel based Mac. You will also need a recent version of Snow Leopard. To check what version and what kind of processor you have, click on the Apple icon at the top left of the screen and then click “About This Mac”.
Step 2. Do a system update and update your apps
It is a good idea to go ahead and download any updates Apple may have released BEFORE you upgrade to Lion. Apple has released a few small patches (and some large ones) that will ease the transition to Lion. Also, updating your apps is a smart thing to do. Open up the Mac App Store and install any updates that are available.
Step 3. Back up your computer
Backing up your computer is always a good idea and especially so before you install a new operating system. Apple’s Time Machine is a great option for an easy to use backup solution.
Step 4. Download OS X Lion from the Mac App Store
Fire up the Mac App Store and purchase Lion!!! It only cost $29.99 and in my opinion, it is well worth the price. Lion should be very easy to find in the app store. It should be right on top. The download can be a bit lengthly. It should take about an hour maybe 2 depending on the speed of your internet connection.
Step 5. Install Lion
Once the download is complete, click on the continue button and then accept the terms and conditions. You will also need to enter the admin account password. This is all fairly simple as it is about the same procedure as any other software install.
The installer then begins the surprisingly fast task of installing Lion. After it is done, click on the restart button. After your Mac has restarted, you are then ready to start playing around with all the new features that Lion has to offer.
Don’t forget to check out apple.com for some great tutorials and videos that explain all the new features.
Wednesday, July 20, 2011
I installed OS X Lion
I finished installing Mac OS X Lion about an hour ago. It was painless and very easy. Right off the bat, I am having difficulty getting the hang of the new scrolling change. You have to scroll up to go down. I don't get that but ok. I LOVE Mission Control. A three finger swipe up and you can see everything you have open on one screen. Swiping between spaces is very easy as well.
The mail app is taking a bit of getting used too. The jury is still out on that one but as I use it more, I will let you know. I am also having a bit of trouble with some older apps that I have installed. They seem to have some compatibility issues. I will be creating a list of the good and bad so keep checking back!
The mail app is taking a bit of getting used too. The jury is still out on that one but as I use it more, I will let you know. I am also having a bit of trouble with some older apps that I have installed. They seem to have some compatibility issues. I will be creating a list of the good and bad so keep checking back!
OS X Lion is Available for Download TODAY!!!
Apple has just released their newest OS for the Mac, OS X Lion, today. You can only download it from the Mac App Store. The cost is very affordable, only $29.99. Be one of the first to download it! My copy is downloading as I write this and I will be posting some of my opinions in the next few days. Also, be sure to complete a FULL back up of your Mac before installing Lion.
Good Luck and let me know what you think of it!
Good Luck and let me know what you think of it!
Database Keys. Primary Keys and Foreign Keys
As you may already know, databases use tables to organize information. Each table consists of a number of rows, each of which corresponds to a single database record. So, how do databases keep all of these records straight? It’s through the use of keys.
Primary Keys
The first type of key we’ll discuss is the primary key. Every database table should have one or more columns designated as the primary key. The value this key holds should be unique for each record in the database. For example, assume we have a table called Employees that contains personnel information for every employee in our firm. We’d need to select an appropriate primary key that would uniquely identify each employee. Your first thought might be to use the employee’s name.
This wouldn’t work out very well because it’s conceivable that you’d hire two employees with the same name. A better choice might be to use a unique employee ID number that you assign to each employee when they’re hired. Some organizations choose to use Social Security Numbers (or similar government identifiers) for this task because each employee already has one and they’re guaranteed to be unique. However, the use of Social Security Numbers for this purpose is highly controversial due to privacy concerns. (If you work for a government organization, the use of a Social Security Number may even be illegal under the Privacy Act of 1974.) For this reason, most organizations have shifted to the use of unique identifiers (employee ID, student ID, etc.) that don’t share these privacy concerns.
Once you decide upon a primary key and set it up in the database, the database management system will enforce the uniqueness of the key. If you try to insert a record into a table with a primary key that duplicates an existing record, the insert will fail.
Most databases are also capable of generating their own primary keys. Microsoft Access, for example, may be configured to use the AutoNumber data type to assign a unique ID to each record in the table. While effective, this is a bad design practice because it leaves you with a meaningless value in each record in the table. Why not use that space to store something useful?
Foreign Keys
The other type of key that we’ll discuss in this course is the foreign key. These keys are used to create relationships between tables. Natural relationships exist between tables in most database structures. Returning to our employees database, let’s imagine that we wanted to add a table containing departmental information to the database. This new table might be called Departments and would contain a large amount of information about the department as a whole. We’d also want to include information about the employees in the department, but it would be redundant to have the same information in two tables (Employees and Departments). Instead, we can create a relationship between the two tables.
Let’s assume that the Departments table uses the Department Name column as the primary key. To create a relationship between the two tables, we add a new column to the Employees table called Department. We then fill in the name of the department to which each employee belongs. We also inform the database management system that the Department column in the Employees table is a foreign key that references the Departments table. The database will then enforce referential integrity by ensuring that all of the values in the Departments column of the Employees table have corresponding entries in the Departments table.
Note that there is no uniqueness constraint for a foreign key. We may (and most likely do!) have more than one employee belonging to a single department. Similarly, there’s no requirement that an entry in the Departments table have any corresponding entry in the Employees table. It is possible that we’d have a department with no employees.
Primary Keys
The first type of key we’ll discuss is the primary key. Every database table should have one or more columns designated as the primary key. The value this key holds should be unique for each record in the database. For example, assume we have a table called Employees that contains personnel information for every employee in our firm. We’d need to select an appropriate primary key that would uniquely identify each employee. Your first thought might be to use the employee’s name.
This wouldn’t work out very well because it’s conceivable that you’d hire two employees with the same name. A better choice might be to use a unique employee ID number that you assign to each employee when they’re hired. Some organizations choose to use Social Security Numbers (or similar government identifiers) for this task because each employee already has one and they’re guaranteed to be unique. However, the use of Social Security Numbers for this purpose is highly controversial due to privacy concerns. (If you work for a government organization, the use of a Social Security Number may even be illegal under the Privacy Act of 1974.) For this reason, most organizations have shifted to the use of unique identifiers (employee ID, student ID, etc.) that don’t share these privacy concerns.
Once you decide upon a primary key and set it up in the database, the database management system will enforce the uniqueness of the key. If you try to insert a record into a table with a primary key that duplicates an existing record, the insert will fail.
Most databases are also capable of generating their own primary keys. Microsoft Access, for example, may be configured to use the AutoNumber data type to assign a unique ID to each record in the table. While effective, this is a bad design practice because it leaves you with a meaningless value in each record in the table. Why not use that space to store something useful?
Foreign Keys
The other type of key that we’ll discuss in this course is the foreign key. These keys are used to create relationships between tables. Natural relationships exist between tables in most database structures. Returning to our employees database, let’s imagine that we wanted to add a table containing departmental information to the database. This new table might be called Departments and would contain a large amount of information about the department as a whole. We’d also want to include information about the employees in the department, but it would be redundant to have the same information in two tables (Employees and Departments). Instead, we can create a relationship between the two tables.
Let’s assume that the Departments table uses the Department Name column as the primary key. To create a relationship between the two tables, we add a new column to the Employees table called Department. We then fill in the name of the department to which each employee belongs. We also inform the database management system that the Department column in the Employees table is a foreign key that references the Departments table. The database will then enforce referential integrity by ensuring that all of the values in the Departments column of the Employees table have corresponding entries in the Departments table.
Note that there is no uniqueness constraint for a foreign key. We may (and most likely do!) have more than one employee belonging to a single department. Similarly, there’s no requirement that an entry in the Departments table have any corresponding entry in the Employees table. It is possible that we’d have a department with no employees.
Sunday, July 17, 2011
Do you want a free eBook?
Do you use Microsoft Excel but find it difficult to work with? Do you want to use Excel but don't know where to start?
Leave your email address in the comment section and I will send you a free eBook that will teach you to easily accomplish what you need to do in Excel. No strings attached. Just a free eBook that will hopefully help you learn something about a very useful tool!
Leave your email address in the comment section and I will send you a free eBook that will teach you to easily accomplish what you need to do in Excel. No strings attached. Just a free eBook that will hopefully help you learn something about a very useful tool!
Saturday, July 16, 2011
Top 10 Obscure Google Search Tricks
When it comes to the Google search box, you already know the tricks: finding exact phrases matches using quotes like "so say we all" or searching a single site using site:Hakninja.blogspot.com gmail. But there are many more oblique, clever, and lesser-known search recipes and operators that work from that unassuming little input box. Dozens of Google search guides detail the tips you already know, but today we're skipping the obvious and highlighting our favorite obscure Google web search tricks.
10. Get the local time anywhere
What time is it in Bangkok right now? Ask Google. Enter simply what time is it to get the local time in big cities around the world, or add the locale at the end of your query, like what time is it hong kong to get the local time there.
9. Track flight status
Enter the airline and flight number into the Google search box and get back the arrival and departure times right inside Google's search results.
8. Convert currency, metrics, bytes, and more
Google's powerful built-in converter calculator can help you out whether you're cooking dinner, traveling abroad, or building a PC. Find out how many teaspoons are in a quarter cup (quarter cup in teaspoons) or how many seconds there are in a year (seconds in a year) or how many euros there are to five dollars (5 USD in Euro). For the geekier set, bits in kilobytes (155473 bytes in kilobytes) and numbers in hex or binary (19 in binary) are also pretty useful.
7. Compare items with "better than" and find similar items with "reminds me of"
Simply search for, in quotes: "better than _keyword_"
Some example results:
Results 1 - 100 of about 550 English pages for " better than WinAmp".
Results 1 - 57 of 57 English pages for " better than mIRC".
Results 1 - 100 of about 17,500 English pages for " better than Digg". (Wow. Poor Digg.)
The results will almost always lead you to discovering alternatives to whatever it is you're searching for. Using the same concept, you can use this trick to discover new music or movies. For example, " reminds me of _someband_" or "sounds like _someband_" will pull up artists people have thought sounded similar to the one you typed in. This is also a great way to find good, no-name musicians you'd probably never know of otherwise.
Examples:
Results 1 - 88 of 88 English pages for " reminds me of Metallica".
Results 1 - 36 of 36 English pages for " similar to Garden State".
Results 1 - 66 of 66 English pages for " sounds like The Shins".
Just get creative and you'll, without a doubt, find cool new stuff you probably never knew existed.
6. Use Google as a free proxy
What, your company blocks that hip new web site just because it drops the F bomb occasionally? Use Google's cache to take a peek even when the originating site's being blocked, with cache:example.com.
5. Remove affiliate links from product searches
When you're sick of seeing duplicate product search results from the likes of eBay, Bizrate, Pricerunner, and Shopping.com, clear 'em out by stacking up the -site:ebay.com -site:bizrate.com -site:shopping.com operator. Alternately, check out Give Me Back My Google (original post), a service that does all that known reseller cleaning up for you when you search for products. Compare this GMBMG search for a Cruzer 1GB flash drive to the regular Google results.
4. Find related terms and documents
Ok, this one's direct from any straight-up advanced search operator cheat sheet, but it's still one of the lesser-used tricks in the book. Adding a tilde (~) to a search term will return related terms. For example, Googling ~nutrition returns results with the words nutrition, food, and health in them.
3. Find music and comic books
Using a combination of advanced search operators that specify music files available in an Apache directory listing, you can turn Google into your personal Napster. Go ahead, try this search for Nirvana tracks: -inurl:(htm|html|php) intitle:"index of" +"last modified" +"parent directory" +description +size +(wma|mp3) "Nirvana". (Sub out Nirvana for the band you're interested in; use this one in conjunction with number 7 to find new music, too.) The same type of search recipe can find comic books as well.
2. ID people, objects, and foreign language words and phrases with Google Image Search
Google Image search results show you instead of tell you about a word. Don't know what jicama looks like? Not sure if the person named "Priti" who you're emailing with is a woman or a man? Spanish rusty and you forgot what "corazon" is? Pop your term into Google Image Search (or type image jicama into the regular search box) to see what your term's about.
1. Make Google recognize faces
If you're doing an image search for Paris Hilton and don't want any of the French city, a special URL parameter in Google's Image search will do the trick. Add &imgtype=face to the end of your image search to just get images of faces, without any inanimate objects. Try it out with a search for rose (which returns many photos of flowers) versus rose with the face parameter.
What's your favorite ninja Google search technique? Tell us about it in the comments.
Tuesday, July 12, 2011
How to instantly increase traffic to your website or blog using RefZip
I have recently found a website that will instantly increase the traffic to your website or blog by at least 20 to 30%. In one hour of posting my blog “HakNinja”, I saw an increase in traffic of 28%. Now my blog is small and I don’t have a very big following but this site has really helped me.
The website is called RefZip and here’s how it works.
1. You enter the URL of your website or blog on the RefZip home page.
2. RefZip will then include your website into a rotation of other websites.
3. That’s it!
RefZip has a huge following. People visit RefZip to see a rotation of recently updated websites. They can read it directly from RefZip or click on the site to actually visit it. Either way, you get increased traffic, INSTANTLY!!! It is completely free and you don’t have to give any information other than the URL of your website or blog. It is easy and it really works.
Starting and maintaining a website or blog is hard work and when you don’t see a lot of traffic it can be disheartening. Small time bloggers need all the help they can get and this is a great tool; and for you readers out there, check out RefZip and you will get a large amount of interesting and relevant blogs and websites that you are guaranteed to enjoy.
Click here to start using or browsing RefZip
Blog Directory
The website is called RefZip and here’s how it works.
1. You enter the URL of your website or blog on the RefZip home page.
2. RefZip will then include your website into a rotation of other websites.
3. That’s it!
RefZip has a huge following. People visit RefZip to see a rotation of recently updated websites. They can read it directly from RefZip or click on the site to actually visit it. Either way, you get increased traffic, INSTANTLY!!! It is completely free and you don’t have to give any information other than the URL of your website or blog. It is easy and it really works.
Starting and maintaining a website or blog is hard work and when you don’t see a lot of traffic it can be disheartening. Small time bloggers need all the help they can get and this is a great tool; and for you readers out there, check out RefZip and you will get a large amount of interesting and relevant blogs and websites that you are guaranteed to enjoy.
Click here to start using or browsing RefZip
Blog Directory
Sunday, July 10, 2011
Get Your Mac Ready for Lion
On July 1st Apple released the golden master version (GMV) of Lion to developers—usually the last non-public version of OS X before the official release. If you want to update as soon as it is available, now is the time to check your hardware and perform a few system cleanups to ensure you'll be ready to download Lion on release day. Macworld runs through what you need to do to prepare.
Most Macs from 2006 and newer should be able to install and run Lion without difficulty; the minimum hardware requirements are 2gb of RAM, 4gb of free hard drive space, and an Intel processor that is at least a Core 2 duo, i3, i5, i7, or Xeon. Furthermore you must have a recent update of Snow Leopard (OS 10.6.6 or better) as Lion will only available from the Mac App Store, which debuted in that version of Snow Leopard.
You don't necessarily want to skate by on the bare minimum of requirements, so it may be time to consider additional RAM, or if you might be better served with purchasing a new Mac with Lion preinstalled. If you're unhappy with the speed of your Mac running Snow Leopard, an upgrade may be in order.
After you've made sure the basic requirements are met it is a good idea to backup, run all Apple software updates, and check for updates for any third-party software you use. You should also disable FileVault if you use it as Lion includes a new approach to file encryption. See the Macworld full guide below for details.
MacWorlds Guide to Prepare for Lion
Click below to check out my other website It teaches how to make some extra $$$. It is legit.
Earn 1K a Month
Monday, April 25, 2011
WLOX news just confirmed that Mississippi Governor Haley Barbour will not enter the presidential race in 2012. For months now, Governor Barbour has made numerous appearances in key states outlining the mistakes of the Obama administration and touting conservative rhetoric.
I have a few sources close to the Governor and they have informed me that the main reason he has decided against being a candidate for president is his wife’s disapproval and fear of such an endeavor. Mrs. Barbour has been very vocal about her fears of a presidential race. She is quoted as saying “it horrifies me”.
I have my own opinions about why the Governor has decided not to run for president. The country has repeatedly declared that they [the voters] are tired of the same old politics and want something different. Governor Barbour is the “same old politics”. He epitomizes what is wrong with the American political system and has given no signs of changing. His extensive experience of being a lobbyist shows that he knows how to manipulate the system for his benefit and there is no reason to believe that it would be any different if he were president.
Governor Barbour is a career politician. I for one, am of the belief that we need something different. We need someone who knows how to succeed in the private sector as well as in the public eye. I am pleased to know that Governor Barbour will not be a candidate for president. Perhaps this will make more room for someone who wants what is best for America. Donald Trump anyone?
I have a few sources close to the Governor and they have informed me that the main reason he has decided against being a candidate for president is his wife’s disapproval and fear of such an endeavor. Mrs. Barbour has been very vocal about her fears of a presidential race. She is quoted as saying “it horrifies me”.
I have my own opinions about why the Governor has decided not to run for president. The country has repeatedly declared that they [the voters] are tired of the same old politics and want something different. Governor Barbour is the “same old politics”. He epitomizes what is wrong with the American political system and has given no signs of changing. His extensive experience of being a lobbyist shows that he knows how to manipulate the system for his benefit and there is no reason to believe that it would be any different if he were president.
Governor Barbour is a career politician. I for one, am of the belief that we need something different. We need someone who knows how to succeed in the private sector as well as in the public eye. I am pleased to know that Governor Barbour will not be a candidate for president. Perhaps this will make more room for someone who wants what is best for America. Donald Trump anyone?
Wednesday, April 20, 2011
Dropbox, Keep Your Hands Off My Data!!!!
Yesterday, Dropbox, which is a very popular file syncing utility that stores user’s data in the cloud, announced that it would decrypt and hand over files if the U.S. Government requested it.
The issue I have with this is not that they would give the requested data to the Feds, they really have no choice if the Feds have a warrant, buts its that Dropbox employees even have the ability to decrypt user’s data in the first place.
Maybe I am paranoid, but I do not like the idea that the employees of data storage companies have the ability to see my files. It seems to me that there now is a place in the market for another “Dropbox” like company, but one that gives the user control over its own encryption key.
Sure, there are tools out there that can be used to encrypt data before it even reaches the Dropbox servers. The first one that comes to mind is the wonderful, feature rich, and absolutely free tool called Truecrypt. However, using that with Dropbox its a hassle at best, not to mention that it would make the smartphone app completely useless.
Dropbox, we all love your service and you provide a great cloud storage solution, but please for the love of God, give us control over our own encryption keys. Give us the ability to ensure that we are the only ones that can access our data.
Below is a link to another article about this topic from PCWorld.com
Update: Dropbox Will Hand Over Your Files to the Feds If Asked
The issue I have with this is not that they would give the requested data to the Feds, they really have no choice if the Feds have a warrant, buts its that Dropbox employees even have the ability to decrypt user’s data in the first place.
Maybe I am paranoid, but I do not like the idea that the employees of data storage companies have the ability to see my files. It seems to me that there now is a place in the market for another “Dropbox” like company, but one that gives the user control over its own encryption key.
Sure, there are tools out there that can be used to encrypt data before it even reaches the Dropbox servers. The first one that comes to mind is the wonderful, feature rich, and absolutely free tool called Truecrypt. However, using that with Dropbox its a hassle at best, not to mention that it would make the smartphone app completely useless.
Dropbox, we all love your service and you provide a great cloud storage solution, but please for the love of God, give us control over our own encryption keys. Give us the ability to ensure that we are the only ones that can access our data.
Below is a link to another article about this topic from PCWorld.com
Update: Dropbox Will Hand Over Your Files to the Feds If Asked
Wednesday, January 19, 2011
How to Crack almost any App on a Mac (and How to Prevent it)
How to Crack Just About Any Mac App (and How to Prevent It)
While the Mac is rarely targeted for security exploits and viruses, it's no stranger to software piracy—likely because Mac apps are pretty easy to crack. Here's how it can be done and how to prevent it.
How I'd Crack Your Mac App
Well, not you specifically, but by you I mean the average Mac developer. It's too easy to crack Mac apps. Way too easy. By walking through how I can hack your app with only one Terminal shell, I hope to shed some light on how this is most commonly done, and hopefully convince you to protect yourself against me. I'll be ending this article with some tips to prevent this kind of hack.
In order to follow along you're going to need a few command line utilities. You're going to need the Xcode tools installed. And, lastly, you're going to need an app to operate on. I will not explicitly name the app here but I chose it because it made a good example.
Let's start by making sure we have the two utilities we need: otx and class-dump. I like to use Homebrew as my package manager of choice. Note that I will use command line utilities only, including vim. If you prefer GUIs, feel free to use your code editor of choice, HexFiend and otx's GUI app.
$ sudo brew install otx
$ sudo brew install class-dump
The first step is to poke into the target app's headers, gentlemanly left intact by the unwitting developer.
$ cd Exces.app/Contents/MacOS
$ class-dump Exces | vim
Browse around, and find the following gem:
@interface SSExcesAppController : NSObject
{
[...]
BOOL registred;
[...]
- (void)verifyLicenseFile:(id)arg1;
- (id)verifyPath:(id)arg1;
- (BOOL)registred;
What do we have here?! A (badly spelt) variable and what looks like three methods related to registration. We can now focus our efforts around these symbols. Let's continue poking by disassembling the source code for these methods.
$ otx Exces -arch i386
Note that Exces is a universal binary, and that we need to ensure we only deal with the active architecture. In this case, Intel's i386. Let us find out what verifyLicenseFile: does.
-(void)[SSExcesAppController verifyLicenseFile:]
[...]
+34 0000521e e8c21e0100 calll 0x000170e5 -[(%esp,1) verifyPath:]
+39 00005223 85c0 testl %eax,%eax
+41 00005225 0f84e2000000 je 0x0000530d
[...]
+226 000052de c6472c01 movb $0x01,0x2c(%edi) (BOOL)registred
[...]
This is not straight Objective-C code, but rather assembly (what C compiles into). The first part of each line, the offset, +34, shows how many bytes into the method the instruction is. 0000521e is the address of the instruction within the program. e8c21e0100 is the instruction in byte code. calll 0x000170e5 is the instruction in assembly language. -[(%esp,1) verifyPath:] is what otx could gather the instruction to represent in Obj-C from the symbols left within the binary.
With this in mind, we can realize that verifyLicenseFile: calls the method verifyPath: and later sets the boolean instance variable registred. We can guess that verifyPath: is probably the method that checks the validity of a license file. We can see from the header that verifyPath: returns an object and thus would be way too complex to patch. We need something that deals in booleans.
Let's launch Exces in the gdb debugger and check when verifyLicenseFile: is called.
$ gdb Exces
(gdb) break [SSExcesAppController verifyLicenseFile:]
Breakpoint 1 at 0x5205
(gdb) run
No bite. The breakpoint is not hit on startup. We can assume that there's a good reason why verifyLicenseFile: and verifyPath: are two separate methods. While we could patch verifyLicenseFile: to always set registred to true, verifyLicenseFile: is probably called only to check license files entered by the user. Quit gdb and let's instead search for another piece of code that calls verifyPath:. In the otx dump, find the following in awakeFromNib:
-(void)[SSExcesAppController awakeFromNib]
[...]
+885 00004c8c a1a0410100 movl 0x000141a0,%eax verifyPath:
+890 00004c91 89442404 movl %eax,0x04(%esp)
+894 00004c95 e84b240100 calll 0x000170e5 -[(%esp,1) verifyPath:]
+899 00004c9a 85c0 testl %eax,%eax
+901 00004c9c 7409 je 0x00004ca7
+903 00004c9e 8b4508 movl 0x08(%ebp),%eax
+906 00004ca1 c6402c01 movb $0x01,0x2c(%eax) (BOOL)registred
+910 00004ca5 eb7d jmp 0x00004d24 return;
[...]
The code is almost identical to verifyLicenseFile:. Here's what happens:
1. verifyPath: is called. (+894 calll)
2. A test happens based on the result of the call. (+899 testl)
3. Based on the result of the text, jump if equal. (+901 je) A test followed by a je or jne (jump if not equal) is assembly-speak for an if statement.
4. The registred ivar is set, if we have not jumped away.
Since awakeFromNib is executed at launch, we can safely assume that if we override this check, we can fool the app into thinking it's registered. The easiest way to do that is to change the je into a jne, essentially reversing its meaning.
Search the dump for any jne statement, and compare it to the je:
+901 00004c9c 7409 je 0x00004ca7
+14 00004d9f 7534 jne 0x00004dd5 return;
7409 is the binary code for je 0x00004ca7. 7534 is a similar binary code. If we simply switch the binary code for the je to 7534, at address 00004c9c, we should have our crack. Let's test it out in gdb.
$ gdb Exces
(gdb) break [SSExcesAppController awakeFromNib]
Breakpoint 1 at 0x4920
(gdb) r
(gdb) x/x 0x00004c9c
0x4c9c <-[SSExcesAppController awakeFromNib]+901>: 0x458b0974
We break on awakeFromNib so we're able to fiddle around while the app is frozen. x/x reads the code in memory at the given address.Now here's the confusing thing to be aware of: endianness. While on disk, the binary code is normal, intel is a little-endian system which puts the most significant byte last, and thus reverses every four-byte block in memory. so while the code at address 0x4c9c is printed as 0x458b0974, it's actually 0x74098b45. We recognize the first two bytes 7409 from earlier.
We need to switch the first two bytes to 7534. Let's start by disassembling the method so we can better see our way around. Find the relevant statement:
0x00004c9c <-[SSExcesAppController awakeFromNib]+901>: je 0x4ca7 <-[SSExcesAppController awakeFromNib]+912>
Now let's edit code in memory.
(gdb) set {char}0x00004c9c=0x75
(gdb) x/x 0x00004c9c
0x4c9c <-[SSExcesAppController awakeFromNib]+901>: 0x458b0975
(gdb) set {char}0x00004c9d=0x34
(gdb) x/x 0x00004c9c
0x4c9c <-[SSExcesAppController awakeFromNib]+901>: 0x458b3475
Here we set the first byte at 0x00004c9c. By simply counting in hexadecimal, we know that the next byte goes at address 0x00004c9d, and set it as such. Let's disassemble again to check if the change was done right.
(gdb) disas
0x00004c9c <-[SSExcesAppController awakeFromNib]+901>: jne 0x4cd2 <-[SSExcesAppController awakeFromNib]+955>
Whoops, we made a mistake and changed the destination of the jump from +912 to +955. We realize that the first byte (74) of the byte code stands for the je/jne and the second byte is the offset, or how many bytes to jump by. We should only have changed 74 to 75, and not 09 to 34. Let's fix our mistake.
(gdb) set {char}0x00004c9c=0x75
(gdb) set {char}0x00004c9d=0x09
And check again…
0x00004c9c <-[SSExcesAppController awakeFromNib]+901>: jne 0x4ca7 <-[SSExcesAppController awakeFromNib]+912>
Hooray! This looks good! Let's execute the app to admire our crack.
(gdb) continue
Awesome! Victory! We're in, and the app thinks we're a legitimate customer. Well, not quite. We still need to make our change permanent. As it currently stands, everything will be erased as soon as we quit gdb. We need to edit the code on disk, in the actual binary file. Let's find a chunk of our edited binary big enough that it likely won't be repeated in the whole binary.
(gdb) x/8x 0x00004c9c
0x4c9c <-[SSExcesAppController awakeFromNib]+901>: 0x458b0975 0x2c40c608 0x8b7deb01 0xa4a10855
0x4cac <-[SSExcesAppController awakeFromNib]+917>: 0x89000141 0x89082454 0x89042444 0x26e82414
That's the memory representation of the code, a whole 8 blocks of four bytes starting at 0x00004c9c. Taking endianness into account, we must reverse them and we get the following:
0x75098b45 0x08c6402c 0x01eb7d8b 0x5508a1a4
0x41010089 0x54240889 0x44240489 0x1424e826
The very first byte of the series is the 74 that we switched into 75. By changing it back, we can deduce the original binary code to be:
0x74098b45 0x08c6402c 0x01eb7d8b 0x5508a1a4
0x41010089 0x54240889 0x44240489 0x1424e826
Let's open the binary in a hex editor. I used vim, but feel free to use any hex editor at this point. HexFiend has a great GUI.
(gdb) quit
$ vim Exces
This loads up the binary as ascii text, which is of little help. Convert it to hex thusly:
:%!xxd
vim formats hex like this:
0000000: cafe babe 0000 0002 0000 0012 0000 0000 ................
The first part, before the colon, is the address of block. Following it are 16 bytes, broken off in two-byte segments. Incidentally, every Mach-O binary starts with the hex bytes cafebabe. Drunk Kernel programmers probably thought it'd be funny. Now that we have our beautiful hex code loaded up, let's search for the first two bytes of our code to replace:
/7409
Too many results to make sense of. Let's add another two bytes. Search for "7409 8b45" instead and boom, only one result:
001fc90: 0089 4424 04e8 4b24 0100 85c0 7409 8b45 ..D$..K$....t..E
Edit it to the following:
001fc90: 0089 4424 04e8 4b24 0100 85c0 7509 8b45 ..D$..K$....t..E
Convert it back to binary form, then save and quit:
:%!xxd -r
:wq
And… We're done! To check our work, launch the app in gdb, break to [SSExcesAppController awakeFromNib] and disassemble.
$ gdb Exces
(gdb) break [SSExcesAppController awakeFromNib]
Breakpoint 1 at 0x4c90
(gdb) r
(gdb) disas
Admire our work:
0x00004c9c <-[SSExcesAppController awakeFromNib]+901>: jne 0x4ca7 <-[SSExcesAppController awakeFromNib]+912>
Quit gdb and relaunch the app from the Finder, and enjoy your awesome hacker skills.
How to Prevent This
Objective-C makes it really easy to mess with an app's internals. Try to program the licensing mechanism for your app in pure C, that will already make it harder for me to find my way around your binary.
A truly skilled hacker will always find his way around your protection, but implementing a bare minimum of security will weed out 99% of amateurs. I am somewhat of a skilled hacker but with some very basic knowledge I tore this app apart in no time. Implementing the various easy tips above takes very little time, yet you would have made it enough of a pain for me that I would have given up.
While the Mac is rarely targeted for security exploits and viruses, it's no stranger to software piracy—likely because Mac apps are pretty easy to crack. Here's how it can be done and how to prevent it.
How I'd Crack Your Mac App
Well, not you specifically, but by you I mean the average Mac developer. It's too easy to crack Mac apps. Way too easy. By walking through how I can hack your app with only one Terminal shell, I hope to shed some light on how this is most commonly done, and hopefully convince you to protect yourself against me. I'll be ending this article with some tips to prevent this kind of hack.
In order to follow along you're going to need a few command line utilities. You're going to need the Xcode tools installed. And, lastly, you're going to need an app to operate on. I will not explicitly name the app here but I chose it because it made a good example.
Let's start by making sure we have the two utilities we need: otx and class-dump. I like to use Homebrew as my package manager of choice. Note that I will use command line utilities only, including vim. If you prefer GUIs, feel free to use your code editor of choice, HexFiend and otx's GUI app.
$ sudo brew install otx
$ sudo brew install class-dump
The first step is to poke into the target app's headers, gentlemanly left intact by the unwitting developer.
$ cd Exces.app/Contents/MacOS
$ class-dump Exces | vim
Browse around, and find the following gem:
@interface SSExcesAppController : NSObject
{
[...]
BOOL registred;
[...]
- (void)verifyLicenseFile:(id)arg1;
- (id)verifyPath:(id)arg1;
- (BOOL)registred;
What do we have here?! A (badly spelt) variable and what looks like three methods related to registration. We can now focus our efforts around these symbols. Let's continue poking by disassembling the source code for these methods.
$ otx Exces -arch i386
Note that Exces is a universal binary, and that we need to ensure we only deal with the active architecture. In this case, Intel's i386. Let us find out what verifyLicenseFile: does.
-(void)[SSExcesAppController verifyLicenseFile:]
[...]
+34 0000521e e8c21e0100 calll 0x000170e5 -[(%esp,1) verifyPath:]
+39 00005223 85c0 testl %eax,%eax
+41 00005225 0f84e2000000 je 0x0000530d
[...]
+226 000052de c6472c01 movb $0x01,0x2c(%edi) (BOOL)registred
[...]
This is not straight Objective-C code, but rather assembly (what C compiles into). The first part of each line, the offset, +34, shows how many bytes into the method the instruction is. 0000521e is the address of the instruction within the program. e8c21e0100 is the instruction in byte code. calll 0x000170e5 is the instruction in assembly language. -[(%esp,1) verifyPath:] is what otx could gather the instruction to represent in Obj-C from the symbols left within the binary.
With this in mind, we can realize that verifyLicenseFile: calls the method verifyPath: and later sets the boolean instance variable registred. We can guess that verifyPath: is probably the method that checks the validity of a license file. We can see from the header that verifyPath: returns an object and thus would be way too complex to patch. We need something that deals in booleans.
Let's launch Exces in the gdb debugger and check when verifyLicenseFile: is called.
$ gdb Exces
(gdb) break [SSExcesAppController verifyLicenseFile:]
Breakpoint 1 at 0x5205
(gdb) run
No bite. The breakpoint is not hit on startup. We can assume that there's a good reason why verifyLicenseFile: and verifyPath: are two separate methods. While we could patch verifyLicenseFile: to always set registred to true, verifyLicenseFile: is probably called only to check license files entered by the user. Quit gdb and let's instead search for another piece of code that calls verifyPath:. In the otx dump, find the following in awakeFromNib:
-(void)[SSExcesAppController awakeFromNib]
[...]
+885 00004c8c a1a0410100 movl 0x000141a0,%eax verifyPath:
+890 00004c91 89442404 movl %eax,0x04(%esp)
+894 00004c95 e84b240100 calll 0x000170e5 -[(%esp,1) verifyPath:]
+899 00004c9a 85c0 testl %eax,%eax
+901 00004c9c 7409 je 0x00004ca7
+903 00004c9e 8b4508 movl 0x08(%ebp),%eax
+906 00004ca1 c6402c01 movb $0x01,0x2c(%eax) (BOOL)registred
+910 00004ca5 eb7d jmp 0x00004d24 return;
[...]
The code is almost identical to verifyLicenseFile:. Here's what happens:
1. verifyPath: is called. (+894 calll)
2. A test happens based on the result of the call. (+899 testl)
3. Based on the result of the text, jump if equal. (+901 je) A test followed by a je or jne (jump if not equal) is assembly-speak for an if statement.
4. The registred ivar is set, if we have not jumped away.
Since awakeFromNib is executed at launch, we can safely assume that if we override this check, we can fool the app into thinking it's registered. The easiest way to do that is to change the je into a jne, essentially reversing its meaning.
Search the dump for any jne statement, and compare it to the je:
+901 00004c9c 7409 je 0x00004ca7
+14 00004d9f 7534 jne 0x00004dd5 return;
7409 is the binary code for je 0x00004ca7. 7534 is a similar binary code. If we simply switch the binary code for the je to 7534, at address 00004c9c, we should have our crack. Let's test it out in gdb.
$ gdb Exces
(gdb) break [SSExcesAppController awakeFromNib]
Breakpoint 1 at 0x4920
(gdb) r
(gdb) x/x 0x00004c9c
0x4c9c <-[SSExcesAppController awakeFromNib]+901>: 0x458b0974
We break on awakeFromNib so we're able to fiddle around while the app is frozen. x/x reads the code in memory at the given address.Now here's the confusing thing to be aware of: endianness. While on disk, the binary code is normal, intel is a little-endian system which puts the most significant byte last, and thus reverses every four-byte block in memory. so while the code at address 0x4c9c is printed as 0x458b0974, it's actually 0x74098b45. We recognize the first two bytes 7409 from earlier.
We need to switch the first two bytes to 7534. Let's start by disassembling the method so we can better see our way around. Find the relevant statement:
0x00004c9c <-[SSExcesAppController awakeFromNib]+901>: je 0x4ca7 <-[SSExcesAppController awakeFromNib]+912>
Now let's edit code in memory.
(gdb) set {char}0x00004c9c=0x75
(gdb) x/x 0x00004c9c
0x4c9c <-[SSExcesAppController awakeFromNib]+901>: 0x458b0975
(gdb) set {char}0x00004c9d=0x34
(gdb) x/x 0x00004c9c
0x4c9c <-[SSExcesAppController awakeFromNib]+901>: 0x458b3475
Here we set the first byte at 0x00004c9c. By simply counting in hexadecimal, we know that the next byte goes at address 0x00004c9d, and set it as such. Let's disassemble again to check if the change was done right.
(gdb) disas
0x00004c9c <-[SSExcesAppController awakeFromNib]+901>: jne 0x4cd2 <-[SSExcesAppController awakeFromNib]+955>
Whoops, we made a mistake and changed the destination of the jump from +912 to +955. We realize that the first byte (74) of the byte code stands for the je/jne and the second byte is the offset, or how many bytes to jump by. We should only have changed 74 to 75, and not 09 to 34. Let's fix our mistake.
(gdb) set {char}0x00004c9c=0x75
(gdb) set {char}0x00004c9d=0x09
And check again…
0x00004c9c <-[SSExcesAppController awakeFromNib]+901>: jne 0x4ca7 <-[SSExcesAppController awakeFromNib]+912>
Hooray! This looks good! Let's execute the app to admire our crack.
(gdb) continue
Awesome! Victory! We're in, and the app thinks we're a legitimate customer. Well, not quite. We still need to make our change permanent. As it currently stands, everything will be erased as soon as we quit gdb. We need to edit the code on disk, in the actual binary file. Let's find a chunk of our edited binary big enough that it likely won't be repeated in the whole binary.
(gdb) x/8x 0x00004c9c
0x4c9c <-[SSExcesAppController awakeFromNib]+901>: 0x458b0975 0x2c40c608 0x8b7deb01 0xa4a10855
0x4cac <-[SSExcesAppController awakeFromNib]+917>: 0x89000141 0x89082454 0x89042444 0x26e82414
That's the memory representation of the code, a whole 8 blocks of four bytes starting at 0x00004c9c. Taking endianness into account, we must reverse them and we get the following:
0x75098b45 0x08c6402c 0x01eb7d8b 0x5508a1a4
0x41010089 0x54240889 0x44240489 0x1424e826
The very first byte of the series is the 74 that we switched into 75. By changing it back, we can deduce the original binary code to be:
0x74098b45 0x08c6402c 0x01eb7d8b 0x5508a1a4
0x41010089 0x54240889 0x44240489 0x1424e826
Let's open the binary in a hex editor. I used vim, but feel free to use any hex editor at this point. HexFiend has a great GUI.
(gdb) quit
$ vim Exces
This loads up the binary as ascii text, which is of little help. Convert it to hex thusly:
:%!xxd
vim formats hex like this:
0000000: cafe babe 0000 0002 0000 0012 0000 0000 ................
The first part, before the colon, is the address of block. Following it are 16 bytes, broken off in two-byte segments. Incidentally, every Mach-O binary starts with the hex bytes cafebabe. Drunk Kernel programmers probably thought it'd be funny. Now that we have our beautiful hex code loaded up, let's search for the first two bytes of our code to replace:
/7409
Too many results to make sense of. Let's add another two bytes. Search for "7409 8b45" instead and boom, only one result:
001fc90: 0089 4424 04e8 4b24 0100 85c0 7409 8b45 ..D$..K$....t..E
Edit it to the following:
001fc90: 0089 4424 04e8 4b24 0100 85c0 7509 8b45 ..D$..K$....t..E
Convert it back to binary form, then save and quit:
:%!xxd -r
:wq
And… We're done! To check our work, launch the app in gdb, break to [SSExcesAppController awakeFromNib] and disassemble.
$ gdb Exces
(gdb) break [SSExcesAppController awakeFromNib]
Breakpoint 1 at 0x4c90
(gdb) r
(gdb) disas
Admire our work:
0x00004c9c <-[SSExcesAppController awakeFromNib]+901>: jne 0x4ca7 <-[SSExcesAppController awakeFromNib]+912>
Quit gdb and relaunch the app from the Finder, and enjoy your awesome hacker skills.
How to Prevent This
Objective-C makes it really easy to mess with an app's internals. Try to program the licensing mechanism for your app in pure C, that will already make it harder for me to find my way around your binary.
A truly skilled hacker will always find his way around your protection, but implementing a bare minimum of security will weed out 99% of amateurs. I am somewhat of a skilled hacker but with some very basic knowledge I tore this app apart in no time. Implementing the various easy tips above takes very little time, yet you would have made it enough of a pain for me that I would have given up.
Subscribe to:
Posts (Atom)