Sunday, November 30, 2014

Staying Secure On Your Non-Rooted Android (updated!)

Since I have been writing a lot about Android security and tweaking, I figured that since the average Android user is not rooted, more people than not can't really benefit from the previous post's information. So this post is for users who either do not want to, or cannot obtain root on their devices, yet still want to stay secure and figure just how far you can tweak things without the superuser access.

I recently had to deal with a non-rooted phone for a couple weeks before my new device arrived, and had to rediscover a few simple, easy things that one can do to gain a little privacy back, and not risk messing with critical system files, as with root methods.

Terminology:

Root Access : To fully understand the concept of 'rooting' your phone, you need to understand a couple simple things about the way Linux works. Android phones/tablets runs off the Linux kernel, as do many other types of devices (such as routers, printers, cameras, P.C.'s, web-servers, etc). The kernel is the heart of the os (Operating System), and if all is well, you should never have to think about it or even "see" the kernel. What you see when you turn on your phone are programs. Linux was designed this way intentionally, and that's partially why Android is so user friendly. On every Linux system, there are many users running around performing various tasks in the background to make it all work. By keeping your programs separate from the system's programs, we are able to keep things secure, because each user on a properly configured Linux system can only access what it is supposed to be able to access. The only exception to this is the superuser, or the root account, which can change anything! Unix/Linux based systems were built this way because back in the old days you would have hundreds of people plugged in to the same main frame, and they needed a very secure way to make sure nobody had access to things that could wreck the entire system. This is the way it still works today.

When you purchase a new Android device, the phone ships without a root/admin account present. This is basically to protect you from yourself, because another great thing about Linux systems is that you can do NO permanent harm to the system without root access. This works pretty well for most people, but if you are like me, and know your way around Linux, and know what you are doing, it sucks. It is so much easier to lock down a rooted device, but you can still do quite a bit to keep yourself secure. After all, it is a Linux system, and is secure by nature.

The Problem

The problem is that people allow apps to be installed that require unnecessary permissions, which in turn compromises their privacy. Or in other cases, phone manufactures ship devices with worthless, malicious apps that cannot be uninstalled... (because you don't have root!)


These days there are so many applications running on your Android device, millions more in the Play Store, and most people blindly accept all of the permissions for these apps, not realizing how much of their personal privacy they are giving away for a stupid game, or the disgusting Facebook app (probably the worst app in history, if you are concerned with privacy). For instance, the Facebook app has permission to access:

  • Your Camera
  • Your Microphone
  • Your Course & Fine Location
  • Your Personal Files (anything on the SD card(s)
  • Probably even your heart&soul, not sure, as I did not read the terms and conditions
  • And all this without you even knowing, unless you actually read the terms of service...
And that's just one example. If you want another, take a look at the permissions that even the YouTube app requires, it will blow your mind. However, Android is just Java running on top of a Linux Kernel, hence it can be secured with relative ease. At first, the app permission system worked pretty well, until developers realized that so many people blindly click accept, without thinking twice. This gave some greedy developers the opportunity to sneak adware/spyware onto millions of people's phones with the customers consent. In fact, many of the apps that come pre-loaded onto your device that cannot be removed without root (we call this 'bloatware', much of it also has unnecessary permissions that compromise your system, and hence your personal privacy.) These apps make possible anything from eerily targeted advertising, to blatant data-mining, to even identity theft. So what can you do about it without superuser (root/SU/administrative) access?

Solutions

The first thing you ought to do install an app like No Root Firewall. This program is quite effective at protecting privacy, as it allows you to decide which apps get internet access, and which ones do not. So even if an app succeeds at collecting personal information, you will be safe; i.e. if the program cannot connect to the internet to relay the information it's collected back to the evil entity, it does not matter. It's not unlike getting busted going through customs, smuggling too much caviare, and being detained-- the firewall will prevent that data from ever leaving your device.

How does this work without root? Well, thankfully we are running Linux systems here, and Linux allows Virtual Private Networks (vpn's) to be configured. VPN's are, as the name suggests, virtual networks, and they have many uses. The primary use of a VPN is often to put your device on the same LAN (local area network) as other devices in a remote location. For instance, corporations use them all of the time so that when an employee works from home, they can be on the companies private network and access the necessary corporate resources. Another plus of doing this is that an encrypted tunnel is created between your internet connection and the VPN server, so anybody attempting to eavesdrop on your traffic between those points will not have any luck. But what does this have to do with a firewall?

Well, in this particular case the No Root Firewall will create a virtual network interface (adapter, card, etc) on your phone, and will force the system to route all of your traffic through this interface. Your sensitive data will not be passed to any remote server, rather the app simply creates a local virtual interface that catches all of the internet requests your device makes, at which point you will be prompted to either allow or deny access! It is ingenious, if you ask me. If you are still a little lost, think of like this:

Instead of the data requests blindly passing through your data or wifi connection, the request are halted and denied access until you say otherwise. For instance, when you boot your phone, you may notice that apps like YouTube, Google Hangouts, and other things you may never use automatically start, and then can freely make internet connections without your consent. However, if you have a local VPN based firewall catching all of those request, it puts you in control. So you can choose to allow the apps you need, like your browser, Google Play framework, and MMS messaging, while denying the apps that you do not use, or do not require internet access to run (this also is useful for blocking in-app adds, btw...).

A firewall is the first and most essential part of any devices internet security. While all Linux systems come with the highly effective IPtables firewall, you need root to configure them, so in this case, this method is the next best thing. Be aware that it is possible for evil entities to extract data through other applications, although unlikely because of the way the Android platform keeps each app in it's in own Virtual Machine, or sandbox (as to prevent shared resource data leaks as mentioned above.) Just remember it's possible, and try your best to limit internet access only to programs essential for the features you use. You will be much better off.

Download No Root Firewall from Google Play

Some other simple things you can do is go to your settings, and make sure that you turn off all of the location services, untick 'allow installation of apps from unknown sources', and opt out of all Google's or your OEM's data collection services (for instance, you will often see 'periodically send data to xxx's servers to help improve our whatever...' Unless you really trust the 3rd party with your personal data, I'd recommend you do not do this.)

Another rule of thumb I live by is: If you can do something in a web-browser, why do you need another application to complete the task? For example, it seems every company from your bank, to Dunkin Donuts to even Walmart offers they're own Android 'Apps.' These apps seldom provide any more functionality then you can already get through a web browser, and in fact, quite a few of them run off HTML anyway! You don't need the Dunkin Donuts application to do anything that you cannot already do on Dunkin's website. Since every app on your device is another potential security risk, I recommend not installing unnecessary applications. Which brings me to my next tip:

How to Avoid Being Forced into Using 3rd Party Applications

Last I checked, when I tried to access Pandora from my phone, it would not allow me to use the web browser. Pandora told me I needed their 'official Pandora App' to stream music. ...(f***king why..?) My Firefox browser is perfectly capable of doing this, and there is just no need to install more (potentially) sketchy software.

One way around this is to use a browser like Dolphin Browser, that in addition to being a great, snappy-fast browser, allows you to spoof your user-agent. All that means is that you can set Dolphin to pretend it's a Desktop computer instead of a phone, which allows you to visit the Desktop versions of websites, which allow you to use the browser like you would on your PC.

Back when mobile internet first took off, it was great that web developers started offering mobile-optimised versions of their sites, which make it easier to navigate web pages on smaller screens, and also cut down on data usage and CPU power needed to parse (or load) the web pages. However, nowadays I feel like this feature is being abused, and tricking people into thinking that not only is yet another application necessary to accomplish a task, but that you will somehow get increased functionality out of it. This is generally not true at all, and installing all of these apps does no good for anyone but advertising companies, the NSA, and corporations that want to collect and sell your personal information. When you run something in a web browser, you tend to have more control over the process than if the data is being controlled by another application that does not include any privacy enhancing features (it's quite the contrary, these days.). Be aware of this.

Download Dolphin Browser and/or Dolphin Jetpack (cooler features, recommended) from Google Play.


*I also highly recommend downloading Firefox, and installing the add-ons Adblock Plus, Https-Everywhere, and NoScript. I use Firefox on my phone most of the time, and Dolphin when I need to spoof my user agent (FF can spoof U.A.'s, but it's harder to set up.)

Encryption, and Why You Should Use it

My last tips for increased privacy are to utilize some simple encryption features that also do not require root privileges:

Encrypt Your Phone's Local Data:

All newer Android systems (from Jelly Bean (?) and up) come with native phone encryption support. From the settings menu, you can go to security > encrypt phone, and follow the instructions from that point. This will encrypt your entire phone with a passphrase, so that if it is stolen, your information will be safe. It does not require any more software, and is one of the easiest, most basic things you can do to protect yourself. I believe that it uses the modern AES-256 cipher (the same one that the NSA uses themselves), to encrypt, so you can put your mind at ease.

Note: it is possible, although extremely difficult, to extract your encryption password from your phones RAM if the device is powered on when/if it falls into the wrong hands. This is because the password is cached to RAM while the device is powered on (it has to be so you can access your files). So, if you find yourself getting pulled over and want to ensure the cops cannot go through your phone, simply power off the device and worry no more.

Encrypt Your SMS/MMS Messages & Phone Calls:

Encryption can also be used to ensure your messages and calls cannot be intercepted by an attacker (this is usually called a 'man in the middle attack' and is becoming increasingly prevalent today). Basically, voice calls and SMS are sent in plain text (or voice), with no encryption, by default. However, your Android is perfectly capable of sending these messages in an encrypted format so that only the intended recipient can read the message or understand your voice conversations.

My personal favourite encrypted SMS/MMS application for Android is TextSecure. This nifty program not only allows you to import all of your currently stored text messages into a password protected, encrypted database (rather painlessly, I might add), but if the person you are texting is also using TextSecure, your messages will be secured with end-to-end-encryption. In other words, anyone attempting to intercept the message in transit will see a bunch of random garbage text that can only be decrypted with your intended recipients private key (TextSecure handles the key exchange for you). For more information on end to end (or PGP) encryption, see my article here.


Then, for phone calls, there is RedPhone. It uses the same public-key-cryptography system that text secure uses to encrypt your voice calls. Anyone eavesdropping at any point will hear a bunch of static, and won't be able to understand a word that you say.

Get TextSecure and RedPhone from Google Play

I hope you've found this article informative. Good luck, and remember: Do Not Accept privacy invasion!

Wednesday, November 26, 2014

(updated 12/10/14!) Xposed: The Answer to All My Problems! Hacking the Moto E...


Notes

This post is a synopsis of the customizations I've done to my Android devices so far. However, this is perhaps the most interminable and ongoing project that I am working on, so I may update certain information from time to time. If I do so, I'll highlight what has been changed, so that anyone trying to replicate the procedures outlined below will be have an up to date reference.

Secondly, although this information is more specific toward Motorola users with unlocked bootloaders, I'm going to add a lot of information that will help people achieve similar results, independent of the device used. Those are my goals.

Device Info & Background

After about a year of putting off getting a new cellphone, I finally bought a new one (or two). I did not want to spend a lot of money on a phone, but the phone had to be awesome, so that's partially why I waited so long. By awesome, I mean:

  • Carrier unlocked GSM so I can switch SIM cards and never be stuck with one particular carrier.
  • The phone's bootloader absolutely must be able to be unlocked, preferably without the OEM's consent or knowledge, as to avoid loosing my warranty, (you Europeans are lucky, I envy you.)
  • Of course, the phone must be rootable, but that should go without saying, as unlocked bootloader == you can do whatever.
  • I really wanted a Google Nexus, because those phones can be unlocked with one adb command, have the most support, and always get the newest Android version first. I got the next best(ish) thing, because I was tired of waiting and could not deal with my cracked up Galaxy Centura anymore. *

* Speaking of the Centura, I'd like to take this opportunity to acknowledge and thank the guys at AndroidArea51 for making that horrible device so much better with their Centura ROMS. Check out their site linked above. They make ROMS for a lot of obscure, not-so-popular phones that nobody else wants to bother with, and they do it for you, for free, and only to better the world!

Anyway, I also wanted a new, rugged, nice phone that would get at least an update to Android 5, in case I decide to keep it on a rooted stock ROM (which at this point, I have done although still waiting for Lollipop!)

Well, Motorola has made this all possible with their release of the Moto E (Codename "Condor"; XT1021, 1022, & 1023). The Condor is not the greatest or latest phone out there, but it's priced right, has just enough specs to do the job and not lag, and best of all, the GSM version of this phone (only the GSM!! not the CDMA version!!!) qualifies for the Moto Bootloader Unlock Program! This makes up for the lower specs immensely. After all, what good will your $600 Galaxy S5 do you if you cannot unleash the full power of the kernel, enjoy the freedoms of open source software, and above all, enjoy freedom of choice?

N00b Note: Unlocking your bootloader is not for the feint hearted! You can seriously mess shit up if you don't follow directions, research, and read, read, read first! I'm not saying don't do it, I'm saying be careful!

The Moto E uses Motorola's Fastboot bootloader, which is much like Odin on Samsung devices, except it's finickier than Odin. For instance, there are many situations where you can render your device useless if you're not really careful. Of course, it is almost always fixable, so fear not. Let's get to it.

Buy a Moto E off Amazon, they're only $119 right now (Remember, GSM only*)! First, you are going to need to unlock your bootloader. I'm sorry, but currently there is no way around this...no more one click roots, guys... (Motorola will give you an unlock code that you will then enter from your PC in fastboot mode, and eureka, you can now do what you want to do with your phone)

*EDIT: I initially purchased the CDMA version of this phone, and was very, very pissed off when I realized how far the Android world has come regarding locking their shit down. I returned it and bought the correct version. Don't make that mistake.

But don't do this yet. If you are impatient like me, and start to alter your system as soon as you take it out of the box, you are going to cause yourself much more headache in the long run. First, decide whether you want to upgrade your O.S. to 4.4.3 or 4.4.4 , mine came with 4.4.2 on it and I went to 4.4.3 but not 4.4.4 because there is no reason to do so (it just kills cool features). Although this does not matter so much because we have an unlockable boot-loader, and can do whatever the hell we want, it will save you some trouble because if you do alter any system files and take an OTA update, you will brick your phone. If you unlock or root before updating, you will have to wipe your phone, reflash to stock, unroot, and flash the stock firmware again before updating. Trust me, that is a pain in the ass.

The Good Stuff

Everyone wants Cyanogenmod. It's simply the best, most featured-packed, yet bloat-free, secure, stable, and awesome ROM out there for (supported) Android devices. Cyanogen has ported its mod for a diverse range of devices, while new or less common phones like mine often have unofficial, beta builds available for testing and further development. Eventually they become 'official' builds, after their stability has been proven, as per the open source communities peer review system, and the GPL.

This particular phone was finicky when i tried installing CM11 'Condor' (can be found on Github here). After flashing cyanogenmod, the phone functioned great, except mobile data did not  work.

I also had to install "GAPPS" (all the Google Apps in a separate zip) in order to get all of the Google Play framework and programs. I don't know if I downloaded the wrong version or something, but the Google apps were buggy as hell, and they were constantly crashing. I tried a lot of work arounds, but at this point I really needed my phone to just work, so I had to flash my original system again through my custom recovery, which is painless if you do it correctly. Measure twice, bake once!

In the end, after flashing back to rooted stock 4.4.3, using TWRP (no, not some nasty some Miley Cyrus gesture, but rather Team Win Recovery), which is an excellent program, and in my opinion, the best custom recovery available for Android devices right now, as there are many amazing features, including touch support! (So no more thumbing around with the volume and power buttons like in {the old} ClockworkMod!)


I considered installed AreaRom's Moto E rom, but after having to rotate TextSecure PGP keys several times (even after restoring from a Nandroid backup), I got tired of the whole thing and just stuck to rooted stock. I probably will try AreaRom's Moto E ROM at some point, but for now...

Xposed Is Solving All My Problems

I took a closer look at the Xposed framework module, which is something I kept seeing everywhere on the xda forums, but had not really looked into. It is a module for rooted devices that lets you tweak every aspect of your system, like freaking magic... the best part is that all you need to do is install one APK file and reboot a couple times, and you are good to go! So what exactly is Xposed?

Well, it is framework developed by some really ingenious people, for rooted Android (4.0+ ..?) devices that allows you to download modules written by other members of the Android Dev community (or write your own), and these modules let you customize just about everything on your device. Here's a quote from a reddit thread listing some of the modifications one user was able to perform with the Xposed framework: (source)

I also haven't seen any performance issues, and I'm running quite a few modules...
  • AcDisplay (Modified lockscreen/notification screen)
  • ActivityForceNewTask (Forces apps to open new tasks when opening another app so that you don't have the wrong app showing in recent tasks)
  • Always Correct! (Forces correction on the keyboard for all fields)
  • CrappaLinks (Unshortens links before actually going to them, so that you don't have to open chrome first)
  • Gesture Navigation (Multi-touch OS-wide gestures)
  • GravityBox [KK] (TONS of visual enhancements... and more)
  • Greenify (Keep those pesky apps in check)
  • LWInRecents (Live Wallpaper shows in recent tasks)
  • MinMinGuard (Removes ad frames, works in conjunction with AdAway)
  • WakeLock Terminator (Keeping apps in check, once again, especially Nlp wakelocks from google play services)
  • Xposed GEL Settings (Customize Google Experience Launcher)
  • Youtube AdAway (Obvious)
  • Preference Injector (Puts my modules that offer an interface into the settings app for convenience)
  • DarkTube (Dark theme for Youtube. Came out very recently)
  • Hide Xposed IME (Hides the irritating notification to switch input methods
  • Keep Trash (Takes the trash button out of the overflow menu in Keep)
  • No KeyboardAutoPopup (Hides the keyboard when apps want to force it open on launch)
  • Play Store Link in App Info (Puts a button to the play store in the app info in settings)
  • StopSwitchDelay (forces certain apps to launch quickly from google now)
  • Xposed Light Sensor Filter (Sometimes the Nexus 5 light sensor reports very high levels randomly... This evens those spikes out.)
As you can see, you can do quite a bit. GravityBox has at least as many customizations as the rest of the list combined, too. Too many to list.
You get the point. This framework essentially allows me to build my own custom ROM for my phone, and you can do the same with yours!  Here is a couple things I've done with Xposed modules so far:

  • Enabled App Ops (the most awesome feature ever that Google killed in 4.4.2 ... retards.) This allows me to individually grant or deny all app permissions, including the system apps! Fuck you YouTube, you don't need access to my GPS or Camera! Victory at last!!!
  • Added a 'reboot' option to my power down menu, with options to soft reboot, reboot to bootloader, and recovery. (this is a big deal to me, because I hate having to use 3rd party apps to do things that the native system can handle just fine...)
  • Installed Greenify, which is a progam that seriously improvs your batter life, and system performance by forcing apps to 'hibernate' when they are not in use. And holy hell, it works great.
  • Made it so Google Maps can never ask me to turn on wifi again! No more evil world wide router mapping! #freedom
  • Update (11/27/14): Installed Xprivacy, and it is certainty interesting. This app lets you restrict what type of information apps can access without touching the permissions like app ops does. Instead, it feeds the apps bogus information. For example, if you say Youtube can't access your location, a mock (fake) location will be given to Youtube. That's powerful, but definitively something that needs to be locked down hard. I'm still figuring out what the advantages are to this over simply denying the permission to begin with. I suppose it could be a good work around for controlling privacy in situations where app ops breaks functionality. When I figure out more I'll post back.
  • Update (12/10/14) I have installed Gravity Box, which in my opinion is a must have module if you are running Xposed. It contains a large, diverse selection of tweaks that allow you to do anything from changing the color of your status bar to enabling a 'smart radio' to better manage your  device.  Also, I'd like to add that Xprivacy is awesome. I love how I can now feed apps bogus randomized information when I want to restrict a permission. It is indeed a good work around for some apps that need certain permissions when app ops will break functionality. Besides Titanium Backup Pro, this may be the only other app I actually pay for. The pro features allow you to restrict system apps as well. I think it's worth it. I rarely pay for software, but when it comes to apps that need SU permissions, it is DEFINITIVELY a case of "better safe than sorry." 
    • Unfortunatly, Xposed does tend to take up a lot of RAM (if you run a lot of modules), so I may attempt to rebuild the OS inside a virtual machine and than flash all my customizations to my phone, so that I do not need to run anything in the background.
    • Something is draining my battery pretty bad, the phone tells me it is the screen, but I can't imagine why... working on that Oh by the way, see my post about IMSI catcher detection here. There is something funny going on... cell towers don't just get up and start flying around...
    • Also, AT&T has terrible service when I go to the country. It works fine in the city and in my home, so it is not a huge deal, but I wish I could get a signal when I'm out in the middle of nowhere, like I could on Verizon. Oh well, you win some and loose some. Perhaps a Tmobile sim card would be a good investment. Will check it out and update later.
That's all I have done so far, and my phone is now doing what I want it to do, simply working with the stock ROM. This is groundbreaking stuff for people like me whom possess a device that is not officially supported by Cyanogenmod (which has all these features and more enabled out of the box).

Prerequisites of Awe
  • Either root access, or any phone with an unlocked bootloader (these tend to go hand in hand). If your phones bootloader cannot be unlocked with the OEM's consent, do some research about root exploits. Sunshine, Framaroot, and Towelroot are three that I know work on many devices running 4.4.3 and under.
  • Once you have either, you can get the other. We need the SU binary installed, and write access to the system partition before doing anything cool.
  • ICS (4.0) or later. (Update 10/27/14) This is no longer true. Xposed has been ported for Gingerbread (2.3.x) devices as well!
  • That's about it!
Enjoy!

Loose the SWAP If You Got the RAM!

Swap space is hard disc space that is used as extra RAM (random access memory) when the operating system decides it's necessary. It allows systems with low system resources to run more programs while still exceeding their RAM capacity. While that is great and all, if you have 4 + gigs of RAM and don't do anything ridiculously resource intensive like video rendering, then swap may simply be slowing you down. Unless you are lucky enough to have a solid state drive, than read/writing to a hard disc every time you call upon a program will seriously slow your system down.

On Windows systems, swap is called "page-file" or something, but it is the same concept as outlined above. I'm sure there is some way to do this in a win system, but I am not going to get into it here. If you are running Linux, then you can do a a couple very simple things to speed your system up:

Only do this if you can afford to; you should have descent system specs (4 gigs of ram and an intel core2duo is what I'm on right now). If you have less, say 2 gigs of RAM, you probably should take precautions if you attempt to tweak this:

First, let's check your swap level:


$ cat /proc/sys/vm/swappiness

You can instruct your system to use a swap less aggressively, by executing (as root) the following comamand:


# sysctl vm.swappiness=0

For whatever reason Debian systems have the vmswappiness set to 60, which is a pretty swap-happy number (on a scale from 0 to 100), so this will speed your system up considerably. If you want to make the change permanent, open /etc/sysctl.conf as root, and insert the following line into the file:


# vm.swappiness = $n
Where $n represents an integer (whole number) from 0 to 100 (I use 0) which controls how swap-happy your system gets. Even with my swapiness set to 0, occaisonally when running a lot of RAM consuming tasks (like virtual machines), my system will start swapping everything anyway, even though I have plenty of RAM. You can check your system monitor to see how much swap is in use, if any is in use, and you do not have a solid state drive, (as in my case), you can issue the following commands (as root) to disable & re-enable the swap, which also loads anything in swap to RAM and gives you a clean slate:

# swapon -a && swapoff -a
# swapoff -a && swapon -a
 (oops)

Or you can simply issue swapoff -a to disable it completely. To make things a little easier, I wrote this simple bash script to clear the swap in these situations. Place this in your $path (generally /usr/local/bin/, unless you exported another path... more on that some other time) :

#!/bin/bash
echo "I will now empty the Swap..."
if  swapoff -a && swapon a ; then
:
else
 echo "#    ! ERROR !    #"
 echo  'Damn bro, That did not work. Got root?' >&2
   exit 1
fi
If all goes well, you won't get the error message, otherwise you will (duh). This script also must be ran as root, as it needs administrative privileges. Here is one example of something that could go wrong:

root@linuxpc:~# reswap
I will now empty the Swap...
swapon: a: stat failed: No such file or directory
#    ! ERROR !    #
Damn bro, That did not work. Got root?
Since I am using an encrypted /home partition, my swap file is also encrypted. As we all know, security often comes at the price of convenience. Once in a blue moon, the system will initially fail to find the swap partition (due to linux hiding/obscuring the partition labels and whatnot), but it usually corrects itself after a little while. However, this will work flawlessly most of the time.

In conclusion, solid state drives are badass, and if you don't have one, but have enough RAM, kill the swap already!

Monday, November 24, 2014

MacKeeper Keeps You in Hell : Part I

The Situation

Today I will document the interminable, ridiculous process of removing the infamous MacKeeper Trogran. I'm working on a macbook pro 2,1. Its running Mavericks 10.7.5 and has been completely hijacked by a highly resilient piece of malware. Oddly enough, this is one of the most difficult projects I've ever taken on. Perhaps it is not so odd, considering I don't have as much experience working on Apple computers as I do on Linux & Windows PC's and Android phones. I will now document the situation:

My client has an older Macbook Pro (version 2,1). It is a pretty rugged device, and probably would be still be working great is some simple, pre-emptive failsafe measures were used. Unfortunately, (and rather incredibly, considering this is 'bugproof' Apple...yeah right) my client did not use these tools, as she is not super tech-savy, and Macs are notorious for not getting fd up, like Windows PC's do. In other words, my client purchased this computer (used, with no recovery discs), specifically to avoid these malware situations that have followed her around throughout her life.

Some of the pre-emptive measures that should/could/would have been in use are:

  • Using time machine restore points (Apple's main user recovery thing)
  • Setting basic security settings like enabling the firewall, etc...
  • Or even setting an administrative password (!!!) to lock the system down.
If that's not bad enough, there is no recovery partition present either! So here we've got a toasted, old laptop that is completely hijacked by a trogran, with no way on God's green Earth to restore the O.S. These are the procedures I have tried (with no success) thus far:

  • Removing the MacKeeper Trogran. I followed several tutorials, including this one, to no avail. I did manage to (on the surface, anyway) remove the program except it still somehow is hijacking Safari, no matter what I do.
  • Burning a Maveriks installer to USB and booting to that in attempt to wipe the system. It won't boot. This is when I started to learn about the joys of structure of an EFI boot system, and the lack of BIOS on these machines...
  • Using all of my BASH knowledge to hunt the f***er down and extract it from the root. This thing is a little devil. It changes PID's every millisecond, and seems to guess what I'm thinking before I even know myself.
  • Various built in options, about 10 hours of research, to no avail, so I...
  • Asked for help on the macrumors.com forum, and finally got some answers that made a little sense:
 ## BEGIN QUOTE-- (op)  ##  (Entire thread here)
Hi, I am new to the mac world in general and am currently trying to fix a friends macbook pro. It's an old one, the 2,1 edition:

Code:
  Hardware Overview:

  Model Name:   MacBook
  Model Identifier:     MacBook2,1
  Processor Name:       Intel Core 2 Duo
  Processor Speed:      2.16 GHz
  Number of Processors: 1
  Total Number of Cores:        2
  L2 Cache:     4 MB
  Memory:       2 GB
  Bus Speed:    667 MHz
  Boot ROM Version:     MB21.00A5.B07
  SMC Version (system): 1.17f0
There is no recovery partition and I don't have any backup disks. It is running Maveriks 2.7.5 and I cannot find a copy. I would assume Apple would help me out here because obviously the system was purchased at some point, since every new mac has OSX on it. I'm from the Linux world and am struggling despite mac's similarities to the linux kernel. I tried making a Maveriks USB flash drive with a later edition. I also have a 2008 iMac running Yosemite. Can anyone please point me in the right direction?
My friend got the infamous "mackeeper" virus and I've successfully removed it except it still hijacks Safari, no matter what I do. I need to reinstall the OS. Other people seem to have this problem too. What is the next step? Should I contact Apple or a boot disc..?

Any help would be appreciated. I can't get it to boot to a USB disc I made with my iMac. Thanks.
 ##--- post from  Nov 22, 2014, 02:53 PM -- ##
Originally Posted by linuxjustworks View Post
  • [1] What exactly is a 'faff'?
    [2] I read somewhere that "downgrading" OSX can make things messy, but in this case it should work okay?
    [3] Isn't Snow Leopard Server Edition available for free download, and could I use that? As long as I can get the computer to boot & it's secure I will be hapy. Is Snow Leopard available on a 64 bit architecture (& for free)?
    [4] So Apple will sell me a Mountain Lion boot disc for $20? That sounds like the best option, would you agree? I can do the rest as long as I can get it to boot.
    [5] Can you tell me all the different boot options? Example, I thought either 'alt' or "alt+R" is recovery, but does that vary from model to model? So holding "C" (without or with alt?) boots to opticial drive, correct?
    [6] We have no time machine backups or other backups whatsoever, or recovery partition, and my friend is fine with having to manually redownload everything. Is that ok?
    [7] Is there a service manual somewhere online for this machine? I have repaired countless Linux/Windows PC's and never had such a hard time doing things like getting into the BIOS and booting to external media, so a service manual would be very useful...

Once again, thank you for your answer. This is enough information for me to get started in the right direction. Truly appreciated.

I read your OP and you must be mixing things up quite a bit. The computer cannot be running OS X 10.9 Mavericks and not have a recovery partition. That gets installed along with the OS whether you like it or not. Same goes goes for any OS X version later than(and including) 10.7 Lion.
Thus, with no recovery partition present, the computer is most likely running 10.4 Tiger(which it originallly came with), 10.5 Leopard or 10.6 Snow Leopard.

With that said, here's your questions, answered to the best of my knowledge.

1. Not a clue.

2. That CAN be true, if you try to install it overtop an existing installation. A good rule of thumb for Macs is that you cannot install an OS X version that is earlier than the one it came with. So basically, for that computer, anything later than 10.4.X (can't remember exactly which one it was for that model) will install fine. Support for such an old computer was dropped in Lion (10.7) I believe, you should check Apple's website for that. If you erase the disk and start from scratch, downgrading OS X will not be a problem.

3. No version of Snow Leopard was ever free. Snow Leopard is a 32 and 64bit hybrid. It can run 64 bit apps even when booted in 32 bit mode. Since the computer you are speaking of can only address 3.25GB of RAM, 64 bit doesn't matter one bit.

4. Lion was a downloadable app on the App store, you cannot get a physical disc for it, there never was one. You can probably still get 10.6 Snow Leopard retail discs.

5. CMD+R is the correct keystroke, not ALT. That could be why you're not seeing any recovery. Alternatively, you can hold the Option (ALT) key (alone) during bootup to see the boot options to it. If there is a recovery partition, it will be listed there.

6. Sure. Just make sure you give a sharp whap to the back of the head of your friend for not keeping backups for me, that is just begging for lost data. All hard drives eventually die.

7. There was one that came with the machine. You will not find instructions regarding the BIOS as Macs do not have one. They've been running EFI since the switch to Intel so there isn't much you can do on that front as the EFI is locked down nice and tight.


Your friend should have recovery discs though, they are the grey discs that came with the machine. Unless he/she threw out all the packaging and its content, he/she still has them. 
##------END QUOTE------##

So, I think I have finally obtained some useful information! It appears that I have a few options, none of which are ideal...
  • Re-Purchase OSX (thanks Apple) in the form of an optical boot disc
  • Pirate it because f*** that if at all possible, considering OSX was obviously purchase at one point (you can't even buy an Apple computer without OSX installed)
  • Hire Apple to fix it. Umm nope... (why does this always lead to giving Apple more money for software that has already been paid for, and didn't even work?!?)
Naturally, choice #2 would be preferable. I don't even consider it stealing or pirating in this particular case, I look at it like breaking into the dude's house that stole your playstation so you can steal take it back. As of this moment I am attempting to burn an OSX Mountain Lion .dmg image to a USB drive. If that does not work, I will try to burning to it a DVD-R (in this case the file is 4.3 GB's, so it will actually fit on a single layer DVD, as opposed to the 5 GB + Maveriks system.

And if all else fails, I will submit and end up purchasing a recovery disk from Apple... more coming later after I see what comes next. If you have any advice for me, please comment or email me! That would be great. I'll post part II when I fix this damn thing.

Sunday, November 23, 2014

Creating a Windows/Linux Dual Boot System

Not that there is a shortage of this kind of information, but for those of you whom either cannot or will not convert from Microsucks, Windows to the awesome GNU/Linux platform, this post may help you out. Since I am currently doing exactly that, I'm going to blog the process, for the hell of it, so to speak.

Making the switch to Linux from Windows is generally pretty painless. However, there can be some minor, and irritating issues that must be addressed. In one case, the first words out of my clients mouth were "Eww I can't use Netflix?" ... Yes, you can totally use Netflix with Linux. Because Netflix depends on Microsucks Silverlight (which linux people hate), a sepperate Netflix browser must be installed. It used to be buggy, but it's come a long way. Another example of a compatability issue that has been fixed is using iPods with Linux. Yes, that is totally possible too. Again, it's just a matter of installing some extra software.

Anyway, if you want a dual boot system, you should install Windows first. If you already have Windows than you are in luck. If not, it is possible, but not really recommended to install Windows after installing a Linux system, because the ms-bootloader is a picky piece of sh**. So acquire a copy of your Windows distribution of choice (in most cases that would be Windows 7 Ultimate, because Windows 8 is a travesty), and go ahead and insert the disk into your machine. I'm not going to go into details about installing or acquiring Windows, so remember, Google is your best friend.

You should partition your hard disc during the Windows install to leave room for you Linux installation, unless you already have Windows, in which case the Linux installer can take care of that for you, but it will take a little longer because partitions must be shrunk, and that is time consuming. In this case, I am installing Win 7 Ultimate and Ubuntu 14.04 LTS on a 160 gig hard drive. The partition was be set up like this:

About 70 gigs was dedicated to Windows, and the rest was left unformatted for the Ubuntu installation. This was easily accomplished using the Windows installers partitioning tools. After booting to Windows, I then inserted the Linux Ubuntu disc, and restarted the computer. The computer was pre-set to boot to optical media if present. I manually partitioned the hard disc to give Linux about 8 gigs of disc space for swap, because this particular machine has 8 gigs of ram. a RAM/swap 1:1 ratio is a good rule of thumb. So I ended up with about 69 gigs for Linux, 8 for Swap, and the rest for Windows.

But upon rebooting the computer, it went straight to Windows. We need a bootloader to select which operating system to boot to. The natural choice is GRUB (the default Debian bootloader). For some reason it was not properly installed. So, I turned to boot repair disc! This is a very magical tool, and it flawlessly gave me the grub!

Next on the list is beefing up the security of the system. For some reason, spyware has made it even into some open source software these days. Every time I install Ubuntu on a computer, I remove the programs 'popularity-contest' and 'zeitgeist'. They do no good for anyone, and only serve to spy on you.

So, after installing Ubunut, open a terminal and do this:

sudo apt-get purge popularity-contest

And then,

ps -ef | grep zeit

Remove any packages it finds, be careful though. You can screw your system up if you accidentally purge something that is actually useful! (The two main ones are "zeitgeist" and "zeitgeist-core".) Enable the firewall:

sudo ufw enable

...and enjoy your new dual boot Win/Linux system! That's all for today.

Sunday, November 9, 2014

Locked Bootloaders Suck

Man I miss last summer. When you could root almost any Android phone with a one click exploit. Well, Motorola and many other companies have patched that up using modern encryption standards and requiring lock codes that can only be generated through their private keys. Potential dead end indeed... that kind of encryption takes a lot of computing power to break. Google is constantly rolling out OTA updates that give no new features and just patch the exploits.

Remember Google, don't be evil. Evil sucks. Well, to Google's credit, the Nexus line has allowed unlocked bootloaders all along.

With that said, where there is will, there is a way. In this case, just refuse to buy handsets that can't root. I am returning the Motorola E I just bought (sucky device anyways) and buying a GSM Google Nexus if I can find one in my price range. Because, Sunshine is right. Active roots were #solastsummer .