November 23rd 2016

Scalpel on MacOS Sierra

Recently, I’ve been exploring mobile forensics and I wanted to install Scalpel on my new Mac however, I encountered a few difficulties along the way. These steps seemed to resolve my issues so I thought I’d share what I did.

Download Scalpel from-

https://github.com/sleuthkit/scalpel

Unzip the file and navigate to the root of the folder. At this point, I attempted to run ./bootstrap however, this failed.

Part of the issue seems to be that under newer versions of Xcode, (around version 4.4.1 onwards), Apple doesn’t include Autoconf, Automake, and Libtool.

This link http://jsdelfino.blogspot.co.uk/2012/08/autoconf-and-automake-on-mac-os-x.html shows a manual way of installing these tools, although there’s an easier way….

If you have Macports installed-

sudo port install autoconf
sudo port install automake
sudo port install libtool

Note- choose automake rather than automake17

Following this, the machine should now be ready to install Scalpel-

sudo ./bootstrap
sudo ./configure 
sudo make install
October 31st 2011

Thoughts On iOS 5

iOS 5 was released to the public on the 12th of October, following the announcement at the Apple event in the previous week. Such was the demand for iOS 5 that Apple’s servers struggled to cope and many users received the dreaded 3200 error.

I myself had been eagerly anticipating the new software. Now that I’ve had time to play around with it, I thought I’d give my views on it from the perspective of an iPhone 3GS user.

Speed
First things first, iOS 5 is definitely faster than iOS 4. If you recall, there were issues when iOS 4.3 was released. When I ran it, my phone seemed to lag and the graphics weren’t as smooth. At the time, iPhone 4 users were also affected and soon after, Apple released an update to rectify the issue.

Notification Centre
People are saying that the notification centre has been ripped off from Android. I haven’t used an Android phone so I can’t really make a fair comparison. Whatever the case, I think the notification centre in iOS 5 is a useful feature. It’s handy to have one central place to view new messages, emails and events. The new badges/alerts system is nice too- better than the standard popup which was used for everything.

Siri
This is not a feature which is enabled on the 3GS so its not something I’ve used yet. From what I’ve read, I have mixed feelings about Siri.

Sure Siri is a great feature- its practically a personal assistant. Who needs to type a message when you can dictate it to Siri? All joking aside, it does seem to be useful for finding out information. Since it uses voice recognition, I’m also thinking it would be a great tool for disabled users.

The downsides? First off a security flaw has been identified where the phone can be accessed by Siri when locked (Tech Radar article).

Secondly, Siri appears to have a problem with Scottish accents, as reported by the media (zdnet article). Now I can understand this to a degree. I’m a Scot and even I have trouble with some Scottish accents, after all, some of them are really strong.

This isn’t the first time voice recognition has caused problems in the past few years. Hands up if you’ve ever played the Brain Training games on the Nintendo DS. Did anyone encounter any issues (well, apart from being told that you had a brain age well above your actual age)? The games seemed to have a problem with my accent too so it’s not just an Apple issue. Think about the way Scots generally pronounce “seven”. It comes out as “sivin” doesn’t it?

Anyway, my first thought when Siri was announced: ” jeez, this is going to encourage more people to talk to themselves on trains”.

Location-based Reminders
This is a feature I was looking forward to using the most in iOS 5. Beside a shop? Pick up milk. Approaching your destination on the train? Send an alarm to make sure you haven’t fallen asleep. Sounds great, doesn’t it?

Well it’s not so great if you’re the owner of an iPhone 3GS because the location part of reminders has been removed. Why? The iPhone 3GS is more than capable of running this feature since it has GPS. It’s worth noting that the feature was enabled in beta versions of iOS 5. Honestly, why have Apple done this? Your guess is as good as mine (read: making people upgrade to a new phone equals money).

On a 3GS, I’m not sure that reminders adds anything more to the OS. I find myself continuing to use the calendar app. Perhaps the reminders feature is for small tasks like picking up items from the shop and the calendar should be reserved for appointments?

iCloud
Another great feature of iOS 5. Users are able to back-up and restore their devices wirelessly using iCloud. Unfortunately, I haven’t been able to get iCloud back-ups to work yet as my computer seems to be confused about its identity.

iTunes in the Cloud is also quite a neat idea. Recently, I purchased a track on iTunes (Teardrop by José González if you really wanted to know- it was used in the House season 4 finale) and I quite happily listened to it on my laptop. I wanted it on my iPhone too. Did I have to connect my iPhone to my laptop and transfer it? Nope. If you go into iTunes on your phone, select “purchased” then select “not on this iPhone”, you will be shown a list of all the songs you’ve previously purchased and you can then download them directly to your device. Great for when you’re away from your laptop.

iMessages
iMessage allows you to send messages between iOS 5 devices for free and is basically an IM service. The joke has been made that it’s just like Blackberry Messenger except it actually works (referring to the recent BBM outage). I love the fact that it allows you to send text-like messages to non-phone devices like the iPod Touch. Add Skype into the mix too and provided you have a wi-fi connection, your iPod essentially becomes a phone.

Overall Thoughts
iOS 5 has made vast improvements to the iPhone 3GS. The phone appears to be faster and the notification centre is a nice, unobtrusive way of viewing various alerts and messages. iMessages makes it easier to stay in touch with others and iCloud negates the need for the the iPhone to be connected to the computer. All fantastic new features.

That said, I’m still a bit disappointed with it. I was hoping that iOS 5 might feature NFC support. Android announced support for NFC when Gingerbread was released at the end of 2010. Since then, Google has created a Wallet system to take advantage of the feature. In May, RIM announced a BlackBerry device supporting NFC and just a few weeks ago, Nokia announced some NFC-enabled games. In this capacity, Apple are seriously lagging behind.

May 21st 2011

iPhone Tracking App

In April 2011, it was announced that security researchers Alasdair Allan and Pete Warden had developed an application which exploited the consolidated.db file held on iOS devices, allowing users to visualise the information it contained to display/track their movements.

Following this, Apple released a statement explaining that the company wasn’t tracking users via this data. In a Q&A on Location Data, featured on their website they explained that the consolidated.db file was maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested.

Since then, Apple has released an updated version of iOS (4.3.3) which has quashed this tracking bug.

I’m a little curious about what the iPhone Tracker app has uncovered on my phone.

Several points on the map indicate that I have been in both the Middlesbrough and London areas since I purchased my phone in January 2010. On closer inspection, it says I was in Middlesbrough on the 8th July 2010 and that I was in London on the 26th August 2010. In reality, those days were spent in an office in Dundee. Perhaps this is a flaw in the way Apple captured the data?

The iPhone Tracker made me think about where I’d been though. I came to the conclusion that the map shouldn’t show any points outwith Scotland. I got my phone at the beginning of 2010 and haven’t actually been out of Scotland since June 2009. Of course, a portion of the North East coast was littered with markings as I travel along it frequently. I noticed quite a few points for Glasgow (Michael Bublé and Bryan Adams concerts) and Edinburgh (visits to the Fringe festival).

My iPhone Tracking Map

My iPhone Tracking Map

I myself haven’t updated to iOS 4.3.3. Why not? In a few weeks, I’m off to NYC and when I return home, it’ll be interesting to see the additional points which have been plotted on the map. It’s a pity I didn’t have an iPhone when I did my USA/Canada trip in 2009. I think we covered 1500 miles on the bus over there- that would have produced some interesting data!

July 18th 2010

Updating to iOS 4.0.1 on the 3GS…

This evening, I plugged my iPhone into my computer and when iTunes opened, it informed me there was an update available. I like to keep my software up-to-date, so I started to download the OS update. Big mistake.

The download itself took a short while but when it was ready, I tried to install it. Back in February I updated to version 3.1.3 and more recently, I updated to iOS 4 and had no problems. This time, the update bar on my phone got to about a quarter full and then it just stopped. I thought it might be because it was a large update so I left it for over an hour. When I returned to my desk, it hadn’t moved. That’s when I started to panic.

Obviously, I couldn’t eject my iPhone because it thought it was still updating so I just removed the USB cable. I reset it a couple of times and tried again. The update bar froze. I reset it once more. Guess what? It froze. I’d read reports on the web that some people had “bricked”* their iPhones during the update process.

Apple doesn’t have any offical way of letting you downgrade the OS on the iPhone so I couldn’t get back to iOS 4. After a bit of googling, I found a way of perhaps fixing the phone (which by this point was demanding that I plug it into iTunes to restore it…but that didn’t work!).

Anyway, if you’re having problems, first of all, disconnect your phone and reset it (hold the button at the top and the home button at the same time for a few seconds) and make sure you’ve closed iTunes.

Secondly, try removing the iOS 4.0.1 update (the file may have been corrupted when it was downloading). To do this navigate to-

  • Documents and Settings\\Application Data\Apple Computer\iTunes\iPhone Software Updates (Windows)
  • Library/iTunes/iPhone Software Updates (Mac)

When you’re in the right directory, there should be a file with the extension .ipsw. Delete this. Now reconnect the phone, open iTunes and try to restore it again. Deleting the .ipsw file forces iTunes to re-download it. This time it should work (it did for me).

Of course, you could just not install the iOS 4.0.1 update 😉

*This is the word the cool kids use to describe an iPhone which is farked. I’d never heard of the term until tonight. Clearly I’m not cool enough.