The recent macOS Sierra update breaks many cracks and serial number generators (known as keygens) used in the piracy community to overcome software protection.
The cracks and keygens crash instantly upon running, with the crash log reporting the following:
This UPX compressed binary contains an invalid Mach-O header and cannot be loaded.
This occurs because the creators of the hacks and keygens use the popular open source UPX app to package their code but subsequently attempt to cover their tracks by erasing any mention of the app, including the vital markers to compressed data. This confuses macOS Sierra, causing the error.
The developers behind UPX have been made aware of the error, which affects more than just cracks and hacks, and the up-coming 3.92 release of UPX contains fixes that amongst other things addresses the problem. However, repairing existing cracks so they function on macOS Sierra is complicated by the additional requirement to resign the app after the code has been patched.
Mac Kung Fu has reached out to a prominent member of the Mac cracks and keygen community and will update this piece if we receive a response.
UPDATE: Apple has issued the following statement: “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update.”
___________________
Security software firm Elcomsoft reports that a weakness in iOS 10’s backup procedure means that iOS passwords can be discovered approximately 2,500 times faster compared to previous iOS releases.
A brute force attack combined with its own “smart attacks” running over the space of two days gives an 80 to 90 percent chance of successful password extraction from an iOS 10 iTunes backup, Elcomsoft says.
The weakness lies in a new backup protection mechanism applied to iOS 10 device backups made using iTunes. The new mechanism introduced by Apple with the OS update allegedly skips certain vital security checks that ordinarily slow brute-force password attacks, in which a huge number of guesses are attempted in order to discover a password.
Notably, the weakness does not apply to backups made online via iCloud, which remain as secure as they ever were.
Although Elcomsoft has not yet refined its Phone Breaker app used in the new attack, in that it doesn’t yet leverage the power of a GPU for this particular attack vector, they are currently reporting the following speeds in brute-force password guessing attempts:
iOS 9 (CPU): 2,400 passwords per second (Intel i5)
iOS 9 (GPU): 150,000 passwords per second (NVIDIA GTX 1080)
iOS 10 (CPU): 6,000,000 passwords per second (Intel i5)
There’s little doubt that Apple will patch the weakness in a future iOS 10 update, and additionally the requirement to have physical access to a backup file created by iTunes means the attack is unlikely to see widespread use by hackers. However, for law enforcement agencies able to impound computers and devices the new vulnerability is something of a gift.
Want to go completely black on the home screen of your new jet black or matte black iPhone 7? Here’s how.
- Visit this link in Safari on your iPhone (other browsers won’t work!), which will show a single black pixel. It’ll be too small to see, but don’t worry about that. Just click the Share button at the bottom, and then the Save Image option.
- Open Photos on your iPhone and then select to view the image, which will appear as a large black square.
- Tap the Share button and select to Use As Wallpaper. Select the Still option, and then tap the Set button. Select to use it for your Home screen only.
- The above steps might be all you need but if the Dock still appears as a gray bar, open the Settings app, and then tap General > Accessibility > Increase Contrast. Tap the Reduce Transparency switch so that it’s turned off.
Incidentally, DO NOT try this on a Mac! Within OS X El Capitan there was a nasty bug whereby a 1×1 pixel wallpaper such as this will cause the Dock to entirely disappear – as in quit, and not start-up again. I’ve no idea if this has been fixed yet – I filed a bug report with Apple (#26032473) – but I don’t want to try it again on macOS Sierra to see what happens because it’s a PITA to fix!
Picture-in-picture is a new feature in macOS Sierra in which you can send a video to a corner of the screen, where it’ll remain playing “on top” of other windows while you carry on with other tasks in other apps. Yet, amazingly, picture-in-picture is only available in the Safari web browser (or if you import the movie into iTunes, which isn’t always desirable).
If you use the QuickTime Player app, you DON’T get access to picture-in-picture.
God knows why Apple imposed this limitation but the solution is simple if you want to quickly play a video file on your hard disk using picture-in-picture – just open a new tab in Safari, then drag the file on top of the address bar until the cursor turns into a green plus symbol. The video will start playing within Safari and you can then right-click it to select the picture-in-picture option.
This will only work with video files that macOS natively understands, which is pretty much limited to MP4. You can always convert video files in other formats via the superb Adapter.
