Viewing entries tagged
recovery

Extract & Decode Forgotten Billion WAN Service Password

Comment

Extract & Decode Forgotten Billion WAN Service Password

Forgotten Internet credentials can be recovered by contacting your ISP. They can also be easily decoded from a backup configuration file.

First download the backup configuration file (backupsettings.conf) by selecting Configuration > System > Backup / Update > Backup Settings.

Open backupsettings.conf in a text editor and search for WAN service username, the following line will contain the password, Base64 encoded.

 

Copy and paste the encoded password into the field below to decode the password.


Comment

Backing Up Your Mac

Comment

Backing Up Your Mac

Ever accidentally deleted an important file, experienced a drive failure or discovered computers don't drink coffee? Reliable backups protect you from losing your irreplaceable data. Today's blog post is an unbiased overview of all the popular backup options available to Mac users.

Syncing Services & "The Cloud"

It is important to point out that many syncing services (e.g. Dropbox, Resilio Sync, etc.) can also be configured to act as somewhat of a backup. Since that is not their intended use I have not included them in this overview.

Several of the backup solutions below store data with the vendor (cloud backup). As security breaches have become common place, trusting vendors and their ability to protect user data has never been more challenging. For this reason many vendors allow advanced users to take ownership of the encryption key, preventing anyone but the user from accessing the data.


Time Machine Logo.jpg
 

Time Machine is built into macOS making it very easy to back up your Mac.

Key Points

  • Unlike most alternatives, Time Machine includes both system files and user data.
  • Supports multiple backup destinations, allowing for geographically separated backup drives (e.g. one at work and one at home).
  • Compatible with Migration Assistant making the process of restoring data to a new Mac easy.
  • Theoretically supports backing up to network shares (e.g. AirPort Time Capsule, server or NAS), in practice I have found it unreliable.
  • Support for Power Nap, allowing backups to occur while the Mac is asleep.

Data Retention

  • Hourly backups for the past 24 hours.
  • Daily backups for the past month.
  • Weekly backups for all previous months.
  • The oldest backups are deleted when the backup disk becomes full.

User Experience

Setup

To start using Time Machine simply purchase an external hard drive (any brand), plug it into your Mac and click Use as Backup Disk. It is also advisable to select the Encrypt Backup Disk checkbox, preventing anyone from accessing your backup data without a password.

Time Machine Setup
 

After that backing up is as simple as plugging in a USB.

Restoring Data

    Enter Time Machine (Recommended)

    Open Launchpad > OtherTime Machine > On the right select the date you wish to go back to > Select the files you wish to recover and click Restore.

     

    Finder

    In Finder select the name of the backup disk in the sidebar > Backups.backupdb > COMPUTERNAME > Select the date you wish to go back to > Copy and paste the files you wish to restore.

     

    CrashPlan Logo
     

    Unfortunately, Code42 the creators of CrashPlan now only offer backup solutions for small business and enterprise markets. Although this is not for individuals, business owners would benefit from considering CrashPlan for their backup needs.

    Key Points

    • Support for all the major platforms (macOS, Windows and Linux).
    • By default only the user's home directory is backed up.
    • Australians back up to CrashPlan's Sydney data centre.
    • CrashPlan can also be configured to back up to a local disk.
    • CrashPlan for Small Business targets businesses with less than 200 employees.

    Data Retention

    Data retention is user configurable, backup storage with CrashPlan is unlimited and by default all user files are retained!

    CrashPlan Backup Schedule
     

    User Experience

    Setup

    1. Sign up for the free trial here.
    2. Download and install the CrashPlan app.
    3. Sign into the app and select a backup destination (e.g. CrashPlan PRO Australia).

    Restoring Data

    CrashPlan App (Recommend)

    Open CrashPlan app from the Launchpad > Click Get Files, select the date you wish to restore from and select files you wish to restore. By default, files are restored to the Downloads folder, but this can be set to the files original location or another directory.

     

    CrashPlan Web Restore

    Sign into the CrashPlan website > Select Devices > Active > Click the restore icon next to the relevant computer > Choose the date and the files you wish to restore.

     

    Backblaze Logo
     

    Backblaze is a cost effective cloud backup solution.

    Key Points

    • Supports both macOS and Windows.
    • Includes a Locate My Computer feature similar to Find My Mac.

    Data Retention

    • Unlimited storage.
    • Backblaze only keeps copies of files for 30 days after deletion.
    • External drives being backed up to Backblaze must be connected at least once every 30 days to avoid backup deletion.
    • If the computer running Backblaze does not connect to Backblaze's servers within 6 months all backup data is deleted.

    User Experience

    Setup

    1. Sign up for the free trial here.
    2. Download and install Backblaze.

    Restoring Data

    Restoring data is done through the Backblaze website. Customers have the option of downloading required files for free or ordering a USB drive to be mailed to them, at additional cost.


    Carbonite Logo
     

    Carbonite is a popular Windows cloud backup vendor, with support for macOS.

    Key Points

    • Supports both macOS and Windows.
    • The Mac application user interface layout feels somewhat unpolished compared to its competitors.

    Data Retention

    Just like Backblaze, Carbonite Safe Basic Backup files are only kept for 30 days after deletion.

    User Experience

    Setup

    1. Sign up for a free trial here.
    2. Download and install Carbonite.

    Restoring Data

    Carbonite App (Recommended)

    Click the Carbonite icon the menu bar and select Open Carbonite. Select the relevant location in the sidebar > select the deleted file or folder > click Get this back.

     

    Carbonite Website

    To restore files Carbonite recommend using their Mac app, however backed up files can be downloaded via their website. Simply sign in > click View files and select the files you wish to download.

     

    Acronis True Image 2018 Logo
     

    Acronis have been creating backup software for over 15 years and specialise in bare metal backups (similar to Time Machine & Carbon Copy Cloner).

    Data Retention

    Users are able to configure the number of versions archived.

     

    Key Points

    • Ability to backup to Acronis Cloud and/or a local disk.
    • All data including applications and system files are backed up by default.
    • An Acronis Cloud data centre is located in Sydney.
    • Acronis Cloud storage is not unlimited with storage options going all the way up to 5TB.

    User Experience

    Setup

    1. Download and install Acronis True Image 2018 from here.
    2. Open the application, create an account and set backup locations.

    Restoring Data

    Mac App

    Select the backup destination and then the Recovery tab > Select the backup version and browse for the files you wish to restore.

    Rescue Media

    Alternatively clicking the Recover Mac button in the app will create a bootable rescue USB. Once booted an entire system backup can be restored from a local disk, Acronis Cloud or network share.

    Acronis Online Dashboard

    Sign into the dashboard > Click RECOVER next to the relevant computer > Select the files you wish to download and click DOWNLOAD.

     

    Carbon Copy Cloner Logo
     

    At its core Carbon Copy Cloner (CCC) is a graphical user interface (GUI) for the handy command line tool rsync.

    Key Points

    • Makes the process of cloning all or part of a disk simple.
    • By default clones are bootable, include all system and user files and can be restored by Migration Assistant.
    • Is able to perform scheduled backups to external encrypted disks.
    • Support for backing up to network shares.

    Data Retention

    Although there is a SafetyNet feature that can be leveraged to recover modified/deleted files, CCC's primary purpose is to maintain a replica of an internal disk.

    User Experience

    Setup

    1. Download and install Carbon Copy Cloner from here.
    2. Set source (e.g. Macintosh HD), set a destination (e.g. an external hard drive) and set a schedule (e.g. hourly).

    Restoring Data

    • If the files are still present on the back up drive they can be copied directly in Finder.
    • In the event your computer's disk has been replaced or erased, Migration Assistant will happily restore data from a CCC backup.
    • In the event where files have been overwritten on the backup drive (APFS formatted) the SafetyNet feature may be able to restore modified/deleted files.

    Comment

    Recovering a Forgotten OS X/macOS User Password

    1 Comment

    Recovering a Forgotten OS X/macOS User Password

    Recently I had an elderly client that could not remember the password to his iMac nor the email passwords configured in Apple Mail. I was caught in a situation where I could not reset his Keychain as that would remove his email passwords, but I also had no way of extracting passwords from his Keychain. On top of that I needed the password to install new printer drivers.

    This information is intended to support others that have forgotten their login password, it should not be used for evil. If you want to secure your system from vulnerabilities like this it is important to enable FileVault whole-disk encryption and use a unique/secure password. You can turn it on under System Preferences > Security & Privacy > FileVault.

    I remembered reading how the Automatic Login feature stores a cipher of the user's password in /etc/kcpassword. A quick Google search later and I had the following command to extract the password.

    Since the above command requires sudo and I didn't have access to an administrator account, I booted the iMac into Target Disk Mode, connected it to another Mac (via FireWire/Thunderbolt cable) and ran the following command:

    sudo ruby -e 'key = [125, 137, 82, 35, 210, 188, 221, 234, 163, 185, 31]; IO.read("/Volumes/Macintosh HD 1/etc/kcpassword").bytes.each_with_index { |b, i| break if key.include?(b); print [b ^ key[i % key.size]].pack("U*") }'

    And just like that I had recovered his password!

    1 Comment