brunerd

Here’s the meat of what gets updated: backup daemon helper & file vault image tool, loginwindow.app, Broadcom and Aetheros wireless kexts. Lotsa System.kexts: BSD, IOKit, Libkern, MAC Framework, Mach. The AFP filesystem plugin, metadata framework, the backupd launch daemon plists, and the DiskImages framework.

/System/Library/CoreServices/SystemVersion.plist
/System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd-helper
/System/Library/CoreServices/backupd.bundle/Contents/Resources/fvimagetool
/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow
/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortAtheros.kext/Contents/MacOS/AirPortAtheros
/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AppleAirPortBrcm4311.kext/Contents/MacOS/AppleAirPortBrcm4311
/System/Library/Extensions/System.kext/PlugIns/BSDKernel.kext/BSDKernel
/System/Library/Extensions/System.kext/PlugIns/IOKit.kext/IOKit
/System/Library/Extensions/System.kext/PlugIns/Libkern.kext/Libkern
/System/Library/Extensions/System.kext/PlugIns/MACFramework.kext/MACFramework
/System/Library/Extensions/System.kext/PlugIns/Mach.kext/Mach
/System/Library/Extensions/System.kext/PlugIns/System6.0.kext/kernel.6.0
/System/Library/Extensions/System.kext/PlugIns/Unsupported.kext/Unsupported
/System/Library/Filesystems/AppleShare/afpfs.kext/Contents/MacOS/afpfs
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mds
/System/Library/LaunchDaemons/com.apple.backupd-attach.plist
/System/Library/LaunchDaemons/com.apple.backupd-auto.plist
/System/Library/LaunchDaemons/com.apple.backupd-wake.plist
/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/DiskImages
/usr/share/man/man1/tmdiagnose.1

Here’s hoping that the update in tandem with the Airport/Time Capsule firmware update fixes some of the problems people have had with using a hard drive as an Airport disk on the Airport Extremes. For me it wasn’t even about Time Machine, the real pain was transfers were SLOW even over the 100Mb/s Ethernet (dangit I jumped the gun and didn’t get the GigE model) and sometimes the Airport Disk couldn’t be mounted on my computers until the Airport was restarted. Also with the update the ever mysterious Wide Area Bonjour prefs are still around, they are in the Name-Edit… button now.

One more thing…
/usr/share/man/man1/tmdiagnose.1: Hmmm, is this a Time Machine diagnostics tool?
Let’s have a look at the man page or this one:

tmdiagnose(1) BSD General Commands Manual tmdiagnose(1)

NAME
tmdiagnose, Other_name_for_same_program(), Yet another name for the same
program. — This line parsed for whatis database.

SYNOPSIS
tmdiagnose, [-abcd] [-a path] [file] [file …] arg0 arg2 …

DESCRIPTION
Use the .Nm macro to refer to your program throughout the man page like
such: tmdiagnose, Underlining is accomplished with the .Ar macro like
this: underlined text.

A list of items with descriptions:

item a Description of item a

item b Description of item b

A list of flags and their descriptions:

-a Description of -a flag

-b Description of -b flag

FILES
/usr/share/file_name FILE_1 description
/Users/joeuser/Library/really_long_file_name FILE_2 description

SEE ALSO
a(1), b(1), c(1), a(2), b(2), a(3), b(3)

Darwin Darwin

Only a dummy man page. And no executable to be found. Its origins though are from the BSD package (see /Library/Receipts/boms/com.apple.pkg.BSD.bom) No change has been made to this man page since 10.5 but yet it is included with this update? Odd. My guess is that there is an Apple internal tool in use but not something for the general public. I mean why would the ‘Rest of Us’ need to diagnose Time Machine?!

It’ just works right?

So just today I was this close to going on the Applescript mailing list to find out why the Apple Script Language guide for Leopard had yet to be released, despite being touted as “the essential guide for scripters and developers” on the Apple website, the old version from 1999 was all that could be found since Leopard’s release last year.

But today, with as little fanfare as possible, it was released.

Now go forth and…

tell Safari
get all documents containing “Applescript 2.0″
end tell

So I waited until the last minute to do the Leopard Up-to-Date program for my mac mini. One because the dang website wouldn’t recognize my mini’s serial number since December (and never did, they made me fill out the manual form — no phone orders!), but also because I wanted to make sure I got newer media. Unfortunately 10.5.2 is still in the oven, but 10.5.1 fixes this annoying bug in Disk Utility:

“Unable to create “filename“. (Read-only file system)

This would happen when you attempted to make a disk image of your hard drive and save it to another device (like an external drive), it said it was read only. I tried going through Terminal running mount -uw /Volumes/volumename to make sure it was read/write it would still balk in Disk Utility. And this was a useful thing to do before, say, upgrading to a new OS or just saving a machine image for restore/deployment like I do at work. Not a big deal since I could use a retail Tiger disc (for PPC machines) or the 10.4 (intel) install media that came with the intel machines to make backups, but I really wanted to get a Universal disc that could boot Intel and PPC and do what I wanted it to do.

Well, 10.5.1 fixes this. If you have a 10.5.0 disc, it ain’t gonna work. I was considering taking my 10.5.0 media back for an exchange, but I expensed it for work and the finance dept. has swallowed up my receipt (in a box in a warehouse Indiana Jones style, I’m sure) and I didn’t get it emailed to me as they usually do, but I think they were in a bit of a hurry since I got it on release day. C’est la vie. Besides what I really want is a 10.5.2 DVD anyway… this will be a keeper. The version that should have come out as 10.5.0 but you know they had to hit that Holiday shopping window.

Well security patches are in 7.3.1 to guard against RTSP buffer overflows that gave us the hilarious 2nd Life Mugging exploit with avatars shouting “I’ve been hacked” and sending 12 Linden dollars to the virtual mugger. But also it correct the Automator issue mentioned in the previous post. Leopard User’s can now start and stop A/V captures just like their Tiger brethren. w00t.

This one is weird…
With the new Quicktime you get movie windows with no border on the left or right, you also get some new Automator actions…
/System/Library/Automator/Enable or Disable Tracks.action
/System/Library/Automator/Hint Movies.action
/System/Library/Automator/New Audio Capture.action
/System/Library/Automator/New Video Capture.action
/System/Library/Automator/Pause Capture.action
/System/Library/Automator/Play Movies.action
/System/Library/Automator/Start Capture.action
/System/Library/Automator/Stop Capture.action

That is, if you are in Tiger. If you on Leopard, these files are copied down but are not added to Automator. If you do add them manually (drag them in, double click them, open from Terminal), they won’t do anything.

Now if you look in an .action you will see its just a folder, like an app bundle. The meat of an action is in here /Contents/Resources/main.scpt and the Tiger and Leopard Quicktime actions are byte for byte the same (use md5 for a checksum)

The only concern is though what string you find inside (these are “Run-Only” compiled Applescripts, so no plain text):
01cd Tiger
028b 'Tiger:Applications:QuickTime Player.app
02E9 T i g e r


Hmmm, is it just me or should the strings Tiger not be in a Leopard component? Especially when they have two seperate packages for the Tiger and Leopard version of Quicktime 7.3? Come on Quicktime 7.3.1!

So there’s a Hard Drive Update 1.0 update out from Apple! Put on your mining hats and let’s go spelunking… first stop the package .dist file has some strings of interest:
if( model.match(/ST3500641AS/) )
if( revision.match(/3.BTD/) )
if( model.match(/ST3750640AS/) )
if( revision.match(/3.BTF/) )

This refers to Seagate’s 750GB & 500GB drives

What else can we find? Once we open the archive.pax.gz there’s the actual Hard Drive Update 1.0 Cocoa app, which has a very scary sounding readme.rtf file inside the Contents/Resources/.lproj:

Warning: It is strongly recommended that you back up the data on your hard drives to an external drive or removable media before running this update. Do not reset, shut down, or turn off power to your computer while performing this update. If an error occurs during the update process, your hard drive(s) may become unusable and all data could be lost. If you have not backed up your data, click Quit and do so now.

As Count Floyd would say: “Oooh Scary”

Next up is the MacOS/Hard Drive Update 1.0 binary and a selection of strings:
installEFIUpdater:
%@/%@/hdfw.efi
This computer is not connected to an AC power source.

It uses an EFI application that will update the firmware on the drives (the AC line makes me chuckle, to think of what the battery life of a Mac Pro would be?! Obviously they used a template for this.)

Inside hdfw.efi are strings that refer to Cygwin, interesting what platform they are using to develop this with: a Windows box emulating *nix
C:\cygwin\home\Loki\Platform\Apple\Common\Application\ATAHDFWUtil\ATAHDFWUtil.c
C:\cygwin\home\Loki\Platform\IntelMpg\AppleTools\Build\X64\ATAHDFWUtil.pdb

Inside the Hard Drive Update 1.0.app/Contents/Resources/System/HDFW directory are hives of model names with single string files (FWAlias & FWCurrent) and the actual firmwares (FW01):
ST3500641AS__P 3_BTD/FWAlias
ST3500641AS__P 3_BTE/FWCurrent
ST3500641AS__P_3_BTE/FW01
ST3500641AS__Q 3_BTD/FWAlias
ST3500641AS__Q 3_BTE/FWCurrent
ST3500641AS__Q_3_BTE/FW01
ST3750640AS_P 3_BTF/FWAlias
ST3750640AS_P 3_BTH/FWCurrent
ST3750640AS_P_3_BTH/FW01
ST3750640AS_Q 3_BTF/FWAlias
ST3750640AS_Q 3_BTH/FWCurrent
ST3750640AS_Q_3_BTH/FW01

Here’s an amusing edited list of strings
0000000000000c96 Lube Event
0000000000000d28 Virgin Sector Cleaned
0000000000000e8f Enter DateOfBirth YYWW
0000000000000eaa Enter 64Bit WorldWideName
000000000000534c DRIVE HAS BEEN SET-STUFFED -%1
00000000000058ca Invalid caller to SaveStuffToDisk()! Write not done! %x
0000000000006c1a !! Going Offlimits !!
0000000000006c31 Sleep?

Sounds like a date gone wrong! You really should get the DOB before initiating a lube event on a virgin sector… *ahem* let me try and get back on track with a couple informative strings about the guts of the drive:
0000000000012b4b Orig Code = BTG4H1 TONKA2_GX_4H1.0GC.0B9
0000000000012e87 Built for GALAXY4D,PITKIN,Redback,TI1810 PreAmp,Agere7531 PreAmp,McKinleyDT,4Disk,220 Servos,7200RPM,8Pole,133MHz


Well, enough spelunking I’m headed topside now.

Login & Keychain Update 1.0

The Login & Keychain Update 1.0 for Mac OS X 10.5 Leopard is recommended for all Leopard installations. It addresses issues you may encounter when:

*Logging in with an account originally created in Mac OS X 10.1 or earlier that has a password of 8 or more characters.
*Connecting to some 802.11b/g wireless networks.
*Changing the password of a FileVault-protected account.

What files does it affect?

/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AppleAirPortBrcm4311.kext/Contents/MacOS/AppleAirPortBrcm4311
/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/CodeResources
/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/DiskImages
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/CodeResources
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices

Brcm4311 meaning the Broadcom 4311 wireless chip
I’m sure this is a stop-gap until 10.5.1

OK so there’s an update for the Radeon X1900 and we really don’t know what’s been improved…
If you wanna know where the ROM is it’s here
ATI Radeon X1900 XT Graphics Card Update.app/Contents/Resources/
ATIFacelessFlash.app/Contents/Resources/R580Alopias_1.202_EBC.ROM

And what’s in it? Pure binary. No symbol tables, no strings save for the the device number and copyrights….

ATY,Alopias
ATY,RadeonX1900
113-A52027-202
109-A52027-00
01.00.202
AMD Inc. All Rights Reserved. 2005-2007

If we had the original ROM and this we could see what’s different then reverse engineer the binary! Whatcha think?

Me thinks Apple and AMD/ATi should pimp themselves better for all their hard work…. unless it’s a bone headed bug they had to fix