Is Mobile Activation a default activation mode in Mac OSX?
I'm using a Mac Mini and under /System/Volumes/Hardware it's showing me Mobile activation certificate.
Then if I try adding it to my Keychain, it's showing me that it's not trusted. Could anyone shared some light into why that is? Thanks
[Re-Titled by Moderator]
Mac mini, macOS 15.3
That's not really what I'm asking. But since you must know, I do like to know what's going on behind the scenes.
Only once you understand it, you're free to ignore it....
-but also because of past experiences, reading OSX system installs logs, assertions, or that even when you DFU a machine it isn't 100% factory reset. Especially not the case when the System cannot be forcefully unmounted.
-having found several Remote Management, Mobile Profiles, System Configuration Policy folder files under /var/db folders,
-nvram that cannot be cleared through crtl+P,alt+Q nor from the terminal within Recovery,
-limited permissions in general, network hot-spot and bridge that constantly turn on its own, file system extensions unable to disable,
-files that get corrupted during download often while at home
-Updates folders showing me updates for voice/speech functionality even though I have those disabled along with Siri and everything else within Accessibility, and can only be disabled or removed through SIP
-Certificates with http links in it that do not link anywhere and could potentially be used through your own browser to retrieve your data.
-Safari same origin policy network issues, embedded frames/scripts within developers folders that return console errors, chrome internal urls warnings about unsafe connections, certificate warnings by Firefox
Having said that, I'm also interested on understanding how/why and whether just MDM machines or any Mac for that matter is generally mobile activated.... then look bit more in-depth at some of the certificates on Keychain, and their scope etc.
ste22io wrote:
That's not really what I'm asking.
yeah, I still don’t know what you’re asking.
I doubt anyone here cares, and for the most part since we don’t work for Apple, have no idea why any of this exists. You should start a conversation with Apple themselves.
I’ve noticed that my Mac does Mobile activation whenever I re-install or update the Operating System. Above picture
It’s important because typically that’s reserved for MDM or System managed machines and this is my personal computer.
Ive also noticed that the Open Directory state is turned on or online during a Mac install on my machine. That’s Mac Active Directory borrowed from Windows.
Do u know whether the home folder in ur computer is online by default?
I thought Active Directory was disabled by default on Macs
Another thing I’ve noticed is the HTTP links inside some certificates in the Keychain App
Pic above
Anyone else seen links inside the certificates? Just wanted to make sure I’m not the only one.
Also SSH credentials on /etc/ssh folder installed by default
Anyone else got them?
So just wanted to make sure all
these things are part of a Mac system setup and that I’m not alone
-links on Keychain certificates (pic)
-Mobile activation folder under
-SSH certificates under etc/ssh
-home folder online n mounted
The last one on the terminal type df.
It’ll return a list of 4 or 5 and it is the last one. Or diskutility info disk # command
Stefano9909 wrote:
I’ve noticed that my Mac does Mobile activation whenever I re-install or update the Operating System. Above picture
I don’t see anything in your screenshots, indicating any form of mobile activation. The only thing I see is a standard folder that’s on every macOS installation.
Do u know whether the home folder in ur computer is online by default?
there is no online home folder, unless you actually bind to an active directory.
Nothing in your screenshot indicates you have somehow bound your Mac to active directory.
Another thing I’ve noticed is the HTTP links inside some certificates in the Keychain App
Pic above
Anyone else seen links inside the certificates? Just wanted to make sure I’m not the only one.
Yes, everyone who has bothered to open a certificate.
Also SSH credentials on /etc/ssh folder installed by default
Anyone else got them?
So just wanted to make sure all
these things are part of a Mac system setup and that I’m not alone
-links on Keychain certificates (pic)
-Mobile activation folder under
-SSH certificates under etc/ssh
-home folder online n mounted
again, there’s nothing in your screenshots that show an online mounted home
I found this file yesterday
Plus, I’m constantly getting phishing emails directly linked to activities I do on my computer.
Even text messages. Got one pretending to be from Halifax bank a day after I was using my online account in this computer.
So re installed everything and got another one. An email this telling me there was a problem with a bank transfer and to click on a link
I knew better but the thing is it happened a day after I visited a place.
Stefano9909 wrote:
I found this file yesterday
Plus, I’m constantly getting phishing emails directly linked to activities I do on my computer.
Even text messages. Got one pretending to be from Halifax bank a day after I was using my online account in this computer.
So re installed everything and got another one. An email this telling me there was a problem with a bank transfer and to click on a link
I knew better but the thing is it happened a day after I visited a place.
How did you get to the bank website?
You should only use a separate private browser window for any online financial transactions. Regular browser windows share the same session. since they share the same session data, an attacker could execute a cross-site scripting attack by getting you to click on a link in a message or email.
I was on Mozilla or Google chrome
I believed my browser session was targeted using my own keychain certificates (the http links )
If you take into consideration the fact that Macs are shipped with a Server, then you have Open Directory/Active Directory, and SSH ready. That’s a perfect recipe for trouble: Browser in the middle/ Man in the middle sort of attack.
ste22io wrote:
I was on Mozilla or Google chrome
I believed my browser session was targeted using my own keychain certificates (the http links )
If you take into consideration the fact that Macs are shipped with a Server, then you have Open Directory/Active Directory, and SSH ready. That’s a perfect recipe for trouble: Browser in the middle/ Man in the middle sort of attack.
None of those are enabled and cannot be enabled remotely.
It’s got nothing to do with being enabled or not. Those are tools that function more like All Access Passes.
They just don’t work with the PHP/Apache server like the one pre-installed.
It only takes me 3 lines of code to setup a Node server that can take advantage of those same tools or even take advantage of the preinstall Active Directory.
All of the data already exists at /var/db/dslocal. Default passwords under /etc/passwords
Authentication for a user under etc/pamd, domain authentication at etc/ssh. Etc etc etc
But Most importantly to remember is that nowadays all computers boot EFI and you can easily do a remote boot with a system volume
Try bputil -e in recovery and it’ll show you the local and remote policy for your computer
Also anything outside of the operating system will persist a new installation so won’t even know when it happened
Stefano9909 wrote:
It’s got nothing to do with being enabled or not. Those are tools that function more like All Access Passes.
They just don’t work with the PHP/Apache server like the one pre-installed.
It only takes me 3 lines of code to setup a Node server that can take advantage of those same tools or even take advantage of the preinstall Active Directory.
All of the data already exists at /var/db/dslocal. Default passwords under /etc/passwords
Authentication for a user under etc/pamd, domain authentication at etc/ssh. Etc etc etc
But Most importantly to remember is that nowadays all computers boot EFI and you can easily do a remote boot with a system volume
Try bputil -e in recovery and it’ll show you the local and remote policy for your computer
Also anything outside of the operating system will persist a new installation so won’t even know when it happened
Now do it without physical access to the Mac.
Remote Management, Profiles installed, im4m corrupted files, iphone certificate and disk5 is shown as external when it’s not. So far it means i need to do some more research.
Why are you looking in that folder?
Yes, all of that is part of a default installation.
Is Mobile Activation a default activation mode in Mac OS X?
