Sky Hub syslogging to Mac OS

The standard issue Sky Broadband SR102 ADSL router includes the capability to send syslog messages to a remote host.

Unfortunately the plucky little SR102 doesn’t send syslog messages in entirely the right format (checked using ‘syslog -F raw’):

[ASLMessageID 303320877] [Time 1463491448] [TimeNanoSec 0] [Level 2]
 [PID 4294967295] [UID 4294967294] [GID 4294967294] [ReadGID 80] [Host
 1] [Sender 2016-05-17T14] [Facility daemon] [Message 24:08.000Z
 skyhub.ihr syslog - - [skySDID@32666 mac="7C4CA5D9E148"
 sn="A502141D002081"]  Administrator login successful from IP: .]

You can however still use Mac OS’s syslog daemon to receive these messages, but first you’ll need to enable the socket listener:

cd /System/Library/LaunchDaemons
sudo /usr/libexec/PlistBuddy -c "add :Sockets:NetworkListener dict"
sudo /usr/libexec/PlistBuddy -c "add :Sockets:NetworkListener:SockServiceName string syslog"
sudo /usr/libexec/PlistBuddy -c "add :Sockets:NetworkListener:SockType string dgram"

To restart the syslog daemon:

sudo launchctl unload /System/Library/LaunchDaemons/
sudo launchctl load /System/Library/LaunchDaemons/

Next go into the Sky Hub web interface, click on the Security tab (default admin credentials are admin / sky), select Logs and then enter the IP address of your Mac in the Syslog server address.

You can check for Sky Hub syslog entries in /var/log/system.log

To filter out the Sky Hub messages into a separate log file, add these two lines to /etc/asl.conf and then restart the syslog daemon again:

# Sky SR102 broadband router saved to skyhub.log
? [S= Message skyhub.ihr ] file skyhub.log mode=0640 format=bsd rotate=seq compress all_max=50M

The query-action rule tells syslogd to match on the “skyhub.ihr” substring in the Message key and then save those entries to /var/log/skyhub.log. The options are for log file rotation, retaining up to 50MB of files.

Typical Sky Hub log entries will include connection retraining, web interface logins and NTP synchronisations.

Re-signing iOS apps

I am occasionally presented with a packaged iOS .ipa archive by a third-party developer, which is intended for in-house distribution (using an Apple Developer Enterprise certificate), or for App Store distribution using a different developer account.

Re-signing is a quick and simple way of delivering an app when a developer won’t provide you with their Xcode project source from which to spin your own build.

I previously used the iReSign utility to accomplish this, but found that this wouldn’t work in all cases, in particular when the app includes linked frameworks or libraries (which results in errors such as “DYLD, Library not loaded“).

To solve this I wrote the shell script below. It takes an existing .ipa archive, embeds your own developer provisioning profile, replaces any existing code signatures and packages it again for distribution.

Please use with my compliments and leave a comment if this helps you out.

(Note: This script has a dependency on command line tools such as PlistBuddy and codesign, so you will likely need to install Apple’s Xcode developer tools)

Replace DEVCERT with the Common Name of your own Apple developer certificate.

# Re-sign an IPA with specified developer certificate (present in keychain)

DEVCERT="iPhone Distribution: Your Developer Cert Name"

if [ $# -eq 0 ]

  echo "Usage: $0 [app.ipa] [provprofile] [bundleid]"
  if [ ! -e "$SOURCEIPA" ]
    echo "Error: $SOURCEIPA not found"

  if [ ! -e "$MOBILEPROV" ]
    echo "Error: $MOBILEPROV not found"

  SIGNEDAPP=`echo $SOURCEIPA | awk -F".ipa" '{ printf ("%s-signed.ipa", $1) }'`
  unzip -qo "$SOURCEIPA" -d $TMPDIR
  APP=$(ls ${TMPDIR}/Payload/)

  if [ ! -z "$BUNDLEID" ]
     echo "Changing Bundle ID to ${BUNDLEID}";
     /usr/libexec/PlistBuddy -c "Set:CFBundleIdentifier $BUNDLEID" "${TMPDIR}/Payload/${APP}/Info.plist"

  cp "$MOBILEPROV" "${TMPDIR}/Payload/${APP}/embedded.mobileprovision"
  security cms -D -i "${TMPDIR}/Payload/${APP}/embedded.mobileprovision" > Entitlements_full.plist
  /usr/libexec/PlistBuddy -x -c 'Print:Entitlements' Entitlements_full.plist > Entitlements.plist
  echo "Re-signing with certificate: $DEVCERT"

  for folder in `find -d ${TMPDIR} \( -name "*.app" -or -name "*.appex" -or -name "*.framework" -or -name "*.dylib" \)`; do
    /usr/bin/codesign --continue -f -s "$DEVCERT" --entitlements "Entitlements.plist" "$folder"

  echo "Package the signed IPA"
  cd $TMPDIR
  zip -qry ../${SIGNEDAPP} *
  cd ..
  rm -rf $TMPDIR
  rm Entitlements_full.plist