A software developer has released an open-source app for the Mac that, when run with administrator privileges, dumps all the passwords belonging to other people currently logged on to the machine.
Within hours of the release of Keychaindump by Helsinki-based Juuso Salonen, other Mac experts were downplaying its significance. 'News flash, root can also format your hard drive, news at 11,' OS X serial hacker Charlie Miller wrote on Twitter, referring to the 'root' account that by definition has unfettered privileges in operating systems. 'Root is totally a dick, he stole my prom date in high school!' another exploit developer known as thegrugq responded.
Destiny 2 continues the long and winding story of Bungie's MMO shooter saga. Here's a plot refresher of everything that's happened to get you up to speed fast. Robot Bum for ModeSMixer2 is application that tracks airplanes and sends messages to Twitter or a webserver. Works on Windows, Linux and Mac OS X, using.NET Core. Liques/RobotBum. JetBot is an open-source AI project for makers, students and enthusiasts who are interested in learning AI and building fun applications. It’s easy to set up and use and is compatible with many popular accessories. Several interactive tutorials show you how to harness the power of AI to teach JetBot to follow objects, avoid collisions and more.
Their point is that the Keychaindump's ability to root out passwords isn't a vulnerability or even an oversight by Apple engineers. It's a necessary design with parallels that can be found in any advanced operating system, including Microsoft Windows and various distributions of Linux. Labeling it as a 'bug' or a 'vulnerability' is like claiming a meat slicer is flawed because it can saw through the finger of the person using it.
That said, Salonen's software and an accompanying blog post appear to be the first time anyone has documented the inner workings of the widely used Mac Keychain and released attack code built on those findings. Salonen says his app is 'far from perfect,' but he also says it 'seems to work well' at scouring the internal memory of Macs for the passcodes all currently logged-in account owners enter to access passwords stored on their personal keychains. And that includes the passcode for the root user.
'If I'm writing a virus, I will use this code,' said Rob Graham, who as CEO of penetration testing firm Errata Security regularly writes software exploits to test the security of his clients. 'We've always known it's possible. It's just a matter of someone actually writing code for that part of the keychain.'
One application for such code would be for malware writers who want to collect as much information as possible on the people using a targeted Mac. By dumping the entire contents of a user's keychain, the passwords for virtually every WiFi network, e-mail account, and website account are quickly in the hands of the attacker. With the rise of the Flashback malware that infected an estimated 650,000 Macs or new strains of Mac-based espionage trojans targeting Chinese dissidents, it's not hard to imagine code like Salonen's being employed to give them powerful new capabilities.
AdvertisementWhat's more, the password extraction method is significantly faster than attempting to brute-force crack a strong account password. That's because OS X stores account passwords using the PBK2F2 key derivation function, which, as Ars recently explained, was designed to thwart cracking attacks by requiring large amounts of time and computing resources to convert plaintext into cryptographic hashes.
'Encrypted many times over,' in 'Russian-doll fashion'
According to Salonen, keychain files are 'encrypted many times over' in a fashion similar to the way one Russian doll fits inside the next. The OS X system uses a variety of keys, including one derived from the account password belonging to the user who owns the password keychain. Once a user has unlocked that list, the password is converted into a 24-byte master key and stored in a part of computer memory reserved for a security process known as 'securityd.' With a little more research, the developer found a common structure in this memory region that points to the master key. It contains an 8-byte size field with the value of '0x18 (24 in hex).'
Keychaindump uses what's known as pattern recognition to search for the pointer and then test the following value to see if it's a master key. A Master key will reveal an intermediate key called a 'wrapping key.' Using a hard-coded 'obfuscation key,' the wrapping key in turn reveals an encrypted 'credential key,' which, at last, reveals the user's plaintext password. Salonen credited fellow developer Matt Johnston for the research into the decryption steps.
Running the code produced the following output, where actual passwords and usernames were replaced with x's:
As we made clear earlier in this post, there's no vulnerability here. Aside from following longstanding security advice to use lower-privileged accounts whenever possible and log out of those accounts when they're not in use, there's not much anyone can do to prevent these types of attacks. Update: Salonen points out in his blog post users can take additional steps to lock and unlock their keychain; Apple has more here.
None of this, however, means Salonen's app, which runs on OS X Lion and Mountain Lion, isn't of value, either to black-hat hackers or the white-hats who work to stop them.
Post updated to add sentence about locking and unlocking keychain.
This is the home page of the textbook 'Modern Robotics: Mechanics, Planning, and Control,' Kevin M. Lynch and Frank C. Park, Cambridge University Press, 2017, ISBN 9781107156302. Purchase the hardback through Amazonor through Cambridge University Press, or check out the free preprint version below.
New! You can purchase the Chinese translation of the book.
From the foreword:
'Frank and Kevin have provided a wonderfully clear and patient explanation of their subject.' Roger Brockett, Harvard University
'Modern Robotics imparts the most important insights of robotics ... with a clarity that makes it accessible to undergraduate students.' Matthew T. Mason, Carnegie Mellon University
From the IEEE Control Systems Magazine book review:
'It is the pedagogical strength of this book that concepts from Lie group theory (which form the building blocks of modern kinematics) are presented in a way that will appeal to undergraduate students as well as to researchers and roboticists in general. ... For some time, this approach was deemed too complicated to be taught in undergraduate robotics classes. However, this book by Lynch and Park should change the conventional wisdom on this issue. ... With its consolidated modern approach, Modern Robotics is destined to become a classic in the field.' Andreas Mueller, Johannes Kepler University, Austria
Contents |
Book, Practice Exercises, and Linear Algebra Review
Purchase the hardback through Amazonor through Cambridge University Press, or check out the free preprint version below. You can also purchase the Chinese version of the book.
The current version of the book is the updated first edition (online preprint dated December 2019, printed published version from Cambridge marked '3rd printing 2019' or later). The updated first edition (also referred to as 'version 2') includes several corrections and minor additions to the original first edition (first published in May 2017).
This book is the result of course notes developed over many years for the course M2794.0027 Introduction to Robotics at Seoul National University and ME 449 Robotic Manipulation at Northwestern University. The evolving course notes have been posted on the internet for years to support these classes.
The for-purchase version of the book from Cambridge University Press has improved layout and typesetting, updated figures, different pagination (and fewer pages), and more careful copyediting, and it is considered the 'official' version of the book. But the online preprint version of the book has the same chapters, sections, and exercises, and it is quite close in content to the Cambridge-published version.
We are posting four versions of the book. All versions have exactly the same contents and pagination. They differ only in the sizes of the margins and the size of the print, as manipulated in Adobe Acrobat after latex'ing. Two of the versions have working hyperlinks for navigating the book on your computer or tablet.
With working hyperlinks. (To navigate the book using the hyperlinks, click on the hyperlink. To go back where you came from, choose the button or keystroke appropriate to your pdf reader. For example, on the Mac with Acrobat or Acrobat Reader, use cmd-left arrow. With Preview on the Mac, use cmd-[. Some readers on other operating systems use alt-left arrow. You can google to see which solution works for your pdf reader.)
- Default 8.5x11 or A4 version. Printable version with 10 pt font and large margins.
- Tablet version. Margins have been eliminated so that no space is wasted when viewing the document on a computer or tablet.
Printable versions without working hyperlinks.
- Large font 8.5x11 or A4 version. Printable version with 12 pt font equivalent and smaller margins than the 10 pt default version.
- 2up version. Printable version with 2 book pages per page, for saving paper if you have good eyes. Approximately 8.5 pt font equivalent.
These files have been compressed to about 7 MB. Let us know if you have any problems reading them. Please note that some versions of the default Mac OS X pdf reader, Preview, are known to have bugs displaying certain images in pdf files. If a figure is not appearing properly, please try a better pdf viewer, like Acrobat Reader.
Table of Contents:
- Preview
- Configuration Space
- Rigid-Body Motions
- Forward Kinematics
- Velocity Kinematics and Statics
- Inverse Kinematics
- Kinematics of Closed Chains
- Dynamics of Open Chains
- Trajectory Generation
- Motion Planning
- Robot Control
- Grasping and Manipulation
- Wheeled Mobile Robots
- Appendix A. Summary of Useful Formulas
- Appendix B. Other Representations of Rotations
- Appendix C. Denavit-Hartenberg Parameters
Jumper: Rise Of Robots Mac Os 11
- Appendix D. Optimization and Lagrange Multipliers
Practice Exercises and Linear Algebra Review
- Practice exercises
- Practice exercises to give you more experience with the material. These practice exercises come with solutions, since Cambridge makes the end-of-chapter solutions available to instructors only.
- 2017 exams from Seoul National University, with solutions.
- 2018 exams from Seoul National University, with solutions.
- 2019 exams from Seoul National University, with solutions.
- 2020 exams from Seoul National University, with solutions.
Videos
- Click here to watch the video lectures embedded in a convenient viewing environment.
- Click here if you prefer to watch the videos within the YouTube environment.
Videos are made with Northwestern's Lightboard. We have used this tool in the past to make the mechatronics videos at http://nu32.org.
You can see an excellent collection of robotics videos at the Springer Handbook of Robotics Multimedia Extension. Also check out the Robot Academy at Queensland University of Technology.
Slides for Classroom or Online Teaching
You can download summary slides for classroom teaching, covering much of the material in Chapters 2, 3, 4, 5, 6, 8, 9, 11, and 13. (In my current class, I (Lynch) do not have time to cover any material from Chapters 7, 10, and 12, nor parts of the material from Chapters 8, 11, and 13.) These slides are summaries only, leaving out full derivations, and they are used in class after students have watched the videos on their own time. (In my class, students also complete lecture comprehension problems on Coursera before attending the live class.)
I project the slides in powerpoint and write on them using powerpoint's 'Draw' function and a Wacom One tablet during class. Writing on the slides helps with pacing and makes the class more interactive. In the first part of class I review the material from the videos and reading, perhaps asking questions of the whole class. At the end of most slide decks, there are rather simple conceptual problems for small-group discussion. No computers or difficult calculation needed. These discussions, which may take place via breakout rooms on Zoom, are to encourage student engagement with the material. After the small-group discussions, we reconvene to share our answers.
Each slide deck is meant to roughly correspond to one 50-minute class, but some classes have more material than others. In some classes, more discussion time would be helpful. In others, class ends a bit early.
The slides are available in two formats, pdf and powerpoint. For each format, there are 'original' slides and 'edited' slides. I distribute the 'original' slides as pdfs to the students in advance of class, and I write on these slides (in powerpoint) during class to produce the 'edited' slides. If you decide to use the slides this way, you can look at the 'edited' versions of the slides for ideas of what you could write on the 'original' slides.
Before class, I add translucent white boxes (95% opacity) to cover up some of the material on particularly busy slides. Then, as I teach, I delete the white boxes when it is time to discuss that material. Covering up material that we are not yet discussing helps students focus on the parts of the slide I am currently talking about. I prefer this alternative to the option of turning a single busy slide into a several-slide sequence, giving the final file an artificially large number of pages.
Solution Manual
If you are an instructor, you can obtain a copy of the exercise solutions from Cambridge University Press. Go to the 'Resources' section of the Cambridge University Press webpage for the book.
Prerequisites
This book was written to be accessible to engineering students after taking typical first-year engineering courses. The student should have an understanding of:
- freshman-level physics, including f = ma; free-body diagrams with masses, springs, and dampers; vector forces; and vector torques (or moments) as the cross product of a distance vector and a force;
- linear algebra, including matrix operations, positive definiteness of a matrix, determinants, complex numbers, eigenvalues, and eigenvectors;
- some calculus, derivatives, and partial derivatives; and
- basic linear ordinary differential equations.
The student should also be prepared to program, but only basic programming skills are needed. Code is provided in python (freely available), MATLAB (for purchase, or you could use the freely available GNU Octave clone), and Mathematica (for purchase), so those languages are preferred.
Errata
Software
The software accompanying the book is written in Mathematica, MATLAB, and Python. It is written to be educational and to reinforce the concepts in the book, not to be as computationally efficient or robust as possible.
Jumper: Rise Of Robots Mac Os Catalina
The origin of the software is student solutions to homework exercises. A major update was committed in January 2017, correcting some bugs in the earlier version.
Simulation
We have found the CoppeliaSim robot simulation environment (formerly known as V-REP) to be a valuable learning tool accompanying the book. It is free for educational use and cross platform. In ME 449 at Northwestern, we use it to experiment with the kinematics of different robots and to animate solutions to inverse kinematics, dynamic simulations, and controllers.
Jumper: Rise Of Robots Mac Os 8
This page gets you started with CoppeliaSim quickly.
This page provides 'scenes' that allow you to interactively explore the kinematics of different robots (e.g., the Universal Robots UR5 6R robot arm and the KUKA youBot mobile manipulator) and to animate trajectories that are the results of exercises in chapters on kinematics, dynamics, and control.
Online Courses
Modern Robotics is now available as a MOOC (massive open online course) Specialization on Coursera!
This is a link to the Specialization home page. The Specialization consists of six short courses, each expected to take approximately four weeks of approximately five hours of effort per week:
This page collects together some of the supplemental material used in the Coursera MOOCs.
The material in Modern Robotics also forms the basis for two edX online courses. These courses were created before the book was finished, so some of the notation used is a bit different from that used in the book.
Using the Online Course Materials in a Traditional Classroom Course
If you are using the book in a traditional university setting, you can ask your students to sign up for the relevant courses on Coursera (see above). They can audit the courses, so they don't have to pay. They will have access to the video lectures and to the video comprehension questions that follow each video lecture. They will also have access to discussion forums. (They won't have access to graded tests and peer-graded assignments, which require paying the Coursera fee.) If students watch the videos and do the reading before class, you can spend class time working on example problems, homework problems, or discussing points where confusion arises, rather than delivering a traditional lecture.
Supplemental Information
- UR5 parameters you can use for dynamic simulations (note: the values are not exact, and do not account for the effect of gearing at the joints)
- The UR5 URDF file from Chapter 4 of the book (.pdf format or .txt format). For learning purposes only, not actual use; it contains only kinematic and inertial properties, and does not fully account for the effects of gearing. This file is based on the UR5 URDF from the ROS-Industrial team.
- Peter Corke's excellent Robotics Toolbox for MATLAB and other robotics software linked to from his site.
- Open-source software for time-optimal time scaling (Chapter 9.4), courtesy of Quang-Cuong Pham.
About the Authors
Kevin M. Lynch is Professor and Chair of the Mechanical Engineering Department at Northwestern University. He is director of the Center for Robotics and Biosystems and a member of the Northwestern Institute on Complex Systems. His research focuses on dynamics, motion planning, and control for robot manipulation and locomotion; self-organizing multi-agent systems; and physically interacting human-robot systems.
He is Editor-in-Chief of the IEEE Transactions on Robotics, former Editor-in-Chief of the IEEE International Conference on Robotics and Automation Conference Editorial Board, and a former Editor of the IEEE Transactions on Robotics, the IEEE Robotics and Automation Letters, and the IEEE Transactions on Automation Science and Engineering. He is a co-author of The Principles of Robot Motion (MIT Press, 2005) and Embedded Computing and Mechatronics with the PIC32 Microcontroller (Elsevier, 2015), an IEEE fellow, and the recipient of the IEEE Early Career Award in Robotics and Automation, Northwestern's Professorship of Teaching Excellence, and the Northwestern Teacher of the Year award in engineering. He earned a BSE in Electrical Engineering from Princeton University and a PhD in Robotics from Carnegie Mellon University.
Frank C. Park received his BS in electrical engineering from MIT and his PhD in applied mathematics from Harvard University. From 1991 to 1995 he was assistant professor of mechanical and aerospace engineering at the University of California, Irvine. Since 1995 he has been professor of mechanical and aerospace engineering at Seoul National University, where he is currently chair of the department. His research interests are in robot mechanics, planning and control, vision and image processing, and related areas of applied mathematics. He has been an IEEE Robotics and Automation Society Distinguished Lecturer, and received best paper awards for his work on visual tracking and parallel robot design. He has served on the editorial boards of the Springer Handbook of Robotics, Springer Advanced Tracts in Robotics (STAR), Robotica, and the ASME Journal of Mechanisms and Robotics. He has held adjunct faculty positions at the HKUST Robotics Institute, NYU Courant Institute, and the Interactive Computing Department at Georgia Tech. In 2014 he received the Seoul National University Teaching Excellence Award. He is a fellow of the IEEE, former Editor-in-Chief of the IEEE Transactions on Robotics, and developer of the edX courses Robot Mechanics and Control I, II.
Mechatronics
Modern Robotics is written at the system level: you learn about the kinematics, dynamics, motion planning, and control of an entire robot system. If you would like to learn more about the details of implementation, e.g., joint-level feedback control, driving motors (including brushed, brushless, steppers, and servos), gearing, sensors, signal processing, etc., check out Embedded Computing and Mechatronics by Lynch, Marchuk, and Elwin, Elsevier 2015.