Repository: l1k/osxparanoia
Branch: master
Commit: 47a22e7de7b0
Files: 6
Total size: 25.8 KB
Directory structure:
gitextract_rfuw5xv1/
├── README.md
├── disabled-services
├── hosts
├── pf.conf
├── pf.hardcoded
└── sysctl.conf
================================================
FILE CONTENTS
================================================
================================================
FILE: README.md
================================================
## Preventing OS X from phoning home to Cupertino
### Why
* When you're pentesting, you want your machine to stay absolutely quiet.
* When you're booked into a public wifi, eavesdroppers may glean personal information from traffic inadvertantly generated by your machine. (Some of the hardcoded URLs use unencrypted http.)
* If you're a dissident, your whereabouts may be revealed and you may not even know it.
### How
* I searched the entire OS X Mavericks base installation for hardcoded URLs and IP addresses. The domain names used in the URLs are hardwired to 127.0.0.1 in `/etc/hosts`. The IP addresses are natted to 127.0.0.1 in `/etc/pf.conf`. A number of LaunchAgents, LaunchDaemons, UserEventPlugins plus all Dashboard Widgets should be disabled by moving them to, say, `/root/disabled/`. Those are listed in `disabled-services`.
* Edit `/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist` and add the undocumented option `-NoMulticastAdvertisements`.
* Disable Dashboard: `defaults write com.apple.dashboard mcx-disabled -boolean YES && killall Dock`
* Disable some IPv6 features of dubious merit in `/etc/sysctl.conf`.
### Caution
* This is for Mavericks, not Yosemite.
* It will yield a machine that stays quiet when connected to a network but at the expense of convenience features like push notifications. Also, the log files will show a few error messages because of unavailable services.
* Several services regularly contact www.apple.com to check for network connectivity. Thus, www.apple.com is blacklisted in `/etc/hosts`. Comment out manually whenever you want to browse that website.
* When connected to a wifi, the machine will regularly send EAPOL packets which cannot be disabled because OS X cannot packet filter on Layer 2. (`pfctl(8)` only filters on layer 3 and upwards and `ipfw(8)` doesn't work either.)
* OS X stores wifi passwords in NVRAM. This is apparently used by Internet Recovery. Thus, whenever your machine is stolen or lent to someone else, consider your wifi passwords compromised, regardless if the disk was encrypted. It seems that FindMyMacd clears the NVRAM if the machine was stolen but this is not safe: FindMyMacd itself is apparently controlled by NVRAM variables and a thief may change these to disable it. Wifi passwords can be retrieved from NVRAM like this:
```
/usr/libexec/airportd readNVRAM
/usr/sbin/nvram 36C28AB5-6566-4C50-9EBD-CBB920F83843:current-network
/usr/sbin/nvram 36C28AB5-6566-4C50-9EBD-CBB920F83843:preferred-networks
/usr/sbin/nvram 36C28AB5-6566-4C50-9EBD-CBB920F83843:preferred-count
```
Note: This does not work anymore since High Sierra.
Note: Deauthing your device from your AppleID will clear the NVRAM for you.
### Ideas for further hacks
* Use a proxy on the local machine to MitM or spoof traffic to Cupertino.
================================================
FILE: disabled-services
================================================
/System/Library/InternetAccounts/*
/System/Library/LaunchAgents/com.apple.syncdefaultsd.plist
/System/Library/LaunchAgents/com.apple.AddressBook.SourceSync.plist
/System/Library/LaunchAgents/com.apple.AOSPushRelay.plist
# tests reachability of www.apple.com
/System/Library/LaunchAgents/com.apple.CalendarAgent.plist
/System/Library/LaunchAgents/com.apple.CalendarAgentLauncher.plist
/System/Library/LaunchAgents/com.apple.EscrowSecurityAlert.plist
/System/Library/LaunchAgents/com.apple.IMLoggingAgent.plist
/System/Library/LaunchAgents/com.apple.ManagedClient.agent.plist
/System/Library/LaunchAgents/com.apple.ManagedClient.enrollagent.plist
/System/Library/LaunchAgents/com.apple.Maps.pushdaemon.plist
/System/Library/LaunchAgents/com.apple.SocialPushAgent.plist
/System/Library/LaunchAgents/com.apple.aos.migrate.plist
/System/Library/LaunchAgents/com.apple.appstoreupdateagent.plist
/System/Library/LaunchAgents/com.apple.apsctl.plist
/System/Library/LaunchAgents/com.apple.bookstoreagent.plist
/System/Library/LaunchAgents/com.apple.cmfsyncagent.plist
/System/Library/LaunchAgents/com.apple.coreservices.appleid.authentication.plist
/System/Library/LaunchAgents/com.apple.findmymacmessenger.plist
/System/Library/LaunchAgents/com.apple.gamed.plist
/System/Library/LaunchAgents/com.apple.icbaccountsd.plist
/System/Library/LaunchAgents/com.apple.icloud.AOSNotificationAgent.plist
/System/Library/LaunchAgents/com.apple.icloud.AOSNotificationLoginAgent.plist
/System/Library/LaunchAgents/com.apple.identityservicesd.plist
/System/Library/LaunchAgents/com.apple.imagent.plist
/System/Library/LaunchAgents/com.apple.librariand.plist
/System/Library/LaunchAgents/com.apple.mbloginhelper.user.plist
/System/Library/LaunchAgents/com.apple.mbpluginhost.user.plist
/System/Library/LaunchAgents/com.apple.maspushagent.plist
/System/Library/LaunchAgents/com.apple.mdmclient.agent.plist
/System/Library/LaunchAgents/com.apple.mdmclient.cloudconfig.agent.plist
/System/Library/LaunchAgents/com.apple.quicklook.config.plist
/System/Library/LaunchAgents/com.apple.safaridavclient.plist
/System/Library/LaunchAgents/com.apple.sbd.plist
/System/Library/LaunchAgents/com.apple.security.cloudkeychainproxy.plist
/System/Library/LaunchAgents/com.apple.security.keychain-circle-notification.plist
/System/Library/LaunchAgents/com.apple.sharingd.plist
/System/Library/LaunchAgents/com.apple.store_helper.plist
/System/Library/LaunchAgents/com.apple.storeagent.plist
/System/Library/LaunchAgents/com.apple.syncservices.SyncServer.plist
/System/Library/LaunchAgents/com.apple.syncservices.uihandler.plist
/System/Library/LaunchAgents/com.apple.ubd.plist
/System/Library/LaunchAgents/com.apple.wifi.WiFiKeychainProxy.plist
/System/Library/LaunchAgents/com.apple.accountsd.plist
/System/Library/LaunchDaemons/com.apple.apsd.plist
/System/Library/LaunchDaemons/com.apple.AOSNotificationOSX.plist
/System/Library/LaunchDaemons/com.apple.FileSyncAgent.sshd.plist
/System/Library/LaunchDaemons/com.apple.ManagedClient.cloudconfigurationd.plist
/System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist
/System/Library/LaunchDaemons/com.apple.ManagedClient.plist
/System/Library/LaunchDaemons/com.apple.ManagedClient.startup.plist
/System/Library/LaunchDaemons/com.apple.awacsd.plist
/System/Library/LaunchDaemons/com.apple.coreservices.appleid.passwordcheck.plist
/System/Library/LaunchDaemons/com.apple.eapolcfg_auth.plist
/System/Library/LaunchDaemons/com.apple.familycontrols.plist
/System/Library/LaunchDaemons/com.apple.findmymac.plist
/System/Library/LaunchDaemons/com.apple.findmymacmessenger.plist
/System/Library/LaunchDaemons/com.apple.iCloudStats.plist
/System/Library/LaunchDaemons/com.apple.laterscheduler.plist
/System/Library/LaunchDaemons/com.apple.locationd.plist
/System/Library/LaunchDaemons/com.apple.mbicloudsetupd.plist
/System/Library/LaunchDaemons/com.apple.mdmclient.daemon.plist
/System/Library/LaunchDaemons/com.apple.msrpc.echosvc.plist
/System/Library/LaunchDaemons/com.apple.msrpc.lsarpc.plist
/System/Library/LaunchDaemons/com.apple.msrpc.mdssvc.plist
/System/Library/LaunchDaemons/com.apple.msrpc.netlogon.plist
/System/Library/LaunchDaemons/com.apple.msrpc.srvsvc.plist
/System/Library/LaunchDaemons/com.apple.msrpc.wkssvc.plist
# will listen to ports 137, 138 even if turned off in Sharing PrefPane
/System/Library/LaunchDaemons/com.apple.netbiosd.plist
/System/Library/LaunchDaemons/com.apple.preferences.timezone.admintool.plist
/System/Library/LaunchDaemons/com.apple.preferences.timezone.auto.plist
/System/Library/LaunchDaemons/com.apple.remotepairtool.plist
/System/Library/LaunchDaemons/com.apple.rpmuxd.plist
/System/Library/LaunchDaemons/com.apple.security.FDERecoveryAgent.plist
# this one is getting on my nerves
/System/Library/LaunchAgents/com.apple.TMHelperAgent.SetupOffer.plist
/System/Library/UserEventPlugins/AutoTimeZone.plugin
/System/Library/UserEventPlugins/BTMMPortInUseAgent.plugin
/System/Library/UserEventPlugins/CaptiveSystemAgent.plugin
/System/Library/UserEventPlugins/CaptiveUserAgent.plugin
/System/Library/UserEventPlugins/EAPOLMonitor.plugin
/System/Library/UserEventPlugins/LocationMenu.plugin
/System/Library/UserEventPlugins/com.apple.locationd.events.plugin
/System/Library/UserEventPlugins/com.apple.reachability.plugin
# new with 10.9.3
/System/Library/LaunchAgents/com.apple.appleseed.seedusaged.plist
/System/Library/LaunchDaemons/com.apple.appleseed.fbahelperd.plist
================================================
FILE: hosts
================================================
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
#
127.0.0.1 www.apple.com
17.171.8.17 crl.apple.com
17.146.232.12 swscan.apple.com # SoftwareUpdate.framework
# 127.0.0.1 qa2-int-swscan.apple.com # SoftwareUpdate.framework
# 127.0.0.1 swcdnlocator.apple.com # SoftwareUpdate.framework
127.0.0.1 validation.isu.apple.com # SoftwareUpdate.framework
# 127.0.0.1 help.apple.com # HelpData.framework
# 127.0.0.1 helpqt.apple.com # HelpData.framework
# 127.0.0.1 helposx.apple.com # HelpData.framework
# 127.0.0.1 support.apple.com # HelpData.framework
# 127.0.0.1 lookup-api.apple.com # Lookup.framework
# 127.0.0.1 pubsbuild.apple.com # docsetinstalld
# 127.0.0.1 extensions.apple.com # Safari.framework
# 127.0.0.1 stage-extensions.apple.com # Safari.framework
# 127.0.0.1 plugins.apple.com # Safari.framework
127.0.0.1 suggest.yandex.net # Safari.framework
127.0.0.1 suggestion.baidu.com # Safari.framework
127.0.0.1 api.bing.com # Safari.framework
127.0.0.1 sugg.search.yahoo.net # Safari.framework
# 127.0.0.1 userpub.itunes.apple.com # iBooks.app
# 127.0.0.1 vocabulary.itunes.apple.com # iBooks.app
# 127.0.0.1 gcsp.clb.cddbp.net # iTunes.app
# 127.0.0.1 gcsp.cddbp.net # iTunes.app
127.0.0.1 members.mac.com # iTunes.app
127.0.0.1 members.me.com # iTunes.app
127.0.0.1 safebrowsing.clients.google.com # iTunes.app
127.0.0.1 nikerunning.nike.com # iTunes.app
127.0.0.1 s.mzstatic.com # iTunes.app
127.0.0.1 ax.itunes.apple.com # iTunes.app
127.0.0.1 limit.itunesu.com # iTunes.app
127.0.0.1 configuration.apple.com
127.0.0.1 iforgot.apple.com
127.0.0.1 identity.apple.com # AppleIDAuthAgent
127.0.0.1 appleid.apple.com # Accounts.prefPane
127.0.0.1 reg1.apple.com # Setup Assistant.app
127.0.0.1 littlebuddy.apple.com # Setup Assistant.app
127.0.0.1 iadsdk.apple.com # iAdCore.framework
127.0.0.1 gil.apple.com # InternetAccounts.framework
127.0.0.1 fdereg.apple.com # Security.framework
127.0.0.1 timestamp.apple.com # Security.framework
127.0.0.1 init-p01st.push.apple.com # ApplePushService.framework
127.0.0.1 init-s01st.push.apple.com # ApplePushService.framework
127.0.0.1 albert.apple.com # ApplePushService.framework
127.0.0.1 www.me.com # AOSKit.framework
127.0.0.1 setup.icloud.com # AOSKit.framework
127.0.0.1 icloud.com # AOSKit.framework
127.0.0.1 init.ess.apple.com # IMFoundation.framework
127.0.0.1 init-p01md.apple.com # IMFoundation.framework
127.0.0.1 scento.apple.com # Install.framework
127.0.0.1 mac-services.apple.com # MailCore.framework
127.0.0.1 idisk.mac.com # OSServices.framework
127.0.0.1 validation.apple.com # PrintingPrivate.framework
127.0.0.1 qtpartners.apple.com # RTCReporting.framework
127.0.0.1 public.me.com # ScreenReader.framework
127.0.0.1 pm-members.mac.com # btmmdiagnose
127.0.0.1 marimba.apple.com # Slideshows.framework
127.0.0.1 gsp2.apple.com # Slideshows.framework
127.0.0.1 porco.apple.com # StoreUI.framework
127.0.0.1 iprofiles.apple.com # cloudconfigurationd
127.0.0.1 suconfig.apple.com # cloudconfigurationd
127.0.0.1 radarsubmissions.apple.com # SubmitDiagInfo
127.0.0.1 messagetracer-whitelist.apple.com # SubmitDiagInfo
127.0.0.1 speedtracer.apple.com # Problem Reporter.app
127.0.0.1 tracerx-radars.apple.com # Problem Reporter.app
127.0.0.1 icalserver.apple.com # ManagedClient.app
127.0.0.1 bugreport.apple.com # IMLoggingAgent
127.0.0.1 1-courier.push.apple.com # IMLoggingAgent
127.0.0.1 2-courier.push.apple.com # IMLoggingAgent
127.0.0.1 6-courier.push.apple.com # IMLoggingAgent
127.0.0.1 init.itunes.apple.com # CommerceKit.framework
127.0.0.1 ax.init.itunes.apple.com # CommerceKit.framework
127.0.0.1 phobos.apple.com # CommerceKit.framework
127.0.0.1 sandbox.itunes.apple.com # CommerceKit.framework
127.0.0.1 static.gc.apple.com # GameKit.framework
127.0.0.1 sandbox.gc.apple.com # GameKit.framework
127.0.0.1 td1.apple.com # GameKit.framework
127.0.0.1 z2r0y.apple.com # GameKit.framework
127.0.0.1 td2.apple.com # GameKit.framework
127.0.0.1 df6ed.apple.com # GameKit.framework
127.0.0.1 td3.apple.com # GameKit.framework
127.0.0.1 cp7vi.apple.com # GameKit.framework
127.0.0.1 td4.apple.com # GameKit.framework
127.0.0.1 gz8rm.apple.com # GameKit.framework
127.0.0.1 link.gc.apple.com # GameKit.framework
127.0.0.1 init.gc.apple.com # GameKit.framework
127.0.0.1 redcarpet.apple.com # HelpViewer.app
127.0.0.1 static.ips.apple.com # Social.framework
127.0.0.1 internalcheck.apple.com # CrashReporterSupport.framework
127.0.0.1 guzzoni.apple.com # AssistantServices.framework
127.0.0.1 hello.connectivity.me.com # mDNSResponder
127.0.0.1 gateway.push.apple.com # emond
127.0.0.1 push.apple.com # networkd
127.0.0.1 gsp9-ssl.apple.com # locationd
127.0.0.1 gsp10-ssl.apple.com # locationd
127.0.0.1 gsp10-ssl.apple.com.com # locationd
127.0.0.1 gs-loc.apple.com # locationd
127.0.0.1 iphone-ld.apple.com # locationd
127.0.0.1 cl-dev.apple.com # locationd
127.0.0.1 cl2.apple.com # locationd
127.0.0.1 cl3.apple.com # locationd
127.0.0.1 gspa35-ssl.ls.apple.com # GeoServices.framework
127.0.0.1 gsp-ssl.ls.apple.com # GeoServices.framework
127.0.0.1 gspa21.ls.apple.com # GeoServices.framework
127.0.0.1 gsp1.apple.com # GeoServices.framework
127.0.0.1 gsps36.ls.apple.com # GeoServices.framework
127.0.0.1 gs.apple.com # MobileDevice.framework
127.0.0.1 appleconnect.apple.com # MobileDevice.framework
127.0.0.1 sso.corp.apple.com # MobileDevice.framework
127.0.0.1 lookup-api.apple.com # Dictionary.app
127.0.0.1 copyfight.corante.com # CaptiveSystemAgent.plugin
127.0.0.1 apsu.apple.com # AirPort Utility.app
127.0.0.1 apfw.apple.com # AirPort Utility.app
127.0.0.1 metrics.apple.com # App Store.app
127.0.0.1 wu-calculator.apple.com # Calculator.app
127.0.0.1 icalbridge.apple.com # Calendar.app
127.0.0.1 feedback.apple.com # Mail.app
127.0.0.1 manifest2.inn.rdca.ls.apple.com # Maps.app
127.0.0.1 slogin.oscar.aol.com # Messages.app
127.0.0.1 api.oscar.aol.com # Messages.app
127.0.0.1 gdata.youtube.com # QuickTime Player.app
127.0.0.1 uploads.gdata.youtube.com # QuickTime Player.app
127.0.0.1 maps.apple.com # QuickTime Player.app
127.0.0.1 depot.info.apple.com # System Information.app
127.0.0.1 iclab.apple.com # QuickTime Plugin.plugin
127.0.0.1 aolauth.icloud.com # AIM.imservice
127.0.0.1 aolauthtest.icloud.com # AIM.imservice
127.0.0.1 api.screenname.aol.com # AIM.imservice
127.0.0.1 startpage.aol.com # AIM.imservice
127.0.0.1 my.screenname.aol.com # AIM.imservice
127.0.0.1 api.login.aol.com # AIM.imservice
127.0.0.1 developer.aim.com # AIM.imservice
127.0.0.1 login.oscar.aol.com # AIM.imservice
127.0.0.1 ars.oscar.aol.com # AIM.imservice
127.0.0.1 aimhttp.oscar.aol.com # AIM.imservice
127.0.0.1 talk.google.com # Jabber.impreferencepane
127.0.0.1 msg.yahoo.com # Yahoo.imserviceplugin
127.0.0.1 api.login.yahoo.com # Yahoo.imserviceplugin
127.0.0.1 login.yahoo.com # Yahoo.imserviceplugin
127.0.0.1 developer.messenger.yahooapis.com # Yahoo.imserviceplugin
127.0.0.1 displayimage.messenger.yahooapis.com # Yahoo.imserviceplugin
127.0.0.1 ftrelay.messenger.yahooapis.com # Yahoo.imserviceplugin
127.0.0.1 attwifi.apple.com # CaptiveNetworkSupport
127.0.0.1 proddav.apple.com # iWork.qlgenerator
127.0.0.1 rabat.apple.com # iWork.qlgenerator
127.0.0.1 members.btmm.icloud.com # Shared Screen Viewer.app
127.0.0.1 idisk.me.com # webdav_fs.kext
127.0.0.1 contacts.icloud.com # AddressBook.framework
127.0.0.1 ink.apple.com # Print.framework
127.0.0.1 gir.apple.com # InstallerPlugins.framework
127.0.0.1 photocast.me.com # ScreenSaver.framework
127.0.0.1 gallery.me.com # WebCore.framework
127.0.0.1 tid.canon.com # PTPCamera.app
127.0.0.1 fmip.me.com # AOSNotification.framework
127.0.0.1 courier.sandbox.push.apple.com # apsd
127.0.0.1 courier.push.apple.com # apsd
127.0.0.1 sandbox.push.apple.com # apsd
127.0.0.1 trackingshipment.apple.com # DataDetectors.framework
127.0.0.1 event.apple.com # DataDetectors.framework
127.0.0.1 gsp17-ssl.apple.com # GeoServices.framework
127.0.0.1 gsp17-2-ssl.apple.com # GeoServices.framework
127.0.0.1 webservices.mac.com # ISSupport.framework
127.0.0.1 m3.mac.com # ISSupport.framework
127.0.0.1 iphonesubmissions.apple.com # AppleMobileDeviceHelper.app
127.0.0.1 iphonediags.apple.com # AppleMobileDeviceHelper.app
127.0.0.1 vinkjo8.apple.com # SetupAssistantSupport.framework
127.0.0.1 secure.me.com # SetupAssistantSupport.framework
127.0.0.1 turn.oscar.aol.com # VideoConference.framework
127.0.0.1 apple-mobile.query.yahooapis.com # WeatherKit.framework
127.0.0.1 api.wunderground.com # WeatherKit.framework
127.0.0.1 lookup.apple.com # WhitePages.framework
127.0.0.1 wu.apple.com # WidgetResources
127.0.0.1 wu-quotes.apple.com # WidgetResources
127.0.0.1 iphone-wu.apple.com # WidgetResources
127.0.0.1 wu-stocks.apple.com # WidgetResources
127.0.0.1 wu-charts.apple.com # WidgetResources
127.0.0.1 wu-converter.apple.com # WidgetResources
127.0.0.1 caldav.icloud.com # CalendarPersistence.framework
127.0.0.1 ical.mac.com # CalendarPersistence.framework
127.0.0.1 qtsoftware.apple.com # QuickTime.framework
127.0.0.1 quicktimepro.apple.com # QuickTime.framework
127.0.0.1 idmsauth-uat.corp.apple.com # Feedback Assistant.app
127.0.0.1 idmsa.apple.com # Feedback Assistant.app
127.0.0.1 appleconnect-uat.apple.com # Feedback Assistant.app
127.0.0.1 appleseed-stage.apple.com # Feedback Assistant.app
127.0.0.1 appleseed.apple.com # Feedback Assistant.app
127.0.0.1 iforgot-uat.apple.com # Feedback Assistant.app
127.0.0.1 xseedapps.apple.com # Feedback Assistant.app
127.0.0.1 appleseed-temp.apple.com # Feedback Assistant.app
127.0.0.1 crucio.apple.com # Feedback Assistant.app
127.0.0.1 ac-at.apple.com # Feedback Assistant.app
127.0.0.1 iforgott.apple.com # Feedback Assistant.app
127.0.0.1 mobile-uat.corp.apple.com # Feedback Assistant.app
127.0.0.1 idmswt.corp.apple.com # Feedback Assistant.app
127.0.0.1 mobile.apple.com # Feedback Assistant.app
127.0.0.1 privftp.apple.com # Feedback Assistant.app
127.0.0.1 cssubmissions-uat.corp.apple.com # Feedback Assistant.app
127.0.0.1 cssubmissions.apple.com # Feedback Assistant.app
# 127.0.0.1 www.chromium.org # Chromium.app
# 127.0.0.1 www.chrome.com # Chromium.app
# 127.0.0.1 developer.chrome.com # Chromium.app
# 127.0.0.1 chrome.google.com # Chromium.app
# 127.0.0.1 m.google.com # Chromium.app
# 127.0.0.1 www.google.com # Chromium.app
# 127.0.0.1 www.youtube.com # Chromium.app
# 127.0.0.1 code.google.com # Chromium.app
# 127.0.0.1 docs.google.com # Chromium.app
# 127.0.0.1 groups.google.com # Chromium.app
# 127.0.0.1 plus.google.com # Chromium.app
127.0.0.1 plus.sandbox.google.com # Chromium.app
127.0.0.1 ddm.google.com # Chromium.app
127.0.0.1 drive.google.com # Chromium.app
127.0.0.1 www.googledrive.com # Chromium.app
127.0.0.1 history.google.com # Chromium.app
127.0.0.1 mail.google.com # Chromium.app
127.0.0.1 tools.google.com # Chromium.app
127.0.0.1 wallet.google.com # Chromium.app
127.0.0.1 wallet-web.sandbox.google.com # Chromium.app
# 127.0.0.1 maps.google.com # Chromium.app
# 127.0.0.1 picasaweb.google.com # Chromium.app
# 127.0.0.1 sites.google.com # Chromium.app
# 127.0.0.1 support.google.com # Chromium.app
# 127.0.0.1 translate.google.com # Chromium.app
127.0.0.1 checkout.google.com # Chromium.app
127.0.0.1 cloudprint.google.com # Chromium.app
127.0.0.1 apis.google.com # Chromium.app
127.0.0.1 www.googleapis.com # Chromium.app
# 127.0.0.1 maps.googleapis.com # Chromium.app
# 127.0.0.1 fonts.googleapis.com # Chromium.app
127.0.0.1 android.googleapis.com # Chromium.app
127.0.0.1 translate.googleapis.com # Chromium.app
127.0.0.1 clients1.google.com # Chromium.app
127.0.0.1 clients2.google.com # Chromium.app
127.0.0.1 clients3.google.com # Chromium.app
127.0.0.1 clients4.google.com # Chromium.app
127.0.0.1 clients2.googleusercontent.com # Chromium.app
127.0.0.1 themes.googleusercontent.com # Chromium.app
127.0.0.1 cache.pack.google.com # Chromium.app
127.0.0.1 csi.gstatic.com # Chromium.app
127.0.0.1 ssl.gstatic.com # Chromium.app
127.0.0.1 www.gstatic.com # Chromium.app
127.0.0.1 t0.gstatic.com # Chromium.app
127.0.0.1 t1.gstatic.com # Chromium.app
127.0.0.1 t2.gstatic.com # Chromium.app
127.0.0.1 t3.gstatic.com # Chromium.app
127.0.0.1 android.clients.google.com # Chromium.app
# 127.0.0.1 fonts.gstatic.com # Chromium.app
127.0.0.1 safebrowsing.clients.google.com # Chromium.app
127.0.0.1 alt1-safebrowsing.google.com # Chromium.app
127.0.0.1 alt2-safebrowsing.google.com # Chromium.app
127.0.0.1 alt3-safebrowsing.google.com # Chromium.app
127.0.0.1 safebrowsing.google.com # Chromium.app
127.0.0.1 sb-ssl.google.com # Chromium.app
127.0.0.1 talkgadget.google.com # Chromium.app
127.0.0.1 talkx.l.google.com # Chromium.app
127.0.0.1 talk.google.com # Chromium.app
127.0.0.1 mtalk.google.com # Chromium.app
127.0.0.1 xmpp.google.com # Chromium.app
127.0.0.1 xmppx.l.google.com # Chromium.app
127.0.0.1 relay.google.com # Chromium.app
127.0.0.1 stun.l.google.com # Chromium.app
127.0.0.1 accounts.google.com # Chromium.app
127.0.0.1 accounts.youtube.com # Chromium.app
127.0.0.1 accounts.blogger.com # Chromium.app
127.0.0.1 i18napis.appspot.com # Chromium.app
127.0.0.1 googleads4.g.doubleclick.net # Chromium.app
127.0.0.1 googleads.g.doubleclick.net # Chromium.app
127.0.0.1 ad.doubleclick.net # Chromium.app
127.0.0.1 pubads.g.doubleclick.net # Chromium.app
127.0.0.1 c.admob.com # Chromium.app
127.0.0.1 e.admob.com # Chromium.app
127.0.0.1 media.admob.com # Chromium.app
127.0.0.1 lh3.ggpht.com # Chromium.app
127.0.0.1 lh4.ggpht.com # Chromium.app
127.0.0.1 lh5.ggpht.com # Chromium.app
127.0.0.1 lh6.ggpht.com # Chromium.app
127.0.0.1 pagead2.googlesyndication.com # Chromium.app
127.0.0.1 partner.googleadservices.com # Chromium.app
127.0.0.1 www.googleadservices.com # Chromium.app
127.0.0.1 s0.2mdn.net # Chromium.app
127.0.0.1 prod.fastly.net # Chromium.app
127.0.0.1 chrome.googleechotest.com # Chromium.app
# 127.0.0.1 chrome-devtools-frontend.appspot.com # Chromium.app
# 127.0.0.1 redirector.googlevideo.com # Chromium.app
# 127.0.0.1 redirector.gvt1.com # Chromium.app
# 127.0.0.1 etherx.jabber.org # Chromium.app
================================================
FILE: pf.conf
================================================
#
# Default PF configuration file.
#
# This file contains the main ruleset, which gets automatically loaded
# at startup. PF will not be automatically enabled, however. Instead,
# each component which utilizes PF is responsible for enabling and disabling
# PF via -E and -X as documented in pfctl(8). That will ensure that PF
# is disabled only when the last enable reference is released.
#
# Care must be taken to ensure that the main ruleset does not get flushed,
# as the nested anchors rely on the anchor point defined here. In addition,
# to the anchors loaded by this file, some system services would dynamically
# insert anchors into the main ruleset. These anchors will be added only when
# the system service is used and would removed on termination of the service.
#
# See pf.conf(5) for syntax.
#
#
# com.apple anchor point
#
#scrub-anchor "com.apple/*"
#nat-anchor "com.apple/*"
#rdr-anchor "com.apple/*"
#dummynet-anchor "com.apple/*"
#anchor "com.apple/*"
#load anchor "com.apple" from "/etc/pf.anchors/com.apple"
# redirect hardcoded ip addresses to 127.0.0.1
table <hardcoded> file "/etc/pf.hardcoded"
nat to <hardcoded> -> 127.0.0.1
# only allow outbound connections
block in log on ! lo0
pass out on ! lo0 proto icmp
pass out on ! lo0 proto udp all
pass out on ! lo0 proto tcp all keep state
# allow mDNS + IPv6 only on en0 and lo0
block out proto udp from any to any port 5353
block inet6
pass on { en0 lo0 } proto udp from any to any port 5353
pass on { en0 lo0 } inet6
# allow only specific ICMPv6 messages, cf. icmp6(4) and
# http://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml
block in on { en0 lo0 } inet6 proto ipv6-icmp
pass in on { en0 lo0 } inet6 proto ipv6-icmp icmp6-type { \
toobig timex paramprob \
echoreq echorep nirep mtraceresp \
groupqry grouprep groupterm 143 151 152 153 \
neighbrsol neighbradv 148 149 }
# allow DHCP OFFER + ACK on en0
pass in on en0 proto udp from any port 67 to any port 68
pass out on ! lo0 route-to 127.0.0.1 from self to <hardcoded>
================================================
FILE: pf.hardcoded
================================================
17.209.80.108 # MobileDevice.framework
17.176.69.14 # Setup Assistant.app
17.176.77.129 # Setup Assistant.app
17.176.80.148 # Setup Assistant.app
17.176.88.148 # Setup Assistant.app
17.230.144.24 # Setup Assistant.app
17.230.152.24 # Setup Assistant.app
17.230.160.24 # Setup Assistant.app
17.230.168.24 # Setup Assistant.app
17.219.209.2 # AVConference.framework
17.221.43.219 # ManagedClient.framework
17.155.5.253 # GameKitServices.framework
17.219.209.2 # GameKitServices.framework
72.247.44.23 # GameKitServices.framework (Akamai)
69.60.7.199 # IMLoggingAgent (Datagram)
17.254.0.50 # wdhelper (nserver.apple.com)
17.112.144.59 # wdhelper (nserver4.apple.com)
17.171.63.40 # wdhelper
18.244.0.188 # memcached (MIT)
2001:4860:b002::68 # memcached (Google)
================================================
FILE: sysctl.conf
================================================
net.inet6.ip6.accept_rtadv=0
net.inet6.icmp6.rediraccept=0
net.inet6.icmp6.nodeinfo=0
net.inet6.icmp6.nd6_accept_6to4=0
gitextract_rfuw5xv1/ ├── README.md ├── disabled-services ├── hosts ├── pf.conf ├── pf.hardcoded └── sysctl.conf
Condensed preview — 6 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (28K chars).
[
{
"path": "README.md",
"chars": 2812,
"preview": "## Preventing OS X from phoning home to Cupertino\n\n### Why\n\n* When you're pentesting, you want your machine to stay abso"
},
{
"path": "disabled-services",
"chars": 5429,
"preview": "/System/Library/InternetAccounts/*\n/System/Library/LaunchAgents/com.apple.syncdefaultsd.plist\n/System/Library/LaunchAgen"
},
{
"path": "hosts",
"chars": 15156,
"preview": "##\n# Host Database\n#\n# localhost is used to configure the loopback interface\n# when the system is booting. Do not chang"
},
{
"path": "pf.conf",
"chars": 2040,
"preview": "#\n# Default PF configuration file.\n#\n# This file contains the main ruleset, which gets automatically loaded\n# at startup"
},
{
"path": "pf.hardcoded",
"chars": 827,
"preview": "17.209.80.108\t\t\t\t# MobileDevice.framework\n17.176.69.14 \t \t\t# Setup Assistant.app\n17.176.77.129\t\t\t\t# Setup Assista"
},
{
"path": "sysctl.conf",
"chars": 120,
"preview": "net.inet6.ip6.accept_rtadv=0\nnet.inet6.icmp6.rediraccept=0\nnet.inet6.icmp6.nodeinfo=0\nnet.inet6.icmp6.nd6_accept_6to4=0\n"
}
]
About this extraction
This page contains the full source code of the l1k/osxparanoia GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 6 files (25.8 KB), approximately 8.4k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.