DOCSLIB.ORG

Exploitations of Uninitialized Uses on Macos Sierra

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Exploitations of Uninitialized Uses on Macos Sierra Exploitations of Uninitialized Uses on macOS Sierra Zhenquan Xu, Gongshen Liu School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University Tielei Wang, Hao Xu PWNZEN InfoTech Co., LTD. Abstract plied to entire modern operating systems. In this paper, we will share our experience of gaining arbitrary kernel An uninitialized use refers to a common coding mistake code execution in the latest macOS Sierra by exploiting where programmers directly use variables on the stack two uninitialized use vulnerabilities in Pwnfest 2016. or the heap before they are initialized. Uninitialized macOS Sierra is the thirteenth major release in ma- uses, although simple, can lead to severe security con- cOS, Apple Inc.’s desktop and server operating system sequences. In this paper, we will share our experience for Macintosh computers. It was released to end users in gaining arbitrary kernel code execution in the latest on September 20, 2016. Pwnfest is a security contest macOS Sierra by exploiting two uninitialized use vul- held on November 10-11, 2016, in Seoul, South Korea nerabilities for Pwnfest 2016. Specifically, we first ana- that aims to improve the security of current popular lyze the attack surface of the XNU kernel and mitigation operating systems by awarding hackers that are able to techniques, and then study common types of uninitial- hack the latest operating systems and browsers. There ized uses and potential threats. Then we elaborate on the are eight main targets (listing in Table-1) for hackers in vulnerabilities and exploitation techniques. Lastly, we Pwnfest 2016. summarize the whole exploitation and discuss the relia- bility of the exploitation. Table 1: Targets in Pwnfest 2016 1 Introduction Target Although not directly leading to memory corruptions, Microsoft Edge + Windows 10 x64 RS1 uninitialized use has become a kind of severe security Microsoft Hyper-V + Windows Server 2016 vulnerability. The uninitialized use may result in infor- Google Chrome + Windows 10 x64 RS1 mation leaks or control of the instruction pointer, in the Android 7.0 + Google Pixel case that attackers can effectively control memory lay- Adobe Flash + Microsoft Edge + Windows 10 x64 RS1 out and usage by using advanced exploitation techniques Apple Safari + macOS Sierra such as stack based or heap based spraying. Apple iOS 10 + iPhone 7 Plus Many researchers have proposed different methods or VMWare Workstation Pro 12 + Windows 10 x64 RS1 systems to detect, eliminate, or mitigate uninitialized uses. For example, MemorySanitizer [21] and kmem- check [19] perform checks on each memory read and In Pwnfest 2016, our target was Safari on macOS write operation to detect uninitialized reads but they in- Sierra. We first exploited an info-leak vulnerability cur significant overhead. STACKLEAK [22], proposed (CVE-2017-2355) and a UAF vulnerability (CVE-2017- by PaX, clears the kernel stack when returning to the user 2356) to gain remote code execution in the context of space but it does not prevent uninitialized use in the ker- Safari, when Safari processed a crafted web page. How- nel heap. Kangjie Lu’s UniSan [17], which is effective in ever, to win the contest and get the bonus, we needed to detecting stack based and heap based uninitialized uses escape the Safari sandbox and gain the root privilege. To and has slight overhead, requires rebuilding the source achieve this, we exploited two uninitialized value vul- code thus it can only be applied to open-source projects. nerabilities in the kernel. This paper will focus on the In short, such methods or systems are still hard to be ap- kernel exploitation. Specifically, the contribution of this research includes: compromised. The kernel implements a Mandatory Ac- cess Control (MAC) sandbox model. When a sandboxed • A detailed demonstration and analysis of exploit- process tries to access some system resource, the kernel ing uninitialized value bugs to bypass modern ker- will consult the app’s sandbox file to determine whether nel mitigations such as kernel ALSR and SMAP/S- to allow or to deny this operation. MEP on macOS Sierra. Safari is also partially sandboxed. The WebProcess, the NetworkProcess and the PluginProcesses are sand- • State-of-the-art exploitation techniques for exploit- boxed but the UIProcess is not sandboxed. After ex- ing macOS Sierra kernel. ploiting some vulnerabilities in WebCore or JavaScript- • A systematic review of attack surfaces of macOS Core, attackers usually gain arbitrary code execution in Sierra. the sandboxed WebContent process (aka WebProcess). It is still quite restricted to do something further so sandbox The rest of the paper is organized as follows. We re- escape is necessary. view Safari, XNU kernel and the mitigations systemati- Commonly, two different paths are available. The first cally in x2. Then we analyze the common types of unini- one is attacking system services which are not sandboxed tialized use and the potential threats in x3. We analyze and accessible in the WebProcess sandbox. Target ser- and exploit the vulnerabilities in detail in x4. We summa- vices could be WindowServer, fontd, launchd, etc.. Ex- rize our exploitation and make discussion in x5. Related ploiting vulnerabilities in these services help escape the work is summarized in x6. Lastly, we conclude in x7. sandbox and gain root privileges (if the target service is running as root). The other choice is exploiting kernel vulnerabilities directly. Attackers can gain kernel priv- 2 An Analysis of macOS Sierra ilege and break out of the sandbox at the same time by exploiting kernel vulnerabilities. However, this way is 2.1 Safari Browser & Sandbox much harder than the first one because of the sandbox. Safari is developed by Apple Inc. and it is the default Only a small number of user clients are accessible from browser on macOS Sierra. In this part, the process model a WebProcess sandbox (Table 2). Nevertheless, in Pwn- of Safari browser will be first introduced and then the fest 2016, the second way was used and two vulnerabili- sandbox will be discussed. The Safari browser is com- ties were exploited to gain the kernel privileges. posed of several separated processes. Safari employs an isolated process model and obeys least privilege princi- Table 2: User clients allowed to be opened in ples which means each of its components can only access WebProcess limited system resources which it requires. Specifically, Safari can be divided into four parts [11]: # User Client Name KEXT Name 1 AppleUpstreamUserClient AppleUpstreamUserClient.kext 2 AppleMGPUPowerControlClient AppleGraphicsControl.kext • WebProcess, which is also called WebContent, is re- 3 RootDomainUserClient System.kext sponsible for parsing HTML files, rendering DOM 4 IOAudioControlUserClient IOAudioFamily.kext 5 IOAudioEngineUserClient IOAudioFamily.kext objects and drawing layouts for a webpage. It deals 6 IOAccelerator IOGraphicsFamily.kext with Javascript and other active web contents as 7 IOAccelerationUserClient IOGraphicsFamily.kext 8 IOSurfaceRootUserClient IOSurface.kext well. 9 IOSurfaceSendRight IOSurface.kext 10 IOFramebufferSharedUserClient IOGraphicsFamily.kext • NetworkProcess is responsible for network commu- 11 AppleSNBFBUserClient AppleIntelSNBGraphicsFB.kext 12 IOHIDParamUserClient IOHIDFamily.kext nication of a browser like loading pages, loading 13 AppleGraphicsControlClient AppleGraphicsControl.kext resources (pictures, audios, videos) and posting re- 14 AppleGraphicsPolicyClient AppleGraphicsControl.kext quests. 15 AGPMClient AppleGraphicsPowerManagement.kext • PluginProcesses is responsible for managing plug- ins of a browser like Adobe Flash. 2.2 XNU attack surface • UIProcess is the parent process of all the other pro- cesses mentioned before. It is responsible for dis- XNU [6] is a computer operating system developed at patching events and messages between other pro- Apple Inc. and is used widely as the kernel for macOS, cesses. iOS, tvOS, and watchOS operating systems. XNU is a recursive abbreviation of “XNU is Not Unix”. In this macOS uses the sandbox mechanism [7] to minimize part, the attack surface of XNU will be detailedly dis- the damage to the system and user data if an app becomes cussed. On the top view of XNU, XNU is a hybrid kernel to communicate with drivers in the kernel and each which contains features of both monolithic kernels and device driver may have dozens methods for user microkernels. XNU can be considered as a mixture of space programs to call, which leaves a large attack the Mach kernel and the BSD kernel. XNU’s BSD com- surface for attackers. ponent uses FreeBSD as the primary codebase and it is responsible for process management, basic security poli- To start a communication with an IOKit driver in the cies, BSD system calls, network stack, filesystems, etc.. kernel, the following three steps are usually taken: XNU’s Mach component is based on Mach 3.0 devel- 1. Get the name of the service that the driver corre- oped by CMU in the middle 1980s. Mach is responsi- sponds to. The name can be obtained from the out- ble for multitasking, memory management, process com- put of “ioreg” command in a terminal. Then pass munication and so on [16]. Besides BSD and Mach, the name to IOServiceMatching(), which is an XNU contains a special driver framework called I/O Kit. API provided by the IOKit framework, to create a The I/O Kit [9] is a collection of system frameworks, matching dictionary for the next step. libraries, tools, and other resources for creating device drivers in OS X. It is implemented in a restricted form 2. Pass the matching dictionary in step 1 to IOSer- of C++ which omits features like multiple inheritance viceGetMatchingServices() to get an iterator and exception handling, which are unsuitable for a mul- of all the services which match the name in the tithreaded kernel. It also provides user space programs matching dictionary. Objects in the iterator are with the capability of communicating with the drivers in IOService ports, which correspond to the devices’ the kernel. instances in the kernel. Basically, any communication channels between the 3.
Load more

Recommended publications
  • Automatic Detection of Uninitialized Variables
    Automatic Detection of Uninitialized Variables Thi Viet Nga Nguyen, Fran¸cois Irigoin, Corinne Ancourt, and Fabien Coelho Ecole des Mines de Paris, 77305 Fontainebleau, France {nguyen,irigoin,ancourt,coelho}@cri.ensmp.fr Abstract. One of the most common programming errors is the use of a variable before its definition. This undefined value may produce incorrect results, memory violations, unpredictable behaviors and program failure. To detect this kind of error, two approaches can be used: compile-time analysis and run-time checking. However, compile-time analysis is far from perfect because of complicated data and control flows as well as arrays with non-linear, indirection subscripts, etc. On the other hand, dynamic checking, although supported by hardware and compiler tech- niques, is costly due to heavy code instrumentation while information available at compile-time is not taken into account. This paper presents a combination of an efficient compile-time analysis and a source code instrumentation for run-time checking. All kinds of variables are checked by PIPS, a Fortran research compiler for program analyses, transformation, parallelization and verification. Uninitialized array elements are detected by using imported array region, an efficient inter-procedural array data flow analysis. If exact array regions cannot be computed and compile-time information is not sufficient, array elements are initialized to a special value and their utilization is accompanied by a value test to assert the legality of the access. In comparison to the dynamic instrumentation, our method greatly reduces the number of variables to be initialized and to be checked. Code instrumentation is only needed for some array sections, not for the whole array.
    [Show full text]
  • App Frameworks #WWDC16
    App Frameworks #WWDC16 Improving Existing Apps Using modern best practices Session 213 Woody L., � to the Knowledge © 2016 Apple Inc. All rights reserved. Redistribution or public display not permitted without written permission from Apple. Agenda Reduce Technical Debt Asset Catalogs Dependency Injection Live Playgrounds Cycle of Development You down with ‘Dub-DC? Yeah, you know me. Lots of Requests Your boss More Requests Your customers Technical Debt //TODO: Write and clean up Customer’s Perspective Actuality Duarte requesting hi-res photo AppStore New API zsh AppKit CF AirPortUtility PreferencesApp iCal Foundation AVFoundation AirPortAssistant AirPortSettings AirPortAssistant OpenCL GameKit Dock Mail MapKit MobileMusicPlayer xnu AppKit AppStore MobileSafari zsh QuickTime udf WebKit BlueToothSettings cups Messages Dock ActivityMonitor MobileSafari bash Mail AccessibilitySettings GameKit GameKitServices MediaPlayerUI MediaPlayer MediaStream MobileMail Swift 3 Source code compatibility New and Updated Platforms A Dev’s Run Loop Bug Fixes Technical Debt New and Platforms ♽Updated APIs Customer Roadmap A Dev’s Run Loop Bug Fixes Technical Debt New and Platforms ♽Updated APIs Customer Roadmap A Dev’s Run Loop Bug Fixes Technical Debt New and Platforms ♽Updated APIs Customer Roadmap The Essentials A very good place to start Earlier iOS 8 5% 11% Minimum Deployment of iOS 8 • 95% of Devices iOS 9 84% As measured by the App Store on May 9, 2016 Pick a Deployment Target Latest update of previous release Deprecated API Deprecated API Treat Warnings
    [Show full text]
  • Private Browsing
    Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing Hana Habib, Jessica Colnago, Vidya Gopalakrishnan, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, and Lorrie Faith Cranor, Carnegie Mellon University https://www.usenix.org/conference/soups2018/presentation/habib-prying This paper is included in the Proceedings of the Fourteenth Symposium on Usable Privacy and Security. August 12–14, 2018 • Baltimore, MD, USA ISBN 978-1-939133-10-6 Open access to the Proceedings of the Fourteenth Symposium on Usable Privacy and Security is sponsored by USENIX. Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing Hana Habib, Jessica Colnago, Vidya Gopalakrishnan, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, Lorrie Faith Cranor Carnegie Mellon University {htq, jcolnago, vidyag, spearman, thomasjm, acquisti, nicolasc, lorrie}@andrew.cmu.edu ABSTRACT Prior user studies have examined different aspects of private Previous research has suggested that people use the private browsing, including contexts for using private browsing [4, browsing mode of their web browsers to conduct privacy- 10, 16, 28, 41], general misconceptions of how private brows- sensitive activities online, but have misconceptions about ing technically functions and the protections it offers [10,16], how it works and are likely to overestimate the protections and usability issues with private browsing interfaces [41,44]. it provides. To better understand how private browsing is A major limitation of much prior work is that it is based used and whether users are at risk, we analyzed browsing on self-reported survey data, which may not always be reli- data collected from over 450 participants of the Security able.
    [Show full text]
  • Advanced Practical Programming for Scientists
    Advanced practical Programming for Scientists Thorsten Koch Zuse Institute Berlin TU Berlin SS2017 The Zen of Python, by Tim Peters (part 1) ▶︎ Beautiful is better than ugly. ▶︎ Explicit is better than implicit. ▶︎ Simple is better than complex. ▶︎ Complex is better than complicated. ▶︎ Flat is better than nested. ▶︎ Sparse is better than dense. ▶︎ Readability counts. ▶︎ Special cases aren't special enough to break the rules. ▶︎ Although practicality beats purity. ▶︎ Errors should never pass silently. ▶︎ Unless explicitly silenced. ▶︎ In the face of ambiguity, refuse the temptation to guess. Advanced Programming 78 Ex1 again • Remember: store the data and compute the geometric mean on this stored data. • If it is not obvious how to compile your program, add a REAME file or a comment at the beginning • It should run as ex1 filenname • If you need to start something (python, python3, ...) provide an executable script named ex1 which calls your program, e.g. #/bin/bash python3 ex1.py $1 • Compare the number of valid values. If you have a lower number, you are missing something. If you have a higher number, send me the wrong line I am missing. File: ex1-100.dat with 100001235 lines Valid values Loc0: 50004466 with GeoMean: 36.781736 Valid values Loc1: 49994581 with GeoMean: 36.782583 Advanced Programming 79 Exercise 1: File Format (more detail) Each line should consists of • a sequence-number, • a location (1 or 2), and • a floating point value > 0. Empty lines are allowed. Comments can start a ”#”. Anything including and after “#” on a line should be ignored.
    [Show full text]
  • Chapter 1. Origins of Mac OS X
    1 Chapter 1. Origins of Mac OS X "Most ideas come from previous ideas." Alan Curtis Kay The Mac OS X operating system represents a rather successful coming together of paradigms, ideologies, and technologies that have often resisted each other in the past. A good example is the cordial relationship that exists between the command-line and graphical interfaces in Mac OS X. The system is a result of the trials and tribulations of Apple and NeXT, as well as their user and developer communities. Mac OS X exemplifies how a capable system can result from the direct or indirect efforts of corporations, academic and research communities, the Open Source and Free Software movements, and, of course, individuals. Apple has been around since 1976, and many accounts of its history have been told. If the story of Apple as a company is fascinating, so is the technical history of Apple's operating systems. In this chapter,[1] we will trace the history of Mac OS X, discussing several technologies whose confluence eventually led to the modern-day Apple operating system. [1] This book's accompanying web site (www.osxbook.com) provides a more detailed technical history of all of Apple's operating systems. 1 2 2 1 1.1. Apple's Quest for the[2] Operating System [2] Whereas the word "the" is used here to designate prominence and desirability, it is an interesting coincidence that "THE" was the name of a multiprogramming system described by Edsger W. Dijkstra in a 1968 paper. It was March 1988. The Macintosh had been around for four years.
    [Show full text]
  • Patterns in Dynamic Slices to Assist in Automated Debugging
    Patterns in Dynamic Slices to Assist in Automated Debugging A thesis submitted to the Graduate School of the University of Cincinnati in partial fulfillment of the requirements for the degree of Master of Science in the Department of Computer Science of the College of Engineering and Applied Science by Joshua W. Burbrink B.S. (Computer Science) University of Cincinnati, Cincinnati, Ohio, USA Thesis Advisor and Committee Chair: Dr. John Franco Abstract The process of manually debugging programs can be difficult and time consuming. The goal of this thesis is to aid developers in debugging their crashed programs by identifying common programming mistakes using information collected during the execution of the crashed program. Specifically, the solution proposed by this thesis calculates a dynamic slice with respect to conditions at the time of the crash and inspects the dynamic slice for characteristics that are only present when certain types of programming errors occur. Common programing mistakes explored by this thesis include: uninitialized heap variables, uninitialized stack variables, dangling pointers, and stack overflow. A prototype, based on the GNU Debugger, was developed to implement the concepts of this thesis and was used to identify common programming mistakes made in a set of example C programs. Experimental results showed that the solutions presented in this thesis performed very well. The prototype was able to identify all occurrences of uninitialized stack variables, uninitialized heap variables, and stack overflow, and only a few instances of dangling pointers were missed. Upon identifying a common programming mistake in the dynamic slice, the prototype was able to produce a high level debug report indicating source code lines relevant to the coding mistake.
    [Show full text]
  • Privacy of Streaming Apps and Devices
    2021 PRIVACY OF STREAMING APPS AND DEVICES: WATCHING TV THAT WATCHES US Common Sense is the nation's leading nonprofit organization dedicated to improving the lives of kids and families by providing the trustworthy information, education, and independent voice they need to thrive in the 21st century. www.commonsense.org Common Sense is grateful for the generous support and underwriting that funded this report from the Michael and Susan Dell Foundation, the Bill and Melinda Gates Foundation, and the Chan Zuckerberg Initative. CREDITS Authors: Girard Kelly, Common Sense Media Jeff Graham, Common Sense Media Jill Bronfman, Common Sense Media Steve Garton, Common Sense Media Data analysis: Girard Kelly, Common Sense Media Jeff Graham, Common Sense Media Copy editor: Jennifer Robb Designer: Jeff Graham, Common Sense Media Suggested citation: Kelly, G., Graham, J., Bronfman, J., & Garton, S. (2021). Privacy of Streaming Apps and Devices: Watching TV that Watches Us. San Francisco, CA: Common Sense Media This work is licensed under a Creative Commons Attribution 4.0 International Public .License TABLE OF CONTENTS Privacy of streaming apps and devices 1 What are streaming services? ......................................... 1 Apps we rated ............................................... 1 How do streaming services make money? ............................... 2 How we rate privacy ........................................... 2 What we found .............................................. 6 Compare privacy ratings ........................................
    [Show full text]
  • Latex on Macintosh
    LaTeX on Macintosh Installing MacTeX and using TeXShop, as described on the main LaTeX page, is enough to get you started using LaTeX on a Mac. This page provides further information for experienced users. Tips for using TeXShop Forward and Inverse Search If you are working on a long document, forward and inverse searching make editing much easier. • Forward search means jumping from a point in your LaTeX source file to the corresponding line in the pdf output file. • Inverse search means jumping from a line in the pdf file back to the corresponding point in the source file. In TeXShop, forward and inverse search are easy. To do a forward search, right-click on text in the source window and choose the option "Sync". (Shortcut: Cmd-Click). Similarly, to do an inverse search, right-click in the output window and choose "Sync". Spell-checking TeXShop does spell-checking using Apple's built in dictionaries, but the results aren't ideal, since TeXShop will mark most LaTeX commands as misspellings, and this will distract you from the real misspellings in your document. Below are two ways around this problem. • Use the spell-checking program Excalibur which is included with MacTeX (in the folder / Applications/TeX). Before you start spell-checking with Excalibur, open its Preferences, and in the LaTeX section, turn on "LaTeX command parsing". Then, Excalibur will ignore LaTeX commands when spell-checking. • Install CocoAspell (already installed in the Math Lab), then go to System Preferences, and open the Spelling preference pane. Choose the last dictionary in the list (the third one labeled "English (United States)"), and check the box for "TeX/LaTeX filtering".
    [Show full text]
  • *OS Internals::Kernel & Hardware
    12 Ceci n'est pas une "heap"*: Kernel Memory Management Thankfully, kernel KPI users seldom have to deal with the physical layer, and most calls can remain in the virtual layer. We detail how the kernel manages its own vm_map - the kernel_map - through kmem_alloc* and kalloc*. We next present the very important abstractions of kernel zones. Special care is given to the nooks and crannies of the zone allocator, due to their significance over the years in exploitation. Before concluding, we reintroduce memory pressure - also presented in I/8, but described here from the kernel's perspective. The gentle memorystatus of MacOS and the ruthless jetsam of *OS are both detailed. This continues with a discussion of XNU's proprietary purgeable memory, which helps deal with memory pressure automatically. Lastly, we conclude with a rough map of the kernel's address space, and consider the kernel slide. * - Kernel memory is often incorrectly refered to as the the "kernel heap". This term (apparently used within Apple as well) is technically wrong - the heap refers to the data strcuture used in user-mode in backing malloc(3), as opposed to the automatic, thread-local memory of the stack (although the pedantic will correctly argue that user mode "heaps" no longer use the heap structure as well...). Though the kernel does make use of stack memory (for its threads and user-mode threads when in-kernel), the heap data structure is not used in any way in maintaining kernel memory, which is merely segmented into zones, similar to the Linux Slab allocator. Kernel Memory Allocation XNU makes use of multiple memory allocation facilities in the kernel.
    [Show full text]
  • OS X Mountain Lion Includes Ebook & Learn Os X Mountain Lion— Video Access the Quick and Easy Way!
    Final spine = 1.2656” VISUAL QUICKSTA RT GUIDEIn full color VISUAL QUICKSTART GUIDE VISUAL QUICKSTART GUIDE OS X Mountain Lion X Mountain OS INCLUDES eBOOK & Learn OS X Mountain Lion— VIDEO ACCESS the quick and easy way! • Three ways to learn! Now you can curl up with the book, learn on the mobile device of your choice, or watch an expert guide you through the core features of Mountain Lion. This book includes an eBook version and the OS X Mountain Lion: Video QuickStart for the same price! OS X Mountain Lion • Concise steps and explanations let you get up and running in no time. • Essential reference guide keeps you coming back again and again. • Whether you’re new to OS X or you’ve been using it for years, this book has something for you—from Mountain Lion’s great new productivity tools such as Reminders and Notes and Notification Center to full iCloud integration—and much, much more! VISUAL • Visit the companion website at www.mariasguides.com for additional resources. QUICK Maria Langer is a freelance writer who has been writing about Mac OS since 1990. She is the author of more than 75 books and hundreds of articles about using computers. When Maria is not writing, she’s offering S T tours, day trips, and multiday excursions by helicopter for Flying M Air, A LLC. Her blog, An Eclectic Mind, can be found at www.marialanger.com. RT GUIDE Peachpit Press COVERS: OS X 10.8 US $29.99 CAN $30.99 UK £21.99 www.peachpit.com CATEGORY: Operating Systems / OS X ISBN-13: 978-0-321-85788-0 ISBN-10: 0-321-85788-7 BOOK LEVEL: Beginning / Intermediate LAN MARIA LANGER 52999 AUTHOR PHOTO: Jeff Kida G COVER IMAGE: © Geoffrey Kuchera / shutterstock.com ER 9 780321 857880 THREE WAYS To learn—prINT, eBOOK & VIDEO! VISUAL QUICKSTART GUIDE OS X Mountain Lion MARIA LANGER Peachpit Press Visual QuickStart Guide OS X Mountain Lion Maria Langer Peachpit Press www.peachpit.com To report errors, please send a note to [email protected].
    [Show full text]
  • User Manual Star Walk™ for Iphone/Ipod Touch/Ipad
    User Manual Star Walk™ for iPhone/iPod Touch/iPad December 2013, ver. 7.0.3 for Android devices January 2014, ver. 1.0.1 2 Star Walk™ manual Table of Contents iOS version 4 1 Introduction 4 2 Getting started 5 2.1 Sky Live window 5 2.2 Location set up 6 2.3 Using/Activating Star Spotter 8 2.4 Augmented Reality 9 2.5 Spectrum Bar 9 2.6. Stargazing Community 9 2.7 Display/Interface 11 3 Menu 11 3.1 Day and Night color schemes 12 3.2 Constellations display 12 3.3 Satellites 13 3.4 TelRad 13 3.5 Playing sounds 13 3.6 Playing music 13 3.7 Magnitude adjustment 13 4 Using functions of Star Walk™ 13 4.1 Changing date and time 13 4.2 Getting information about an object 14 4.3 Searching for sky objects 14 4.4 Watching astronomical events 15 4.5 Using Astronomy Pictures 16 4.6 Posting pictures in Star Walk™ 17 4.7 Sharing 18 4.8 Watching moon phases 19 5 Star Walk™ on a big screen using cables 19 6 Star Walk™ on a big screen using AirPlay 20 7 The Apple Volume Purchase Program 20 FAQ 22 Glossary 23 Android version 26 1 Introduction 26 2 Getting started 26 3 Star Walk™ manual 2.1 Sky Live window 27 2.2 Location set up 27 2.3 Using/Activating Star Spotter 28 2.4 Augmented Reality 29 2.5 Spectrum Bar 30 2.6. Sharing 30 2.7 Display/Interface 30 3 Menu 32 3.1 Day and Night color schemes 32 3.2 Constellations display 32 3.3 Satellites 32 3.4 Playing sounds 33 3.5 Playing music 33 3.6 Magnitude adjustment 33 4 Using functions of Star Walk™ 33 4.1 Changing date and time 33 4.2 Getting information about an object 33 4.4 Sharing 35 4.5 Watching moon phases 35 FAQ 36 Glossary 37 4 Star Walk™ manual iOS version 1 Introduction Star Walk™ is a stargazing application for amateurs, professionals, and kids who are eager to learn.
    [Show full text]
  • Best Iphone and Ipad Contracts
    Best Iphone And Ipad Contracts Cosmogonic Israel interrelate droningly. Weather-beaten Cain infer assentingly and tryingly, she maturated her settings snapped telescopically. Is Wyndham always episcopal and incoercible when outjut some Cynewulf very stichometrically and extemporaneously? Laptop Mag battery test. To best iphone and ipad contracts to. You think you with eddie kantar and networks, and your listings import has been copied to any use. For and contracts can you can check email, twilio and resellers will contract. Nfc is best, customers are more pinching and contracts quickly as. Except fit the unlimited minute tariffs when voicemail is free. To tomorrow a document, you need to draw a signature at the line. What other ways are there to locate one? Lte models in management software to your quarantine dweller are willing to fill out from one field to products as well as new battery and best iphone and ipad contracts can get. Carriers may offer cheap deals on these phones for want some time. Christine baker is best iphone and ipad contracts can decide if a problem submitting your customers can click the cart is there was your independent of security. Cell phone plans are complicated. You need to sign type to chin with same purchase. But it wins on speed and convenience every day inspect the week. Back market quality control center and contracts to protect is my phone and require consent to start your email you would mean a few areas of real world. This contract agreement template is best mobile app on it just say no more waiting for? You are solely responsible for removing all data, including confidential and personal data, given the device prior to shipping.
    [Show full text]