Extracting Android Factory Images on macOS

There seem to be a plethora of tutorials for how to extract factory images on Linux and Windows without much crossover into macOS.

Thankfully, the method for extracting a factory image on macOS so we can peruse the filesystem is really similar to Linux. The problem is, we need some way to mount the extracted image to an extended filesystem. macOS doesn’t support this out of the box, so we’ll use OSXFuse to make it happen.

FUSE implements a mechanism that makes it possible to implement a fully functional file system in a user-space program on macOS.

Now, in order to access ext4, we’ll also need an ext4 implementation for macOS Fuse (aptly named, ext4fuse).

This is a read-only implementation of ext4 for FUSE. The main reason this exists is to be able to read linux partitions from OSX.

If you’re curious about ext4 vs ext3 vs ext2 Linux file systems, take a look at this handy summary.

Finally, in order to extract the image file (before mounting it with OSX Fuse), we’re going to use imgtool. In many Linux tutorials you’ll see references to simg2img; this replaces that for macOS (although a Linux binary exists as well).

Think of it as the inverse of mkbootimg (from the AOSP), coupled with simg2img (the sparse image extractor). Another bonus feature it provides is unpacking the Linux bzimage kernels.

It was developed by the legendary Jonathan Levin. He is brilliant.


Download whatever image file you want to extract. Google makes theirs readily available here. I’ll be using “taimen” for Pixel2 XL for this tutorial. Unzip the downloaded image file, navigate within that unzipped directory, and unzip the inner directory (in this example, named image-taimen-opd1.170816.010.zip ) as well. We want to get to the system.img file within that second zipped directory.

Download imgtool and unpack the .tgz:

tar -xvzf <imgtool.tgz path> -C /path/where/to/extract

Then, navigate to the directory where imgtool was unzipped where you’ll see a bunch of fun C files.

We’re going to use imgtool on the image file downloaded from Google (or wherever yours is from). I like using a split-screen in iTerm so I don’t forget where my image lives.

Extract the image file with imgtool:

./imgtool <path-to-factory-image>/system.img extract

You should now see a new directory within imgtool called “extracted”: imgtool/extracted/image.img Within this directory is a new image file. This is the image you’ll mount in order to access the filesystem.

Install OSXFuse:

brew cask install osxfuse

Restart your computer. Painful, I know.

Install ext4fuse:

brew install ext4fuse

Create a directory to hold the mounted image: sudo mkdir /Volumes/Linux

Mount the extracted image to that directory:

sudo ext4fuse ../imgtool/extracted/image.img /Volumes/Linux -o allow_other

Including the allow_other option is really important here: it allows users other than the superuser account to access the filesystem.

Navigate to /Volumes/Linux and you should be able to see the system dump!

When you’re done working with the mounted image, you won’t be able to just delete the directory you’ve created. You’ll have to unmount it:

diskutil unmount /Volumes/Linux

Do you have another way of extracting image files in macOS? Would love to hear what your approach is! Leave a comment below.

Darling, You Can Be Both

For years, I struggled with my identity as a female software developer. I struggled with the notion of femininity in an industry that often feels anything but feminine.

At 19, I donated every floral, flowy piece of clothing I owned and replaced them with video game t-shirts, jeans and American Apparel hoodies. For some reason, I believed that my identity as a “super serious Computer Science major” and the more (stereotypically) feminine pieces in my wardrobe were incompatible. I needed to choose an identity, and ultra “feminine” didn’t seem to fit. After 18 years of dance training, I stopped cold-turkey, convinced that “super serious Computer Science students” didn’t waste time on contemporary dance when they could be building PCs instead. I stopped wearing make-up (something I had once loved, trained at part-time, and secretly ran a successful Youtube tutorial channel on) because I felt I would be perceived as superficial and flighty. In a classroom of 40 students, of which 37 were men, wearing eyeliner and a floral blouse made me acutely aware of my gender.

It wasn’t that I didn’t love the video game t-shirts I wore; I did. They were all games I was passionate about, that I had played (and beaten), and that I had stumbled across at either a Hot Topic or ThinkGeek. In retrospect, what concerns me was that I saw “femininity” and “tech” as mutually exclusive. It was as though every negative experience I had as a woman in this industry compounded into the fundamental belief that in order to be taken seriously, I needed to broadcast my knowledge of the subject matter across my chest. If I wasn’t wearing hoodies and nerdy t-shirts, would anyone actually know that I belonged?

Instead of feeling secure in my knowledge of my identity, I cared (far too much) that others also understood that identity. For months I wouldn’t enter a video game or computer store in anything other than a ThinkGeek t-shirt. I did this to avoid the dreaded, “Are you shopping for your boyfriend/brother/dad?”.

It worked. The t-shirt may as well have been a giant neon sign exclaiming, “Look! I belong here! I’m part of your world! I like the same things; I make the same jokes!”

I struggled with this throughout the 4 years of my Computer Science degree, and even into my mid-twenties while working full-time as a software developer. Unfortunately, I’ve realized that this isn’t uncommon for many women and men who don’t fit the programmer archetype.

It wasn’t until I reached my late twenties — jaded and somewhat more indifferent to the opinions of strangers — that I stopped avoiding the lifestyle choices I perceived to be incongruent with my chosen career. I recognized that others’ misconceptions and false stereotypes of women in our industry shouldn’t be the primary motivator for my decisions. In fact, by bowing to that pressure and attempting to avoid their misjudgements I was contributing to the stereotype.

Recently, an incredibly well-respected and talented woman in the cybersecurity community (@malwareunicorn) started a website called “VanitySec”. This website, described as “the intersection of security and fashion” features a number of articles on beauty and fashion by women in the infosec industry.

I can’t help but recognize how a site like this (and role models like the authors of VanitySec) would have inspired and encouraged me to embrace my stereotypically feminine interests.

I likely would have realized much sooner that there is no “Software Engineer” persona; there are stereotypes and public misconceptions, but these aren’t fact and they shouldn’t limit your decisions. The more individuals we have with varied interests in this industry, the more likely we are to develop technical solutions to a larger variety of problems.


“Recognize and embrace your uniqueness. I don’t think the ratios are going to change anytime soon. But, I don’t think it has to be a disadvantage. Being a Black woman, being a woman in general, on a team of all men, means that you are going to have a unique voice. It’s important to embrace that.” - Erin Teague, Director of Product at Yahoo; quote from SkillCrush

*This story was originally posted on January 19th, 2018 at *http://blog.chmodxx.net/darling-you-can-be-both/

Painless VPN Set-up on Kali Linux

If you follow me on Instagram or Twitter, you know that I love the command line and use a dedicated Thinkpad T420 as my “hacking machine”. While I’m new to Kali, I’ve been a Linux user for a while — dating back to my first-year of university in 2007. I have a pretty strong love-hate relationship with Linux. While I mostly love Linux distros and would gladly use one as my primary work OS, troubleshooting hardware issues between Ubuntu and Apple hardware has caused me some grief in the past.

But I digress.

For a network security course I’m taking, we needed to play around with Nmap and a lab network set-up by our professor at Ryerson. I’ve used many a VPN before, but not with Linux and certainly not with Kali. I kind of expected a GUI like I’ve had in the past with OSX or Windows, and while I’ve realized that you *can *access one:

    sudo apt-get install network-manager-openvpn
    sudo apt-get install network-manager-openvpn-gnome

the CLI is much easier to work with and likely already installed for you.

It’s a pretty painless process, but finding some kind of set-up tutorial online proved surprisingly difficult.

If you don’t have OpenVPN installed already, run

    sudo apt-get install openvpn

Next, grab the config file you’d like to use. If you’re in a class, it’s probably provided by your professor or whoever’s providing you with a network to pen test. Otherwise, you can find other config files online to play around with.

You will likely have 2 files provided to you: a config file with the filetype “.opvn”, and a certificate file.

We’re going to add the certificate file and the config file to the equivalent of a Windows config folder in Kali.

    mv config-file /etc/openvpn/config-file;
    mv cert-file /etc/openvpn/cert-file

That’s basically it! To spin up the VPN, run:

    openvpn — config /etc/openvpn/config-file;

You’ll likely be asked to authenticate with whatever username and password you’ve been given to access the network.

Note that the command above will start the VPN in the foreground and will terminate when the terminal is closed.

If you’d rather run the VPN in the background and not terminate when closing terminal, run:

    sudo nohup openvpn — config /etc/openvpn/cert-file.ovpn &;

I read several SO posts and random tutorials to get to this point, but some didn’t quite work or were too dated. The most useful site was easily https://hide.me/en/, which is actually a VPN client.

Hopefully this saved someone out there some time.