Continuously opining, intermittently publishing.
20
June

Hamachi Workarounds in OS X

Posted by oshane | Leave a comment at the end of this post.

2010 UPDATE: LogMeIn has modified Hamachi accounts to the extent that this workaround is entirely deprecated.

For more than several years, I have been a fan of Hamachi, which provides a proprietary but zero-configuration VPN solution for any Windows user. Unfortunately, while there are Hamachi builds for Linux and OS X, they are command-line interfaces only (meaning, of course, the so-called Mac OS X build should work flawlessly in Unix).

A Quick Overview of Hamachi
Once installed, Hamachi connects to the central server, which generates a new Hamachi IP address. Via this “tunneled” IP address, one can create and join networks, which are created with text names and secured by passwords. When using Hamachi for the first time, the UI will guide the user through joining the “test” network with the password “secret”. Anyone else connected to a network is now on a virtual LAN with the user via that network.

Your own computer remains as secure as it would versus anyone else on a physical network but can now interface with co-users of Hamachi as though you were on the same physical network. Bottom line: no fussing with port triggering in your router to ensure your application will work with another user somewhere on the internet.

For Windows users, this process is fairly easy and requires little technical understanding.

The OS X Version Truly is Rudimentary
For basic VPN tunneling, the OS X (unix) version is adequate and not terribly complicated for someone used to a command line interface. The problem for non-novice users is really that its feature set is pretty “rudimentary” to quote the language on the Hamachi website.

One feature that is lacking is the ability to receive system messages from the central server and respond to them using a GUI (or even a textual command). Moreover, there is no way to set a “master password” in the OS X version as one can do in the Windows version.

These are actually important, because Hamachi provides, at http://my.hamachi.cc, a method for consolidating control of all accounts in a web-based interface. If you have multiple computers and multiple Hamachi accounts, this interface allows you to set which account controls a network, to evict other users of networks you own, and so on. Also, if you have set the master password to an old account which you no longer have (the classic scenario is loss due to a computer crash), then you can also “move” the RSA keys and identity of the old account to a current account. This option isn’t available in the Mac OS X command-line interface. Nor does it seem to be available to users of the third-party unofficial GUI, HamachiX.

A Solution to One Problem
Today, I discovered how, at least, to be able to register an OS X version with one’s My Hamachi web account. It requires a Windows machine, a functioning, installed OS X version, and for ease, a network storage device (or external drive).

Backing Your Hamachi Installation Up
Fortunately, backing Hamachi up is as simple as copying key folders to a safe place and then restoring (recopying) them back to their original places after reinstalling Hamachi but before connecting into the central server for the first time. Fortunately, in the OS X version, it takes a proactive command to logon post-install, so you are likely not in danger of screwing this up in OS X. Unfortunately, in the Windows version, there is a checkbox that is opt-out at the end of the installation which asks the user to start Hamachi after the installation finishes. This needs to be unchecked if you are reinstalling Hamachi and planning to restore an old account.α

In the OS X version, there is a hidden folder for Hamachi, once installed, that holds the private RSA key and public RSA keys the client needs to securely connect with other clients. To access hidden files and folders in Finder, you need to run this command in a Terminal:

defaults write com.apple.Finder AppleShowAllFiles TRUEβ

Let’s pretend your Mac OS X username is oshanereader. The hidden folder you need is:

/Users/oshanereader/.hamachi/

Copy the .hamachi folder to a safe place on your network. If your aim is to merely backup your Hamachi IP address and installation, this is sufficient. Just make sure to copy your .hamachi folder back to the same place after you reinstall. Coincidentally, this process is very similar for Windows XP and Windows Vista / 7 users:

In Windows XP: copy the contents of
C:\Documents and Settings\oshanereader\Application Data\Hamachi to a safe place.

In Windows Vista or Windows 7: copy the contents of
C:\Users\oshanereader\AppData\Roaming\Hamachi to a safe place.

Note that these folders are also hidden and require unhiding them in the Windows Explorer interface.

Tricking Hamachi by Cloning the OS X Installation on Windows
For the purposes, however, of connecting your OS X Hamachi IP to your My Hamachi account, you have to actually install Hamachi onto Windows and trick it into thinking it is the same account on your OS X machine. Since Hamachi, when it first installs, generates a Hamachi IP address, a private client RSA cryptographic key and conforming public keys (if you have connected with other people in other networks), because those items conform to one another, they must all be present in a restoration for Hamachi to believe that it is being restored to the original machine, i.e., to clone the original installation. If any one of these items is defective or malformed, Hamachi will believe it should create a new IP address and new private-public RSA key pairings. This is really for security. It would be terrible for a secure VPN application to simply believe that an account is the same as an old one with only one “piece of identification.”

Anyway, the Mac OS X files are similar but not the same as the Windows files. In OS X, under /.hamachi/, these are the files that matter:

client.pri
client.pub

There is also an important file for reference purposes but is not essential to this workaround: a file called state which lists the identity-IP address, current nickname and current networks of the Hamachi installation.

In Windows, there is an additional file key file similar to OS X’s state:

client.id

To trick Hamachi on Windows into thinking it is the OS X installation, first ensure that Hamachi is uninstalled on Windows and that the folders, supra, are either fully deleted or empty. (Re)install Hamachi on Windows. Copy the files client.pri and client.pub from the Mac to the appropriate Windows folder, where there should only be one file, hamachi.ini, which has almost no content and you can ignore (I mention it for reference). You’re not finished.

Then, create a file using Notepad or some other method called client.id in the appropriate Windows folder next to the other client files. Whereas client.pub and client.pri are encrypted, this one is plainttext. Add this one line to your file:

Identity 05xxxxxx

where the “xxxxxx” are not actually x’s, but the hexadecimal equivalents of the IP address’ octets. The first octet in a Hamachi address is always 5. For instance: 5.5.255.255. If 5.5.255.255 were your Mac OS X Hamachi IP address, then you would convert each octet (the number between the periods) separately. 5 in base 10 is 05 in base-16 (hexadecimal). 255 in base 10 is ff in base-16. Thus, your address would convert to 05.05.ff.ff, but for the purposes of manipulating the client.id file, we remove the periods:

Identity 0505ffff

Another example, using an old Hamachi IP address I have since lost the files for, would be 5.43.79.251. If that were your address on your Mac OS X installation, it would convert to 05 2b 4f fb or, in the only line of client.id, you would type:

Identity 052b4ffb

Once you have created a client.id file tied to the identity (IP address) of your OS X Hamachi account, it should conform to the files you copied from your Mac OS X Hamachi installation client.pri and client.pub. Now, make sure your OS X Hamachi is turned off and load Hamachi on the Windows installation and logon to the internet. It should register with all of your networks from the Mac OS X installation using the same IP address.

Registering Your OS X Hamachi Client at My Hamachi
At http://my.hamachi.cc, assuming you have registered for an account, click on the Requests tab and in that tab, Add new client. Under the Request Form section, add the IP address of your Hamachi OS X installation (now cloned on your Windows machine).

Once you initiate this request, your Hamachi UI in Windows will blink in the system tray, alerting you to a new system message. Click on the blinking 3-dot triangular symbol and grant access via the pop-up window that appears. Once you’ve done this, your web account will now have “attached” your OS X Hamachi installation.

Setting the Master Password
Feel free to set the master password for the OS X Hamachi account via the Windows clone. To do so, click on the gear-button in the lower-right corner of the Hamachi GUI and select preferences from the menu. Under the System sub-menu, click on Set Master Password. In fact, feel free to browse through the sub-menus, because some of these preferences will not be able to be set under the OS X command line interface so if you’d like them changed, feel free to do so. Assuming you uninstall the Windows clone, however, note that these changes will be semi-permanent unless you were to reclone the OS X installation on Windows again.

Setting the master password at this point should be unnecessary. Doing so allows one to preserve ownership even after a Hamachi installation is lost with no backup. Since you, by nature of cloning the OS X installation in Windows, have backed up the /.hamachi/ folder, a master password is probably moot. Still, if you were to lose your Hamachi installation and the backup, the master password would allow you to preserve your networks and ownership of any networks you created and then merge those memberships and ownerships into a new account, so it’s worthwhile creating a master password, though perhaps not for the immediate future.

Wrapping Things Up
Finally, uninstall the Windows clone of your OS X Hamachi installation. This way, you protect it from suffering a race condition by confusing the Hamachi central server.


α A saving grace: if you mess this up, fixing it is just a matter of deleting the appropriate folder in its entirety and uninstalling Hamachi and starting over.
β To turn off the visually unappealing attribute when finished, just employ the inverse command: defaults write com.apple.Finder AppleShowAllFiles FALSE.

2 Responses to “Hamachi Workarounds in OS X”

  1. 95Dessie says:

    Hi admin, i must say you have very interesting articles
    here. Your blog should go viral. You need initial traffic boost
    only. How to get it? Search for: Mertiso’s tips go
    viral

Leave a Reply