Q: iRat - remote control client?
MacBook Air (13-inch, Early 2014)
OSX El Capitan 10.11.3 (15D21)
Intel HD Graphics 5000 1536 MB
Hardware Overview:
Model Name: MacBook Air
Model Identifier: MacBookAir6,2
Processor Name: Intel Core i7
Processor Speed: 1.7 GHz
Number of Processors: 1
Total Number of Cores: 2
L2 Cache (per Core): 256 KB
L3 Cache: 4 MB
Memory: 8 GB
Boot ROM Version: MBA61.0099.B21
SMC Version (system): 2.13f15
-----------
Seeing some odd activity in my logs and wanted to get feedback and whether I should be concerned.
--------
The below logs are appearing in a folder in Console called CoreTelephonyTraceScratch > CSI.scratch >
in filesnames like 0x00000000-csi.txt, 0x00000001-csi.txt, 0x00000002-csi.txt.
The files appear to be generating temporarily when I am connecting, disconnecting, and then being iteratively removed. I do not have an iOS device that I connect to this machine. The logs are running whether I am hard-wired or connected by Wifi, at my home network. I am not a programmer but it looks off and Google has done nothing to reassure me. I did find this - Hacked OS EL CAPITAN
Thanks in advance.
-------
0.052 [I] evt: Firing event 'recalculateConnectionAvailability': with params= 0, Wifi Changed
0.052 [I] DATA:TechDriver:handleWifiAvailable_sync: fWifiInterfaceName changes from en0 to
0.052 [I] DATA:TechDriver:TechDataDriver: <0x7fa3baf2a450> created
0.052 [I] DATA:ServiceController:DataServiceController: <0x7fa3bae150b0> created
0.052 [I] DATA:ServiceController:recalculateConnectionAvailability: fRadioModuleCreated is false, bailing for now (Wifi Changed)
0.052 [I|17+] ent.ctr: Initializing Carrier Entitlements Controller
0.052 [I] NOBB:NoBBRegistration_NOSUPPORT:NoBBRegistrationController: Object constructed <----------
0.053 [I|17] ent.ctr: ================================================================================================
0.053 [I|17] ent.ctr: Reset called upon with update: false and reason CheckEntitlementsReason::kSelfInitiated
0.053 [I|17] ent.ctr: ================================================================================================
0.053 [I|17] ent.ctr: Potentially instantiating Entitlements Command Driver
0.053 [I|18+] ent.psh: Reset Push Listener
0.053 [I|15+] csi.session: handleLoginSessionStateChange_sync(): Session is logged in
0.053 [I|15] evt: Firing event 'loginSessionStateChange': with params= 1
0.053 [I|15] csi.session: initialize(): loginSessionActive: true
0.053 [I] evt: Firing event 'recalculateConnectionAvailability': with params= 1, Login session state changed to true
0.053 [I] evt: Firing event 'recalculateConnectionAvailability': with params= 1, Login session state changed to true
0.053 [I] DATA:iRatController:handleLoginSessionStateChanged_sync: Session is logged in. Start iRatClient
0.053 [I] DATA:ServiceController:recalculateConnectionAvailability: fRadioModuleCreated is false, bailing for now (Login session state changed to true)
0.053 [I] DATA:ServiceController:recalculateConnectionAvailability: fRadioModuleCreated is false, bailing for now (Login session state changed to true)
0.053 [I] DATA:iRatClient:start_sync: Starting iRat Client
0.053 [I] DATA:iRatClient:register_sync: register with server: {
"kMessageId": 1u,
"kMessageArgs": {
"kWCMRegisterProcess_ProcessId": 7u
}
}
0.054 [I] 5wi: Constructor: fCountrySetFlag set to false
0.055 [I|24+] sysobs: Polling for the states of screen, lock, reachability status, and battery saver mode
0.055 [I|22+] 5wi: No retrieved value for SystemDeterminationManager::ConnectivityHelperType
0.056 [I|22] 5wi: No retrieved value for kEnableIMSUserPreference, using default false
0.056 [I|17] ent.ctr: No Entitlements Driver
0.056 [I|17] ent.ctr: Adding FaceTimeOverCellular to not supported
0.056 [I|25+] max: Switch support retrieved ----- 3G switch support: DataRateSwitchSupport::kUnknown, LTE switch support: DataRateSwitchSupport::kUnknown
0.056 [I|25] max: User preference for Enable 3G: DataRateUserPreference::kUnknown with 3G switch support: DataRateSwitchSupport::kUnknown
0.056 [I|25] max: User preference for Enable LTE: DataRateUserPreference::kUnknown with LTE switch support: DataRateSwitchSupport::kUnknown
0.056 [I|17] ent.ctr: Adding Tethering to not supported
0.056 [I|17] ent.ctr: Adding Agent to not supported
0.056 [I|17] ent.ctr: Adding VoWiFi to not supported
0.056 [I|17] ent.ctr: Adding Thumper to not supported
0.056 [I|17] ent.ctr:
0.056 [I|17] ent.ctr: Generating entitlement changed events
0.056 [I|17] ent.ctr:
0.056 [I|17] evt: Firing event 'entitlement_changed': with params= 0000000000, 0000000000, 0111001100, EntitlementResults(Phone Number:Unknown, SubscriptionAndUsageStatus:Unknown, FaceTimeOverCellular:Unknown, Tethering:Unknown, Update Push Token:Unknown, Perform Auth-Only:Unknown, Agent:Unknown, VoWiFi:Unknown, Thumper:Unknown, VVM:Unknown, )
0.056 [I|25] max: User Preference evaluated ----- 3G switch user preference: DataRateUserPreference::kUnknown, LTE switch user preference: DataRateUserPreference::kUnknown
0.057 [I|17] ent.ctr: Invalidating Entitlements State with reason CheckEntitlementsReason::kSelfInitiated
0.057 [I|24] DisplayStateModel:changeFlag: DisplayIsOn, from true to true
0.057 [I|24] evt: Firing event 'statusBarVisible': with params= 1
MacBook Air, OS X El Capitan (10.11.3)
Posted on Feb 19, 2016 6:03 PM
Thanks for the response, Linc. I've been advised that this is IOS code running in OSX, relating to coretelephony, and is not malicious.
Posted on Feb 26, 2016 1:21 PM