5.3 KiB
macOS Bundles
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥
- Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
- Discover The PEASS Family, our collection of exclusive NFTs
- Get the official PEASS & HackTricks swag
- Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
- Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.
Basic Information
Basically, a bundle is a directory structure within the file system. Interestingly, by default this directory looks like a single object in Finder.
The common frequent bundle we will encounter is the .app
bundle, but many other executables are also packaged as bundles, such as .framework
and .systemextension
or .kext
.
The types of resources contained within a bundle may consist of applications, libraries, images, documentation, header files, etc. All these files are inside <application>.app/Contents/
ls -lR /Applications/Safari.app/Contents
-
Contents/_CodeSignature
Contains code-signing information about the application (i.e., hashes, etc.).
-
Contents/MacOS
Contains the application’s binary (which is executed when the user double-clicks the application icon in the UI).
-
Contents/Resources
Contains UI elements of the application, such as images, documents, and nib/xib files (that describe various user interfaces).
-
Contents/Info.plist
The application’s main “configuration file.” Apple notes that “the system relies on the presence of this file to identify relevant information about [the] application and any related files”.-
Plist files contains configuration information. You can find find information about the meaning of they plist keys in https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Introduction/Introduction.html
-
Pairs that may be of interest when analyzing an application include:\
- CFBundleExecutable
Contains the name of the application’s binary (found in Contents/MacOS).
- CFBundleIdentifier
Contains the application’s bundle identifier (often used by the system to globally identify the application).
- LSMinimumSystemVersion
Contains the oldest version of macOS that the application is compatible with.
-
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥
- Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
- Discover The PEASS Family, our collection of exclusive NFTs
- Get the official PEASS & HackTricks swag
- Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
- Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.