Yesterday I posted https://krypted.com/mac-security/script-to-list-extensions-running-on-a-mac/ to scriptify some research on App Extensions and System Extensions. I mentioned that it’s also possible to loop through /Applications or /Applications/Utilities and look for any .systemextension bundles (which includes network extensions as those are .networkextension.systemextension – and ultimately they’re all kinda’ auxiliary kext’s ‘even though’cause kexts are bad – but I digress). So here’s a script that loops through the file hierarchy supplied by $1 and then checks any found against systemextensionsctl to make sure they’re running: https://github.com/krypted/extensionslist/blob/main/systemextensions.sh In action, here are a couple of outputs of what it can look like. Per developer documentation (and with a little experience writing them), the two locations…
-
-
Bouncing Files From Classic Macs To Ventura
I recently had two or three different projects that involved taking files from classic Apple computers and getting them up to modern Apple hardware; notably to my MacBook that runs Ventura. A few things make this a challenge. Let’s start with the file system on disks: If a volume (usually a floppy) has an HFS filesystem then it can be mounted on some Macs without much fanfare, but not the latest. There is a collection of hfs tools that can be used to mount HFS on a Mac from Bob Leslie, at https://www.mars.org/home/rob/proj/hfs/. These can easily be installed through homebrew if that’s on a computer: brew install hfsutils From there,…
-
ASCII Banners on macOS
There’s a cute little command in /usr/bin/banner to produce… ASCII art banners. Since it’s the holiday season, let’s make a greeting ready to be printed and taped over someone’s monitors: banner -w 100 “Happy Holidays” Change the 100 to a smaller integer to make it smaller or a larger to make it, er, larger.
-
Use networkQuality for Simple Bandwidth Tests on Mac
macOS has a built-in, simple bandwidth analysis tool that tests access to Apple’s CDN to check upload and download speeds. The /usr/bin/networkQuality command can be run with no flags and will produce output that appears as follows: /usr/bin/networkQuality ==== SUMMARY ==== Uplink capacity: 7.259 Mbps Downlink capacity: 157.597 Mbps Responsiveness: Low (118 RPM) Idle Latency: 56.333 milliseconds networkQuality can also bind to a specific port, useful in testing devices that might have multiple interfaces. To do that, use the -I flag: networkQuality -I en0 Finally, to parse the output to just see the floating point result of a given field, we can pip it into awk, so for upload we’d…
-
Create Disk Images of Floppy, CD, DVD, or Disk Storage To Recover Data On A Mac
We’re going to make a disk image of a floppy in this article. Before we start it’s best to use what we call a write blocker. These are devices that can block the ability to write to a volume. This prevents accidentally erasing potentially sensitive information. The Wiebetech https://wiebetech.com/products/usb-3-1-writeblocker/ works with the Mac but ymmv. There are also software tools like Mac Forensics Lab, but many require someone be in law enforcement to buy all or part of. There are also a few tools out on the old GitHub that can be used to kill and track the disk arbitration daemon that attempts to mount volumes. Next, run diskutil with…
-
Interact With Shortcuts Via Scripts
The /usr/bin/shortcuts command can be used to run, well, shortcuts. Shortcuts are small scripts that are interpreted by the Shortcuts app. They can run shell scripts, JavaScripts, and even SSH into other hosts to fire off more complex automations. These can be fairly complex automations programmatically by importing shortcuts from the Gallery of those Apple provides. This allows for what might not even be a possible atomic operation to run and daisy chain scripts to provide input or output to shortcuts. The scripting might be considered dangerous and so is disabled by default. To enable scripts to be run from a shortcut, open the Shortcuts app and select Settings from…
-
Use crypt_and_hash to Encrypt Files From A Shell On macOS
One of the packages that can be installed with homebrew is mbedtls, which gives access to a number of cryptographic libraries. To install mbedtls: brew install mbedtls Encrypting a file is then fairly straight forward. Call crypt_and_hash and use a 0 in the first positional parameter to encrypt a file or a 1 to decrypt. Then provide the path to the file in the second position (in this example, mac.json, the target file name (mac.aes in the example), the hash in the fourth (CAMELLIA-256-CBC in the example command), the digest (SHA1 here), and the key to encrypt the information (hex:ABCD123456789 in this example) crypt_and_hash 0 mac.json mac.aes CAMELLIA-256-CBC SHA1 hex:ABCD123456789…
-
Get Telemetry on App and System Extensions in macOS
Application extensions allow developers to import common SDKs into projects so they can build increasingly interesting apps without developing a lot of code for those things vendors expose. The Apple extensions typically allow a developer to bring in various Apple libraries and then call them in their code. For example, com.apple.quicklook.thumbnail is used to produce thumbnails in quicklook; therefore Apple apps like iBooks and Shortcuts and any 3rd party developer like MindNode that wants to use Quicklook can provide a known and so somewhat seamless user experience. Click on the Privacy & Security System Preferences and then Extensions and then Quick Look to see the non-Apple apps that use the…
-
One Liner to Loop Through a Directory for Last Used Date of Apps on a Mac
Here we load in a list of Apps in the /Applications directory and then echo them along with the kMDItemLastUsedDate from Spotlight via mdls: ls /Applications | while read APP;do echo "$APP" ; echo `/usr/bin/mdls /Applications/"$APP" | /usr/bin/grep -w kMDItemLastUsedDate`; done The output per item would then look something like this: Apple Configurator.app kMDItemLastUsedDate = 2022-09-27 18:25:21 +0000 awk can get the $3 if that’s all that’s needed or other filtering tools can limit the output. Or get more output, like a bundle ID (kMDItemCFBundleIdentifier) or an Apple Store ID (kMDItemAppStoreAdamID) for parsing through other tools. Further no need to echo the string of the name of the app according…
-
Free Space Required for Modern macOS Upgrades
The amount of free space required to upgrade a Mac has increased drastically in the run-up to and since the introduction of apfs-based snapshots in 2016. The amount of required free space had been growing steadily in the HFS+-era of file systems, but as more elements of iOS (like a modern file system) came to the Mac, and as the Mac transitioned to a fully 64-bit operating system, that number escalated and never returned now that the transition away from things like 32-bit apps and kexts is finished. Sierra (Mac OS X 10.12) had a minimum drive capacity of 8.8 GB but really needed more like 12 GB; however there…