Added a post on the Secret Chest blog on finding out what Apps like ours are doing on a machine. Because people deserve to know… https://www.secret-chest.com/post/find-out-what-apps-extensions-like-ours-are-doing-on-a-mac
-
-
Penn State and MacAD.UK Presentations
Working on presentations is always fun! Here are two that I’m giving this summer. The first is part one of a deck on Extensions Management (and more on the past of managing them). That was delivered at MacAD.UK and I’ll post the video once those are up. The second is a deeper dive into the current state of extensions management, which I’m giving at Penn State MacAdmins. Hope these help someone in some way, shape, or form.
-
New App TestFairy Writes Unit Tests With AI
I just posted a new app to GitHub called TestFairy. It’s at https://github.com/krypted/TestFairy. It automatically generates unit tests for either a file or a highlighted piece of swift code. It does this using the OpenAI API, so leverages a LLM to write test code. It’s pretty straight forward. Simply highlight the code and in the Editor Menu, click TestFairy, then Generate Tests. I had hoped to post it for free to the App Store, but I didn’t want to distribute my OpenAI API key, or write an intermediary microservice that housed my key that an app uses. The use of an API key is considered an end-around to the In-App…
-
MacAD.UK Presentation (with notes) on Extensions
I’ve been working on this presentation for a long time, so it was awesome to get the first chunk of it out there. Then I saw Graham Pugh publish his with presenter notes included and was like “oh Graham’s really, really smart, so I’ll copy him!” so here’s mine: Just to put a little color on this (or colour if you’re in Brighton), some of my work on extensions has been in support of building https://www.secretchest.io – a new password manager that shards secrets like keys, passwords, and passkeys to make them quantum safe. There’s a sign-up to get access to our private beta on the site. That started with…
-
Simple Swift Fuzzer
Sometimes we want to test a function to see how… robust it is. This is a small example fuzzing function to input randomly generated characters that get passed to another function. It just uses randomBytes so much more logic could easily be added to constrain what’s being passed to whatever type it’s being passed to… but this satisfies my need. import Foundation func fuzz(function: () -> Void) { // Generate a random input to pass to the function we are fuzzing let input = Data(randomBytes: 1024) // Call the fuzzed function with the random input do { try function() } catch { print(error) } // Check the fuzzed function to…
-
Tiny hex and binary converters in swift, go, python, && javascript
Have a few scripts that I’ve been bringing into projects for awhile (and altering for each so ymmv on the state, but you’ll get the general idea). https://github.com/krypted/tinyconverters As the names and file extensions imply, these simply take ascii as an input and output as binary or hex, or take the binary or hex and output as ascii.
-
New Tool To Recursively Search For macOS Binaries With Specific Symbols
A Mach-O object file is a file format used for executables, libraries, object code, and core dumps. These are binary files. There’s a Mach-O header and then load commands and segments of up to 255 sections with references to symbols encoded into objects and symbol names. Many of those symbols are APIs that Apple makes available that the code uses. We can see those APIs by extracting a list of symbols, but not really the logic underlying it. Tools like Hopper Disassembler can be used to look at these files and extract symbols, or a command like nm. Per the man page of nm, “nm displays the name list (symbol…
-
macOS Script To List System Extensions And Their State
Yesterday I posted https://krypted.com/mac-security/script-to-list-extensions-running-on-a-mac/ to scriptify some research on App Extensions and System Extensions. I mentioned that it’s also possible to loop through /Applications or /Applications/Utilities and look for any .systemextension bundles (which includes network extensions as those are .networkextension.systemextension – and ultimately they’re all kinda’ auxiliary kext’s ‘even though’cause kexts are bad – but I digress). So here’s a script that loops through the file hierarchy supplied by $1 and then checks any found against systemextensionsctl to make sure they’re running: https://github.com/krypted/extensionslist/blob/main/systemextensions.sh In action, here are a couple of outputs of what it can look like. Per developer documentation (and with a little experience writing them), the two locations…
-
Script to List Extensions Running on a Mac
I wrote an article about extensions on macOS a few weeks ago, and have since written a couple of other extensions. The interesting thing about modern extensions is that different types of extensions can live in different places on a file system, become instantiated in different ways or with different mechanisms, and due to the way message traverse XPC, operate in very different ways. The tools Apple has made available make it possible to see what’s running are primarily geared towards protecting privacy. This leaves a small gap for those interested more in securing machines and preventing exfiltration. There isn’t a single binary that can provide a simple listing of…
-
Swift, Shells In The 1960s, And Some Swift Scripting Examples For Admins
The reason Ken Thompson wrote the Thompson Shell (/bin/sh) when he and the team at Bell Labs developed Unix was that they didn’t want to have to teach programming to people in the patent office, who funded the PDP they used to write Unix. Shell environments evolved over the years with tcsh, bash, and zsh to name a few. These added more concepts from programming environments, like the environment from C that the binaries they exposed were compiled in. Other languages emerged that were simpler than a language like C but added new techniques – and so perl, python, ruby, and others evolved. Some of those were either object-oriented from…