We’re going to make a disk image of a floppy in this article. Before we start it’s best to use what we call a write blocker. These are devices that can block the ability to write to a volume. This prevents accidentally erasing potentially sensitive information. The Wiebetech https://wiebetech.com/products/usb-3-1-writeblocker/ works with the Mac but ymmv. There are also software tools like Mac Forensics Lab, but many require someone be in law enforcement to buy all or part of. There are also a few tools out on the old GitHub that can be used to kill and track the disk arbitration daemon that attempts to mount volumes. Next, run diskutil with…
-
-
Swift, Shells In The 1960s, And Some Swift Scripting Examples For Admins
The reason Ken Thompson wrote the Thompson Shell (/bin/sh) when he and the team at Bell Labs developed Unix was that they didn’t want to have to teach programming to people in the patent office, who funded the PDP they used to write Unix. Shell environments evolved over the years with tcsh, bash, and zsh to name a few. These added more concepts from programming environments, like the environment from C that the binaries they exposed were compiled in. Other languages emerged that were simpler than a language like C but added new techniques – and so perl, python, ruby, and others evolved. Some of those were either object-oriented from…
-
Interact With Shortcuts Via Scripts
The /usr/bin/shortcuts command can be used to run, well, shortcuts. Shortcuts are small scripts that are interpreted by the Shortcuts app. They can run shell scripts, JavaScripts, and even SSH into other hosts to fire off more complex automations. These can be fairly complex automations programmatically by importing shortcuts from the Gallery of those Apple provides. This allows for what might not even be a possible atomic operation to run and daisy chain scripts to provide input or output to shortcuts. The scripting might be considered dangerous and so is disabled by default. To enable scripts to be run from a shortcut, open the Shortcuts app and select Settings from…
-
Use The Shazam Binary To Capture Signatures Of Audio Tracks In Batches
One of my favorite moments at Apple’s WWDC was when I got to see the developers of Shazam show off their new creation. A few years later, in 2017, Apple acquired Shazam. In the few years since, they have released ShazamKit, an API that Apple documented at https://developer.apple.com/documentation/shazamkit. ShazamKit allows independent developers to harness the abilities of Shazam to create their own audio pattern-matching services. One small part of Shazam is important in that it’s the input the powerful signature analysis capabilities of the platform. This is fed by .shazamsignature files that can be captured and then compared to other signatures. The APIs are integral to developing apps that can…
-
Use crypt_and_hash to Encrypt Files From A Shell On macOS
One of the packages that can be installed with homebrew is mbedtls, which gives access to a number of cryptographic libraries. To install mbedtls: brew install mbedtls Encrypting a file is then fairly straight forward. Call crypt_and_hash and use a 0 in the first positional parameter to encrypt a file or a 1 to decrypt. Then provide the path to the file in the second position (in this example, mac.json, the target file name (mac.aes in the example), the hash in the fourth (CAMELLIA-256-CBC in the example command), the digest (SHA1 here), and the key to encrypt the information (hex:ABCD123456789 in this example) crypt_and_hash 0 mac.json mac.aes CAMELLIA-256-CBC SHA1 hex:ABCD123456789…
-
Get Telemetry on App and System Extensions in macOS
Application extensions allow developers to import common SDKs into projects so they can build increasingly interesting apps without developing a lot of code for those things vendors expose. The Apple extensions typically allow a developer to bring in various Apple libraries and then call them in their code. For example, com.apple.quicklook.thumbnail is used to produce thumbnails in quicklook; therefore Apple apps like iBooks and Shortcuts and any 3rd party developer like MindNode that wants to use Quicklook can provide a known and so somewhat seamless user experience. Click on the Privacy & Security System Preferences and then Extensions and then Quick Look to see the non-Apple apps that use the…
-
One Liner to Loop Through a Directory for Last Used Date of Apps on a Mac
Here we load in a list of Apps in the /Applications directory and then echo them along with the kMDItemLastUsedDate from Spotlight via mdls: ls /Applications | while read APP;do echo "$APP" ; echo `/usr/bin/mdls /Applications/"$APP" | /usr/bin/grep -w kMDItemLastUsedDate`; done The output per item would then look something like this: Apple Configurator.app kMDItemLastUsedDate = 2022-09-27 18:25:21 +0000 awk can get the $3 if that’s all that’s needed or other filtering tools can limit the output. Or get more output, like a bundle ID (kMDItemCFBundleIdentifier) or an Apple Store ID (kMDItemAppStoreAdamID) for parsing through other tools. Further no need to echo the string of the name of the app according…
-
Apple Device Management Second Edition book coming soon
Rich beat me to posting about the second edition of the book we just finished, soooooo: https://derflounder.wordpress.com/2022/11/12/apple-device-management-second-edition-book-coming-soon/
-
Free Space Required for Modern macOS Upgrades
The amount of free space required to upgrade a Mac has increased drastically in the run-up to and since the introduction of apfs-based snapshots in 2016. The amount of required free space had been growing steadily in the HFS+-era of file systems, but as more elements of iOS (like a modern file system) came to the Mac, and as the Mac transitioned to a fully 64-bit operating system, that number escalated and never returned now that the transition away from things like 32-bit apps and kexts is finished. Sierra (Mac OS X 10.12) had a minimum drive capacity of 8.8 GB but really needed more like 12 GB; however there…
-
Removing Extensions Cruft from macOS
Extensions have gotten a pretty substantial overhaul over the past few years. Traditionally, a kernel extension (or kext for short) would usually be located in /Library/Extensions or /System/Library/Extensions and have a file extension (no pun intended) of .kext. Apple began to move away from Kernel Extensions and towards more purpose-built extensions, which included System Extensions, located at /Library/SystemExtensions. Apple also introduced a number of new extension types that reside in application bundles. An app can load the extension and developers get those features “for free” rather than writing their own code to do what they once had to do with Kernel Extensions. To remove Extensions, Apple has introduced the Extensions…