Extension Manager was an important app for those who managed Macs in the System 8 and System 9 era. It allowed us to see all of the extensions loaded in the classic OS and disable them. It was also easy to take extensions and move them to the desktop for troubleshooting. In the years since Apple began to pick apart what developers used kernel extensions to do, the type of extensions and how we use them has left us with a few different tools to comb through to see what extensions are on a system and what they do. Thus, let’s bring Extension Manager back (ish). Let’s start with a…
-
-
A Bit On Self-Destructing Shell Scripts
Shells come with a magic variable $0 for performing various operations. We can use these to perform certain functions. In its simplest incantation we can just echo out $0 to get the path a script is in from within the script: echo $0 We can also just get the directory a script is in. For example, if we want to see if it’s being executed from within an app bundle, temp, or download directory. This is also helpful if we’ve created files in a folder we created and need to delete them all at the end of a larger atomic operation (e.g. rm -r …/<the directory name>. To do that…
-
Add Commands To The Shell Built-in Commands
Some shell commands are internal built-in commands. This allows them to change shell process states and when they’re internal they can be really fast as they don’t have to load another program. Some machines are dedicated to running a couple of scripts. Adding a command to the built-ins for those can make them all the faster. To enable a bult-in, use the enable command followed by a -f, the path/uri to the binary, and then the name you want it to be called as. Let’s say we want to call /usr/local/devopsmagic as devopsmagicb, that would be run as follows: enable -f /usr/local/devopsmagic devopsmagicb I’m not a big fan of doing…
-
Disable Offload Unused Apps If You Use A Lot Of Sensors In The Home
The Offload Unused Apps feature on an iPhone is great to save space and keep devices secure. This keeps documents and settings for apps that haven’t been used for awhile but removes the app bundle itself. For those with a lot of “set it and forget it” sensors in the home it can be a bit problematic. Once an app is disabled, push notifications no longer get sent to the app. So if a carbon monoxide monitor or water sensor goes off, installed for a little peace of mind, then the app might not be alerting you (maybe an email as a backup). To disable this feature, open the Settings…
-
New Tool To Recursively Search For macOS Binaries With Specific Symbols
A Mach-O object file is a file format used for executables, libraries, object code, and core dumps. These are binary files. There’s a Mach-O header and then load commands and segments of up to 255 sections with references to symbols encoded into objects and symbol names. Many of those symbols are APIs that Apple makes available that the code uses. We can see those APIs by extracting a list of symbols, but not really the logic underlying it. Tools like Hopper Disassembler can be used to look at these files and extract symbols, or a command like nm. Per the man page of nm, “nm displays the name list (symbol…
-
macOS Script To List System Extensions And Their State
Yesterday I posted https://krypted.com/mac-security/script-to-list-extensions-running-on-a-mac/ to scriptify some research on App Extensions and System Extensions. I mentioned that it’s also possible to loop through /Applications or /Applications/Utilities and look for any .systemextension bundles (which includes network extensions as those are .networkextension.systemextension – and ultimately they’re all kinda’ auxiliary kext’s ‘even though’cause kexts are bad – but I digress). So here’s a script that loops through the file hierarchy supplied by $1 and then checks any found against systemextensionsctl to make sure they’re running: https://github.com/krypted/extensionslist/blob/main/systemextensions.sh In action, here are a couple of outputs of what it can look like. Per developer documentation (and with a little experience writing them), the two locations…
-
Script to List Extensions Running on a Mac
I wrote an article about extensions on macOS a few weeks ago, and have since written a couple of other extensions. The interesting thing about modern extensions is that different types of extensions can live in different places on a file system, become instantiated in different ways or with different mechanisms, and due to the way message traverse XPC, operate in very different ways. The tools Apple has made available make it possible to see what’s running are primarily geared towards protecting privacy. This leaves a small gap for those interested more in securing machines and preventing exfiltration. There isn’t a single binary that can provide a simple listing of…
-
Bouncing Files From Classic Macs To Ventura
I recently had two or three different projects that involved taking files from classic Apple computers and getting them up to modern Apple hardware; notably to my MacBook that runs Ventura. A few things make this a challenge. Let’s start with the file system on disks: If a volume (usually a floppy) has an HFS filesystem then it can be mounted on some Macs without much fanfare, but not the latest. There is a collection of hfs tools that can be used to mount HFS on a Mac from Bob Leslie, at https://www.mars.org/home/rob/proj/hfs/. These can easily be installed through homebrew if that’s on a computer: brew install hfsutils From there,…
-
ASCII Banners on macOS
There’s a cute little command in /usr/bin/banner to produce… ASCII art banners. Since it’s the holiday season, let’s make a greeting ready to be printed and taped over someone’s monitors: banner -w 100 “Happy Holidays” Change the 100 to a smaller integer to make it smaller or a larger to make it, er, larger.
-
Use networkQuality for Simple Bandwidth Tests on Mac
macOS has a built-in, simple bandwidth analysis tool that tests access to Apple’s CDN to check upload and download speeds. The /usr/bin/networkQuality command can be run with no flags and will produce output that appears as follows: /usr/bin/networkQuality ==== SUMMARY ==== Uplink capacity: 7.259 Mbps Downlink capacity: 157.597 Mbps Responsiveness: Low (118 RPM) Idle Latency: 56.333 milliseconds networkQuality can also bind to a specific port, useful in testing devices that might have multiple interfaces. To do that, use the -I flag: networkQuality -I en0 Finally, to parse the output to just see the floating point result of a given field, we can pip it into awk, so for upload we’d…