![]() $ otool -L /System/Applications/Utilities/Disk\ Utility.app/Contents/MacOS/Disk\ Utility | grep PrivateFrameworks /System/Library/PrivateFrameworks/amework/Versions/A/Restore ( compatibility version 1.0.0, current version 615.0.0 ) /System/Library/PrivateFrameworks/amework/Versions/A/DiskManagement ( compatibility version 1.0.0, current version 1.0.0 ) /System/Library/PrivateFrameworks/amework/Versions/A/StorageKit ( compatibility version 1.0.0, current version 53.0.0 ) /System/Library/PrivateFrameworks/amework/Versions/A/DiskImages ( compatibility version 1.0.8, current version 649.0.0 ) /System/Library/PrivateFrameworks/amework/Versions/A/IASUtilities ( compatibility version 1.0.0, current version 119.0.0 ) /System/Library/PrivateFrameworks/amework/Versions/A/LocalAuthenticationRecoveryUI ( compatibility version 1.0.0, current version 1394.40.33 ) /System/Library/PrivateFrameworks/amework/Versions/A/MobileObliteration ( compatibility version 1.0.0, current version 1.0.0 ) /System/Library/PrivateFrameworks/amework/Versions/A/LoginUIKit ( compatibility version 1.0.0, current version 357.1.0 ) /System/Library/PrivateFrameworks/amework/Versions/A/FindMyDeviceUI ( compatibility version 1.0.0, current version 1.0.0 ) /System/Library/PrivateFrameworks/apfs_boot_amework/Versions/A/apfs_boot_mount ( compatibility version 1.0.0, current version 1.0.0 ) /System/Library/PrivateFrameworks/amework/Versions/A/SkyLight ( compatibility version 64.0.0, current version 600.0.0 )Īn interesting private framework we can explore further, out System/Library/PrivateFrameworks, so we can filter System/Applications/Utilities/Disk Utility.app.Īpplication bundles and its ist, we can The Disk Utility built-in application we will be With it, we can identify the privateįrameworks that Apple applications or services link to. Shared libraries a Mach-O executable links to (using the One of its convenient features is to list the This is a general-purpose tool forīinary files. Xcode comes with a command-line program called Whom I learnt all of these techniques (and more!) Approach 1: otool The credit from this post goes to Wojciech Reguła, from MacOS software works, being able to peek into these privateįrameworks is a great tool to keep in your tool belt. Whether you areĪ security researcher or want a deeper understanding of how Utility built-in application as an example. This article presents a series of non-exclusive approachesįor digging into private frameworks, using the Disk ![]() These frameworks are not documented at all. Private frameworks that are used by system services or asĭependencies of public frameworks. Help -> Developer Documentation): Exploring AppKit using XcodeĪpart from public frameworks, macOS ships with over 1000 Or in the Xcode developer documentation (at These frameworks are well documented, and you willįind lots of tutorials and examples at ![]() As anĪpplication developer, you are probably familiar with publicĭata. PS: A few days after developing this plugin, I discovered one was already available here.Apple develops a growing amount of frameworks. This plugin is based on information found here. If you manage to use it on Linux, please let me know. I don’t even know if plugins are supported on the Linux version of Hopper. This plugin was developed on OS X, it has not been tested on Linux. Once built, it must be moved in the ~/Library/Application Support/Hopper/Plugins/CPUs folder (that must be created, if needed). This plugin allows to read these FAT EFI binaries with Hopper Disassembler.Ĭlone or download the sources, then open the XCode project and build the plugin. It is very similar to the FAT format, except for a different magic number, and for endianness. This project is a FAT EFI loader plugin for Hopper DisassemblerĪpple uses an extension to the standard PE format for EFI binaries to allow FAT EFI binaries that contain both 32 and 64 bits executables. FAT EFI FAT EFI loader plugin for Hopper Disassembler
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |