Monday, April 24, 2017 [Tweets] [Favorites]

Reverse Engineering APFS

Jonas Plum (via John Siracusa, Hacker News):

Each of this structures is described in detail below. A more detailed version of the APFS structure is available as a Kaitai struct file: apfs.ksy. You can use it to examine APFS dumps in the Kaitai IDE or create parsers for various languages. This .ksy file must considered experimental.

[…]

Nodes are flexible containers that are used for storing different kinds entries. They can be part of a B-tree or exist on their own. Nodes can either contain flexible or fixed sized entries. A node starts with a list of pointers to the entry keys and entry records. This way for each entry the node contains an entry header at the beginning of the node, an entry key in the middle of the node and an entry record at the end of the node.

Comments

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment