Archaeology 1.3
macOS uses many different binary file formats.
Some — like binary property lists — have broad tool support and are relatively easy to inspect…
Some — like X.509 certificates, configuration and provisioning profiles or App Store receipts — use standard formats, but lack macOS-native inspection tools, or only have command-line tools that can be awkward to use…
Some — like compiled nibs, keyed archives, code signatures or URL bookmarks — use Apple-proprietary formats that are not documented and that have no (public) inspection tools.
Even a file in a well-known format often contains data blobs encoded in one of the other formats — such as an app’s preferences property list, which might contain URL bookmarks or an archive of serialized objects.
Archaeology gives you a way to dig into a number of these binary files.
This is a delightful app from the developer of Apparency and Suspicious Package. Aside from what’s mentioned above, it supports more formats such as notarization tickets and Mach-O binaries (showing embedded Info.plist files, SDK info, and linked libraries).
Previously:
- Suspicious Package Keeps on Tickin’
- How Troubleshooting Has Changed With macOS Security
- Auto Linking in MachO-Explorer
- MachOView
