{"id":48422,"date":"2025-07-09T14:55:34","date_gmt":"2025-07-09T18:55:34","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=48422"},"modified":"2025-10-11T12:17:22","modified_gmt":"2025-10-11T16:17:22","slug":"archaeology-1-3","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2025\/07\/09\/archaeology-1-3\/","title":{"rendered":"Archaeology 1.3"},"content":{"rendered":"

Mothers Ruin Software<\/a>:<\/p>\n

macOS uses many different binary file formats.<\/p>

Some — like binary property lists — have broad tool support and are relatively easy to inspect…<\/p>

Some — like X.509 certificates, configuration and provisioning profiles\nor App Store receipts — use standard formats, but lack macOS-native inspection tools, or\nonly have command-line tools that can be awkward to use…<\/p>

Some — like compiled nibs, keyed archives, code signatures or URL bookmarks — use Apple-proprietary formats\nthat are not documented and that have no (public) inspection tools.<\/p>

Even a file in a well-known format often contains data blobs encoded in\none of the other formats — such as an app’s preferences property list, which might contain\nURL bookmarks or an archive of serialized objects.<\/p>

Archaeology gives you a way to dig into a number of these binary files.<\/p><\/blockquote>\n

This is a delightful app from the developer of Apparency<\/a> and Suspicious Package<\/a>. Aside from what’s mentioned above, it supports more formats<\/a> such as notarization tickets and Mach-O binaries (showing embedded Info.plist<\/tt> files, SDK info, and linked libraries).<\/p>\n\n

Previously:<\/p>\n