Snake&Apple — App Bundle Ext.

Introduction to the App Bundle on macOS with Python

INTRO

Welcome to another article in the series on macOS security internals!

This time, we will explore how Applications work on macOS. We will learn their structure step-by-step by building an example minimalistic app that executes a bash script instead of Mach-O binary on launch. We will also extend CrimsonUroboros's options so it understands the app bundles.

The table below summarizes all of the topics included in this article:

The Snake&Apple App Bundle Extension contains all of the code used.

Why is this not just Snake&Apple VIII?

I am currently working on Snake&Apple VIII — App Sandbox and, as always, upgrading the CrimsonUroboros with new options for analyzing Mach-O.

I had to change the tool's concept a bit because more and more functions depend on files in App…