Member-only story
Snake&Apple — App Bundle Ext.
Introduction to the App Bundle on macOS with Python
INTRO
Welcome to another article in the series on macOS security internals!
This time, we will explore how Applications work on macOS. We will learn their structure step-by-step by building an example minimalistic app that executes a bash script instead of Mach-O binary on launch. We will also extend CrimsonUroboros's options so it understands the app bundles.
The table below summarizes all of the topics included in this article:
The Snake&Apple App Bundle Extension contains all of the code used.
Why is this not just Snake&Apple VIII?
I am currently working on Snake&Apple VIII — App Sandbox and, as always, upgrading the CrimsonUroboros with new options for analyzing Mach-O.
I had to change the tool's concept a bit because more and more functions depend on files in App Bundles (such as the Sandbox I am writing right now).
In the beginning, the tool had to be only a Mach-O analyzer, but I prefer to write new code for it rather than building new standalone tools over and over again.
I was thinking about making this article just like the eighth part of the series, but this was slightly inconsistent with a code structure:
It is because all methods from Snake modules that exist right now and the ones I will create in the future can depend on some files in the app bundle.
For instance, with this extension, we can add a new Code Signature validator method in the SnakeII, so it will check the whole app bundle, not only the binary.
