Snake&Apple — App Bundle Ext.

Introduction to the App Bundle on macOS with Python

Karol Mazurek
18 min readJul 26, 2024

--

INTRO

Welcome to another article in the series on macOS security internals!

This time, we will explore how Applications work on macOS. We will learn their structure step-by-step by building an example minimalistic app that executes a bash script instead of Mach-O binary on launch. We will also extend CrimsonUroboros's options so it understands the app bundles.

The table below summarizes all of the topics included in this article:

The Snake&Apple App Bundle Extension contains all of the code used.

Why is this not just Snake&Apple VIII?

I am currently working on Snake&Apple VIII — App Sandbox and, as always, upgrading the CrimsonUroboros with new options for analyzing Mach-O.

I had to change the tool's concept a bit because more and more functions depend on files in App…

--

--