TweetFollow Us on Twitter

Mac In The Shell: Plumbing the Depths

Volume Number: 23 (2007)
Issue Number: 08
Column Tag: Mac In The Shell

Mac In The Shell: Plumbing the Depths

Finding hidden gems in application bundles

by Edward Marczak

Introduction

With the advent of OS X, most Mac developers were introduced to the concept of bundles. More properly divided into bundles or packages, they both refer to a file-system directory that groups related resources together. This is true for frameworks (bundles: transparent structures that a user can easily access the contents of), applications (a package: an opaque bundle that requires work on the part of the user to open; contents are not easily modified), kernel extensions (another package), certain document types (check out Pages and Keynote, for example) and others. A bundle follows a very specific file layout, meaning, you'll know where to go find the goods. Follow along for a tour, and let's uncover some hidden apps.

Inside a Bundle

Those of us working with the Macintosh for a long enough period of time remember ResEdit, the resource format of OS 9, and all of the types we could store in the resource fork of a file. While OS X recognizes and respects the traditional dual-fork file, its format is deprecated, being replaced by the bundle. The purpose of a bundle is to keep the resources of an application, plug-in or framework in one place. This makes the contents easy to locate and easy to move without damage. What can go into a bundle? Well, technically anything, but you'll typically find the following types of data stored there:

Sounds

Images

Private libraries

String resources

Executable code

Naturally, it's the latter that interests us in this article.

Typically, to launch an application from a shell, you'd use the open command, like so:

open /Applications/TextEdit.app

This will always run the application in the context of the user, even if launched from a root shell, as shown in figure 1:


Figure 1 – TextEdit running as a standard user.

Of course, there are times where you may want (or need) an app to be running with some elevated privileges. How can we achieve this? Time to go digging!

A Direct Launch

As mentioned, a bundle conforms to a specific layout. Listing 1 shows this hierarchy using TextEdit as an example.

Listing 1 – TextEdit.app as bundle

TextEdit.app/
Contents/
Info.plist
MacOS/
TextEdit
PkgInfo
Resources/
DocumentWindows.nib
...
zh_TW.lproj
version.plist

The first item in all modern application bundles is the Contents folder. It is under this folder that all other objects reside. Within the Contents folder, you'll find an Info.plist file that tells the Finder many things about this bundle, including the bundle name, version, signature, applicable data types and more. You'll also find a Resources subdirectory, typically containing the images, sounds, movies and other resources used by the application. The application's executable itself resides in the MacOS subdirectory. If you are to look in there now, you'll find the TextEdit application. You can launch the application directly from here.

Gain a root shell using your preferred method, and launch the TextEdit application directly – not using open. Like this:

# /Applications/Textedit.app/Contents/MacOS/TextEdit

Now let's have a look in Activity Monitor, and you'll see that it's running with root privileges.


Figure 2 – TextEdit running with root privileges

Of course, the real point of this is not so much running with root, but the fact that you can access these binaries from the shell in some meaningful way.

Where's the Plunger?

Well, launching TextEdit is nice and all, but, not extremely practical. I'd like to continue with two very real-world examples that have made a difference in my daily work. While every GUI application will have its "true" binary buried in the application package, it may also have any number of helper-apps or other binaries that the app relies on. These are typically found in the Resources directory of the bundle. The easiest way to find executables in a bundle would be, in a shell, to change into the bundle directory and use this handy find command:

find . -type f -perm -100

This will allow you to quickly scour Application and Framework bundles. For instance:

$ cd /System/Library/CoreServices/RemoteManagement/ARDAgent.app/
$ find . -type f -perm -100
./Contents/MacOS/ARDAgent
./Contents/Resources/ARDPref.prefPane/Contents/MacOS/ARDPref
./Contents/Resources/ARDPref.prefPane/Contents/Resources/prefwritesettings
./Contents/Resources/kickstart
./Contents/Resources/RemoteDesktopAgent
./Contents/Support/ARDForcedViewer.app/Contents/MacOS/ARDForcedViewer
./Contents/Support/ARDHelper
./Contents/Support/build_hd_index
./Contents/Support/networksetup-panther
./Contents/Support/networksetup-tiger
./Contents/Support/Remote Desktop Message.app/Contents/MacOS/Remote Desktop Message
./Contents/Support/sysinfocachegen
./Contents/Support/systemsetup-panther
./Contents/Support/systemsetup-tiger

That's some wonderfully revealing information!

Secure Copy

The first really useful binary comes from the MacFUSE project. If you've installed MacFUSE core and the pre-compiled ssh filesystem, run our find command in the sshfs.app bundle. (If you haven't installed this, you should! It's an incredible resource. Find out more at http://code.google.com/p/macfuse/). Out of all the things we're returned, this turns out to be what we're looking for:

./Contents/Resources/sshfs-static

The sshfs-static binary lets us mount ssh file systems via a shell command rather than using the GUI app to do so. What's this good for? Automation, of course! In fact, you can use it to mount a remote ssh file system proactively, or in response to just about any event.

The easy thing to imagine is a nightly file copy. Mount the file system first, then, use ditto, rsync, or your preferred file moving method, and then unmount (using the standard umount command as, under OS X, there is no FUSE-specific unmounting needed). Better yet, though, think about a launchd job that watches a particular folder and perhaps copies files to a remote location as they show up in a source folder. Hmmmmmmm. So, how can we use this thing?

One way to make your life easier would be to symlink the sshfs-static binary to some appropriate location in your path. I'm going to run it straight from the application package, however, so for these examples, you'll need to change directly into the sshfs.app/Contents/Resources directory.

First, create a mount point for the file system. Then run the sshfs-static app and supply the following parameters:

user@hostname:/path/to/directory
mountpoint
-oreconnect,volname=name appearing in the Finder

The "reconnect" option, supplied with the -o switch isn't necessary, but does make things smoother if there's a network interruption and you're disconnected.

Since this all rides on top of ssh, ssh keys are respected. So, if you've generated some password-less keys, just like ssh, you won't be prompted for a password. Let's see this in action. First, I created /tmp/ssh as a mount point. Then, I used sshfs-static to mount a remote system:

$ ./sshfs-static marczak@www.example.com:/ /tmp/ssh -oreconnect,volname=wsweb
kextload: /System/Library/Filesystems/fusefs.fs/Support/fusefs.kext loaded successfully

...and let's take a look at it with mount:

$ mount
/dev/disk0s2 on / (local, journaled)
[snip]
sshfs#marczak@www.example.com:/ on /private/tmp/ssh (nodev, nosuid, synchronous, mounted by marczak)

Figure 3 shows the result of this in my Finder sidebar.


Figure 3: An ssh file system ("wsweb") as seen in the Finder

Very, very, very cool.

Network Probing

While 'black-hat' tools such as nmap sometimes get a bad rap, the fact is that tools like this are also perfect for system administrators when troubleshooting network issues. "Can I reach that port?" and "Is the target port open and responding?" are two of the most frequently asked questions when troubleshooting issues and planning network configurations. While I load nmap on my machine, I often find myself remotely accessing someone in need of assistance because his or her e-mail app "won't work" (residential ISPs typically block port 25) or iChat won't work in some manner (misconfigured/tightly restricted firewalls sometimes will block AIM or Google Talk/Jabber). It would, of course, be a chore and not very friendly to go load nmap and other tools onto someone else's system at that time. Is there a substitute built in to OS X?

Network Utility.app to the rescue! Huh?!? You expected a shell utility, right? Well, there's one hidden in the very graphical Network Utility.app that's found in your Utilities folder. Let's run our find command:

$ cd /Applications/Utilities/Network\ Utility.app/
$ find . -type f -perm -100
./Contents/MacOS/Network Utility
./Contents/Resources/stroke

Of course, we knew about MacOS/Network Utility, but Resources/stroke looks interesting! Nicely enough, the developer that wrote stroke was also kind enough to include a usage statement if you run it without parameters:

$ ./stroke 
2007-06-22 08:41:13.136 stroke[2113] stroke address startPort endPort
Let's see it in action:
./stroke 192.168.100.12 20 500
Port Scanning host: 192.168.100.12
         Open TCP Port:         22       pcanywherestat
         Open TCP Port:         25
         Open TCP Port:         53
         Open TCP Port:         80
         Open TCP Port:         106
         Open TCP Port:         110
         Open TCP Port:         119
         Open TCP Port:         139
         Open TCP Port:         143
         Open TCP Port:         311
         Open TCP Port:         389
         Open TCP Port:         427
         Open TCP Port:         443
         Open TCP Port:         445
         Open TCP Port:         465

Well, that's another useful tool that was buried, waiting for discovery. (Bonus points if you recognize the OS that I scanned).

Conclusion

The examples given here really only scratch the surface. There are plenty more hidden gems to be discovered. Take a look in your favorite applications. Dig in and see what you find! You will need to go hunt these utilities and helpers down yourself as they won't be in your shell's path.

Media of the month: Lost Season 1. OK, call me cheesy, but I really dig the show and am surprised at how many people have never given it a chance. Well, Summer is here and it's a great time to rent the DVDs and watch them at your own pace. If you're in the Southern Hemisphere, it's Winter....and what a great time to get under a blanket on the couch, sip some tea and watch a show...especially one that takes place on a tropical island! Enjoy.

WWDC 2007 has come and gone now, and got to reinforce the new concepts in Leopard. I hope everyone who went enjoyed the show, and will start practicing with the new tools and APIs...and have new tools, utilities and techniques ready for when Leopard ships. I've been plumbing the depths of the beta from the show, and have been pleasantly surprised.

Until next month, keep exploring!

Resources

Apple, Inc. "Bundle Programming Guide"


Ed Marczak gets dressed in the morning, drinks tea and enjoys breathing. All of this comes in handy in his role as Executive Editor of MacTech Magazine, or when running his consulting company Radiotope. They're also good features when around children. Why? http://www.radiotope.com/writing

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Apple GarageBand 10.1 - Complete recordi...
The new GarageBand is a whole music creation studio right inside your Mac -- complete with keyboard, synths, orchestral and percussion instruments, presets for guitar and voice, an entirely... Read more
Duplicate Annihilator 5.7.7 - Find and d...
Duplicate Annihilator takes on the time-consuming task of comparing the images in your iPhoto library using effective algorithms to make sure that no duplicate escapes. Duplicate Annihilator... Read more
OS X Server 4.1.3 - For OS X 10.10 Yosem...
Designed for OS X and iOS devices, OS X Server makes it easy to share files, schedule meetings, synchronize contacts, develop software, host your own website, publish wikis, configure Mac, iPhone,... Read more
Firefox 39.0 - Fast, safe Web browser. (...
Firefox offers a fast, safe Web browsing experience. Browse quickly, securely, and effortlessly. With its industry-leading features, Firefox is the choice of Web development professionals and casual... Read more
pwSafe 4.1 - Secure password management...
pwSafe provides simple and secure password management across devices and computers. pwSafe uses iCloud to keep your password databases backed-up and synced between Macs and iOS devices. It is... Read more
Kodi 15.0.rc1 - Powerful media center to...
Kodi (was XBMC) is an award-winning free and open-source (GPL) software media player and entertainment hub that can be installed on Linux, OS X, Windows, iOS, and Android, featuring a 10-foot user... Read more
Coda 2.5.11 - One-window Web development...
Coda is a powerful Web editor that puts everything in one place. An editor. Terminal. CSS. Files. With Coda 2, we went beyond expectations. With loads of new, much-requested features, a few surprises... Read more
Bookends 12.5.7 - Reference management a...
Bookends is a full-featured bibliography/reference and information-management system for students and professionals. Access the power of Bookends directly from Mellel, Nisus Writer Pro, or MS Word (... Read more
Maya 2016 - Professional 3D modeling and...
Maya is an award-winning software and powerful, integrated 3D modeling, animation, visual effects, and rendering solution. Because Maya is based on an open architecture, all your work can be scripted... Read more
RapidWeaver 6.2.3 - Create template-base...
RapidWeaver is a next-generation Web design application to help you easily create professional-looking Web sites in minutes. No knowledge of complex code is required, RapidWeaver will take care of... Read more

Rage of Bahamut is Giving Almost All of...
The App Store isn't what it used to be back in 2012, so it's not unexpected to see some games changing their structures with the times. Now we can add Rage of Bahamut to that list with the recent announcement that the game is severely cutting back... | Read more »
Adventures of Pip (Games)
Adventures of Pip 1.0 Device: iOS iPhone Category: Games Price: $4.99, Version: 1.0 (iTunes) Description: ** ONE WEEK ONLY — 66% OFF! *** “Adventures of Pip is a delightful little platformer full of charm, challenge and impeccable... | Read more »
Divide By Sheep - Tips, Tricks, and Stre...
Who would have thought splitting up sheep could be so involved? Anyone who’s played Divide by Sheep, that’s who! While we’re not about to give you complete solutions to everything (because that’s just cheating), we will happily give you some... | Read more »
NaturalMotion and Zynga Have Started Tea...
An official sequel to 2012's CSR Racing is officially on the way, with Zynga and NaturalMotion releasing a short teaser trailer to get everyone excited. Well, as excited as one can get from a trailer with no gameplay footage, anyway. [Read more] | Read more »
Grab a Friend and Pick up Overkill 3, Be...
Overkill 3 is a pretty enjoyable third-person shooter that was sort of begging for some online multiplayer. Fortunately the begging can stop, because its newest update has added an online co-op mode. [Read more] | Read more »
Scanner Pro's Newest Update Adds Au...
Scanner Pro is one of the most popular document scanning apps on iOS, thanks in no small part to its near-constant updates, I'm sure. Now we're up to update number six, and it adds some pretty handy new features. [Read more] | Read more »
Heroki (Games)
Heroki 1.0 Device: iOS Universal Category: Games Price: $7.99, Version: 1.0 (iTunes) Description: CLEAR THE SKIES FOR A NEW HERO!The peaceful sky village of Levantia is in danger! The dastardly Dr. N. Forchin and his accomplice,... | Read more »
Wars of the Roses (Games)
Wars of the Roses 1.0 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0 (iTunes) Description: | Read more »
TapMon Battle (Games)
TapMon Battle 1.0 Device: iOS Universal Category: Games Price: $.99, Version: 1.0 (iTunes) Description: It's time to battle!Tap! Tap! Tap! Try tap a egg to hatch a Tapmon!Do a battle with another tapmons using your hatched tapmons! *... | Read more »
Alchemic Dungeons (Games)
Alchemic Dungeons 1.0 Device: iOS Universal Category: Games Price: $.99, Version: 1.0 (iTunes) Description: ### Release Event! ### 2.99$->0.99$ for limited time! ### Roguelike Role Playing Game! ### Alchemic Dungeons is roguelike... | Read more »

Price Scanner via MacPrices.net

RamDisk4Mac App Helps Run Your Mac Faster And...
Ever use a RAM disk? If you’ve come to the Mac in the OS X era, likely not. The Classic Mac OS had a RAM disk function built-in, but that was dropped in the conversion to OS X. What is a RAM disk?... Read more
13-inch 1.6GHz MacBook Air on sale for $849,...
Best Buy has the 2015 13″ 1.6GHz/128GB MacBook Air on sale for $849.99 on their online store this weekend. Choose free shipping or free local store pickup (if available). Sale price for online orders... Read more
Apple Refurbished iMacs available for up to $...
The Apple Store has Apple Certified Refurbished iMacs available for up to $380 off the cost of new models. Apple’s one-year warranty is standard, and shipping is free: - 27″ 3.5GHz 5K iMac – $1949 $... Read more
Apple refurbished 2014 13-inch Retina MacBook...
The Apple Store has Apple Certified Refurbished 2014 13″ Retina MacBook Pros available for up to $400 off original MSRP, starting at $979. An Apple one-year warranty is included with each model, and... Read more
Seagate Backup Plus Drives Feature 200GB of C...
Seagate Technology plc has announced that its Backup Plus family of external storage offerings will now include 200GB of OneDrive cloud storage, a major added value, and the addition of Lyve’s photo... Read more
Canon PIXMA MG3620 Wireless Inkjet All-in-One...
Canon U.S.A., Inc. has announced the PIXMA MG3620 Wireless (1) Inkjet All-in-One (AIO) printer for high-quality photo and document printing. Built with convenience in mind for the everyday home user... Read more
July 4th Holiday Weekend 13-inch MacBook Pro...
Save up to $150 on the purchase of a new 2015 13″ Retina MacBook Pro at the following resellers this weekend. Shipping is free with each model: 2.7GHz/128GB MSRP $1299 2.7GHz/... Read more
27-inch 3.5GHz 5K iMac on sale for $2149, sav...
Best Buy has the 27″ 3.5GHz 5K iMac on sale for $2149.99. Choose free shipping or free local store pickup (if available). Sale price for online orders only, in-store prices may vary. Their price is $... Read more
Apple now offering refurbished 2015 11-inch...
The Apple Store is now offering Apple Certified Refurbished 2015 11″ MacBook Airs as well as 13″ MacBook Airs (the latest models), available for up to $180 off the cost of new models. An Apple one-... Read more
15-inch 2.5GHz Retina MacBook Pro on sale for...
Amazon.com has the 15″ 2.5GHz Retina MacBook Pro on sale for $2274 including free shipping. Their price is $225 off MSRP, and it’s the lowest price available for this model. Read more

Jobs Board

*Apple* Music Producer - Apple (United State...
**Job Summary** Apple Music seeks a Producer to help shepherd some of the most important content and editorial initiatives within the music app, with a particular focus Read more
Editor, *Apple* News - Apple (United States...
**Job Summary** Editor, Apple News The Apple News team is looking for passionate, knowledgeable editors to help identify and deliver the best in breaking national, Read more
*Apple* Watch SW Application Project Manager...
**Job Summary** The Apple Watch software team is looking for an Application Engineering Project Manager to work on new projects for Apple . The successful candidate Read more
Engineering Project Manager - *Apple* Searc...
**Job Summary** Apple 's new Spotlight Suggestions service provides fast, relevant search results from the Inte et in Spotlight and Safari on iOS and OS X. We are looking Read more
Business Development Manager - *Apple* Pay...
**Job Summary** Apple Pay is seeking an experienced relationship manager to support the ongoing management of partners for the Apple Pay platform. This position will Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.