TweetFollow Us on Twitter

Mac In The Shell: Plumbing the Depths

Volume Number: 23 (2007)
Issue Number: 08
Column Tag: Mac In The Shell

Mac In The Shell: Plumbing the Depths

Finding hidden gems in application bundles

by Edward Marczak

Introduction

With the advent of OS X, most Mac developers were introduced to the concept of bundles. More properly divided into bundles or packages, they both refer to a file-system directory that groups related resources together. This is true for frameworks (bundles: transparent structures that a user can easily access the contents of), applications (a package: an opaque bundle that requires work on the part of the user to open; contents are not easily modified), kernel extensions (another package), certain document types (check out Pages and Keynote, for example) and others. A bundle follows a very specific file layout, meaning, you'll know where to go find the goods. Follow along for a tour, and let's uncover some hidden apps.

Inside a Bundle

Those of us working with the Macintosh for a long enough period of time remember ResEdit, the resource format of OS 9, and all of the types we could store in the resource fork of a file. While OS X recognizes and respects the traditional dual-fork file, its format is deprecated, being replaced by the bundle. The purpose of a bundle is to keep the resources of an application, plug-in or framework in one place. This makes the contents easy to locate and easy to move without damage. What can go into a bundle? Well, technically anything, but you'll typically find the following types of data stored there:

Sounds

Images

Private libraries

String resources

Executable code

Naturally, it's the latter that interests us in this article.

Typically, to launch an application from a shell, you'd use the open command, like so:

open /Applications/TextEdit.app

This will always run the application in the context of the user, even if launched from a root shell, as shown in figure 1:


Figure 1 – TextEdit running as a standard user.

Of course, there are times where you may want (or need) an app to be running with some elevated privileges. How can we achieve this? Time to go digging!

A Direct Launch

As mentioned, a bundle conforms to a specific layout. Listing 1 shows this hierarchy using TextEdit as an example.

Listing 1 – TextEdit.app as bundle

TextEdit.app/
Contents/
Info.plist
MacOS/
TextEdit
PkgInfo
Resources/
DocumentWindows.nib
...
zh_TW.lproj
version.plist

The first item in all modern application bundles is the Contents folder. It is under this folder that all other objects reside. Within the Contents folder, you'll find an Info.plist file that tells the Finder many things about this bundle, including the bundle name, version, signature, applicable data types and more. You'll also find a Resources subdirectory, typically containing the images, sounds, movies and other resources used by the application. The application's executable itself resides in the MacOS subdirectory. If you are to look in there now, you'll find the TextEdit application. You can launch the application directly from here.

Gain a root shell using your preferred method, and launch the TextEdit application directly – not using open. Like this:

# /Applications/Textedit.app/Contents/MacOS/TextEdit

Now let's have a look in Activity Monitor, and you'll see that it's running with root privileges.


Figure 2 – TextEdit running with root privileges

Of course, the real point of this is not so much running with root, but the fact that you can access these binaries from the shell in some meaningful way.

Where's the Plunger?

Well, launching TextEdit is nice and all, but, not extremely practical. I'd like to continue with two very real-world examples that have made a difference in my daily work. While every GUI application will have its "true" binary buried in the application package, it may also have any number of helper-apps or other binaries that the app relies on. These are typically found in the Resources directory of the bundle. The easiest way to find executables in a bundle would be, in a shell, to change into the bundle directory and use this handy find command:

find . -type f -perm -100

This will allow you to quickly scour Application and Framework bundles. For instance:

$ cd /System/Library/CoreServices/RemoteManagement/ARDAgent.app/
$ find . -type f -perm -100
./Contents/MacOS/ARDAgent
./Contents/Resources/ARDPref.prefPane/Contents/MacOS/ARDPref
./Contents/Resources/ARDPref.prefPane/Contents/Resources/prefwritesettings
./Contents/Resources/kickstart
./Contents/Resources/RemoteDesktopAgent
./Contents/Support/ARDForcedViewer.app/Contents/MacOS/ARDForcedViewer
./Contents/Support/ARDHelper
./Contents/Support/build_hd_index
./Contents/Support/networksetup-panther
./Contents/Support/networksetup-tiger
./Contents/Support/Remote Desktop Message.app/Contents/MacOS/Remote Desktop Message
./Contents/Support/sysinfocachegen
./Contents/Support/systemsetup-panther
./Contents/Support/systemsetup-tiger

That's some wonderfully revealing information!

Secure Copy

The first really useful binary comes from the MacFUSE project. If you've installed MacFUSE core and the pre-compiled ssh filesystem, run our find command in the sshfs.app bundle. (If you haven't installed this, you should! It's an incredible resource. Find out more at http://code.google.com/p/macfuse/). Out of all the things we're returned, this turns out to be what we're looking for:

./Contents/Resources/sshfs-static

The sshfs-static binary lets us mount ssh file systems via a shell command rather than using the GUI app to do so. What's this good for? Automation, of course! In fact, you can use it to mount a remote ssh file system proactively, or in response to just about any event.

The easy thing to imagine is a nightly file copy. Mount the file system first, then, use ditto, rsync, or your preferred file moving method, and then unmount (using the standard umount command as, under OS X, there is no FUSE-specific unmounting needed). Better yet, though, think about a launchd job that watches a particular folder and perhaps copies files to a remote location as they show up in a source folder. Hmmmmmmm. So, how can we use this thing?

One way to make your life easier would be to symlink the sshfs-static binary to some appropriate location in your path. I'm going to run it straight from the application package, however, so for these examples, you'll need to change directly into the sshfs.app/Contents/Resources directory.

First, create a mount point for the file system. Then run the sshfs-static app and supply the following parameters:

user@hostname:/path/to/directory
mountpoint
-oreconnect,volname=name appearing in the Finder

The "reconnect" option, supplied with the -o switch isn't necessary, but does make things smoother if there's a network interruption and you're disconnected.

Since this all rides on top of ssh, ssh keys are respected. So, if you've generated some password-less keys, just like ssh, you won't be prompted for a password. Let's see this in action. First, I created /tmp/ssh as a mount point. Then, I used sshfs-static to mount a remote system:

$ ./sshfs-static marczak@www.example.com:/ /tmp/ssh -oreconnect,volname=wsweb
kextload: /System/Library/Filesystems/fusefs.fs/Support/fusefs.kext loaded successfully

...and let's take a look at it with mount:

$ mount
/dev/disk0s2 on / (local, journaled)
[snip]
sshfs#marczak@www.example.com:/ on /private/tmp/ssh (nodev, nosuid, synchronous, mounted by marczak)

Figure 3 shows the result of this in my Finder sidebar.


Figure 3: An ssh file system ("wsweb") as seen in the Finder

Very, very, very cool.

Network Probing

While 'black-hat' tools such as nmap sometimes get a bad rap, the fact is that tools like this are also perfect for system administrators when troubleshooting network issues. "Can I reach that port?" and "Is the target port open and responding?" are two of the most frequently asked questions when troubleshooting issues and planning network configurations. While I load nmap on my machine, I often find myself remotely accessing someone in need of assistance because his or her e-mail app "won't work" (residential ISPs typically block port 25) or iChat won't work in some manner (misconfigured/tightly restricted firewalls sometimes will block AIM or Google Talk/Jabber). It would, of course, be a chore and not very friendly to go load nmap and other tools onto someone else's system at that time. Is there a substitute built in to OS X?

Network Utility.app to the rescue! Huh?!? You expected a shell utility, right? Well, there's one hidden in the very graphical Network Utility.app that's found in your Utilities folder. Let's run our find command:

$ cd /Applications/Utilities/Network\ Utility.app/
$ find . -type f -perm -100
./Contents/MacOS/Network Utility
./Contents/Resources/stroke

Of course, we knew about MacOS/Network Utility, but Resources/stroke looks interesting! Nicely enough, the developer that wrote stroke was also kind enough to include a usage statement if you run it without parameters:

$ ./stroke 
2007-06-22 08:41:13.136 stroke[2113] stroke address startPort endPort
Let's see it in action:
./stroke 192.168.100.12 20 500
Port Scanning host: 192.168.100.12
         Open TCP Port:         22       pcanywherestat
         Open TCP Port:         25
         Open TCP Port:         53
         Open TCP Port:         80
         Open TCP Port:         106
         Open TCP Port:         110
         Open TCP Port:         119
         Open TCP Port:         139
         Open TCP Port:         143
         Open TCP Port:         311
         Open TCP Port:         389
         Open TCP Port:         427
         Open TCP Port:         443
         Open TCP Port:         445
         Open TCP Port:         465

Well, that's another useful tool that was buried, waiting for discovery. (Bonus points if you recognize the OS that I scanned).

Conclusion

The examples given here really only scratch the surface. There are plenty more hidden gems to be discovered. Take a look in your favorite applications. Dig in and see what you find! You will need to go hunt these utilities and helpers down yourself as they won't be in your shell's path.

Media of the month: Lost Season 1. OK, call me cheesy, but I really dig the show and am surprised at how many people have never given it a chance. Well, Summer is here and it's a great time to rent the DVDs and watch them at your own pace. If you're in the Southern Hemisphere, it's Winter....and what a great time to get under a blanket on the couch, sip some tea and watch a show...especially one that takes place on a tropical island! Enjoy.

WWDC 2007 has come and gone now, and got to reinforce the new concepts in Leopard. I hope everyone who went enjoyed the show, and will start practicing with the new tools and APIs...and have new tools, utilities and techniques ready for when Leopard ships. I've been plumbing the depths of the beta from the show, and have been pleasantly surprised.

Until next month, keep exploring!

Resources

Apple, Inc. "Bundle Programming Guide"


Ed Marczak gets dressed in the morning, drinks tea and enjoys breathing. All of this comes in handy in his role as Executive Editor of MacTech Magazine, or when running his consulting company Radiotope. They're also good features when around children. Why? http://www.radiotope.com/writing

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

EtreCheck Pro 6.0.2 - For troubleshootin...
EtreCheck is an app that displays the important details of your system configuration and allow you to copy that information to the Clipboard. It is meant to be used with Apple Support Communities to... Read more
BitTorrent 7.4.3 - Official client of th...
BitTorrent is a protocol for distributing files. It identifies content by URL and is designed to integrate seamlessly with the web. Its advantage over plain HTTP is that when multiple downloads of... Read more
Adobe Premiere Pro CC 2019 13.1.3 - Digi...
Premiere Pro CC 2019 is available as part of Adobe Creative Cloud for as little as $52.99/month. The price on display is a price for annual by-monthly plan for Adobe Premiere Pro only Adobe Premiere... Read more
ffWorks 1.3.1 - Convert multimedia files...
ffWorks, focused on simplicity, brings a fresh approach to the use of FFmpeg, allowing you to create ultra-high-quality movies without the need to write a single line of code on the command-line.... Read more
BetterTouchTool 3.134 - Customize multi-...
BetterTouchTool adds many new, fully customizable gestures to the Magic Mouse, Multi-Touch MacBook trackpad, and Magic Trackpad. These gestures are customizable: Magic Mouse: Pinch in / out (zoom)... Read more
TextMate 2.0.rc.28 - Code/markup editor...
TextMate is a versatile plain text editor with a unique and innovative feature set which caused it to win an Apple Design Award for Best Mac OS X Developer Tool in August 2006 A rapidly growing... Read more
BetterTouchTool 3.132 - Customize multi-...
BetterTouchTool adds many new, fully customizable gestures to the Magic Mouse, Multi-Touch MacBook trackpad, and Magic Trackpad. These gestures are customizable: Magic Mouse: Pinch in / out (zoom)... Read more
calibre 3.45.2 - Complete e-book library...
Calibre is a complete e-book library manager. Organize your collection, convert your books to multiple formats, and sync with all of your devices. Let Calibre be your multi-tasking digital librarian... Read more
calibre 3.45.2 - Complete e-book library...
Calibre is a complete e-book library manager. Organize your collection, convert your books to multiple formats, and sync with all of your devices. Let Calibre be your multi-tasking digital librarian... Read more
BetterTouchTool 3.132 - Customize multi-...
BetterTouchTool adds many new, fully customizable gestures to the Magic Mouse, Multi-Touch MacBook trackpad, and Magic Trackpad. These gestures are customizable: Magic Mouse: Pinch in / out (zoom)... Read more

Latest Forum Discussions

See All

TEPPEN guide - Tips and tricks for new p...
TEPPEN is a wild game that nobody asked for, but I’m sure glad it exists. Who would’ve thought that a CCG featuring Capcom characters could be so cool and weird? In case you’re not completely sure what TEPPEN is, make sure to check out our review... | Read more »
Dr. Mario World guide - Other games that...
We now live in a post-Dr. Mario World world, and I gotta say, things don’t feel too different. Nintendo continues to squirt out bad games on phones, causing all but the most stalwart fans of mobile games to question why they even bother... | Read more »
Strategy RPG Brown Dust introduces its b...
Epic turn-based RPG Brown Dust is set to turn 500 days old next week, and to celebrate, Neowiz has just unveiled its biggest and most exciting update yet, offering a host of new rewards, increased gacha rates, and a brand new feature that will... | Read more »
Dr. Mario World is yet another disappoin...
As soon as I booted up Dr. Mario World, I knew I wasn’t going to have fun with it. Nintendo’s record on phones thus far has been pretty spotty, with things trending downward as of late. [Read more] | Read more »
Retro Space Shooter P.3 is now available...
Shoot-em-ups tend to be a dime a dozen on the App Store, but every so often you come across one gem that aims to shake up the genre in a unique way. Developer Devjgame’s P.3 is the latest game seeking to do so this, working as a love letter to the... | Read more »
Void Tyrant guide - Guildins guide
I’ve still been putting a lot of time into Void Tyrant since it officially released last week, and it’s surprising how much stuff there is to uncover in such a simple-looking game. Just toray, I finished spending my Guildins on all available... | Read more »
Tactical RPG Brown Dust celebrates the s...
Neowiz is set to celebrate the summer by launching a 2-month long festival in its smash-hit RPG Brown Dust. The event kicks off today, and it’s divided into 4 parts, each of which will last two weeks. Brown Dust is all about collecting, upgrading,... | Read more »
Flappy Royale is an incredibly clever ta...
I spent the better part of my weekend playing Flappy Royale. I didn’t necessarily want to. I just felt like I had to. It’s a hypnotic experience that’s way too easy to just keep playing. | Read more »
Void Tyrant guide - General tips and tri...
Void Tyrant is a card-based dungeon-crawler that doesn’t fit in the mold of other games in the genre. Between the Blackjack-style combat and strange gear system alone, you’re left to your own devices to figure out how best to use everything to your... | Read more »
Webzen’s latest RPG First Hero is offici...
You might be busy sending your hulking Dark Knight into the midst of battle in Webzen’s other recent release: the long-anticipated MU Origin 2. But for something a little different, the South Korean publisher has launched First Hero. Released today... | Read more »

Price Scanner via MacPrices.net

Price drop! Clearance 12″ 1.2GHz Silver MacBo...
Amazon has dropped their price on the recently-discontinued 12″ 1.2GHz Silver MacBook to $849.99 shipped. That’s $450 off Apple’s original MSRP for this model, and it’s the cheapest price available... Read more
Apple’s 21″ 3.0GHz 4K iMac drops to only $936...
Abt Electronics has dropped their price on clearance, previous-generation 21″ 3.0GHz 4K iMacs to only $936 shipped. That’s $363 off Apple’s original MSRP, and it’s the cheapest price we’ve seen so... Read more
Amazon’s Prime Day savings on Apple 11″ iPad...
Amazon has new 2018 Apple 11″ iPad Pros in stock today and on sale for up to $250 off Apple’s MSRP as part of their Prime Day sale (but Prime membership is NOT required for these savings). These are... Read more
Prime Day Apple iPhone deal: $100 off all iPh...
Boost Mobile is offering Apple’s new 2018 iPhone Xr, iPhone Xs, and Xs Max for $100 off MSRP. Their discount reduces the cost of an Xs to $899 for the 64GB models and $999 for the 64GB Xs Max. Price... Read more
Clearance 13″ 2.3GHz Dual-Core MacBook Pros a...
Focus Camera has clearance 2017 13″ 2.3GHz/128GB non-Touch Bar Dual-Core MacBook Pros on sale for $169 off Apple’s original MSRP. Shipping is free. Focus charges sales tax for NY & NJ residents... Read more
Amazon Prime Day deal: 9.7″ Apple iPads for $...
Amazon is offering new 9.7″ WiFi iPads with Apple Pencil support for $80-$100 off MSRP as part of their Prime Day sale, starting at only $249. These are the same iPads found in Apple’s retail and... Read more
Amazon Prime Day deal: 10% (up to $20) off Ap...
Amazon is offering discounts on new 2019 Apple AirPods ranging up to $20 (10%) off MSRP as part of their Prime Day sales. Shipping is free: – AirPods with Charging Case: $144.99 $15 off MSRP –... Read more
Amazon Prime Day deal: $50-$80 off Apple Watc...
Amazon has Apple Watch Series 4 and Series 3 models on sale for $50-$80 off Apple’s MSRP as part of their Prime Day deals with prices starting at only $199. Choose Amazon as the seller rather than a... Read more
Amazon Prime Day deal: 50% discount on Apple...
Amazon has Apple Smart Keyboards for current-generation 10″ iPad Airs and previous-generation 10″ iPad Pros on sale today for $79.50 shipped as part of their early Prime Day deals. That’s a 50%... Read more
Abt drops prices on clearance 2018 MacBook Ai...
Abt Electronics has dropped prices on clearance 2018 13″ MacBook Airs by $201 with models now available starting at only $998. Shipping is free: – 13″ 1.6GHz/128GB MacBook Air (Space Gray, Silver, or... Read more

Jobs Board

*Apple* Graders/Inspectors (Seasonal/Hourly/...
…requirements. #COVAentryleveljobs ## Minimum Qualifications Some knowledge of agricultural and/or the apple industry is helpful as well as the ability to comprehend, Read more
Best Buy *Apple* Computing Master - Best Bu...
**710003BR** **Job Title:** Best Buy Apple Computing Master **Job Category:** Store Associates **Location Number:** 000171-Winchester Road-Store **Job Description:** Read more
Best Buy *Apple* Computing Master - Best Bu...
**709786BR** **Job Title:** Best Buy Apple Computing Master **Job Category:** Sales **Location Number:** 000430-Orange Park-Store **Job Description:** **What does a Read more
Geek Squad *Apple* Master Consultation Agen...
**709918BR** **Job Title:** Geek Squad Apple Master Consultation Agent **Job Category:** Services/Installation/Repair **Location Number:** 000106-Palmdale-Store Read more
*Apple* Systems Architect/Engineer, Vice Pre...
…its vision to be the world's most trusted financial group. **Summary:** Apple Systems Architect/Engineer with strong knowledge of products and services related to Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.