Skip to content

Instantly share code, notes, and snippets.

Michael Lynn pudquick

Block or report user

Report or block pudquick

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@pudquick
pudquick / codesign.py
Last active May 11, 2019
Obtain codesigning information with pyobjc
View codesign.py
import objc
from Foundation import NSBundle, NSURL
Security = NSBundle.bundleWithIdentifier_('com.apple.security')
class StaticCodeError(Exception):
pass
class SigningInfoError(Exception):
pass
@pudquick
pudquick / profile_details.py
Created Apr 19, 2019
locally checking profile signing information
View profile_details.py
#!/usr/bin/python
# So the first thing we need to do is get the mdmclient view of the profiles
import subprocess, objc
from Foundation import NSPropertyListSerialization, NSPropertyListMutableContainers, NSBundle
Security = NSBundle.bundleWithIdentifier_('com.apple.security')
S_functions = [
('SecCertificateCreateWithData', '@@@'),
('SecCertificateCopyValues', '@@^@o^@'),
View chef_user_resource_monkeypatching.rb
require 'base64'
require 'plist'
module Chef::Provider::User::DsclMojaveUserExtensions
# new for 10.14+
def mac_osx_version_greater_than_10_13?
Gem::Version.new(node['platform_version']) > Gem::Version.new('10.13.99')
end
# updated for 10.14+
@pudquick
pudquick / get_serial.py
Created Sep 5, 2018 — forked from pdarragh/get_serial.py
Short PyObjC script to get a Mac's serial number without calling `system_profiler`.
View get_serial.py
#!/usr/bin/python
# (Note that we must use system Python on a Mac.)
####
# Quick script to get the computer's serial number.
#
# Written for @john.e.lamb on the MacAdmins Slack team.
import objc
import CoreFoundation
View beta6.log
{
"/Contents": ["d", ""],
"/Contents/Frameworks": ["d", ""],
"/Contents/Frameworks/OSInstallerSetup.framework": ["d", ""],
"/Contents/Frameworks/OSInstallerSetup.framework/OSInstallerSetup": ["s", "Versions/Current/OSInstallerSetup"],
"/Contents/Frameworks/OSInstallerSetup.framework/Resources": ["s", "Versions/Current/Resources"],
"/Contents/Frameworks/OSInstallerSetup.framework/Versions": ["d", ""],
"/Contents/Frameworks/OSInstallerSetup.framework/Versions/A": ["d", ""],
"/Contents/Frameworks/OSInstallerSetup.framework/Versions/A/Frameworks": ["d", ""],
"/Contents/Frameworks/OSInstallerSetup.framework/Versions/A/Frameworks/IABridgeOSInstall.framework": ["d", ""],
View 01_snip.txt
EFI found at IODeviceTree:/efi
Current EFI boot device string is: '<array><dict><key>IOMatch</key><dict><key>IOProviderClass
</key><string>IOMedia</string><key>IOPropertyMatch</key><dict><key>UUID</key><string>08A2DDE7
-7A58-44F0-ABF6-B721AD7C31AF</string></dict></dict><key>BLLastBSDName</key><string>disk1s2</s
tring></dict><dict><key>IOEFIDevicePathType</key><string>MediaFilePath</string><key>Path</key
><string>\FD77CA06-84E9-42D0-B5FE-6295D28CBB2F\System\Library\CoreServices\boot.efi</string><
/dict></array>'
Boot option is 8BE4DF61-93CA-11D2-AA0D-00E098032B8C:Boot0080
Processing boot option 'Mac OS X'
Boot option matches XML representation
View tx_unpack.py
from Crypto.Cipher import AES
from Crypto.Util import Counter
import struct
"""
typedef struct boot_dat_hdr
{
unsigned char ident[0x10];
unsigned char sha2_s2[0x20];
unsigned int s2_dst;
@pudquick
pudquick / cms_detached_verify.py
Last active Jun 11, 2018
Verifying a CMS detached signature in pyobjc on macOS
View cms_detached_verify.py
import objc
from ctypes import create_string_buffer, c_void_p, cast
from Foundation import NSBundle
Security = NSBundle.bundleWithIdentifier_('com.apple.security')
# CMSDecoder.h
kCMSSignerUnsigned = 0
kCMSSignerValid = 1
kCMSSignerNeedsDetachedContent = 2
@pudquick
pudquick / xcode_vers.py
Last active Apr 8, 2018
Programmatically load detailed version information about Xcode version via pyobjc on macOS
View xcode_vers.py
# Warning - because of how this works, it loads classes into memory namespace.
# Attempting to load a second Xcode to inspect within the same python run will result in errors
# If you need to inspect multiple, for now, just spin the inspection up under a second process
from Foundation import NSBundle
def xcode_info(app_path):
# app_path = '/Applications/Xcode.app'
DVTFoundation = NSBundle.bundleWithPath_('%s/Contents/SharedFrameworks/DVTFoundation.framework' % app_path)
IDEKit = NSBundle.bundleWithPath_('%s/Contents/Frameworks/IDEKit.framework' % app_path)
@pudquick
pudquick / temp_folders.py
Last active Mar 30, 2018
Some code for working with /var/folders temp folders on macOS via ctypes
View temp_folders.py
import glob, os.path, pwd, os
from ctypes import CDLL, byref, create_string_buffer, c_uint32
from ctypes.util import find_library
libsys = CDLL(find_library('C'))
def user_temp_dir(uid):
path_buffer = create_string_buffer(1024)
result = libsys.__user_local_dirname(c_uint32(uid), 0, byref(path_buffer), 1024)
return path_buffer.value.rsplit('/0/',1)[0]
You can’t perform that action at this time.