Skip to content

Instantly share code, notes, and snippets.

Michael Lynn pudquick

Block or report user

Report or block pudquick

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
pudquick /
Last active May 11, 2019
Obtain codesigning information with pyobjc
import objc
from Foundation import NSBundle, NSURL
Security = NSBundle.bundleWithIdentifier_('')
class StaticCodeError(Exception):
class SigningInfoError(Exception):
pudquick /
Created Apr 19, 2019
locally checking profile signing information
# So the first thing we need to do is get the mdmclient view of the profiles
import subprocess, objc
from Foundation import NSPropertyListSerialization, NSPropertyListMutableContainers, NSBundle
Security = NSBundle.bundleWithIdentifier_('')
S_functions = [
('SecCertificateCreateWithData', '@@@'),
('SecCertificateCopyValues', '@@^@o^@'),
View chef_user_resource_monkeypatching.rb
require 'base64'
require 'plist'
module Chef::Provider::User::DsclMojaveUserExtensions
# new for 10.14+
def mac_osx_version_greater_than_10_13?['platform_version']) >'10.13.99')
# updated for 10.14+
pudquick /
Created Sep 5, 2018 — forked from pdarragh/
Short PyObjC script to get a Mac's serial number without calling `system_profiler`.
# (Note that we must use system Python on a Mac.)
# Quick script to get the computer's serial number.
# Written for @john.e.lamb on the MacAdmins Slack team.
import objc
import CoreFoundation
View beta6.log
"/Contents": ["d", ""],
"/Contents/Frameworks": ["d", ""],
"/Contents/Frameworks/OSInstallerSetup.framework": ["d", ""],
"/Contents/Frameworks/OSInstallerSetup.framework/OSInstallerSetup": ["s", "Versions/Current/OSInstallerSetup"],
"/Contents/Frameworks/OSInstallerSetup.framework/Resources": ["s", "Versions/Current/Resources"],
"/Contents/Frameworks/OSInstallerSetup.framework/Versions": ["d", ""],
"/Contents/Frameworks/OSInstallerSetup.framework/Versions/A": ["d", ""],
"/Contents/Frameworks/OSInstallerSetup.framework/Versions/A/Frameworks": ["d", ""],
"/Contents/Frameworks/OSInstallerSetup.framework/Versions/A/Frameworks/IABridgeOSInstall.framework": ["d", ""],
View 01_snip.txt
EFI found at IODeviceTree:/efi
Current EFI boot device string is: '<array><dict><key>IOMatch</key><dict><key>IOProviderClass
Boot option is 8BE4DF61-93CA-11D2-AA0D-00E098032B8C:Boot0080
Processing boot option 'Mac OS X'
Boot option matches XML representation
from Crypto.Cipher import AES
from Crypto.Util import Counter
import struct
typedef struct boot_dat_hdr
unsigned char ident[0x10];
unsigned char sha2_s2[0x20];
unsigned int s2_dst;
pudquick /
Last active Jun 11, 2018
Verifying a CMS detached signature in pyobjc on macOS
import objc
from ctypes import create_string_buffer, c_void_p, cast
from Foundation import NSBundle
Security = NSBundle.bundleWithIdentifier_('')
# CMSDecoder.h
kCMSSignerUnsigned = 0
kCMSSignerValid = 1
kCMSSignerNeedsDetachedContent = 2
pudquick /
Last active Apr 8, 2018
Programmatically load detailed version information about Xcode version via pyobjc on macOS
# Warning - because of how this works, it loads classes into memory namespace.
# Attempting to load a second Xcode to inspect within the same python run will result in errors
# If you need to inspect multiple, for now, just spin the inspection up under a second process
from Foundation import NSBundle
def xcode_info(app_path):
# app_path = '/Applications/'
DVTFoundation = NSBundle.bundleWithPath_('%s/Contents/SharedFrameworks/DVTFoundation.framework' % app_path)
IDEKit = NSBundle.bundleWithPath_('%s/Contents/Frameworks/IDEKit.framework' % app_path)
pudquick /
Last active Mar 30, 2018
Some code for working with /var/folders temp folders on macOS via ctypes
import glob, os.path, pwd, os
from ctypes import CDLL, byref, create_string_buffer, c_uint32
from ctypes.util import find_library
libsys = CDLL(find_library('C'))
def user_temp_dir(uid):
path_buffer = create_string_buffer(1024)
result = libsys.__user_local_dirname(c_uint32(uid), 0, byref(path_buffer), 1024)
return path_buffer.value.rsplit('/0/',1)[0]
You can’t perform that action at this time.