Archaeology

Frequently Asked Questions

Looking for something specific? The User Guide, Formats, Reversing Topics and FAQ are indexed within the app — open Archaeology, click on the Help menu (Command-?), and type in the Search field. Results listed under Help Topics link directly to the appropriate section here.

Installing Archaeology

What versions of macOS does Archaeology support?

Archaeology supports:

Does Archaeology automatically check for updates?

Yes, once every 2 weeks — or less, if you use it less often — Archaeology will download a small file from our website to get the current version number. If a newer version is available, you'll see an Update Available button on the right side of the app's title bar: available update indication

Click on Update Available to open the Archaeology download page, where you can get the latest version.

If you want to change the frequency with which Archaeology checks for updates, or turn off automatic checking entirely, use Archaeology > Preferences > Update: update pref pane

Archaeology never automatically downloads or installs the actual updated app. You make the decision about when or if to download it, and where and how to install it.

Understanding Archaeology

Is Archaeology “sandboxed”? What entitlements does it have?

Yes, Archaeology is sandboxed. You can examine the entitlements using Apparency or Archaeology itself.

To quickly open Archaeology using Archaeology, use Cmd-Option-O. Select and decode Code Signature for one of the architectures, and then decode Entitlements (or DER-encoded Entitlements).

However you view them, you'll see that Archaeology has the following entitlements:

Entitlements for the Archaeology application
Entitlement KeyValueReason
com.apple.security.files.user-selected.read-write YES This allows Archaeology to see the file or directory that you tell it to open — even if it's in a place that is not otherwise accessible to sandboxed apps, such as inside your home folder.

Archaeology requests the read-write rather than the read-only entitlement, not because it ever writes to the file you open (it doesn't) but in order to make the File > Export Value As feature work (i.e. by giving Archaeology the ability to write to the file that you designate).

com.apple.security.application-groups 936EB786NH.com.mothersruin.MRSFoundation.ASN1AnnotationStore This declares an app group container that Archaeology shares with our other apps. This group container is used to store the comments that you annotate to ASN.1 data. This is sideband data, by definition. We store it in this group container on the theory that it could be used and loaded by another app that shows ASN.1-format data — although at the moment, we don't do this elsewhere.
com.apple.security.temporary-exception.mach-lookup.global-name com.apple.security.syspolicy This allows Archaeology to talk to the /usr/libexec/syspolicyd daemon, which is required to check notarization status. Archaoelogy uses this to evaluate a Code Signing Requirement, if it includes a notarized term.

Within Archaeology, there is one other component that is also sandboxed, and thus has explicit entitlements. Under the MRSFoundation.framework component, you'll find a com.mothersruin.MRSFoundation.UpdateCheckingService.xpc XPC service. This is the component that performs the periodic check for updates, and is entitled as follows:

Entitlements for the com.mothersruin.MRSFoundation.UpdateCheckingService.xpc component
Entitlement KeyValueReason
com.apple.security.network.client YES This allows the XPC service to make an outgoing network connection, in order to fetch this file, which contains the information about the current version of Archaeology available for download.