|
1.2 (155)
|
Released on May 5, 2024
- In the BER-encoded ASN.1 view:
- Fixed a bug in the handling of BIT STRING values: the unused bit octet was
not properly decoded, resulting in an incorrect value.
- BIT STRING values are now always shown as the actual bits, regardless of the size.
- However, if a BIT STRING is 64 bits or less, you can select that item, and Archaeology
will show it in the info pane, formatted as a 64-bit integer. For this representation,
the first bit in the string is presumed to be the least significant bit of the integer value.
You can also click this value to toggle between hexadecimal, decimal and octal representations.
- Likewise, if an INTEGER value will fit into a 64 bits (as a signed, twos complement
number), you can select that item and view the integer in the info pane, cycling between radixes
as described above.
- If an INTEGER value is larger than 64 bits, Archaeology has always fallen back to
simply showing the underlying encoding (which is in Big Endian order, per BER encoding rules).
Archaeology still does this, but prefixes the hex encoding with "0x" to make it more clear that this
is not a decoded integer value.
- In the macOS Property List view, you can now Control-click on an item (whether
dictionary key or array item) to copy various bits to the clipboard: the key, the value or a new
property list with just that item, in XML format. Alternatively, you can copy the
plutil(1) or PlistBuddy(8) command that would extract that value from
the property list, for pasting into Terminal or using in scripts.
- When using the search field in the toolbar, recent search terms will now be preserved
across files and app launches. Search terms are saved according to the binary format in
which they're used, since searches in macOS Property Lists are unlikely to be useful in
Cocoa Keyed Archives, for example.
- Improved comment annotation for the Boolean representation of Launch Constraints.
- Fixed a problem where the app might crash or become unresponsive in the
macOS Property List view, if a value contains certain strings with embedded newlines.
|
|
1.1 (106)
|
Released on August 13, 2023
- Allows decoding of Code Signing Requirements found within a Code Signature
Security::SuperBlob — most commonly a single “designated”
requirement within “Internal Requirements”. Archaeology decodes the requirement into an
equivalent Boolean expression, akin to the one shown by
codesign(1) or csreq(1), but with
syntax highlighting and comments that give more information (such as the names of certificate fields otherwise
identified by their OIDs). You can evaluate the requirement against a selected app or other signed code,
and see the results for individual terms of the expression.
- Allows decoding of Launch Constraints found within
a Code Signature Security::SuperBlob. These constraints are new-ish to
macOS 14 (Sonoma), and are stored in the code signature (using Xcode 15) in a BER-encoded ASN.1 format.
Archaeology decodes a launch constraint into a bespoke-but-easier-to-read Boolean expression. You can
evaluate the constraint against a selected app or other signed code, and see the results for individual
terms of the expression. If you prefer, use Go > Decode Item As > BER-encoded ASN.1
to see the underlying representation of the constraint instead.
- When the root of a BER-encoded ASN.1 appears to be a
CoreEntitlements structure — used for both
DER-encoded Entitlements and
Launch Constraints —
you can select the root item and click Show As Dictionary to see it converted
into property list form.
- For a bundle that is code-signed but does not have a Mach-O main executable (e.g. a
resource-only plugin or framework), Archaeology now shows all of the individual components
from the _CodeSignature directory, and allows these to be decoded and/or verified much
like their analogs in a Security::SuperBlob context.
- Adds the ability to open an xcframework, letting you examine each of the contained frameworks by platform.
- When viewing a URL Bookmark, you can now attempt resolution of
that bookmark by choosing Go > Resolve URL Bookmark. You can select a number
of different resolution options, but note that the handling of
security-scoped bookmarks
created by — and thus, scoped to — another app won't necessarily make sense when resolving
from Archaeology.
- Added an option under Archaeology > Preferences > General to inhibit the
warning dialog when decoding BER-encoded ASN.1 that doesn't have a Universal-class tag at its root.
Normally, Archaeology takes this as a sign that the data might not be ASN.1 at all, and
doesn't decode unless you click Decode Anyway. But if that's annoying,
you can uncheck this. (This only applies when you use the generic Go > Decode Item,
such that Archaeology must deduce what type of data is being decoded. Whenever you tell
Archaeology that you are expecting ASN.1 data, e.g. by using
Go > Decoded Item As > BER-encoded ASN.1, it won't
require a Universal-class root tag, regardless of this preference.)
- When viewing a Cocoa Keyed Archive,
NSUUID
instances now get a more useful string formatting, as long as
Format strings and dates in archives is
enabled in the open options.
- When opening a macOS Installer package (or other xar archive), Archaeology no longer presents
a confusing error if the archive is not signed: instead, it simply shows whatever info is there,
even if that is only the xar TOC digest.
|
|
1.0.1 (87.1)
|
Released on March 22, 2023
- Fixed a problem that caused the Open Download Page button in
Archaeology Preferences > Update to do nothing. If you had
version 1.0 and found your way here, we apologize. We're releasing this minor update
to minimize the number of others who have to do likewise.
|
|
1.0 (87)
|
Released on March 9, 2023
- Initial release of Archaeology.
|