Extract Mac-OSX dmg and pkg Installer
Views: 3194
SwissSign Group AG delivers SuisseID 2.0, a hardware PKCS#12 token with personal certificates for digital signature and web login. In order to support this on all operating systems (Linux, Windows, Mac), I wrote initialization software and create packages for Debian, RPM, Windows, Mac OS-X.
For Mac, I create a dmg
image file, that contains pkg
packages, that contain the app
applications. To analyze the structure, I download the current Mac OS-X installation file.
Extract dmg
The dmg
file can be extracted using 7z
:
7z x suisseid-mac-3.7.dmg
This creates a directory SuisseID
, that contains: changelog.txt
, '[HFS+ Private Data]'
, Install_SuisseID.pkg
and uninstall.app
.
Alternatively a dmg file can be converted to a Linux image file using dmg2img. Then the image file can be loop-mounted.
Extract pkg
The interesting part is in Install_SuisseID.pkg. This file is a xar archive:
$ file Install_SuisseID.pkg Install_SuisseID.pkg: xar archive version 1, SHA-1 checksum
You can either use Google xar or simply run ark
to extract it from the GUI:
cd SuisseID ark Install_SuisseID.pkg
This creates a new directory Install_SuisseID
, that contains: cryptovision.pkg
, modutil.pkg
, SuisseID-Assistant.pkg
, Distribution
and Resources
.
These are:
$ file * cryptovision.pkg: directory Distribution: XML 1.0 document, ASCII text modutil.pkg: directory Resources: directory SuisseID-Assistant.pkg: directory
So, this time, *.pkg
is something different: a directory, that contains:
$ file * Bom: Mac OS X bill of materials (BOM) file PackageInfo: XML 1.0 document, ASCII text Payload: gzip compressed data, from Unix Scripts: gzip compressed data, from Unix
Applying gunzip
on Payload
and Scripts
shows, that these are compressed cpio
archives. So extract them using:
gunzip -c Payload | cpio -i gunzip -c Scripts | cpio -i
That’s all, now everything is extracted and I can start the analysis of the package structure.