Extract Mac-OSX dmg and pkg Installer
Views: 3350
SwissSign Group AG delivers SuisseID 2.0, a hardware PKCS#12 token with personal certificates for digital signature and web login. In order to support this on all operating systems (Linux, Windows, Mac), I wrote initialization software and create packages for Debian, RPM, Windows, Mac OS-X.
For Mac, I create a dmg image file, that contains pkg packages, that contain the app applications. To analyze the structure, I download the current Mac OS-X installation file.
Extract dmg
The dmg file can be extracted using 7z:
7z x suisseid-mac-3.7.dmg
This creates a directory SuisseID, that contains: changelog.txt, '[HFS+ Private Data]', Install_SuisseID.pkg and uninstall.app.
Alternatively a dmg file can be converted to a Linux image file using dmg2img. Then the image file can be loop-mounted.
Extract pkg
The interesting part is in Install_SuisseID.pkg. This file is a xar archive:
$ file Install_SuisseID.pkg Install_SuisseID.pkg: xar archive version 1, SHA-1 checksum
You can either use Google xar or simply run ark to extract it from the GUI:
cd SuisseID ark Install_SuisseID.pkg
This creates a new directory Install_SuisseID, that contains: cryptovision.pkg, modutil.pkg, SuisseID-Assistant.pkg, Distribution and Resources.
These are:
$ file * cryptovision.pkg: directory Distribution: XML 1.0 document, ASCII text modutil.pkg: directory Resources: directory SuisseID-Assistant.pkg: directory
So, this time, *.pkg is something different: a directory, that contains:
$ file * Bom: Mac OS X bill of materials (BOM) file PackageInfo: XML 1.0 document, ASCII text Payload: gzip compressed data, from Unix Scripts: gzip compressed data, from Unix
Applying gunzip on Payload and Scripts shows, that these are compressed cpio archives. So extract them using:
gunzip -c Payload | cpio -i gunzip -c Scripts | cpio -i
That’s all, now everything is extracted and I can start the analysis of the package structure.