Extract Mac-OSX dmg and pkg Installer
SwissSign Group AG delivers SuisseID 2.0, a hardware PKCS#12 token with personal certificates for digital signature and web login. In order to support this on all operating systems (Linux, Windows, Mac), I wrote initialization software and create packages for Debian, RPM, Windows, Mac OS-X.
For Mac, I create a
dmg image file, that contains
pkg packages, that contain the
app applications. To analyze the structure, I download the current Mac OS-X installation file.
dmg file can be extracted using
7z x suisseid-mac-3.7.dmg
This creates a directory
SuisseID, that contains:
'[HFS+ Private Data]',
Alternatively a dmg file can be converted to a Linux image file using dmg2img. Then the image file can be loop-mounted.
The interesting part is in Install_SuisseID.pkg. This file is a xar archive:
$ file Install_SuisseID.pkg Install_SuisseID.pkg: xar archive version 1, SHA-1 checksum
You can either use Google xar or simply run
ark to extract it from the GUI:
cd SuisseID ark Install_SuisseID.pkg
This creates a new directory
Install_SuisseID, that contains:
$ file * cryptovision.pkg: directory Distribution: XML 1.0 document, ASCII text modutil.pkg: directory Resources: directory SuisseID-Assistant.pkg: directory
So, this time,
*.pkg is something different: a directory, that contains:
$ file * Bom: Mac OS X bill of materials (BOM) file PackageInfo: XML 1.0 document, ASCII text Payload: gzip compressed data, from Unix Scripts: gzip compressed data, from Unix
Scripts shows, that these are compressed
cpio archives. So extract them using:
gunzip -c Payload | cpio -i gunzip -c Scripts | cpio -i
That’s all, now everything is extracted and I can start the analysis of the package structure.