• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

kendfinger/MacHack: Hidden Tools in macOS

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称(OpenSource Name):

kendfinger/MacHack

开源软件地址(OpenSource Url):

https://github.com/kendfinger/MacHack

开源编程语言(OpenSource Language):


开源软件介绍(OpenSource Introduction):

MacHack

A list of built-in tools in macOS that you probably didn't know about.

Table of Contents

Commands

java_home

This tool queries the available Java Virtual Machines from /Library/Java/JavaVirtualMachines.

$ /usr/libexec/java_home --help
Usage: java_home [options...]
    Returns the path to a Java home directory from the current user's settings.

Options:
    [-v/--version   <version>]       Filter versions (as if JAVA_VERSION had been set in the environment).
    [-a/--arch      <architecture>]  Filter architecture (as if JAVA_ARCH had been set in the environment).
    [-F/--failfast]                  Fail when filters return no JVMs, do not continue with default.
    [   --exec      <command> ...]   Execute the $JAVA_HOME/bin/<command> with the remaining arguments.
    [-X/--xml]                       Print full JVM list and additional data as XML plist.
    [-V/--verbose]                   Print full JVM list with architectures.
    [-h/--help]                      This usage information.

An example usage of this tool:

$ /usr/libexec/java_home -v 11 -a x86_64
/Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home

dot_clean

This is an extremely useful built-in utility to delete all useless dot files that macOS creates, such as ._MyFile.

Just point it at a folder, and it wipes it free of the cruft!

$ /usr/sbin/dot_clean
usage: dot_clean  [-fmnpsv] [--keep=[mostrecent|dotbar|native]] [directory ...]

An example usage of the tool:

$ /usr/sbin/dot_clean /Volumes/Shared/MyFiles

SafeEjectGPU

This is a utility for managing GPUs, especially eGPUs. This is what is behind the safe eject functionality of the eGPU in the System UI.

It is useful for:

  • Listing GPUs on the system.
  • Determining what applications are using a particular GPU.
  • Ejecting an eGPU safely.
  • Launching an application on a specific GPU.
  • Switching an application from one GPU to another.
$ /usr/bin/SafeEjectGPU
usage: SafeEjectGPU [Commands...]
    Commands:
        gpuid <gpuid> # specify gpuid of following commands
        gpuids <gpuid1>,<gpuid2>,... # specify list of gpuids for RelaunchPIDOnGPU command
        gpus          # show all GPUs and their applicable properties
        apps          # show all Apps on specified gpuid
        status        # show status of all specified gpuid
        Eject         # Eject (full eject sequence) on specified gpuid
        Initiate      # Initiate eject sequence on specified gpuid
        Relaunch      # Relaunch lingering AppKit apps on specified gpuid
        Finalize      # Finalize eject sequence on specified gpuid
        Cancel        # Cancel eject sequence on specified gpuid
        RelaunchPID <pid>       # RelaunchPID can be used in app testing to send Relaunch stimulus in isolation
        RelaunchPIDOnGPU <pid>  # Send Relaunch stimulus to an app with set of limited GPUs to select from, use gpuids
        LaunchOnGPU <path>      # Launch an app from given bundle path with set of limited GPUs, use gpuids
        zombies       # show all zombies (apps holding reference to unplugged eGPU)
        zcount        # show count of (unhidden) zombies
        Zkill         # kill zombies
        Zrelaunch     # relaunch zombies
        +fallbackGPUEjectPolicy # allow builtin fallbacks to take effect (default)
        -fallbackGPUEjectPolicy # deny builtin fallbacks

    Notes:
       Unspecified gpuid (==0) indicates all "removable" GPUs
       Capitalized commands may have system-wide effects
       Non-capitalized commands are informative only
       See description of Info.plist "SafeEjectGPUPolicy" key.  Use values:
           "ignore", "wait", "relaunch", or "kill" for per-app policy
       +/-fallbackGPUEjectPolicy can appear multiple times on the commandline and applies to following commands

Example of the gpus command:

$ /usr/bin/SafeEjectGPU gpus
gpus
2020-12-27 15:30:35.949 SafeEjectGPU[55941:9041424] Device PreExisted [00000001000008b2] AMD Radeon RX 570
2020-12-27 15:30:35.949 SafeEjectGPU[55941:9041424] Device PreExisted [00000001000008b5] AMD Radeon Pro 560X
2020-12-27 15:30:35.949 SafeEjectGPU[55941:9041424] Device PreExisted [0000000100000876] Intel(R) UHD Graphics 630
gpuid 0x56ce - Intel® UHD Graphics 630
               registryID=0x0000000100000876 integrated
               location - BuiltIn
               locationNumber - 0
               maxTransferRate - 0
gpuid 0x9f05 - AMD Radeon Pro 560X
               registryID=0x00000001000008b5 discrete
               location - BuiltIn
               locationNumber - 1
               maxTransferRate - 0
gpuid 0x5d0e - AMD Radeon RX 570
               registryID=0x00000001000008b2 removable
               Razer Core X - enclosureRegistryID=0x0000000100000472
               location - External
               locationNumber - 1
               maxTransferRate - 5000000000

sharing

This command gives information about File Sharing. It should look similar to the File Sharing section in the Sharing preference pane.

$ /usr/sbin/sharing
Usage:
sharing -a <path> [options] : create a sharepoint for directory specified by path <path>
sharing -e <name> [options] : edit sharepoint named <name>
sharing -r <name>           : remove sharepoint with name <name>
sharing -l [-f json]        : list existing sharepoints

options:
        -A <name> :use share point name <name> for afp. Obsolete but left in for backwards compatibility.
        -F <name> :use share point name <name> for ftp. Obsolete but left in for backwards compatibility.
        -S <name> :use share point name <name> for smb.
        -s [<flags>] :enable sharing, restricted by flags if specified;
           flags = 000,001,010 ...111; 1 = share, 0 = do not share;
           with digits indicating afp (no longer supported), ftp (no longer supported) and smb in that order;
           default is 001 if -s is specified with no flags.
        -g [<flags>] :enable guest access, restricted by flags if specified;
           flags = 000,001,010 ...111; 1 = enabled, 0 = disabled;
           with digits indicating afp (no longer supported), ftp (no longer supported) and smb in that order;
           default 001 if -g is specified with no flags.
        -i [<flags>] :enable inherit privileges from parent (afp only). Obsolete but left in for backwards compatibility.
        -n <name> :set record name to use (by default this is the directory name of the shared directory)
       -R <0/1> :make share read only for smb. 1 is enable, 0 is disable.
       -E <0/1> :make share encrypted for smb v3 and later. 1 is enable, 0 is disable.
       -f <format> :when listing shares, outputs in specified format. Formats supported: json

remotectl

The Apple T2 security chip (a built-in ARM chip in newer Intel Mac models) communicates with your system with a modified HTTP/2 protocol. There is also a command-line interface for various functions of the chip. Note that this chip is merged with the Apple Silicon chips, and remotectl is no longer used on Apple Silicon Macs.

$ /usr/libexec/remotectl
usage: remotectl list
usage: remotectl show (name|uuid)
usage: remotectl get-property (name|uuid) [service] property
usage: remotectl dumpstate
usage: remotectl browse
usage: remotectl echo [-v service_version] [-d (name|uuid)]
usage: remotectl echo-file (name|uuid) path
usage: remotectl eos-echo
usage: remotectl netcat (name|uuid) service
usage: remotectl relay (name|uuid) service
usage: remotectl loopback (attach|connect|detach|suspend|resume)
usage: remotectl bonjour ((enable|enable-loopback interface_name)|(disable))
usage: remotectl convert-bridge-version plist-in-path bin-out-path
usage: remotectl heartbeat (name|uuid)
usage: remotectl trampoline [-2 fd] service_name command args ... [ -- [-2 fd] service_name command args ... ]

Example of the list command:

$ /usr/libexec/remotectl list
MY_UUID localbridge    iBridge2,3   J680AP   5.1 (18P3030/18.16.13030.0.0,0) -

Example of the show command:

$ /usr/libexec/remotectl show MY_UUID
Found localbridge (bridge)
    State: connected (connectable)
    UUID: MY_UUID
    Product Type: iBridge2,3
    OS Build: 5.1 (18P3030)
    Messaging Protocol Version: 2
    Heartbeat:
        Last successful heartbeat sent 8.825s ago, received 8.822s ago (took 0.003s)
        64402 heartbeats sent, 0 received
    Properties: {
        AppleInternal => false
        CPUArchitecture => arm64
        ChipID => 32786
        EffectiveProductionStatusSEP => true
        HWModel => J680AP
        HasSEP => true
        LocationID => MY_LOCATION_ID
        IsUIBuild => true
        RegionInfo => LL/A
        DeviceSupportsLockdown => false
        EffectiveSecurityModeAp => true
        SigningFuse => true
        BuildVersion => 18P3030
        OSVersion => 5.1
        BridgeVersion => 18.16.13030.0.0,0
        SensitivePropertiesVisible => true
        BoardRevision => 1
        Image4CryptoHashMethod => sha2-384
        ProductType => iBridge2,3
        SerialNumber => MY_SERIAL_NUMBER
        BootSessionUUID => MY_BOOT_SESSION_ID
        BoardId => 11
        DeviceColor => black
        EffectiveProductionStatusAp => true
        EffectiveSecurityModeSEP => true
        UniqueChipID => MY_UNIQUE_CHIP_ID
        UniqueDeviceID => MY_UNIQUE_DEVICE_ID
        RemoteXPCVersionFlags => MY_XPC_VERSION_FLAGS
        CertificateProductionStatus => true
        CertificateSecurityMode => true
        DeviceEnclosureColor => black
        ModelNumber => Z0V16LL/A
        RegionCode => LL
        SecurityDomain => 1
        OSInstallEnvironment => false
        InterfaceIndex => 4
        HardwarePlatform => t8012
        Image4Supported => true
    }
    Services:
        com.apple.nfcd.relay.uart
        com.apple.bridgeOSUpdated
        com.apple.videoprocessingd.encode.remote
        com.apple.corespeech.xpc.remote.record
        com.apple.bootpolicyd.remote.internal
        com.apple.icloud.findmydeviced.bridge
        com.apple.xpc.remote.mobile_obliteration
        com.apple.bootpolicyd.remote
        com.apple.eos.BiometricKit
        com.apple.osanalytics.logTransfer
        com.apple.internal.xpc.remote.kext_audit
        com.apple.xpc.remote.multiboot
        com.apple.powerchime.remote
        com.apple.aveservice
        com.apple.recoverylogd.bridge
        com.apple.sysdiagnose.stackshot.remote
        com.apple.corespeech.xpc.remote.control
        com.apple.RestoreRemoteServices.restoreserviced
        com.apple.corecaptured.remoteservice
        com.apple.nfcd.relay.control
        com.apple.mobileactivationd.bridge
        com.apple.sysdiagnose.remote
        com.apple.CoreKDL.remoteXPC
        com.apple.eos.LASecureIO
        com.apple.multiverse.remote.bridgetime
        com.apple.lskdd
        com.apple.private.avvc.xpc.remote

brctl

This is a utility related to "CloudDocs", also know as iCloud Drive.

$ /usr/bin/brctl
Usage: brctl <command> [command-options and arguments]

    -h,--help            show this help

COMMANDS

diagnose [options] [--doc|-d <document-path>] [<diagnosis-output-path>]
    diagnose and collect logs

    -M,--collect-mobile-documents[=<container>]  (default: all containers)
    -s,--sysdiagnose     Do not collect what's already part of sysdiagnose
    -t,--uitest          Collect logs for UI tests
    -n,--name=<name>     Change the device name
    -f,--full            Do a full diagnose, including server checks
    -d,--doc=<document-path>
                         Collect additional information about the document at that path.
                         Helps when investigating an issue impacting a specific document.
    -e,--no-reveal       Do not reveal diagnose in the Finder when done
    [<diagnosis-output-path>]
                         Specifies the output path of the diagnosis; -n becomes useless.

log [options] [<command>]

    -a,--all                         Show all system logs
    -p,--predicate                   Additional predicate (see `log help predicates`)
    -x,--process <name>              Filter events from the specified process
    -d,--path=<logs-dir>             Use <logs-dir> instead of default
    -S,--start="YYYY-MM-DD HH:MM:SS" Start log dump from a specified date
    -E,--end="YYYY-MM-DD HH:MM:SS"   Stop log dump after a specified date
    -b                               Only show CloudDocs logs
    -f                               Only show FileProvider related logs
    -F                               Only show FruitBasket related logs
    -g                               Only show Genstore related logs
    -i                               Only show SQL and CloudDocs logs
    -z,--local-timezone              Display timestamps within local timezone

dump [options] [<container>]
    dump the CloudDocs database

    -o,--output=<file-path>
                         redirect output to <file-path>
    -d,--database-path=<db-path>
                         Use the database at <db-path>
    -i,--itemless
                         Don't dump items from the db
    -u,--upgrade
                         Upgrade the db if necessary before dumping

    [<container>]        the container to be dumped

status [<containers>]
    Prints items which haven't been completely synced up / applied to disk

    [<container>]        the container to be dumped

quota
    Displays the available quota in the account

monitor [options] [<container> ...]
    monitor activity
    -g                   dump global activity of the iCloud Drive
    -i                   dump changes incrementally
    -S,--scope=<scope>
                         restrict the NSMetadataQuery scope to docs, data, external or a combination

    [<container> ...]    list of containers to monitor, ignored when -g is used

A pretty cool command here is a utility to get the quota left on your iCloud Drive:

$ /usr/bin/brctl quota
2098962726220 bytes of quota remaining

sysadminctl

Basically an all around useful tool for managing users, as well as manage full-disk encryption (FileVault).

$ /usr/sbin/sysadminctl
Usage: sysadminctl
    -deleteUser <user name> [-secure || -keepHome] (interactive || -adminUser <administrator user name> -adminPassword <administrator password>)
    -newPassword <new password> -oldPassword <old password> [-passwordHint <password hint>]
    -resetPasswordFor <local user name> -newPassword <new password> [-passwordHint <password hint>] (interactive] || -adminUser <administrator user name> -adminPassword <administrator password>)
    -addUser <user name> [-fullName <full name>] [-UID <user ID>] [-GID <group ID>] [-shell <path to shell>] [-password <user password>] [-hint <user hint>] [-home <full path to home>] [-admin] [-roleAccount] [-picture <full path to user image>] (interactive] || -adminUser <administrator user name> -adminPassword <administrator password>)
    -secureTokenStatus <user name>
    -secureTokenOn <user name> -password <password> (interactive || -adminUser <administrator user name> -adminPassword <administrator password>)
    -secureTokenOff <user name> -password <password> (interactive || -adminUser <administrator user name> -adminPassword <administrator password>)
    -guestAccount <on || off || status>
    -afpGuestAccess <on || off || status>
    -smbGuestAccess <on || off || status>
    -automaticTime <on || off || status>
    -filesystem status
    -screenLock <status || immediate || off || seconds> -password <password>

Pass '-' instead of password in commands above to request prompt.
'-adminPassword' used mostly for scripted operation. Use '-' or 'interactive' to get the authentication string interactively. This preferred for security reasons

    *Role accounts require name starting with _ and UID in 200-400 range.

A pretty useful command in this tool is to check if FileVault is enabled:

$ sudo sysadminctl -filesystem status
2019-10-13 10:16:41.266 sysadminctl[61797:3404423] Boot volume CS FDE: NO
2019-10-13 10:16:41.298 sysadminctl[61797:3404423] Boot volume APFS FDE: YES

ckksctl

CloudKit controls, probably useful for some advanced users.

$ /usr/sbin/ckksctl
usage: ckksctl [-p] [-j] [-s] [-v arg] [status] [fetch] [push] [resync] [reset] [reset-cloudkit] [ckmetric]

Control and report on CKKS

positional arguments:

optional arguments:
  -p, --perfcounters             Print CKKS performance counters
  -j, --json                     Output in JSON format
  -s, --short                    Output a short format
  -v arg, --view arg             Operate on a single view

optional commands:
  status                         Report status on CKKS views
  fetch                          Fetch all new changes in CloudKit and attempt to process them
  push                           Push all pending local changes to CloudKit
  resync                         Resync all data with what's in CloudKit
  reset                          All local data will be wiped, and data refetched from CloudKit
  reset-cloudkit                 All data in CloudKit will be removed and replaced with what's local
  ckmetric                       Push CloudKit metric

otctl

This is the Octagon Trust utility. It's a pretty neat view of the underlying trust network being used by your Apple Devices.

$ /usr/sbin/otctl
usage: otctl [-s arg] [-e arg] [-r arg] [-j] [-i arg] [-E] [-P] [--altDSID arg] [--entropy arg] [--appleID arg] [--dsid arg] [--container arg] [--radar arg] [start] [sign-in] [sign-out] [status] [resetoctagon] [resetProtectedData] [user-controllable-views] [allBottles] [recover] [depart] [er-trigger] [er-status] [er-reset] [er-store] [health] [ckks-policy] [taptoradar] [fetchEscrowRecords] [fetchAllEscrowRecords] [recover-record] [recover-record-silent]

Control and report on Octagon Trust

positional arguments:

optional arguments:
  -s arg, --secret arg           escrow secret
  -e arg, --bottleID arg         bottle record id
  -r arg, --skipRateLimiting arg  enter values YES or NO, option defaults to NO, This gives you the opportunity to skip the rate limiting check when performing the cuttlefish health check
  -j, --json                     Output in JSON
  -i arg, --recordID arg         recordID
  -E, --enable                   Enable something (pair with a modification command)
  -P, --pause                    Pause something (pair with a modification command)
  --altDSID arg                   altDSID (for sign-in/out)
  --entropy arg                   escrowed entropy in JSON
  --appleID arg                   AppleID
  --dsid arg                      DSID
  --container arg                 CloudKit container name
  --radar arg                     Radar number

optional commands:
  start                          Start Octagon state machine
  sign-in                        Inform Cuttlefish container of sign in
  sign-out                       Inform Cuttlefish container of sign out
  status                         Report Octagon status
  resetoctagon                   Reset and establish new Octagon trust
  resetProtectedData             Reset ProtectedData
  user-controllable-views        Modify or view user-controllable views status (If one of --enable or --pause is passed, will modify status)
  allBottles                     Fetch all viable bottles
  recover                        Recover using this bottle
  depart                         Depart from Octagon Trust
  er-trigger                     Trigger an Escrow Request request
  er-status                      Report status on any pending Escrow Request requests
  er-reset                       Delete all Escrow Request requests
  er-store                       Store any pending Escrow Request prerecords
  health                         Check Octagon Health status
  ckks-policy                    Trigger a refetch of the CKKS policy
  taptoradar                     Trigger a TapToRadar
  fetchEscrowRecords             Fetch Escrow Records
  fetchAllEscrowRecords          Fetch All Escrow Records
  recover-record                 Recover record
  recover-record-silent          Silent record recovery

Run the following command to list your peers:

$ /usr/sbin/otctl status
... Lots of Useful Output ...

spctl

This is the System Policy management utility. You can enable and disable Gatekeeper and other code-signing features this way.

$ /usr/sbin/spctl
System Policy Basic Usage:
       spctl --assess [--type type] [-v] path ... # assessment
       spctl --add [--type type] [--path|--requirement|--anchor|--hash] spec ... # add rule(s)
       spctl [--enable|--disable|--remove] [--type type] [--path|--requirement|--anchor|--hash|--rule] spec # change rule(s)
       spctl --status | --master-enable | --master-disable # system master switch

Developer Mode Usage:
    spctl developer-mode <action>
        enable-terminal
            Add Terminal as a developer tool.
Kernel Extension User Consent Usage:
    spctl kext-consent <action>         ** Modifications only available in Recovery OS **
        status
            Print whether kernel extension user consent is enabled or disabled.
        enable
            Enable requiring user consent for kernel extensions.
        disable
            Disable requiring user consent for kernel extensions.
        add <team-id>
            Insert a new Team Identifier into the list allowed to load kernel extensions without user consent.
        list
            Print the list of Team Identifiers allowed to load without user consent.
        remove <team-id>
            Remove a Team Identifier from the list allowed to load kernel extensions without user consent.

A useful command is to view the status of the system policy assesments:

$ /usr/sbin/spctl --status
assessments enabled

networksetup

Network setup is pretty much everything network-related minus some wireless stuff.


鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
onmyway133/GifCapture: 发布时间:2022-08-18
下一篇:
passepartoutvpn/passepartout-apple: VPN client for iOS and macOS.发布时间:2022-08-18
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap