bruienne

#!/usr/bin/python

from macholib import MachO
import macholib
import os
import sys

path = sys.argv[1]

for root, dirs, files in os.walk(path):

timsutton

#!/bin/sh

# this script removes the binary before we install it to ensure that we don't end up with a hybrid of what was there and what we're installing

echo "Removing legacy helper startup items"
loggedInUser=$(stat -f%Su /dev/console)
bundleIds=( "2BUA8C4S2C.com.agilebits.onepassword4-helper" 
			"2BUA8C4S2C.com.agilebits.onepassword-osx-helper" 
			"com.agilebits.onepassword-osx-helper" 
			"ws.agile.1PasswordAgent"

bwmorales

#!/bin/bash

# USAGE: ./rmSMB_Illegals.sh path

# Find searches through each file on a filesystem and passes the filenames to a
# function that tests for the presence of illegal characters and remediates.
# Bad characters are either removed or replaced with a ``-''.

# This has been tested on APFS on macOS 10.13.5. It'd be pretty safe to run this
# on a mounted volume, but it'd be nicer to test on Synology Linux and have it

0xmachos

Old OS X/ macOS Installers

Get old OS X/ macOS installer from the App Store via mas.

Direct links prioir to Catalina via Rich Trouton

macOS Monterey

Direct link: https://apps.apple.com/gb/app/macos-monterey/id1576738294

macOS Big Sur

haircut

#!/usr/bin/python
"""
Completely reset TCC services database in macOS

Note: Both the system and individual users have TCC databases; run the script as both
      a user and as root to completely reset TCC decisions at all levels.

2018-08-15: Resetting the 'Location' service fails; unknown cause
2018-08-16: Confirmed the 'All' service does not really reset _all_
            services, so individual calls to each service is necessary.

tachyonics

karanlyons

private rule Macho
{
    meta:
        description = "private rule to match Mach-O binaries (copied from Apple's XProtect)"
    condition:
        uint32(0) == 0xfeedface or uint32(0) == 0xcefaedfe or uint32(0) == 0xfeedfacf or uint32(0) == 0xcffaedfe or uint32(0) == 0xcafebabe or uint32(0) == 0xbebafeca
}

rule ZoomDaemon
{

talkingmoose

#!/bin/bash

<<ABOUT_THIS_SCRIPT
-----------------------------------------------------------------------

	Written by:William Smith
	Professional Services Engineer
	Jamf
	[email protected]
	https://gist.github.com/talkingmoose/9faf50deaaefafa9a147e48ba39bb4b0

al45tair

The Zoom install package for macOS is mad. Rather than actually using the installer to install things, it does everything in the preinstall script. That's bonkers, and also means that the system won't have a list of the files it installed, because it's doing it using shell script.

The script appears to install two items, namely:

/Applications/zoom.us.app
~/Library/Internet Plug-Ins/ZoomUsPlugIn.plugin

If the user opening the package isn't an administrator, it looks like it will install the app in the user's home folder instead. If they are an administrator, Zoom will delete the ZoomUsPlugIn.plugin from /Library if it's there, but it still installs to ~/Library.

It also adds Zoom to your Dock automatically, without asking.

pudquick

# https://developer.apple.com/documentation/corefoundation/3684868-cfbundleisarchitectureloadable?language=objc
# https://developer.apple.com/documentation/foundation/1495005-mach-o_architecture?language=occ
# https://developer.apple.com/documentation/foundation/1495005-mach-o_architecture/nsbundleexecutablearchitecturearm64?language=occ

from Foundation import NSBundle
import objc
CF = NSBundle.bundleWithPath_('/System/Library/Frameworks/CoreFoundation.framework')
f = [('CFBundleIsArchitectureLoadable', 'BQ')]
objc.loadBundleFunctions(CF, globals(), f)
NSBundleExecutableArchitectureARM64 = 0x0100000c