Small self-advertisement: as an alternative to dissect.cstruct, a fun side-project of mine (C parser + C interpreter in Python) can do a very similar thing:
Speaking of images (media file), I found out that iCloud double-counts storage space for rotated photos, so I need to subscribe to a higher tier just because the iPhone often can't get orientation right, especially for food photos.
Would be nice if they moved to storing diff sidecars.
I have to admit that using C syntax as a string to parse something from Python is definitely a choice. I'm not even sure I would use C structs to lay things out in C…
I asked an LLM to rewrite it for me using the Python built-in struct module, and it gave me this:
import sys
import struct
from collections import namedtuple
# Bake the layout once into a reusable, precompiled object.
HEADER = struct.Struct(">4sIIIQQ16sQQIIII")
# struct only knows positions, not names — pair it with a namedtuple
# to recover the named-field access that cstruct gives you for free.
Header = namedtuple("Header", [
"magic", "field4", "field8", "fieldC",
"field10", "field18", "field20",
"field30", "field38",
"field40", "field44", "field48", "field4C",
])
with open(sys.argv[1], "rb") as fh:
header = Header._make(HEADER.unpack(fh.read(HEADER.size)))
print(header)
To me, this seems significantly less readable... less Pythonic, even. The printed output is also less readable.
No I think Python's struct module is also really bad. My point is if you are making a new DSL for laying out arbitrary formats why not do something better than what we have
But yeah, while I think the `cstruct` helper function to describe a binary data layout in Python is more elegant than the builtin alternatives, it would have been much less painful to just go with a minimal C command line program (or any other programming language where a struct directly maps to memory). Python and most other scripting languages have been built for manipulating text data, but suck when working with binary data.
I like a good jaunt with IDApro as much as the next RE, but my question is what does ASIF do that Qcow2 doesn't?
My other question is why does it take so long to copy an app out of a dmg and into /Applications. Like, just change some pointers to pointers to data on disk and shit.
Additionally, while I don't know much about APFS, I don't think it would be beneficial to point the extracted app to blocks that are also part of the dmg file, i.e. some copying has to happen anyway.
Worth noting ASIF's compression tradeoff also affects Spotlight indexing —
since the content is opaque until mounted, you lose searchability on
unmounted disk images that you'd get with a regular folder structure.
Small self-advertisement: as an alternative to dissect.cstruct, a fun side-project of mine (C parser + C interpreter in Python) can do a very similar thing:
https://github.com/albertz/PyCParser/blob/master/demos/disse...
More info on how ASIF differs from the decades-old sparseimage format: https://news.ycombinator.com/item?id=44259132
Image as in “filesystem snapshot” not as in “media file”.
Speaking of images (media file), I found out that iCloud double-counts storage space for rotated photos, so I need to subscribe to a higher tier just because the iPhone often can't get orientation right, especially for food photos.
Would be nice if they moved to storing diff sidecars.
I have to admit that using C syntax as a string to parse something from Python is definitely a choice. I'm not even sure I would use C structs to lay things out in C…
I asked an LLM to rewrite it for me using the Python built-in struct module, and it gave me this:
To me, this seems significantly less readable... less Pythonic, even. The printed output is also less readable.
No I think Python's struct module is also really bad. My point is if you are making a new DSL for laying out arbitrary formats why not do something better than what we have
3 replies →
in video/image space most code we deal with day to day is still C, lots more rust plugins in gstreamer ecosystem, but 90%+ still C
The article is about disk images though :)
But yeah, while I think the `cstruct` helper function to describe a binary data layout in Python is more elegant than the builtin alternatives, it would have been much less painful to just go with a minimal C command line program (or any other programming language where a struct directly maps to memory). Python and most other scripting languages have been built for manipulating text data, but suck when working with binary data.
Sure, but it's a greenfield Python script
I like a good jaunt with IDApro as much as the next RE, but my question is what does ASIF do that Qcow2 doesn't?
My other question is why does it take so long to copy an app out of a dmg and into /Applications. Like, just change some pointers to pointers to data on disk and shit.
> what does ASIF do that Qcow2 doesn't
Mount natively in macOS
> why does it take so long to copy [...] out of a dmg
Compression mostly. DMG contents can optionally be compressed using zlib, lzfse, or slow as molasses bzip2.
Also Gatekeeper.
Additionally, while I don't know much about APFS, I don't think it would be beneficial to point the extracted app to blocks that are also part of the dmg file, i.e. some copying has to happen anyway.
3 replies →
Worth noting ASIF's compression tradeoff also affects Spotlight indexing — since the content is opaque until mounted, you lose searchability on unmounted disk images that you'd get with a regular folder structure.