Is there any way to check the SSD of a MacOS in binary / hexadecimal?
1
Macs are based on UNIX as far as I know. Thereby I was wondering if there was any way of checking the entire content of the SSD of a macOS in binary or in hexadecimal.
EDIT: I know about xxd and such other tools available however I was looking for a way out which essentially bypasses the security (SIP) as mentioned in an answer below.
macos ssd unix
asked Dec 17 '18 at 6:07
Anonymous DeveloperAnonymous Developer
85
add a comment |
1
Macs are based on UNIX as far as I know. Thereby I was wondering if there was any way of checking the entire content of the SSD of a macOS in binary or in hexadecimal.
EDIT: I know about xxd and such other tools available however I was looking for a way out which essentially bypasses the security (SIP) as mentioned in an answer below.
macos ssd unix
asked Dec 17 '18 at 6:07
Anonymous DeveloperAnonymous Developer
85
add a comment |
1
1
1
Macs are based on UNIX as far as I know. Thereby I was wondering if there was any way of checking the entire content of the SSD of a macOS in binary or in hexadecimal.
EDIT: I know about xxd and such other tools available however I was looking for a way out which essentially bypasses the security (SIP) as mentioned in an answer below.
macos ssd unix
asked Dec 17 '18 at 6:07
Anonymous DeveloperAnonymous Developer
85
Macs are based on UNIX as far as I know. Thereby I was wondering if there was any way of checking the entire content of the SSD of a macOS in binary or in hexadecimal.
EDIT: I know about xxd and such other tools available however I was looking for a way out which essentially bypasses the security (SIP) as mentioned in an answer below.
macos ssd unix
macos ssd unix
asked Dec 17 '18 at 6:07
Anonymous DeveloperAnonymous Developer
85
asked Dec 17 '18 at 6:07
Anonymous DeveloperAnonymous Developer
85
edited Dec 17 '18 at 12:33
Anonymous Developer
asked Dec 17 '18 at 6:07
Anonymous DeveloperAnonymous Developer
85
asked Dec 17 '18 at 6:07
Anonymous DeveloperAnonymous Developer
85
asked Dec 17 '18 at 6:07
Anonymous DeveloperAnonymous Developer
85
85
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
0
hexdump and xxd are available in macOS. Direct access to /dev/disk0 is blocked by the System Integrity Protection (SIP) on newer macOS, you'll have to disable it.
Also see this question.
answered Dec 17 '18 at 9:19
dirktdirkt
9,15731221
thanks for the answer, however I was looking for a different approach :)
– Anonymous Developer
Dec 17 '18 at 12:33
If you could just bypass the security, it wouldn't be particularly secure... "based on Unix" (BSD, actually) doesn't help with that, the people who added SIP are very aware of this.
– dirkt
Dec 17 '18 at 13:17
interesting...as I expected! Anyway you mind going a bit more deep into it? would there be anyway to physically get data out of the drive? as at the last it's just "hardware" so maybe we could look at the binaries and decode the file. I believe that if we could get hold of the entire SSD data even if encrypted would suffice. As there definitely would be some particular space that would hold the encryption key as well. @dirkt
– Anonymous Developer
Dec 18 '18 at 7:48
If you can get physical access to the SSD (take it out, connect it to a different computer) you can always get at the whole data. However, that's not (easily) possible e.g. on newer macbooks; the SSD is part of the motherboard. I haven't looked at the details of SIP, but with e.g. the T2 chip and TPM, they can in principle block access to the SSD, even if you try to access the "hardware" (SSD controller) directly. Encryption is irrelevant for that. But at the moment, it's (still) easy to disable SIP...
– dirkt
Dec 18 '18 at 8:33
Thanks for the support :) it was really helpful. So basically although it's tough to get the hardware out but still if one manages then it can be read/decyphered. that's pretty cool. I guess that's why FBI and other agencies have problem extracting data from recovered ios devices (If it's complicated for a PC then it's super complicated for a tiny iphone). Thanks!
– Anonymous Developer
Dec 18 '18 at 9:24
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1385149%2fis-there-any-way-to-check-the-ssd-of-a-macos-in-binary-hexadecimal%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
hexdump and xxd are available in macOS. Direct access to /dev/disk0 is blocked by the System Integrity Protection (SIP) on newer macOS, you'll have to disable it.
Also see this question.
answered Dec 17 '18 at 9:19
dirktdirkt
9,15731221
thanks for the answer, however I was looking for a different approach :)
– Anonymous Developer
Dec 17 '18 at 12:33
If you could just bypass the security, it wouldn't be particularly secure... "based on Unix" (BSD, actually) doesn't help with that, the people who added SIP are very aware of this.
– dirkt
Dec 17 '18 at 13:17
interesting...as I expected! Anyway you mind going a bit more deep into it? would there be anyway to physically get data out of the drive? as at the last it's just "hardware" so maybe we could look at the binaries and decode the file. I believe that if we could get hold of the entire SSD data even if encrypted would suffice. As there definitely would be some particular space that would hold the encryption key as well. @dirkt
– Anonymous Developer
Dec 18 '18 at 7:48
If you can get physical access to the SSD (take it out, connect it to a different computer) you can always get at the whole data. However, that's not (easily) possible e.g. on newer macbooks; the SSD is part of the motherboard. I haven't looked at the details of SIP, but with e.g. the T2 chip and TPM, they can in principle block access to the SSD, even if you try to access the "hardware" (SSD controller) directly. Encryption is irrelevant for that. But at the moment, it's (still) easy to disable SIP...
– dirkt
Dec 18 '18 at 8:33
Thanks for the support :) it was really helpful. So basically although it's tough to get the hardware out but still if one manages then it can be read/decyphered. that's pretty cool. I guess that's why FBI and other agencies have problem extracting data from recovered ios devices (If it's complicated for a PC then it's super complicated for a tiny iphone). Thanks!
– Anonymous Developer
Dec 18 '18 at 9:24
add a comment |
0
hexdump and xxd are available in macOS. Direct access to /dev/disk0 is blocked by the System Integrity Protection (SIP) on newer macOS, you'll have to disable it.
Also see this question.
answered Dec 17 '18 at 9:19
dirktdirkt
9,15731221
thanks for the answer, however I was looking for a different approach :)
– Anonymous Developer
Dec 17 '18 at 12:33
If you could just bypass the security, it wouldn't be particularly secure... "based on Unix" (BSD, actually) doesn't help with that, the people who added SIP are very aware of this.
– dirkt
Dec 17 '18 at 13:17
interesting...as I expected! Anyway you mind going a bit more deep into it? would there be anyway to physically get data out of the drive? as at the last it's just "hardware" so maybe we could look at the binaries and decode the file. I believe that if we could get hold of the entire SSD data even if encrypted would suffice. As there definitely would be some particular space that would hold the encryption key as well. @dirkt
– Anonymous Developer
Dec 18 '18 at 7:48
If you can get physical access to the SSD (take it out, connect it to a different computer) you can always get at the whole data. However, that's not (easily) possible e.g. on newer macbooks; the SSD is part of the motherboard. I haven't looked at the details of SIP, but with e.g. the T2 chip and TPM, they can in principle block access to the SSD, even if you try to access the "hardware" (SSD controller) directly. Encryption is irrelevant for that. But at the moment, it's (still) easy to disable SIP...
– dirkt
Dec 18 '18 at 8:33
Thanks for the support :) it was really helpful. So basically although it's tough to get the hardware out but still if one manages then it can be read/decyphered. that's pretty cool. I guess that's why FBI and other agencies have problem extracting data from recovered ios devices (If it's complicated for a PC then it's super complicated for a tiny iphone). Thanks!
– Anonymous Developer
Dec 18 '18 at 9:24
add a comment |
0
0
0
hexdump and xxd are available in macOS. Direct access to /dev/disk0 is blocked by the System Integrity Protection (SIP) on newer macOS, you'll have to disable it.
Also see this question.
answered Dec 17 '18 at 9:19
dirktdirkt
9,15731221
hexdump and xxd are available in macOS. Direct access to /dev/disk0 is blocked by the System Integrity Protection (SIP) on newer macOS, you'll have to disable it.
Also see this question.
answered Dec 17 '18 at 9:19
dirktdirkt
9,15731221
answered Dec 17 '18 at 9:19
dirktdirkt
9,15731221
answered Dec 17 '18 at 9:19
dirktdirkt
9,15731221
answered Dec 17 '18 at 9:19
dirktdirkt
9,15731221
9,15731221
thanks for the answer, however I was looking for a different approach :)
– Anonymous Developer
Dec 17 '18 at 12:33
If you could just bypass the security, it wouldn't be particularly secure... "based on Unix" (BSD, actually) doesn't help with that, the people who added SIP are very aware of this.
– dirkt
Dec 17 '18 at 13:17
interesting...as I expected! Anyway you mind going a bit more deep into it? would there be anyway to physically get data out of the drive? as at the last it's just "hardware" so maybe we could look at the binaries and decode the file. I believe that if we could get hold of the entire SSD data even if encrypted would suffice. As there definitely would be some particular space that would hold the encryption key as well. @dirkt
– Anonymous Developer
Dec 18 '18 at 7:48
If you can get physical access to the SSD (take it out, connect it to a different computer) you can always get at the whole data. However, that's not (easily) possible e.g. on newer macbooks; the SSD is part of the motherboard. I haven't looked at the details of SIP, but with e.g. the T2 chip and TPM, they can in principle block access to the SSD, even if you try to access the "hardware" (SSD controller) directly. Encryption is irrelevant for that. But at the moment, it's (still) easy to disable SIP...
– dirkt
Dec 18 '18 at 8:33
Thanks for the support :) it was really helpful. So basically although it's tough to get the hardware out but still if one manages then it can be read/decyphered. that's pretty cool. I guess that's why FBI and other agencies have problem extracting data from recovered ios devices (If it's complicated for a PC then it's super complicated for a tiny iphone). Thanks!
– Anonymous Developer
Dec 18 '18 at 9:24
add a comment |
thanks for the answer, however I was looking for a different approach :)
– Anonymous Developer
Dec 17 '18 at 12:33
If you could just bypass the security, it wouldn't be particularly secure... "based on Unix" (BSD, actually) doesn't help with that, the people who added SIP are very aware of this.
– dirkt
Dec 17 '18 at 13:17
interesting...as I expected! Anyway you mind going a bit more deep into it? would there be anyway to physically get data out of the drive? as at the last it's just "hardware" so maybe we could look at the binaries and decode the file. I believe that if we could get hold of the entire SSD data even if encrypted would suffice. As there definitely would be some particular space that would hold the encryption key as well. @dirkt
– Anonymous Developer
Dec 18 '18 at 7:48
If you can get physical access to the SSD (take it out, connect it to a different computer) you can always get at the whole data. However, that's not (easily) possible e.g. on newer macbooks; the SSD is part of the motherboard. I haven't looked at the details of SIP, but with e.g. the T2 chip and TPM, they can in principle block access to the SSD, even if you try to access the "hardware" (SSD controller) directly. Encryption is irrelevant for that. But at the moment, it's (still) easy to disable SIP...
– dirkt
Dec 18 '18 at 8:33
Thanks for the support :) it was really helpful. So basically although it's tough to get the hardware out but still if one manages then it can be read/decyphered. that's pretty cool. I guess that's why FBI and other agencies have problem extracting data from recovered ios devices (If it's complicated for a PC then it's super complicated for a tiny iphone). Thanks!
– Anonymous Developer
Dec 18 '18 at 9:24
thanks for the answer, however I was looking for a different approach :)
– Anonymous Developer
Dec 17 '18 at 12:33
thanks for the answer, however I was looking for a different approach :)
– Anonymous Developer
Dec 17 '18 at 12:33
If you could just bypass the security, it wouldn't be particularly secure... "based on Unix" (BSD, actually) doesn't help with that, the people who added SIP are very aware of this.
– dirkt
Dec 17 '18 at 13:17
If you could just bypass the security, it wouldn't be particularly secure... "based on Unix" (BSD, actually) doesn't help with that, the people who added SIP are very aware of this.
– dirkt
Dec 17 '18 at 13:17
interesting...as I expected! Anyway you mind going a bit more deep into it? would there be anyway to physically get data out of the drive? as at the last it's just "hardware" so maybe we could look at the binaries and decode the file. I believe that if we could get hold of the entire SSD data even if encrypted would suffice. As there definitely would be some particular space that would hold the encryption key as well. @dirkt
– Anonymous Developer
Dec 18 '18 at 7:48
interesting...as I expected! Anyway you mind going a bit more deep into it? would there be anyway to physically get data out of the drive? as at the last it's just "hardware" so maybe we could look at the binaries and decode the file. I believe that if we could get hold of the entire SSD data even if encrypted would suffice. As there definitely would be some particular space that would hold the encryption key as well. @dirkt
– Anonymous Developer
Dec 18 '18 at 7:48
If you can get physical access to the SSD (take it out, connect it to a different computer) you can always get at the whole data. However, that's not (easily) possible e.g. on newer macbooks; the SSD is part of the motherboard. I haven't looked at the details of SIP, but with e.g. the T2 chip and TPM, they can in principle block access to the SSD, even if you try to access the "hardware" (SSD controller) directly. Encryption is irrelevant for that. But at the moment, it's (still) easy to disable SIP...
– dirkt
Dec 18 '18 at 8:33
If you can get physical access to the SSD (take it out, connect it to a different computer) you can always get at the whole data. However, that's not (easily) possible e.g. on newer macbooks; the SSD is part of the motherboard. I haven't looked at the details of SIP, but with e.g. the T2 chip and TPM, they can in principle block access to the SSD, even if you try to access the "hardware" (SSD controller) directly. Encryption is irrelevant for that. But at the moment, it's (still) easy to disable SIP...
– dirkt
Dec 18 '18 at 8:33
Thanks for the support :) it was really helpful. So basically although it's tough to get the hardware out but still if one manages then it can be read/decyphered. that's pretty cool. I guess that's why FBI and other agencies have problem extracting data from recovered ios devices (If it's complicated for a PC then it's super complicated for a tiny iphone). Thanks!
– Anonymous Developer
Dec 18 '18 at 9:24
Thanks for the support :) it was really helpful. So basically although it's tough to get the hardware out but still if one manages then it can be read/decyphered. that's pretty cool. I guess that's why FBI and other agencies have problem extracting data from recovered ios devices (If it's complicated for a PC then it's super complicated for a tiny iphone). Thanks!
– Anonymous Developer
Dec 18 '18 at 9:24
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1385149%2fis-there-any-way-to-check-the-ssd-of-a-macos-in-binary-hexadecimal%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
