Github Mac App Store
Facial recognition macos app. Yngve Åström asked if anyone knew how to tell which Apple ID installed an app store app on the MacEnterprise mailing list:
Is it just me or have anyone been able to read something useful out of the app/Contents/_MASReceipt/receipt?I’m looking for a way to find out which account was used to by an app, the _MASreceipt library looked like the right place to look.Doesn’t matter how I trie to read the receipt all I get is bits of readable info that makes very little sense to me.Looks like binary peaces of certs but nothing close to an AppStore account.The /Users/myuser/Library/Preferences/com.apple.storeagent.plist AppleID will tell me what account I’m using now but that’s it.Where can I find which account was used to by a particular app? In this case Server.app…Is it even possible to find out?
Let’s poke around and see what’s inside those receipt files the Mac App Store puts inside every app bundle. The receipt file itself is a PKCS #7 container, as defined by RFC2315, with its payload encoded using ASN.1. We can look at its certificates using openssl’s pkcs7 command:
Activate MS Office 2019/2016 for macOS - MicrosoftOffice2019VLSerializer Office 2019 above. Note that Office2019 DO NOT support activate via simple copy/paste plist license file which is the simplest way to activate Office 2016.
- The app had to do something meaningful in order to submit it, and to be accepted, so I came up with the idea of creating a cronjob editor app. It’s also useful, and would also explain why I have a crontab files embedded. Here is my journey: Apple developer ID. In order to submit any App to the store you have to sign up for the developer program.
- Developers left the Mac App Store because distributing apps via the web was ultimately more convenient than dealing with App Review, and I’m worried the same thing would happen on iOS. Requiring a computer, however, would still allow developers to distribute apps not allowed in the App Store, while also raising the barrier-to-entry enough to.
- # Open Mac App Store to download macOS installer app. We use optional third-party analytics cookies to understand how you use GitHub.com so we can build better.
- The app also lets you view code, as shown in the below screenshot from the app’s App Store page, but you can’t actually edit any code within the app: Image: GitHub. The app first launched in.
You’ll see that it contains a certificate chain with Apple’s root CA, the developer CA, and the receipt signing certificate. There’s a signed payload in the receipt as well, which we can see if we dump the ASN.1 data using openssl’s asn1parse command:
The first big blob of hex is a payload signed with sha1. This payload is also encoded using ASN.1, so let’s decode it and save it as a separate file, payload.asn:
Github Mobile App
Mac mini restore disk download. With it saved to disk let’s see what asn1parse has to say about it:
We can see that the payload is composed of a set of attributes, defined by two integers and an octet string. The first integer is the attribute type, the second its version (so far always 1), and the octet string its value. How the octet string is interpreted depends on the attribute type, and Apple has reserved most for private use, but a few are public:
| Type | Definition | Value Interpretation |
|---|---|---|
| 2 | Bundle identifier | UTF8STRING. |
| 3 | Application version | UTF8STRING. |
| 4 | Opaque value | A series of bytes. |
| 5 | SHA-1 hash | 20-byte SHA-1 digest value. |
| 17 | In-app purchase receipt | Further down the ASN.1 rabbit hole. |
Bundle ID and app version are self explanatory, and the SHA-1 hash is used to verify that the app bundle hasn’t been modified. IAPs have their own receipt following the same principle as the main receipt, leaving only the mysteriously named “Opaque value”:
From Apple’s documentation we can see that it’s used together with the computer’s GUID in computing the verification hash. The ASN.1 specification tells us that it’s an integer (0x02) and that it’s four bytes long (0x04). Let’s print it as a decimal integer:
Github Ipad
Still pretty opaque. Haven’t I seen that integer somewhere else though? Indeed I have: /mac-app-bundles-2018.html.
Download Github App
Bingo - it’s the numeric app store user ID tied to my Apple ID. While we can’t directly determine which Apple ID installed a certain app, we can build a list of DSPersonIDs and their corresponding Apple IDs and get it that way.