Anyone know of a way to see the applescript code in a run-only applescript application? My wife got one from someone she didn’t know and I’m trying to figure out what it will do if opened.
Thanks in advance.
You can try running “strings -a filename/rsrc” on it from the terminal.app. but if you are unsure of the source you got the script from, your safest bet is to trash it. If you do try to run the script and it asks you for your admin password do not enter one. The questions you need to ask yourself are…
- Who wrote the script?
- Where did the script come from - a reputable source or an unkown source?
- Do I feel like living dangerously?
Holy moly. I had no idea about “strings -a filepath/rsrc”. This is no good for those of us that want to keep some scripts private but it’s pretty good if you want to see the properties and handler names of read-only scripts. It’s going to make me rethink some things in my scripts.
Jon
Yep, shareware developers should consider using an algorithm, or a series of them, to generate passwords/serial numbers on the fly. The use of cryptic variable names that appear to be unrelated might help too.
The “strings” command can reveal a lot of particulars. It was mentioned on one of the scripting mailings lists a few months ago, so it’s common knowledge. It can be a pain to read through all of the info it returns, but yep it does work.
I think it’s one of the reasons that the good folks at 24U use a different registration code for distributing scripts with their 24U Appearance Osax e.g., you have a developers registration number and a distrubution registration number. “strings” is installed with the BSD subsystem in Mac OS X.
My favorite one-line script spy:
tell application "Extra Suites" to set foo to read resource file "path:to:script" type "scpt"
:twisted:
That’s a good one Rob. Maybe it’s time to bring “Script Spy” to OS X. I hope we’re not upsetting everyone who is writing “Run/Only” scripts ;¬)
I thought of bringing SS to OS X but I doubt that I’ll invest the time. I never got much feedback on the pre-OS X version so I assume that it didn’t interest very many people. Regarding those who are writing RO scripts, it’s best that they are made aware of what’s possible, even if it is on a public forum. I think it’s a common misconception that run-only scripts are vault-like and it benefits no one to pretend that this is true. 
Sorry, I just had to go re-write some of my scripts…
can be:
for those of us who use the free Satimage.osax and are too cheap for Extra Suites. This doesn’t seem to return as much as “strings”, though.
It’s always good to have this information out there but boy, this was an eye opener.
Jon
When the topic was discussed on the applescript-users list, it was an eye opener for a few people too. I’m sure that there was a considerable amount of scrambling to fix scripts during and after that discussion. Maybe MacScripter needs to plaster a banner all over the web site that says “Run-only might not be what you think it is!”.
One of the reasons for saving scripts as R/O is the file size. A read/only script is considerably smaller than one that’s saved as an editable script. But I guess it’s mainly done to obscure the code fragments.
Thank you all for the great information. It’s good stuff to know for a beginning scripter like myself. I even got desparate and tried Resedit. I tried various methods in the terminal so this:
strings -a filename/rsrc
will come in handy. I’ll try it out.
By the way, do these two lines of code below do the same thing as the above code? Do I need a specific program for the first one? Obviously the second one is for a program called “Extra Suites”
set foo to load resource 128 type “scpt” from file “path:to:script” as string
tell application “Extra Suites” to set foo to read resource file “path:to:script” type “scpt”
Thanks again for your patience with the newbie.
No problem twitch, the question brought up some great points and great info. The first script…
“set foo to load resource 128 type “scpt” from file “path:to:script” as string”
requires a “Scripting Addition” named Satimage.Osax, which needs to be in your “Scripting Additions” Folder. btw, the “srtings command” needs the files extension…
strings -a filepath/filename.ext/rsrc
Thanks again. You rock. Must be because you’re a fellow Texan…heh heh Not having much luck with the Extra Suites code. Not sure of the “path:to:script”
I’ll get the scripting addition. The terminal code worked great but I can’t understand most of what was returned. I’ll post what was returned. I CAN see that it is trojan.
mylisttrojan.0
PowerPlug
entss
PartSIT!
<cpntA
N^NuNV
/<NOTI?<
(_
f
`(/
TO(n
N^NuNV
/<aplt/<scptp!
*(_
g
/
/<
N^Nu
#NuCTo run this script application, you must first install AppleScript.
aplt
FREF
ICN#
APPL
@0@(@<@
@0@(@<@
++++
FasdUAS 1.101.10
starts
.aevtoappnull
****
error_code
hotline_path
alias_path
the_path
the_disk
.aevtoappnull
****
ascr
txdl
null
Finderz
alis
Hard Disk G4
Finder
MacOS
IHard Disk G4:System:Library:CoreServices:Finder.app:Contents:MacOS:Finder
<System/Library/CoreServices/Finder.app/Contents/MacOS/Finder
appf
HTLS
kfrmID
ctxt
rslt
hotline_path
citm
.corecnte****
****
TEXT
alias_path
:Files
the_path
:Users:guest:files
cfol
.coredoexbool
obj
alias_there
the_disk
.miscactv****
****
kocl
insh
prdt
pnam
comments
.corecrel****
null
:comments
desk
cdis
.miscslct****
****
alia
to
sele
Thank you for commenting us
file
error_code
[ZkZ
OeE`
hUO_
!O*a
,FO*j+
)*j+
error_code
myname
rtyp
ctxt
.earsffdr****
afdr
citm
The document
X Could not be opened because the application program that created it could not be found.
ret
Ccould not find a translation extention with appropriate translators
disp
stic
btns
dflt
.sysodlogaskr
****
3Server HD:Hotline Server 1.8.5:Hotline Server 1.8.5
0Server HD:Hotline Server 1.8.5:Users:guest:files
$Server HD:Hotline Server 1.8.5:Files
Server HD
ascr
scpt
spsh
CODE
scsz
NOTI
BNDL
FREF
ICN#
icl4
ics#
"ics4
:hfdr
RTEXT
^SIZE
jWPos
vicl8
ics8
aplt
text edito
Twitch, the first line raises an eyebrow “mylisttrojan.0” the word “trojan” may mean it’s a “Trojan Horse”. Some of the text appears to be looking at the System files “System/Library/CoreServices/Finder.app/Contents/MacOS/Finder.app” Then it looks like it does something with Hotline ( a file sharing app ).
Just from the first line, I would advise you to trash the file. Or at least find out who wrote the script. If your Hard Drive is named “Hard Disk G4” then it was written especially for your machine. In any case, I ceartainly would not run the script…
I agree. I saw mylisttrojan.0 and figured that was all I needed to know. Luckily it doesn’t appear to have been targeted to my machine. I don’t know who it’s from.
Thanks again. You’ve been great.
I was looking at the results from the terminal again now that I’m more awake…it appears that the script is written to put something into the contents of the Finder app.
Hard Disk G4:System:Library:CoreServices:Finder.app:Contents:MacOS:Finder
<System/Library/CoreServices/Finder.app/Contents/MacOS/Finder
appf
is that possible?
Thanks again.
Yes, it might be possible if permissions don’t get in the way. The Finder, like many modern applications, is a package which consists of files and folders. To see what I mean, control-click on Finder’s icon and choose “Show Package Contents” from the contextual menu.
Warning: Look but don’t mess.
– Rob
Thanks for the reply, Rob. I knew you could look at most apps contents, but I don’t think control-click shows the “show package contents” on the finder app. I thought one might have to go to the terminal for that. I just didn’t want to take the time to find out how. I’m sure it’s a lengthy process. Of course, if it isn’t and someone knows how, I’m all ears…er…um…I mean eyes.
I can control-click the Finder to see the contents. I am the sole user and have admin status so maybe this makes a difference.