Urgent Question - Telling the Difference Between 2 Apps

Hi, everyone. The following is rather abstractish.

I’m looking for a way (in Applescript) to compare two applications and return whether they are identical or not. The Info For command is not useful in this case, because the two applications could have the same info.

Think of a hacker replacing, for instance, FireFox.app in the applications folder with a new malicious program under the same name. Everything is perfect. He throws in some large files into his application bundle to make it appear to be a large application. The icon’s there. Creation date. Everything. But somewhere, somehow, there must be a way to tell the computer that it is NOT the same as the original.

Is anyone aware of a comparison method that could do this?

Thank you in advance. :slight_smile:

The system allow you to have two identical files on the system because a folder can only contain unique file names. The folder is the file that binds the file name with the node on your hard drive. So I think this is the first place to look for differences between files.

Then there is of course the difference check between the content of two files. Applications are bundles and they contain info.plist files. If the content of those two files are identical these applications are indeed identical (except for it’s file name and/or path).

For security checks (for an application that looks like firefox but is bad software) you should compare machine code with each other. In the bundle the Mac OS folder there is for firefox an firefox-bin file. Compare these two executables because if there is literally one bit of difference between those two they are indeed different.

Many thanks! That is very helpful.

I did some research and discovered the Developer tool “opendiff”, accessed through the command line, which effectively can tell if there’s a difference between two files.

My only problem is that opendiff has a UI. I know, that normally wouldn’t be a problem. But what I want is to somehow do the comparison completely CLI. Is there a way of fetching the comparison data from opendiff? (Or a whole other way of comparing the two executables?)

Thanks for your time.

I’ve never used diff but maybe diff is the command line utility for you. But i’m not sure if it works with directories (an .app is a directory in shell). So if you comapre executables maybe comparing MD5 strings can help you too.

How would I compare MD5 strings? Sorry for noobishness, but a search brought up nothing.

Using do shell script to calculate a checksum for each file and compare the results should do it, no?

A simple shell command like.

set checkSum to do shell script "md5 -q '/heres/the/file.ext'"

.will produce a 32-character hex result, and comparing two such strings should be painless.

Okay, new problems.

The MD5 strings for the Unix Executables are unique on every computer. So that angle of differentiating two applications seems not to be of any use.

Is there any info that you can draw from an app that is unique from other applications, yet the same with that application from computer to computer? I know, I know, I’m really fishing now. Any help at all people might have would be great.

For example: how would I write a script that launches and checks whether, for instance, the bundle /Applications/Firefox.app is actually going to launch the web browser Firefox? (Or iTunes actually launches iTunes, etc)

I know it sounds simple, but throw in the fact that there’s someone out there designing a fake application just to fool you and your applescript. How can I tell the difference?

Any help would be much much appreciated.

It depends on what you want to check. For /bin/echo most echo’s are unique on much systems but UNIX executables who are copied remains the same. So when two machine’s copies FireFox (download) the md5 result will be the same from 8teh executable because the checksum of the source remains the same for every copy installed on every machine around the world. So In my opinion you’re checking for versions not of Mac OS X applications but for unix executables. Comparing versions of unix tools like echo between systems I haven’t checked how to do it and don’t know if that is even possible.

Never mind, I was wrong. The MD5 strings were equal all along. Thanks again everyone. Got it working.