Skip to content
/ SwiftParseTCC Public

Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format

37 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

slyd0g/SwiftParseTCC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
SwiftParseTCC.xcodeproj
SwiftParseTCC.xcodeproj
 
 
SwiftParseTCC
SwiftParseTCC
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
example.png
example.png
 
 
example2.png
example2.png
 
 

Repository files navigation

SwiftParseTCC

Help

Output

Description

This tool leverages the research linked below to understand the contents of TCC.db. Uses "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format. Can output as a pseudo table viewable in the terminal or as a text table which is viewed best in a text editor.

Usage

  • Dump global TCC.db as a pseudo table
    • ./SwiftParseTCC -p "/Library/Application Support/com.apple.TCC/TCC.db"
  • Dump user TCC.db as a text table (best viewed in a text editor)
    • ./SwiftParseTCC -path "~/Library/Application Support/com.apple.TCC/TCC.db" -table

Note

The base64 encoded blobs are binary blobs that describe the code signing requirement. This is used to prevent spoofing/impersonation if another program uses the same bundle identifier. They can be decoded using the csreq binary as follows:

slyd0g@Justins-MBP ~ % echo "+t4MAAAAADAAAAABAAAABgAAAAIAAAASY29tLmFwcGxlLlRlcm1pbmFsAAAAAAAD" | base64 -d > lol.bin
slyd0g@Justins-MBP ~ % csreq -v -r lol.bin -t
identifier "com.apple.Terminal" and anchor apple

References

About

Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format

Resources

Readme
Activity

Stars

37 stars

Watchers

6 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages