Mac os process debugging

Kamil Pazik
Jul 28, 2017 · 3 min read

Are you sometimes wondering what 3rd party apps are doing and how ?

First you need to bear in mind to have brew installed. Then just install some stuff like lsof

Brew is mac os package manager https://brew.sh/

Lets just have fun with Spotify. Just launch some terminal

ps aux | grep -i spotify #there are couple processes...

Now we want to know what files those processes are using, so lets make some list.

ps aux | grep -i spotify | awk '{print $2}'# lets take first pid from the list
ps aux | grep -i spotify | awk ‘{print $2}’

so lets take a look on open files for parent process (707)

lsof -p 707
lsof -p 707

There is quite many results. But something can tell us there are interesting files in /Users/user/Library/… so lets go there and lanuch fswatch

fswatch is a kind of monitor application. Similar to inotify in linux

cd /Users/kamil/Library/Caches/com.spotify.client/Data
# bear in mind to change username

lets look on fswatch

fswatch . # dont kill this 
Nothing when music is stopped

Lets play a little bit with next / previous and play button.

Play with Spotify

Again look at terminal

Its the place where probably music cache files are stored

what the file is ?

file 0e/0e54c00a1ac3c3865fe30547b2f7d8fd42ef774b.file
file command give us nothing

So lets take look on strings

strings 0e/0e54c00a1ac3c3865fe30547b2f7d8fd42ef774b.file
strings of file

Doesn’t look like any familiar file type

So let’s check entropy of the file using this script http://www.kennethghartman.com/calculate-file-entropy/ — download the code and launch

result on spotify file check

So is it some proprietary compressed file, let me check with some rar/ zip file

locate *.zip # just take some random zip file

Then launch script again

Python2 /tmp/entropy.py /usr/local/Homebrew/Library/Homebrew/test/support/fixtures/cask/container.rar

So looks like now we can be certain that those files are some compressed music files

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade