Article:		Mac Security: Identifying Changes to the File System
Subject:		check out ctool
Date:		2005-10-08 04:13:49
From:		otto
I know of no checksum utility that examines the structure of a file to decide what data to use for the checksum and what to exclude. Well, I do :-)<br/> ctool produces MD5 and SHA-1 checksums while ignoring prebinding information. Unfortunately, ctool's former homepage at http://www.macsecurity.org/tools/ctool/ has vanished, but is still available in the web archive at http://web.archive.org/web/20041009215130/http://www.macsecurity.org/tools/ctool/ .

Showing messages 1 through 1 of 1.

• check out ctool
  2005-10-08 09:28:07  peterhickman [View]
  
  
  Interesting, but as the page states it cannot be used to verify an executable. However you could use the normal checksum to flag up that something has changed and then use ctool to show if the changes were just in the prebinding or the actual code itself.
  
  The package itself is available from Darwin Ports at [http://packages.opendarwin.org/Tiger-Packages/ctool-1.2.3.mpkg/].
  
  Having said that I have yet to find prebinding changes to be a problem. But it is good to know that there is a solution should it be needed. Thanks for bringing it up.