This article is about simple steps to follow to convert .app file to .dmg file. The main reason for this article is , During an engagement, I had difficulty finding online article that explains seamless way to do this. Hopefully, this will help to create .dmg file from .app file in a seamless fashion.
We would take an example app called sample.app to create a sample.dmg file. The steps are very simple :
- Create sample.app using script editor on MacOS ( or any other way you prefer i.e. using swift , EmPyre )
- Once .app file is ready , create a folder and copy .app file in the folder
- After moving .app file into that folder , use disk utility from MacOS to create a .dmg file
Creating Sample App
Note : Skip this section if you already know how to create an .app file or already have a .app file you want to convert to dmg.
Let’s assume we want to create an app that opens browser and takes us to duckduckgo site. To do that :
- Open script editor
- Paste following command
For firefox Users : do shell script "open -a firefox -g https://duckduckgo.com"For Chrome Users :do shell script "open -a 'Google Chrome' -g https://duckduckgo.com"
- Save it as application from file format dropdown
Converting .app to .dmg
Now we are ready to convert .app to .dmg
- Create a folder called sample and move sample.app into that folder
- Open Disk Utility MacOS
- Choose File > New Image > Image From Folder
- Choose Documents > sample
- Click Save and your dmg file should be ready in a bit
Validating dmg File
Once sample.dmg file is created , just double click sample.dmg file and you will see you sample.app inside. Upon double clicking the sample.app , you would see that it open browser and takes you to duckduckgo ( or whatever it is designed for ).
Thus, it is very simple to create .dmg file out .app file on MacOS. You may not even have to visit this article once you have already created .dmg file out of .app file couple times.
It is important to know this ( which by the way I found out during engagement ) because during red team engagement , especially phishing
- .app files are actually folders that have to be zipped to be able to make downloadable on victim machine while .dmg file that doesn’t need zipping
- depending on the theme of your phishing , you might be better off with .dmg file as opposed to .app file.