0

Discussion under this answer in Space Exploration SE links to items in NAIF; NASA Planetary Data System Navigation Node links for MacIntel_OSX_64bit

I'm looking at these two.

spy.ug is a readme-like text file that displays in my browser, but spy downloads what Finder tells me is a text document. However I won't view it with the TextEdit app because it gives me a warning about security. It also suggests I can open it with iTerm which I assume will go ahead and run it.

I've opened it with SublimeText2 and it seems to be binary, which probably means I'll never know what it does.

Question:

  1. How can I find out what's in this NASA JPL "Spy" command line program for macOS and what it does exactly in terms of security issues?
  2. How can I find out how safe it is?

Beginning of spy.ug:

Spy User's Guide
===========================================================================
 
   Last revised on 2012 SEP 19 by N. J. Bachman.
 
 
Abstract
--------------------------------------------------------
 
   Spy is a command-driven utility for validating, inspecting, and
   analyzing SPK files.

enter image description here

enter image description here

uhoh
  • 1,385
  • 1
  • 11
  • 21
  • The obvious security issue is that it appears to include data for spacecraft, some of which may be used for military or defense purposes. If you are a large country you might use this data to start a war, but only if you also have a capable enough military to fight the war, and in that case you probably also have your own observing systems and don't need this program. For an individual person, there is very unlikely to be any issue, especially if it was written in Fortran 77 as claimed -- and you could certainly look for artifacts typical of F77 compilers, although those _could_ be faked – dave_thompson_085 Jan 27 '21 at 04:43

1 Answers1

1

spy.ug is a readme-like text file that displays in my browser, but spy downloads what Finder tells me is a text document.

It is not a text document. It is a Mach-O 64-bit x86_64 executable.

How can I find out what's in this NASA JPL "Spy" command line program for macOS and what it does exactly in terms of security issues?

You could spend a long time learning how to reverse engineering Mach-O executables and then spend a long time reverse engineering the Mach-O executable.

How can I find out how safe it is?

Do the above analysis which will take a long (long) time.

Alternatively, if you have any contextual information that might allow you to make an informed decision without going through all the binary reverse-engineering analysis, maybe you could try that approach.

Alternatively, you could run the file on a virtual machine and check to see if it starts on virtual fire, or whatever.

hft
  • 4,910
  • 17
  • 32
  • 1
    Okay I see; even if I learned how to run a virtual machine I wouldn't be able (know how) to smell the virtual smoke of a virtual fire, so I will take the informed decision approach (internet download executable = *run away!*) Thanks! – uhoh Jan 26 '21 at 10:52