sfltool

executablemacOS240.7 KBx86_64, arm64

Code signing and certificate validation — verifies and manages code signatures and certificates

Validates code signatures, manages certificates, and enforces code signing policies as a Security framework extension. Accesses Keychain to retrieve and validate certificates for authentication and trust evaluation. Communicates with Apple's certificate validation services via four network endpoints to check certificate revocation and obtain trust anchors. Exposes two XPC services for other system components to request signature and certificate validation operations. Handles 16 bundle identifiers, indicating integration with multiple macOS subsystems that require code signing verification.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 240.7 KB
UUID: DA984848-5DC6-32BF-81E6-99464B6EC41D
Analyzed: 2026-04-07T05:21:12Z
CDHash: 61ad62e00aae7471192136f01fefa2f322785d9847ff5a11632570222e0ecc92

Capabilities

SecuritySecurity framework extensions

/System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation

SecurityKeychain, certificates, code signing

/System/Library/Frameworks/Security.framework/Versions/A/Security

Frameworks12

BackgroundTaskManagement CoreServices Foundation SecurityFoundation Security libarchive.2.dylib libncurses.5.4.dylib libTLE.dylib(weak)libobjc.A.dylib libc++.1.dylib libSystem.B.dylib CoreFoundation

Entitlements3

com.apple.private.coreservices.canaccessanysharedfilelist read-only

com.apple.private.coreservices.canmanagebackgroundtaskstrue

com.apple.private.sharedfilelist.exporttrue

Interesting Strings

Bundle IDs(16)

'com.apple.private.sharedfilelist.export 7com.apple.private.coreservices.canmanagebackgroundtasks 9com.apple.private.coreservices.canaccessanysharedfilelist <key>com.apple.private.coreservices.canaccessanysharedfilelist</key><key>com.apple.private.coreservices.canmanagebackgroundtasks</key>

File Paths(8)

/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation /System/Library/Frameworks/Security.framework/Versions/A/Security /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation

telemetry(1)

_os_variant_has_internal_diagnostics

URLs & Endpoints(4)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">https://www.apple.com/appleca/0

Network Surface

Networking Frameworks

CoreFoundation Foundation SecurityFoundation

Endpoints(7)

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

Hostnamewww.apple.com

Urlhttp://www.apple.com/appleca/root.crl0

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

API Usage

DNA Capability Vector

Location

0

Keychain

0

Network

0

Storage

0

Hardware

0

IPC

0

Analytics

0

Security

2

System

0

Behavioral Profile

URL Endpoints

4

Telemetry Strings

1

File Paths

8

Bundle IDs

16

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Codea20652b03bd3c09c5dac38128ba8c7af14a5fb21bd29186848ad1c71120e0616

Imports60a980acee1ed972b583f6383e2dd51935930507e476ac059e8af54289e1a4c6

Frameworksf37fbed312ec0da9e5677b66fe6bbffcd40dcb1467b8caced96a345930d6fd7a

Classes1b0775ee5250c0d81cbee758ed2f2cf3c4f0e322a9dc825f7b5d443c5c30c9aa

Entitlements07d80e662501dda59d2a0a9bfcdd358881d49edc34be9635aed81784cfa10196

Symbols4e9defd0ff00699a4332effb9cf3c272cda4c94e5d178c5431c03cea75c290ad

Static Libraries0 / 192 functions identified

Functions(192)

0x100001028sub_100001028

0x100001120sub_100001120

0x100001130sub_100001130

0x10000134csub_10000134c

0x100001398sub_100001398

0x1000013a8sub_1000013a8

0x1000013b8sub_1000013b8

0x1000013c8sub_1000013c8

0x1000013d8sub_1000013d8

0x1000013e8sub_1000013e8

0x1000013f8sub_1000013f8

0x100001408sub_100001408

0x100001418sub_100001418

0x100001428sub_100001428

0x100001504sub_100001504

0x100001514sub_100001514

0x1000015e8sub_1000015e8

0x1000015f0sub_1000015f0

0x100001618sub_100001618

0x100001660sub_100001660

Imports169 symbols from 10 dylibs

CoreFoundation45 CoreServices34 libSystem.B.dylib31 libobjc.A.dylib24 Foundation16

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable

AssetCacheManagerUtil