uarpd

executablemacOS1.9 MBx86_64, arm64

Network packet analyzer — captures and processes raw network traffic for diagnosis

Captures raw network packets at the link layer using packet capture libraries, enabling traffic inspection and network diagnostics. Communicates with hardware and kernel drivers to access network interfaces directly. Submits analytics and diagnostic data to Apple endpoints via the unified analytics framework. Exposes six XPC services for inter-process communication and maintains access to multiple file paths and Mach services for low-level system interaction. Contains telemetry reporting and connects to multiple network endpoints for data submission.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 1.9 MB
UUID: 203982F2-2258-3C20-B16B-4475E610CCC9
Analyzed: 2026-04-09T10:10:33Z
CDHash: 7d25ba2f9a5c9c12e6c9cd0863779f06fd8b0614b78116660929181a48b5834d

Capabilities

NetworkRaw packet capture library

/usr/lib/libpcap.A.dylib

StorageException: access additional file paths

com.apple.security.exception.files.absolute-path.read-write

/private/var/db/accessoryupdater/

HardwareDirect hardware/driver communication

/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

IpcException: access additional Mach services

com.apple.security.exception.mach-lookup.global-name

com.apple.SBUserNotification com.apple.installerauthagent com.apple.AppSSO.service-xpc com.apple.uarpassetmanager.uarp

AnalyticsApple unified analytics submission

/System/Library/PrivateFrameworks/CoreAnalytics.framework/Versions/A/CoreAnalytics

Frameworks13

libauthinstall.dylib libcompression.dylib libpcap.A.dylib GeoServices(weak)UARPAssetManager Foundation UARPKit libobjc.A.dylib libSystem.B.dylib CoreFoundation IOKit CoreAnalytics libMobileGestalt.dylib

Interesting Strings

Bundle IDs(56)

com.apple.application-identifier com.apple.private.corespeech.xpc -com.apple.private.xpc.launchd.per-user-lookup .com.apple.private.osanalytics.write-logs.allow .com.apple.softwareupdatesso.tokenaccessallowed

File Paths(17)

!/private/var/db/accessoryupdater/0 /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit /System/Library/PrivateFrameworks/CoreAnalytics.framework/Versions/A/CoreAnalytics

telemetry(46)

#MappedAnalytics -[UARPHostManager createTempFolderAnalyticsAssets:error:]-[UARPHostManager createTempFolderMappedAnalyticsAssets:error:]-[UARPMappedAnalyticsEvent initWithEventFields:eventID:endian:]-[UARPMappedAnalyticsTLV initWithDictionary:endian:]

URLs & Endpoints(6)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><string>com.apple.compilers.llvm.clang.1_0</string>https://gs.apple.com:443

Network Surface

Networking Frameworks

CoreFoundation Foundation

Endpoints(11)

Urlhttps://gs.apple.com:443

Hostnamegs.apple.com

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

Hostnamewww.apple.com

Hostnamemacosx26.1.internal

Urlhttp://www.apple.com/appleca/root.crl0

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

API Usage

Methods

-[UARPEndpointConfiguration initWithURL:]-[UARPEndpointControllerInternal endpointControllerExportDynamicAsset:endpointUUID:dynamicAssetURL:reply:]-[UARPEndpointControllerInternal endpointControllerExportPersonalizedAsset:endpointUUID:personalizedAssetURL:reply:]-[UARPEndpointControllerInternal endpointControllerSolicitAsset:assetTag:assetURL:assetUUID:]-[UARPHostManager solicitAssetByAssetTag:hostEndpoint:assetURL:assetUUID:]-[UARPRTKitFTAB initWithURL:]-[UARPRTKitFTABSubfile initWithURL:offset:length:subFileTag:]-[UARPSuperBinaryLayer3 initWithURL:assetUUID:assetTag:tmpFolderPath:]-[UARPSuperBinaryLayer3 initWithURL:assetUUID:tmpFolderPath:]

DNA Capability Vector

Location

0

Keychain

0

Network

1

Storage

1

Hardware

1

IPC

1

Analytics

1

Security

0

System

0

Behavioral Profile

URL Endpoints

6

Telemetry Strings

46

File Paths

17

Bundle IDs

56

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Code151812510cf84f8ac9ceb62737d8a4945b492b2c3f9921610876a5427d5842af

Importsbb742b6d985ff5a9b288d943756bcd08deeaeb464d2b3ef98764db2c716e34c7

Frameworksb96e43107719d052f61f0fd2332da77f4bd5b5a8360d2665d620ca16c043a10c

Classes6ca0b623c31f66908942628a80e5d6a75a41d540effd78258bad64d15c29c2c6

Entitlements348064bdf46f1c5e9bbb32fd53fef24dbad75c994de7a909c88e32160f6f4b27

Symbols476f101f501ad6ce9e472b727dd3da3c3b9fc28ce7700741b0a69bb386536ed6

Static Libraries0 / 3134 functions identified

Functions(3134)

0x100001128-[BloodhoundPacketDumper initWithFileName:]

0x100001208-[BloodhoundPacketDumper initWithDumper:]

0x10000125c-[BloodhoundPacketDumper dealloc]

0x1000012c0-[BloodhoundPacketDumper dumpPacket:type:metadata:metadataLength:]

0x100001420-[BloodhoundPacketDumper .cxx_destruct]

0x10000142c-[UARPAssetMTIC init]

0x1000014b8-[UARPAssetMTIC processAsset:tmapSnapshot:]

0x100001910-[UARPAssetMTIC postToCoreAnalytics]

0x100001af0sub_100001af0

0x100001af8sub_100001af8

0x100001b00sub_100001b00

0x100001b08-[UARPAssetMTIC prepareForSysdiagnose:]

0x100001c20-[UARPAssetMTIC prepareEventForSysdiagnose:sysdiagnoseFolder:]

0x100001eb8-[UARPAssetMTIC setupEventFolder:sysdiagnoseFolder:]

0x1000021bc-[UARPAssetMTIC contributeSysdiagnoseMetrics:eventFileURL:]

0x100002474-[UARPAssetMTIC writeSysdiagnoseMetrics:fileHandle:error:]

0x100002540-[UARPAssetMTIC .cxx_destruct]

0x100002584sub_100002584

0x10000259csub_10000259c

0x1000025acsub_1000025ac

Imports182 symbols from 13 dylibs

libSystem.B.dylib80 libobjc.A.dylib31 Foundation18 CoreFoundation16 UARPKit10

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable

uarpassetmanagerd

audioclocksyncd

BTLEServerAgent

gamecontrollerd