Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
keynote-parser
is a Python module for unpacking and re-packing
Apple Keynote .key
files. It supports Keynote
files generated by Keynote version 12.2.1 (current as of December 2022).
Keynote uses a proprietary, compressed binary format to store its presentations.
This format is comprised of a zip file containing images and videos, as well as
Snappy-compressed
Protobuf .iwa
files containing
metadata, text, and all other definitions used in the presentation.
keynote-parser
unpacks these component files into .yaml
files in a directory,
making them editable by text editors and/or scripts, then allows re-packing of these
files into a working Keynote archive.
What could you use this for? Well, I use it to allow versioning of Keynote files in Git, which makes diffs more understandable (rather than binary), as well as modifying text in Keynote files in response to external scripts. (e.g.: figures that update from databases before giving a presentation)
pip3 install keynote-parser
# Unpack MyPresentation.key into ./MyPresentation/
keynote-parser unpack MyPresentation.key
# Re-pack ./MyPresentation/ into MyPresentation.out.key
keynote-parser pack ./MyPresentation/
# List the files within a Keynote archive
keynote-parser ls MyPresentation.key
# Dump a particular .iwa file into its yaml representation on stdout
keynote-parser cat MyPresentation.key /Index/Slide-00001.iwa
# Replace text within a Keynote file in-place
keynote-parser replace MyPresentation.key --find "hello world" --replace "hello dolly"
keynote-parser
supports reading a list of replacements from a JSON file passed in
as --replacements
. This file must have the form:
{
"replacements": [
{
"find": "regexp to search for",
"replace": "string to replace with"
},
...
]
}
This argument can be passed to keynote-parser replace
to replace text in a Keynote
file in-place. It can also be passed to keynote-parser pack
to pack a directory
into a Keynote file, replacing text along the way.
The replacements
json format can also be used to replace images in a Keynote file.
To do so:
keynote-parser ls
command to determine the name of the image to replace.find
pattern to the image's name, with the -\d\d\d
suffix removed.replace
field to the local path to the replacement image.keynote-parser
will automatically rescale the replacement image to fit all of the
sizes of the target image.
Note that between Keynote 10.2 and Keynote 11.2, a number of Protobuf definitions
used by Keynote have changed names. keynote-parser
does not yet support
backwards compatibility: it can only read .key
files as the
currently-supported Keynote version would, and will write .yaml
output with
keys that match the current names of the keys. This means that .yaml
files
generated with older versions of keynote-parser
may not be readable by with
v1.11.2.1 or higher of keynote-parser
.
Until this issue is fixed (if it's ever fixed) - to properly read .yaml
files
created by older versions of keynote-parser
:
keynote-parser
to read the file.key
(or .iwa
) file with that older versionkeynote-parser
.iwa
file in the newer version of keynote-parser
As keynote-parser
includes Protobuf definitions extracted from a copy of Keynote,
new versions of Keynote will inevitably create .key
files that cannot be read by keynote-parser
.
As new versions of Keynote are released, updates to keynote-parser
can be made automatically
by running the following on a macOS machine with Keynote installed:
# protobuf>=3.20.0rc1 must be installed, with the C++ runtime
# on Intel, this can be done with "pip install 'protobuf>=3.20.0rc1'"
# on Apple Silicon, this may require a manual build from source
cd dumper
make clean
make
snappy/snappymodule.cc:31:10: fatal error: 'snappy-c.h' file not found
This means you're missing the Snappy libraries. Install Snappy via whatever method your OS supports. e.g. brew install snappy
, sudo apt-get install libsnappy-dev
, etc.
keynote-parser
was built by Peter Sobot but heavily based on prior
work by Sean Patrick O'Brien.
A copy of O'Brien's format documentation is included in the docs
folder for posterity.
All code in this repository is licensed under the MIT License.
Copyright 2019-2022 Peter Sobot
Permission is hereby granted, free of charge, to any person obtaining a copy of this software
and associated documentation files (the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge, publish, distribute,
sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or
substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
A tool for manipulating Apple Keynote presentation files.
We found that keynote-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.