.DMG Apple Disk Image
.dmg

Apple Disk Image

DMG is Apple's disk image format used to distribute macOS software. FileDex provides structural reference and format documentation — no mounting or execution is performed.

اقرأ المزيد ↓
بنية الصيغة
Header schema
Records structured data
x-apple-diskimage2000مملوك
بواسطة FileDex
غير قابل للتحويل

macOS disk image. Cross-platform conversion is not applicable.

أسئلة شائعة

How can I inspect the contents of a DMG file without mounting it?

On macOS, use `hdiutil imageinfo image.dmg` to view metadata and `7z l image.dmg` to list internal files. On Windows and Linux, 7-Zip can open DMG files and extract HFS+ contents directly. The `dmg2img` utility converts UDIF images to raw format for further analysis with filesystem tools.

Why can't file identification tools detect DMG files by their first bytes?

DMG files store their magic bytes ('koly', hex 6B 6F 6C 79) in a trailer block at the end of the file, not at the beginning. Most file identification tools and magic-bytes databases check only the first few bytes. This tail-end metadata design is unique to Apple's UDIF format and requires reading the final 512 bytes for positive identification.

Can FileDex convert DMG files to ISO or other image formats?

No. DMG files contain Apple-specific filesystem structures (HFS+ or APFS) and UDIF compression that cannot be trivially repackaged. FileDex provides format reference information only. For conversion, `hdiutil convert` on macOS or `dmg2img` on Linux can produce raw disk images.

What does 'internet-enabled DMG' mean?

An internet-enabled DMG automatically expands after Safari downloads it. The browser extracts the application payload to the Downloads folder and discards the disk image file. This flag is set by the developer using `hdiutil internet-enable` during the build process.

ما يميز .DMG

Disk images in Apple's UDIF (Universal Disk Image Format) serve as the primary distribution vehicle for macOS applications outside the Mac App Store. DMG files store their metadata in a 'koly' block at the END of the file rather than at the beginning — this means the magic bytes are at the file's tail, which is why most magic-bytes databases cannot identify DMG files by their first few bytes alone. The koly trailer (bytes 6B 6F 6C 79) occupies the final 512 bytes and contains a property list describing the partition map, checksum values, and compression parameters.

اكتشف التفاصيل التقنية

Compression and Filesystem Layers

UDIF supports multiple compression algorithms per data fork chunk. Older DMGs use zlib. Modern builds favor LZFSE (Apple's proprietary algorithm introduced in OS X 10.11) or LZMA for higher ratios. Bzip2 remains available for compatibility. Each chunk in the blkx table can use a different compressor, allowing mixed strategies within a single image. Inside the compressed container sits a full filesystem — typically HFS+ for older images or APFS for macOS 10.13 and later.

Code Signing and Notarization

Since macOS 10.12 Sierra, DMG files support code signatures attached by codesign. Gatekeeper checks this signature before allowing the image to mount. Starting with macOS 10.14.5, Apple requires notarization for all distributed software — the developer submits the DMG to Apple's notary service, which scans for malware and issues a ticket stapled to the file. Unsigned or un-notarized DMGs trigger escalating warnings or outright blocking on recent macOS versions.

Internet-Enabled DMGs

An internet-enabled DMG auto-expands after download: Safari extracts the application, places it in the Downloads folder, and moves the .dmg to Trash. The hdiutil internet-enable -yes image.dmg command sets this flag. This behavior confuses users who expect to find the disk image after download. Developers building distribution workflows should test this flag carefully, since it changes the user's first interaction with the downloaded software.

Encryption

DMG files support AES-128 and AES-256 encryption at the image level. An encrypted DMG prompts for a password before mounting and decrypts the full filesystem in memory. The hdiutil create -encryption AES-256 command produces an encrypted image. This is distinct from FileVault disk encryption — DMG encryption protects individual distributable images rather than the boot volume.

Inspection Techniques

The hdiutil imageinfo image.dmg command reports format type, partition scheme, compression method, and checksum data. On non-macOS systems, dmg2img converts UDIF images to raw IMG format for analysis. The 7-Zip utility can extract HFS+ contents from DMG files on Windows and Linux without mounting.

المرجع التقني

نوع MIME
application/x-apple-diskimage
المطوّر
Apple Inc.
سنة التقديم
2000
معيار مفتوح
لا

البنية الثنائية

DMG files use the UDIF container format with the 'koly' trailer block (magic bytes 6B 6F 6C 79) located at the final 512 bytes of the file rather than at the beginning. The koly block contains an XML property list offset, data fork checksum (CRC-32), and a blkx block table describing chunk offsets, sizes, and per-chunk compression methods. The body contains compressed filesystem data (HFS+ or APFS).

Display DMG image metadata and structure أخرى 
hdiutil imageinfo image.dmg

Reports the UDIF format version, partition scheme, filesystem type, compression method, and checksum data. Available only on macOS. Shows whether the image is encrypted or internet-enabled.

Verify DMG checksum integrity أخرى 
hdiutil verify image.dmg

Reads every chunk of the disk image and validates it against the checksums stored in the koly trailer. Reports errors for any corrupted or truncated regions.

CRITICAL

نقاط الضعف

  • arbitrary code execution
  • privilege escalation
  • supply chain compromise
  • DMG files can contain signed installer packages (.pkg) with preinstall/postinstall scripts that run as root
  • internet-enabled DMGs auto-extract payloads in Safari, bypassing the user's chance to inspect the disk image before the application appears on disk

الحماية: FileDex does not execute, install, or parse these files. Reference page only.