Drat is a tool for analysing and recovering data from APFS (Apple File System)
partitions. Its creation was inspired by a personal data loss incident
and Jonathan Levin's closed-source
fsleuth tool, which he demonstrated in this lecture.
The name "Drat" is a loose acronym for "Disaster Recovery APFS Tools", and a bad pun on how one might say "drat!" after discovering that their data is corrupted.
This software is currently in development, and is being implemented with reference
to Apple's official APFS specification (PDF).
Copies of various versions of this spec are included in the spec directory for
archival purposes, particularly in case the online version of the document changes.
Currently, all of Drat's commands (except modify, which is currently disabled
as it is not fit for use) operate in a read-only fashion, as they are intended
to be used in situations involving data recovery or data forensics.
If you're running macOS on an Intel Mac, precompiled binaries for versioned releases are available on the releases page.
Documentation for versioned releases and as generated from the main branch
can be viewed online.
Compilation and execution has been tested on macOS Catalina 10.15.7 (19H114) on an Intel x86-64 machine (MacBookPro9,2).
-
gcc— Required because we use__attribute__((packed)). Tested with GCC 10.2.0, installed via Homebrew (Homebrew GCC 10.2.0). -
make— Tested with GNU Make 3.81, as included in Xcode Command Line Tools. -
<argp.h>(GNU Argp library) — If compiling on macOS, you can get this by installing the Homebrew packageargp-standalone; the Makefile will handle this configuration automatically. If you acquire this library any other way, you will need to configureCFLAGSandLDFLAGSas appropriate (see lines inMakefileafterifeq ($(shell uname -s),Darwin)).
-
Ensure that
gccis in your$PATH, or modify theCCandLDvalues inMakefileto reflect the location ofgccon your system. -
Run
makefrom the project root (where thisREADME.mdfile resides). Anoutdirectory will be created in which the object files will be stored. The final binarydratwill be stored in the project root. -
Header files can be compiled with
make headers. This is only useful to check the headers for compilation errors. Compiled headers will also be stored in theoutdirectory. -
Run
make cleanto remove the compiled binary (drat) and other output files (outdirectory). (NOTE: This will also remove any generated documentation; see Generating the documentation below.)
Sphinx is used to manage the
documentation. This facilitates usage of Read the Docs,
which hosts the documentation online for you to read easily, both for all
versioned releases and as generated from the main branch.
We use a variant of Markdown called MyST that supports all of the features of reStructuredText.
Sphinx requires Python and its sphinx package. We also require the
Read the Docs theme (sphinx_rtd_theme) and the MyST parser (myst-parser).
If/when you have Python installed, you can install the required packages all at
once with the following: pip install sphinx sphinx_rtd_theme myst-parser.
-
From the project root (the directory where this
README.mdfile resides):-
Run
make docsto generate adocs/_builddirectory. The documentation itself is indocs/_build/html; opendocs/_build/html/index.htmlin your browser to read the generated documentation. -
Run
make cleanto remove the generated documentation (docs/_builddirectory). (NOTE: This will also remove any compiled software; see Compiling the software above.)
-
-
From the
docsdirectory:-
Run
make <format>to generate the documentation in a format other than HTML, where<format>is any of the formats listed in the output ofmake help. You may need to install other software to generate documentation in these other formats. -
Run
make cleanto remove only the generated documentation; this will not also remove any compiled softare.
-