I use a program at work that saves its files in some proprietary format. My desire is to manipulate data in the file without having to use the program. I was able to do this on earlier versions of the program since all of the data was stored in the file's macintosh resource fork. I have tried some very simple means of analyzing the newer file format i.e., making incremental changes to a file and comparing it to its older self, looking for strings in the file. However, even the same file is never saved the same twice. I can not make heads or tails of the file format. I can only conclude that the data is encrypted. If I wanted to go about learning how the file format is structured, how would I start? The company that writes the program does not like to give out its SDK, which infuriates the hell out of me. Any strategies?

You "of course" read the FAQ in the BIG RED LETTERS, didn't you???? That's the first place to start and you should indicate that you have read it.

Since you are asking about MAC programs and file formating, you should have, at the very least ALREADY done a search on the net, looking for ANY information on the file format used by this company.

Although I started out in MAC reversing, but it has been some time since I spent much time reversing on my MAC. First you need to research what tools are available for debugging programs on the MAC. If you can't look at the code, you really can't make much progress. Another consideration is the OS you are running. You do understand that there has been a major change in the underlying fuctionality between OS 9 and OS X, do you not? OS X is now Unix based and you need to be thinking about that while attempting to reverse newer MAC programs.

Of course the other FUNDAMENTAL LAW OF SOFTWARE is the program, itself, HAS TO KNOW HOW TO DECODE ITS OWN FILE FORMAT. If it couldn't, it couldn't operate, right? So, SOMEWHERE in the code, is the process for manunipulating the materials in the file, and if they are manipulated in some manner to prevent their easy viewing in a text editor, the program has to unwrap that process to show you the information in a format you can read and understand. So the SECOND place to start, after obtaining a debugger that works on a MAC, is looking for the "where" and the "how" the program does that transformation.

And NO don't ask here where a MAC debugger may be obtained. That is also one of the rule, plainly spelled out on the title to the "Tools of the Trade" Forum.

Regards,