February 16, 2026

Buckle up for CAR wars

Article URL →HN comments →

A Deep Dive into Apple's .car File Format

Browser demo drops as devs brawl: “Just use JSON” vs “Stop teasing—open the code”

TLDR: A researcher cracked Apple’s hidden .car files and launched a no-upload browser demo. The crowd split between calls for a simple, readable format, frustration that the code isn’t open yet, and AI jokes—underscoring a bigger push for transparency that could fuel better developer tools and security reviews

Apple’s mysterious .car files—where apps stash icons, colors and images—just got a flashlight in the face. A researcher tore into the format and even built a browser demo that runs locally (no uploads!), letting anyone peek inside. Cue the comment section turning into Team JSON vs Team Binary. One of the loudest takes: if this format holds app art, why not make it simple and readable—“just gzipped JSON”—instead of a locked-down binary? Translation: people want transparency they can actually read.

Then came the spice. The author says it could help security research and indie tools that don’t depend on Apple’s closed utilities, but adds, “considering open-sourcing… no promises.” The crowd heard that as a cliffhanger. Some cheered the research; others rolled their eyes with a “why tease the code?” vibe, calling it a flex without the goods. Meanwhile, comic relief arrived from the “use AI to clean it up” camp: rename those cryptic variables—no more v03, v20—let a bot do the grunt work.

Under the drama, a real story: prying open Apple’s secret asset box matters. If the tools ship, developers could build faster, safer apps, and researchers could audit what’s really inside our devices. But for now, the browser demo is here—and the open-source fight is on

Key Points

  • Apple’s Asset Catalogs (.xcassets) are compiled by Xcode into binary .car files used across iOS, macOS, watchOS, and tvOS apps.
  • The article reverse-engineers the undocumented .car file format, detailing internal structures and programmatic parsing.
  • A custom parser and compiler for .car files were built without relying on Apple’s private frameworks or proprietary tools.
  • The parser is compiled to WebAssembly to run entirely in the browser, with an interactive demo for exploring .car contents.
  • Official tools actool and assetutil exist; assetutil -I Assets.car produces a JSON dump including versions and key formats.

Hottest takes

"should just have been gzipped JSON" — silvestrov
"why tease the code?" — promiseofbeans
"please rename variables according to their purpose" — empiricus

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.