Password-prompt diologue box

Solution 1:

I just wrote this Apple Script that tests if:

1. SecurityAgent is running.
2. SecurityAgent is displaying something.
3. SecurityAgent lives at the correct location.

4. SecurityAgent is unmodified, meaning code signature is undamaged.

   tell application "System Events"
       set processList to get the name of every process
       set saWindows to {}
       if processList contains "SecurityAgent" then -- does it run?
       set saPath to POSIX path of application file of application process "SecurityAgent"
       if saPath is not "/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle" then -- assume this location is protected enough to be geniune
           tell application "Finder" to display dialog "There is a SecurityAgent, but it's the wrong one!" with icon stop buttons {"OK"}
           return
       end if
   
       try -- is it signed
           set saSignature to do shell script "codesign -d /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent"
       on error
           tell application "Finder" to display dialog "Signature broken!" with icon stop buttons {"OK"}
           return
       end try
   
       set saWindows to every window of application process "SecurityAgent"
   end if
   
   if saWindows is {} then -- Does it display a dialog?
       tell application "Finder" to display dialog "No official password dialog is opened." buttons {"OK"} with icon stop
       return
   end if
   end tell
   
   display dialog "Seems legit." with icon note buttons {"OK"}