MachO-Kit - A C/Objective-C library for parsing Mach-O files.

  •        30

Mach-O Kit is an Objective-C framework for parsing Mach-O binaries used by Darwin platforms (macOS, iOS, tvOS, and watchOS). The project also includes a lightweight C library - libMachO - for parsing Mach-O images loaded in the current process. Mach-O Kit is designed to be easy to use while still exposing all the details of the parsed Mach-O file (if you need them). It can serve as the foundation for anything that needs to read Mach-O files - from a one-off command line tool up to a fully featured interactive disassembler. Most importantly, Mach-O Kit is designed to be safe. Every read operation and its returned data is extensively error checked so that parsing a malformed Mach-O file (even a malicious one) does not crash your program.

https://github.com/DeVaukz/MachO-Kit

Tags
Implementation
License
Platform

   




Related Projects

the-backdoor-factory - Patch PE, ELF, Mach-O binaries with shellcode (NOT Supported)

  •    Python

For security professionals and researchers only. The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.

optool - Command Line Tool for interacting with MachO binaries on OSX/iOS

  •    Objective-C

optool is a tool which interfaces with MachO binaries in order to insert/remove load commands, strip code signatures, resign, and remove aslr. Below is its help.

ResKnife

  •    Objective-C

The project comprises numerous binaries, supporting 68k, Classic PPC, Carbon/Cocoa PPC and Cocoa on Intel. It supports dynamically loaded CFM or MachO plug-ins to edit resources, and is easily extendible by third parties.


hopper-swift-demangle - A Hopper plugin for demangle Swift symbols

  •    Objective-C

This is a Hopper plugin (not script) written in Swift for demangling Swift symbols. Once you've installed the plugin you should have a new Tool Plugins menu item. There you can see the added Swift demangle commands.

Byte Investigator

  •    Perl

Scripts for parsing and general use in Computer Forensics - Octane Lab

bloaty - Bloaty McBloatface: a size profiler for binaries

  •    C++

Ever wondered what's making your ELF or Mach-O binary big? Bloaty McBloatface will show you a size profile of the binary so you can understand what's taking up space inside.Bloaty works on binaries, shared objects, object files, and static libraries (.a files). It supports ELF/DWARF and Mach-O, though the Mach-O support is much more preliminary (it shells out to otool/symbols instead of parsing the file directly).

fishhook - A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS.

  •    C

fishhook is a very simple library that enables dynamically rebinding symbols in Mach-O binaries running on iOS in the simulator and on device. This provides functionality that is similar to using DYLD_INTERPOSE on OS X. At Facebook, we've found it useful as a way to hook calls in libSystem for debugging/tracing purposes (for example, auditing for double-close issues with file descriptors).dyld binds lazy and non-lazy symbols by updating pointers in particular sections of the __DATA segment of a Mach-O binary. fishhook re-binds these symbols by determining the locations to update for each of the symbol names passed to rebind_symbols and then writing out the corresponding replacements.

Apache Xerces for Perl XML Parser - Perl API to the Apache Xerces XML parser.

  •    Perl

Perl API to the Apache Xerces XML parser.

class-dump - Generate Objective-C headers from Mach-O files.

  •    Objective-C

Generate Objective-C headers from Mach-O files.

dumpdecrypted - Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk

  •    C

Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk. This tool is necessary for security researchers to be able to look under the hood of encryption.

rp - rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries

  •    C++

rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O (doesn't support the FAT binaries) x86/x64 binaries. It is open-source, documented with Doxygen (well, I'm trying to..) and has been tested on several OS: Debian / Windows 7 / FreeBSD / Mac OSX Lion (10.7.3). Moreover, it is x64 compatible. I almost forgot, it handles both Intel and AT&T syntax (beloved BeaEngine). By the way, the tool is a standalone executable ; I will upload static-compiled binaries for each OS. You can build very easily rp++ with CMake, it will generate a project file for your prefered IDE. There are some other things you will be able to do with rp++, like finding hexadecimal values, or strings, etc.

unsign - Remove code signatures from OSX Mach-O binaries (note: unsigned binaries cannot currently be re-codesign'ed

  •    C

Remove code signatures from OSX Mach-O binaries (note: unsigned binaries cannot currently be re-codesign'ed. Patches welcome!)

maloader - mach-o loader for linux

  •    C

This is a userland Mach-O loader for linux. You need OpenCFLite (http://sourceforge.net/projects/opencflite/) installed if you want to run some programs such as dsymutil. opencflite-476.17.2 is recommended.

yololib - dylib injector for mach-o binaries

  •    Objective-C

dylib injector for mach-o binaries

insert_dylib - Command line utility for inserting a dylib load command into a Mach-O binary

  •    C

Command line utility for inserting a dylib load command into a Mach-O binary. insert_dylib inserts a load command to load the dylib_path in binary_path.

peg - Peg, Parsing Expression Grammar, is an implementation of a Packrat parser generator.

  •    Go

Peg, Parsing Expression Grammar, is an implementation of a Packrat parser generator. A Packrat parser is a descent recursive parser capable of backtracking. The generated parser searches for the correct parsing of the input.

Noggit - JSON streaming parser

  •    Java

Noggit is the world's fastest streaming JSON parser for Java. It is used in Apache Solr.

rust-peg - Parsing Expression Grammar (PEG) parser generator for Rust

  •    Rust

This is a simple parser generator based on Parsing Expression Grammars. Please see the release notes for updates.