Zero the Hero

Universal Mach-O Parser & CodeSigning Inspector

We don't need another hero. Or maybe we do.

When otool stops, 0tH begins.

• Built by a pentester, because cypherpunks write code!
• Designed with the Apple Security ecosystem firmly in mind
• CLI experience inspired by msfconsole
• Full universal support (Intel / ARM — 32 & 64-bit)
• Plugin-ready architecture
• Clean JSON output for automation
• Rust performance, correctness, and safety

Download Zero the Hero

Latest release: v2026.1.0
Format: Notarized & stapled macOS DMG
Architecture: Universal (Intel + ARM64)

Download 0tH.dmg

To verify the integrity of the download

shasum -a 256 0tH.dmg

The result must match:

30a4892d1059925bf2ae54e460877b6683fc84f75f24557baa944146be933403

spctl --assess --type open --verbose=4 0tH.dmg

You should see:

accepted
source=Notarized Developer ID

Segment 0 — The mailing list

Changelog – v2026.1.0

Release Date: 27 November 2025
Status: Stable & notarized
Binary: Universal (Intel & ARM64), ~1.0 MB

Mach-O Load Commands Supported in v2026.1.0

The 2026.1.0 release provides full coverage for the core Mach-O load commands:

• LC_SEGMENT
• LC_SEGMENT_64
• LC_DYLD_CHAINED_FIXUPS
• LC_DYLD_EXPORTS_TRIE
• LC_SYMTAB
• LC_DYSYMTAB
• LC_LOAD_DYLINKER
• LC_UUID
• LC_BUILD_VERSION
• LC_SOURCE_VERSION
• LC_MAIN
• LC_LOAD_DYLIB
• LC_FUNCTION_STARTS
• LC_DATA_IN_CODE
• LC_CODE_SIGNATURE

Code Signing Engine

• Full SuperBlob parsing
• Complete CodeDirectory support (all known versions)
• Page hashes inspection
• Certificate chain extraction
• Entitlements parsing
• Requirements parsing
• Notarization ticket detection

CLI / REPL

• Interactive REPL: load, tree, cmdview
• Code signing commands: codesign show, info, entitlements, requirements, hashes, verify
• JSON export with export
• Slice selection for FAT/universal binaries

Stability

• 24/24 internal tests passing
• Validated against real-world Apple binaries (system tools and apps)
• Hardened runtime and notarized for Gatekeeper

Next Release – v2026.2.0 (Preview)

The 2026.2.0 release focuses on broader Mach-O coverage and deeper analysis tooling.

Planned Mach-O Load Commands for v2026.2.0

• LC_DYLD_ENVIRONMENT
• LC_RPATH
• LC_LOAD_WEAK_DYLIB
• LC_ATOM_INFO
• LC_DYLIB_CODE_SIGN_DRS
• LC_FUNCTION_VARIANT_FIXUPS
• LC_FUNCTION_VARIANTS
• LC_LINKER_OPTIMIZATION_HINT
• LC_SEGMENT_SPLIT_INFO

Bonus (subject to development window)

• LC_LAZY_LOAD_DYLIB

Additional Focus Areas in v2026.2.0

• Extended support for complex, modern macOS binaries
• New analysis utilities aimed at quick security triage
• Refined CLI modes (quiet / verbose) and clearer error handling
• Internal optimisations on the parsing hot path
• Foundations for a future plugin-capable architecture (no external plugins enabled yet)

Contribution

This project is intricate, and I prefer spending my time coding rather than managing contributions. I'll be open to contribution when the project will be more stable.