macholibre is a Mach-O and Universal binary parser. It extracts information such as architectures, load commands, dynamic libraries, symbols, function imports, and tons more. Then it packs all of that information into JSON for ease of analysis and integration.
With Python 2 in its sunset years, macholibre has moved on to Python 3. However, for those of you that are stuck on Python 2, see the python2 branch. No promises on long-term support, but the code differences right now are minimal and should be fairly easy to maintain.
This project requires Python 3.4+ to run, due to API changes in
I tried to make this tool with as little external dependencies as possible, and
I think I did pretty well on that front. The only module I import is for
parsing CMS signatures. I've configured
setup.py to automatically install
it with the module, but you can also install it seperately with pip or manually
I recommend using pip to install macholibre.
pip3 install git+https://github.com/aaronst/macholibre.git
from macholibre import parse # mach-o file path path = '/home/aaron/my_macho' # return dict data = parse(path) # write json to file out_file = open('/home/aaron/macholibre_output.json', 'w') parse(path, out=out_file)
usage: macholibre [-h] [-c] [-o OUTPUT] input [input ...] MachoLibre: Mach-O & Universal Binary Parser [email protected] positional arguments: input input mach-o file(s) to parse optional arguments: -h, --help show this help message and exit -c, --certificates extract certificates -o OUTPUT, --output OUTPUT output JSON file examples: macholibre macho macholibre -o output.json macho macholibre -o output.json machos/*
macholibre formats all of its output into a JSON blob. Check out app_store.json as an example using the App Store app.