Gabriel Biondo

Security Researcher • macOS Specialist • Exploit Developer

1 minute read

A short update for you, fellas!

Introduction

After about a month of focused work, I’ve finalized Zero the Hero 2.0 (0tH), a Mach-O triage tool for macOS security work.

0tH focuses on structural inspection and code-signing analysis, offering both CLI and REPL-based workflows.

It is designed for real investigations, prioritizing explicit output and repeatable analysis over automation, shortcuts, or GUIs.

The goal is simple: help practitioners understand what a macOS binary actually contains and how it is signed.

I previously showed a sneak preview of the tool in Reading LC_CODE_SIGNATURE with 0tH where I was actively testing 0tH while writing the article.

What’s new in 2.0

There have been significant improvements since the 1.0 release:

  • verbosity levels are now structured and consistent
  • coluored output has been introduced
  • a new hexdump command (crucially useful for real analysis)
  • a dedicated strings command
  • support for 10 additional Mach-O load commands
  • several internal sections were rewritten to improve performance and to prepare the core business logic for the upcoming 3.0 series

    R.I.P.ping the 1.0 version

I’m genuinely happy with the results of version 1.0: it reached 141 downloads.

Those downloads happened without marketing, hype, or platform amplification.

For a niche, macOS-only security tool, this means real practitioners actively looked for it and trusted it enough to run it.

That signal matters more than inflated numbers driven by promotion.

It shows the tool is already reaching the right audience.

(Yes, a part of me still dislikes SEO, Google, and related disciplines. I tend to classify them as “new professions for people who cannot solve differential equations”, so I don’t practice them. I can still solve a PDE.)

More info and downloads

Just point your browsers to the zero the hero website.

See you next time. ‘til then… Have fun!

Want the deep dive?

If you’re a security researcher, incident responder, or part of a defensive team and you need the full technical details (labs, YARA sketches, telemetry tricks), email me at info@bytearchitect.io or DM me on X (@reveng3_org). I review legit requests personally and will share private analysis and artefacts to verified contacts only.

Prefer privacy-first contact? Tell me in the first message and I’ll share a PGP key.

Subscribe to The Byte Architect mailing list for release alerts and exclusive follow-ups.

Gabriel(e) Biondo
ByteArchitect · RevEng3 · Rusted Pieces · Sabbath Stones

Tags: ,

Categories:

Updated:

You May Also Enjoy

Binary Logic, Shifts, and the Zero Register

16 minute read

A hands-on exploration of boolean logic and shift operations on AArch64, driven by debugging rather than theory. This lesson focuses on how small, legal deta...

Reading LC_CODE_SIGNATURE with 0tH

15 minute read

A deep, hands-on walkthrough of LC_CODE_SIGNATURE across three Mach-O binaries — from an ad-hoc do-nothing app to Safari’s full Apple-grade signature. We in...