0tH

Mach-O Triage
Code Signing Inspection

Mach-O triage for people who don’t trust guesses.

Zero the Hero (0tH) is a CLI workstation for inspecting Mach-O binaries and code-signing internals on macOS.

Built for real investigations: load a binary, inspect its structure, extract evidence, export results — explicitly and repeatably.

Not a GUI. Not a one-liner tool. A workflow.

  • Designed for macOS security research and triage
  • Universal binaries (Intel + Apple Silicon)
  • Deep code signing inspection (SuperBlob, CodeDirectory, entitlements, requirements)
  • Interactive REPL for guided investigation
  • Written in Rust for correctness, performance, and safety

No hype. No AI-assisted magic. Just a tool that tells you what’s really inside the binary.