FAQ

What is 0tH?

0tH (Zero the Hero) is a Mach-O binary parser. It focuses on correctness and security rather than completeness of features. It’s meant for reverse engineers, researchers, and anyone who needs a safe way to inspect Apple binaries.

Why not just use otool?

otool is Apple’s official tool, but it’s often slow and limited in scope. 0tH aims to be:

  • Faster (an order of magnitude on large files)

  • Safer (strict parsing, no silent assumptions)

  • Deeper (it inspects parts otool ignores)

Which platforms are supported?

  • macOS (Intel + ARM64)

  • Linux (Intel + ARM64) — to be released

  • OpenBSD (Intel + ARM64) — to be released

  • Other BSDs: in the pipeline

Other UNIX-like systems may work, but they aren’t primary targets. And honestly, I’m not sure I want to compile for every system out there.

Does 0tH support Fat/Universal binaries?

Not yet. At the time of writing (v0.6.x), multi-arch files are unsupported. Planned for v0.7.0.
👉 Workaround: use lipo -thin to extract the slice you need.

Does 0tH parse code signatures?

Partially. The SuperBlob is identified, but not all sub-blobs are expanded yet.
👉 Use codesign -d --verbose=4 or jtool2 --sig for full detail.

Can I automate 0tH in scripts?

Currently, 0tH is REPL-only.
👉 Workaround: drive it with script, expect, or a heredoc.
Batch-friendly CLI mode is on the roadmap.

Can I trust 0tH output in production?

Yes. It won’t corrupt your binaries or silently mis-parse. If a structure is unknown or not implemented, 0tH will bail out or show raw data instead of faking results.

Does it support dyld shared caches?

Not directly. You need to extract the images first with dyld_shared_cache_util.

Will it ever support Swift/ObjC metadata?

Planned, but not in early releases. For now, rely on class-dump, swift-demangle, or jtool2.

How is 0tH licensed?

Community Edition (CE) is free. PRO/MASTER editions are planned with additional features.

Where can I report bugs or request features?

  • Email the maintainer (see AUTHORS file)

  • Segment 0

Then how can I contribute?

There’s a mailing list: Segment 0.
It’s meant to support users, but also to collect feedback and requests.
👉 Don’t use GitHub issues — there is no public GitHub project.

Why Zero-the-Hero? Why so many names?

Because names matter. Zero the Hero is a nod to Black Sabbath and to the first segment in a Mach-O (__TEXT, address 0). Other nicknames and project codenames exist because this is not a boring corporate tool. And it never will be.

I see blabbering about this “Mach-O-Nomicon” here and there. What’s that?

It’s a book. Theory + practice + exercises. A grim grimoire for those who want to master Mach-O internals.
👉 Download it — it’s just a few bux.

Who are you? Why doing this?

See RevEng3.
No whoami. Sorry.

Can I contribute with my code?

No. 0tH is closed source for a reason: Mach-O is too complex to have multiple development lines. Fragmentation would kill the project.

How do you pay the mortgage installments?

I don’t. Please, buy me a coffee — and my cats some treats.

How often will you release new versions?

Quite often. There’s no fixed schedule yet — but keep your eyes open and bookmark blog.zero-the-hero.run.