Binary Logic, Shifts, and the Zero Register
A hands-on exploration of boolean logic and shift operations on AArch64, driven by debugging rather than theory. This lesson focuses on how small, legal deta...
Posts by Year
2025
0tH2026.2.0 Released
Zero the Hero (0tH) 2.0 is out. A Mach-O triage tool for macOS security work, focused on structural inspection and code-signing analysis, with both CLI and R...
Byte Architect War Journal - December
The Byte Architect - December - News
Understanding Instruction Flow on AArch64 with LLDB
In this post we explore how AArch64 programs actually execute, stepping through instructions with LLDB instead of relying on abstract explanations or “hello ...
Reading LC_CODE_SIGNATURE with 0tH
A deep, hands-on walkthrough of LC_CODE_SIGNATURE across three Mach-O binaries — from an ad-hoc do-nothing app to Safari’s full Apple-grade signature. We in...
More on registers: the ABI
In this lesson we examine what really happens when data moves through registers and execution jumps across routines. We introduce the ABI and AAPCS64, explai...
Introduction to registers
Before we can reverse anything, we need a precise mental model of how ARM64 actually works. In this first lesson we cover the essential foundations: data siz...
Preparing to Reverse
Assembly is the only place where software stops lying. High-level languages hide the truth; instructions expose it. Understanding AArch64 gives you the abili...
Reversing 101 - introduction
A quarter century in pentesting taught me one thing: real reversing knowledge is intentionally rare. Not because it’s hard — but because people want to keep ...
Zero the Hero - A Modern Blade for Carving Through Mach-O
Zero the Hero (0tH) is a modern, Rust-no-panic Mach-O analysis tool focused on precise Load Command parsing, code-signing internals, entitlements, and strict...
Code Signing: SuperBlobs, CodeDirectory, and LC_CODE_SIGNATURE
Code Signing is the foundation of macOS security. Learn how SuperBlobs, CodeDirectory, and LC_CODE_SIGNATURE actually work under the hood.
Merkle Trees
A hands-on, mathematically honest walkthrough of Merkle trees.From tagged hashing to proofs, root verification, ordering guarantees, and padding strategies u...
Byte Architect War Journal - November
The Byte Architect - November - News
Mac Malware Reversing Lab
Step-by-step guide to setting up a macOS virtual machine for malware reversing — from choosing the right hypervisor to securing your environment against self...
Apple Gatekeeper
Gatekeeper is macOS’s pre-execution policy engine — not an antivirus, but a trust enforcement layer that decides whether code may run based on its signature,...
Apple Defences
A concise dissection of Apple’s built-in security controls. Not marketing — real mechanisms, real boundaries, and how attackers see them.
After OBTS 8.0
First-hand notes from Objective By The Sea: why I attended Patrick Wardle’s Mac malware course, what I learned, and the ideas worth following up.