Every time you dive into iOS or macOS firmware, the challenge of stripped binaries and complex Mach-O formats becomes a roadblock. ipsw tackles this with a Go-based CLI that not only parses firmware files and kernelcaches but also integrates AI-powered decompilation to produce readable Objective-C code — a practical example of AI-assisted reverse engineering that actually works on real devices.
What ipsw does and how it’s built
ipsw is a comprehensive command-line toolkit designed for iOS and macOS security research, reverse engineering, and firmware analysis. Written in Go 1.24+, it supports macOS, Linux, and Windows, making it accessible across platforms common to security researchers.
At its core, ipsw provides tools to download and parse IPSW and OTA firmware files. It dives deep into Mach-O binaries, offering ARM v9-a disassembly, and extracts Objective-C and Swift classes from the dyld_shared_cache — a central cache of system libraries on Apple devices.
The project also parses kernelcaches, which are essentially kernel extensions and drivers bundled by Apple, and provides an interface to interact with iOS devices over AFC (Apple File Conduit). This multi-faceted approach covers the full stack of firmware and binary analysis.
Beyond just static analysis, ipsw integrates AI-powered decompilation using several LLM services like Claude, OpenAI, Gemini, and Ollama. This integration is designed to translate ARM assembly instructions into more readable Objective-C code, assisting reverse engineers in understanding heavily stripped or obfuscated binaries.
The architecture includes a REST API daemon called ipswd, which enables automation and integration with other tools or workflows. For local data storage, ipsw supports SQLite and PostgreSQL, allowing users to manage and query firmware metadata efficiently.
Technical highlights and tradeoffs
What sets ipsw apart is the combination of traditional binary analysis techniques with AI-powered decompilation. The Mach-O parsing and ARM v9-a disassembly are implemented in Go, which is less common for this kind of work compared to C or Python tools but offers strong cross-platform support and good performance.
The dyld_shared_cache parsing is non-trivial — this cache involves complex binary formats and symbol obfuscation. ipsw handles this with dedicated parsers that can extract Objective-C and Swift runtime class information, which is crucial for understanding system internals.
Integrating AI services like Claude and OpenAI for decompilation is ambitious. The idea is to feed assembly snippets to large language models trained on code and have them generate approximate Objective-C source. This approach can speed up reverse engineering but comes with tradeoffs:
- The AI output may be imprecise or incomplete, requiring manual verification.
- API usage depends on keys and network connectivity.
- There’s an added layer of complexity integrating external services into a CLI tool.
The codebase itself is surprisingly clean for a reverse engineering tool, with clear separation of concerns between firmware parsing, device interaction, and AI integration. The use of Go modules and dependency management follows best practices, and support for multiple package managers (Homebrew, snap, scoop) improves accessibility.
However, the focus on Go means certain low-level optimizations or bindings to native libraries might be less mature than in C-based tools. Also, the AI-assisted decompilation is still experimental and should be seen as a complementary aid rather than a standalone solution.
Quick start with ipsw
Installation
macOS
Using blacktop tap (includes extras)
brew install blacktop/tap/ipsw
Using official Homebrew formula
brew install ipsw
Linux
sudo snap install ipsw
Windows
scoop bucket add blacktop https://github.com/blacktop/scoop-bucket.git
scoop install blacktop/ipsw
Requirements
- Go: 1.24+ (for building from source)
- Platform: macOS, Linux, Windows
- USB: libusb for device interaction
- Optional: AI API keys for enhanced analysis
Who should explore ipsw
ipsw is a solid choice for security researchers, reverse engineers, and firmware analysts working with Apple devices. Its multi-platform support and integration of AI-driven decompilation make it worth exploring if you frequently analyze stripped or obfuscated Mach-O binaries.
The tradeoff is that the AI features require API keys and network access, and the decompilation outputs need careful manual review. For those comfortable building Go projects or using CLI tools, ipsw offers a cleaner, more integrated experience than juggling multiple separate utilities.
If your workflow involves frequent firmware downloads, device interaction over AFC, and deep inspection of dyld_shared_cache or kernelcaches, ipsw consolidates many needed capabilities in one place.
Overall, ipsw is a practical, well-architected toolkit that shows how AI can assist in reverse engineering without pretending to replace human expertise.
Related Articles
- Pydoll: Async-native Chromium automation with typed extraction for web scraping — Pydoll is a Python library for Chromium automation using Chrome DevTools Protocol. It offers async-native APIs and Pydan
- nh: a Rust-based unified CLI for the Nix ecosystem with enhanced search and ergonomics — nh is a Rust CLI tool consolidating Nix, NixOS, and Home Manager commands with improved ergonomics, speed, and Elasticse
- OpenAI Codex CLI: local-first AI coding assistant with ChatGPT integration — OpenAI Codex CLI brings AI coding assistance local to your terminal, integrating with ChatGPT plans for powerful hybrid
- Ferret v2: A declarative Go engine for web data extraction with a new API architecture — Ferret v2 is a Go-based declarative system for web scraping that introduces a native Go API and a compatibility layer to
- CC Switch: unified management for AI coding CLIs in a cross-platform Rust desktop app — CC Switch is a Rust-based cross-platform desktop app that centralizes management of AI coding CLIs like Claude Code and
→ GitHub Repo: blacktop/ipsw ⭐ 3,396 · Go