# Installing
pip3 install k2l
# Updating
pip3 install --upgrade k2l
ktool is both a convenient CLI toolkit and a library that can be used in other tools.
> $ ktool
Usage: ktool <global flags> [command] <flags> [filename]
Commands:
GUI (Still in active development) ---
ktool open [filename] - Open the ktool command line GUI and browse a file
MachO Analysis ---
dump - Tools to reconstruct certain files (headers, .tbds) from compiled MachOs
json - Dump image metadata as json
cs - Codesigning info
kcache - Kernel cache specific tools
list - Print various lists (ObjC Classes, etc.)
symbols - Print various tables (Symbols, imports, exports)
info - Print misc info about the target mach-o
MachO Editing ---
insert - Utils for inserting load commands into MachO Binaries
edit - Utils for editing MachO Binaries
lipo - Utilities for combining/separating slices in fat MachO files.
Misc Utilities ---
file - Print very basic info about the MachO
img4 - IMG4 Utilities
Run `ktool [command]` for info/examples on using that command
Global Flags:
-f - Force Load (ignores malformations in the MachO and tries to load whatever it can)
-v [-1 through 5] - Log verbosiy. -1 completely silences logging.
-V - Print version string (`ktool -V | cat`) to disable the animation
Library documentation is located here
written in pure, 100% python for the sake of platform independence when operating on static binaries and libraries. this should run on any and all implementations of python3.
Tested on:
JLevin and *OS Internals for existing
arandomdev for guidance + code
Blacktop for their amazing ipsw project: https://github.com/blacktop/ipsw
Artists behind the images used in this project's logo: https://github.com/0cyn/ktool/tree/master/EXTERNAL_LICENSES#image-notes
FAQs
Static MachO/ObjC Reverse Engineering Toolkit
We found that k2l demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.