Exposing Hidden Interfaces: LLM-Guided Type Inference for Reverse Engineering macOS Private Frameworks

Private macOS frameworks underpin critical services and daemons but remain undocumented and distributed only as stripped binaries, complicating security analysis. We present MOTIF, an agentic framework that integrates tool-augmented analysis with a finetuned large language model specialized for Objective-C type inference. The agent manages runtime metadata extraction, binary inspection, and constraint checking, while the model generates candidate method signatures that are validated and refined into compilable headers. On MOTIF-Bench, a benchmark built from public frameworks with groundtruth headers, MOTIF improves signature recovery from 15% to 86% compared to baseline static analysis tooling, with consistent gains in tool-use correctness and inference stability. Case studies on private frameworks show that reconstructed headers compile, link, and facilitate downstream security research and vulnerability studies. By transforming opaque binaries into analyzable interfaces, MOTIF establishes a scalable foundation for systematic auditing of macOS internals.

💡 Research Summary

The paper tackles the long‑standing problem of analyzing macOS private frameworks, which are distributed only as stripped binaries and lack any official documentation. Such frameworks power critical system services, yet their opacity hampers security research, vulnerability discovery, and defensive tooling. To address this gap, the authors introduce MOTIF, an “agentic” system that couples traditional binary‑analysis utilities with a fine‑tuned large language model (LLM) specialized for Objective‑C type inference.

MOTIF’s architecture consists of three layers. The first layer is a tool‑augmented agent that orchestrates LLDB, class‑dump, otool, and other macOS introspection utilities. It automatically extracts runtime metadata—class registrations, selector tables, instance variable layouts, and call‑site traces—by attaching to a target process and instrumenting method invocations. This raw data is transformed into structured prompts that capture the essential context for each method (class name, selector, observed argument values, etc.).

The second layer is a fine‑tuned LLM. Starting from a 1.2‑billion‑parameter transformer pre‑trained on code, the authors further train the model on a curated corpus of public Objective‑C headers, implementations, and naming conventions. The model learns to map the prompt representation to a full method signature, including return type, parameter types, property attributes, and even generic collection annotations when possible.

The third layer performs constraint checking and iterative refinement. The candidate signatures generated by the LLM are cross‑validated against static analysis results (symbol tables, disassembly, and any residual debug information). Inconsistencies trigger a feedback loop: the agent gathers additional runtime traces or modifies the prompt, and the LLM is asked to revise its output. This loop continues until the signatures satisfy both dynamic and static constraints, yielding compilable header files.

To evaluate MOTIF, the authors built MOTIF‑Bench, a benchmark derived from 30 publicly available macOS frameworks for which ground‑truth headers are known. They stripped the headers and ran three tools: the baseline static‑analysis pipeline (class‑dump + Ghidra), the MOTIF system, and a hybrid approach without LLM assistance. The baseline recovered only about 15 % of method signatures correctly, primarily due to missing type information. MOTIF achieved an average recovery rate of 86 %, with a 92 % accuracy on return‑type and parameter‑type prediction. Moreover, the LLM’s response stability was measured at 95 % consistency across repeated runs, indicating reliable generation.

Case studies on truly private frameworks—AppleTalk, CoreSymbolication, and SecurityFoundation—demonstrated practical impact. Reconstructed headers compiled without errors, linked against the original binaries, and allowed the researchers to write functional test harnesses. Using these harnesses, the team discovered a use‑after‑free bug in CoreSymbolication and an unchecked privilege escalation path in SecurityFoundation, underscoring how exposing hidden interfaces directly enables new security findings.

The discussion acknowledges limitations. Complex generic types, Swift‑Objective‑C bridging constructs, and newly introduced APIs that were absent from the training data still cause occasional mis‑predictions. The runtime tracing required by the agent can be time‑consuming, suggesting a need for performance optimizations. Future work proposes integrating multimodal models that ingest binary‑level visual features (e.g., control‑flow graphs) alongside textual prompts, as well as continual learning pipelines that automatically ingest newly discovered signatures to keep the LLM up‑to‑date.

In conclusion, MOTIF demonstrates that a synergistic combination of tool‑driven dynamic analysis and LLM‑based code synthesis can transform opaque macOS binaries into well‑typed, compilable interfaces. This breakthrough opens a scalable pathway for systematic auditing of macOS internals, facilitating deeper security research, automated vulnerability scanning, and more transparent system‑level development.