ChiChou

ChiChou / macchk

Public

🎤 mic check! checksec for Mach-O executables

19
1
100% credibility
Found Apr 12, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Rust
AI Summary

macchk examines Mac and iOS program files to reveal their security hardening features, code signing details, and potential weaknesses.

How It Works

1
🕵️ Discover macchk

You hear about a simple tool that checks how secure Mac programs are built, like scanning for safety shields.

2
💻 Get it on your Mac

You easily add the checker to your Mac so it's ready to use anytime.

3
📁 Pick a program

You choose a program file from your Mac, like a system app, to see its protections.

4
🔍 Run the safety scan

You launch the checker on your file and instantly get a colorful report showing all the built-in defenses.

5
📊 Review the results

You read the easy list of good protections like locks and guards, plus any weak spots.

Know it's protected

You feel secure knowing exactly how strong your program's safety features are.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is macchk?

macchk is a Rust CLI tool that runs static security audits on macOS and iOS Mach-O binaries—like checksec.sh, but tuned for Apple executables, dylibs, and universal fats. It flags hardening features such as PIE, stack canaries, PAC instructions, hardened runtime, code signing details, and entitlements, with quick one-liners via `--brief` or JSON for scripting. Think mic check one two for your binaries: `macchk /sbin/launchd` spits out defenses like "PIE arm64e CodeSign PAC-Sec".

Why is it gaining traction?

No native macOS checksec exists, so macchk fills the gap with Apple-specific smarts: DER-decoded launch constraints, entitlements classified as strengthens/weakens, and instruction scans for zero-init or bounds checks without full disassembly. Brief mode crushes batch audits like `macchk --brief /usr/libexec/*`, while full mode gives per-function coverage—perfect for spotting weak spots fast. It's the github mic test devs reach for when auditing Mach-O security.

Who should use this?

macOS security researchers reversing apps or kernel extensions, iOS devs checking jailbreak risks, and reverse engineers auditing third-party binaries for exploits. Ideal for teams building hardened tools who want a mic check studio equivalent before shipping, or auditing open-source like github mic dkfz nnunet for ARM64e PAC gaps.

Verdict

Grab it if you touch Mach-O security—installs via Cargo, solid README with examples, and tests fixtures—but at 19 stars and 1.0% credibility, it's early v0.1.0; expect refinements for edge cases like big-endian fats. Strong start for Apple devs needing machk on steroids.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.