AI Decompiler
Transform assembly code into human-readable C/C++/ObjC/Swift code using AI models
The ipsw AI decompiler revolutionizes binary analysis by leveraging state-of-the-art language models to convert disassembly into readable, high-level code. Whether you're analyzing iOS binaries, kernelcache files, or dyld_shared_cache libraries, the AI decompiler provides intelligent code reconstruction.
Requirements
There are currently 6 supported LLM providers
- Github Copilot
- OpenAI
- Claude (Anthropic)
- Gemini (Google AI)
- Ollama (local LLMs)
- OpenRouter (API access to multiple models)
🚀 Quick Start
# Decompile a binary's entry point with AI
ipsw macho disass /path/to/binary --entry --dec --dec-model "Claude 3.5 Sonnet"
# Analyze a specific function with context
ipsw macho disass /path/to/binary --symbol "_main" --dec --dec-llm "openai"
# Decompile dyld_shared_cache function as Swift
ipsw dsc disass dyld_shared_cache --vaddr 0x123456 --dec --dec-lang "Swift"
🔧 Provider Setup
GitHub Copilot ⭐ Recommended
Why Copilot? Best value with access to premium models (GPT-4, Claude 3.5), plus you can use it in your IDE.
-
Sign up: https://github.com/features/copilot
-
Enable models: Go to https://github.com/settings/copilot and enable all available models
-
Authenticate via one of these methods:
Option A: Zed Editor (Easiest)
# Install Zed: https://zed.dev
# Open Zed → Agent Panel (Cmd+?) → Settings (Opt+Cmd+C) → Sign in to GitHub Copilot ChatOption B: Xcode
# Follow GitHub's Xcode setup guide
# https://docs.github.com/en/copilot/managing-copilot/configure-personal-settings/installing-the-github-copilot-extension-in-your-environment?tool=xcode -
Verify setup: Check that
~/.config/github-copilot/
containsapps.json
orhosts.json
GitHub Copilot offers FREE access to many premium models! See the full list here.
OpenAI
# 1. Get API key from https://platform.openai.com/api-keys
# 2. Add to environment
export OPENAI_API_KEY="sk-your-key-here"
# 3. Use with ipsw
ipsw macho disass binary --dec --dec-llm openai
Claude (Anthropic)
# 1. Get API key from https://console.anthropic.com/
# 2. Add to environment
export ANTHROPIC_API_KEY="sk-ant-your-key-here"
# 3. Use with ipsw
ipsw macho disass binary --dec --dec-llm claude
Gemini (Google AI)
# 1. Get API key from https://aistudio.google.com/apikey
# 2. Add to environment
export GEMINI_API_KEY="your-key-here"
# 3. Use with ipsw
ipsw macho disass binary --dec --dec-llm gemini
Ollama (Local LLMs)
# 1. Install Ollama: https://ollama.com
# 2. Download models
ollama pull qwen2.5:32b-instruct # Good for code analysis
ollama pull codellama:34b # Code-specialized model
# 3. Start server and use
ollama serve
ipsw macho disass binary --dec --dec-llm ollama --dec-model "qwen2.5:32b-instruct"
Local LLMs require significant computational resources. Smaller models (7B-13B) may produce lower quality results compared to cloud-based models.
OpenRouter (Multi-Provider Access)
# 1. Get API key from https://openrouter.ai/
# 2. Set environment variables
export OPENROUTER_API_KEY="sk-or-your-key-here"
export OPENROUTER_CLIENT_TITLE="ipsw-decompiler" # Optional: for usage tracking
# 3. Use with ipsw
ipsw macho disass binary --dec --dec-llm openrouter
📖 Usage Examples
There are 2 ipsw
disassemblers:
ipsw macho disass
(for single MachOs, including file-entries in the NEW kernelcaches)ipsw dsc disass
(for dylibs in the dyld_shared_cache)
Binary Analysis
# Analyze iOS app main function
ipsw macho disass /Applications/MyApp.app/MyApp --symbol "_main" --dec
# Decompile with specific model
ipsw macho disass binary --entry --dec --dec-model "GPT-4" --dec-llm "openai"
# Force language interpretation
ipsw macho disass ObjCBinary --symbol "initWithFrame:" --dec --dec-lang "Objective-C"
Kernelcache Analysis
# Extract and analyze kernel function
ipsw download ipsw --device iPhone15,2 --latest --kernel
ipsw extract --kernel *.ipsw
ipsw macho disass kernelcache.* --symbol "_panic" --dec --dec-llm copilot
# Analyze KEXT with context
ipsw macho disass kernelcache --fileset-entry com.apple.driver.AppleMobileFileIntegrity --entry --dec
dyld_shared_cache Analysis
# Analyze specific virtual address
ipsw dsc disass dyld_shared_cache_arm64e --vaddr 0x1234567890 --dec
# Decompile with symbol context
ipsw dsc disass dyld_shared_cache_arm64e --symbol "_objc_msgSend" --demangle --dec
# Swift function analysis
ipsw dsc disass dyld_shared_cache --vaddr 0x... --dec --dec-lang "Swift" --dec-llm "claude"
💡 Example Output
Input Assembly
; Function: _main
0x100003f80: sub sp, sp, #0x20
0x100003f84: stp x29, x30, [sp, #0x10]
0x100003f88: add x29, sp, #0x10
0x100003f8c: str w0, [sp, #0xc]
0x100003f90: str x1, [sp]
0x100003f94: adrp x0, 0x100004000
0x100003f98: add x0, x0, #0x0
0x100003f9c: bl 0x100003fc0
AI Decompiled Output (ObjC)
int main(int argc, char *argv[]) {
@autoreleasepool {
__set_user_dir_suffix(@"com.apple.apsd");
@autoreleasepool {
APSDaemon *daemon = [[APSDaemon alloc] init];
if (daemon) {
NSRunLoop *runLoop = [NSRunLoop currentRunLoop];
[runLoop run];
[runLoop release];
}
[daemon release];
}
return 0;
}
@catch (NSException *exception) {
if ([exception reason] == 1) {
id exceptionObj = [exception retain];
id logger = [APSLog daemon];
if (_os_log_type_enabled(logger, 0x11)) {
[exceptionObj logWithLogger:logger];
}
[logger release];
[exceptionObj release];
}
}
}
🔍 Advanced Features
Language Detection
The AI decompiler automatically detects the programming language, but you can override:
# Force specific language interpretation
--dec-lang "C" # Pure C code
--dec-lang "C++" # C++ with classes
--dec-lang "Objective-C" # ObjC with NSObject, etc.
--dec-lang "Swift" # Swift syntax
Model Selection
# Interactive model selection (no --dec-model specified)
ipsw macho disass binary --dec --dec-llm openai
? Select model to use:
▸ gpt-4-1106-preview
gpt-4
gpt-3.5-turbo-1106
gpt-3.5-turbo
# Direct model specification
ipsw macho disass binary --dec --dec-model "Claude 3.5 Sonnet" --dec-llm copilot
Context Enhancement
# Include symbol information for better context
ipsw macho disass binary --symbol "functionName" --dec --demangle
# Include multiple functions for context
ipsw macho disass binary --vaddr 0x1000 --size 200 --dec
🎯 Best Practices
1. Choose the Right Model
- GPT-4/Claude 3.5: Best overall quality, understands complex code patterns
- GPT-3.5: Faster, good for simple functions
- Gemini: Good balance of speed and quality
- Local models: Privacy-focused but require powerful hardware
2. Provide Context
# Better: Include symbol names and demangling
ipsw macho disass binary --symbol "_objc_msgSend" --demangle --dec
# Best: Include surrounding code for context
ipsw macho disass binary --vaddr 0x1000 --size 500 --dec
3. Language Hints
# When analyzing ObjC runtime functions
ipsw dsc disass cache --symbol "_objc_msgSend" --dec --dec-lang "Objective-C"
# When analyzing Swift compiled code
ipsw dsc disass cache --symbol "swift_" --dec --dec-lang "Swift"
4. Performance Tips
- Use
--dec-model
to avoid interactive selection for automation - Cache results locally for repeated analysis
- Start with smaller code snippets before analyzing large functions
🛠️ Integration Examples
Automated Analysis Script
#!/bin/bash
# Analyze all exported functions in a binary
for symbol in $(ipsw macho info binary --symbols | grep "T _" | cut -d' ' -f3); do
echo "Analyzing $symbol..."
ipsw macho disass binary --symbol "$symbol" --dec --dec-model "Claude 3.5 Sonnet" > "analysis_$symbol.txt"
done
Custom Workflow
# 1. Extract and analyze iOS kernel panic function
ipsw download ipsw --device iPhone15,2 --latest --kernel
ipsw extract --kernel *.ipsw
ipsw macho disass kernelcache.* --symbol "_panic" --dec --dec-llm copilot
# 2. Analyze specific iOS framework function
ipsw dsc extract dyld_shared_cache_arm64e --dylib Foundation
ipsw macho disass Foundation --symbol "NSStringFromClass" --dec --dec-lang "Objective-C"
🔍 Troubleshooting
Common Issues
"No API key found"
- Ensure environment variables are set correctly
- For Copilot, verify the config files exist in
~/.config/github-copilot/
"Model not available"
- Check model names with
ipsw macho disass --dec --dec-llm provider
(without --dec-model) - Verify your API plan includes the requested model
"Poor decompilation quality"
- Try a more powerful model (GPT-4, Claude 3.5)
- Provide more context with
--size
parameter - Use
--demangle
for C++ symbols - Specify the correct
--dec-lang
"Rate limiting"
- Add delays between requests for large-scale analysis
- Consider using local models for extensive analysis
- Check your API plan limits
The AI decompiler transforms binary reverse engineering from assembly reading into understanding high-level algorithms and program logic. Combined with ipsw's comprehensive Apple platform analysis tools, it provides unprecedented insight into iOS and macOS internals.