Aether is a native macOS disassembler built with Swift and SwiftUI. It breaks down binaries into their purest essence β just like the ancient Greek element that permeated the cosmos.
"Beyond the binary, into the essence."
Download Aether v1.2.0 β macOS 14.0 (Sonoma) or later
If the application appears corrupted or macOS displays a message stating the app is damaged, open Terminal and run the following command:
xattr -cr /path/to/Application.app
Replace /path/to/Application.app with the actual path to the application. This command removes extended attributes, including the quarantine flag, that may prevent the app from launching.
Three new AI features that you can use on-demand when analyzing binaries:
- Interactive Conversation: Chat with AI about your binary in real-time
- Context-Aware: AI knows the loaded binary, selected function, and decompiled code
- Follow-up Questions: Ask clarifying questions and get detailed explanations
- Quick Suggestions: Pre-built prompts to get started quickly
- Natural Language Explanation: Understand what any function does in plain English
- Complexity Rating: See if a function is simple, medium, or high complexity
- Pattern Recognition: Automatically identifies patterns like crypto, networking, file I/O
- Detailed Analysis: Multi-paragraph explanation of function behavior and purpose
- Smart Suggestions: AI analyzes code and suggests meaningful variable names
- Selective Application: Choose which renames to accept with checkboxes
- Preview Changes: See how the code will look before applying
- Batch Operations: Select All / Deselect All for quick decisions
- Reasoning Provided: Each suggestion includes why that name was chosen
- Go to Settings (gear icon) β AI tab
- Enter your AI API key
- Click the AI menu in the toolbar:
- Chat with AI... β Open interactive chat panel
- Explain Function β Get explanation of selected function
- Rename Variables β Get AI suggestions for variable names
- AI features only appear when API key is configured
- Unified AI Menu: All AI features consolidated under single "AI" button
- Conditional Visibility: AI options hidden when no API key configured
- Better Settings Access: Fixed Settings button in toolbar
- Dynamic Instrumentation: Generate ready-to-use Frida scripts for iOS and macOS
- 6 Hook Types:
- Trace: Log function calls, arguments, return values, and backtraces
- Bypass: Modify return values to bypass security checks
- Intercept: Advanced hooking with argument/return modification and context dump
- Memory Dump: Hexdump function memory at runtime
- String Patch: Find and patch strings in memory
- Anti-Debug: Bypass common anti-debugging (ptrace, sysctl, getppid, task_get_exception_ports)
- Platform Support: iOS and macOS with platform-specific optimizations
- AI-Enhanced Scripts: Optional AI-powered script generation with intelligent bypass detection
- Export Options: Copy to clipboard or save as .js file
- Quick Run Guide: Frida command shown directly in UI
- Select a function in the sidebar
- Click "Frida" in toolbar (or Analysis β Frida Script)
- Choose platform (iOS/macOS) and hook type
- Click "Basic" for template or "AI Enhanced" for intelligent analysis
- Copy script and run:
frida -U -f <app> -l script.js
- AI Integration: Optional AI-powered security analysis
- Bypass Detection: Identifies license checks, trial limitations, and anti-piracy mechanisms
- Patch Points: Suggests specific addresses and techniques for bypassing protections
- Security Mechanisms: Detects code signing, integrity checks, network validation
- Hardcoded Secrets: Finds obfuscated strings, API keys, and encryption keys
- Detailed Reports: Findings with severity levels (Critical/High/Medium/Low/Info)
- Secure Storage: API key stored in macOS Keychain (never in app bundle)
- Go to Settings (β,) β AI tab
- Enter your API key
- Click "AI Analysis" in toolbar β Analyze Function or Analyze Binary
- Review findings, bypass techniques, and patch points
- Async File Loading: Binary loading now runs on background thread for responsive UI
- No More Beach Ball: Large binaries load without freezing the interface
- Removed Debug Logging: Faster parsing and reduced memory usage
- Full Java Bytecode Support: Decompile JAR files and Java class files
- Stack Simulation: Accurate bytecode interpretation
- Method Signatures: Proper parsing of Java type descriptors
- Cleaner Toolbar: Removed redundant function name display
- Better Function Names: Improved formatting for Java method signatures in sidebar
- Control Flow Recovery: Integrated ControlFlowStructurer for proper structure recovery (if/else, while, for loops)
- String Literal Detection: New string cache system for better string recognition in decompiled code
- Improved Type Inference: Better inference for parameters, local variables and return types
- Prologue/Epilogue Detection: Automatically skip boilerplate function setup code
- Smart Condition Building: Combines compare+jump patterns into readable conditions
- Better Variable Names: Improved register to variable name mapping for both x86_64 and ARM64
- Enhanced Operations: Full support for increment, decrement, logic and arithmetic operations
- New Conditional Jumps View: View and patch conditional jumps (JZ, JNZ, JE, JNE, etc.)
- Flip Jump Conditions: Easily invert conditional jumps with one click
- Support for all x86 conditionals: Both short (7x) and long (0F 8x) jump opcodes
- Search and Filter: Find specific jumps by address or mnemonic
- Fixed crash with -128 displacement: Int8 overflow bug that caused SIGILL crash when disassembling instructions like
lea rdi, [rbp-0x80] - Added bounds checking: Safe array access for register names and condition codes
- Improved stability: Better handling of large binaries and edge cases
- Branch Arrows: Color-coded arrows showing jump directions
- π’ Green: Conditional forward jumps (skip code)
- π΄ Red: Conditional backward jumps (loops)
- π΅ Blue: Unconditional forward jumps
- π Orange: Unconditional backward jumps
- π£ Purple: Function calls
- Jump Table View: Panel listing all jumps with filtering and sorting (β§βJ)
- Inline Target Preview: Hover over jumps to see target code
- Branch Probability: Estimated probability (Likely/Unlikely/50-50)
- Branch Statistics: Summary of branches in disassembly header
- Pseudo-Code Generation: Convert assembly to structured C-like code with if/else, while, for loops
- Call Graph Visualization: Interactive graph showing function call relationships with multiple layouts (hierarchical, radial, force-directed)
- Crypto Detection: Automatically detect cryptographic algorithms (AES, SHA, RSA, etc.) by signature matching
- Deobfuscation Analysis: Detect obfuscation techniques (control flow flattening, opaque predicates, junk code)
- Type Recovery: Infer data types (structs, arrays, enums) from memory access patterns
- Idiom Recognition: Recognize common code patterns (strlen, memcpy, multiplication via shifts)
- IDA Python Script: Export analysis to IDA Pro format
- Ghidra XML: Export to Ghidra project format
- Radare2 Script: Export to r2 commands
- Binary Ninja Script: Export to Binary Ninja format
- JSON/CSV/HTML/Markdown: Multiple report formats
- C Header: Generate header files with function signatures
- Data Flow Analysis: Def-use chains, reaching definitions, constant propagation
- AI Annotator: Suggest function names and comments based on behavior analysis
- Lightweight Emulator: Trace execution for x86-64
- Multi-Architecture Support: ARM64 and x86_64
- Multiple Binary Formats: Mach-O, ELF, PE/COFF, JAR/Java Class
- Modern UI: Native SwiftUI interface with dark mode
- Disassembly View: Syntax-highlighted assembly with address navigation
- Hex View: Synchronized hex dump viewer
- Control Flow Graph (CFG): Visual representation of code flow
- Decompiler: Pseudo-C code generation
- Function Analysis: Automatic function detection and naming
- String Analysis: Extract and navigate to strings
- Cross-References: Track code and data references
- Symbol Support: Full symbol table parsing
- Project System: Save and restore analysis sessions
| Feature | Shortcut | Description |
|---|---|---|
| Analyze All | β§βA | Run full binary analysis |
| Find Functions | β§βF | Detect and list all functions |
| Show CFG | βG | Display control flow graph |
| Decompile | β§βD | Generate decompiled code |
| Generate Pseudo-Code | β§βP | Generate structured pseudo-code |
| Call Graph | βK | Show interactive call graph |
| Frida Script | - | Generate Frida hooking scripts |
| Crypto Detection | - | Detect cryptographic algorithms |
| Deobfuscation Analysis | - | Analyze obfuscation techniques |
| Type Recovery | - | Recover data types |
| Idiom Recognition | - | Recognize code patterns |
| Show Jump Table | β§βJ | View all branches and jumps |
| Feature | Description |
|---|---|
| Chat with AI | Interactive chat about the binary |
| Explain Function | Natural language explanation of selected function |
| Rename Variables | AI-suggested meaningful variable names |
| Security Analysis | Identify vulnerabilities and bypass techniques |
| Analyze Binary | Full binary security assessment |
| Format | Description |
|---|---|
| IDA Python | Script for IDA Pro |
| Ghidra XML | Project file for Ghidra |
| Radare2 | r2 command script |
| Binary Ninja | Python script for BN |
| JSON | Structured data export |
| CSV | Spreadsheet-compatible |
| HTML | Web report with styling |
| Markdown | Documentation format |
| C Header | Function declarations |
- Download Aether.dmg
- Open the DMG and drag Aether to Applications
- Launch Aether from Applications
git clone https://github.com/Pinperepette/Aether.git
cd Aether
swift build -c releaseThe built application will be available at .build/release/Aether.
- Open a binary: Drag and drop a file onto the window, or use
File β Open Binary(βO) - Navigate: Click on functions in the sidebar to jump to their code
- Analyze: Use
Analysis β Analyze All(β§βA) for full analysis - View CFG: Select a function and press βG to see the control flow graph
- Decompile: Press β§βD to generate pseudo-C code
- Pseudo-Code: Press β§βP to generate structured pseudo-code
- Call Graph: Press βK to view function call relationships
- Export: Use the Export menu to save analysis in various formats
| Action | Shortcut |
|---|---|
| Open Binary | βO |
| Close | βW |
| Go to Address | β§βG |
| Search | βF |
| Analyze All | β§βA |
| Find Functions | β§βF |
| Show CFG | βG |
| Decompile | β§βD |
| Pseudo-Code | β§βP |
| Call Graph | βK |
| Jump Table | β§βJ |
| Format | Extensions | Architectures |
|---|---|---|
| Mach-O | (various) | ARM64, x86_64 |
| ELF | .so, .elf, (none) | ARM64, x86_64 |
| PE/COFF | .exe, .dll | x86, x86_64 |
| Java | .jar, .class | JVM Bytecode |
Aether/
βββ App/ # Application entry point and state management
βββ Core/
β βββ Binary/ # Binary format loaders (Mach-O, ELF, PE, JAR)
β βββ Disassembler/ # Disassembly engine
β βββ Analysis/ # Function, string, xref, crypto, type analysis
β βββ Decompiler/ # Pseudo-code generation
β βββ Emulation/ # Lightweight CPU emulator
βββ UI/ # SwiftUI views and components
β βββ GraphView/ # CFG and Call Graph visualization
β βββ AnalysisViews/ # Analysis result views
βββ Models/ # Data models
βββ Services/ # Export manager, Frida generator, AI client
Contributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the MIT License - see the LICENSE file for details.
Aether β Peel back the layers. See the code beneath.