Skip to content

Antibioticss/symp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
README.zh-CN.md
README.zh-CN.md
 
 

Repository files navigation

symp

English | 中文

A Mach-O symbol-based tool for easily patching functions by symbol.

Supported:

  • Symbol table LC_SYMTAB
  • Export table LC_DYLD_INFO/LC_DYLD_EXPORTS_TRIE
  • Import table S_SYMBOL_STUBS
  • Obj-C metadata

Installation

Pre-built binary

Grab the latest release from here.

A pkg installer is also available; it installs to /usr/local/bin by default.

Build from source

Clone the repo and build with cmake.

git clone https://github.com/Antibioticss/symp.git
cd symp
mkdir build && cd build
cmake .. -DCMAKE_BUILD_TYPE=Release && cmake --build .

Install to /usr/local/bin:

sudo cmake --install .

Usage

symp [options] -- <symbol> <file>

Example usage

Write hex bytes to the file offset corresponding to a virtual address (as shown in your disassembler):

symp -x 909090 -- 0x10002a704 file

Make an Obj-C function return 1:

symp -p ret1 -- '-[MyClass isSmart]' file

Overwrite a function with a new binary (instructions only):

symp -b new.bin -- '_old_func' file

Symbol types

Three symbol formats are supported:

Type Description Example
Hex address virtual address in hex; auto-detected when it starts with 0x or 0X 0x100007e68
ObjC symbol does not demangle class names; starts with +/-, enclosed in [] -[MyClass hello]
Regular symbol anything that does not match the two cases above _printf

Arguments

Argument Description Example
-p/--patch use a built-in patch; available values: nop, ret, ret0, ret1, ret2 -p ret1
-b/--binary use a binary file as the patch -b data.bin
-x/--hex use hex data as the patch (case-insensitive; spaces allowed) -x "C0 03 5F D6"
-a/--arch select an arch in a FAT file; currently supports x86_64 and arm64 -a arm64
-q/--quiet suppress match count messages (useful for command substitution) -q

Only one of -p, -b, or -x may be specified. If none is provided, the tool prints the symbol's file offset.

-a can be passed multiple times. If omitted, the tool searches all architectures in the file.

Integration with xsp

symp can be used with xsp for powerful symbol-based hex patching workflows:

# Basic workflow: Find symbol offset and use it for targeted patching
xsp --offset $(symp -q 'symbol_name' binary_file) -f binary_file hex1 hex2

# Example: Replace NOPs at a specific function with breakpoints
xsp --offset $(symp -q '_vulnerable_function' /usr/bin/target) -f /usr/bin/target "90 90 90 90" "CC CC CC CC"

# Example: Patch Objective-C method
xsp --offset $(symp -q '-[MyClass sensitiveMethod]' MyApp) -f MyApp "original_bytes" "patched_bytes"

License

MIT LICENSE

About

macho symbol patching tool

Topics

macos hacking macho hacking-tool patching

Resources

Readme

License

MIT license
Activity

Stars

9 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases 3

symp 1.2 Latest
Sep 28, 2025
+ 2 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages