Hard Links and Siblings
In our post on Inode and Directory Records, we noted that a single inode may be referenced by more than one directory record, as is...
Read more : Hard Links and SiblingsJoe T. Sylve, Ph.D. – Blog
Series
APFS Internals
A 27-part deep dive into the Apple File System covering on-disk structures, B-Trees, encryption, and more.
View the series : APFS InternalsPosts (Page 1 of 4)
EFI Jumpstart
APFS containers include an embedded EFI driver that allows UEFI firmware to boot from APFS partitions without requiring a built-in...
SpiceCrypt 3.0: QSPICE Support
SpiceCrypt 3.0.0 is out. When I introduced SpiceCrypt in March, it decrypted PSpice and LTspice model files so engineers could...
The Reaper
In our post on Containers, we introduced the Reaper as the subsystem responsible for garbage collection in APFS. The Reaper...
Space Manager
In our earlier post on Containers, we introduced the Space Manager as the subsystem responsible for tracking which blocks are...
Revisiting the APFS Series
Back in 2022 I started the APFS Advent Challenge: a daily run of posts dissecting the on-disk internals of Apple’s...
IDA-MCP Is Now RE-MCP With Ghidra Support
When I started building ida-mcp, the goal was simple: give an LLM headless access to IDA Pro through MCP (Model...
ida-mcp 2.2: From Tool Calls to Analysis Scripts
ida-mcp 2.2.0 is out. This release removes the friction between what the LLM wants to do and what MCP lets...
ida-mcp 2.1: Progressive Tool Discovery, Background Analysis, and Batch Operations
ida-mcp 2.1.0 is out. This release focuses on making the LLM a more efficient analyst: fewer wasted tool calls, less...
Announcing ida-mcp 2.0: A Headless MCP Server for IDA Pro
The Model Context Protocol (MCP) lets LLMs call external tools, and for reverse engineers the obvious application is connecting an...