Private macOS frameworks underpin critical services and daemons but remain undocumented and distributed only as stripped binaries, complicating security analysis. We present MOTIF, an agentic framework that integrates tool-augmented analysis with a finetuned large language model specialized for Objective-C type inference. The agent manages runtime metadata extraction, binary inspection, and constraint checking, while the model generates candidate method signatures that are validated and refined into compilable headers. On MOTIF-Bench, a benchmark built from public frameworks with groundtruth headers, MOTIF improves signature recovery from 15% to 86% compared to baseline static analysis tooling, with consistent gains in tool-use correctness and inference stability. Case studies on private frameworks show that reconstructed headers compile, link, and facilitate downstream security research and vulnerability studies. By transforming opaque binaries into analyzable interfaces, MOTIF establishes a scalable foundation for systematic auditing of macOS internals.

翻译：macOS私有框架支撑着关键服务和守护进程，但由于缺乏文档且仅以剥离符号的二进制形式分发，给安全分析带来困难。本文提出MOTIF——一种智能体框架，它将工具增强分析与专门针对Objective-C类型推断进行微调的大型语言模型相结合。该智能体管理运行时元数据提取、二进制检测和约束检查，而模型则生成候选方法签名，这些签名经过验证并优化为可编译的头文件。在基于公开框架构建并包含真实头文件的基准测试集MOTIF-Bench上，相较于基线静态分析工具，MOTIF将签名恢复率从15%提升至86%，同时在工具使用正确性和推断稳定性方面均取得持续改进。针对私有框架的案例研究表明，重构的头文件能够成功编译、链接，并有效支持下游安全研究与漏洞分析。通过将不透明的二进制文件转化为可分析的接口，MOTIF为系统化审计macOS内部机制建立了可扩展的基础。