MobileGestaltHelper

executablemacOS136.6 KBx86_64, arm64

Secure enclave key manager — accesses and manages hardware-sealed cryptographic keys

Manages cryptographic keys stored in the Secure Enclave through direct hardware communication. Provides XPC services that allow other system processes to access sealed keys (SIK) for cryptographic operations. Communicates with 7 network endpoints and collects 4 telemetry signals, likely reporting key usage and system state to Apple. References 37 bundle identifiers, indicating integration with multiple system and application components for key provisioning and authentication workflows.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 136.6 KB
UUID: 2DCEA3F5-AD41-34A4-B4EF-7A6726550CBD
Analyzed: 2026-04-09T09:39:25Z
CDHash: 044724799e85138835adc5a149be104461cdd3d05f618f26a10724dcb8bfe49e

Capabilities

KeychainAccess Secure Enclave sealed keys (SIK)

com.apple.keystore.sik.access [object Object]

HardwareDirect hardware/driver communication

/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

Frameworks7

Foundation libMobileGestalt.dylib IOKit QuartzCore(weak)libobjc.A.dylib libSystem.B.dylib CoreFoundation

Interesting Strings

Bundle IDs(37)

com.apple.security.system-groups0*!com.apple.CommCenter.fine-grained0 !com.apple.pearl.iokit-user-access "com.apple.camera.iokit-user-access 'com.apple.private.applesepmanager.allow

File Paths(6)

/AppleInternal/Library/BuildRoots/4~B_wiugDQwaQfLSjzOuwdcy1jds3Xe6Qp0QNUop4/Library/Caches/com.apple.xbs/Sources/MobileGestaltHelpers/MobileGestaltHelper/MobileGestaltHelper.m /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore

telemetry(4)

AppleBiometricServicesUserClient /com.apple.osanalytics.otatasking-service-access <key>com.apple.osanalytics.otatasking-service-access</key><string>AppleBiometricServicesUserClient</string>

URLs & Endpoints(4)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">https://www.apple.com/appleca/0

Network Surface

Networking Frameworks

CoreFoundation Foundation

Endpoints(7)

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

Hostnamewww.apple.com

Urlhttp://www.apple.com/appleca/root.crl0

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

DNA Capability Vector

Location

0

Keychain

1

Network

0

Storage

0

Hardware

1

IPC

0

Analytics

0

Security

0

System

0

Behavioral Profile

URL Endpoints

4

Telemetry Strings

4

File Paths

6

Bundle IDs

37

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Code5d760bd17a1efc8b4f549dd06d129adcc1592f10efe99b1aa5b3969809fd0a73

Imports6d41f9f57fa7ebd7d0e78dbf3a14d47b525a43a254ed2dd67650f81a11655e2f

Frameworks231a72422fe2c3d16fe0307bf793d561909a4c521d5d22cd8eb058fda82b5b82

Classes6f676a25c589dec33b2fb7b57a5d64b206c14d61c5a0ae0425fa7b44f3d86fab

Entitlementsdd29d6eb78ff966610365600cd1181c0d1bd98a33c45fc65dd53fa403ac4a266

Symbols697617d671bf46fa9403467feb5bf7559673f69241604d2d7faa8b00361dc076

Static Libraries0 / 24 functions identified

Functions(24)

0x100000c98sub_100000c98

0x100000da0-[MobileGestaltHelperListener listener:shouldAcceptNewConnection:]

0x100000e30-[MobileGestaltHelperListener processNameForConnection:]

0x100001094-[MobileGestaltHelperListener getSpringboardRegionOverride:reply:]

0x10000112c-[MobileGestaltHelperListener getServerAnswerForQuestion:reply:]

0x10000148c-[MobileGestaltHelperListener getAppleTVMode:]

0x100001504-[MobileGestaltHelperListener rebuildCache:]

0x100001640-[MobileGestaltHelperListener setCacheSentinel:]

0x100001788-[MobileGestaltHelperListener queryBootUUID]

0x1000018c4-[MobileGestaltHelperListener getSentinelPath]

0x1000018d8-[MobileGestaltHelperListener setCacheSentinel]

0x1000019d8-[MobileGestaltHelperListener needsNewCachePostBoot]

0x100001c18sub_100001c18

0x100001de0sub_100001de0

0x100001e0csub_100001e0c

0x100001ed8sub_100001ed8

0x100001f14sub_100001f14

0x100001f50sub_100001f50

0x100001f60sub_100001f60

0x100001f6csub_100001f6c

Imports56 symbols from 5 dylibs

libSystem.B.dylib21 libobjc.A.dylib12 CoreFoundation10 libMobileGestalt.dylib7 Foundation6

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable

KeychainStasher

trustdFileHelper

gamecontrolleragentd

locationaccessstored

gamecontrollerd

wifiFirmwareLoader

corebrightnessd