This work addresses the significant challenge posed by undocumented macOS private frameworks, which are distributed solely as stripped binaries and thereby impede security analysis and reverse engineering. To overcome this limitation, we propose MOTIF, a novel framework that uniquely integrates fine-tuned large language models with tool-augmented agents to automatically infer and validate private method signatures. By leveraging Objective-C runtime metadata extraction, static binary analysis, and constraint-based verification, MOTIF generates compilable and linkable header files. Evaluated on the MOTIF-Bench benchmark, our approach dramatically improves method signature recovery from 15% to 86%, providing high-precision, verifiable interface reconstruction that substantially advances downstream security research and vulnerability discovery.

Private macOS frameworks underpin critical services and daemons but remain undocumented and distributed only as stripped binaries, complicating security analysis. We present MOTIF, an agentic framework that integrates tool-augmented analysis with a finetuned large language model specialized for Objective-C type inference. The agent manages runtime metadata extraction, binary inspection, and constraint checking, while the model generates candidate method signatures that are validated and refined into compilable headers. On MOTIF-Bench, a benchmark built from public frameworks with groundtruth headers, MOTIF improves signature recovery from 15% to 86% compared to baseline static analysis tooling, with consistent gains in tool-use correctness and inference stability. Case studies on private frameworks show that reconstructed headers compile, link, and facilitate downstream security research and vulnerability studies. By transforming opaque binaries into analyzable interfaces, MOTIF establishes a scalable foundation for systematic auditing of macOS internals.