🥕 Carrot

Healthier than Apples.

macOS ARM64 game cheating framework. Raw Mach traps, hand-crafted MIG messages, zero hookable library calls.

Built for macOS 26+ on Apple Silicon. Educational/research purposes.

What it does

Carrot bypasses every layer of userland anti-cheat detection:

Layer	Technique	What it bypasses
task_for_pid	Direct svc #0x80 (inline assembly)	Hooks on the libsystem_kernel stub
Trap resolution	Parse MOVN instructions in stubs at runtime	Hardcoded trap numbers (SysWhispers-style)
VM read/write	mach_msg2_trap stub called as function pointer + hand-built MIG messages	Hooks on mach_vm_read_overwrite, mach_vm_write, mach_msg, mach_msg2_internal
Stealth	Inject as dylib into a host process (Discord, browser, etc.)	Process-list-based detection

Notable finding: On macOS 26, mach_msg_trap (trap -31) is completely defunct. Apple migrated kernel IPC to mach_msg2_trap (trap -47) with packed 64-bit argument pairs and MACH64_* flags. Carrot implements this new format.

API

#include <carrot/carrot.h>

// Attach to a game process
carrot_proc_t proc;
carrot_attach(pid, &proc);

// Read/write memory
int hp;
carrot_read_val(proc, addr, &hp);
hp = 9999;
carrot_write_val(proc, addr, &hp);

// Pointer chains (Cheat Engine style)
uint64_t final_addr;
carrot_resolve_chain(proc, base, (int64_t[]){0x20, 0x10, 0x0}, 3, &final_addr);

// AOB pattern scan with wildcards
carrot_scan_result_t results;
carrot_aob_scan(proc, start, end, "F2 82 ?? 8F 00", &results);
carrot_scan_result_free(&results);

carrot_detach(proc);

Build

make          # builds libcarrot.dylib, examples, and runs tests
make test     # tests only (21 tests, no sudo needed)
make clean

Project layout

include/carrot/     Public API headers
  types.h           Error codes, opaque handles
  process.h         carrot_attach / carrot_detach
  memory.h          carrot_read / carrot_write
  pointer.h         Pointer chain resolution
  scan.h            AOB/pattern scanning

src/                Implementation
  traps.c/h         Raw SVC + trap resolution
  mig.c/h           MIG messages via mach_msg2_trap
  process.c         Process attachment
  memory.c          Memory primitives
  pointer.c         Chain walker
  scan.c            Pattern parser + remote scanner

examples/
  game/             Target game (prints addresses, ticks HP/ammo/gold)
  cheat/            CLI cheat using libcarrot
  stealth/          Injectable dylib — runs inside a host process
    inject.c        Constructor-based injection, background cheat thread
    host.c          Dummy host for testing

tests/              21 self-contained tests (runs against own process via task_self)

Stealth injection

Inject the cheat into any process. The cheat operates from inside the host — no separate cheat process visible.

# Terminal 1: start target game
./build/game

# Terminal 2: inject into a host process
sudo CARROT_PID=<game_pid> CARROT_ADDR=<health_addr> \
  DYLD_INSERT_LIBRARIES=./build/libstealth.dylib \
  /Applications/Discord.app/Contents/MacOS/Discord

The dylib starts a background thread that attaches to the game and enforces god mode. The host application runs normally.

Note: DYLD_INSERT_LIBRARIES is stripped by SIP for system binaries (/usr/bin/*, /bin/*). Use your own binaries or third-party apps as hosts.

macOS 26 Mach IPC internals

This project documents several undocumented changes in macOS 26:

• mach_msg_trap (trap -31) is defunct — hangs indefinitely, even with timeout flags
• mach_msg2_trap (trap -47) is the only working kernel IPC path
• Argument format: 8 packed uint64 pairs (bits|size, remote|local, voucher|id, desc|rcv, rcvsz|prio, timeout)
• MACH64_SEND_MQ_CALL (0x200000000) flag is required for MIG calls
• mach_msg2_internal (the library wrapper) rejects some argument combinations that the raw trap accepts
• NDR_record has float_rep=0 (IEEE), not 1
• _kernelrpc_mach_port_deallocate_trap moved from trap -25 to -18

Limitations

• Hardened Runtime: task_for_pid is kernel-blocked for notarized apps (no get-task-allow entitlement). Works against most Steam/non-App-Store games.
• EndpointSecurity: ES_EVENT_TYPE_AUTH_GET_TASK can intercept task_for_pid at the kernel level regardless of the calling method. No game anti-cheat currently deploys this on macOS.
• Requires root: task_for_pid on another process needs sudo.
• macOS 26+ only: The mach_msg2_trap format is specific to macOS 26. Earlier versions used mach_msg_trap.

License

Educational research project. Use responsibly.