Skip to content

Latest commit

 

History

History
548 lines (375 loc) · 21.1 KB

_software.md

File metadata and controls

548 lines (375 loc) · 21.1 KB

Awesome Software Reverse Engineering

A curated list of awesome reverse engineering resources to make you better!

Managed by Reversing.ID for the reversing community.

Introduction

Software Reverse Engineering focus on code, related data, and architecture which build a complete software.

The goals:

  • Recover lost information, or to make documentation.
  • Detect side effects (bugs, backdoor, vulnerabilities)
  • Synthesis higher abstraction.
  • Facilitate reuse.

In most case, the target of Software Reversing is code in compiled form (native or intermediate), either executable or libraries.

Table of Contents


Books

Reversing Concept

Tools

Assembly and languages

Specific topic on Software Reverse Engineering

White Papers

Articles

Courses

Reverse Engineering Courses

Channels

Binary Analysis Channels

Practices

Practice Reverse Engineering

References

Learning Assembly

Intermediate Representation


Hex Editors

Hex editor lets you view/edit the binary data of a file.

Multi/cross platform

Windows

Mac OS X

Binary Format

File information and format identifier

Executable detector

Executable explorer

Dependency check

Format parser and modification

  • Kaitai Struct - develop format parsers by declarative approach
  • LIEF - Library to Instrument Executable Formats, easily parse, modify and abstract many file formats.
  • QuickBMS - easily extract and modify file format with support of encryption, compressions, obfuscation, and other algorithms.

Bytecode Editors

Java bytecode editor

Disassemblers & Decompilers

Native code disassembler and decompiler

Android application disassembler / decoder

  • JEB2 - eclipse-based integrated reverse engineering platform for analyzing various parts of Android application components.

Java decompiler

.NET decompiler

Python decompiler

Flash decompiler

  • JPEXS Flash Decompiler - open source SWF decompiler and editor, convert SWF to FLA, edit ActionScript, replace resources (images, sounds, texts, fonts).
  • Flare - Extract all scripts from SWF.

Delphi decompiler

Lua decompiler

  • UnLuac - decompiler for Lua 5.0 - 5.4 and require debugging information (non-stripped).
  • LuaDec - decompiler based on luadec 5.0.x and LuaDec51.

AutoIT decompiler

  • myAut2Exe - scan and extract the AutoIT script.
  • Exe2Aut - extract the AutoIT script by running it.

Ethereum (EVM) Solidity disassembler / decompiler

  • evmdis - EVM disassembler by static analysis on the bytecode.
  • pyevmasm - assembler and disassembler library for EVM (Ethereum Virtual Machine).

Debuggers

Multi/cross platform

Windows

Linux

  • QIRA - timeless debugger which track all state while program is running.
  • EDB

Virtual Machine Introspection for debugging

Hypervisor debugger

  • HyperDbg - minimalistic hypervisor with hardware-assisted virtualization to debug kernel.

GDB enrichment

OllyDbg variant

Graphic Debugger

Behavior Analysis

Network simulation

Packet Capture

Process

Tracer

Sandbox

Misc

Dynamic Binary Instrumentation

Native

  • DynamoRIO - runtime code manipulation system that supports code transformation on any part of program.
  • Frida - scriptable DBI toolkit for cross-platform target.
  • Pin
  • QBDI - modular, cross-platform, and cross-architecture DBI framework backed by LLVM.

.NET

  • Hawkeye2 - view, edit, analyze, and invoke (almost) any object from .net applications.
  • UnityDoorstop - execute managed assemblies inside Unity as early as possible.

Binary Analysis Framework

  • Angr - python framework for analyzing binaries, combines both static and dynamic symbolic (concolic) analysis.
  • Triton - dynamic binary analysis (DBA) framework.
  • BAP - suite of utilities and libraries that enable analysis of programs in their machine representations.
  • BitBlaze
  • PANDA - Platform for Architecture-Neutral Dynamic Analysis, built on QEMU system emulator, analyzecode in runtime.
  • BARF
  • S2E - platform for in-vivo analysis of software systems.
  • miasm - analyze / modify / generate binary program with python.
  • soot - java optimization framework

Symbolic Execution (only)

  • KLEE - dynamic symbolic execution engine built on top of the LLVM compiler infrastructure
  • manticore - symbolic execution tool for analysis of smart contracts and binaries.
  • Kite - conflict-driven symbolic execution tool (proof of concept)
  • jCUTE - Java Concolic Unit Testing Engine, automatically generate unit tests for Java programs.
  • ExpoSE - dynamic symbolic execution engine for JavaScript.
  • ESILSolve - python symbolic execution framework using r2 and ESIL.

Binary lifting

  • McSema - framework for lifting x86, amd64, and aarch64 program binareis to LLVM bitcode.

Theorem prover and solver

Code Emulators

Injectors

Windows

HTTP Intercept Proxy

Reconstructors

Import reconstructor

Data-type reconstructor

Unpackers

Obfuscators

Native

AutoIt scripts

Deobfuscators

Native

Java

.NET

Javascript

PHP

String extraction

Binary Visualization

See also Data & Format Reversing.

Document Analysis

Misc


IDA Script

  • IDA Python Src - source code for IDAPython plugin, enable python script running in IDA Pro .

references

Script collection

Ghidra Script

Script collection