Skip to content

xiosec/Reverse-engineering

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Reverse Engineering

xiosec - Reverse-engineering stars - Reverse-engineering forks - Reverse-engineering GitHub release License issues - Reverse-engineering

A set of tools for software reverse engineering.

In the following tables, you can find the tools you need according to the heading.

⚙ Debugging

Debugging Tools

Name Descriptions Download
WinDbg The WDK is used to develop, test, and deploy Windows drivers. Download
OllyDbg v1.10 OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. Download
OllyDbg v2.01 OllyDbg (named after its author, Oleh Yuschuk) is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. Download
x64dbg An open-source x64/x32 debugger for windows. Download
gdb GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Download
vdb A combined disassembler/static analysis/symbolic execution/debugger framework. More documentation is in the works. github
lldb LLDB is a next generation, high-performance debugger. It is built as a set of reusable components which highly leverage existing libraries in the larger LLVM Project, such as the Clang expression parser and LLVM disassembler. Download
qira All state is tracked while a program is running, so you can debug in the past. Download
unicorn Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86). github
Immunity Debugger Immunity Debugger's interfaces include the GUI and a command line. The command line is always available at the bottom of the GUI. It allows the user to type shortcuts as if they were in a typical text-based debugger, such as WinDBG or GDB. Immunity has implemented aliases to ensure that your WinDBG users do not have to be retrained and will get the full productivity boost that comes from the best debugger interface on the market. Download

🔩 Disassemblers

Disassemblers

Name Descriptions Download
IDA Pro IDA Pro as a disassembler is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language). Download
GHIDRA A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission. Download
Binary Ninja Our built-in decompiler works with all our architectures at one price and builds on a powerful family of ILs called BNIL. Download
Radare Disassemble (and assemble for) many different architectures. Download
Hopper Hopper Disassembler, the reverse engineering tool that lets you disassemble, decompile and debug your applications. Download
objdump objdump displays information about one or more object files. The options control what particular information to display. Download
fREedom capstone based disassembler for extracting to binnavi. Download

📱 Android

Android tools

Name Descriptions Download
Android Studio Android Studio provides the fastest tools for building apps on every type of Android device. Download
APKtool A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. Download
dex2jar Tools to work with android .dex and java .class files. github
IDA Pro IDA Pro as a disassembler is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language). Download
JaDx Dex to Java decompiler. github
APKinspector APKinspector is a powerful GUI tool for analysts to analyze the Android applications. github
objection 📱 objection - runtime mobile exploration github
Sign.jar Sign.jar automatically signs an apk with the Android test certificate. github
FindSecurityBugs FindSecurityBugs is a extension for FindBugs which include security rules for Java applications. Download
Quick Android Review Kit (Qark) Tool to look for several security related Android application vulnerabilities github
AndroBugs Framework AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows. github
Simplify Tool for de-obfuscating android package into Classes.dex which can be use Dex2jar and JD-GUI to extract contents of dex file. github
Android backup extractor Utility to extract and repack Android backups created with adb backup (ICS+). More info about adb backup here. github
Xposed framework Use this forum to chat about xposed framework and modules to modify your device without flashing a custom ROM Download
AndBug AndBug is a debugger targeting the Android platform’s Dalvik virtual machine intended for reverse engineers and developers. github
Introspy-Android Blackbox tool to help understand what an Android application is doing at runtime and assist in the identification of potential security issues. github
android-ssl-bypass This is an Android debugging tool that can be used for bypassing SSL, even when certificate pinning is implemented, as well as other debugging tasks. The tool runs as an interactive console. github

🗄 Hex Editors

Hex Editors

Name Descriptions Download
HxD HxD is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size. Download
010 Editor Why is 010 Editor so powerful? Unlike traditional hex editors which only display the raw hex bytes of a file. Download
Hex Workshop The Hex Workshop Hex Editor is a set of hexadecimal development tools for Microsoft Windows, combining advanced binary editing with the ease and flexibility of a word processor. Download
HexFiend A fast and clever open source hex editor for macOS. Download
Hiew view and edit files of any length in text, hex, and decode modes. Download
hecate The Hex Editor From Hell!. github

📐 Binary Format

Binary Format Tools

Name Descriptions Download
Cerbero Profiler Inspecting a file is a primary task for every low-level professional, be it for reversing, malware triage, forensics or software development. Download
Detect It Easy Detect It Easy, or abbreviated “DIE” is a program for determining types of files. Download
MachoView MachOView is a visual Mach-O file browser. It provides a complete solution for exploring and in-place editing Intel and ARM binaries. Download
codesign Code signing information usage: codesign -dvvv filename. Download

🔬 Binary Analysis

Binary Analysis Resources

Name Descriptions Download
Mobius Resources Unpacking Virtualization Obfuscators. Download
bap The Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a suite of utilities and libraries that enables analysis of programs in the machine code representation. github
angr angr is a platform-agnostic binary analysis framework. github

🔎 Bytecode Analysis

Bytecode Analysis Tools

Name Descriptions Download
dnSpy dnSpy is a debugger and .NET assembly editor. github
Bytecode Viewer SIX DIFFERENT JAVA DECOMPILERS, TWO BYTECODE EDITORS, A JAVA COMPILER,PLUGINS, SEARCHING, SUPPORTS LOADING FROM CLASSES, JARS, ANDROID APKS AND MORE. Download
JPEXS Free Flash Decompiler Opensource flash SWF decompiler and editor. github
JD Project The “Java Decompiler project” aims to develop tools in order to decompile and analyze Java 5 “byte code” and the later versions. JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields. JD-Eclipse is a plug-in for the Eclipse platform. It allows you to display all the Java sources during your debugging process, even if you do not have them all. JD-Core is a library that reconstructs Java source code from one or more “.class” files. JD-Core may be used to recover lost source code and explore the source of Java runtime libraries. New features of Java 5, such as annotations, generics or type “enum”, are supported. JD-GUI and JD-Eclipse include JD-Core library. JD-Core, JD-GUI & JD-Eclipse are open source projects released under the GPLv3 License. Download

🔨 Dynamic Analysis

Dynamic Analysis Tools

Name Descriptions Download
Process Explorer v16.42 Process Explorer shows you information about which handles and DLLs processes have opened or loaded. Download
Process Monitor v3.82 Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. Download
Autoruns for Windows v13.100 This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor. Download
Noriben Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. github
API Monitor API Monitor is a free software that lets you monitor and control API calls made by applications and services. Download
INetSim INetSim is a software suite for simulating common internet services in a lab environment, e.g. for analyzing the network behaviour of unknown malware samples. Download
SmartSniff SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter. Download
TCPView TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. Download
Wireshark Wireshark is the world’s foremost and widely-used network protocol analyzer. Download
Fakenet FakeNet is a tool that aids in the dynamic analysis of malicious software. Download
Volatility An advanced memory forensics framework. github
LiME A Loadable Kernel Module (LKM) which allows for volatile memory acquisition from Linux and Linux-based devices. github
Cuckoo Cuckoo Sandbox is the leading open source automated malware analysis system. Download
Objective-See Utilities Free Mac Security Tools Download
XCode Instruments XCode Instruments for Monitoring Files and Processes User Guide. Download
fs_usage report system calls and page faults related to filesystem activity in real-time. File I/O: fs_usage -w -f filesystem. Download
dmesg display the system message buffer. Download

📚 Document Analysis

Document Analysis Tools

Name Descriptions Download
Ole Tools python-oletools is a package of python tools to analyze Microsoft OLE2 files. Download
Didier's PDF Tools This tool will parse a PDF document to identify the fundamental elements used in the analyzed file. Download
Origami Origami is a Ruby framework designed to parse, analyze, and forge PDF documents. github

🔗 Scripting

Scripting

Name Descriptions Download
IDA Python Src IDAPython project for Hex-Ray's IDA Pro. github
IDC Functions Doc The following conventions are used in the function descriptions. Download
IDA Plugin Contest Hex-Rays Plugin Contest 2021 is now officially started. Download
onehawt IDA Plugin List A list of IDA Plugins. github
pefile pefile is a multi-platform Python module to parse and work with Portable Executable (PE) files. Most of the information contained in the PE file headers is accessible, as well as all the sections' details and data. github

💻 Mac Decrypt

Name Descriptions Download
Cerbero Profiler While this PoC is about static analysis, it’s very different than applying a packer to a malware. Download
AppEncryptor A command-line tool to apply or remove Apple Binary Protection from an application. github
Class-dump This is a command-line utility for examining the Objective-C runtime information stored in Mach-O files. Download
readmem A small OS X/iOS userland util to dump processes memory. github

📔 Reverse Engineering Books

Name Descriptions
The IDA Pro Book Description
Radare2 Book github page
Reverse Engineering for Beginners Description
The Art of Memory Forensics Description
Art of Software Security Assessment Description
iOS Reverse Engineering Description

📎 Target and Practice

Name Descriptions
OSX Crackmes Description
ESET Challenges Description
Flare-on Challenges Description
Github CTF Archives github page
Reverse Engineering Challenges Description
Malware Blacklist Description
malwr.com Description

License

Released under MIT by @xiosec.