Browsing category
HyperDbg is designed with a focus on using modern hardware technologies to provide new features to the reverse engineering world. It operates on top of Windows by virtualizing an already running system using Intel VT-x and Intel PT. This debugger aims not to use any APIs and software debugging mechanisms, but instead, it uses […]
IDA PRO Auto-Renaming Plugin With Tagging Support Features 1. Auto-renaming dummy-named functions, which have one API call or jump to the imported API Before After 2. Assigning TAGS to functions accordingly to called API-indicators inside Sets tags as repeatable function comments and displays TAG tree in the separate view Some screenshots of TAGS view: […]
Basic BIOS emulator/debugger for Unicorn Engine. Written to debug the XEOS Operating System boot sequence. Usage: Usage: unicorn-bios [OPTIONS] BOOT_IMG Options: –help / -h: Displays help. –memory / -m: The amount of memory to allocate for the virtual machine (in megabytes). Defaults to 64MB, minimum 2MB. –break / -b Breaks on a specific address. […]
DECAF++, the new version of DECAF, taint analysis is around 2X faster making it the fastest, to the best of our knowledge, whole-system dynamic taint analysis framework. This results in a much better usability imposing only 4% overhead (SPEC CPU2006) when no suspicious (tainted) input exists. Even under heavy taint analysis workloads, DECAF++ has […]
A utility to analyze malicious JavaScript. Installation Simply install box-js from npm: npm install box-js –global Usage Looking to use box-js with Cuckoo? Use cuckoo-package.py as an analysis package. Let’s say you have a sample called sample.js: to analyze it, simply run box-js sample.js Chances are you will also want to download any payloads; […]
B2R2 is a collection of useful algorithms, functions, and tools for binary analysis, written purely in F# (in .NET lingo, it is purely managed code). B2R2 has been named after R2-D2, a famous fictional robot appeared in the Star Wars. In fact, B2R2’s original name was B2-R2, but we decided to use the name […]
flare-emu marries IDA Pro’s binary analysis capabilities with Unicorn’s emulation framework to provide the user with an easy to use and flexible interface for scripting emulation tasks. It is designed to handle all the housekeeping of setting up a flexible and robust emulator for its supported architectures so that you can focus on solving […]
metame is a simple metamorphic code engine for arbitrary executables. From Wikipedia: Metamorphic code is code that when run outputs a logically equivalent version of its own code under some interpretation. This is used by computer viruses to avoid the pattern recognition of anti-virus software. metame implementation works this way: Open a given binary […]
r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files. Radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later added support for analyzing binaries, disassembling code, debugging programs, attaching to remote […]
BlobRunner is a simple tool to quickly debug shellcode extracted during malware analysis. BlobRunner allocates memory for the target file and jumps to the base (or offset) of the allocated memory. This allows an analyst to quickly debug into extracted artifacts with minimal overhead and effort. To use BlobRunner, you can download the compiled executable […]
Use this IDA python plugin to scan your binary with yara rules. All the yara rule matches will be listed with their offset so you can quickly hop to them! All credit for this plugin and the code goes to David Berard (@p0ly) This plugin is copied from David’s excellent findcrypt-yara plugin. This plugin just […]
dex2jar Tools to work with android .dex and java .class files dex-reader/writer: Read/write the Dalvik Executable (.dex) file. It has a light weight API similar with ASM. d2j-dex2jar: Convert .dex file to .class files (zipped as jar) smali/baksmali: disassemble dex to smali files and assemble dex from smali files. different implementation to smali/baksmali, same syntax, […]
Diggy can extract endpoints/URLs from apk files. It saves the result into a txt file for further processing. Dependencies apktool Usage ./diggy.sh /path/to/apk/file.apk You can also install it for easier access by running install.sh After that, you will be able to run Diggy as follows: diggy /path/to/apk/file.apk Download Diggy Download Best WordPress Themes Free […]
A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. It also makes working with an app easier because of the project like file structure and automation of some repetitive tasks like building apk, etc. It is NOT intended […]
QuarkslaB Dynamic binary Instrumentation (QBDI) is a modular, cross-platform and cross-architecture DBI framework. It aims to support Linux, macOS, Android, iOS and Windows operating systems running on x86, x86-64, ARM and AArch64 architectures. Information about what is a DBI framework and how QBDI works can be found in the user documentation introduction. QBDI modularity means […]
ApkTool is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive […]
RetDec is a retargetable machine-code decompiler based on LLVM. The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code. Supported architectures (32b only): Intel x86, ARM, MIPS, PIC32, and PowerPC. Features: Static analysis of executable files with detailed […]
RetDec is a retargetable machine-code decompiler based on LLVM. The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code. Supported architectures (32b only): Intel x86, ARM, MIPS, PIC32, and PowerPC. Features: Static analysis of executable […]
A Qt and C++ GUI for radare2 reverse engineering framework (originally named Iaito). Cutter is not aimed at existing radare2 users. It instead focuses on those whose are not yet radare2 users because of the learning curve, because they don’t like CLI applications or because of the difficulty/instability of radare2. Requirements CMake >= 3.1 Radare2 […]
PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading header information from: MSDOS Header, COFF File Header, Optional Header, Section Table Reading standard section formats: Import Section, […]
Reverse Engineer .NET Assemblies dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger and an assembly editor (and more) and can be easily extended by writing your own extension. It uses dnlib to read and write assemblies so it can handle obfuscated assemblies (eg. malware) without crashing. Features […]