Reverse engineering: Difference between revisions
Jump to navigation
Jump to search
(Created page with "== Tools == Debuggers: * GDB * LLDB * windbg * [https://ghidra-sre.org/ Ghidra], an open-source software reverse-engineering tool developped by the NSA. :Similar to IDA / IDA...") |
(→Tools) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 24: | Line 24: | ||
* [https://pythonhosted.org/arybo/index.html Arybo], a tool that gives a bit-level symbolic representation of expressions involving various types of operations on bit vectors |
* [https://pythonhosted.org/arybo/index.html Arybo], a tool that gives a bit-level symbolic representation of expressions involving various types of operations on bit vectors |
||
:This tool generates mixed-boolean arithmetics (MBA) expressions... |
:This tool generates mixed-boolean arithmetics (MBA) expressions... |
||
* [ |
* [[z3]], a theorem prover from Microsoft Research. |
||
:Can be used to solve obfuscated expression, solve polynomial expressions under constraints... |
:Can be used to solve obfuscated expression, solve polynomial expressions under constraints... |
||
* [https://github.com/quarkslab/sspam SSPAM], Symbolic Simplification with PAttern Matching. |
* [https://github.com/quarkslab/sspam SSPAM], Symbolic Simplification with PAttern Matching. |
||
| Line 32: | Line 32: | ||
* OLLVM (old) |
* OLLVM (old) |
||
* Tigress |
* Tigress |
||
== Docs == |
|||
* [https://beginners.re/RE4B-EN.pdf Reverse engineering for beginners (but > 1000 pages !)] |
|||
Latest revision as of 06:26, 27 November 2019
Tools
Debuggers:
- GDB
- LLDB
- windbg
- Ghidra, an open-source software reverse-engineering tool developped by the NSA.
- Similar to IDA / IDA Pro, but free and open source.
- IDA / IDA Pro
Simulators / emulators:
- QEMU
- Unicorn, is a lightweight multi-platform, multi-architecture CPU emulator framework.
- Based on QEMU, allows for running binary from any CPU with nice Python integration.
- capstone, a lightweight multi-platform, multi-architecture disassembly framework.
Binary instrumentation framework:
- Frida
- DynamoRio
- QBDI, open-sourc equivalent of DynamoRio.
Reverse analysis tools:
- Triton, a dynamic binary analysis (DBA) framework.
- This tool can reverse state machines or obfuscated code using virtual machine.
- Arybo, a tool that gives a bit-level symbolic representation of expressions involving various types of operations on bit vectors
- This tool generates mixed-boolean arithmetics (MBA) expressions...
- z3, a theorem prover from Microsoft Research.
- Can be used to solve obfuscated expression, solve polynomial expressions under constraints...
- SSPAM, Symbolic Simplification with PAttern Matching.
- Can simplify complex arithmetic expressions using pattern matching.
Obfuscation tools:
- OLLVM (old)
- Tigress