Reverse engineering

From miki
Revision as of 18:58, 5 October 2019 by Mip (talk | contribs) (→‎Tools)
Jump to navigation Jump to search

Tools

Debuggers:

  • GDB
  • LLDB
  • windbg
  • Ghidra, an open-source software reverse-engineering tool developped by the NSA.
Similar to IDA / IDA Pro, but free and open source.
  • IDA / IDA Pro

Simulators / emulators:

  • QEMU
  • Unicorn, is a lightweight multi-platform, multi-architecture CPU emulator framework.
Based on QEMU, allows for running binary from any CPU with nice Python integration.
  • capstone, a lightweight multi-platform, multi-architecture disassembly framework.

Binary instrumentation framework:

  • Frida
  • DynamoRio
  • QBDI, open-sourc equivalent of DynamoRio.

Reverse analysis tools:

  • Triton, a dynamic binary analysis (DBA) framework.
This tool can reverse state machines or obfuscated code using virtual machine.
  • Arybo, a tool that gives a bit-level symbolic representation of expressions involving various types of operations on bit vectors
This tool generates mixed-boolean arithmetics (MBA) expressions...
  • [[z3], a theorem prover from Microsoft Research.
Can be used to solve obfuscated expression, solve polynomial expressions under constraints...
  • SSPAM, Symbolic Simplification with PAttern Matching.
Can simplify complex arithmetic expressions using pattern matching.

Obfuscation tools:

  • OLLVM (old)
  • Tigress