Reverse engineering

From miki

Jump to navigation Jump to search

Tools

Debuggers:

GDB
LLDB
windbg
Ghidra, an open-source software reverse-engineering tool developped by the NSA.

Similar to IDA / IDA Pro, but free and open source.

IDA / IDA Pro

Simulators / emulators:

QEMU
Unicorn, is a lightweight multi-platform, multi-architecture CPU emulator framework.

Based on QEMU, allows for running binary from any CPU with nice Python integration.

capstone, a lightweight multi-platform, multi-architecture disassembly framework.

Binary instrumentation framework:

Frida
DynamoRio
QBDI, open-sourc equivalent of DynamoRio.

Reverse analysis tools:

Triton, a dynamic binary analysis (DBA) framework.

This tool can reverse state machines or obfuscated code using virtual machine.

Arybo, a tool that gives a bit-level symbolic representation of expressions involving various types of operations on bit vectors

This tool generates mixed-boolean arithmetics (MBA) expressions...

z3, a theorem prover from Microsoft Research.

Can be used to solve obfuscated expression, solve polynomial expressions under constraints...

SSPAM, Symbolic Simplification with PAttern Matching.

Can simplify complex arithmetic expressions using pattern matching.

Obfuscation tools:

OLLVM (old)
Tigress

Docs

Reverse engineering for beginners (but > 1000 pages !)

Retrieved from "https://miki.immie.org/mediawiki/index.php?title=Reverse_engineering&oldid=11368"