Difference between revisions of "Software Tools"
Jump to navigation
Jump to search
Polymorphic7 (talk | contribs) (Added more good shizzle) |
Polymorphic7 (talk | contribs) (added protectionid scanner link because web.archive is 404'd added virustotal link) |
||
| Line 5: | Line 5: | ||
====Signals Analysis==== | ====Signals Analysis==== | ||
| − | |||
| − | * [https:// | + | *[https://github.com/jopohl/urh Universal Radio Hacker] - tool to analyze and extract data from SDR-captured radio signals (especially pilots, ISM RF devices, etc). See youtube for tutorials and examples. |
| − | * [https://github.com/audacity/audacity Audacity] - is a audio editor that can be used to cleanup the radio waves captured by a SDR or Software Defined Radio. (Example: Start Audacity -> Import –> Raw Data -> Radio Wave File) | + | *[https://www.gnuradio.org/ GNU Radio] - toolkit that provides signal processing blocks to implement software-defined radios and signal processing systems. |
| + | |||
| + | *[https://github.com/audacity/audacity Audacity] - is a audio editor that can be used to cleanup the radio waves captured by a SDR or Software Defined Radio. (Example: Start Audacity -> Import –> Raw Data -> Radio Wave File) | ||
====Firmware Analysis==== | ====Firmware Analysis==== | ||
| − | |||
| − | * [https://github.com/attify/firmware-analysis-toolkit FAT] - is a toolkit built in order to help security researchers analyze and identify vulnerabilities in IoT and embedded device firmware. | + | *[https://github.com/ReFirmLabs/binwalk binwalk] - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images. |
| + | |||
| + | *[https://github.com/attify/firmware-analysis-toolkit FAT] - is a toolkit built in order to help security researchers analyze and identify vulnerabilities in IoT and embedded device firmware. | ||
| − | * [https://github.com/rampageX/firmware-mod-kit Firmware Modification Kit] - is a collection of scripts and utilities to extract and rebuild linux based firmware images. | + | *[https://github.com/rampageX/firmware-mod-kit Firmware Modification Kit] - is a collection of scripts and utilities to extract and rebuild linux based firmware images. |
| − | * [https://github.com/craigz28/firmwalker Firmwalker] - is a script for searching the extracted firmware file system for goodies! | + | *[https://github.com/craigz28/firmwalker Firmwalker] - is a script for searching the extracted firmware file system for goodies! |
====Binary PE Analysis / Editor (Windows)==== | ====Binary PE Analysis / Editor (Windows)==== | ||
| − | |||
| − | * [https://web.archive.org/web/20220331063153/http://www.rdgsoft.net/ RDG Packer Detector] - is a detector for packers, cryptors, compilers, installers. | + | *[https://web.archive.org/web/20210331144912/https://protectionid.net/ ProtectionID] - Great little tool to scan a Windows binary payload for overlays and packers. [[File:ProtectionId.690.December.2017.zip|thumb|PiD.690.zip]] [https://www.virustotal.com/gui/file/26c54eb376183d508ee129531728f9e01d30f0df29d7621f390e8f0ea6a1c79c/community VT link], pw: recessim.com |
| + | |||
| + | *[https://web.archive.org/web/20220331063153/http://www.rdgsoft.net/ RDG Packer Detector] - is a detector for packers, cryptors, compilers, installers. | ||
| − | * [https://github.com/hasherezade/pe-bear PE-bear] - is a Portable Executable reversing tool with a friendly GUI using the Capstone Engine and is Open Source! | + | *[https://github.com/hasherezade/pe-bear PE-bear] - is a Portable Executable reversing tool with a friendly GUI using the Capstone Engine and is Open Source! |
| − | * [https://ntcore.com/?page_id=388 CFF Explorer] - is a PE editor called CFF Explorer and a process viewer with a lot of features. | + | *[https://ntcore.com/?page_id=388 CFF Explorer] - is a PE editor called CFF Explorer and a process viewer with a lot of features. |
====IAT Reconstructors (Windows)==== | ====IAT Reconstructors (Windows)==== | ||
| − | * [https://github.com/x64dbg/Scylla NtQuery Scylla] - is a Windows Portable Executable imports reconstructor open source and part of x64dbg. | + | |
| + | *[https://github.com/x64dbg/Scylla NtQuery Scylla] - is a Windows Portable Executable imports reconstructor open source and part of x64dbg. | ||
====Debugger / disassembler for unmanged binaries==== | ====Debugger / disassembler for unmanged binaries==== | ||
| − | |||
| − | * [https://www.nsa.gov/resources/everyone/ghidra/ Ghidra] - Ghidra is an open source software reverse engineering (SRE) framework developed by NSA's [https://www.nsa.gov/what-we-do/research/ Research] Directorate for NSA's [https://www.nsa.gov/what-we-do/cybersecurity/ cybersecurity mission]. | + | *[https://binary.ninja/ Binary Ninja] - reverse-engineering platform that can disassemble a binary and display the disassembly in linear or graph views. |
| + | |||
| + | *[https://www.nsa.gov/resources/everyone/ghidra/ Ghidra] - Ghidra is an open source software reverse engineering (SRE) framework developed by NSA's [https://www.nsa.gov/what-we-do/research/ Research] Directorate for NSA's [https://www.nsa.gov/what-we-do/cybersecurity/ cybersecurity mission]. | ||
| + | |||
| + | *[https://www.hex-rays.com/products/ida/ IDA] - The IDA Disassembler and Debugger is an interactive, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X. | ||
| + | |||
| + | *[https://github.com/vivisect/vivisect Vivisect] - Vivisect binary analysis framework. Includes Disassembler, Debugger, Emulation and Symbolik analysis engines. Includes built-in Server and Shared-Workspace functionality. Runs interactive or headless, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X (Pure-Python, using ctypes to access underlying OS debug mechanism). Supports RevSync via plugin, allowing basic collaboration with Binja, Ghidra, and IDA. Criticisms (from a core dev): "Graph View could use some work, slower than Binja and IDA (due to Python), documentation like an OpenSource Project... but we keep working to make it better. PR's and suggestions welcome." Best installed via Pip: <code>python3 -m pip install vivisect</code> | ||
| − | * [https:// | + | *[https://codisec.com/veles/ Veles] - Open source tool for binary data analysis (No longer actively developed). |
| − | * [https:// | + | *[https://www.immunityinc.com/products/debugger/ Immunity Debugger] - is a powerful new way to write exploits, analyze malware, and reverse engineer Windows binary files (python support) |
| − | * [https:// | + | *[https://www.hopperapp.com/ Hopper] - Hopper can use LLDB or GDB, which lets you debug and analyze the binary in a dynamic way (only for Mac and Linux hosts, not for mobile devices). |
| − | * [https:// | + | *[https://x64dbg.com/ x64dbg] - Is a powerful Open Source Ollydbg replacement with a User Interface very similar to Ollydbg also x64dbg as the name states offers x64 support. |
| − | * [https:// | + | *[https://github.com/uxmal/reko Reko] - Reko is a binary decompiler for static analysis (ARM, x86-64, M68K, Aarch65, RISC-V and dotnet) |
| − | + | ====Debugger / disassembler for manged binaries==== | |
| − | + | =====.NET===== | |
| − | + | *[https://github.com/dnSpy/dnSpy dnSpy] - is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. | |
| − | + | *[https://github.com/icsharpcode/ILSpy ILSpy] - NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform! | |
| − | * [https://github.com/ | ||
| − | * [https:// | + | *[https://www.telerik.com/products/decompiler.aspx Telerik JustDecompile] - is a free .NET decompiler and assembly browser that makes high-quality .NET decompilation easy With an open source decompilation engine. |
| − | + | =====JAVA===== | |
| − | + | *[https://github.com/skylot/jadx Jadx] - Dex to Java decompiler. Command-line and GUI tools for producing Java source code from Android Dex and apk files. | |
| − | * [https://github.com/skylot/jadx Jadx] - Dex to Java decompiler. Command-line and GUI tools for producing Java source code from Android Dex and apk files. | ||
| − | * [https://github.com/Col-E/Recaf Recaf] - Recaf is an open-source Java bytecode editor that simplifies the process of editing compiled Java applications. | + | *[https://github.com/Col-E/Recaf Recaf] - Recaf is an open-source Java bytecode editor that simplifies the process of editing compiled Java applications. |
| − | * [https://www.pnfsoftware.com/ JEB decompiler] - Decompile and debug Android dalvik, Intel x86, ARM, MIPS, RISC-V, S7 PLC, Java, WebAssembly & Ethereum Decompilers. | + | *[https://www.pnfsoftware.com/ JEB decompiler] - Decompile and debug Android dalvik, Intel x86, ARM, MIPS, RISC-V, S7 PLC, Java, WebAssembly & Ethereum Decompilers. |
| − | * [https://github.com/honeynet/apkinspector/ APKinspector] - is a powerful GUI tool for analysts to analyze the Android applications. | + | *[https://github.com/honeynet/apkinspector/ APKinspector] - is a powerful GUI tool for analysts to analyze the Android applications. |
| − | * [https://apktool.org/ Apktool] - A tool for reverse engineering Android apk files. | + | *[https://apktool.org/ Apktool] - A tool for reverse engineering Android apk files. |
| − | * [https://github.com/Konloch/bytecode-viewer Bytecode viewer] - A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More) | + | *[https://github.com/Konloch/bytecode-viewer Bytecode viewer] - A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More) |
| − | ==== Mobile exploration frameworks ==== | + | ====Mobile exploration frameworks==== |
| − | * [https://frida.re/ Frida] - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. | + | *[https://frida.re/ Frida] - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. |
| − | * [https://github.com/sensepost/objection objection] - is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak. | + | *[https://github.com/sensepost/objection objection] - is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak. |
| − | * [https://github.com/ElderDrivers/EdXposed Xposed Framework] - is a framework for mobile exploration hooking and modifying code on the fly. [https://binderfilter.github.io/xposed/ Inline API hooking example]. | + | *[https://github.com/ElderDrivers/EdXposed Xposed Framework] - is a framework for mobile exploration hooking and modifying code on the fly. [https://binderfilter.github.io/xposed/ Inline API hooking example]. |
| − | ==== Tools for opening CAD or Boardview files ==== | + | ====Tools for opening CAD or Boardview files==== |
'''Description''': Boardview is a type of file containing information about printed circuit boards, their components, used signals, test points and more. These files may have following extensions: .asc, .bdv, .brd, .bv, .cad, .cst, .gr, .f2b, .fz, .tvw and others. | '''Description''': Boardview is a type of file containing information about printed circuit boards, their components, used signals, test points and more. These files may have following extensions: .asc, .bdv, .brd, .bv, .cad, .cst, .gr, .f2b, .fz, .tvw and others. | ||
| − | * [https://pldaniels.com/flexbv5/ FlexBV] - Advanced FlexBV boardview software integrates your boardview files with PDF schematics to substantially ease the process of tracking down faults and understanding damaged boards | + | *[https://pldaniels.com/flexbv5/ FlexBV] - Advanced FlexBV boardview software integrates your boardview files with PDF schematics to substantially ease the process of tracking down faults and understanding damaged boards |
| − | * [http://boardviewer.net/ BoardViewer] - BoardViewer is software intended for viewing various boardview file types | + | *[http://boardviewer.net/ BoardViewer] - BoardViewer is software intended for viewing various boardview file types |
| − | * CADview - simple old tool for viewing CAD files of PCB's. [[File:CAD View.zip|thumb]] | + | *CADview - simple old tool for viewing CAD files of PCB's. [[File:CAD View.zip|thumb]] |
Revision as of 13:59, 8 October 2023
Disassemblers, Decompilers, Development Tools, Schematic/PCB Capture and other reverse engineering software. If you used it while reverse engineering, list it here!
Contents
- 1 Tool Index
- 2 Education
Tool Index
Signals Analysis
- Universal Radio Hacker - tool to analyze and extract data from SDR-captured radio signals (especially pilots, ISM RF devices, etc). See youtube for tutorials and examples.
- GNU Radio - toolkit that provides signal processing blocks to implement software-defined radios and signal processing systems.
- Audacity - is a audio editor that can be used to cleanup the radio waves captured by a SDR or Software Defined Radio. (Example: Start Audacity -> Import –> Raw Data -> Radio Wave File)
Firmware Analysis
- binwalk - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
- FAT - is a toolkit built in order to help security researchers analyze and identify vulnerabilities in IoT and embedded device firmware.
- Firmware Modification Kit - is a collection of scripts and utilities to extract and rebuild linux based firmware images.
- Firmwalker - is a script for searching the extracted firmware file system for goodies!
Binary PE Analysis / Editor (Windows)
- ProtectionID - Great little tool to scan a Windows binary payload for overlays and packers. File:ProtectionId.690.December.2017.zip VT link, pw: recessim.com
- RDG Packer Detector - is a detector for packers, cryptors, compilers, installers.
- PE-bear - is a Portable Executable reversing tool with a friendly GUI using the Capstone Engine and is Open Source!
- CFF Explorer - is a PE editor called CFF Explorer and a process viewer with a lot of features.
IAT Reconstructors (Windows)
- NtQuery Scylla - is a Windows Portable Executable imports reconstructor open source and part of x64dbg.
Debugger / disassembler for unmanged binaries
- Binary Ninja - reverse-engineering platform that can disassemble a binary and display the disassembly in linear or graph views.
- Ghidra - Ghidra is an open source software reverse engineering (SRE) framework developed by NSA's Research Directorate for NSA's cybersecurity mission.
- IDA - The IDA Disassembler and Debugger is an interactive, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X.
- Vivisect - Vivisect binary analysis framework. Includes Disassembler, Debugger, Emulation and Symbolik analysis engines. Includes built-in Server and Shared-Workspace functionality. Runs interactive or headless, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X (Pure-Python, using ctypes to access underlying OS debug mechanism). Supports RevSync via plugin, allowing basic collaboration with Binja, Ghidra, and IDA. Criticisms (from a core dev): "Graph View could use some work, slower than Binja and IDA (due to Python), documentation like an OpenSource Project... but we keep working to make it better. PR's and suggestions welcome." Best installed via Pip:
python3 -m pip install vivisect
- Veles - Open source tool for binary data analysis (No longer actively developed).
- Immunity Debugger - is a powerful new way to write exploits, analyze malware, and reverse engineer Windows binary files (python support)
- Hopper - Hopper can use LLDB or GDB, which lets you debug and analyze the binary in a dynamic way (only for Mac and Linux hosts, not for mobile devices).
- x64dbg - Is a powerful Open Source Ollydbg replacement with a User Interface very similar to Ollydbg also x64dbg as the name states offers x64 support.
- Reko - Reko is a binary decompiler for static analysis (ARM, x86-64, M68K, Aarch65, RISC-V and dotnet)
Debugger / disassembler for manged binaries
.NET
- dnSpy - is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
- ILSpy - NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
- Telerik JustDecompile - is a free .NET decompiler and assembly browser that makes high-quality .NET decompilation easy With an open source decompilation engine.
JAVA
- Jadx - Dex to Java decompiler. Command-line and GUI tools for producing Java source code from Android Dex and apk files.
- Recaf - Recaf is an open-source Java bytecode editor that simplifies the process of editing compiled Java applications.
- JEB decompiler - Decompile and debug Android dalvik, Intel x86, ARM, MIPS, RISC-V, S7 PLC, Java, WebAssembly & Ethereum Decompilers.
- APKinspector - is a powerful GUI tool for analysts to analyze the Android applications.
- Apktool - A tool for reverse engineering Android apk files.
- Bytecode viewer - A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Mobile exploration frameworks
- Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
- objection - is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.
- Xposed Framework - is a framework for mobile exploration hooking and modifying code on the fly. Inline API hooking example.
Tools for opening CAD or Boardview files
Description: Boardview is a type of file containing information about printed circuit boards, their components, used signals, test points and more. These files may have following extensions: .asc, .bdv, .brd, .bv, .cad, .cst, .gr, .f2b, .fz, .tvw and others.
- FlexBV - Advanced FlexBV boardview software integrates your boardview files with PDF schematics to substantially ease the process of tracking down faults and understanding damaged boards
- BoardViewer - BoardViewer is software intended for viewing various boardview file types
- CADview - simple old tool for viewing CAD files of PCB's. File:CAD View.zip
Education
Tools are great, and sometimes free! Without knowing how to use them, they can be a big waste of time. Better to spend your time learning the basics, then apply your knowledge.
Reverse Engineering Tutorial - A comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.
