Useful Reverse Engineering Tools

From Exploitee.rs
Jump to navigationJump to search

"Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong."

Dissassembly & Decompilation Software

IDA PRO

IDA Pro is a sophisticated commercial software application used for reverse engineering binary executables and analyzing software. Developed by Hex-Rays, IDA Pro is widely recognized as one of the most advanced and powerful tools in the field of reverse engineering.

Key features of IDA Pro include:

  1. Disassembly and Decompilation: IDA Pro provides comprehensive disassembly capabilities, allowing users to view and analyze assembly code instructions. Additionally, it offers a decompiler that generates higher-level pseudocode representations of the code, aiding in understanding complex binaries.
  2. Graphical User Interface (GUI): IDA Pro features a rich graphical interface that enables users to navigate, visualize, and interact with disassembled code, control flow graphs, data structures, and more.
  3. Advanced Analysis Tools: The tool includes a range of analysis features such as function recognition, code cross-references, call graphs, and data flow analysis.
  4. Extensibility and Scripting: IDA Pro supports scripting in various languages, allowing users to automate tasks, customize functionality, and create plugins to extend its capabilities.
  5. Binary Analysis and Security Research: IDA Pro is used extensively in the field of security research, helping analysts identify vulnerabilities, study malware, and analyze the security of software systems.
  6. Collaboration: IDA Pro's database format enables collaboration between analysts, allowing them to share their analysis and research on a specific binary.
  7. Multiple Platforms and Architectures: IDA Pro supports a wide range of platforms and architectures, making it suitable for analyzing binaries across different environments.
  8. Cost: IDA Pro is a commercial product and is available in several editions with varying feature sets. The cost of IDA Pro can range from several hundred to several thousand dollars per "seat" or user license. As of my last update in September 2021, the price for IDA Pro with all the decompilers (including Hex-Rays Decompiler) is roughly estimated to be around $2500 per seat.

Ghidra

Ghidra is a powerful open-source JAVA based software reverse engineering framework that was released by the United States National Security Agency (NSA) in March 2019.

Key features of Ghidra include:

  1. Disassembly and Decompilation: Ghidra can disassemble executable code into human-readable assembly language instructions and can also generate decompiled C code from binary executables. This helps analysts understand how the software functions at a higher level.
  2. Graphical User Interface (GUI): Ghidra features a user-friendly GUI that assists users in navigating and visualizing the disassembled code, control flow graphs, data structures, and more.
  3. Collaboration and Scripting: Ghidra allows users to write custom scripts and plugins in languages like Python to automate analysis tasks and customize the tool's functionality.
  4. Symbolic Analysis: Ghidra supports symbolic analysis, which aids in understanding program behavior by tracking values and relationships symbolically.
  5. Binary Analysis and Vulnerability Research: Security researchers can use Ghidra to identify vulnerabilities, analyze malware, and discover potential security weaknesses in software.
  6. Cross-Platform Compatibility: Ghidra is cross-platform, supporting Windows, macOS, and Linux, making it accessible to a wide range of users.
  7. Open Source and Community-Driven: One of Ghidra's standout features is that it is open-source software. This means that anyone can access, use, and contribute to its development. The open nature of the project encourages collaboration and innovation within the reverse engineering community.
  8. Cost: Ghidra is freely available for download and use, making it an accessible tool for individuals and organizations alike. The fact that it is open source contributes to its widespread adoption and popularity in the cybersecurity and reverse engineering fields.

Binary Ninja

Binary Ninja is a modern and user-friendly binary analysis platform used for reverse engineering and analyzing compiled code. Developed by Vector 35, Binary Ninja is often the preferred tool for CTF players and reverse engineers looking for a developer friendly python based API.

Key features of Binary Ninja include:

  1. Interactive Graphical Interface: Binary Ninja offers an interactive and visually appealing interface that simplifies the process of navigating and analyzing disassembled code. The platform uses a modern design to provide a clear representation of control flow graphs, functions, and data structures.
  2. Multi-Architecture and Multi-Platform Support: Binary Ninja supports various processor architectures and platforms, allowing users to analyze binaries from different environments and systems.
  3. Disassembly and Decompilation: The platform provides disassembly capabilities to view assembly code, and it also offers a decompiler to generate high-level pseudocode representations of the binary.
  4. Advanced Analysis Tools: Binary Ninja includes features such as function recognition, data cross-references, call graphs, data flow analysis, and more.
  5. Plugin Ecosystem: Binary Ninja supports a plugin architecture that allows users to extend its functionality through custom plugins written in Python.
  6. Collaboration and Sharing: The platform allows users to share analysis data and collaborate on projects by exporting and importing databases.
  7. Scripting and Automation: Users can write scripts in Python to automate repetitive tasks and customize analysis processes.
  8. Cost: Binary Ninja offers different editions with varying feature sets. As of my last update in September 2021, the cost of Binary Ninja's commercial licenses ranged from around $150 to $300 for the Personal edition, while the Business edition was priced at approximately $600. More advanced editions, such as the Enterprise edition, offer additional features and flexibility at a higher cost.

Our Recommendation

The cost of IDA Pro can be unobtainable for researchers on a budget therefore we recommend either using Ghidra as your sole disassembly tool or a combination of Ghidra and Binary Ninja for a low cost solution that will allow for a more expansive ability to audit binaries for vulnerabilities.

Reversing Hardware

Hardware Tools

Tigard

Saleae Logic Analyzer