RE-for-beginners - "Reverse Engineering for Beginners" free book

  •        13

Topics discussed: x86/x64, ARM/ARM64, MIPS, Java/JVM. Compiled versions can be found here: English, Russian, German and French.

http://beginners.re
https://github.com/DennisYurichev/RE-for-beginners

Tags
Implementation
License
Platform

   




Related Projects

plasma - Plasma is an interactive disassembler for x86/ARM/MIPS

  •    Python

The old project name was Reverse. PLASMA is an interactive disassembler. It can generate a more readable assembly (pseudo code) with colored syntax. You can write scripts with the available Python api (see an example below). The project is still in big development.

cemu - Cheap EMUlator: lightweight multi-architecture assembly playground

  •    Python

Writing assembly is fun. Assembly is the lowest language (humanly understandable) available to communicate with computers, and is crucial to understand the internal mechanisms of any machine. Unfortunately, setting up an environment to write, compile and run assembly for various architectures (x86, ARM, MIPS, SPARC) has always been painful. CEmu is an attempt to fix this by providing a bundled GUI application that empowers users to write assembly and test it by compiling it to bytecode and executing it in an QEMU-based emulator. CEmu combines all the advantages of a basic assembly IDE, compilation and execution environment, by relying on the great libraries Keystone, Unicorn and Capstone engines in a Qt powered GUI.

bap - Binary Analysis Platform

  •    OCaml

The Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a reverse engineering and program analysis platform that works with binary code and doesn't require the source code. BAP supports multiple architectures: ARM, x86, x86-64, PowerPC, and MIPS. BAP disassembles and lifts binary code into the RISC-like BAP Instruction Language (BIL). Program analysis is performed using the BIL representation and is architecture independent in a sense that it will work equally well for all supported architectures. The platform comes with a set of tools, libraries, and plugins. The documentation and tutorial are also available. The main purpose of BAP is to provide a toolkit for implementing automated program analysis. BAP is written in OCaml and it is the preferred language to write analysis, we have bindings to C, Python and Rust. The Primus Framework also provide a Lisp-like DSL for writing program analysis tools. BAP is developed in CMU, Cylab and is sponsored by various grants from the United States Department of Defense, Siemens AG, and the Korea government, see sponsors for more information.

capstone - Capstone disassembly/disassembler framework: Core (Arm, Arm64, EVM, M68K, M680X, Mips, PPC, Sparc, SystemZ, TMS320C64x, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell, Visual Basic)

  •    C

Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community. Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64).

sljit

  •    C

An implementation of a light-weight stack-less jit compiler for x86 (32/64), ARM (v5/Thumb2), PowerPC (32/64), MIPS (32) and SPARC (32) architectures. It generates machine code from a platform independent (simplified) assembly language.


gef - GEF - GDB Enhanced Features for exploit devs & reversers

  •    Python

GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).

BareMetal-OS-legacy - BareMetal is a 64-bit OS for x86-64 based computers

  •    Assembly

BareMetal is a 64-bit protected mode operating system for x86-64 compatible PCs, written entirely in assembly language, which boots from a hard drive or via the network. It features a command-line interface, support for BMFS-formatted hard drives and sound via the PC speaker. It can load external programs and has over 60 system calls. BareMetal can also utilize all available CPU's in the computer it is run on. At the moment there is no plan to build BareMetal into a general-purpose operating system like Windows, Mac OS X, or Linux; it is designed to be as lean as possible while still offering useful features.

Nano Kernel for Modern Commputer Arch

  •    Assembly

Nano Kernel Engines Projejct is to provide a set of low level CPU engines for advanced operating system research and development. The CPU being covered are MIPS, PowerPC, x86, ARM, xScales and advanced network processors.

ROPgadget - This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation

  •    Python

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF/PE/Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures. Since the version 5, ROPgadget has a new core which is written in Python using Capstone disassembly framework for the gadgets search engine - The older version can be found in the Archives directory but it will not be maintained. If you want to use ROPgadget, you have to install Capstone first.

rust-crypto - A (mostly) pure-Rust implementation of various cryptographic algorithms.

  •    Rust

A (mostly) pure-Rust implementation of various common cryptographic algorithms. Rust-Crypto seeks to create practical, auditable, pure-Rust implementations of common cryptographic algorithms with a minimum amount of assembly code where appropriate. The x86-64, x86, and ARM architectures are supported, although the x86-64 architecture receives the most testing.

reverse-engineering-reference-manual - collage of reverse engineering topics that I find interesting

  •    Python

NOTE(2): beta? Yes. In the coming months I'm planning on adding more pictures and diagrams to the current content. Plans to add more sections will continue after revamping it. NOTE(3): CI? We all hate broken links. The CI is my attempt to make sure all the external links in this repository are still working. And if any of them is broken, I can easily pinpoint which one and swiftly update it with another relevant link.

idaref - IDA Pro Instruction Reference Plugin

  •    PLpgSQL

IDA Pro Full Instruction Reference Plugin - It's like auto-comments but useful. Enter IdaRef: The plugin will monitor the location for your cursor (ScreenEA) and display the full documentation of the instruction. At the moment it only supports x86-64, ARM and MIPS 32bit, however adding support for other architectures is relatively easy.

avo - Generate x86 Assembly with Go

  •    Go

Note: APIs subject to change while avo is still in an experimental phase. You can use it to build real things but we suggest you pin a version with your package manager of choice. go run this code to see the assembly output. To integrate this into the rest of your Go package we recommend a go:generate line to produce the assembly and the corresponding Go stub file.

decomp - Components of a decompilation pipeline.

  •    Go

The aim of this project is to implement a decompilation pipeline composed of independent components interacting through well-defined interfaces, as further described in the design documents of the project. From a high-level perspective, the components of the decompilation pipeline are conceptually grouped into three modules. Firstly, the front-end translates a source language (e.g. x86 assembly) into LLVM IR; a platform-independent low-level intermediate representation. Secondly, the middle-end structures the LLVM IR by identifying high-level control flow primitives (e.g. pre-test loops, 2-way conditionals). Lastly, the back-end translates the structured LLVM IR into a high-level target programming language (e.g. Go).

Mips Virtual Machine

  •    Java

A Java-written MIPS simulator developed to stimulate people learning the Assembly language. It adds graphics, sounds and user interation to make writing assembly programs more interesting.

Triton - Triton is a Dynamic Binary Analysis (DBA) framework

  •    C++

Triton is a dynamic binary analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings. Based on these components, you are able to build program analysis tools, automate reverse engineering and perform software verification. As Triton is still a young project, please, don't blame us if it is not yet reliable. Open issues or pull requests are always better than troll =).

barf-project - BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework

  •    Python

The analysis of binary code is a crucial activity in many areas of the computer sciences and software engineering disciplines ranging from software security and program analysis to reverse engineering. Manual binary analysis is a difficult and time-consuming task and there are software tools that seek to automate or assist human analysts. However, most of these tools have several technical and commercial restrictions that limit access and use by a large portion of the academic and practitioner communities. BARF is an open source binary analysis framework that aims to support a wide range of binary code analysis tasks that are common in the information security discipline. It is a scriptable platform that supports instruction lifting from multiple architectures, binary translation to an intermediate representation, an extensible framework for code analysis plugins and interoperation with external tools such as debuggers, SMT solvers and instrumentation tools. The framework is designed primarily for human-assisted analysis but it can be fully automated. All packages were tested on Ubuntu 16.04 (x86_64).

exrs - Exercises for learning Reverse Engineering and Exploitation.

  •    C

Exercises for learning Reverse Engineering and Exploitation. All binaries for these challenges are ELF 64-bit LSB executable, x86-64.

MineAssemble - A tiny bootable Minecraft clone written partly in x86 assembly

  •    Assembly

MineAssemble is a tiny bootable Minecraft clone written partly in x86 assembly. I made it first and foremost because a university assignment required me to implement a game in assembly for a computer systems course. Because I had never implemented anything more complex than a "Hello World" bootloader before, I decided I wanted to learn about writing my own kernel code at the same time. Note that the goal of this project was not to write highly efficient hand-optimized assembly code, but rather to have fun and write code that balances readability and speed. This is primarily accomplished by proper commenting and consistent code structuring.

PeachPy - x86-64 assembler embedded in Python

  •    Python

PeachPy is a Python framework for writing high-performance assembly kernels. Now you can compile this code into a binary object file that you can link into a program...