Displaying 1 to 6 from 6 results

mcsema - Framework for lifting x86, amd64, and aarch64 program binaries to LLVM bitcode


McSema is an executable lifter. It translates ("lifts") executable binaries from native machine code to LLVM bitcode. LLVM bitcode is an intermediate representation form of a program that was originally created for the retargetable LLVM compiler, but which is also very useful for performing program analysis methods that would not be possible to perform on an executable binary directly. McSema enables analysts to find and retroactively harden binary programs against security bugs, independently validate vendor source code, and generate application tests with high code coverage. McSema isn’t just for static analysis. The lifted LLVM bitcode can also be fuzzed with libFuzzer, an LLVM-based instrumented fuzzer that would otherwise require the target source code. The lifted bitcode can even be compiled back into a runnable program! This is a procedure known as static binary rewriting, binary translation, or binary recompilation.

ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API


ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the efforts of the OpenSource reverse engineering community (reverse engineering to produce OpenSource drivers/firmware for hardware not properly supported by vendors, for hardware and software interoperability, for security research). ScratchABit supports well-known in the community IDAPython API to write disassembly/extension modules.

ida-xtensa2 - IDAPython plugin for Tensilica Xtensa (as seen in ESP8266), version 2


This is a processor plugin for disassemblers which use IDAPython API, to support the Xtensa core found in Espressif ESP8266. It does not support other configurations of the Xtensa architecture, but that is probably (hopefully) easy to implement. Originally developed for IDA (https://github.com/themadinventor/ida-xtensa), this fork is used almost exclusively with ScratchABit open-source disassembler: https://github.com/pfalcon/ScratchABit . Copy the file to the plugins/cpu/ directory in your ScratchABit install.

iBoot64helper - IDAPython utility to help with iBoot64 reverse engineering


This aims to become an IDAPython utility to help with iBoot64 reverse engineering. Currently it just locates iBoot's proper loading address, rebases the image, and identifies ARM64 functions based on a common function prologue. As you can see in the screenshot below, 1347 functions are recognized after running it on iBoot version 4076.1.43. I will be adding features to it, like function renaming based on string usage, etc.




Utilities - Uncategorized utilities


Uncategorized utilities that do not need their own repository. Small dumb utility to port obvious function matches across two IDA databases.

golang_loader_assist - Making GO reversing easier in IDA Pro


This is the golang_loader_assist.py code to accompany the blog I wrote, Reversing GO binaries like a pro (in IDA Pro). There is also the hello-go directory which contains the simple hello world code I used as an example.





We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.