Displaying 1 to 13 from 13 results

the-backdoor-factory - Patch PE, ELF, Mach-O binaries with shellcode (NOT Supported)

  •    Python

For security professionals and researchers only. The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.

hopper-swift-demangle - A Hopper plugin for demangle Swift symbols

  •    Objective-C

This is a Hopper plugin (not script) written in Swift for demangling Swift symbols. Once you've installed the plugin you should have a new Tool Plugins menu item. There you can see the added Swift demangle commands.

dyld_cache_extract - A macOS utility to extract dynamic libraries from the dyld_shared_cache of macOS and iOS

  •    C++

A macOS utility to extract dynamic libraries from the dyld_shared_cache of macOS and iOS. The project is available as a macOS application (with GUI) and as a command line tool.

retools - retools: a reverse engineering toolkit for normies

  •    C++

Collection of tools (disassembler, emulator, binary parser) aimed at reverse enginering tasks, more specifically, bug finding related. Currently we target ARMv7 and Mach-O though in the future more architectures and formats are planned. retools is somewhat unique in that most of the semantics for relevant instructions are parsed out of the specification PDFs as opposed to being generated by hand. Currently the disassembler, emulator, and binary parsers are partially done, with a symbolic execution engine and instrumentation/hooking framework to come as I get more time.

byteripper - A tool to extract code from individual functions in a library.

  •    Rust

A tool to extract code from individual functions in a library. Support ELF32, ELF64 and Mach-O libraries.

LibEBC - C++ Library and Tool for Extracting Embedded Bitcode

  •    C++

Library and tool for retrieving embedded bitcode from binaries end libraries. It supports all types of objects files (Mach-O, ELF, COFF, ...) as well as Mach-O universal binaries, and static and dynamic libraries. ebcutil is a stand-alone command line tool for extracting embedded bitcode.

tinycc - My tinycc fork: hopefully, better OSX support, EFI targets, and ???

  •    C

Today this includes some basic build support (CONFIG_OSX) in ./configure and ./Makefile. It also makes the '-run' mode function, allowing tcc to open up libc.dylib. The targets are arm64-win32-tcc and arm64-uefi-tcc. libtcc1 is not built, so this is only useful for standalone code, such as UEFI images.

evilMACHO - Malicious use of macho, such as dump-runtime-macho, function-hook.


Malicious use of macho, such as dump-runtime-macho, function-hook. dump runtime macho file and dyld load address.

MachO-Explorer - A graphical Mach-O viewer for macOS. Powered by Mach-O Kit.

  •    Swift

Mach-O Explorer is a graphical Mach-O viewer for macOS. It aims to provide an interface and feature set that are similar to the venerable MachOView application. Parsing is handled by Mach-O Kit. Mach-O Explorer leverages Mach-O Kit's rich description system to present the parsed data using very little code. Mach-O Explorer should deploy back to OS X 10.11 (and possibly further) but is currently only being actively tested on macOS 10.13.

MachO-Kit - A C/Objective-C library for parsing Mach-O files.

  •    Objective-C

Mach-O Kit is an Objective-C framework for parsing Mach-O binaries used by Darwin platforms (macOS, iOS, tvOS, and watchOS). The project also includes a lightweight C library - libMachO - for parsing Mach-O images loaded in the current process. Mach-O Kit is designed to be easy to use while still exposing all the details of the parsed Mach-O file (if you need them). It can serve as the foundation for anything that needs to read Mach-O files - from a one-off command line tool up to a fully featured interactive disassembler. Most importantly, Mach-O Kit is designed to be safe. Every read operation and its returned data is extensively error checked so that parsing a malformed Mach-O file (even a malicious one) does not crash your program.

EnVisen - ROP gadget finder and analysis in pure Javascript

  •    Javascript

⚠️ This tool may only be used for educational, teaching, learning, understanding and research purposes only. Completely self-contained binary ROP/JOP gadget analyzer for comparing two binaries side-by-side and understanding their structures, in 100% pure Javascript, and a self-contained client-side browser application. Focussed on extreme simplicity of usage and portability across platforms.