the-backdoor-factory - Patch PE, ELF, Mach-O binaries with shellcode (NOT Supported)

•    Python

---

For security professionals and researchers only. The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.

file-infector bdf capstone pe macho elf

LIEF - LIEF - Library to Instrument Executable Formats

•    C++

---

The purpose of this project is to provide a cross platform library which can parse, modify and abstract ELF, PE and MachO formats.

reverse-engineering malware-analysis binary-analysis parser modification executable-formats elf macho pe lief parsing sdk android dex oat art vdex

hopper-swift-demangle - A Hopper plugin for demangle Swift symbols

•    Objective-C

---

This is a Hopper plugin (not script) written in Swift for demangling Swift symbols. Once you've installed the plugin you should have a new Tool Plugins menu item. There you can see the added Swift demangle commands.

hopper osx demangle macho

MachOExplorer - [WIP] Explore MachO File (Yet another MachOView)

•    C++

---

macOS only until now, Windows support in the near future.

machoexplorer machoview macho libmacho libmoex moex

dyld_cache_extract - A macOS utility to extract dynamic libraries from the dyld_shared_cache of macOS and iOS

•    C++

---

A macOS utility to extract dynamic libraries from the dyld_shared_cache of macOS and iOS. The project is available as a macOS application (with GUI) and as a command line tool.

ios dyld dylib cache extract extract-dynamic-libraries macos-utility reverse-engineering macho

retools - retools: a reverse engineering toolkit for normies

•    C++

---

Collection of tools (disassembler, emulator, binary parser) aimed at reverse enginering tasks, more specifically, bug finding related. Currently we target ARMv7 and Mach-O though in the future more architectures and formats are planned. retools is somewhat unique in that most of the semantics for relevant instructions are parsed out of the specification PDFs as opposed to being generated by hand. Currently the disassembler, emulator, and binary parsers are partially done, with a symbolic execution engine and instrumentation/hooking framework to come as I get more time.

re reverse engineering vulndev framework arm armv7 armv8 macho emulator binary vulnerability research disassembler disassembly

byteripper - A tool to extract code from individual functions in a library.

•    Rust

---

A tool to extract code from individual functions in a library. Support ELF32, ELF64 and Mach-O libraries.

elf macho

LibEBC - C++ Library and Tool for Extracting Embedded Bitcode

•    C++

---

Library and tool for retrieving embedded bitcode from binaries end libraries. It supports all types of objects files (Mach-O, ELF, COFF, ...) as well as Mach-O universal binaries, and static and dynamic libraries. ebcutil is a stand-alone command line tool for extracting embedded bitcode.

bitcode macho elf llvm tool

tinycc - My tinycc fork: hopefully, better OSX support, EFI targets, and ???

•    C

---

Today this includes some basic build support (CONFIG_OSX) in ./configure and ./Makefile. It also makes the '-run' mode function, allowing tcc to open up libc.dylib. The targets are arm64-win32-tcc and arm64-uefi-tcc. libtcc1 is not built, so this is only useful for standalone code, such as UEFI images.

osx macho tcc tinycc efi pe uefi

evilMACHO - Malicious use of macho, such as dump-runtime-macho, function-hook.

•    

---

Malicious use of macho, such as dump-runtime-macho, function-hook. dump runtime macho file and dyld load address.

macho exploit osx ios

MachO-Explorer - A graphical Mach-O viewer for macOS. Powered by Mach-O Kit.

•    Swift

---

Mach-O Explorer is a graphical Mach-O viewer for macOS. It aims to provide an interface and feature set that are similar to the venerable MachOView application. Parsing is handled by Mach-O Kit. Mach-O Explorer leverages Mach-O Kit's rich description system to present the parsed data using very little code. Mach-O Explorer should deploy back to OS X 10.11 (and possibly further) but is currently only being actively tested on macOS 10.13.

mach-o macho machoview machoexplorer

MachO-Kit - A C/Objective-C library for parsing Mach-O files.

•    Objective-C

---

Mach-O Kit is an Objective-C framework for parsing Mach-O binaries used by Darwin platforms (macOS, iOS, tvOS, and watchOS). The project also includes a lightweight C library - libMachO - for parsing Mach-O images loaded in the current process. Mach-O Kit is designed to be easy to use while still exposing all the details of the parsed Mach-O file (if you need them). It can serve as the foundation for anything that needs to read Mach-O files - from a one-off command line tool up to a fully featured interactive disassembler. Most importantly, Mach-O Kit is designed to be safe. Every read operation and its returned data is extensively error checked so that parsing a malformed Mach-O file (even a malicious one) does not crash your program.

mach-o parsing macho macho-parser

EnVisen - ROP gadget finder and analysis in pure Javascript

•    Javascript

---

⚠️ This tool may only be used for educational, teaching, learning, understanding and research purposes only. Completely self-contained binary ROP/JOP gadget analyzer for comparing two binaries side-by-side and understanding their structures, in 100% pure Javascript, and a self-contained client-side browser application. Focussed on extreme simplicity of usage and portability across platforms.

elf macho rop-gadgets rop-exploitation rop-chain disassembly cybersecurity elf-parser elf-loader macho-parser portable-executable x86 arm arm64 aslr-bypass control-flow binary-analysis

go-macho - Package macho implements access to and creation of Mach-O object files.

•    Go

---

Package macho implements access to and creation of Mach-O object files.

ios apple macho macho-parser