Displaying 1 to 20 from 56 results

mcsema - Framework for lifting x86, amd64, and aarch64 program binaries to LLVM bitcode

  •    C++

McSema is an executable lifter. It translates ("lifts") executable binaries from native machine code to LLVM bitcode. LLVM bitcode is an intermediate representation form of a program that was originally created for the retargetable LLVM compiler, but which is also very useful for performing program analysis methods that would not be possible to perform on an executable binary directly. McSema enables analysts to find and retroactively harden binary programs against security bugs, independently validate vendor source code, and generate application tests with high code coverage. McSema isn’t just for static analysis. The lifted LLVM bitcode can also be fuzzed with libFuzzer, an LLVM-based instrumented fuzzer that would otherwise require the target source code. The lifted bitcode can even be compiled back into a runnable program! This is a procedure known as static binary rewriting, binary translation, or binary recompilation.

zydis - Fast and lightweight x86/x86-64 disassembler library

  •    C

Fast and lightweight x86/x86-64 disassembler library. The following example program uses Zydis to disassemble a given memory buffer and prints the output to the console.

PeachPy - x86-64 assembler embedded in Python

  •    Python

PeachPy is a Python framework for writing high-performance assembly kernels. Now you can compile this code into a binary object file that you can link into a program...

x64dbg - An open-source x64/x32 debugger for windows.

  •    C++

This is a community effort and we accept pull requests! See the CONTRIBUTING document for more information. If you have any questions you can always contact us or open an issue. You can take a look at the easy issues to get started. You can find an exhaustive list of GitHub contributers here.




RE-for-beginners - "Reverse Engineering for Beginners" free book

  •    TeX

Topics discussed: x86/x64, ARM/ARM64, MIPS, Java/JVM. Compiled versions can be found here: English, Russian, German and French.

blog_os - Writing an OS in Rust

  •    Rust

This repository contains the source code for the Writing an OS in Rust series at os.phil-opp.com. Afterwards you can invoke bootimage build to produce a bootable disk image. Please file an issue if you run into any problems.

capstone - Capstone disassembly/disassembler framework: Core (Arm, Arm64, EVM, M68K, M680X, Mips, PPC, Sparc, SystemZ, TMS320C64x, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell, Visual Basic)

  •    C

Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community. Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64).

plasma - Plasma is an interactive disassembler for x86/ARM/MIPS

  •    Python

The old project name was Reverse. PLASMA is an interactive disassembler. It can generate a more readable assembly (pseudo code) with colored syntax. You can write scripts with the available Python api (see an example below). The project is still in big development.


fcd - An optimizing decompiler

  •    C++

Fcd is an LLVM-based native program optimizing decompiler, released under an LLVM-style license. It started as a bachelor's degree senior project and carries forward its initial development philosophy of getting results fast. As such, it was architectured to have low coupling between distinct decompilation phases and to be highly hackable. Fcd uses a unique technique to reliably translate machine code to LLVM IR. Currently, it only supports x86_64. Disassembly uses Capstone. It implements pattern-independent structuring to provide a goto-free output.

ChrysaLisp - Parallel OS, with GUI, Terminal, OO Assembler, Class libraries, C-Script compiler, Lisp interpreter and more

  •    C++

Assembler/C-Script/Lisp 64 bit OS. MIMD, multi CPU, multi threaded, multi core, multi user. Runs on OSX or Linux for x64, PI64 Linux for Aarch64. Will move to bare metal eventually but it's useful for now to run hosted while experimenting. When time allows I will be doing a VM boot image for UniKernel type appliances and a WebAssembly target to play around within the browser.

avo - Generate x86 Assembly with Go

  •    Go

Note: APIs subject to change while avo is still in an experimental phase. You can use it to build real things but we suggest you pin a version with your package manager of choice. go run this code to see the assembly output. To integrate this into the rest of your Go package we recommend a go:generate line to produce the assembly and the corresponding Go stub file.

docker-homebridge - Homebridge Docker

  •    Shell

This Alpine/Debian Linux based Docker image allows you to run Nfarina's Homebridge on your home network which emulates the iOS HomeKit API. Homebridge requires full access to your local network to function correctly which can be achieved using the --net=host flag. Currently this image will not work when using Docker for Mac or Docker for Windows due to this and this.

cemu - Cheap EMUlator: lightweight multi-architecture assembly playground

  •    Python

Writing assembly is fun. Assembly is the lowest language (humanly understandable) available to communicate with computers, and is crucial to understand the internal mechanisms of any machine. Unfortunately, setting up an environment to write, compile and run assembly for various architectures (x86, ARM, MIPS, SPARC) has always been painful. CEmu is an attempt to fix this by providing a bundled GUI application that empowers users to write assembly and test it by compiling it to bytecode and executing it in an QEMU-based emulator. CEmu combines all the advantages of a basic assembly IDE, compilation and execution environment, by relying on the great libraries Keystone, Unicorn and Capstone engines in a Qt powered GUI.

reverse-engineering-reference-manual - collage of reverse engineering topics that I find interesting

  •    Python

NOTE(2): beta? Yes. In the coming months I'm planning on adding more pictures and diagrams to the current content. Plans to add more sections will continue after revamping it. NOTE(3): CI? We all hate broken links. The CI is my attempt to make sure all the external links in this repository are still working. And if any of them is broken, I can easily pinpoint which one and swiftly update it with another relevant link.

misaka - Experimental x86_64 kernel project

  •    C

Misaka is an experimental x86_64 kernel. The primary goal for Misaka is to replace the kernel from ToaruOS while maintaining general compatibility with the userspace at a source level, porting to x86-64, and supporting SMP. Misaka is named after the main character of A Certain Scientific Railgun (とある科学の超電磁砲) in the same way that ToaruOS itself is named after the series and its predecessor, A Certain Magical Index (とある魔術の禁書目録).

pasm - Piston Assembler

  •    Javascript

Releases are available for download from GitHub.

wag - WebAssembly compiler implemented in Go

  •    Go

wag is a WebAssembly compiler implemented as a Go package. Source is a wasm32 binary module. The application embedding the compiler decides what import functions it provides.

remill - Library for lifting of x86, amd64, and aarch64 machine code to LLVM bitcode

  •    C++

Remill is a static binary translator that translates machine code instructions into LLVM bitcode. It translates x86 and amd64 machine code (including AVX and AVX512) into LLVM bitcode. AArch64 support is underway. Remill focuses on accurately lifting instructions. It is meant to be used as a library for other tools, e.g. McSema.

pyast64 - Compile a subset of the Python AST to x64-64 assembler

  •    Python

pyast64 is a Python 3 program that compiles a subset of the Python AST to x64-64 assembler. It's extremely restricted (read "a toy") but it's a nice proof of concept in any case. Read more about pyast64 here.

minijit - A basic x86-64 JIT compiler written from scratch in stock Python

  •    Python

The ~500 lines of code relies only on standard Python libraries and contains a Python bytecode converter, peephole optimizer and x86-64 machine code assembler. The code is meant to be simple to understand and pedagogical. If you have the capstone module installed, it will display an in-memory disassembly as well.