14 مستودعات
Analyzing compiled binaries without execution to determine program structure and behavior.
Distinct from Static Analysis: Shortlist candidates focused on compilers or source-level analysis; this is specifically for binary-level static analysis.
Explore 14 awesome GitHub repositories matching operating systems & systems programming · Static Binary Analysis. Refine with filters or upvote what's useful.
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
Performs static analysis on compiled binaries to determine intended behavior and internal structure without execution.
RetDec is a reverse engineering framework and static binary analysis tool. Its primary purpose is to function as an LLVM-based machine code decompiler that translates binary machine code from multiple architectures into high-level C source code. The system employs a multi-stage lifting pipeline to recover program logic, using an intermediate representation to apply optimizations before emitting source code. It distinguishes itself through the ability to identify compilers and packers, perform executable unpacking, and reconstruct class hierarchies and original program structures. The framewo
Analyzes compiled binaries without execution to detect compilers, identify packers, and extract structural metadata.
Retdec is an LLVM-based machine code decompiler and static binary analysis tool designed for binary reverse engineering. It translates binary executable code into high-level representations to facilitate the reconstruction of program logic from compiled machine code. The system utilizes a retargetable frontend architecture and a multi-stage lifting pipeline to convert raw bytes into a common intermediate language. It differentiates custom program logic from known library code through signature-based identification and provides utilities for binary symbol demangling to restore human-readable n
Analyzes compiled binaries without execution to extract debugging information and determine program structure.
Android Classyshark is a binary analysis toolset designed to extract structural data from Android executable files. It functions as a bytecode viewer and binary XML parser to analyze compiled Java and Android binaries. The project converts binary XML files into readable formats for the inspection of application manifests, layouts, and resource files. It also provides the ability to analyze class interfaces, members, and dependency counts without requiring access to the original source code. The toolset supports static analysis and the export of binary information into plain text formats for
Analyzes compiled binaries at rest to determine dependency counts and interface memberships without execution.
de4dot is a .NET deobfuscator, unpacker, and assembly analysis tool. It is designed to remove obfuscation layers, restore metadata, and simplify bytecode control flow to transform protected binaries back into human-readable code. The project features specialized systems for decrypting strings and constants using both static and dynamic analysis. It identifies specific protection tools through pattern-based detection and strips anti-analysis protections, such as tamper detection and anti-debugging code. The tool provides a suite of reverse engineering capabilities, including binary wrapper un
Reveals original constants and embedded files by analyzing the binary without execution.
XenonRecomp is a static binary translator and Xbox 360 game recompiler. It functions as a binary analysis tool and native code generator that converts machine instructions from Xbox 360 game executables into C++ source code for recompilation on different hardware platforms. The tool features specialized capabilities for translating compiled binaries, including the conversion of assembly jump tables into native switch cases and the detection of function boundaries using stack space data and branch link instructions. It optimizes translated code by converting non-volatile and non-argument regis
Performs static analysis on legacy binaries to identify function boundaries and jump tables without executing the code.
Apkleaks هي أداة تحليل ثابت ومدقق أمني مصمم لاستخراج الأسرار المشفرة، ونقاط نهاية API، والبيانات الحساسة من حزم تطبيقات Android. تعمل كماسح للأسرار يحلل الملفات الثنائية المجمعة دون تنفيذها لتحديد تسريبات المعلومات المحتملة ونقاط النهاية غير الآمنة. تستخدم الأداة محرك استخراج بيانات يعتمد على التعبيرات النمطية (regex) لتحديد السلاسل الحساسة داخل الكود الذي تم فك تجميعه. تدعم التخصيص من خلال أنماط بحث محددة بـ JSON وتوفر أعلام إعدادات لضبط سلوك المفكك الأساسي. يشمل خط أنابيب التحليل فك تجميع الملفات الثنائية، واستخراج النصوص، ومطابقة الأنماط. يمكن تصدير تسريبات الأمان وبيانات الاعتماد المحددة إلى ملفات نصية أو JSON للمراجعة دون اتصال.
Performs static analysis on compiled binaries to determine program structure and identify leaked credentials without execution.
هذا المشروع عبارة عن دليل تقني شامل ودورة تدريبية للتحليل العكسي لتطبيقات iOS. يعمل كدليل لتشريح الملفات الثنائية للهواتف المحمولة باستخدام أدوات التفكيك (disassembly) وتصحيح الأخطاء (debugging) لتحليل منطق التطبيق الداخلي وسلوكه. تعمل المادة كمرجع لنظريات لغة تجميع ARM و Objective-C، مما يوفر الإطار اللازم لترجمة كود الآلة منخفض المستوى إلى منطق مفهوم للبشر. يجمع بين الدراسة النظرية والتمارين العملية للتحقق من استخدام أدوات التحليل العكسي على ملفات ثنائية واقعية. يغطي النطاق التحليل الثنائي الساكن، وتصحيح أخطاء وقت التشغيل الديناميكي، ودراسة بنية نظام iOS. يتضمن ذلك تعيين تسلسل هرمي لنظام الملفات وتنظيم البيانات لتحديد أصول التطبيق وملفات التكوين.
Offers detailed methodologies for examining iOS binaries without execution to identify structural patterns and function calls.
Qira is a binary analysis platform and execution tracer that records every instruction and data access during program execution for interactive playback and debugging. It functions as a runtime analysis environment that uses QEMU to trace execution and inspect memory and register states. The system provides a binary static analysis tool that maps program structure and annotates instructions based on captured runtime data. It includes a runtime memory analyzer to monitor reads and writes to specific addresses and an interactive debugger for navigating execution timelines. The platform covers
Maps program structure and annotates instructions based on captured runtime execution data.
This project is a binary static analysis tool designed to recover hidden and non-standard encoded strings from compiled binaries. It functions as a malware analysis utility and string decryptor, extracting obfuscated text to reveal concealed program behavior without executing the code. The tool automates the recovery of embedded strings through a combination of emulated instruction execution and abstract syntax tree evaluation. It utilizes pattern-based heuristic detection to identify obfuscation routines and employs cross-platform binary parsing to process multiple executable formats. The s
Analyzes compiled binaries without execution to identify code patterns and hidden data structures.
This project is a cybersecurity educational resource and courseware designed for malware analysis and reverse engineering. It provides a structured curriculum of lessons, labs, and guided projects focused on detecting and understanding the behavior of malicious software. The resource includes a lab guide for building isolated virtual machine environments to safely execute and study malware. It covers the setup of a specialized toolchain consisting of disassemblers and debuggers used to analyze compiled machine code. The training material covers both static analysis, which examines binary cod
Provides workflows for analyzing compiled binaries without execution to identify malicious functions.
Binsider is a collection of specialized toolsets for hexadecimal editing, ELF structural analysis, system call tracing, and execution performance profiling. It provides a suite of utilities designed for binary reverse engineering, encompassing both static structural analysis and dynamic runtime monitoring of compiled binaries. The project distinguishes itself by combining low-level binary manipulation, such as a hex editor for raw byte modification, with an ELF binary analysis tool for inspecting file structures and metadata. It also includes a Linux system call tracer for observing dynamic b
Examines internal structure, headers, and strings of binaries without executing the code.
This project is a diagnostic toolset used to scan CPU hardware and Linux kernel images to assess susceptibility to Spectre, Meltdown, and other transient execution vulnerabilities. It functions as a vulnerability scanner and security auditor designed to identify side-channel attack risks and verify the status of hardware-level security patches. The tool provides capabilities for both active system assessment and standalone kernel image security analysis. It evaluates the presence of security mitigations by analyzing CPU hardware and kernel configurations without requiring a running kernel or
Parses compiled kernel images to identify security flags and mitigation patches without executing the code.
Flare-floss is a security utility and static binary string extractor designed to uncover hidden text and configuration data within compiled binaries. It functions as an obfuscated string decoder and reverse engineering tool to translate encoded strings into readable text for security auditing. The project employs emulated execution to capture the decrypted state of strings in memory by running small chunks of binary code in a virtual CPU. It further utilizes static analysis disassembly, intermediate representation analysis, and heuristic-based pattern matching to identify and decode strings t
Analyzes compiled binaries without execution to extract and decode obfuscated strings.