71 Repos
Tools for disassembling and analyzing compiled binary code.
Explore 71 awesome GitHub repositories matching part of an awesome list · Reverse Engineering. Refine with filters or upvote what's useful.
This project provides a desktop-based interface for remote control and screen mirroring of Android devices. It functions by establishing a persistent, multiplexed communication channel over the Android Debug Bridge, allowing for the transmission of raw binary data streams between a host computer and a connected mobile device. The tool distinguishes itself by injecting a lightweight binary into the mobile runtime to access system-level APIs for direct screen buffer capture and input event injection. By translating desktop mouse and keyboard signals into native Linux kernel events, it enables r
Displays and controls Android devices via USB or TCP/IP.
Ghidra is a software reverse engineering suite designed to analyze compiled binaries and reconstruct program logic without access to original source code. It provides an interactive environment for disassembly and decompilation, utilizing a platform-independent intermediate representation to maintain consistency across diverse hardware architectures. The framework supports automated binary analysis through programmatic routines, enabling the investigation of complex code patterns and security indicators. The platform distinguishes itself through a modular architecture that allows for extensiv
Advanced reverse engineering and decompilation suite.
Jadx is a comprehensive Java decompilation suite designed to transform compiled binary application files into readable source code. It functions as a static analysis workbench, providing a graphical interface for navigating, searching, and inspecting the internal logic of complex software packages. By utilizing a bytecode-to-Java pipeline, the project reconstructs high-level logical structures from low-level binary instructions, making it a primary tool for Android application reverse engineering. The project distinguishes itself through a sophisticated control flow reconstruction engine and
Decompiles Android APKs into readable Java source code.
This project is a graphical Windows debugger designed for the analysis and manipulation of compiled binary applications. It functions as a comprehensive binary analysis suite, providing a real-time environment for inspecting CPU registers, monitoring memory states, and tracing instruction execution to investigate system-level software behavior. The tool distinguishes itself through an event-driven debugging loop that allows for precise process control and state modification during runtime. It supports advanced analysis techniques, including hardware-breakpoint injection for monitoring memory
Open-source debugger for x64 and x32 Windows applications.
dnSpy is a specialized toolset for the reverse engineering, analysis, and modification of compiled .NET binaries. It functions as a decompiler that converts assemblies back into readable high-level source code, an assembly editor for modifying bytecode and metadata, and a debugger for inspecting compiled binaries. The project integrates a hex editor specifically for inspecting and modifying raw bytes and Common Intermediate Language structures. It allows for the direct modification of binary contents to change application behavior without requiring the original project source files. The tool
Disassembler and debugger for .NET.
dnSpy is a desktop application designed for the analysis, debugging, and modification of compiled .NET assemblies. It functions as an assembly analysis suite and decompiler, translating binary instruction streams back into readable source code to facilitate reverse engineering when original source files are unavailable. The tool distinguishes itself through an integrated binary patching engine and metadata editor, which allow for the direct modification of executable logic and internal metadata tables. It supports in-process debugging instrumentation, enabling users to inject runtime hooks, s
Integrated debugger and assembly editor for .NET applications.
ILSpy is a .NET decompiler and binary analyzer designed to convert compiled .NET assemblies back into readable C# source code. It functions as a metadata explorer and a common intermediate language viewer, enabling the analysis of compiled code and the execution of reverse engineering workflows. The project distinguishes itself through specialized translation capabilities, such as converting compiled binary XML (BAML) back into human-readable XAML for user interface analysis. It also provides tools for inspecting native machine code and extracting metadata from program database (PDB) files.
Cross-platform .NET decompiler with PDB generation support.
radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary p
Versatile and portable framework for reverse engineering tasks.
This project is a curated archive and cybersecurity research dataset of raw source code from various malware families. It serves as a malware analysis library designed to help researchers study the inner workings of different threats and identify attack patterns across multiple platforms and programming languages. The repository supports security research by providing raw text distribution of original source code. This allows for the study of platform vulnerabilities, threat intelligence gathering, and the development of security products and detection signatures. The collection is organized
Supports practicing decompilation and binary analysis by providing known functional source code for comparison.
UPX is a command-line utility designed to reduce the file size of compiled programs and shared libraries. It functions as an executable binary compressor that maintains the ability for files to run natively without requiring additional runtime dependencies or external decompression software. The tool operates by parsing executable headers and applying entropy-based compression to code segments. It achieves this by injecting a self-extracting stub into the binary, which facilitates in-place memory decompression during the initial execution phase. This process includes platform-specific binary
Compresses and decompresses executable files.
AssetStudio is a desktop application designed for browsing, inspecting, and extracting assets from proprietary game engine archive files. It provides a comprehensive interface for navigating complex file structures to identify, preview, and export individual media components such as textures, audio, and 3D meshes. The software distinguishes itself through its ability to parse and reconstruct serialized object hierarchies and script data. By resolving assembly dependencies and traversing internal metadata trees, it translates proprietary game data into standard industry formats, including supp
Explores and exports assets from bundles.
This project is a desktop application designed for the reverse engineering and inspection of compiled Java code. It functions as a graphical interface that translates Java bytecode back into readable source code, allowing users to examine the internal logic of class files and archives when original source files are unavailable. The tool provides a structured environment for navigating complex file hierarchies, including nested archives like JAR and WAR files. By maintaining an in-memory representation of loaded classes, it enables rapid searching and cross-referencing of code elements. The ap
Visual tool for browsing Java class files.
PyInstaller is a cross-platform binary packager and application freezer that bundles Python scripts and their dependencies into standalone executables. It allows programs to be distributed and run on target operating systems without requiring a local installation of the Python interpreter. The tool functions as a standalone executable bundler, packaging the application with all necessary modules and libraries into a single file or folder. It includes integration for digital binary signing to satisfy operating system security requirements for distributed software. The system utilizes static a
Bundles Python applications into standalone executables.
Detect-It-Easy is a binary file identifier and analysis toolkit designed to determine file formats, compilers, and packers. It functions as a binary file identifier that utilizes signature matching and heuristic analysis to identify executable and archive formats. The project includes a custom file signature engine and a scriptable rule system for defining and applying detection logic to identify specific binary patterns. It features specialized detectors for Android packages, such as APK and DEX files, and a malware packer detector to identify protections, obfuscators, and virus families. T
Identifies file types and compiler information for binaries.
Il2CppDumper is a reverse engineering tool that recovers original .NET assembly structure from Unity games compiled with il2cpp. It parses il2cpp binaries across multiple executable formats including ELF, Mach-O, PE, NSO, and WASM, and reconstructs the original DLL structure from embedded metadata tables, enabling decompilation and analysis of game code. The tool generates disassembler scripts for IDA, Ghidra, and Binary Ninja that apply recovered type definitions and structure layouts to the binary analysis. It also strips protection layers from memory-dumped libil2cpp.so files and simple PE
Reverse engineering tool for Unity IL2CPP binaries.
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
Framework for binary analysis and symbolic execution.
Flare-VM ist eine Windows-Umgebung zur Malware-Analyse, die aus Installationsskripten besteht, welche die Bereitstellung einer virtuellen Maschine automatisieren. Sie bietet eine umfassende Suite an Reverse-Engineering-Werkzeugen, einschließlich Decompiler und Debugger, zusammen mit den notwendigen Systemkonfigurationen und Umgebungsvariablen für die Sicherheitsforschung. Das Projekt fungiert als Orchestrator für Images virtueller Maschinen und ermöglicht die automatisierte Erstellung, Verwaltung und den Export spezialisierter Analyse-Appliances. Es bietet eine konfigurationsgesteuerte Werkzeugauswahl und die Möglichkeit, die Installationslogik durch benutzerdefinierte Registry-Modifikationen und Systemlayout-Definitionen zu erweitern. Das System umfasst Funktionen für eine isolierte Netzwerkkonfiguration, um die externe Kommunikation über den Host-Only-Modus zu verhindern. Es verwaltet zudem den gesamten Lebenszyklus von Analyseständen durch Snapshot-basiertes Zustandsmanagement, einschließlich der Möglichkeit, Snapshots als verifizierte Appliance-Dateien zu bereinigen oder zu exportieren.
Provides a curated environment tailored for disassembling and analyzing compiled binary code.
Android Classyshark is a binary analysis toolset designed to extract structural data from Android executable files. It functions as a bytecode viewer and binary XML parser to analyze compiled Java and Android binaries. The project converts binary XML files into readable formats for the inspection of application manifests, layouts, and resource files. It also provides the ability to analyze class interfaces, members, and dependency counts without requiring access to the original source code. The toolset supports static analysis and the export of binary information into plain text formats for
Viewer for inspecting Android and Java executables.
MBE ist eine Bildungsressource für Sicherheitsforschung, die Kursmaterialien zu Binary Exploitation und eine bereitstellbare CTF-Wargame-Umgebung bietet. Es fungiert als strukturierter Lehrplan mit Laboren und Materialien, die für das Erlernen von Reverse Engineering und Speicherfehlern (Memory Corruption) konzipiert sind. Das Projekt bietet eine containerisierte Laborinfrastruktur und eine Toolchain für Binäranalysen, um eine kontrollierte Umgebung für Schwachstellenforschung zu gewährleisten. Es nutzt isolierte Umgebungen zur Bereitstellung von Binary-Exploitation-Aufgaben, um Interferenzen und Systeminstabilität zu vermeiden. Das System deckt die Bereitstellung verwundbarer Umgebungen durch Virtual-Machine-Orchestrierung und Container-Isolierung ab. Zudem verwaltet es die Verteilung statischer Binärdateien und die automatisierte Bereitstellung standardisierter Debugger und Disassembler.
Reverse engineering challenges and accompanying educational lectures.
Integrates AI capabilities into the IDA Pro disassembler.