17 repositorios
Utilities for inspecting and decompiling intermediate bytecode formats.
Explore 17 awesome GitHub repositories matching part of an awesome list · Bytecode Analysis Tools. Refine with filters or upvote what's useful.
dnSpy is a specialized toolset for the reverse engineering, analysis, and modification of compiled .NET binaries. It functions as a decompiler that converts assemblies back into readable high-level source code, an assembly editor for modifying bytecode and metadata, and a debugger for inspecting compiled binaries. The project integrates a hex editor specifically for inspecting and modifying raw bytes and Common Intermediate Language structures. It allows for the direct modification of binary contents to change application behavior without requiring the original project source files. The tool
A debugger and .NET assembly editor for bytecode analysis.
dex2jar is an Android dex decompiler and reverse engineering tool designed to convert Dalvik executable bytecode into Java class files. It functions as a bytecode converter that transforms compiled Android binaries into a format compatible with standard Java analysis tools. The project facilitates Android app decompilation and Java bytecode recovery by translating executable files into readable structures. This allows for the analysis of application logic and the identification of security vulnerabilities or malicious behavior during Android malware analysis. The tool performs static bytecod
Parses binary dex files to extract class hierarchies and method signatures through static analysis.
de4dot is a .NET deobfuscator and unpacker designed to reverse obfuscation and restore readable code and metadata within .NET assemblies. It functions as a bytecode analyzer that simplifies control flow, strips anti-debugging protections, and extracts original payloads from packed executable wrappers. The project distinguishes itself through a modular deobfuscation pipeline and a sandbox environment used for dynamic string decryption, which executes decryption methods to replace encrypted strings with plain-text values. It can identify specific obfuscation tools through pattern-based binary a
Analyzes Common Intermediate Language bytecode to simplify control flow and remove junk instructions.
JerryScript is a lightweight, ECMAScript-compliant JavaScript engine and bytecode compiler designed for resource-constrained devices. It serves as an embedded interpreter and IoT scripting runtime, enabling the execution of JavaScript code within native C applications on hardware with limited memory. The project differentiates itself through a focus on low-memory runtime management, utilizing bytecode precompilation and pre-compiled state snapshots to reduce startup time and memory overhead. It features a C-binding native bridge for bidirectional communication between native code and scripts,
Provides the ability to dump generated bytecode into a human-readable format for analysis.
Recaf es un conjunto de herramientas especializadas para ensamblar, editar, desofuscar, descompilar e instrumentar bytecode de Java y procesos en tiempo de ejecución. Proporciona un entorno coordinado para modificar archivos de clase Java compilados y analizar el comportamiento de las aplicaciones Java. El proyecto se distingue por una capa de abstracción de múltiples niveles que permite la edición a través de diferentes formatos y un framework conectable que enruta el bytecode a través de múltiples motores de descompilación configurables. Incluye un motor de scripting embebido y una arquitectura de plugins para automatizar tareas repetitivas y extender el comportamiento del sistema. El conjunto de herramientas cubre varias áreas de capacidad de alto nivel, incluyendo análisis estático para buscar contenido de aplicaciones y simular estados de ejecución de métodos. También admite instrumentación en tiempo de ejecución para adjuntar a procesos en vivo y transformación automatizada de bytecode para eliminar la ofuscación y reparar archivos de clase. La ejecución headless es compatible a través de una interfaz de línea de comandos para integrar flujos de trabajo en tuberías de construcción externas.
Provides a pluggable framework that routes bytecode through multiple interchangeable decompilers.
Smali is a two-way binary translation toolset designed to convert Dalvik bytecode to human-readable assembly and back again. It provides a mechanism for the disassembly and assembly of executable files used in virtual machine environments. The project enables the modification of compiled Android application logic by transforming binary files into editable assembly and rebuilding them. It is used for reverse engineering, malware analysis, and the study of low-level instructions to identify program behavior or security flaws. The toolkit covers binary construction through smali code assembly a
Disassembles Dalvik bytecode into human-readable assembly while preserving annotations and debug information.
Reverse engineering and pentesting for Android applications
Decompiles Dalvik bytecode into human-readable assembly instructions for security analysis.
JPEX Software is a comprehensive reverse engineering suite for SWF binary files, serving as an ActionScript decompiler and editor. It provides a toolkit for decompiling, analyzing, and modifying the internal structure of compiled Flash content, including the extraction of scripts and media assets. The project is distinguished by its ability to perform direct binary modification, allowing users to edit bytecode and replace embedded resources without reverting to high-level source code. It includes a runtime ActionScript bytecode debugger for variable inspection and call stack analysis, as well
Ships a powerful ActionScript decompiler that transforms compiled bytecode back into human-readable source code.
Steamless es una utilidad especializada diseñada para eliminar los wrappers de gestión de derechos digitales SteamStub de los ejecutables de juegos. Funciona como un descifrador y desempaquetador que elimina estas capas de protección para recuperar los datos binarios crudos de la aplicación original. Al eliminar el wrapper específico de la plataforma, la herramienta restaura los puntos de entrada originales y permite que los ejecutables se ejecuten sin requerir una instancia de plataforma autenticada. Este proceso prepara los binarios de los juegos para su modificación eliminando las capas que normalmente impiden que herramientas de terceros accedan al código. El proyecto utiliza desempaquetado binario estático, escaneo binario lineal y análisis de bytecode basado en patrones para identificar los límites de la carga útil y reconstruir las estructuras ejecutables originales.
Utilizes pattern-based bytecode analysis to identify DRM wrapper boundaries within executable files.
Este proyecto es una suite integral de ingeniería inversa para Android que funciona como descompilador, desofuscador de bytecode y herramienta de análisis de malware. Está diseñado para convertir binarios APK, DEX y OAT en código fuente legible por humanos utilizando una implementación nativa que no requiere una Máquina Virtual Java. La plataforma destaca por su integración con Frida para el análisis dinámico, permitiendo a los usuarios enganchar métodos, inyectar JavaScript personalizado y volcar la memoria del dispositivo en tiempo real. También cuenta con motores de seguridad especializados, incluyendo un motor de propagación de contaminación (taint propagation) y una máquina de estados de pila, para detectar fugas de privacidad, comportamientos maliciosos y vulnerabilidades de seguridad. La suite cubre una amplia gama de capacidades analíticas, incluyendo el parcheo y reempaquetado de binarios, mapeo de dependencias de referencias cruzadas y análisis de flujo de datos. Proporciona herramientas para la identificación de empaquetadores de software, decodificación de cadenas cifradas y búsqueda global de metadatos a través de los recursos de la aplicación. La herramienta proporciona una interfaz de línea de comandos y admite la automatización del análisis mediante scripts personalizados en Python o Java.
Translates Dalvik bytecode into readable source code using a structured algorithm to recover program logic.
Fernflower es un descompilador de bytecode de Java y una herramienta de ingeniería inversa. Transforma archivos de clase de Java compilados de nuevo en código fuente de Java legible por humanos para reconstruir la lógica original del programa y los nombres de las variables. La herramienta funciona como un procesador de bytecode de línea de comandos capaz de procesar por lotes archivos de archivo Java y archivos de clase. Maneja específicamente el análisis de código ofuscado renombrando identificadores ambiguos y resolviendo conflictos de nombres para hacer que el código fuente resultante sea más fácil de seguir. El sistema emplea análisis estático para convertir bytecode a fuente, utilizando la extracción de información de depuración para restaurar los nombres de las variables locales. Reconstruye estructuras de programas a través del análisis de grafos de flujo de control, inferencia de tipos y la generación de un árbol de sintaxis abstracta.
Functions as a bytecode decompiler that transforms compiled class files back into human-readable Java source code.
python-uncompyle6 is a Python bytecode decompiler and reverse engineering tool designed to convert compiled bytecode files back into human-readable source code. It functions as a source code recoverer and bytecode disassembler, allowing for the analysis of internal program logic and the reconstruction of original language constructs. The tool provides cross-version support, enabling the analysis and recovery of source code from bytecode created across multiple different versions of the Python interpreter. This allows it to operate as a cross-version bytecode analyzer that can interpret varied
Provides the ability to list Python bytecode instructions with flags and operands for manual code analysis.
pycdc is a reverse engineering toolset that decompiles and disassembles compiled Python bytecode files back into readable source code. It parses .pyc file headers, reconstructs abstract syntax trees from bytecode instructions, and handles version-specific opcodes across Python versions 1.0 through 3.13 with endian-aware binary parsing. The tool recovers numeric constants, string literals, and marshalled Python objects from compiled bytecode, supporting both file-based and in-memory bytecode loading. It provides a human-readable disassembly listing of bytecode instructions alongside full sourc
Translate compiled Python bytecode back into readable source code by analyzing and reconstructing the original program structure.
Fernflower is a Java bytecode decompiler designed to convert compiled Java class files back into human-readable source code. It functions as a bytecode analysis tool that recovers original program logic and structure from compiled binaries. The project includes capabilities for obfuscated identifier resolution to rename ambiguous member elements, ensuring clear identifiers in the resulting source. These features support the analysis of obfuscated code, legacy code recovery, and Java malware analysis for security auditing. The system utilizes a structural analysis pipeline that includes contr
Converts compiled Java class files back into readable source code to recover original program logic.
pyinstxtractor is a PyInstaller executable unpacker and Python bytecode recovery tool. It functions as a helper for decompiling compiled Python binaries by extracting bundled binaries and bytecode from executables created with PyInstaller. The project includes a bytecode decryptor to remove encryption from extracted files and a header repair tool that restores corrupted headers. These capabilities ensure that extracted compiled files are compatible with bytecode decompilation software. The utility covers reverse engineering of Python applications, supporting malware analysis workflows throug
Restores missing magic numbers and versioning information to make extracted bytecode compatible with decompilers.
gdsdecomp is a project recovery suite and game engine reverse engineering toolset. It functions as a bytecode decompiler, binary resource converter, and asset extraction tool designed to reconstruct original directory hierarchies and scripts from compiled binary game assets. The toolset specializes in GDScript bytecode decompilation and compilation, translating compiled bytecode back into human-readable source code or converting source code into executable bytecode for specific engine versions and commit hashes. It includes a game archive patcher to modify project archives by replacing intern
Converts compiled bytecode files back into human-readable source code for various engine versions.
ArchUnit is a Java architecture testing library and automated validator that analyzes compiled bytecode to verify that source code adheres to predefined design rules. It functions as a testing framework that fails builds when the actual code structure violates architectural constraints. The library uses a fluent rule specification to define constraints and employs bytecode analysis to inspect class relationships and package dependencies. This allows for the automated detection of circular dependencies and the enforcement of dependency rules between packages. The tool covers a range of struct
Inspects compiled Java classes to enforce rules regarding package dependencies and class relationships.