14 repositorios
Analyzing compiled binaries without execution to determine program structure and behavior.
Distinct from Static Analysis: Shortlist candidates focused on compilers or source-level analysis; this is specifically for binary-level static analysis.
Explore 14 awesome GitHub repositories matching operating systems & systems programming · Static Binary Analysis. Refine with filters or upvote what's useful.
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
Performs static analysis on compiled binaries to determine intended behavior and internal structure without execution.
RetDec is a reverse engineering framework and static binary analysis tool. Its primary purpose is to function as an LLVM-based machine code decompiler that translates binary machine code from multiple architectures into high-level C source code. The system employs a multi-stage lifting pipeline to recover program logic, using an intermediate representation to apply optimizations before emitting source code. It distinguishes itself through the ability to identify compilers and packers, perform executable unpacking, and reconstruct class hierarchies and original program structures. The framewo
Analyzes compiled binaries without execution to detect compilers, identify packers, and extract structural metadata.
Retdec is an LLVM-based machine code decompiler and static binary analysis tool designed for binary reverse engineering. It translates binary executable code into high-level representations to facilitate the reconstruction of program logic from compiled machine code. The system utilizes a retargetable frontend architecture and a multi-stage lifting pipeline to convert raw bytes into a common intermediate language. It differentiates custom program logic from known library code through signature-based identification and provides utilities for binary symbol demangling to restore human-readable n
Analyzes compiled binaries without execution to extract debugging information and determine program structure.
Android Classyshark is a binary analysis toolset designed to extract structural data from Android executable files. It functions as a bytecode viewer and binary XML parser to analyze compiled Java and Android binaries. The project converts binary XML files into readable formats for the inspection of application manifests, layouts, and resource files. It also provides the ability to analyze class interfaces, members, and dependency counts without requiring access to the original source code. The toolset supports static analysis and the export of binary information into plain text formats for
Analyzes compiled binaries at rest to determine dependency counts and interface memberships without execution.
de4dot is a .NET deobfuscator, unpacker, and assembly analysis tool. It is designed to remove obfuscation layers, restore metadata, and simplify bytecode control flow to transform protected binaries back into human-readable code. The project features specialized systems for decrypting strings and constants using both static and dynamic analysis. It identifies specific protection tools through pattern-based detection and strips anti-analysis protections, such as tamper detection and anti-debugging code. The tool provides a suite of reverse engineering capabilities, including binary wrapper un
Reveals original constants and embedded files by analyzing the binary without execution.
XenonRecomp is a static binary translator and Xbox 360 game recompiler. It functions as a binary analysis tool and native code generator that converts machine instructions from Xbox 360 game executables into C++ source code for recompilation on different hardware platforms. The tool features specialized capabilities for translating compiled binaries, including the conversion of assembly jump tables into native switch cases and the detection of function boundaries using stack space data and branch link instructions. It optimizes translated code by converting non-volatile and non-argument regis
Performs static analysis on legacy binaries to identify function boundaries and jump tables without executing the code.
Apkleaks es una herramienta de análisis estático y auditoría de seguridad diseñada para extraer secretos hardcodeados, endpoints de API y datos sensibles de paquetes de aplicaciones Android. Opera como un escáner de secretos que analiza binarios compilados sin ejecutarlos para identificar posibles fugas de información y endpoints inseguros. La herramienta utiliza un motor de extracción de datos basado en regex para identificar cadenas sensibles dentro de código descompilado. Soporta la personalización a través de patrones de búsqueda definidos en JSON y proporciona flags de configuración para ajustar el comportamiento del desensamblador subyacente. El pipeline de análisis abarca la descompilación binaria, la extracción de texto y la coincidencia de patrones. Las fugas de seguridad y credenciales identificadas pueden exportarse a archivos de texto o JSON para su revisión offline.
Performs static analysis on compiled binaries to determine program structure and identify leaked credentials without execution.
Este proyecto es una guía técnica y curso de análisis centrado en la arquitectura interna de aplicaciones iOS. Sirve como un manual para diseccionar binarios móviles utilizando herramientas de desensamblado y depuración para analizar la lógica y el comportamiento interno de las aplicaciones. El material funciona como una referencia para teorías de ensamblador ARM y Objective-C, proporcionando el framework necesario para traducir código máquina de bajo nivel a lógica legible por humanos. Combina el estudio teórico con ejercicios prácticos para validar el uso de herramientas de ingeniería inversa en binarios del mundo real. El alcance cubre el análisis binario estático, la depuración dinámica en tiempo de ejecución y el estudio de la arquitectura del sistema iOS. Esto incluye el mapeo de la jerarquía del sistema de archivos y la organización de datos para localizar activos de la aplicación y archivos de configuración.
Offers detailed methodologies for examining iOS binaries without execution to identify structural patterns and function calls.
Qira is a binary analysis platform and execution tracer that records every instruction and data access during program execution for interactive playback and debugging. It functions as a runtime analysis environment that uses QEMU to trace execution and inspect memory and register states. The system provides a binary static analysis tool that maps program structure and annotates instructions based on captured runtime data. It includes a runtime memory analyzer to monitor reads and writes to specific addresses and an interactive debugger for navigating execution timelines. The platform covers
Maps program structure and annotates instructions based on captured runtime execution data.
Este proyecto es una herramienta de análisis estático binario diseñada para recuperar cadenas ocultas y codificadas de forma no estándar de binarios compilados. Funciona como una utilidad de análisis de malware y descifrador de cadenas, extrayendo texto ofuscado para revelar el comportamiento oculto del programa sin ejecutar el código. La herramienta automatiza la recuperación de cadenas incrustadas a través de una combinación de ejecución de instrucciones emuladas y evaluación de árboles de sintaxis abstracta. Utiliza detección heurística basada en patrones para identificar rutinas de ofuscación y emplea análisis binario multiplataforma para procesar múltiples formatos ejecutables. El sistema cubre una amplia gama de capacidades forenses, incluyendo la extracción de cadenas específica del lenguaje y la serialización de datos recuperados en formatos compatibles con plataformas de análisis de seguridad externas.
Analyzes compiled binaries without execution to identify code patterns and hidden data structures.
This project is a cybersecurity educational resource and courseware designed for malware analysis and reverse engineering. It provides a structured curriculum of lessons, labs, and guided projects focused on detecting and understanding the behavior of malicious software. The resource includes a lab guide for building isolated virtual machine environments to safely execute and study malware. It covers the setup of a specialized toolchain consisting of disassemblers and debuggers used to analyze compiled machine code. The training material covers both static analysis, which examines binary cod
Provides workflows for analyzing compiled binaries without execution to identify malicious functions.
Binsider is a collection of specialized toolsets for hexadecimal editing, ELF structural analysis, system call tracing, and execution performance profiling. It provides a suite of utilities designed for binary reverse engineering, encompassing both static structural analysis and dynamic runtime monitoring of compiled binaries. The project distinguishes itself by combining low-level binary manipulation, such as a hex editor for raw byte modification, with an ELF binary analysis tool for inspecting file structures and metadata. It also includes a Linux system call tracer for observing dynamic b
Examines internal structure, headers, and strings of binaries without executing the code.
This project is a diagnostic toolset used to scan CPU hardware and Linux kernel images to assess susceptibility to Spectre, Meltdown, and other transient execution vulnerabilities. It functions as a vulnerability scanner and security auditor designed to identify side-channel attack risks and verify the status of hardware-level security patches. The tool provides capabilities for both active system assessment and standalone kernel image security analysis. It evaluates the presence of security mitigations by analyzing CPU hardware and kernel configurations without requiring a running kernel or
Parses compiled kernel images to identify security flags and mitigation patches without executing the code.
Flare-floss is a security utility and static binary string extractor designed to uncover hidden text and configuration data within compiled binaries. It functions as an obfuscated string decoder and reverse engineering tool to translate encoded strings into readable text for security auditing. The project employs emulated execution to capture the decrypted state of strings in memory by running small chunks of binary code in a virtual CPU. It further utilizes static analysis disassembly, intermediate representation analysis, and heuristic-based pattern matching to identify and decode strings t
Analyzes compiled binaries without execution to extract and decode obfuscated strings.