14 रिपॉजिटरी
Analyzing compiled binaries without execution to determine program structure and behavior.
Distinct from Static Analysis: Shortlist candidates focused on compilers or source-level analysis; this is specifically for binary-level static analysis.
Explore 14 awesome GitHub repositories matching operating systems & systems programming · Static Binary Analysis. Refine with filters or upvote what's useful.
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
Performs static analysis on compiled binaries to determine intended behavior and internal structure without execution.
RetDec is a reverse engineering framework and static binary analysis tool. Its primary purpose is to function as an LLVM-based machine code decompiler that translates binary machine code from multiple architectures into high-level C source code. The system employs a multi-stage lifting pipeline to recover program logic, using an intermediate representation to apply optimizations before emitting source code. It distinguishes itself through the ability to identify compilers and packers, perform executable unpacking, and reconstruct class hierarchies and original program structures. The framewo
Analyzes compiled binaries without execution to detect compilers, identify packers, and extract structural metadata.
Retdec is an LLVM-based machine code decompiler and static binary analysis tool designed for binary reverse engineering. It translates binary executable code into high-level representations to facilitate the reconstruction of program logic from compiled machine code. The system utilizes a retargetable frontend architecture and a multi-stage lifting pipeline to convert raw bytes into a common intermediate language. It differentiates custom program logic from known library code through signature-based identification and provides utilities for binary symbol demangling to restore human-readable n
Analyzes compiled binaries without execution to extract debugging information and determine program structure.
Android Classyshark is a binary analysis toolset designed to extract structural data from Android executable files. It functions as a bytecode viewer and binary XML parser to analyze compiled Java and Android binaries. The project converts binary XML files into readable formats for the inspection of application manifests, layouts, and resource files. It also provides the ability to analyze class interfaces, members, and dependency counts without requiring access to the original source code. The toolset supports static analysis and the export of binary information into plain text formats for
Analyzes compiled binaries at rest to determine dependency counts and interface memberships without execution.
de4dot is a .NET deobfuscator, unpacker, and assembly analysis tool. It is designed to remove obfuscation layers, restore metadata, and simplify bytecode control flow to transform protected binaries back into human-readable code. The project features specialized systems for decrypting strings and constants using both static and dynamic analysis. It identifies specific protection tools through pattern-based detection and strips anti-analysis protections, such as tamper detection and anti-debugging code. The tool provides a suite of reverse engineering capabilities, including binary wrapper un
Reveals original constants and embedded files by analyzing the binary without execution.
XenonRecomp is a static binary translator and Xbox 360 game recompiler. It functions as a binary analysis tool and native code generator that converts machine instructions from Xbox 360 game executables into C++ source code for recompilation on different hardware platforms. The tool features specialized capabilities for translating compiled binaries, including the conversion of assembly jump tables into native switch cases and the detection of function boundaries using stack space data and branch link instructions. It optimizes translated code by converting non-volatile and non-argument regis
Performs static analysis on legacy binaries to identify function boundaries and jump tables without executing the code.
Apkleaks is a static analysis tool and security auditor designed to extract hardcoded secrets, API endpoints, and sensitive data from Android application packages. It operates as a secret scanner that analyzes compiled binaries without executing them to identify potential information leaks and insecure endpoints. The tool utilizes a regex-based data extraction engine to identify sensitive strings within decompiled code. It supports customization through JSON-defined search patterns and provides configuration flags to tune the behavior of the underlying disassembler. The analysis pipeline enc
Performs static analysis on compiled binaries to determine program structure and identify leaked credentials without execution.
This project is a comprehensive technical guide and course for reverse engineering iOS applications. It serves as a manual for dissecting mobile binaries using disassembly and debugging tools to analyze internal application logic and behavior. The material functions as a reference for ARM assembly and Objective-C theories, providing the necessary framework to translate low-level machine code into human-readable logic. It combines theoretical study with practical exercises to validate the use of reverse engineering tools on real-world binaries. The scope covers static binary analysis, dynamic
Offers detailed methodologies for examining iOS binaries without execution to identify structural patterns and function calls.
Qira एक बाइनरी एनालिसिस प्लेटफॉर्म और एग्जीक्यूशन ट्रेसर है जो इंटरैक्टिव प्लेबैक और डिबगिंग के लिए प्रोग्राम एग्जीक्यूशन के दौरान प्रत्येक इंस्ट्रक्शन और डेटा एक्सेस को रिकॉर्ड करता है। यह एक रनटाइम एनालिसिस एनवायरनमेंट के रूप में कार्य करता है जो एग्जीक्यूशन को ट्रेस करने और मेमोरी और रजिस्टर स्टेट्स का निरीक्षण करने के लिए QEMU का उपयोग करता है। यह सिस्टम एक बाइनरी स्टेटिक एनालिसिस टूल प्रदान करता है जो प्रोग्राम स्ट्रक्चर को मैप करता है और कैप्चर किए गए रनटाइम डेटा के आधार पर इंस्ट्रक्शन्स को एनोटेट करता है। इसमें विशिष्ट एड्रेस पर रीड्स और राइट्स को मॉनिटर करने के लिए एक रनटाइम मेमोरी एनालाइजर और एग्जीक्यूशन टाइमलाइन्स को नेविगेट करने के लिए एक इंटरैक्टिव डिबगर शामिल है। यह प्लेटफॉर्म बाइनरी ट्रेस विज़ुअलाइज़ेशन और रिवर्स इंजीनियरिंग वर्कफ़्लो को कवर करता है, जिसमें मेमोरी-स्टेट स्नैपशॉटिंग और इंस्ट्रक्शन-लेवल इवेंट लॉगिंग शामिल है। यह डेटा एक्सेस एनालिसिस और बाइनरी कोड को डॉक्यूमेंट करने के लिए एड्रेस-मैप्ड एनोटेशन डेटाबेस के रखरखाव का भी समर्थन करता है।
Maps program structure and annotates instructions based on captured runtime execution data.
यह प्रोजेक्ट एक बाइनरी स्टेटिक विश्लेषण उपकरण है जिसे संकलित बाइनरी से छिपी हुई और गैर-मानक एन्कोडेड स्ट्रिंग्स को पुनर्प्राप्त करने के लिए डिज़ाइन किया गया है। यह एक मैलवेयर विश्लेषण उपयोगिता और स्ट्रिंग डिक्रिप्टर के रूप में कार्य करता है, जो कोड को निष्पादित किए बिना छिपे हुए प्रोग्राम व्यवहार को प्रकट करने के लिए अस्पष्ट टेक्स्ट निकालता है। यह उपकरण एमुलेटेड इंस्ट्रक्शन निष्पादन और एब्स्ट्रैक्ट सिंटैक्स ट्री मूल्यांकन के संयोजन के माध्यम से एम्बेडेड स्ट्रिंग्स की पुनर्प्राप्ति को स्वचालित करता है। यह अस्पष्टता दिनचर्या की पहचान करने के लिए पैटर्न-आधारित अनुमानित पहचान का उपयोग करता है और कई निष्पादन योग्य प्रारूपों को प्रोसेस करने के लिए क्रॉस-प्लेटफ़ॉर्म बाइनरी पार्सिंग का उपयोग करता है। यह सिस्टम फोरेंसिक क्षमताओं की एक विस्तृत श्रृंखला को कवर करता है, जिसमें भाषा-विशिष्ट स्ट्रिंग निष्कर्षण और बाहरी सुरक्षा विश्लेषण प्लेटफ़ॉर्म के साथ संगत प्रारूपों में पुनर्प्राप्त डेटा का सीरियलाइज़ेशन शामिल है।
Analyzes compiled binaries without execution to identify code patterns and hidden data structures.
This project is a cybersecurity educational resource and courseware designed for malware analysis and reverse engineering. It provides a structured curriculum of lessons, labs, and guided projects focused on detecting and understanding the behavior of malicious software. The resource includes a lab guide for building isolated virtual machine environments to safely execute and study malware. It covers the setup of a specialized toolchain consisting of disassemblers and debuggers used to analyze compiled machine code. The training material covers both static analysis, which examines binary cod
Provides workflows for analyzing compiled binaries without execution to identify malicious functions.
Binsider is a collection of specialized toolsets for hexadecimal editing, ELF structural analysis, system call tracing, and execution performance profiling. It provides a suite of utilities designed for binary reverse engineering, encompassing both static structural analysis and dynamic runtime monitoring of compiled binaries. The project distinguishes itself by combining low-level binary manipulation, such as a hex editor for raw byte modification, with an ELF binary analysis tool for inspecting file structures and metadata. It also includes a Linux system call tracer for observing dynamic b
Examines internal structure, headers, and strings of binaries without executing the code.
This project is a diagnostic toolset used to scan CPU hardware and Linux kernel images to assess susceptibility to Spectre, Meltdown, and other transient execution vulnerabilities. It functions as a vulnerability scanner and security auditor designed to identify side-channel attack risks and verify the status of hardware-level security patches. The tool provides capabilities for both active system assessment and standalone kernel image security analysis. It evaluates the presence of security mitigations by analyzing CPU hardware and kernel configurations without requiring a running kernel or
Parses compiled kernel images to identify security flags and mitigation patches without executing the code.
Flare-floss is a security utility and static binary string extractor designed to uncover hidden text and configuration data within compiled binaries. It functions as an obfuscated string decoder and reverse engineering tool to translate encoded strings into readable text for security auditing. The project employs emulated execution to capture the decrypted state of strings in memory by running small chunks of binary code in a virtual CPU. It further utilizes static analysis disassembly, intermediate representation analysis, and heuristic-based pattern matching to identify and decode strings t
Analyzes compiled binaries without execution to extract and decode obfuscated strings.