30 open-source projects similar to binaryanalysisplatform/qira, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Qira alternative.
Qira is a runtime analysis tool and interactive binary debugger designed for the QEMU emulator. It functions as a binary execution tracer that records a full timeline of instruction invocations and provides a system for monitoring memory operations within guest processes. The project enables the analysis of compiled binaries by tracing instruction-level execution and mapping raw memory addresses to user-defined annotations. It includes capabilities for state-snapshotting to manage execution forks, allowing the navigation of divergent logic paths and the inspection of CPU register states and s
unidbg is a framework for emulating and debugging ARM32 and ARM64 native binaries on a host machine. It serves as an Android and iOS binary debugger and native library emulator, allowing for the execution of native code without the need for physical hardware. The project distinguishes itself through a native function hooking framework and a Model Context Protocol debugging tool that exposes emulator state to AI assistants for automated binary analysis. It also includes a specialized memory analyzer for tracking guest-side allocations and identifying leaks in native binaries. The toolset cove
Android Classyshark is a binary analysis toolset designed to extract structural data from Android executable files. It functions as a bytecode viewer and binary XML parser to analyze compiled Java and Android binaries. The project converts binary XML files into readable formats for the inspection of application manifests, layouts, and resource files. It also provides the ability to analyze class interfaces, members, and dependency counts without requiring access to the original source code. The toolset supports static analysis and the export of binary information into plain text formats for
radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary p
Binsider is a collection of specialized toolsets for hexadecimal editing, ELF structural analysis, system call tracing, and execution performance profiling. It provides a suite of utilities designed for binary reverse engineering, encompassing both static structural analysis and dynamic runtime monitoring of compiled binaries. The project distinguishes itself by combining low-level binary manipulation, such as a hex editor for raw byte modification, with an ELF binary analysis tool for inspecting file structures and metadata. It also includes a Linux system call tracer for observing dynamic b
magic-trace collects and displays high-resolution traces of what a process is doing
This project is a binary static analysis tool designed to recover hidden and non-standard encoded strings from compiled binaries. It functions as a malware analysis utility and string decryptor, extracting obfuscated text to reveal concealed program behavior without executing the code. The tool automates the recovery of embedded strings through a combination of emulated instruction execution and abstract syntax tree evaluation. It utilizes pattern-based heuristic detection to identify obfuscation routines and employs cross-platform binary parsing to process multiple executable formats. The s
UnityExplorer is a specialized suite of runtime tools for memory exploration, asset exporting, camera control, and real-time object property inspection within Unity applications. It functions as a runtime debugger and engine inspector, providing an interface to locate singletons, static classes, and active scene objects in memory. The project distinguishes itself with a C# runtime debugger that allows for the execution of custom scripts and the patching of method behavior. It includes a dedicated asset exporter for saving textures and audio clips as PNG and WAV files, as well as a freecam too
A True Instrumentable Binary Emulation Framework
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
This project is a structured course and instructional guide focused on x64 Windows reverse engineering. It provides a curriculum for analyzing and decompiling Windows binaries through the study of assembly language and operating system internals. The material covers Windows binary analysis and malware analysis, with a specific focus on interpreting x64 machine code to recover original program logic. It guides the user through the process of tracing program behavior and logging function calls to understand how binaries operate. The technical scope includes assembly-level decompilation, debugg
This project is a comprehensive technical guide and course for reverse engineering iOS applications. It serves as a manual for dissecting mobile binaries using disassembly and debugging tools to analyze internal application logic and behavior. The material functions as a reference for ARM assembly and Objective-C theories, providing the necessary framework to translate low-level machine code into human-readable logic. It combines theoretical study with practical exercises to validate the use of reverse engineering tools on real-world binaries. The scope covers static binary analysis, dynamic
Apkleaks is a static analysis tool and security auditor designed to extract hardcoded secrets, API endpoints, and sensitive data from Android application packages. It operates as a secret scanner that analyzes compiled binaries without executing them to identify potential information leaks and insecure endpoints. The tool utilizes a regex-based data extraction engine to identify sensitive strings within decompiled code. It supports customization through JSON-defined search patterns and provides configuration flags to tune the behavior of the underlying disassembler. The analysis pipeline enc
Flare-floss is a security utility and static binary string extractor designed to uncover hidden text and configuration data within compiled binaries. It functions as an obfuscated string decoder and reverse engineering tool to translate encoded strings into readable text for security auditing. The project employs emulated execution to capture the decrypted state of strings in memory by running small chunks of binary code in a virtual CPU. It further utilizes static analysis disassembly, intermediate representation analysis, and heuristic-based pattern matching to identify and decode strings t
This project is a cybersecurity educational resource and courseware designed for malware analysis and reverse engineering. It provides a structured curriculum of lessons, labs, and guided projects focused on detecting and understanding the behavior of malicious software. The resource includes a lab guide for building isolated virtual machine environments to safely execute and study malware. It covers the setup of a specialized toolchain consisting of disassemblers and debuggers used to analyze compiled machine code. The training material covers both static analysis, which examines binary cod
Voltron is a web-based debugger visualizer interface used for rendering internal program state and debugger output into specialized visual panes and views. It functions as a debugger state inspector that visualizes registers, memory, stack frames, and breakpoints to analyze program flow and behavior. The project includes a custom lexer syntax highlighter that applies colors and formatting to raw debugger command output. This system uses a tokenizer and pattern-matching text formatting to improve the readability of technical data. The framework covers the construction of custom debugging tool
This project is a diagnostic toolset used to scan CPU hardware and Linux kernel images to assess susceptibility to Spectre, Meltdown, and other transient execution vulnerabilities. It functions as a vulnerability scanner and security auditor designed to identify side-channel attack risks and verify the status of hardware-level security patches. The tool provides capabilities for both active system assessment and standalone kernel image security analysis. It evaluates the presence of security mitigations by analyzing CPU hardware and kernel configurations without requiring a running kernel or
capa is a static analysis tool that scans executable files to identify what a program can do, detecting capabilities such as API calls, byte sequences, and structural patterns without executing the code. It supports multiple file formats including PE, ELF, .NET, and shellcode, and can also process runtime behavior traces from sandbox reports generated by CAPE, DRAKVUF, or VMRay. The tool integrates directly with reverse engineering environments through plugins for IDA Pro and Ghidra, allowing analysts to view capability matches and author detection rules within their disassembler of choice. C
FLEX is an in-app debugging tool and runtime exploration environment for iOS applications. It provides an integrated suite for inspecting and modifying the internal state of a running process without the use of an external debugger. The project includes a runtime inspector for browsing the memory heap and calling methods dynamically, alongside a view hierarchy debugger for visualizing and adjusting layout structures in real time. It features a network traffic monitor to log and analyze HTTP request history, headers, and responses, as well as a sandbox manager for viewing and editing files and
This project is a profiling utility written in Rust that captures, transforms, and visualizes function call stacks to identify system performance bottlenecks. It functions as a sampling profiler wrapper that converts raw profiling data into interactive flamegraphs, which are hierarchical maps of resource consumption. The tool provides specialized integration with the Rust build system to profile binaries and performance benchmarks. It also allows for custom profiling configurations, enabling users to override default system profiling tools or recording flags to control how data is collected.
Retdec is an LLVM-based machine code decompiler and static binary analysis tool designed for binary reverse engineering. It translates binary executable code into high-level representations to facilitate the reconstruction of program logic from compiled machine code. The system utilizes a retargetable frontend architecture and a multi-stage lifting pipeline to convert raw bytes into a common intermediate language. It differentiates custom program logic from known library code through signature-based identification and provides utilities for binary symbol demangling to restore human-readable n
Objection is a dynamic instrumentation framework and runtime exploration toolkit for mobile application security analysis. It provides a command-line interface to interact with the memory and state of iOS and Android applications during active execution, serving as a toolkit for runtime analysis and security testing. The project distinguishes itself by providing specialized capabilities to bypass common mobile security controls, including SSL pinning, biometric authentication, and root or jailbreak detection. It enables the extraction of sensitive credentials and data from secure storage syst
dnSpy is a specialized toolset for the reverse engineering, analysis, and modification of compiled .NET binaries. It functions as a decompiler that converts assemblies back into readable high-level source code, an assembly editor for modifying bytecode and metadata, and a debugger for inspecting compiled binaries. The project integrates a hex editor specifically for inspecting and modifying raw bytes and Common Intermediate Language structures. It allows for the direct modification of binary contents to change application behavior without requiring the original project source files. The tool
RetDec is a reverse engineering framework and static binary analysis tool. Its primary purpose is to function as an LLVM-based machine code decompiler that translates binary machine code from multiple architectures into high-level C source code. The system employs a multi-stage lifting pipeline to recover program logic, using an intermediate representation to apply optimizations before emitting source code. It distinguishes itself through the ability to identify compilers and packers, perform executable unpacking, and reconstruct class hierarchies and original program structures. The framewo
Chisel is a collection of LLDB debugging extensions and tools for inspecting and manipulating the user interface of iOS applications. It provides utilities for tracing responder chains, traversing view hierarchies, and modifying UI elements during runtime. The toolset distinguishes itself through specialized visual debugging capabilities, including a suite for toggling view visibility and borders to isolate layout issues, as well as a system to export colors and images from a running app to a desktop previewer for asset verification. The project covers a broad range of UI diagnostic capabili
XenonRecomp is a static binary translator and Xbox 360 game recompiler. It functions as a binary analysis tool and native code generator that converts machine instructions from Xbox 360 game executables into C++ source code for recompilation on different hardware platforms. The tool features specialized capabilities for translating compiled binaries, including the conversion of assembly jump tables into native switch cases and the detection of function boundaries using stack space data and branch link instructions. It optimizes translated code by converting non-volatile and non-argument regis
Triton is a dynamic binary analysis framework designed to automate reverse engineering. It functions as a multi-architecture CPU emulator, an SMT-based symbolic execution engine, and a dynamic taint analysis tool. The framework translates raw machine instructions into abstract syntax trees, allowing it to represent binary program logic as a structured intermediate representation. This allows the system to map multiple hardware instruction sets to a single analysis framework and translate machine instructions into mathematical formulas for solving constraints. Its capabilities cover the simul
Markwhen is a markdown data visualizer and timeline generator that transforms structured text into interactive chronological views. It functions as a text-based timeline editor, synchronizing plain text editing with real-time visual previews of event sequences. The system renders chronological data in multiple formats, including cascading timelines, Gantt charts, calendars, and resumes. It supports self-hosting via Docker containerization, allowing users to run the renderer on private infrastructure. The project includes a client library for custom view development and offers integration wit
FLEX is a diagnostic framework designed for the inspection and modification of mobile applications during active execution. It provides a suite of tools that allow developers to explore the internal state of a running process, including its memory, class definitions, and object properties, without requiring a recompilation of the source code. The tool distinguishes itself by enabling real-time interaction with the application environment. It facilitates dynamic user interface prototyping by allowing for the traversal and modification of visual hierarchies, as well as the direct manipulation o
v86 is a browser-based virtual machine and x86 hardware simulator that allows 16-bit and 32-bit operating systems to run directly within a web page. It functions as an x86 emulator for WebAssembly, simulating CPUs, memory, and storage devices to execute legacy software without original native hardware. The project utilizes a WebAssembly just-in-time compiler to translate x86 machine code into WebAssembly modules for high-performance execution in the browser. The system covers hardware emulation and lifecycle management, including the ability to boot from disk images, configure virtual hardwa