Reverse Engineering Tool


Posted by d3k0y on 2017-03-31 21:31:50

Alright guys everyday i dig for cool tools and scripts i came across this one reverse engineering for x86/ARM/MIPS binaries. Generate a more readable code (pseudo-C) with colored syntax.Requirements python >= 3.4 capstone + python bindings (see python-pyelftools terminal with 256 colors (if not use the option --nocolor) For Python binding of Capstone engine, you can install it from PyPi, like followings:

sudo pip3 install capstone You can also run which will retrieve all requirements.

Pseudo-decompilation of functions The option -x main is optional because the binary contains the symbol main.

$ ./ tests/server.bin

Interactive mode (-i) More commands are available in this mode (da, db, …). See help for a full list.

Analyze shellcodes For every int 0x80, the tool try to detect syscalls with parameters.

$ ./ --raw x86 tests/shellcode.bin function 0x0 { 0x0: eax = 0 # xor eax, eax 0x2: al = '\x0b' # mov al, 0xb 0x4: cdq 0x5: push edx 0x6: push 1752379246 "n/sh" 0xb: push 1768042287 "//bi" 0x10: ebx = esp # mov ebx, esp 0x12: push edx 0x13: push ebx 0x14: ecx = esp # mov ecx, esp 0x16: int 128 ; execve(ebx, ecx, edx) # int 0x80 }

Edit with vim $ ./reverse tests/dowhile1.bin --vim You can now run : vim dowhile1.bin.rev -S dowhile1.bin.vim

Custom colors At the first run, creates a new file with default values. Here you can set your own colors.

so there you have it folks get your download on motherfuckaz