Reversing

Facebook Twitter
Malware Analysis Tutorials: a Reverse Engineering Approach - Cодержание (Перевод Prosper-H, coldfire, ximera)
corkami - reverse engineering experiments and documentations About Corkami - sources & PoCs - posters - order prints 101 walkthroughs WAV101 (2014/01/08) Happy new year! (2013/12/24-2014/01/02) *Mach-O* (32b+old format, 64b+new format) (2013/12/24) ZIP, Java Class, PDF (2013/11/20-2013/12/06) ELF (32b, 64b, AT&T, Pro, ARM) (2013/03/26) COM (also explains PEs' DOS stub) (2012/05/03-2013/06/28) PE 32b, 64b, Russian, French, German, Polish, Japanese, Arabic, Chinese, Korean, Spanish corkami - reverse engineering experiments and documentations
unwind/unwind at master · evanw/unwind unwind/unwind at master · evanw/unwind README.md unwind - A disassembler for Python bytecode This module provides a universal disassembler that is able to disassemble *.pyc files from both Python 2 and Python 3. Example usage: import unwind print(unwind.disassemble('example.pyc'))
SWF Investigator / Code / [r11]
SWF Investigator | Flash security Recent Updates May 22, 2013 — Preview 5 of the SWF Investigator is now available. This adds support for new SWF tags and contains bug fixes. Download SWF Investigator Preview 5 Perform quick, comprehensive, analysis of SWF applications Adobe® SWF Investigator is the only comprehensive, cross-platform, GUI-based set of tools, which enables quality engineers, developers and security researchers to quickly analyze SWF files to improve the quality and security of their applications. SWF Investigator | Flash security
VERA - Cyber Security Research
java_opcodes.pdf - corkami - JVM opcodes - reverse engineering experiments and documentations
jsunpack-n emulates browser functionality when visiting a URL. It's purpose is to detect exploits that target browser and browser plug-in vulnerabilities. It accepts many different types of input: PDF files - samples/sample-pdf.file Packet Captures - samples/sample-http-exploit.pcap HTML files JavaScript files SWF files This project contains the source code which runs at the website http://jsunpack.jeek.org/. jsunpack-n - A generic JavaScript unpacker jsunpack-n - A generic JavaScript unpacker
py2exe-extract - Extract python code_objects from executable file
peepdf - PDF Analysis Tool | eternal-todo.com peepdf - PDF Analysis Tool | eternal-todo.com Whats is this?UsageHow does it work?More info Google code project Download it!Follow peepdf on Twitter! What is this?
[Python] ttfFromDocx
PDF Tools PDF Tools I produced screencasts for my pdfid and pdf-parser tools, you can find them on Didier Stevens Labs products page. There are translations of this page, see bottom. pdf-parser.py
Static analysis of a CVE-2011-2462 PDF exploit | eternal-todo.com Static analysis of a CVE-2011-2462 PDF exploit | eternal-todo.com CVE-2011-2462 was published more than one month ago. It's a memory corruption vulnerability related to U3D objects in Adobe Reader and it affected all the latest versions from Adobe (<=9.4.6 and <= 10.1.1). It was discovered while it was being actively exploited in the wild, as some analysis say. Adobe released a patch for it 10 days after its publication.
radare
And finally... Bokken 1.5 And finally... Bokken 1.5 Once the development has finished, radare2 0.9 has been released and the project site has been updated, the moment has arrived: Bokken 1.5 is here! Take a look at the previous post to read some of the new features of this release and keep reading to see most of them in detail; for the rest... install Bokken and enjoy them! As mentioned before, one of the most important features added is the support of radare2 as backend. So now Bokken can work with either Pyew or Radare, each one having its own advantages and drawbacks. Most of the development efforts for this release have gone to improve the GUI in order to make it cleaner and easier to use.
Windows Disassembler Windows Disassembler Download PEBrowse64 Professional. for Vista64, Windows 7 (64-bit) and Windows 8 (64-bit)MSI file, 1,193 KBSHA256: 65ebc51dcf3ed5d184dfce2d8d2777c3a861206c6cc940ab5625b06bd43e9195PEBrowse Professional. for all versions of WindowsZIP file, 1,665 KBSHA256: 6465a1585938327cc03569785aca0b6a74ef7599425dbb006bc81eec4c3d4fc6 PEBrowse64 Professional (v5.2) is a 64-bit executable and requires the .NET framework. It will display both Win32 and Win64 executables, native, managed and mixed. PEBrowse Professional (v10.1.4) is a static-analysis tool and disassembler for Win32/Win64 executables and Microsoft .NET assemblies.
IDA: About IDA: About What is IDA all about? IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger that offers so many features it is hard to describe them all. Just grab an evaluation version if you want a test drive.
In part 2 of this series we found a SQL injection vulnerability using static analysis. However, it is often advantageous to debug a target application, a capability that we’ll need when working with more complex exploits later on. In this segment we won’t be discovering any new vulnerabilities, but instead we will focus on configuring and using our debugging environment. For this we will be using Qemu and the IDA Pro debugger. If you don’t have IDA you can use insight/ddd/gdb instead, but in my experience IDA is far superior when it comes to embedded debugging. Our target binaries from the TEW-654TR are little endian MIPS, so we need an emulator in order to run them on our host system. IDA + gdb remote debugging
zynamics BinDiff uses a unique graph-theoretical approach to compare executables by identifying identical and similar functions Description BinDiff is a comparison tool for binary files, that assists vulnerability researchers and engineers to quickly find differences and similarities in disassembled code. With BinDiff you can identify and isolate fixes for vulnerabilities in vendor-supplied patches. You can also port symbols and comments between disassemblies of multiple versions of the same binary or use BinDiff to gather evidence for code theft or patent infringement. BinDiff
DarunGrim is a binary diffing tool. DarunGrim is a free diffing tool which provides binary diffing functionality. Binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details of the vulnerabilities it's fixing. You can use that information to learn what causes software break. Also that information can help you write some protection codes for those specific vulnerabilities. DarunGrim: A Patch Analysis and Binary Diffing Tool
darun-grim-script -- scriptable version of DarunGrim3.
As of 2013-11-15, binwalk is no longer maintained on GoogleCode. The code repository has moved to https://github.com/devttys0/binwalk, and all future releases and updates will be posted at binwalk.org. The GoogleCode repository remains for historical purposes only. Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules. Binwalk supports various types of analysis useful for inspecting and reverse engineering firmware, including: binwalk - Firmware Analysis Tool
PEdump
NtQuery/Scylla
[android] wuntee/otertool - GitHub
Powered by Google Docs
NETZOB: A Protocol Reverse Engineering Tool
hyperdbg - A kernel debugger that leverages hardware-assisted virtualization
Free .NET decompiler :: JetBrains dotPeek
CODEGATE 2012 Prob #1 - /var/log/smokedchicken.log