IDA PRO

 

As a disassembler, IDA Pro explores binary programs, for which source code isn't always available, to create maps of their execution. The real interest of a disassembler is that it shows the instructions that are actually executed by the processor in a symbolic representation called assembly language. If the friendly screen saver you have just installed is spying on your e-banking session or logging your e-mails, a disassembler can reveal it. However, assembly language is hard to make sense of. That's why advanced techniques have been implemented into IDA Pro to make that code more readable, in some cases, quite close

to the original source code that produced the binary program. The map of the program's code then be

postprocessed for further investigations. Some people have used it as the root of a genomic  classification ofviruses. (digital genome mapping – advanced malware analysis)

 

HOPPER

 

A reverse engineering tool, created by Vincent Bénony, for OS X, Linux and Windows, that lets you disassemble, decompile and debug (OS X only) your 32/64bits Intel Mac, Windows and iOS (ARM) executables.

 

  • Native OS X: Hopper is perfectly adapted to the Mac OS X environment. It makes full use of the Cocoa framework, and perfectly integrates with other applications.

  • Procedures: Hopper analyzes function prologues to extract procedural information such as basic blocks and local variables.

  • Fast Disassembler: Hopper has been designed to be fast and responsive. When performing disassembly and analysis on binaries of all sizes it keeps a small memory footprint to achieve very fast analysis.

  • Control Flow Graph: Once a procedure has been detected, Hopper displays a graphical representation of the control flow graph. You can even export a PDF.

 

CAPSTONE

 

Capstone is a lightweight multi-platform, multi-architecture disassembly framework.

 

Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.

 

Highlight features:

 

  • Multi-architectures: Arm, Arm64 (Armv8), Mips, PowerPC, Sparc, SystemZ, XCore & X86 (include X86_64) (details).

  • Clean/simple/lightweight/intuitive architecture-neutral API.

  • Provide details on disassembled instruction (called “decomposer” by some others).

  • Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.

  • Implemented in pure C language, with bindings for Python, Ruby, C#, NodeJS, Java, GO, C++, OCaml & Valaavailable.

  • Native support for Windows & *nix (with Mac OSX, iOS, Android, Linux, *BSD & Solaris confirmed).

  • Thread-safe by design.

  • Special support for embedding into firmware or OS kernel.

  • High performance & suitable for malware analysis (capable of handling various X86 malware tricks).

  • Distributed under the open source BSD license.

PROFILER

 

Cerbero Profiler represents a new approach to security and file analysis. It is not an antivirus nor does it behave like one, instead it creates a profile of a scanned file by identifying threats and privacy issues, and exposes this profile to the user along with warnings and other information. It is mainly intended for security and forensic analysis. However, it can be used also by medium and advanced users: an inexperienced user might not be able to evaluate the risk of JavaScript code, but a system administrator can. This makes the software accessible to companies outside of the security industry as well. On top of that, the product offers an easy risk evaluation so that even users with little experience can benefit from it.

 

The main intent of Profiler is the analysis of 0-day exploits and private information contained in files. The key point is the interaction with the user who can evaluate in detail any issue discovered by Profiler and perform further inspection on the file. Another important feature is the ability to analyze embedded or referenced files, since in many cases the security issue may not be in the originally scanned file, but in a file contained in or referenced from it (a simple case would be a JPEG disclosing geolocation information embedded into a PDF). The analysis of one or more files can be saved into projects which may also include a copy of the files themselves.

 

 
 
 
 

Subscribe for Updates

Congrats! You’re subscribed