GithubHelp home page GithubHelp logo

r3p3r / reverse Goto Github PK

View Code? Open in Web Editor NEW

This project forked from ith4cker/reverse

0.0 1.0 0.0 1.35 MB

Reverse engineering tool for x86/ARM/MIPS. Generates indented pseudo-C with colored syntax code.

License: GNU General Public License v3.0

Makefile 0.36% Shell 0.93% Python 87.43% C 11.28%

reverse's Introduction

Reverse

Reverse engineering for x86/ARM/MIPS binaries. Generate a more readable code (pseudo-C) with colored syntax.

Supported formats : ELF, PE, RAW.

The Makefile is used only for checking tests (or you can use the command nosetest3 which is faster).

Requirements

WARNING: a more recent port of pefile for python3 is recommended instead of the repository simonzack/pefile-py3k.

python >= 3.4
capstone + python bindings (see requirements.sh)
python-pyelftools
https://github.com/mlaferrera/python3-pefile
python-msgpack
terminal with 256 colors (if not use the option `--nocolor`)

For Python binding of Capstone engine, you can install it from PyPi, like followings:

sudo pip3 install capstone

You can also run requirements.sh which will retrieve all requirements.

Pseudo-decompilation of functions

The option -x main is optional because the binary contains the symbol main.

$ ./reverse.py tests/server.bin

reverse

Interactive mode (-i)

More commands are available in this mode (da, db, ...). See help for a full list.

Visual mode (NEW)

From the interactive mode, use the command v to enter in the visual mode. This mode requires ncurses. Use the tab to switch between dump/decompilation.

More features will come :

  • reload automatically if the analyzer has modified the content
  • decompilation at the beginning of the function (and not at the cursor)
  • multi-line comments
  • create code/functions/data
  • renaming
  • stack variables
  • x-refs
  • structure, enums
  • ...

reverse

Switch jump-tables

Switch statements which require a jump-table are not detected automatically. So we need to tell it which jump-table to use.

$ ./reverse.py -i tests/others/switch.bin
>> x
...
>> jmptable 0x400526 0x400620 11 8 
# A jump-table at 0x400620 is set with 11 entries, an address is on 8 bytes.

reverse

Analyze shellcodes

For every int 0x80, the tool try to detect syscalls with parameters.

$ ./reverse.py --raw x86 tests/shellcode.bin
function 0x0 {
    0x0: eax = 0 # xor eax, eax
    0x2: al = '\x0b' # mov al, 0xb
    0x4: cdq
    0x5: push edx
    0x6: push 1752379246 "n/sh"
    0xb: push 1768042287 "//bi"
    0x10: ebx = esp # mov ebx, esp
    0x12: push edx
    0x13: push ebx
    0x14: ecx = esp # mov ecx, esp
    0x16: int 128 ; execve(ebx, ecx, edx) # int 0x80
}

Edit with vim

$ ./reverse tests/dowhile1.bin --vim
You can now run : vim dowhile1.bin.rev -S dowhile1.bin.vim

Custom colors

At the first run, reverse.py creates a new file custom_colors.py with default values. Here you can set your own colors.

reverse's People

Contributors

dnet avatar joelpx avatar netantho avatar bestpig avatar aquynh avatar strazzere avatar redfast00 avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.