Tools we use

IDA Pro: the state of the art static analysis software

For those who delve into the intricate world of reverse engineering, IDA Pro stands as a powerful ally. Imagine a program as a complex machine, its inner workings shrouded in mystery. IDA Pro acts as the ultimate toolkit, allowing you to disassemble and analyze this machine piece by piece.

At its core, IDA Pro is a disassembler. It takes a program, typically a compiled executable file, and translates its machine code instructions into a more human-readable format, like assembly language. This allows you to see the raw commands the program is giving to the computer’s processor. But IDA Pro goes beyond simple disassembly.

It offers powerful features for decompilation, attempting to reconstruct the program’s original source code in a higher-level language like C or C++. This can provide deeper insights into the program’s logic and functionality. IDA Pro also excels in data analysis, allowing you to examine the program’s data structures and strings, potentially revealing hidden messages or configuration settings.

Beyond these core functionalities, it boasts a rich ecosystem of plugins and extensions some of which are very popular among analysts. These tools can cater to specific analysis needs, such as identifying malware signatures or visualizing the differences in terms of program flow across two binaries. This extensibility makes IDA Pro a truly versatile platform for reverse engineering endeavors.

Hex-Rays website

Binary Ninja: the modern lifter and decompiler

Binary Ninja carves a unique path in the world of disassemblers. Unlike its established cousin IDA Pro, Binary Ninja embraces a modern, open-source approach because part of it is released as freely and anyone contribute to it. This makes it a favorite among programmers and security researchers who value flexibility and collaboration.

Binary Ninja functions as a powerful disassembler. It can dissect various executable file formats, translating the cryptic machine code instructions into a more understandable assembly language. This allows you to peek under the hood and see the raw commands the program is giving to the processor. But Binary Ninja doesn’t stop at disassembly. It boasts impressive decompilation capabilities, attempting to reverse engineer the program’s original source code in a higher-level language like C or C++. This can be invaluable for understanding the program’s logic and purpose.

One of Binary Ninja’s strengths lies in its intermediate language (IL) representation. It offers multiple ILs, providing different levels of abstraction from the raw machine code. This allows to analyze the program at a level that best suits your needs: at lowest level, near the registers, or at the highest level, near high level programming languages. In addition to this, it shines in its extensive scripting capabilities. You can leverage Python or C++ to automate repetitive tasks or create custom analysis tools. This level of control and customization is a major draw for analysts who enjoy building their own workflows.

Visit Binary Ninja website

Ghidra: the open source hero

Ghidra stands tall as a free and open-source alternative in the realm of reverse engineering tools. Developed by the National Security Agency (NSA) and released in 2019, Ghidra packs a powerful punch, offering a comprehensive suite for dissecting and understanding software. Ghidra’s capabilities extend far beyond disassembly. It boasts impressive decompilation functionalities, aiming to reconstruct the program’s original source code in a higher-level language like C or C++. This decompiled code can provide valuable insights into the program’s logic and overall purpose.

Ghidra excels in offering a user-friendly graphical interface, making it approachable for beginners and seasoned analysts alike. However, its true power lies in its extensive scripting capabilities. Python scripts can be used to automate repetitive tasks, build custom analysis tools, or integrate Ghidra with other workflows. This level of control allows you to tailor the experience to your specific needs.