Reverse Engineering Asked by dyasta on January 15, 2021
Is there any disassembler (not only a live debugger) second to IDA in capabilities? IDA is wonderful, and somewhat amazing in how robust and useful it is for reversing. However, it is quite expensive to properly license. Is there any viable alternative, or does IDA hold the monopoly on this market?
I don’t expect an alternative to be as good as IDA, just looking for other options that may be more affordable, and useful enough.
EDIT: Preferrably, multi-platform support should exist, though that’s optional. MIPS, ARM, x86, and x86-64 would be nice, but a disassembler that handles any one of those is a good option to know about.
You didn't mention a platform (Windows, Linux, macOS, etc), but here are some great disassemblers.
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. Windows, Mac OS, and Linux.
Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of process instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
Radare2 is an open source tool to disassemble, debug, analyze and manipulate binary files.
It actually supports many architectures (x86{16,32,64}, Dalvik, avr, ARM, java, PowerPC, Sparc, MIPS) and several binary formats (pe{32,64}, [fat]mach0{32,64}, ELF{32,64}, dex and Java classes), apart from support for filesystem images and many more features.
It runs on the command line, but it has a graphical interface called Cutter that has support for some of its features already.
Binary Ninja is a reverse engineering platform. It focuses on a clean and easy to use interface with a powerful multithreaded analysis built on a custom IL to quickly adapt to a variety of architectures, platforms, and compilers. Runs on macOS, Windows, and Linux.
Hopper is a reverse engineering tool for macOS and Linux, that lets you disassemble, decompile and debug (OS X only) your 32/64bits Intel Mac, Windows and iOS (ARM) executables.
An open-source x64/x32 debugger for windows.
Immunity Debugger is a branch of OllyDbg v1.10, with built-in support for Python scripting and much more.
The PE Explorer Disassembler is designed to be easy to use compared with other disassemblers. To that end, some of the functionality found in other products has been left out in order to keep the process simple and fast. While as powerful as the more expensive, dedicated disassemblers, PE Explorer focuses on ease of use, clarity and navigation.
Hiew is a great disassembler designed for hackers, as the name suggests. It supports three modes - Text, Hexadecimal and Decode (Dis-assembly) mode.
The Online Disassembler is a free web-based, reverse engineering platform that supports over 60 architectures and object file formats from all the major operating systems, including Windows, Mac OS X, Linux, and mobile platforms.
Relyze is a commercial interactive disassembler for x86, x64 and ARM software with loaders for PE or ELF file formats. It supports interactive flat and graph views of the disassembly, generating call and reference graphs, binary diffing two executables, exploring the executable file's structure and a Ruby plugin API. It can also handle things like symbols (PDB's), function local variables, switch statements, exception handlers, static library identification and more.
Correct answer by Mick on January 15, 2021
I have been using Hopper recently, and while it is not up to the level IDA is, it's really surprisingly sophisticated, particularly considering what it costs. Its main platform is OS X, but there are versions available for Linux and Windows as well. The OS X version also has some gdb integration, so you can use it as a debugger.
Answered by Brendan Dolan-Gavitt on January 15, 2021
If you were looking for a contender, I believe ImmunityDebugger and OllyDbg can compete in part for dynamic-analysis and Hopper in part for static-analysis.
That said, there is a big gap between the capabilities you get with the aforementioned software and IDA.
IDA Pro is pretty unique with its capabilities and if you add the Hex-Rays Decompiler Plugin into the equation, things look bleak for the wannabe contenders. However, for casual disassembly and even some decompiling Hopper seems a good choice for anyone not willing to shell out hundreds of bucks for IDA Pro. If you want a free ride, radare2 is probably the next in line, but it takes some getting used to.
Having gotten my first IDA Pro Standard license as a student I have to admit the price point is steep, but it's worth every penny. When I began to work professionally with RCE-related things I upgraded to the "normal" license first and later upgraded to IDA Pro Advanced to get the x64 support.
Also keep in mind there is a freeware version of IDA with license restrictions (but suitable for hobbyists or students) and restrictions of the capabilities.
Answered by 0xC0000022L on January 15, 2021
The first tool that comes to mind is Hopper, which is no longer tied to OSX. It has some debugging support(at least on OSX), but focuses on static analysis, which seems like what you're looking for.
It has the ability to break basic blocks into a control flow graph, rudimentary decompilation support, and you can rename functions as you make sense of them. Perhaps someone who uses it instead of IDA will chime in with a better comparison, I've only played around briefly.
Also, IDA's free version is rather capable and worth a look if you haven't tried it.
Answered by nopnopgoose on January 15, 2021
Have you checked out the open-source Metasm framework? It is a ruby framework for assembly manipulation, and can compete with IDA's static analysis capabilities. It has a graph view, can do disassembly/decompilation on x86/64, MIPS, and PPC and supports a couple of executable file formats.
I believe it has also been integrated into Metasploit.
Answered by dingo_kinznerhook on January 15, 2021
Sourcer was quite awesome, but I'm not sure it's what you need.
Answered by Ange on January 15, 2021
Another framework to check out is Vdb and Vivisect
Answered by binarybitme on January 15, 2021
On of my favorite alternatives to IDA is HT Editor.
I've used it on x86 and x64 binaries and java class files. I think it has support for many other architectures/bytecode. It is cross platform and has some nice features.
Answered by mikeazo on January 15, 2021
I would also add
With the PEBrowse disassembler, one can open and examine any executable without the need to have it loaded as part of an active process with a debugger. Applications, system DLLs, device-drivers and Microsoft .NET assemblies are all candidates for offline analysis using either PEBrowse programs. The information is organized in a convenient treeview index with the major divisions of the PE file displayed as nodes. In most cases selecting nodes will enable context-sensitive multiple view menu options, including binary dump, section detail, disassembly and structure options as well as displaying sub-items, such as optional header directory entries or exported functions, that can be found as part of a PE file unit. Several table displays, hex/ASCII equivalents, window messages and error codes, as well as a calculator and scratchpads are accessible from the main menu (calculator, messages and codes in PEBrowse Professional only).
This is an awesome tool with a lot of useful feature regarding executable analysis and there is also a version that could be used and an interactive debugger.
Answered by PhoeniX on January 15, 2021
ODA (the Online Disassembler) supports a myriad of architectures and provides a basic feature set. You can enter binary data in the Live View and watch the disassembly appear as you type, or you can upload a file to disassemble. A nice feature of this site is that you can share the link to the disassembly with others.
Answered by user711461 on January 15, 2021
ArkDasm is a 64-bit interactive disassembler. Supported file types: PE64, raw binary files. Its currently in alpha stage but works well.
Answered by MaxQ on January 15, 2021
Reverse - Reverse engineering tool for x86/ARM/MIPS. Generates indented pseudo-C with colored syntax code.
SmartDec (aka Snowman) is a native code to C/C++ decompiler. Supports PE and ELF (both 32 and 64bit) also has plugin modules for IDA (6.1, 6.4, 6.5).
Currently supports Intel x86 and x86-x64 architectures. C++ reconstruction supports the 32-bit ABI used by MSVC compiler under Windows.
C reconstruction is generic and can be used on a code produced by virtually any compiler for x86 and x86-x64 architectures.
Answered by Dominik Antal on January 15, 2021
Some other disassemblers / decompilers
W32Dasm
W32DASM was an excellent 16/32 bit disassembler for Windows, it seems it is no longer developed. the latest version available is from 2003
Capstone
Capstone is a lightweight multi-platform, multi-architecture disassembly framework.
BORG Disassembler
BORG is an excellent Win32 Disassembler with GUI.
DSM Studio Disassembler
DSM Studio is an easy-to-use yet comprehensive application that can aid you in the disassembly and inspection of executables built for the Intel x86 architecture.
Decompiler
Decompiler is an easy to use and simply application designed to read program binaries and decompile executable or DLL files. The application is designed to decompile executables for any processor architecture and not be tied to a particular instruction set. Although currently only a x86 front end is implemented, there is nothing preventing you from implementing a 68K, Sparc, or VAX front end if you need one.
Lida - linux interactive disassembler
lida is a fast feature packed interactive ELF disassembler / code-/cryptoanalyzer based on bastards libdisasm
BugDbg x64 v0.7.5
BugDbg x64 is a user-land debugger designed to debug native 64-bit applications. BugDbg is released as Freeware.
distorm3
A lightweight, Easy-to-Use and Fast Disassembler/Decomposer Library for x86/AMD64
Udis86
Udis86 is an easy-to-use, minimalistic disassembler library (libudis86) for the x86 class of instruction set architectures. It has a convenient interface for use in the analysis and instrumentation of binary code.
BeaEngine
This project is a package with a multi-platform x86 and x64 disassembler library (Solaris, MAC OSX, AIX, Irix, OS/2, Linux, Windows)
- General Machine Code to C Decompiler
- Free Windows I64 target edition
- Interactive Windows GUI
REC Studio 4 - Reverse Engineering Compiler
REC Studio is an interactive decompiler. It reads a Windows, Linux, Mac OS X or raw executable file, and attempts to produce a C-like representation of the code and data used to build the executable file. It has been designed to read files produced for many different targets, and it has been compiled on several host systems.
Retargetable Decompiler
A retargetable decompiler that can be utilized for source code recovery, static malware analysis, etc. The decompiler is supposed to be not bounded to any particular target architecture, operating system, or executable file format.
miasm
Miasm is a a free and open source (GPLv2) reverse engineering framework written in python. Miasm aims at analyzing/modifying/generating binary programs.
Free Code Manipulation Library
This is a general purpose machine code manipulation library for IA-32 and Intel 64 architectures. The library supports UNIX-like systems as well as Windows and is highly portable.
Intel® X86 Encoder Decoder Software Library
Intel® XED is a software library (and associated headers) for encoding and decoding X86 (IA32 and Intel64) instructions.
angr
angr is a framework for analyzing binaries. It focuses on both static and dynamic symbolic ("concolic") analysis, making it applicable to a variety of tasks.
JEB Decompiler
JEB is a reverse-engineering platform to perform disassembly, decompilation, debugging, and analysis of code and document files, manually or as part of an analysis pipeline.
Cutter
A Qt and C++ GUI for radare2 reverse engineering framework (originally Iaito). Cutter is not aimed at existing radare2 users. It instead focuses on those whose are not yet radare2 users because of the learning curve, because they don't like CLI applications or because of the difficulty/instability of radare2.
REDasm
REDasm is an interactive, multiarchitecture disassembler written in C++ using Qt5 as UI Framework. Its core is light and simple, it can be extended in order to support new instruction sets and file formats.
Answered by 0xec on January 15, 2021
ScratchABit is an open-source, interactive, incremental, direct-manipulation(*) disassembler with IDAPython-compatible API, allowing reuse of multitude of the plugins developed by the community. ScratchABit stores program state in text files, allowing for easy information reuse and interfacing with other applications and scripts, or tracking history and working collaboratively using version control systems, and minimizing risk of database corruption and recovery efforts.
Full disclosure: I'm the author of ScratchABit and it is a work-in-progress project.
(*) Direct manipulation means that you press a command key and immediately get a reaction, you don't need to type long commands with manually specified addresses and parameters and press Enter.
Answered by pfalcon on January 15, 2021
Relyze is a commercial interactive disassembler for x86, x64 and ARM software with loaders for PE or ELF file formats. It supports interactive flat and graph views of the disassembly, generating call and reference graphs, binary diffing two executables, exploring the executable file's structure and a Ruby plugin API. It can also handle things like symbols (PDB's), function local variables, switch statements, exception handlers, static library identification and more.
Medusa is an open source disassembler with x86, x64, z80 and partial ARM support. It runs on Windows and Linux. It has interactive flat and graph views.
Answered by QAZ on January 15, 2021
Just for completeness: one more disassembler, Binary Ninja:
As for now (9/26/2016) it has the following properties:
Answered by w s on January 15, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP