Skip to content

Reverse Engineering Tools

The right tool for the right job
Reverse engineering requires a diverse toolkit spanning disassemblers , decompilers , debuggers , and specialized analysis frameworks

Disassemblers and Decompilers

  • Ghidra - Free , best-in-class decompiler , Java-based
  • Strengths: Decompiler quality, cross-platform, extensible
  • Weaknesses: Slower startup, Java memory overhead
  • IDA Pro - Commercial gold standard
  • Strengths: Best disassembler, vast plugin ecosystem, Hex-Rays decompiler
  • radare2/rizin - Free , terminal-based
  • Strengths: Scriptable, fast, no GUI needed
  • Weaknesses: Steep learning curve, decompiler quality lower
  • Binary Ninja - Commercial , modern
  • Strengths: Clean API, good decompiler, Python SDK
  • x64dbg - Free Windows debugger
  • Strengths: User-friendly, plugin ecosystem, x64 focus

Hex Editors

  • ImHex - Modern hex editor with pattern language
  • 010 Editor - Commercial with binary templates
  • HxD - Free Windows hex editor
  • xxd - Linux command-line hex viewer

Packer/Unpacker Detection

# Detect packers
detect-it-easy file.exe           # CLI/GUI packer detection
exeinfope file.exe                # Windows PE analysis with packing
manalyze file.exe                 # Static analysis with packing scoring

Unpacking Tools

  • UPX - upx -d packed.exe (decompress UPX-packed)
  • Scylla - Import reconstruction after unpacking
  • OllDbg + OllUnpacker - Older but covers many packers
  • x64dbg + ScyllaHide - Modern unpacking setup

Comparison/Diffing Tools

# Binary diffing (sample variants)
diaphora binary1 binary2           # IDA diffing plugin
bindiff binary1 binary2            # Google's bin diffing tool
radiff2 binary1 binary2            # radare2 diffing

Network Protocol RE Tools

  • Wireshark - Packet analysis
  • Frida - API hooking for encrypted protocols
  • mitmproxy - HTTP/HTTPS interception
  • Netcat/Socat - Raw protocol interaction
  • Scapy - Python packet manipulation

Firmware Analysis

# Filesystem extraction
binwalk firmware.bin               # Extract filesystems
binwalk -Me firmware.bin           # Recursive extraction with entropy

# Firmware modules
firmwalker firmware/               # Search for credentials, certs, configs

Malware Analysis Sandboxing

  • Cuckoo - Open-source automated analysis
  • CAPE - Cuckoo fork with improved extraction
  • Joe Sandbox - Commercial cloud analysis
  • AnyRun - Interactive online sandbox

Online Resources

  • VirusTotal - Hash lookup and community analysis
  • Hybrid Analysis - Crowdstrike sandbox results
  • UnpacMe - Automated unpacking
  • MalwareBazaar - Malware sample repository
  • ANY.RUN - Interactive sandboxing