12 Best Reverse Engineering Tools / Software – 2019
In order to be decent at Reverse Engineering, one should have a very good command over various reverse engineering tools. These tools make our daunting looking work easier by automating the particular tasks which save a lot of time & energy. Selection & usage of tools depends heavily on the goal you wanna achieve, for eg for debugging, we require debugger while for network packer analysis we need a different type of tool. This post covers 12 Most used tools of reverse engineering.
What is Reverse Engineering Software?
Reverse Engineering Softwares are tools that convert or assist in converting binary code of the software to its original source code. Reverse Engineering Softwares are also known as Reverse engineering tools by many reversers. These include a variety of classes like-:
- Packet tracker & analyzer
- Scripting tools
- File analyzer
ALSO READ-: Click to view Beginner friendly Reverse Engineering tutorial.
12 Best Software Reverse engineering tools list
Olly Debugger is by far one of the most used debuggers for 32bit programs for Microsoft® Windows®. It is a dynamic debugger i.e it allows the user to modify the source code while running the program.
- Shareware but FREE to use.
- Very Powerful dynamic debugger.
- Quite easy to use as compared to IDA.
- Allows you to directly load & debug DLLs.
- A lot of Plugins & Scripts available.
- Works only for Microsoft® Windows®.
- Meant only for x86(or 32 bit) software.
- It is not a static debugger.
IDA(Interactive DisAssembler) is by a company called Hex-Rays®. IDA is used for static analysis as compared to ollydbg & x64dbg which are dynamic in nature. IDA is a VERY powerful & Cross-platform disassembler. It is a must for professional debugging. The major drawback is that it’s not free, instead is VERY costly.
- Really VERY powerful Disassembler.
- Fully supports platforms like Windows, Mac OS X, Linux & Android(recently started supporting it).
- It supports both x86 & x64 bit architecture.
- Contains built-in debuggers.
- Supports a huge number of processors & file formats.
- Very costly. (Although its free & limited version is available here).
- Not a beginner friendly user interface.
It is open source debugger developed by Mr. eXodia for both x86 & x64 type of files. x64dgb is a quite new debugger in the industry(although stable). It is a more likely 64-bit version of ollydbg and is a dynamic type debugger.
- Fully free & open source.
- Supports both 32 & 64 bit files.
- User-friendly interface.
- Only meant for windows.
- A quite nascent tool as compared to others.
ALSO READ-: Click to view Beginner friendly x64dbg Reverse Engineering tutorial.
Wireshark is a Free & open source web debugger which can intercept & modify HTTP requests. It can also log HTTPS requests. It is used in Packet analysis & network troubleshooting.
WireShark’s User Guide-: https://www.wireshark.org/docs/wsug_html_chunked/
- It is completely free & open source web debugger.
- Cross-platform support i.e it runs on Windows, Mac & Linux.
- Have a nice reputation in the industry.
- Sometimes little over-whelming to beginners.
Fiddler is similar to Wireshark. It is developed by Eric Lawrence. It is also used as a web debugger to monitor & modify all connections between your device & internet.
- Completely Free.
- Can also decrypt HTTPS traffic.
- Currently in Beta for MacOS & Linux.
It is one of the most used reverse engineering tools for apk files(Android files). Apktool is used to disassemble apk files, modifying them & then restoring back to apk. It can be also used for “smali” debugging.
- Quite handy while doing reversing android files.
- Free to use.
- Have good community support.
- Not as versatile as JEB decompiler.
CFF Explore is a free PE(Portable Executable) editor, hex editor which also supports .NET file structure. It supports both 32 & 64 PE files. It is developed by NTCore and can also be used to unpack UPX Packer.
- Free PE editor.
- Supports .NET Files also.
- Supports both PE 32 & 64.
- Contains PE Rebuilder.
- Can be used to unpack UPX.
- The free version is not updated since 2012.
DIE(Detect It Easy)
It is one of the most versatile Packer, Protector detector. It supports detection of executable files of windows, Mac OS & Linux i.e PE, ELF & MACH executable files. Click here to download.
- Free & Open source project.
- Muti-OS support – Windows, Mac OS & Linux.
- Uses the sophisticated mechanism to scan packers as compared to PEiD.
- It can be fooled if multiple layers of protection are present.
It is an import reconstruction tool for x86 & x64 files for Windows. Scylla also has full Unicode support. It works well with Windows 7, 8 & 10.
- It is an open source project.
- Supports both x64 & x86.
- Not updated since 2015.
- Little buggy sometimes.
JEB Decompiler is developed by PNF Software. It is apk decompiler & disassembler i.e it is meant for Android. It is a very powerful decompiler as compared to other alternatives. The only drawback is that it is NOT free instead very costly.
- Very powerful android disassembler & decompiler.
- Reconstruct obfuscated XML files & resources.
- Can automate the process by using scripts.
- Very costly.
It is one of the most used & handy tools used while doing any calculation. Calculations regarding calculating the Base address, Virtual address, key calculation, etc requires a calculation in hexadecimal. In most cases, Windows Calculator or any other calc in “Programmer” mode is enough.
Oracle VM VirtualBox
VM stands for Virtual Machine. In reverse engineering in order to test the target or to do the analysis of the malware, it is recommended to do the analysis of it in a safe environment. So, here the role of Virtual Machine(VM) comes to play. Oracle VM VirtualBox is a Free & Open source virtualization solution. It supports many guest OS like Windows, Mac, Linux, etc.
- Completely Free & Open Source.
- Have actively developing community.
- Supports many guest OS.
- In some features, it is not as rich as VMware.
At a professional level, the situation demands to use many different tools & scripts. Hope this post helped you by giving a brief introduction to various tools that are commonly used by a reverser. So what’s your favorite reverse engineering tool? Share in the comments.
Have a lovely day!