12 Best Reverse Engineering Tools / Software – 2019

Reverse engineering tools

In order to be decent at Reverse Engineering, one should have a very good command over various reverse engineering tools. These tools make our daunting looking work easier by automating the particular tasks which save a lot of time & energy. Selection & usage of tools depends heavily on the goal you wanna achieve, for eg for debugging, we require debugger while for network packer analysis we need a different type of tool. This post covers 12 Most used tools of reverse engineering.

What is Reverse Engineering Software?

Reverse Engineering Softwares are tools that convert or assist in converting binary code of the software to its original source code. Reverse Engineering Softwares are also known as Reverse engineering tools by many reversers. These include a variety of classes like-:

  • Disassembler
  • Debugger
  • Packet tracker & analyzer
  • Scripting tools
  • File analyzer

ALSO READ-: Click to view Beginner friendly Reverse Engineering tutorial.

12 Best Software Reverse engineering tools list

Ollydbg

Olly Debugger is by far one of the most used debuggers for 32bit programs for Microsoft® Windows®. It is a dynamic debugger i.e it allows the user to modify the source code while running the program.

ollydbg

Pros-:

  • Shareware but FREE to use.
  • Very Powerful dynamic debugger.
  • Quite easy to use as compared to IDA.
  • Allows you to directly load & debug DLLs.
  • A lot of Plugins & Scripts available.

Cons-:

  • Works only for  Microsoft® Windows®.
  • Meant only for x86(or 32 bit) software.
  • It is not a static debugger.

 

Hex-Rays IDA

IDA(Interactive DisAssembler) is by a company called Hex-Rays®. IDA is used for static analysis as compared to ollydbg & x64dbg which are dynamic in nature. IDA is a VERY powerful & Cross-platform disassembler. It is a must for professional debugging. The major drawback is that it’s not free, instead is VERY costly.

ida_pro

Pros-:

  • Really VERY powerful Disassembler.
  • Fully supports platforms like Windows, Mac OS X, Linux & Android(recently started supporting it).
  • It supports both x86 & x64 bit architecture.
  • Contains built-in debuggers.
  • Supports a huge number of processors & file formats.

Cons-:

  • Very costly. (Although its free & limited version is available here).
  • Not a beginner friendly user interface.

ida_pro

x64dbg

It is open source debugger developed by Mr. eXodia for both x86 & x64 type of files. x64dgb is a quite new debugger in the industry(although stable). It is a more likely 64-bit version of ollydbg and is a dynamic type debugger.

x64dbg

Pros-:

  • Fully free & open source.
  • Supports both 32 & 64 bit files.
  • User-friendly interface.

Cons-:

  • Only meant for windows.
  • A quite nascent tool as compared to others.

ALSO READ-: Click to view Beginner friendly x64dbg Reverse Engineering tutorial.

Wireshark

Wireshark is a Free & open source web debugger which can intercept & modify HTTP requests. It can also log HTTPS requests. It is used in Packet analysis & network troubleshooting.

WireShark’s User Guide-: https://www.wireshark.org/docs/wsug_html_chunked/

Pros-:

  • It is completely free & open source web debugger.
  • Cross-platform support i.e it runs on Windows, Mac & Linux.
  • Have a nice reputation in the industry.

Cons-:

  • Sometimes little over-whelming to beginners.

wireshark

Fiddler

Fiddler is similar to Wireshark. It is developed by Eric Lawrence. It is also used as a web debugger to monitor & modify all connections between your device & internet.

Pros-:

  • Completely Free.
  • Can also decrypt HTTPS traffic.

Cons-:

  • Currently in Beta for MacOS & Linux.

Apktool

It is one of the most used reverse engineering tools for apk files(Android files). Apktool is used to disassemble apk files, modifying them & then restoring back to apk. It can be also used for “smali” debugging.

Pros-:

  • Quite handy while doing reversing android files.
  • Free to use.
  • Have good community support.

Cons-:

  • Not as versatile as JEB decompiler.

CFF Explorer

CFF Explore is a free PE(Portable Executable) editor, hex editor which also supports .NET file structure. It supports both 32 & 64 PE files. It is developed by NTCore and can also be used to unpack UPX Packer.

Pros-:

  • Free PE editor.
  • Supports .NET Files also.
  • Supports both PE 32 & 64.
  • Contains PE Rebuilder.
  • Can be used to unpack UPX.

Cons-:

  • The free version is not updated since 2012.

DIE(Detect It Easy)

It is one of the most versatile Packer, Protector detector. It supports detection of executable files of windows, Mac OS & Linux i.e PE, ELF & MACH executable files. Click here to download.

Pros-:

  • Free & Open source project.
  • Muti-OS support – Windows, Mac OS & Linux.
  • Uses the sophisticated mechanism to scan packers as compared to PEiD.

Cons-:

  • It can be fooled if multiple layers of protection are present.

Scylla

It is an import reconstruction tool for x86 & x64 files for Windows. Scylla also has full Unicode support. It works well with Windows 7, 8 & 10.

Pros-:

  • It is an open source project.
  • Supports both x64 & x86.

Cons-:

  • Not updated since 2015.
  • Little buggy sometimes.

JEB Decompiler

JEB Decompiler is developed by PNF Software. It is apk decompiler & disassembler i.e it is meant for Android. It is a very powerful decompiler as compared to other alternatives. The only drawback is that it is NOT free instead very costly.

Pros-:

  • Very powerful android disassembler & decompiler.
  • Reconstruct obfuscated XML files & resources.
  • Can automate the process by using scripts.

Cons-:

  • Very costly.

Hex Calculator

It is one of the most used & handy tools used while doing any calculation. Calculations regarding calculating the Base address, Virtual address, key calculation, etc requires a calculation in hexadecimal. In most cases, Windows Calculator or any other calc in “Programmer” mode is enough.

Oracle VM VirtualBox

VM stands for Virtual Machine. In reverse engineering in order to test the target or to do the analysis of the malware, it is recommended to do the analysis of it in a safe environment. So, here the role of Virtual Machine(VM) comes to play. Oracle VM VirtualBox is a Free & Open source virtualization solution. It supports many guest OS like Windows, Mac, Linux, etc.

Pros-:

  • Completely Free & Open Source.
  • Have actively developing community.
  • Supports many guest OS.

Cons-:

  • In some features, it is not as rich as VMware.

Final Words

At a professional level, the situation demands to use many different tools & scripts. Hope this post helped you by giving a brief introduction to various tools that are commonly used by a reverser. So what’s your favorite reverse engineering tool? Share in the comments.

Have a lovely day!

Summary
Review Date
Reviewed Item
Reverse Engineering Tools
Author Rating
51star1star1star1star1star

error4hack

Hi, this is error4hack, a computer geek who loves to learn new things(mostly by trial & error method) & then loves to share that knowledge with others. He also likes to listen to music in his free time. He strongly believes in KISS(Keep It Simple Stupid) principle. Youtube channel-: https://www.youtube.com/c/eRRor4hack

You may also like...

1
Leave a Reply

avatar
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
vaiojasard Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
vaiojasard
Guest
vaiojasard

Thank you!