[转帖]开源项目：逆向工程资源：2019年12月23日更新

发表于: 2020-10-31 17:01 13565

[转帖]开源项目：逆向工程资源：2019年12月23日更新

梦幻的彼岸

2020-10-31 17:01

13565

简介

逆向工程资源，涉及所有平台（Windows / Linux / macOS / Android / iOS / IoT）以及各个方面！（超过3500个开源工具和2300个帖子和视频）

项目地址：
https://github.com/alphaSeclab/awesome-reverse-engineering
更新日期：
2019年12月23日
变更历史备份
请见附件

论坛备份阅览

简介
所有收集类项目:
ReverseEngineering
说明
TODO
IDA
插件&&脚本
新添加的
未分类
结构体&&类的检测&&创建&&恢复
未分类
C++类&&虚表
收集
外观&&主题
固件&&嵌入式设备
签名(FLIRT等)&&比较(Diff)&&匹配
未分类
FLIRT签名
FLIRT签名收集
FLIRT签名生成
Diff&&Match工具
Yara
IDB操作
协作逆向&&多人操作相同IDB文件
与调试器同步&&通信&&交互
导入导出&与其他工具交互
未分类
Ghidra
BinNavi
BinaryNinja
Radare2
Frida
IntelPin
针对特定分析目标
未分类
Loader&Processor
GoLang
Windows驱动
PS3&&PS4
PDB
Flash&&SWF
特定样本家族
CTF
IDAPython本身
未分类
cheatsheets
指令参考&文档
辅助脚本编写
未分类
Qt
控制台&&窗口界面
插件模板
其他语言
古老的
调试&&动态运行&动态数据
未分类
DBI数据
调试数据
反编译器&&AST
反混淆
效率&&导航&&快速访问&&图形&&图像&&可视化
其他
显示增强
图形&&图像
搜索
Android
Apple&&macOS&&iXxx&&Objective-C&&SWift&&Mach-O
未分类
内核缓存
Mach-O
Swift
ELF
Microcode
模拟器集成
作为辅助&&构成其他的一环
漏洞
未分类
ROP
补丁&&Patch
其他
函数相关
未分类
重命名&&前缀&&标记
导航&&查看&&查找
demangle
污点分析&&符号执行
字符串
加密解密
文章
新添加的
未分类
Tips&&Tricks
系列文章-Labeless插件介绍
系列文章-使用IDA从零开始学逆向
系列文章-IDAPython-让你的生活更美好
原文
译文
系列文章-使用IDA逆向C代码
工具&&插件&&脚本介绍
未分类
Loader&&Processor
与其他工具交互
翻译-TheIDAProBook
翻译-ReverseEngineeringCodeWithIDAPro
IDA本身
逆向实战
未分类
恶意代码分析
漏洞分析&&挖掘
Microcode
IDA对抗
Ghidra
插件&&脚本
Ghidra
新添加的
特定分析目标
未分类
Loader&&Processor
Xbox
与其他工具交互
未分类
Radare2
IDA
DBI
调试器
外观&&主题
脚本编写
其他
编程语言
文章&&视频
新添加的1
新添加的
Ghidra漏洞
实战分析
未分类
漏洞分析&&挖掘
恶意代码
其他
Tips&&Tricks
工具&&插件&&脚本
x64dbg
插件&&脚本
x64dbg
新添加的
文章&&视频
OllyDbg
插件&&脚本
新添加的
文章&&视频
WinDBG
插件&&脚本
新添加的
文章&&视频
Android
工具
新添加的1
新添加的
HotFix
打包
收集
各类App
Xposed
加壳&&脱壳
HOOK
Emulator&&模拟器
IDA
Debug&&调试
Malware&&恶意代码
Obfuscate&&混淆
ReverseEngineering
文章&&视频
Apple&&iOS&&iXxx
工具
新添加的

更新完善中

所有收集类项目:

收集的所有开源工具: 超过18K, 包括Markdown和Json两种格式
逆向资源: IDA/Ghidra/x64dbg/OllDbg/WinDBG/CuckooSandbox/Radare2/BinaryNinja/DynamoRIO/IntelPin/Frida/QEMU/Android安全/iOS安全/Window安全/Linux安全/macOS安全/游戏Hacking/Bootkit/Rootkit/Angr/Shellcode/进程注入/代码注入/DLL注入/WSL/Sysmon/...
网络相关的安全资源: 代理/GFW/反向代理/隧道/VPN/Tor/I2P，以及中间人/PortKnocking/嗅探/网络分析/网络诊断等
攻击性网络安全资源: 漏洞/渗透/物联网安全/数据渗透/Metasploit/BurpSuite/KaliLinux/C&C/OWASP/免杀/CobaltStrike/侦查/OSINT/社工/密码/凭证/威胁狩猎/Payload/WifiHacking/无线攻击/后渗透/提权/UAC绕过/...

ReverseEngineering

跟逆向有关的资源收集。当前包括的工具个数4600+，并根据功能进行了粗糙的分类。部分工具添加了中文描述。当前包括文章数600左右。
此页只包含部分内容. 查看完整版

说明

EnglishVersion

TODO

对工具进行更细致的分类
为工具添加详细的中文描述，包括其内部实现原理和使用方式
添加非Github repo
补充文章
修改已添加文章的描述

IDA

插件&&脚本

以Github开源工具为主

新添加的

未分类

[1058星][9d] [Py] fireeye/flare-ida 多工具
- StackStrings 自动恢复手动构造的字符串
- Struct Typer implements the struct typing described here
- ApplyCalleeType specify or choose a function type for indirect calls as described here
- argtracker 识别函数使用的静态参数
- idb2pat FLIRT签名生成
- objc2_analyzer 在目标Mach-O可执行文件的与Objective-C运行时相关的部分中定义的选择器引用及其实现之间创建交叉引用
- MSDN Annotations 从XML文件中提取MSDN信息，添加到IDB数据库中
- ironstrings 使用代码模拟执行（flare-emu）, 恢复构造的字符串
- Shellcode Hashes 生成Hash数据库
[737星][7m] [Py] devttys0/ida IDA插件/脚本/模块收集
- wpsearch 查找在MIPS WPS checksum实现中常见的立即数
- md5hash 纯Python版的MD5 hash实现（IDA的hashlib有问题）
- alleycat 查找向指定的函数内代码块的路径、查找两个或多个函数之间的路径、生成交互式调用图、可编程
- codatify 定义IDA自动化分析时miss的ASCII字符串、函数、代码。将data段的所有未定义字节转换为DWORD（于是IDA可识别函数和跳转表指针）
- fluorescence 高亮函数调用指令
- leafblower 识别常用的POSIX函数：printf, sprintf, memcmp, strcpy等
- localxrefs 在当前函数内部查找所有对任意选择文本的引用
- mipslocalvars 对栈上只用于存储寄存器的变量进行命名，简化栈数据分析（MISP）
- mipsrop 在MIPS可执行代码中搜寻ROP。查找常见的ROP
- rizzo 对2个或多个IDB之间的函数进行识别和重命名，基于：函数签名、对唯一字符串/常量的引用、模糊签名、调用图
[318星][2m] [C] ohjeongwook/darungrim 软件补丁分析工具
- IDA插件
- DGEngine
[277星][4m] [Py] jpcertcc/aa-tools 多脚本
- apt17scan.py Volatility插件, 检测APT17相关的恶意代码并提取配置
- emdivi_postdata_decoder 解码Emdivi post的数据
- emdivi_string_decryptor IDAPython脚本, 解密Emdivi内的字符串
- citadel_decryptor Data decryption tool for Citadel
- adwind_string_decoder Python script for decoding strings inside Adwind
- redleavesscan Volatility plugin for detecting RedLeaves and extracting its config
- datper_splunk Python script for detects Datper communication and adds result field to Splunk index
- datper_elk Python script for detects Datper communication and adds result field to Elasticsearch index
- tscookie_decode Python script for decrypting and parsing TSCookie configure data
- wellmess_cookie_decode Python script for decoding WellMess's cookie data (support Python2)
- cobaltstrikescan Volatility plugin for detecting Cobalt Strike Beacon and extracting its config
- tscookie_data_decode Python script for decrypting and parsing TSCookie configure data

结构体&&类的检测&&创建&&恢复

未分类

[931星][16d] [OCaml] airbus-seclab/bincat 二进制代码静态分析工具。值分析（寄存器、内存）、污点分析、类型重建和传播（propagation）、前向/后向分析
- 重复区段: IDA->插件->污点分析 |
[664星][19d] [Py] igogo-x86/hexrayspytools 结构体和类重建插件

C++类&&虚表

[607星][3m] [Py] 0xgalz/virtuailor 利用IDA调试获取的信息，自动创建C++的虚表
- 重复区段: IDA->插件->调试->调试数据 |
  <details>
  <summary>查看详情</summary>

## 静态部分: 
- 检测非直接调用
- 利用条件断点, Hook非直接调用的值赋值过程
 
## 动态 部分
- 创建虚表结构
- 重命名函数和虚表地址
- 给反汇编非直接调用添加结构偏移
- 给非直接调用到虚表之间添加交叉引用
 
## 使用
- File -> Script File -> Main.py(设置断点) -> IDA调试器执行
</details>

收集

[1771星][2d] onethawt/idaplugins-list IDA插件收集
[363星][9m] fr0gger/awesome-ida-x64-olly-plugin IDA x64DBG OllyDBG 插件收集
- 重复区段: x64dbg->插件->新添加的 |

外观&&主题

[723星][6m] [Py] zyantific/idaskins 皮肤插件

固件&&嵌入式设备

[5228星][1m] [Py] refirmlabs/binwalk 固件分析工具（命令行+IDA插件）
- IDA插件
- binwalk
[492星][4m] [Py] maddiestone/idapythonembeddedtoolkit 自动分析嵌入式设备的固件

签名(FLIRT等)&&比较(Diff)&&匹配

未分类

[421星][30d] [C] mcgill-dmas/kam1n0-community 汇编代码管理与分析平台(独立工具+IDA插件)
- 重复区段: IDA->插件->作为辅助 |
- IDA插件
- kam1n0

FLIRT签名

FLIRT签名收集

[605星][1m] [Max] maktm/flirtdb A community driven collection of IDA FLIRT signature files
[321星][5m] push0ebp/sig-database IDA FLIRT Signature Database

FLIRT签名生成

Diff&&Match工具

[1554星][5d] [Py] joxeankoret/diaphora program diffing
[360星][25d] [Py] checkpointsw/karta source code assisted fast binary matching plugin for IDA
[332星][1y] [Py] joxeankoret/pigaios A tool for matching and diffing source codes directly against binaries.

Yara

[449星][2m] [Py] polymorf/findcrypt-yara 使用Yara规则查找加密常量
- 重复区段: IDA->插件->加密解密 |

IDB操作

[316星][6m] [Py] williballenthin/python-idb idb 文件解析和分析工具

协作逆向&&多人操作相同IDB文件

[508星][11m] [Py] idarlingteam/idarling 多人协作插件
[258星][1y] [C++] dga-mi-ssi/yaco 利用Git版本控制，同步多人对相同二进制文件的修改

与调试器同步&&通信&&交互

[471星][5d] [C] bootleg/ret-sync 在反汇编工具和调试器之间同步调试会话
- 重复区段: x64dbg->插件->新添加的 |
- GDB插件
- Ghidra插件
- IDA插件
- LLDB
- OD
- OD2
- WinDgb
- x64dbg
[292星][10m] [C] a1ext/labeless 在IDA和调试器之间无缝同步Label/注释等
- IDA插件
- OD
- OD2
- x64dbg

导入导出&与其他工具交互

未分类

Ghidra

[299星][4m] [Py] cisco-talos/ghida 在IDA中集成Ghidra反编译器
- 重复区段: Ghidra->插件->与其他工具交互->IDA |
[238星][9m] [Py] daenerys-sre/source 使IDA和Ghidra脚本通用, 无需修改
- 重复区段: Ghidra->插件->与其他工具交互->IDA |

BinNavi

[382星][18d] [C++] google/binexport 将反汇编以Protocol Buffer的形式导出为PostgreSQL数据库, 导入到BinNavi中使用
- 重复区段: 其他->BinNavi->工具 |

BinaryNinja

Radare2

Frida

IntelPin

针对特定分析目标

未分类

Loader&Processor

[205星][1y] [Py] fireeye/idawasm WebAssembly的加载器和解析器

GoLang

[376星][9m] [Py] sibears/idagolanghelper 解析Go语言编译的二进制文件中的GoLang类型信息
[297星][2m] [Py] strazzere/golang_loader_assist 辅助Go逆向

Windows驱动

[306星][1y] [Py] fsecurelabs/win_driver_plugin A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.
[218星][1y] [Py] nccgroup/driverbuddy 辅助逆向Windows内核驱动

PS3&&PS4

PDB

Flash&&SWF

特定样本家族

CTF

IDAPython本身

未分类

[720星][7d] [Py] idapython/src IDAPython源码
[373星][2m] [Py] tmr232/sark IDAPython的高级抽象

cheatsheets

[258星][20d] [Py] inforion/idapython-cheatsheet Scripts and cheatsheets for IDAPython

指令参考&文档

[497星][1y] [PLpgSQL] nologic/idaref 指令参考插件.
[449星][4m] [C++] alexhude/friend 反汇编显示增强, 文档增强插件
- 重复区段: IDA->插件->效率->其他 |

辅助脚本编写

未分类

[282星][1m] [Py] fireeye/flare-emu 结合Unicorn引擎, 简化模拟脚本的编写
- 重复区段: IDA->插件->模拟器集成 |

Qt

控制台&&窗口界面

[269星][30d] [Py] eset/ipyida 集成IPython控制台

插件模板

其他语言

古老的

调试&&动态运行&动态数据

未分类

[395星][1y] [C++] cseagle/sk3wldbg 用Unicorn引擎做后端的调试插件
- 重复区段: IDA->插件->模拟器集成 |

DBI数据

[943星][1y] [Py] gaasedelen/lighthouse 从DBI中收集代码覆盖情况，在IDA/Binja中映射、浏览、查看
- 重复区段: DBI->IntelPin->工具->与其他工具交互->未分类 |DBI->Frida->工具->与其他工具交互->IDA |DBI->Frida->工具->与其他工具交互->BinaryNinja |
- coverage-frida 使用Frida收集信息
- coverage-pin 使用Pin收集覆盖信息
- 插件支持IDA和BinNinja

调试数据

[607星][3m] [Py] 0xgalz/virtuailor 利用IDA调试获取的信息，自动创建C++的虚表
- 重复区段: IDA->插件->结构体->C++类 |
  <details>
  <summary>查看详情</summary>

## 静态部分: 
- 检测非直接调用
- 利用条件断点, Hook非直接调用的值赋值过程
 
## 动态 部分
- 创建虚表结构
- 重命名函数和虚表地址
- 给反汇编非直接调用添加结构偏移
- 给非直接调用到虚表之间添加交叉引用
 
## 使用
- File -> Script File -> Main.py(设置断点) -> IDA调试器执行
</details>

[386星][5m] [Py] ynvb/die 使用IDA调试器收集动态运行信息, 辅助静态分析

反编译器&&AST

[1672星][7m] [C++] yegord/snowman Snowman反编译器，支持x86, AMD64, ARM。有独立的GUI工具、命令行工具、IDA/Radare2/x64dbg插件，也可以作为库使用
- 重复区段: x64dbg->插件->新添加的 |
- IDA插件
- snowman QT界面
- nocode 命令行工具
- nc 核心代码，可作为库使用
[1329星][1y] [C++] rehints/hexrayscodexplorer 反编译插件, 多功能
- 重复区段: IDA->插件->效率->其他 |
  <details>
  <summary>查看详情</summary>

- 自动类型重建
- 虚表识别/导航(反编译窗口)
- C-tree可视化与导出
- 对象浏览
</details>

[418星][3m] [C++] avast/retdec-idaplugin retdec 的 IDA 插件
[235星][7m] [Py] patois/dsync 反汇编和反编译窗口同步插件
- 重复区段: IDA->插件->效率->其他 |

反混淆

[1365星][3m] [Py] fireeye/flare-floss 自动从恶意代码中提取反混淆后的字符串
- 重复区段: IDA->插件->字符串 |
- floss
- IDA插件
[304星][4m] [C++] rolfrolles/hexraysdeob 利用Hex-Rays microcode API破解编译器级别的混淆
- 重复区段: IDA->插件->Microcode |

效率&&导航&&快速访问&&图形&&图像&&可视化

其他

[1329星][1y] [C++] rehints/hexrayscodexplorer 反编译插件, 多功能
- 重复区段: IDA->插件->反编译器 |
  <details>
  <summary>查看详情</summary>

- 自动类型重建
- 虚表识别/导航(反编译窗口)
- C-tree可视化与导出
- 对象浏览
</details>

[449星][4m] [C++] alexhude/friend 反汇编显示增强, 文档增强插件
- 重复区段: IDA->插件->指令参考 |
[372星][2m] [Py] l4ys/lazyida 若干快速访问功能, 扫描字符串格式化漏洞
- 重复区段: IDA->插件->字符串 |IDA->插件->漏洞->未分类 |
  <details>
  <summary>查看详情</summary>

### 功能
- 快速移除函数返回类型
- 数据格式(format)快速转换
- 扫描字符串格式化漏洞
- 双击跳转vtable函数
- 快捷键: w/c/v
</details>

[329星][3m] [Py] pfalcon/scratchabit 交互式反汇编工具, 有与IDAPython兼容的插件API
[235星][7m] [Py] patois/dsync 反汇编和反编译窗口同步插件
- 重复区段: IDA->插件->反编译器 |

显示增强

[208星][27d] [Py] patois/idacyber 交互式数据可视化插件

图形&&图像

[2569星][5m] [Java] google/binnavi 二进制分析IDE, 对反汇编代码的控制流程图和调用图进行探查/导航/编辑/注释.(IDA插件的作用是导出反汇编)

搜索

Android

[246星][20d] [C++] strazzere/android-scripts Android逆向脚本收集
- 重复区段: Android->工具->ReverseEngineering |

Apple&&macOS&&iXxx&&Objective-C&&SWift&&Mach-O

未分类

内核缓存

Mach-O

Swift

ELF

Microcode

[304星][4m] [C++] rolfrolles/hexraysdeob 利用Hex-Rays microcode API破解编译器级别的混淆
- 重复区段: IDA->插件->反混淆 |

模拟器集成

[504星][12d] [Py] alexhude/uemu 基于Unicorn的模拟器插件
[395星][1y] [C++] cseagle/sk3wldbg 用Unicorn引擎做后端的调试插件
- 重复区段: IDA->插件->调试->未分类 |
[282星][1m] [Py] fireeye/flare-emu 结合Unicorn引擎, 简化模拟脚本的编写
- 重复区段: IDA->插件->辅助脚本编写->未分类 |

作为辅助&&构成其他的一环

[1542星][20d] [Py] lifting-bits/mcsema 将x86, amd64, aarch64二进制文件转换成LLVM字节码
- IDA7插件用于反汇编二进制文件并生成控制流程图
- IDA插件用于反汇编二进制文件并生成控制流程图
- Binja插件用于反汇编二进制文件并生成控制流程图
- mcsema
[421星][30d] [C] mcgill-dmas/kam1n0-community 汇编代码管理与分析平台(独立工具+IDA插件)
- 重复区段: IDA->插件->签名(FLIRT等)->未分类 |
- IDA插件
- kam1n0

漏洞

未分类

[492星][7m] [Py] danigargu/heap-viewer 查看glibc堆, 主要用于漏洞开发
[372星][2m] [Py] l4ys/lazyida 若干快速访问功能, 扫描字符串格式化漏洞
- 重复区段: IDA->插件->字符串 |IDA->插件->效率->其他 |
  <details>
  <summary>查看详情</summary>

### 功能
- 快速移除函数返回类型
- 数据格式(format)快速转换
- 扫描字符串格式化漏洞
- 双击跳转vtable函数
- 快捷键: w/c/v
</details>

ROP

补丁&&Patch

[727星][1y] [Py] keystone-engine/keypatch 汇编/补丁插件, 支持多架构, 基于Keystone引擎

其他

函数相关

未分类

重命名&&前缀&&标记

[291星][2m] [Py] a1ext/auto_re 自动化函数重命名

导航&&查看&&查找

demangle

污点分析&&符号执行

[931星][16d] [OCaml] airbus-seclab/bincat 二进制代码静态分析工具。值分析（寄存器、内存）、污点分析、类型重建和传播（propagation）、前向/后向分析
- 重复区段: IDA->插件->结构体->未分类 |

字符串

[1365星][3m] [Py] fireeye/flare-floss 自动从恶意代码中提取反混淆后的字符串
- 重复区段: IDA->插件->反混淆 |
- floss
- IDA插件
[372星][2m] [Py] l4ys/lazyida 若干快速访问功能, 扫描字符串格式化漏洞
- 重复区段: IDA->插件->效率->其他 |IDA->插件->漏洞->未分类 |
  <details>
  <summary>查看详情</summary>

### 功能
- 快速移除函数返回类型
- 数据格式(format)快速转换
- 扫描字符串格式化漏洞
- 双击跳转vtable函数
- 快捷键: w/c/v
</details>

加密解密

[449星][2m] [Py] polymorf/findcrypt-yara 使用Yara规则查找加密常量
- 重复区段: IDA->插件->签名(FLIRT等)->Yara |

文章

系列文章-IDAPython-让你的生活更美好

原文

2016.06 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part6
2016.01 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part5
2016.01 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part4
2016.01 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part3
2015.12 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part2
2015.12 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part1

译文

系列文章-使用IDA逆向C代码

2019.01 [ly0n] Reversing C code with IDA part V
2019.01 [ly0n] Reversing C code with IDA part IV
2019.01 [ly0n] Reversing C code with IDA part III
2018.12 [ly0n] Reversing C code with IDA part II
2018.01 [ly0n] Reversing C code with IDA part I

工具&&插件&&脚本介绍

未分类

2019.10 [vmray] VMRay IDA Plugin v1.1: Streamlining Deep-Dive Malware Analysis
2019.10 [talosintelligence] New IDA Pro plugin provides TileGX support
2019.09 [talosintelligence] GhIDA: Ghidra decompiler for IDA Pro
2019.05 [carbonblack] fn_fuzzy: Fast Multiple Binary Diffing Triage with IDA
2019.04 [] climacros – IDA productivity tool
2019.04 [] QScripts – IDA Scripting productivity tool
2019.03 [] Daenerys: IDA Pro and Ghidra interoperability framework
2019.03 [freebuf] Ponce：一键即可实现符号执行（IDA插件）
2019.02 [kitploit] HexRaysCodeXplorer - Hex-Rays Decompiler Plugin For Better Code Navigation
2019.02 [kitploit] Ponce - IDA Plugin For Symbolic Execution Just One-Click Away!
2019.01 [talosintelligence] Dynamic Data Resolver (DDR) - IDA Plugin
2018.12 [securityonline] HexRaysCodeXplorer: Hex-Rays Decompiler plugin for better code navigation
2018.11 [4hou] FLARE脚本系列：使用idawasm IDA Pro插件逆向WebAssembly（Wasm）模块
2018.10 [aliyun] 用idawasm IDA Pro逆向WebAssembly模块
2018.10 [fireeye] FLARE Script Series: Reverse Engineering WebAssembly Modules Using the
idawasm IDA Pro Plugin
2018.10 [vmray] Introducing the IDA Plugin for VMRay Analyzer
2018.10 [aliyun] IDA-minsc在Hex-Rays插件大赛中获得第二名（2）
2018.10 [aliyun] IDA-minsc在Hex-Rays插件大赛中获得第二名（1）
2018.10 [aliyun] 通过两个IDAPython插件支持A12 PAC指令和iOS12 kernelcache 重定位
2018.09 [ptsecurity] How we developed the NIOS II processor module for IDA Pro

Loader&&Processor

2019.03 [360] 为CHIP-8编写IDA processor module
2018.10 [ptsecurity] Modernizing IDA Pro: how to make processor module glitches go away
2018.08 [360] Lua程序逆向之为Luac编写IDA Pro处理器模块

与其他工具交互

2018.09 [dustri] IDAPython vs. r2pipe

翻译-TheIDAProBook

2008.10 [pediy] [翻译]The IDA Pro Book 第六章
2008.10 [pediy] [翻译]（20081030更新）The IDA Pro Book 第12章：使用FLIRT签名识别库
2008.10 [pediy] [翻译]The IDA Pro Book(第二章)
2008.10 [pediy] [翻译]The IDA Pro book 第5章---IDA DATA DISPLAY
2008.10 [pediy] [翻译]The IDA Pro Book(第一章)

翻译-ReverseEngineeringCodeWithIDAPro

2009.01 [pediy] [原创]Reverse Engineering Code with IDA Pro第七章中文译稿
2008.06 [pediy] [翻译]Reverse Engineering Code with IDA Pro(第一、二章)

IDA本身

2019.01 [pediy] [原创]IDA7.2安装包分析
2019.01 [pediy] [原创]IDA 在解析 IA64 中的 brl 指令时存在一个 Bug
2018.11 [hexblog] IDA 7.2 – The Mac Rundown
2018.10 [pediy] [原创] 修复 IDA Pro 7.0在macOS Mojave崩溃的问题

逆向实战

未分类

2019.11 [4hou] 反作弊游戏如何破解，看看《黑色沙漠》逆向分析过程：使用 IDAPython 和 FLIRT 签名恢复 IAT
2019.11 [aliyun] 使用IDA microcode去除ollvm混淆(下)
2019.06 [devco] 破密行動: 以不尋常的角度破解 IDA Pro 偽隨機數
2019.05 [360] IDAPython实战项目——DES算法识别
2019.04 [venus] 使用 IDA Pro 的 REobjc 模块逆向 Objective-C 二进制文件
2019.01 [ly0n] Cracking with IDA (redh@wk 2.5 crackme)
2018.11 [somersetrecon] Introduction to IDAPython for Vulnerability Hunting - Part 2
2018.11 [pediy] [原创]IDA动态调试ELF
2018.06 [pediy] [翻译]在IDA中使用Python Z3库来简化函数中的算术运算
2018.03 [duo] Reversing Objective-C Binaries With the REobjc Module for IDA Pro
2006.05 [pediy] Themida v1008 驱动程序分析,去除花指令的 IDA 文件

恶意代码分析

2019.04 [360] 两种姿势批量解密恶意驱动中的上百条字串
2019.03 [cyber] 使用IDAPython分析Trickbot
2019.01 [OALabs] Lazy String Decryption Tips With IDA PRO and Shade Ransomware Unpacked!
2018.09 [4hou] Hidden Bee恶意软件家族的定制IDA装载模块开发
2018.09 [4hou] 用IDAPython解密Gootkit中的字符串
2018.05 [OALabs] Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg
2018.04 [OALabs] Unpacking VB6 Packers With IDA Pro and API Hooks (Re-Upload)
2018.03 [OALabs] Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request
2018.01 [OALabs] Unpacking Pykspa Malware With Python and IDA Pro - Subscriber Request Part 1
2017.11 [OALabs] Unpacking Process Injection Malware With IDA PRO (Part 2)
2017.11 [OALabs] Unpacking Process Injection Malware With IDA PRO (Part 1)
2017.06 [hackers] Reverse Engineering Malware, Part 3: IDA Pro Introduction
2017.05 [4hou] 逆向分析——使用IDA动态调试WanaCrypt0r中的tasksche.exe
2017.05 [3gstudent] 逆向分析——使用IDA动态调试WanaCrypt0r中的tasksche.exe
2012.06 [trustwave] 使用IDAPython对Flame的字符串进行反混淆

漏洞分析&&挖掘

2018.07 [360] 如何使用 IDAPython 寻找漏洞
2018.07 [somersetrecon] 如何使用IDAPython挖掘漏洞

Microcode

2019.10 [amossys] 探秘Hex-Rays microcode

IDA对抗

2019.05 [aliyun] 混淆IDA F5的一个小技巧-x86

Ghidra

插件&&脚本

Ghidra

[18649星][2d] [Java] nationalsecurityagency/ghidra 软件逆向框架

新添加的

[455星][8m] [YARA] ghidraninja/ghidra_scripts Ghidra脚本
- binwalk 对当前程序运行BinWalk, 标注找到的内容
- yara 使用Yara查找加密常量
- swift_demangler 自动demangle Swift函数名
- golang_renamer 恢复stripped Go二进制文件的函数名
[204星][7m] [Java] rolfrolles/ghidrapal Ghidra 程序分析库(无文档)

特定分析目标

未分类

Loader&&Processor

Xbox

与其他工具交互

未分类

Radare2

IDA

[299星][4m] [Py] cisco-talos/ghida 在IDA中集成Ghidra反编译器
- 重复区段: IDA->插件->导入导出->Ghidra |
[238星][9m] [Py] daenerys-sre/source 使IDA和Ghidra脚本通用, 无需修改
- 重复区段: IDA->插件->导入导出->Ghidra |

DBI

调试器

外观&&主题

脚本编写

其他

编程语言

文章&&视频

新添加的1

新添加的

2019.09 [dustri] Radare2, IDA Pro, and Binary ninja, a metaphoric comparison
2019.05 [vimeo] Three Heads are Better Than One: Mastering Ghidra - Alexei Bulazel, Jeremy Blackthorne - INFILTRATE 2019
2019.04 [X0x6d696368] Ghidra: Stack Depth (to detect stack manipulation)
2019.04 [X0x6d696368] Ghidra: Version Tracking
2019.04 [X0x6d696368] Ghidra: Export Symbols and Load External Libraries (to resolve imported function names)
2019.04 [X0x6d696368] Ghidra: Data Type Manager / Archives and Parse C Source... (resolve function signatures)
2019.04 [X0x6d696368] Ghidra: Generate Checksum... (to extract hashes of embedded malware artifacts)
2019.04 [msreverseengineering] An Abstract Interpretation-Based Deobfuscation Plugin for Ghidra
2019.04 [X0x6d696368] Ghidra: FunctionID (to identify libraries and code reuse)
2019.04 [X0x6d696368] Ghidra: Server / Shared Projects (using ghidra-server.org)
2019.04 [X0x6d696368] Ghidra: Bytes View (to patch binary and export to a working PE file)
2019.04 [X0x6d696368] Ghidra: Fixing Bugs (Fixing PE section import size alignment)
2019.04 [X0x6d696368] Ghidra: Clear Flow and Repair, and Patch Instruction (to defeat anti-disassembly)
2019.04 [X0x6d696368] Ghidra: Scripting (Python) (a quick introduction by implementing pipeDecoder.py)
2019.04 [X0x6d696368] Ghidra: Decompile and compile (to quickly reimplement malware decoding functions)
2019.04 [X0x6d696368] Ghidra: EditBytesScript (to fix/manipulate PE header to load ShadowHammer setup.exe sample)
2019.04 [X0x6d696368] Ghidra: Extract and Import ... (to extract resources from PE binaries)
2019.04 [X0x6d696368] Ghidra: YaraGhidraGUIScript (to generate a YARA signature for threat/retro hunting)
2019.04 [X0x6d696368] Ghidra: XORMemoryScript (to XOR decode strings)
2019.04 [yoroi] Ghidra SRE: The AZORult Field Test

Ghidra漏洞

2019.10 [securityaffairs] Ghidra 9.0.4及之前版本的代码执行漏洞
2019.10 [4hou] CVE-2019-16941: NSA Ghidra工具RCE漏洞
2019.08 [hackertor] Ghidra (Linux) 9.0.4 Arbitrary Code Execution
2019.08 [kitploit] Ghidra (Linux) 9.0.4 Arbitrary Code Execution
2019.07 [hackertor] NA – CVE-2019-13623 – In NSA Ghidra through 9.0.4, path traversal can…
2019.07 [hackertor] NA – CVE-2019-13625 – NSA Ghidra before 9.0.1 allows XXE when a…
2019.03 [venus] Ghidra 从 XXE 到 RCE
2019.03 [tencent] Ghidra 从 XXE 到 RCE

实战分析

未分类

2019.09 [venus] 使用 Ghidra 对 iOS 应用进行 msgSend 分析
2019.09 [4hou] 使用Ghidra对iOS应用进行msgSend分析
2019.09 [WarrantyVoider] X360 XEX Decompiling With Ghidra
2019.08 [WarrantyVoider] N64 ROM Decompiling With Ghidra - N64LoaderWV
2019.08 [4hou] 基于Ghidra和Neo4j的RPC分析技术
2019.04 [X0x6d696368] Ghidra: Search Program Text... (to find XOR decoding functions in malware)
2019.04 [shogunlab] Here Be Dragons: Reverse Engineering with Ghidra - Part 0 [Main Windows & CrackMe]
2019.03 [GhidraNinja] Reverse engineering with #Ghidra: Breaking an embedded firmware encryption scheme
2019.03 [GhidraNinja] Ghidra quickstart & tutorial: Solving a simple crackme

漏洞分析&&挖掘

2019.11 [4hou] 使用Ghidra对WhatsApp VOIP Stack 溢出漏洞的补丁对比分析
2019.09 [4hou] 利用Ghidra分析TP-link M7350 4G随身WiFi的RCE漏洞
2019.08 [aliyun] CVE-2019-12103 使用Ghidra分析TP-Link M7350上的预认证RCE

恶意代码

2019.06 [dawidgolak] IcedID aka #Bokbot Analysis with Ghidra.
2019.04 [aliyun] 利用Ghidra分析恶意软件Emotet
2019.04 [X0x6d696368] Ghidra: Shadow Hammer (Stage 1: Setup.exe) complete static Analysis
2019.04 [X0xd0cf11e] Analyzing Emotet with Ghidra — Part 2
2019.04 [X0x6d696368] Ghidra: Android APK (it's basically dex2jar with a .dex decompiler)
2019.04 [X0xd0cf11e] Analyzing Emotet with Ghidra — Part 1
2019.03 [GhidraNinja] Reversing WannaCry Part 1 - Finding the killswitch and unpacking the malware in #Ghidra
2019.03 [HackerSploit] Malware Analysis With Ghidra - Stuxnet Analysis
2019.03 [sans] Analysing meterpreter payload with Ghidra

其他

Tips&&Tricks

工具&&插件&&脚本

2019.11 [deadc0de] 使用Python编写Ghidra脚本示例
2019.04 [X0x6d696368] ghidra_scripts: RC4Decryptor.py
2019.04 [aliyun] 如何开发用于漏洞研究的Ghidra插件，Part 1
2019.04 [somersetrecon] Ghidra Plugin Development for Vulnerability Research - Part-1
2019.03 [wololo] PS4 release: GhidraPS4Loader and Playstation 4 Flash tool

x64dbg

插件&&脚本

x64dbg

[34576星][26d] [C++] x64dbg/x64dbg Windows平台x32/x64调试器

新添加的

[1672星][7m] [C++] yegord/snowman Snowman反编译器，支持x86, AMD64, ARM。有独立的GUI工具、命令行工具、IDA/Radare2/x64dbg插件，也可以作为库使用
- 重复区段: IDA->插件->反编译器 |
- IDA插件
- snowman QT界面
- nocode 命令行工具
- nc 核心代码，可作为库使用
[1341星][1m] [C] x64dbg/x64dbgpy Automating x64dbg using Python, Snapshots:
[972星][1m] [Py] x64dbg/docs x64dbg文档
[471星][5d] [C] bootleg/ret-sync 在反汇编工具和调试器之间同步调试会话
- 重复区段: IDA->插件->与调试器同步 |
- GDB插件
- Ghidra插件
- IDA插件
- LLDB
- OD
- OD2
- WinDgb
- x64dbg
[363星][9m] fr0gger/awesome-ida-x64-olly-plugin IDA x64DBG OllyDBG 插件收集
- 重复区段: IDA->插件->收集 |

文章&&视频

OllyDbg

插件&&脚本

新添加的

文章&&视频

WinDBG

插件&&脚本

新添加的

[564星][6m] [C#] fremag/memoscope.net Dump and analyze .Net applications memory ( a gui for WinDbg and ClrMd )
[279星][26d] [Py] hugsy/defcon_27_windbg_workshop DEFCON 27 workshop - Modern Debugging with WinDbg Preview
[230星][9m] [C++] microsoft/windbg-samples Sample extensions, scripts, and API uses for WinDbg.

文章&&视频

2019.10 [freebuf] Iris：一款可执行常见Windows漏洞利用检测的WinDbg扩展
2019.08 [lowleveldesign] Synthetic types and tracing syscalls in WinDbg
2019.08 [hackertor] Iris – WinDbg Extension To Perform Basic Detection Of Common Windows Exploit Mitigations
2019.07 [osr] How L1 Terminal Fault (L1TF) Mitigation and WinDbg Wasted My Morning (a.k.a. Yak Shaving: WinDbg Edition)
2019.06 [360] 《Dive into Windbg系列》Explorer无法启动排查
2019.04 [360] 《Dive into Windbg系列》AudioSrv音频服务故障
2019.03 [aliyun] 为WinDbg和LLDB编写ClrMD扩展
2019.03 [offensive] Development of a new Windows 10 KASLR Bypass (in One WinDBG Command)
2019.02 [OALabs] WinDbg Basics for Malware Analysis

Android

工具

新添加的1

[6101星][2m] [Java] google/android-classyshark 分析基于Android/Java的App或游戏
[6094星][5m] [Java] qihoo360/replugin RePlugin - A flexible, stable, easy-to-use Android Plug-in Framework
[5195星][11d] [Py] mobsf/mobile-security-framework-mobsf Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
- 重复区段: Malware->工具 |
[5084星][7d] [HTML] owasp/owasp-mstg 关于移动App安全开发、测试和逆向的相近手册
[4882星][16d] [Java] guardianproject/haven 通过Android应用和设备上的传感器保护自己的个人空间和财产而又不损害
[4776星][4d] [C++] facebook/redex Android App字节码优化器
[4306星][7d] [Shell] ashishb/android-security-awesome A collection of android security related resources
[3649星][1m] [C++] anbox/anbox 在常规GNU / Linux系统上引导完整的Android系统，基于容器
[2314星][1y] [Java] csploit/android cSploit - The most complete and advanced IT security professional toolkit on Android.
[2120星][9m] [Py] linkedin/qark 查找Android App的漏洞, 支持源码或APK文件
[2095星][10m] jermic/android-crack-tool
[2051星][13d] [Py] sensepost/objection runtimemobile exploration
[2011星][7m] [Py] fsecurelabs/drozer The Leading Security Assessment Framework for Android.
[1976星][] [Java] kyson/androidgodeye AndroidGodEye:A performance monitor tool , like "Android Studio profiler" for Android , you can easily monitor the performance of your app real time in pc browser
[1925星][7m] [Java] fuzion24/justtrustme An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning
[1430星][11m] [Java] aslody/legend (Android)无需Root即可Hook Java方法的框架, 支持Dalvik和Art环境
[1417星][1m] [Java] chrisk44/hijacker Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI Application for Android
[1241星][3m] [Java] whataa/pandora an android library for debugging what we care about directly in app.
[1235星][1m] [Java] find-sec-bugs/find-sec-bugs The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
[1213星][1m] [JS] megatronking/httpcanary A powerful capture and injection tool for the Android platform
[1208星][3m] [Java] javiersantos/piracychecker An Android library that prevents your app from being pirated / cracked using Google Play Licensing (LVL), APK signature protection and more. API 14+ required.
[1134星][24d] [Java] huangyz0918/androidwm 一个支持不可见数字水印（隐写术）的android图像水印库。
[885星][2m] [C] 504ensicslabs/lime LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures f…
[820星][3d] proxymanapp/proxyman Modern and Delightful HTTP Debugging Proxy for macOS, iOS and Android
[810星][4m] [Scala] antox/antox Android client for Project Tox - Secure Peer to Peer Messaging
[800星][3m] sh4hin/androl4b 用于评估Android应用程序，逆向工程和恶意软件分析的虚拟机
- 重复区段: Malware->工具 |
[769星][1y] [C] ele7enxxh/android-inline-hook thumb16 thumb32 arm32 inlineHook in Android
[668星][1m] doridori/android-security-reference A W.I.P Android Security Ref
[608星][7m] [JS] vincentcox/stacoan StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
[559星][6d] [Shell] owasp/owasp-masvs OWASP 移动App安全标准
[546星][1m] nordicsemiconductor/android-nrf-connect Documentation and issue tracker for nRF Connect for Android.
[541星][1y] [Java] jaredrummler/apkparser APK parser for Android
[527星][4m] [JS] wooyundota/droidsslunpinning Android certificate pinning disable tools
[518星][3m] [Java] megatronking/stringfog 一款自动对字节码中的字符串进行加密Android插件工具
[511星][] [Java] happylishang/cacheemulatorchecker Android模拟器检测，检测Android模拟器，获取相对真实的IMEI AndroidId 序列号 MAC地址等，作为DeviceID，应对防刷需求等
[482星][1m] [JS] lyxhh/lxhtoolhttpdecrypt Simple Android/iOS protocol analysis and utilization tool
[450星][12m] [Kotlin] shadowsocks/kcptun-android kcptun for Android.
[443星][23d] [TS] shroudedcode/apk-mitm
[431星][5d] [C] guardianproject/orbot The Github home of Orbot: Tor on Android (Also available on gitlab!)
[426星][11d] [Py] thehackingsage/hacktronian All in One Hacking Tool for Linux & Android
[412星][4m] [Java] megatronking/netbare Net packets capture & injection library designed for Android
[409星][3m] [CSS] angea/pocorgtfo a "Proof of Concept or GTFO" mirror with extra article index, direct links and clean PDFs.
[408星][1y] [Java] testwhat/smaliex A wrapper to get de-optimized dex from odex/oat/vdex.
[379星][5m] [Makefile] crifan/android_app_security_crack 安卓应用的安全和破解
[379星][1y] [CSS] nowsecure/secure-mobile-development A Collection of Secure Mobile Development Best Practices
[358星][5m] b3nac/android-reports-and-resources A big list of Android Hackerone disclosed reports and other resources.
[358星][5m] [C] the-cracker-technology/andrax-mobile-pentest ANDRAX The first and unique Penetration Testing platform for Android smartphones
[333星][17d] [Java] datatheorem/trustkit-android Easy SSL pinning validation and reporting for Android.
[284星][9m] [Py] micropyramid/forex-python Foreign exchange rates, Bitcoin price index and currency conversion using ratesapi.io
[267星][4m] [Py] amimo/dcc DCC (Dex-to-C Compiler) is method-based aot compiler that can translate DEX code to C code.
[265星][3d] [Py] den4uk/andriller Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices.
[251星][10m] [C] chef-koch/android-vulnerabilities-overview An small overview of known Android vulnerabilities
[234星][2m] [C] grant-h/qu1ckr00t A PoC application demonstrating the power of an Android kernel arbitrary R/W.
[234星][1y] [Ruby] hahwul/droid-hunter (deprecated) Android application vulnerability analysis and Android pentest tool
[229星][8m] [Java] jieyushi/luffy Android字节码插件，编译期间动态修改代码，改造添加全埋点日志采集功能模块，对常见控件进行监听处理
[225星][3m] [Java] virb3/trustmealready Disable SSL verification and pinning on Android, system-wide
[208星][18d] [C] derrekr/fastboot3ds A homebrew bootloader for the Nintendo 3DS that is similar to android's fastboot.

新添加的

HotFix

[14557星][5d] [Java] tencent/tinker Tinker is a hot-fix solution library for Android, it supports dex, library and resources update without reinstall apk.
[3462星][19d] [Java] meituan-dianping/robust Robust is an Android HotFix solution with high compatibility and high stability. Robust can fix bugs immediately without a reboot.
[1117星][5m] [Java] manbanggroup/phantom 唯一零 Hook 稳定占坑类 Android 热更新插件化方案

打包

[5080星][2m] [Java] meituan-dianping/walle Android Signature V2 Scheme签名下的新一代渠道包打包神器

收集

各类App

[12285星][3d] [Java] signalapp/signal-android A private messenger for Android.

Xposed

[8756星][1m] [Java] android-hacker/virtualxposed A simple app to use Xposed without root, unlock the bootloader or modify system image, etc.
[2559星][7m] taichi-framework/taichi A framework to use Xposed module with or without Root/Unlock bootloader, supportting Android 5.0 ~ 10.0
[2034星][4d] [Java] elderdrivers/edxposed Elder driver Xposed Framework.
[1726星][1y] [Java] ac-pm/inspeckage Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)
[1655星][1m] [Java] tiann/epic Dynamic java method AOP hook for Android(continution of Dexposed on ART), Supporting 4.0~10.0
[1296星][1m] [Java] android-hacker/exposed A library to use Xposed without root or recovery(or modify system image etc..).
[790星][8m] [Java] blankeer/mdwechat 一个能让微信 Material Design 化的 Xposed 模块
[669星][4d] [Java] ganyao114/sandhook Android ART Hook/Native Inline Hook/Single Instruction Hook - support 4.4 - 10.0 32/64 bit - Xposed API Compat
[478星][2m] [Java] tornaco/x-apm 应用管理 Xposed
[322星][1y] [C] smartdone/dexdump 一个用来快速脱一代壳的工具（稍微改下就可以脱类抽取那种壳）（Android）
[309星][25d] bigsinger/androididchanger Xposed Module for Changing Android Device Info
[309星][5d] [Java] ganyao114/sandvxposed Xposed environment without root (OS 5.0 - 10.0)
[204星][1y] [C] gtoad/android_inline_hook Build an so file to automatically do the android_native_hook work. Supports thumb-2/arm32 and ARM64 ! With this, tools like Xposed can do android native hook.

加壳&&脱壳

[1793星][8m] [C++] wrbug/dumpdex Android脱壳
[1465星][3m] [C++] vaibhavpandeyvpz/apkstudio Open-source, cross platform Qt based IDE for reverse-engineering Android application packages.
[811星][4m] [C] strazzere/android-unpacker Android Unpacker presented at Defcon 22: Android Hacker Protection Level 0
[712星][2m] [YARA] rednaga/apkid Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
[366星][3m] [Java] patrickfav/uber-apk-signer A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing scheme has an embedded debug keystore and auto verifies after signing.
[322星][6m] [Shell] 1n3/reverseapk Quickly analyze and reverse engineer Android packages

HOOK

[1500星][19d] [C] iqiyi/xhook a PLT (Procedure Linkage Table) hook library for Android native ELF
[1494星][t] [C++] jmpews/dobby a lightweight, multi-platform, multi-architecture hook framework.
[804星][17d] [C++] aslody/whale Hook Framework for Android/IOS/Linux/MacOS
[530星][7m] [Java] aslody/andhook Android dynamic instrumentation framework
[361星][8m] [C] turing-technician/fasthook Android ART Hook

Emulator&&模拟器

[1492星][1y] [C++] f1xpl/openauto AndroidAuto headunit emulator
[532星][7m] [Java] limboemu/limbo Limbo is a QEMU-based emulator for Android. It currently supports PC & ARM emulation for Intel x86 and ARM architecture. See our wiki
- 重复区段: 模拟器->QEMU->工具->新添加的 |
[471星][3m] [Java] strazzere/anti-emulator Android Anti-Emulator

IDA

Debug&&调试

[10794星][30d] [Java] konloch/bytecode-viewer A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
[6762星][10m] [Java] amitshekhariitbhu/android-debug-database A library for debugging android databases and shared preferences - Make Debugging Great Again

Malware&&恶意代码

[429星][4m] [Shell] ashishb/android-malware Collection of android malware samples
[347星][3m] [Java] droidefense/engine Droidefense: Advance Android Malware Analysis Framework

Obfuscate&&混淆

[3078星][2m] [Java] calebfenton/simplify Generic Android Deobfuscator
[294星][4m] [C] shadowsocks/simple-obfs-android A simple obfuscating tool for Android

ReverseEngineering

[9285星][23d] [Java] ibotpeaches/apktool A tool for reverse engineering Android apk files
[2053星][1m] [Java] genymobile/gnirehtet Gnirehtet provides reverse tethering for Android
[585星][2m] [C++] secrary/andromeda Andromeda - Interactive Reverse Engineering Tool for Android Applications [This project is not maintained anymore]
[545星][12d] maddiestone/androidappre Android App Reverse Engineering Workshop
[267星][10m] [Dockerfile] cryptax/androidre 用于Android 逆向的 Docker 容器
[246星][20d] [C++] strazzere/android-scripts Android逆向脚本收集
- 重复区段: IDA->插件->Android |

文章&&视频

2019.12 [aliyun] Android智能终端系统的安全加固（上）
2019.11 [venus] Android勒索病毒分析（上）

Apple&&iOS&&iXxx

工具

新添加的

[10966星][2d] [ObjC] flipboard/flex An in-app debugging and exploration tool for iOS
[8031星][2m] [Py] facebook/chisel Chisel is a collection of LLDB commands to assist debugging iOS apps.
[5775星][3m] [ObjC] square/ponydebugger Remote network and data debugging for your native iOS app using Chrome Developer Tools
[5451星][3m] [Py] axi0mx/ipwndfu open-source jailbreaking tool for many iOS devices
- 重复区段: Apple->工具->越狱 |
[5390星][5m] [C] pwn20wndstuff/undecimus unc0ver jailbreak for iOS 11.0 - 12.4
- 重复区段: Apple->工具->越狱 |
[4663星][29d] [C] google/ios-webkit-debug-proxy A DevTools proxy (Chrome Remote Debugging Protocol) for iOS devices (Safari Remote Web Inspector).
[4397星][4d] [Swift] signalapp/signal-ios A private messenger for iOS.
[4248星][8m] [ObjC] alonemonkey/monkeydev CaptainHook Tweak、Logos Tweak and Command-line Tool、Patch iOS Apps, Without Jailbreak.
- 重复区段: Apple->工具->越狱 |
[3686星][4m] [C] facebook/fishhook A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS.
[3414星][1m] icodesign/potatso Potatso is an iOS client that implements different proxies with the leverage of NetworkExtension framework in iOS 10+.
[3327星][3m] [Swift] yagiz/bagel a little native network debugging tool for iOS
[3071星][10m] [JS] jipegit/osxauditor OS X Auditor is a free Mac OS X computer forensics tool
[2867星][4d] [ObjC] facebook/idb idb is a flexible command line interface for automating iOS simulators and devices
[2795星][16d] [Swift] kasketis/netfox A lightweight, one line setup, iOS / OSX network debugging library!
[2753星][1m] [Makefile] theos/theos A cross-platform suite of tools for building and deploying software for iOS and other platforms.
[2733星][18d] [ObjC] dantheman827/ios-app-signer This is an app for OS X that can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.
[2708星][2m] [ObjC] kjcracks/clutch Fast iOS executable dumper
[2057星][11d] [ObjC] ios-control/ios-deploy Install and debug iPhone apps from the command line, without using Xcode
[1801星][1y] aozhimin/ios-monitor-platform
[1695星][6m] [Py] yelp/osxcollector A forensic evidence collection & analysis toolkit for OS X
[1683星][1m] [Swift] pmusolino/wormholy iOS network debugging, like a wizard

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

最后于 2020-10-31 18:28 被梦幻的彼岸编辑，原因：

上传的附件：

awesome-reverse-engineering-20191223.zip （2.39MB，44次下载）

收藏・77

免费・4

支持

最新回复 (2)
编程小白雪币： 441 活跃值： (1060) 能力值： ( LV2，RANK：15 ) 在线值：发帖 0 回帖 124 粉丝 2 关注私信	编程小白 2 楼怎么踩？ 2020-10-31 17:19 0
tank小王子雪币： 12476 活跃值： (9432) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 152 粉丝 1 关注私信	tank小王子 3 楼天融信α实验室总结的。。。 2020-10-31 23:31 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

梦幻的彼岸

173

发帖

278

回帖

420

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (2)
编程小白雪币： 441 活跃值： (1060) 能力值： ( LV2，RANK：15 ) 在线值：发帖 0 回帖 124 粉丝 2 关注私信	编程小白 2 楼怎么踩？ 2020-10-31 17:19 0
tank小王子雪币： 12476 活跃值： (9432) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 152 粉丝 1 关注私信	tank小王子 3 楼天融信α实验室总结的。。。 2020-10-31 23:31 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复