Assorted links to tools, books, and articles on software reverse engineering and source-code examination, currently in no particular order (but newly-added items towards the top):
- Identifying Open-Source License Violation and 1-day Security Risk at Large Scale by Duan, Bijlani et al.
- AppyThat (“Discover code usage … Lead generation, Copyright protection”)
- Magic Number Database
- GreyB articles on reverse engineering (also see slides)
- Software Analysis by Reverse Engineering by Geoff Chappell
- National Software Reference Library (NIST NSRL; catalogs here)
- Ghidra decompiler (NSA)
- JEB decompiler
- PCjs: About PCjs — CPU simulations running in JavaScript, including virtual machines of Win95 etc.
- Reverse engineering x86 microcode (AMD K8/K10)
- How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles
- IP History – ViewDNS.info
- Find multiple DNS names associated with same IP address: RobTex.com
- Online OCR – convert scanned PDF and images to Word, JPEG to Word
- [1702.01135] Reluplex: An Efficient SMT Solver for Verifying Deep Neural Networks
- [1705.06640] DeepXplore: Automated Whitebox Testing of Deep Learning Systems
- WiMonitor: Wi-Fi Monitoring and Sniffing Made Simple! – Hacker Arsenal
- Reverse Engineering (InfoSec Institute)
- Pin: Dynamic Binary Instrumentation Framework
- common x86 malware anti-debugging techniques
- Five Anti-Analysis Tricks That Sometimes Fool Analysts
- Capstone is a lightweight multi-platform, multi-architecture disassembly framework.
- runtime code manipulation system that supports code transformations on any part of a program
- The Syzygy project consists of a suite of tools for the instrumentation of COFF object files and PE binaries.
- Diary of a reverse-engineer
- KLEE is a symbolic virtual machine built on top of the LLVM compiler infrastructure
- Message Analyzer Tutorial
- Phrack Magazine
- PoC||GTFO
- Uninformed – vol 10
- Detect which CMS a site is using – What CMS?
- BuiltWith Technology Lookup
- How to find What Technology Website using?
- Wappalyzer – Identify technologies on websites
- split-code reverse engineering tools, including process dump, strings2
- lgtm – Making code better. Together.
- Query Console – lgtm
- TitanEngine | Open Source | ReversingLabs
- PEiD – aldeid
- http://fuuproject.files.wordpress.com/2010/07/fuu-300×254.jpg
- UNP Executable file restore utility (unpacker)
- Rudder: The BitBlaze Mixed Execution Component
- BitBlaze: Binary Analysis for Computer Security
- QEMU machine emulator & virtualizer
- TEMU: The BitBlaze Dynamic Analysis Component
- Log Parser 2.2
- Steven Troughton-Smith — iOS disassembly | Patreon
- Forget Flashing ROMs: Use the Xposed Framework to Tweak Your Android
- bellingcat – Guides Archives – bellingcat
- Search for ‘software’ @ The Expert Institute
- binary.ninja : a reverse engineering platform
- SANS Digital Forensics and Incident Response Blog | An Overview Of Protocol Reverse-Engineering | SANS Institute
- xd: Extended Dump and Load Utility
- Schneier on Security
- Trading Secrets | Seyfarth Shaw | Computer Fraud & Corporate Espionage
- 2017 Bad Bot Report
- Vault7 – Home
- Threatpost | The first stop for security news
- Code: Annotated Bibliography
- OllyDbg 64
- IBM PC XT Technical Reference 1502237
- Exploiting Software: How to Break Code by Greg Hoglund
- EasyHook — Windows API interception
- sysintercept – System call interceptor (for windows)
- Clive Turvey’s dumppe and dumppdb utilities for Windows PE and debug symbol files | Software Litigation Consulting
- Windows Resource Dumper (resdump) from Clive Turvey | Software Litigation Consulting
- 101 – Reverse Engineering | National Initiative for Cybersecurity Careers and Studies
- MA 250 – Malware Reverse Engineering | Focal Point Data Risk
- Introduction to reverse engineering, with large topic graphs and videos
- ken shirriff | Search Results | Hackaday
- Resource Hacker
- MUIRCT for splitting executable file into an LN file and language-specific (localizable) resource files
- ‘Reverse Engineering for Beginners’ book
- Reverse Engineering challenges
- Security for Hackers and Developers: Reverse Engineering | Pluralsight
- Reverse Engineering Malware 101 Workshop | Endgame
- Reverse Engineering Tools – iPhone Development Wiki
- Top 8 Reverse Engineering Tools for Cyber Security Professionals
- Resource: A collection of deobfuscation methods and automated deobfuscator tools by Susan Parker – endpoint protection, malware, malware analysis on Peerlyst
- Resource: Malware analysis – learning How To Reverse Malware: A collection of guides and tools by Claus Cramon Houmann – Peerlyst
- xoreaxeaxeax / MOVfuscator: The single instruction C compiler; also into (Turing complete) XORs
- searchcode | source code search engine
- Search for ‘This header is generated by’ | source code search engine
- 2016 President’s Council of Advisors on Science and Technology Casts Doubt on Criminal Forensics
- Profiles and Logs – Bug Reporting – Apple Developer
- iRET: The iOS Reverse Engineering Toolkit | Veracode | Veracode
- Data Reverse Engineering : Slaying the Legacy Dragon by P…
- Malware Analyst’s Cookbook and DVD: Tools and Techniques …
- Dr. Memory: Strace for Windows
- WinHex: Hex Editor & Disk Editor, Computer Forensics & Data Recovery Software
- X-Ways: hex editor, F-Response, computer forensic
- Memoryze | FireEye
- BitBlaze: Binary Analysis for Computer Security
- FindCrypt2 – Hex Blog
- Welcome to WinAppDbg 1.5! – WinAppDbg 1.5 documentation
- The Sleuth Kit (TSK) & Autopsy: Open Source Digital Forensics Tools
- Stack trace from Process Hacker
- DB Browser for SQLite
- Software Diagnostics Institute | Structural and Behavioral Patterns for Software Diagnostics, Forensics and Prognostics. Software Diagnostics Library.
- zynamics.com – BinNavi
- BinText 3.03 | McAfee Free Tools
- FileInsight | McAfee Free Tools
- COMslicer 2.0
- The Volatility Foundation – Open Source Memory Forensics | About
- Automated Malware Analysis – Cuckoo Sandbox
- Sigcheck
- File for Windows — classifies files, using file of ‘magic’ numbers
- Telerik JustDecompiler .NET decompiler
- ILSpy — .NET browser/decompiler
- IDA Support: Download Center
- Effective Debugging – book cover
- Shodan — search engine for internet-connected devices
- PEiD Projects — Portable Executable (PE) identifier
- Universal Extractor | LegRoom.net
- industrial_espionage.pdf – Google Drive
- PEBrowse Professional screenshot — PEBrowse64 disassembler for Win64
- ArkDasm — Win64 disassembler
- Hiew homepage
- Dependency Walker (depends.exe) Home Page
- GitHub – LongSoft/UEFITool: UEFI firmware image viewer and editor
- A blog about UEFI BIOS C programming software development engineering computer history
- The Binwalk Firmware Analysis Tool | Basic Input/Output
- Binwalk | Penetration Testing Tools
- Firmware Reverse Engineering from WikiLeaks ‘Vault 7: CIA Hacking Tools Revealed’
- Reverse Engineering materials from ‘Vault 7: CIA Hacking Tools Revealed’
- Practical Reverse Engineering Part 1 – Hunting for Debug Ports – Hack The World
- Cambridge Design Technology explains reverse engineering – Cambridge Network
- Reverse Engineering — Pilot3D
- Operation Shakespeare: The True Story of an Elite International Sting: John Shiffman
- Amazon.com: THE LURE is the true, riveting story of how Russian hackers who mocked the inability of the FBI to catch them, were caught by an FBI lure designed to appeal to their egos and their greed
- CRACK99: The Takedown of a $100 Million Chinese Software Pirate: David Locke Hall
- The Car Hacker’s Handbook: A Guide for the Penetration Tester: Craig Smith
- The Hardware Hacker: Adventures in Making and Breaking Hardware
- Search Engine for Source Code – PublicWWW.com
- GitHub – binwalk: Firmware Analysis Tool
- openMSP430 :: Core :: OpenCores
- Acorn: yet another JavaScript parser
- Java decompiler online
- APK decompiler – decompile Android .apk ✓ ONLINE ✓
- Android APK Decompiler
- Google Translate — seems to do a good job of translating source code files containing e.g. Japanese or Chinese comments.
- disassembler.io
- msp430static: About
- DeGuard reverses the process of obfuscation performed by Android obfuscation tools. This enables numerous security analyses, including code inspection and predicting libraries.
- JS NICE: Statistical renaming, Type inference and Deobfuscation
- Software Reliability Lab | ETH | Spas | Machine Learning for Programming — using ‘Big Code’ databases, e.g. JavaScript and Python data sets; analysis of Android apps; deobfuscation
- dataset consisting of 150’000 JavaScript files and their corresponding parsed ASTs
- Images courtesy of Irani et. al.
- Challenge candidates – Learning from ‘Big Code’; including from binaries; code similarities; method naming
- 6
- Cyberspies: The Secret History of Surveillance, Hacking, and Digital Espionage: Gordon Corera — includes coverage of industrial espionage, trade secrets, reverse engineering, backdoors, including e.g. Cisco v. Huawei case re: source code.
- Practical Reverse Engineering Part 2 – Scouting the Firmware – Hack The World
- Computer software source code and e-discovery | Andrew Schulman | Pulse | LinkedIn
- Reverse engineering as a fact-investigation tool in software patent litigation | Andrew Schulman | Pulse | LinkedIn
- Hiding in plain sight: Using reverse engineering to uncover (or help show absence of) software patent infringement | Andrew Schulman | Pulse | LinkedIn
- x64dbg – Windows x64 disassmbly
- Bluetooth Protocol Expert System – Simplify the Spec!
- Opensource flash SWF decompiler and editor. Extract resources, convert SWF to FLA, edit ActionScript, replace images, sounds, texts or fonts.
- Actionscript Decompiler, Ultimate ActionScript Decompiler Tool
- Wistia video thumbnail
- Cerbero – Profiler
- COM Monitoring, API Monitor
- Call Tree
- NTCore’s Homepage: CFF Explorer
- Brief description of the main software reverse engineering tools with examples of working with them.
- Software for Computer Forensics, Data Recovery, and IT Security
- The Volatility Foundation – Open Source Memory Forensics
- Thanks for the Memories: Identifying Malware from a Memory Capture
- Amazon.com: Learning Linux Binary Analysis: Ryan ‘elfmaster’ O’Neill: Books
- The Art of PCB Reverse Engineering: Unravelling the Beauty of the Original Design
- SemanticMerge 2.0 Screenshot
- Linksys Official Support – Enabling the Logs feature of the Linksys Smart Wi-Fi Router using local access
- Welcome to Link Logger
- How to Configure Your Router for Network Wide URL Logging
- Charles web proxy
- SharkTap Network Sniffer midBit Technologies, LLC
- Amazon.com: NETGEAR ProSAFE GS108 8-Port Gigabit Desktop Switch (GS108-400NAS) — use with port monitoring/spanning for Wireshark
- WinMerge — File Comparison
- Download PuTTY – a free SSH and telnet client for Windows, includes serial
- TRENDnet | Products | TU-S9 | USB to Serial Converter — for Cisco console port
- Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software: Michael Sikorski, Andrew Honig
- Reverse Engineering: Linda M. Wills, Philip Newcomb; pattern matching for clone detection; extracting features from source code; etc.
- Android Native API Hooking With Library Injection and ELF Introspection. | Simone Margaritelli
- Hooking – Wikipedia; including API Hooking
- Process Monitor (procmon) for Windows (sysinternals)
- Process Explorer for Windows (sysinternals)
- WinObj
- Dependency Walker (depends.exe) Home Page
- Download BinScope Binary Analyzer from Official Microsoft Download Center
- Usage ./memfetch [ -sawn ] [ -S xxx ] PID -s – wait for fault signal before generating a dump -a – skip non-anonymous maps (libraries etc)
- Investigating Your RAM Usage | Android Developers — including meminfo command, -d re: Dalvik, ART
- Enable Hidden Debug Settings for iMessage, FaceTime, and Bluetooth, in iOS
- mobileconfig settings for e.g. Bluetooth logging
- physical memory analysis on Linux and Linux-based devices such as Android smartphones. LiME could capture currently running and previously terminated apps, for example
- Memory Analysis with DumpIt and Volatility – YouTube
- Android Forensics with volatility and LiME – Andrew Case – YouTube
- iPhone Forensics – InfoSec Resources
- iPhone Forensics – iXAM – Advanced iPhone Forensic Imaging Software
- Automated Computer Forensics – Simson Garfinkel
- Home – Andriller – Android Forensic Tools
- Trapdoor function – Wikipedia
- Inverse Problems
- Inverse problems
- DB Browser for SQLite
- Amazon.com: Fact-Gathering in Patent Infringement Cases: Rule 34 Discovery and the Saisie-Contrefacon (Munich Intellectual Property Law Center – MIPLC): Esther Seitz
- Software Similarity and Classification
- IEEE Working Conference on Reverse Engineering (WCRE)
- Ncat – Netcat for the 21st Century
- SecureDVD – Forensics Wiki – Wikia
- The Sleuth Kit (TSK) & Autopsy: Open Source Digital Forensics Tools
- Forensic Store – Your complete source for digital forensic solutions.
- Forensic Toolkit (FTK)
- gcore(1) – get core images of running process
- The Volatility Foundation – Open Source Memory Forensics
- load a JAR file on startup. The classes of this file will sit in every process
- Oracle VM VirtualBox
- How to dump memory of any running processes in Android (rooted) | Life in Linux Kernel
- PDP-10 software archive
- NIST Computer Forensics Tool Testing Program
- The National Software Reference Library Logo
- Reversing: Secrets of Reverse Engineering: Eldad Eilam: 9780764574818: Amazon.com: Books
- Software Forensics : Collecting Evidence from the Scene of a Digital Crime: Robert Slade: 0639785507697: Amazon.com: Books
- The Virus Creation Labs: A Journey Into The Underground: George Smith: 9781441411389: Amazon.com: Books
- Android* – Remote Application Debug on Android* OS | Intel® Developer Zone
- How to Break Software Security: James A. Whittaker, Hugh Thompson: 9780321194336: Amazon.com: Books
- Debugging with GDB: The GNU Source-Level Debugger: Richard M. Stallman, Roland Pesch, Stan Shebs: 9781882114887: Amazon.com: Books
- Code Complete: A Practical Handbook of Software Construction, Second Edition: Steve McConnell: 0790145196705: Amazon.com: Books
- Debugging: The 9 Indispensable Rules for Finding Even the Most Elusive Software and Hardware Problems: David J Agans: 9780814474570: Amazon.com: Books
- Make: Bluetooth: Bluetooth LE Projects with Arduino, Raspberry Pi, and Smartphones: Alasdair Allan, Don Coleman, Sandeep Mistry: 9781457187094: Amazon.com: Books
- Microsoft Log Parser Toolkit: A complete toolkit for Microsoft’s undocumented log analysis tool: Gabriele Giuseppini, Mark Burnett, Jeremy Faircloth, Dave Kleiman: 9781932266528: Amazon.com: Books
- Network Monitoring and Analysis: A Protocol Approach to Troubleshooting: Ed Wilson: 9780130264954: Amazon.com: Books
- Securing Java: Getting Down to Business with Mobile Code, 2nd Edition: Gary McGraw, Edward W. Felten: 9780471319528: Amazon.com: Books
- Expert .NET 2.0 IL Assembler: Serge Lidin: 9781590596463: Amazon.com: Books
- Software Testing Techniques: Boris Beizer: 9780442206727: Amazon.com: Books
- How to Break Web Software: Functional and Security Testing of Web Applications and Web Services. Book & CD
- Testing Computer Software, 2nd Edition: Cem Kaner, Jack Falk, Hung Q. Nguyen: 9780471358466: Amazon.com: Books
- Bad Software: What To Do When Software Fails: Cem Kaner, David Pels, David L. Pels: 9780471318262: Amazon.com: Books
- Arkfeld’s Best Practices Guide for Electronic Discovery and Evidence (2014-2015): Esq. Michael R. Arkfeld: 9781632807939: Amazon.com: Books
- Practical Packet Analysis 1, Chris Sanders, eBook – AmazonSmile
- Electronic Evidence: Law and Practice (Electronic Evidence: Law & Practice): Paul R. Rice: 9781604420845: Amazon.com: Books
- Foundations of Digital Evidence: George L. Paul — See especially chapter 8 on system reliability
- nRF Master Control Panel_Nexus_iOS
- NDK Downloads | Android Developers
- Undocumented Windows: A Programmers Guide to Reserved Microsoft Windows Api Functions (The Andrew Schulman Programming Series/Book and Disk): Andrew Schulman, David Maxey, Matt Pietrek: — still useful for reverse engineering methodology
- Unauthorized Windows 95: Developer’s Resource by Andrew Schulman — still useful for reverse engineering methodology
- Windows Internals: The Implementation of the Windows Operating Environment: Matt Pietrek: — still useful for reverse engineering methodology
- DOS Internals by Geoff Chappell — still useful for reverse engineering methodology
- Undocumented DOS: A Programmer’s Guide to Reserved MS-DOS Functions and Data Structures/Book and Disk (Andrew Schulman Programming): Andrew Schulman, Ralf Brown, David Maxey, Raymond J. Michels — still useful for reverse engineering methodology
- Interfaces on Trial 2.0 (The Information Society Series): Jonathan Band, Masanobu Katoh, Ed Black: 9780262015004: Amazon.com: Books
- Trade Secret Law in a Nutshell: Sharon Sandeen, Elizabeth Rowe: 9780314281166: Amazon.com: Books
- Amazon.com: Trade Secrets: Law and Practice (9781630444716): David W. Quinto, Stuart H. Singer: Books
- Fatal Defect: Chasing Killer Computer Bugs: Ivars Peterson
- The Winning Line: A Forensic Engineer’s Casebook: Andrew E. Samuel
- Debugging ARM kernels using NMI/FIQ – Linaro
- A Guide to Debugging Android Binaries – InfoSec Resources
- Hacker Debugging Uncovered (Uncovered series): Kris Kaspersky: 9781931769402
- Forensic Discovery by Dan Farmer and Wietse Venema
- The coroners toolkit . forensic discovery
- ODA – The Online Disassembler
- Wireshark integrated Riverbed AirPcap | Riverbed
- The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage: Cliff Stoll
- Software Exorcism: A Handbook for Debugging and Optimizing Legacy Code (Expert’s Voice): Bill Blunden: 9781856174206: Amazon.com: Books
- A Bug Hunter’s Diary: A Guided Tour Through the Wilds of Software Security: Tobias Klein
- File Comparison – WinMerge
- conferences.asucollegeoflaw.com ediscovery files 2014 02 Computer-Software-Source-Code-and-eDiscovery.pdf
- Bare Bones Software | TextWrangler
- Notepad++ Download
- Findstr
- The Software IP Detective’s Handbook: Measurement, Comparison, and Infringement Detection: Bob Zeidman: 9780137035335: Amazon.com: Books
- JTAG – Wikipedia
- Object-Oriented Reengineering Patterns (The Morgan Kaufmann Series in Software Engineering and Programming): Serge Demeyer, Stéphane Ducasse, Oscar Nierstrasz: 9781558606395: Amazon.com: Books
- The Wireshark Field Guide: Analyzing and Troubleshooting Network Traffic: Robert Shimonski: 9780124104136: Amazon.com: Books
- Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation: 9781118787311: Computer Science Books @ Amazon.com
- iPhone Forensics: Recovering Evidence, Personal Data, and Corporate Assets: Jonathan Zdziarski: 9780596153588: Amazon.com: Books
- Debugging with Fiddler: The complete reference from the creator of the Fiddler Web Debugger: Eric Lawrence: 9781511572903: Amazon.com: Books
- Online JavaScript beautifier
- Online file identifier – Online TrID
- PEiD – aldeid
- Universal Extractor | LegRoom.net
- PEBrowse Professional screenshot
- Debugging a Cisco router
- BinDiff
- Web Developer
- Download the Windows Driver Kit (WDK) and WinDbg – Windows 10 Hardware Dev Center
- Getting Started in Simulator
- Debugging with Symbols (Windows)
- GCC and MSVC C++ Demangler
- How to convert Signsrch/Clamsrch signatures to Yara | Decalage
- Online JavaScript beautifier
- Actionscript Decompiler, Ultimate ActionScript Decompiler Tool
- .NET Decompiler: Decompile Any .NET Code | .NET Reflector
- class-dump – Steve Nygard
- CodeSuite Logo
- dtSearch® – Text Retrieval / Full Text Search Engine [0226]
- PowerGREP: Windows grep Software to Search (and Replace) with Regular Expresssions through Files and Folders on Your PC and Network
- Static Analysis Tool
- Brute Force: Cracking the Data Encryption Standard: Matt Curtin: 9780387201092: Amazon.com: Books
- Intrusion Signatures and Analysis: Matt Fearnow, Stephen Northcutt, Karen Frederick, Mark Cooper: 0752064710639: Amazon.com: Books
- Forensic Discovery: Dan Farmer, Wietse Venema: 9780201634976: Amazon.com: Books
- Reverse Engineering with OllyDbg – InfoSec Resources
- Working Effectively with Legacy Code: Michael Feathers: 0076092025986: Amazon.com: Books
- IDA PRO: Function calls
- Product Design: Techniques in Reverse Engineering and New Product Development: Kevin Otto, Kristin Wood: 9780130212719: Amazon.com: Books
- Apktool – A tool for reverse engineering Android apk files
- APK Studio by vaibhavpandeyvpz
- Attach a debugger to an Android application and step through method calls by using information…
- Detours – Microsoft Research
- Hooking – Wikipedia
- Sysinternals Suite
- Strings
- Finding Binary Clones with Opstrings & Function Digests: Part I | Software Litigation Consulting
- Source code ch.06: Pre-filing investigation | Software Litigation Consulting
- Reading and Writing Logs | Android Developers
- Android Hacker’s Handbook
- Decompiling Android: Godfrey Nolan: 9781430242482: Amazon.com: Books
- Inside Windows Debugging (Developer Reference) 1, Tarik Soulami, eBook – Amazon.com
- Amazon.com: Windows Sysinternals Administrator’s Reference (9780735656727): Aaron Margosis, Mark E. Russinovich: Books
- Hacking the Xbox: An Introduction to Reverse Engineering …
- Bibliography | Software Litigation Consulting
- Open to Inspection: Using Reverse Engineering to Uncover Software Prior Art, Part 1 By Andrew Schulman [An earlier version of this article appeared in New Matter (California State Bar IP Law Sectio…
- Hiding in Plain Sight: Using Reverse Engineering to Uncover Software Patent Infringement | Software Litigation Consulting
- Software Litigation Consulting | Andrew Schulman, Consulting Technical Expert & Attorney
- Zen of Assembly Language: Knowledge (Scott Foresman Assembly Language Programming Series): Michael Abrash
- How Debuggers Work: Algorithms, Data Structures, and Architecture: Jonathan B. Rosenberg
- Code Reading: The Open Source Perspective (v. 1): Diomidis Spinellis
- The Art of Computer Virus Research and Defense: Peter Szor
- nm
- otool
- Hopper
- Reverse Engineering Tools – iPhone Development Wiki
- Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon: Kim Zetter: 9780770436193: Amazon.com: Books
- Reverse Engineering: Mechanisms, Structures, Systems & Materials: Robert Messler
- Troubleshooting with Wireshark: Locate the Source of Performance Problems: Laura Chappell, James Aragon, Gerald Combs
- Wireshark integrated Riverbed AirPcap | Riverbed
- Wireshark – Go Deep.
- Create HCI Log
- Java Decompiler
- dex2jar download | SourceForge.net
- CC2540 USB Dongle
- SmartRF Protocol Packet Sniffer – PACKET-SNIFFER – TI Software Folder
- Fiddler is a free web debugging tool which logs all HTTP(S) traffic between your computer and the Internet. Inspect traffic, set breakpoints, and fiddle with incoming or outgoing data.
- Python XML Parser Tutorial: Create & Read XML with Examples
- Database Handling in Python