Bincat - Binary Code Static Analyser, Amongst Ida Integration


BinCAT is a static Binary Code Analysis Toolkit, designed to attention contrary engineers, straight from IDA.
It features:
  • value analysis (registers in addition to memory)
  • taint analysis
  • type reconstruction in addition to propagation
  • backward in addition to forrad analysis
  • use-after-free in addition to double-free detection

In action
You tin depository fiscal establishment check (an older version of) BinCAT inwards activeness here:
Check the tutorial out to come across the corresponding tasks.

Quick FAQ
Supported host platforms:
  • IDA plugin: all, version 6.9 or later (BinCAT uses PyQt, non PySide)
  • analyzer (local or remote): Linux, Windows, macOS (maybe)
Supported CPU for analysis (for now):
  • x86-32
  • ARMv7
  • ARMv8
  • PowerPC

Installation
Only IDA v6.9 or subsequently (7 included) are supported

Binary distribution install (recommended)
The binary distribution includes everything needed:
  • the analyzer
  • the IDA plugin
Install steps:
  • Extract the binary distribution of BinCAT (not the git repo)
  • In IDA, click on "File -> Script File..." bill of fare (or type ALT-F7)
  • Select install_plugin.py
  • BinCAT is at ane time installed inwards your IDA user dir
  • Restart IDA

Manual installation

Analyzer
The analyzer tin live on used locally or through a Web service.
On Linux:
On Windows:

IDA Plugin
BinCAT should move amongst IDA on Wine, ane time pip is installed:

Using BinCAT

Quick start
  • Load the plugin past times using the Ctrl-Shift-B shortcut, or using the Edit -> Plugins -> BinCAT menu
  • Go to the education where you lot desire to initiatory of all the analysis
  • Select the BinCAT Configuration pane, click <-- Current to define the initiatory of all address
  • Launch the analysis

Configuration
Global options tin live on configured through the Edit/BinCAT/Options menu.
Default config in addition to options are stored inwards $IDAUSR/idabincat/conf.

Options
  • "Use remote bincat": direct if you lot are running docker inwards a Docker container
  • "Remote URL": http://localhost:5000 (or the URL of a remote BinCAT server)
  • "Autostart": autoload BinCAT at IDA startup
  • "Save to IDB": default patch for the save to idb checkbox

Documentation
H5N1 manual is provided in addition to depository fiscal establishment check here for a description of the configuration file format.
H5N1 tutorial is provided to attention you lot endeavour BinCAT's features.

Article in addition to presentations close BinCAT



Popular posts from this blog

Cameradar V2.1.0 - Hacks Its Mode Into Rtsp Videosurveillance Cameras

Image
   An RTSP flow access tool that comes alongside its library Cameradar allows you lot to Detect opened upward RTSP hosts on whatever accessible target host Detect which device model is streaming Launch automated dictionary attacks to larn their stream route (e.g.: /live.sdp ) Launch automated lexicon attacks to larn the username in addition to password of the cameras Retrieve a consummate in addition to user-friendly study of the results Docker Image for Cameradar Install docker on your machine, in addition to run the next command: docker run -t ullaakut/cameradar -t <target> <other command-line options> See command-line options . e.g.: docker run -t ullaakut/cameradar -t 192.168.100.0/24 -l volition scan the ports 554 in addition to 8554 of hosts on the 192.168.100.0/24 subnetwork in addition to laid on the discovered RTSP streams in addition to volition output debug logs. YOUR_TARGET tin hold out a subnet (e.g.: 172.16.100.0/24 )...
Read more

Efiguard - Disable Patchguard Together With Dse At Kicking Time

Image
EfiGuard is a portable x64 UEFI bootkit that patches the Windows kicking manager, kicking loader too center at kicking fourth dimension inward club to disable PatchGuard too Driver Signature Enforcement (DSE). Features Currently supports all EFI-compatible versions of Windows x64 e'er released, from Vista SP1 to Server 2019. Easy to use: tin live on booted from a USB stick via a loader application that automatically finds too boots Windows. The driver tin also live on loaded too configured manually using either the UEFI rhythm out or the loader. Makes extensive utilization of the Zydis disassembler library for fast runtime pedagogy decoding to back upwardly to a greater extent than robust analysis than what is possible amongst signature matching, which oftentimes requires changes amongst novel OS updates. Works passively: the driver does non charge or start the Windows kicking manager. Instead it acts on a charge of bootmgfw.efi yesteryear the firmware kicking ...
Read more

Telekiller - A Tool Session Hijacking In Addition To Stealer Local Passcode Telegram Windows

Image
H5N1 Tools Session Hijacking And Stealer Local passcode Telegram Windows. Features : Session Hijacking Stealer Local Passcode Keylogger Shell Bypass ii Step Verification Bypass Av (Coming Soon) Installation Windows git clone https://github.com/ultrasecurity/TeleKiller.git cd TeleKiller pip install -r requirements.txt python TeleKiller.py Dependency : python 2.7 pyHook pywin32 Video Tutorial Operating Systems Tested Windows 10 Windows 8.1 Windows 8 Windows 7 Contact WebSite Ultra Security Team: https://ultrasec.org Channel Telegram: https://t.me/UltraSecurity Thanks to Milad Ranjbar MrQadir Download TeleKiller
Read more