Disassemblers, Decompilers, and Binary Analysis Frameworks
| Tool Name | Tool Description |
| A commercial disassembler and debugger supporting multiple processor architectures. |
| A powerful decompiler extension for IDA Pro that helps convert assembly code into a more human-readable C-like pseudocode. |
| An open-source reverse engineering tool developed by the NSA. Offers disassembly, decompilation, and collaboration features for multi-user teams. |
| A free and open-source reverse engineering framework with command-line and graphical interfaces (Cutter). Includes disassembly, debugging, and binary patching capabilities. |
| A commercial tool that provides an interactive disassembler and an advanced analysis platform. Known for its clean UI and scriptability with Python. |
| A cross-platform GUI frontend for Radare2. Aims to be user-friendly while still offering the power of the Radare2 engine underneath. |
| A commercial reverse engineering platform often used for analyzing Android applications (APK) and other binary formats. Provides both disassembly and decompilation capabilities. |
| A free, open-source C/C++ decompiler that can work in conjunction with other tools to produce readable pseudocode for small or moderately complex binaries. |
| Not strictly a disassembler, but a declarative language to describe binary data structures for easier parsing and analysis of file formats. |
| A macOS and Linux disassembler and debugger. Known for a simpler interface compared to IDA Pro and decent decompilation support. |
Debuggers
| Tool Name | Description |
| An open-source Windows debugger designed to be user-friendly. Provides plugins, scriptability, and an active community. |
| Microsoft’s official Windows debugger. Very powerful for kernel- and user-mode debugging, though it has a steep learning curve. |
| A classic 32-bit debugger for Windows with a strong focus on binary code analysis. Although not updated frequently, it remains popular for malware analysis. |
| A command-line debugger primarily used on Linux and other UNIX-like systems. Extensible with scripts (e.g., GEF, PEDA) to enhance reverse engineering features. |
| The LLVM project’s debugger. A modern, high-performance debugger for macOS and Linux. Can also be extended with Python scripts. |
| A graphical debugger for Linux similar to OllyDbg, featuring an easy-to-use interface and basic analysis features. |
Hex Editors and Binary Editors
| Tool Name | Description |
| A fast hex editor for Windows. Useful for low-level data inspection, memory edits, and verifying file headers. |
| A GUI-based hex editor for Linux with basic editing, searching, and highlighting capabilities. |
| A commercial hex editor that supports templates for complex file formats, scripting, and advanced analysis of binary data. |
| A popular hex editor for macOS, featuring large file handling and advanced searching. |
Scriptable Analysis and Symbolic Execution Tools
| Tool Name | Description |
| A Python-based platform for binary analysis that includes symbolic execution, CFG (control flow graph) generation, and vulnerability discovery. |
| A reverse engineering framework written in Python that provides disassembly, intermediate representation, and symbolic execution features. |
| A plugin for GDB that enhances the debugging experience with additional commands and visualizations. |
| Another popular GDB plugin that automates common exploit development tasks. |
| An open-source platform designed for static analysis of binaries. It performs disassembly, CFG generation, and dataflow analysis. |
Firmware and Embedded Device Tools
| Tool Name | Description |
| A tool for analyzing and extracting firmware images. It can identify compressed files, file systems, and known signatures within firmware. |
| A framework for emulating Linux-based embedded firmware images, allowing dynamic analysis in a sandbox environment. |
| A generic and open-source machine emulator. Often used in reverse engineering to run and debug firmware or OS images for various architectures. |
| A toolkit for customizing and re-building Linux-based firmware images, useful for analyzing or modifying embedded devices. |
Android and Mobile Reverse Engineering
| Tool Name | Description |
| A tool for reverse engineering Android apps. Decompiles resources, manifests, and smali code for easier inspection. |
| Converts Android .dex files to .class files, making it possible to view the code in Java decompilers. |
| A standalone Java decompiler that can help inspect .jar and .class files, used in conjunction with dex2jar for Android analysis. |
| A dynamic instrumentation toolkit for Windows, macOS, Linux, iOS, and Android. Allows injecting scripts to trace API calls and modify behavior at runtime. |
| Built on Frida, focuses on runtime exploration and modification of mobile applications (Android and iOS) without needing root or jailbreak. |
Network and Protocol Analysis
| Tool Name | Description |
| The de facto standard for network protocol analysis. Not a “reverse engineering” tool in the traditional sense, but vital for understanding proprietary or unknown protocols. |
| A Python library for packet manipulation and creation, helpful when reverse-engineering custom protocols or network interactions. |
Other Specialized Tools
| Tool Name | Description |
| Searches for readable text in binary files. Frequently used in initial triage to spot clues about function names, error messages, or embedded URLs. |
| A memory forensics framework. While not a disassembler, it’s often used to analyze memory dumps (including partial disassembly and detection of hidden code). |
| A classic (though somewhat dated) tool for detecting packers and cryptors in Windows executables, often helpful in malware analysis. |
| A modern alternative to PEiD that identifies packers, compilers, and signatures in binaries across multiple platforms. |
| Analyzes the capabilities of a program by matching known patterns against disassemblies, aiding malware and exploit analysis. |
| A simple but powerful console-mode tool for Windows, offering disassembly, hex editing, and limited debugging. |
