Top 10 Essential CTF Tools for Solving Reversing Challenges

1. Androguard

Androguard is a full python tool to play with android files. You can either use the command line or graphical frontend for androguard, or use androguard purely as a library for your own tools and scripts. There are so many open source projects are there which uses androguard like Droidbot, Cuckoo Sandbox, MobSF etc.

For especially malware analysis of android apps, Androguard is one of the best tool.

Download Link – https://github.com/androguard/androguard

2. ApkTool

Apktool is another reverse engineering tool to decompile Android APKs. It can easily decode resources to nearly original form and can even rebuild them after making some modifications.

It’s the go-to tool for most independent developers looking to mod apps or uncover their secrets. The developer behind the tool recently announced an update to version 2.4.0, bringing lots of bug fixes and changes.

Download Link – https://github.com/iBotPeaches/Apktool

3. BinUtils

The GNU Binary Utilities, or Binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code.

But, if you are a developer who is working on Linux / UNIX platform, it is essential to understand the various commands that are available as part of GNU development tools. The below commands of BinUtils will help you to manipulate your binary, object and library files effectively.

as – GNU Assembler Command
ld – GNU Linker Command
ar – GNU Archive Command
nm – List Object File Symbols
objcopy – Copy and Translate Object Files
objdump – Display Object File Information
size – List Section Size and Toal Size
strings – Display Printable Characters from a File
strip – Discard Symbols from Object File

Download Link – http://www.gnu.org/software/binutils/binutils.html

4. GDB

GDB, the GNU Project debugger, allows you to see what is going on ‘inside’ another program while it executes — or what another program was doing at the moment it crashed. GDB supports various programming languages such as C, C++, Fortran, Pascal, Assembly, Go etc.

The latest version of GDB is v8.3 which was released on May 11th, 2019 and is now available for download.

Download Link – https://www.gnu.org/software/gdb/

5. IDA Pro

IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger that offers so many features. IDA Pro combines an interactive, programmable, multi-processor disassembler coupled to a local and remote debugger and augmented by a complete plugin programming environment.

As a disassembler, IDA Pro explores binary programs, for which source code isn’t always available, to create maps of their execution.

Download Link – https://www.hex-rays.com/products/ida/

6. WinDbg

WinDbg is a multipurpose debugger for the Microsoft Windows computer operating system, distributed by Microsoft.

WinDbg can automatically load debugging symbol files (e.g., PDB files) from a server by matching various criteria like timestamp via SymSrv (SymSrv.dll). To begin using Windbg, you need to create a dump (.dmp) file that you can load and look at.

Download Link – http://www.windbg.org/

7. Radare2

Radare2 or r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files.

Radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later added support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers.

Download Link – https://github.com/radare/radare2

8. Detox

Detox is of the most popular JS malware analysis tool which works on most Linux distributions. The development is currently done on Linux with the latest chrome browser.

JSDetox is a Javascript malware analysis tool using static analysis / deobfuscation techniques and an execution engine featuring HTML DOM emulation.

Download Link – https://github.com/svent/jsdetox

9. BinWalk

Binwalk is a simple linux tool for analysing binary files for embedded files and executable code. It is mostly used to extract the content of firmware images.

On kali linux, binwalk is already installed. On Ubuntu you can do apt-get install binwalk or you can go to https://github.com/ReFirmLabs/binwalk and follow the instructions.

Download Link – https://github.com/ReFirmLabs/binwalk

10. Barf

BARF is an open source binary analysis framework that aims to support a wide range of binary code analysis tasks that are common in the information security discipline.

It is a scriptable platform that supports instruction lifting from multiple architectures, binary translation to an intermediate representation, an extensible framework for code analysis plugins and interoperation with external tools such as debuggers, SMT solvers and instrumentation tools.

Download Link – https://github.com/programa-stic/barf-project

You may also like: