github twitter email rss
Reverse engineering, hacking, exloiting
0001 Jun 1
4 minutes read

Reverse engineering


  • Mitmproxy
  • Wireshark

Create visual representation of binary file

(echo "P5 512 4096 255"; cat firmware.exe) > firmware_image.pgm
(echo "P4 512 4096 255"; cat filename) > foo.pbm


strings -n 4 -t x binary

  • binwalk Firmware Analysis Tool
  • Hopper-disassembler
  • IDA

Flash, SWF, ActionScript


  • [JD-GUI][] is a standalone graphical utility that displays Java source codes of “.class” files.
    open .class or .jar in JD-GUI to view sources
  • procyon-decompiler procyon-decompiler some.jar -o somedir


  • Snoop
  • ILSpy
  • dotPeek
  • .NetReflector



Audio WWise


[APK][] file is based on [JAR][]. An APK file contains program’s code ([.dex][] files), resources, assets, certificates, and manifest file. .dex file is parsed by the Dalvik JVM and a cache of the processed classes.dex file is stored in the phone’s Dalvik cache. If dex-preoptimization is enabled by application developer (it’s enabled by default in user builds), an .odex file will be generated from the classes.dex and the original classes.dex is stripped from the apk.

Getting .apk file

Examining .apk

  • [bytecode-viewer][] A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

  • [dare][] Dare is a project which aims at enabling Android application analysis. The Dare tool retargets Android applications in .dex or .apk format to traditional .class files

  • [dex2jar][] Tools to work with android .dex and java .class files
    To decompile the Dalvik bytecode (dex) into readable Java source run dex2jar some.apk then open .jar with with [JD-GUI]

  • [apktool][] A tool for reverse engineering Android apk files
    To decompile run apktool d some.apk

  • [smali][] is an assembler/disassembler for the dex format used by dalvik, Android’s Java VM implementation.

    Disassemble the bytecode to smali, an assembly language. You can read and modify the smali or even replace classes entirely by generating smali from new Java source (to do this, you could compile your .java source to .class files with javac, then convert your .class files to .dex files with Android’s dx compiler, and then use baksmali (smali disassembler) to convert the .dex to .smali files


  • Dependency Walker is a free utility that scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules.
  • Spy++
  • TrID is a utility designed to identify file types from their binary


  • ldd prints the shared libraries required by each program or shared library specified on the command line.

Binary, Firmware

Mac OS X, iOS


File that identifies the account It contains information that links the app to your DSPersonID which corresponds directly to an AppleID
You can see what your AppleID and DSPersonID are by running this in terminal:

defaults read AppleID && defaults read DSPersonID



  • MacDependency shows all dependent libraries and frameworks of a given executable, dynamic library or framework on Mac OS X. It is a GUI replacement for the otool command, and provides almost the same functionality as the Dependency Walker on Windows.
  • Accessibility Inspector
  • [F-Script][] F-Script can be used as a standalone application which dynamically loads your Objective-C classes and enables you to access them either interactively or using scripts
  • [Cycript][] allows developers to explore and modify running applications on either iOS or Mac OS X using a hybrid of Objective-C++ and JavaScript syntax through an interactive console that features syntax highlighting and tab completion.
  • [patient0][] runtime code injections suite for security analysis
  • nm displays the name list (symbol table) of each object file in the argument list.
  • otool displays specified parts of object files or libraries.
  • class-dump examining the Objective-C runtime information stored in Mach-O files. It generates declarations for the classes, categories and protocols.
  • class_dump_z
  • /Path/To/ -NSTraceEvents YES
  • /Applications/ -NSTraceEvents YES 2>&1 | grep «Received event.*LMouseUp»
  • [DTrace]()
  • Frida Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.


  • list all linked symbols
    nm -u /Applications/.app/Contents/MacOS/executable | sort | less

  • Display global (external) symbol names (no value or type).
    nm -g -j executable | sort | uniq | less

  • list all libraries the app has linked to.
    otool -L executable

  • Display the contents of the __OBJC segment used by the Objective-C run-time system.
    otool -ov executable | less

  • disassembly
    otool -tvV executable | less

  • show implementation addresses
    class-dump -A executable | less

  • monitoring file system
    sudo fs_usage pid 5677 | grep plist
    sudo opensnoop | grep plist


Back to posts

comments powered by Disqus