Linux reverse engineering tools
Introduction
Linux systems provide a good platform for reverse engineering. There are enough tools available and some come even preinstalled. For more advanced dynamic or static analysis, there are specialized tools available, which we collected in the overview below.
Usage
Linux reverse engineering tools are typically used for binary analysis, malware analysis, malware research, reverse engineering.
Users for these tools include malware analysts and security professionals.
Tools
Highlighted tools
Some of the Linux reverse engineering tools have features that make them stand out among the others. If one of these characteristics are important to you, have a look at these selected tools first.
Popular Linux reverse engineering tools
Cutter (graphical user interface for radare2)
binary analysis, malware analysis, reverse engineering
Cutter is a graphical user interface for radare2, the well-known reverse engineering framework. It focuses on those who are not familiar enough with radare2, or rather have a graphical interface instead of the command-line interface that radare2 provides.
Frida (reverse engineering tool)
black-box testing, reverse engineering
Frida allows developers and researchers to inject custom scripts into black box processes. This way it can provide a hook into any function, allowing to trace executed instructions. The source code is not needed. Frida even allows direct manipulation and see the results. The tool comes with bindings for different programming languages, allowing to interact with processes. Example of the bindings that Frida provides include Python, Swift, .NET, Qt/Qml, and C API.
LIEF (library for analysis of executable formats)
binary analysis, malware analysis, reverse engineering
In several occasions, it may be useful to perform analysis on binary file formats. Such occasion could be incident response, digital forensics, or as part of reverse engineering tasks. In these cases, a toolkit like LIEF can help to perform this job. It allows you to parse and modify the files. LIEF also will make information available an application programmable interface (API) for automated processing.
PyREBox (Python scriptable Reverse Engineering Sandbox)
binary analysis, malware analysis, reverse engineering
PyREBox is short for Python scriptable Reverse Engineering Sandbox. It provides dynamic analysis and debugging capabilities of a running QEMU virtual machine. The primary usage is the analysis of running processes to perform reverse engineering. PyREBox can change parts of the running system by changing data in memory or within processor registers.
r2frida (bridge between Radare2 and Frida)
application testing, binary analysis, memory analysis
Both Radare2 and Frida have their own area of expertise. This project combines both, to allow a more extensive analysis of files and processes.
radare2 (reverse engineering tool and binary analysis)
digital forensics, reverse engineering, software exploitation, troubleshooting
Radare2 is a popular framework to perform reverse engineering on many different file types. It can be used to analyze malware, firmware, or any other type of binary files. Besides reverse engineering, it can be used for forensics on filesystems and do data carving. Tasks can be scripted and support languages like JavaScript, Go, and Python. Even software exploitation is one of the functions it can be used in.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.