November 6, 2022 at 4:43 PM
In this post I will summarize my research on the topic reverse engineering on Linux and will list the best, free options down below.
1. Radare2 & Iaito
Quote from the official Radare2 website:
A free/libre toolchain for easing several low level tasks like forensics, software reverse engineering, exploiting, debugging, ... It is composed by a bunch of libraries (which are extended with plugins) and programs that can be automated with almost any programming language.
Quote from the Iaito Github repository:
iaito is the official graphical interface for radare2, a libre reverse engineering framework.
These two tools form the perfect tool chain for a user friendly, good looking (Native dark mode) and completely free start into reverse engineering. They support over 50+ different architectures and CPU's. Did I mention this is 100% free and open source?
2. Edb-debugger
Quote from the Edb Github repository:
edb is a cross platform AArch32/x86/x86-64 debugger. It was inspired by Ollydbg, but aims to function on AArch32, x86, and x86-64 as well as multiple OS's. Linux is the only officially supported platform at the moment, but FreeBSD, OpenBSD, OSX and Windows ports are underway with varying degrees of functionality.
I have never really tried using Edb or Ollydbg, the reviews and recommendations are very good so take it with a bit of salt.
3. Ghidra
Quote from the official Ghidra website:
A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission
Ghidra is very similar to IDA pro, which is very expensive and hard to get your hands on. Once you get used to Ghidra, it can be just as powerful as IDA pro. It was originally developed by the NSA and has since then been open sourced. It has no native dark mode and the UI is complicated and not user friendly.
4. Pwndbg
Quote from the official pwndbg Github repository:
pwndbg (/poʊndbæg/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.
I have never personally used this tool but looking at the popularity on Github (5k stars) it seems decent. It is in direct connection to gdb which is not very user friendly and I would thus not recommend it for beginners.
5. Binary Ninja Cloud
Quote from the official Binary Ninja Website:
Binary Ninja is an interactive disassembler, decompiler, and binary analysis platform for reverse engineers, malware analysts, vulnerability researchers, and software developers that runs on Windows, macOS, and Linux.
I have used Binary Ninja in the past and have to warn people that the system native version is paid. What I am listing here is their free, cloud version which only requires you to sign up to their website.
Edit 1: Added links to all tools.
Edit 2: Added 2 items to the list.
1. Radare2 & Iaito
Quote from the official Radare2 website:
A free/libre toolchain for easing several low level tasks like forensics, software reverse engineering, exploiting, debugging, ... It is composed by a bunch of libraries (which are extended with plugins) and programs that can be automated with almost any programming language.
Quote from the Iaito Github repository:
iaito is the official graphical interface for radare2, a libre reverse engineering framework.
These two tools form the perfect tool chain for a user friendly, good looking (Native dark mode) and completely free start into reverse engineering. They support over 50+ different architectures and CPU's. Did I mention this is 100% free and open source?
2. Edb-debugger
Quote from the Edb Github repository:
edb is a cross platform AArch32/x86/x86-64 debugger. It was inspired by Ollydbg, but aims to function on AArch32, x86, and x86-64 as well as multiple OS's. Linux is the only officially supported platform at the moment, but FreeBSD, OpenBSD, OSX and Windows ports are underway with varying degrees of functionality.
I have never really tried using Edb or Ollydbg, the reviews and recommendations are very good so take it with a bit of salt.
3. Ghidra
Quote from the official Ghidra website:
A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission
Ghidra is very similar to IDA pro, which is very expensive and hard to get your hands on. Once you get used to Ghidra, it can be just as powerful as IDA pro. It was originally developed by the NSA and has since then been open sourced. It has no native dark mode and the UI is complicated and not user friendly.
4. Pwndbg
Quote from the official pwndbg Github repository:
pwndbg (/poʊndbæg/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.
I have never personally used this tool but looking at the popularity on Github (5k stars) it seems decent. It is in direct connection to gdb which is not very user friendly and I would thus not recommend it for beginners.
5. Binary Ninja Cloud
Quote from the official Binary Ninja Website:
Binary Ninja is an interactive disassembler, decompiler, and binary analysis platform for reverse engineers, malware analysts, vulnerability researchers, and software developers that runs on Windows, macOS, and Linux.
I have used Binary Ninja in the past and have to warn people that the system native version is paid. What I am listing here is their free, cloud version which only requires you to sign up to their website.
Edit 1: Added links to all tools.
Edit 2: Added 2 items to the list.
