Disasemble binaries and recover as much info as possible.
Project description
dis-cover
Disassemble binaries and recover as much info as possible
This project was created by Louis Merlin in Spring 2021 as part of his master thesis at HexHive, with a fellowship from the armasuisse Cyber-Defense Campus.
How to use
Run on you binary
To run this tool on your own binary, first you must install dis-cover, as well as elfutils and binutils.
pip install dis-cover
apt install elfutils binutils # or whatever your version of this is
Then, you can run it to analyze your binary, for example /bin/gold.
dis-cover /bin/gold
This will create a reconstructed elf file in your current directory. This binary will contain symbols and dwarf information describing the classes and hierarchies that dis-cover was able to find.
Command-line
You can install dis-cover by running pip install dis-cover.
Here are the CLI options :
usage: dis-cover [-h] [-d OUTPUT_DIRECTORY] [-p PICKLE] [-o OUTPUT_FILE] [-l] [-g GRAPH] file
Disasemble binaries and recover as much info as possible
positional arguments:
file ELF file to dis-cover
optional arguments:
-h, --help show this help message and exit
-d OUTPUT_DIRECTORY, --output-directory OUTPUT_DIRECTORY
Directory where the temporary files are written (default "/tmp")
-p PICKLE, --pickle PICKLE
Output classes in the pickle format into PICKLE.
-o OUTPUT_FILE, --output-file OUTPUT_FILE
File where the reconstructed binary should be written (default "./reconstructed")
-l, --list-classes List the classes found in the binary
-g GRAPH, --graph GRAPH
Place a .dot file (used to create a Graphviz graph) into GRAPH.
Creating a graph from the class hierarchy
With the -g option, you can output a ".dot" file.
Using the graphviz package, you can then create an SVG graph using the command :
dot -Tsvg your_file.dot -o graph.svg
How to use the development version
If you would like to make modifications to this tools and use that modified version, simply clone this repository and run this command in this directory:
pip install -e .
Possible extensions of this tool
- Look into .debug-pubtypes section
- Verify objcopy and eu-unstrip outputs (priority: medium)
- Add better error handling and more helpful messages (priority: medium)
- Set NOBIT flag in the section headers (priority: low)
- Find a way to compute the size of the classes (priority: low)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file dis-cover-1.0.0.tar.gz.
File metadata
- Download URL: dis-cover-1.0.0.tar.gz
- Upload date:
- Size: 13.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.4.2 requests/2.22.0 setuptools/45.2.0 requests-toolbelt/0.8.0 tqdm/4.30.0 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5e48a8c4b292e0b2b396a5d074b859090c6eddfd042687df1d9c16c19f73f0b3 |
|
| MD5 | c4194c3659cc62c1f3d8e4d78af16e24 |
|
| BLAKE2b-256 | cc604610180251a581e92ee414f2b1362d5e2c630bd28c30550caf5b93dab26d |
File details
Details for the file dis_cover-1.0.0-py2.py3-none-any.whl.
File metadata
- Download URL: dis_cover-1.0.0-py2.py3-none-any.whl
- Upload date:
- Size: 12.5 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.4.2 requests/2.22.0 setuptools/45.2.0 requests-toolbelt/0.8.0 tqdm/4.30.0 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0095ff14718698a5bb1d7d83dc1f161ea367b65283b2dfae40a75bfd9c848b30 |
|
| MD5 | b3facf5b1a9a4c671d7adb8c97d059f0 |
|
| BLAKE2b-256 | c981a323a20cb3d668b7f3e17c502f7d9a69395b994c52126b148196478771d4 |
