LIEF
the-backdoor-factory
Our great sponsors
LIEF | the-backdoor-factory | |
---|---|---|
4 | 1 | |
4,127 | 3,249 | |
1.9% | - | |
9.4 | 3.4 | |
14 days ago | 6 months ago | |
C++ | Python | |
Apache License 2.0 | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
LIEF
-
What's the Most Portable Way to Include Binary Blobs in an Executable?
My team is working on this problem in the context of creating Node.js single-executable applications. While the naive approach of just appending data at the end of the binary works, it is not friendly with code-signature in macOS and Windows given that signing operates on PE and Mach-O sections.
We have recently open-sourced a small tool called Postject (https://github.com/postmanlabs/postject), which is able to inject arbitrary data as proper ELF/Mach-O/PE sections for all major operating systems (with AIX support coming). The tool also provides C/C++ cross-platform headers for easily traversing the final binary and introspect whether the segment is present or not.
The tool is based on the LIEF (https://github.com/lief-project/LIEF) project.
At Postman, we are making use of this on our custom Node.js single-executable applications and soon on our custom Electron.js builds too.
-
Pefile python module features
https://github.com/lief-project/LIEF https://lief-project.github.io/doc/latest/api/python/index.html
-
Collection of tools for executable packing detection
Bintropy: Entropy-based packing detection featuring multiple modes (whole binary, per section or segment). Based on the awesome LIEF library, therefore supports ELF, PE, Mach-O.
-
rabin2 for scraping ELF to JSON
I've been looking at LIEF toolkit for similar purposes (https://github.com/lief-project/LIEF). It's a python framework for cross platform binary analysis. I'm curious, does rabin2 support dll format?
the-backdoor-factory
-
Nano98: Windows 98 that boots and runs under 5MB
I don't think this argument holds much substance. FOSS developers are absolutely not lost without the source - they just share the fruit of their labor under FOSS licenses. In fact there's a good chunk of work being done black-box style: WINE, many of the drivers, game modding, hell here's a random FOSS binary patcher[0]. So FOSS developers don't seem to be lost without the source.
What are some alternatives?
dll-proxy-generator - Creates a proxy dll which sits between the game and original dll
BDFProxy - Patch Binaries via MITM: BackdoorFactory + mitmProxy.
radare2 - UNIX-like reverse engineering framework and command-line toolset
vmlinux-to-elf - A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)
tree-sitter-html - HTML grammar for Tree-sitter
Cozette - A bitmap programming font optimized for coziness 💜
pe - A :zap: lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.
Mypal - Web browser
vivaldi_modding - Custom modifications for Vivaldi web browser.
paschke - Paschke created images of Chicago, among other things. Hence the name.
bintropy - Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes
shrinkwrap - A tool that embosses the needed dependencies on the top level executable