Reverse Engineering

WhalerGo

A Go program that reverse engineers Docker images to reconstruct the original Dockerfile.

PETools

A Windows toolkit for analyzing, editing, and manipulating Portable Executable (PE) files and processes.

Android UnpackerC

A collection of tools and scripts for unpacking and analyzing protected Android applications, originally presented at Defcon 22.

MetroBoyC++

Gate-level simulation of the original Game Boy hardware, reverse-engineered from die shots of the DMG-01 chip.

Androl4b

A virtual machine for Android application security assessment, reverse engineering, and malware analysis.

DDDplus frameworkJava

A lightweight DDD enhancement framework for forward and reverse business modeling to support complex system architecture evolution.

xoreosC++

An open-source reimplementation of BioWare's Aurora game engine and its derivatives, enabling portable gameplay for classic RPGs.

dethraceC

A reverse-engineered, modern rebuild of the 1997 game Carmageddon that runs natively on contemporary systems.

IDRC++

Interactive Delphi Reconstructor (IDR) is a decompiler for Delphi-compiled Windows executables and DLLs, focusing on static analysis.

ManalyzeYARA

A static analyzer for PE executables that identifies malicious indicators and aids in malware assessment.

The Force EngineC++

A modern reverse-engineered replacement for the Jedi Engine, enabling Dark Forces and future Outlaws support on modern systems.

Protobuf inspectorPython

A tool to reverse-engineer and parse Protocol Buffers encoded blobs without knowing their definition.

EXEInfo-PE

Free Windows executable and binary data detector that identifies packers, compilers, protectors, and file formats.

SurrealEngineC++

A reimplementation of Unreal Engine 1 focused on making Unreal (Gold) and Unreal Tournament (UT99) playable on modern systems.

Pokemon GO Java APIJava

A Java API for interacting with Pokémon GO servers, enabling programmatic gameplay and data access.

VivisectPython

A Python framework for disassembly, static analysis, symbolic execution, and debugging of binaries and malware.

Rigel EngineC++

A modern C++ re-implementation of the classic DOS game Duke Nukem II, offering enhanced graphics and usability on modern systems.

Firmware Mod KitC

A collection of scripts and utilities to extract, modify, and rebuild Linux-based firmware images for embedded devices.

ProxelarRust

A programmable MITM proxy written in Rust for intercepting, inspecting, and modifying HTTP/HTTPS traffic with Lua scripting.

PolyHookC++

A C++11 library providing abstract interfaces for multiple x86/x64 hooking techniques including detours, VEH, and IAT.

TR1XC

An open-source reimplementation of Tomb Raider 1, 2, and 3 with modern enhancements, bug fixes, and a unified engine.

PowerShellArsenalPowerShell

A PowerShell module for reverse engineering that disassembles code, analyzes malware, parses memory structures, and inspects Windows internals.

Link's Awakening DXAssembly

A complete disassembly of The Legend of Zelda: Link's Awakening DX for the Game Boy Color, enabling ROM analysis and modification.

Pokemon-GO-node-apiJavaScript

A Node.js library for interacting with the Pokemon GO API, enabling programmatic access to game data and actions.

Pokémon YellowAssembly

A complete disassembly of Pokémon Yellow for Game Boy Color, enabling ROM hacking and analysis.

Awesome LLVM security

A curated collection of LLVM-based tools, compilers, and resources focused on security, obfuscation, binary lifting, and compiler development.

DECAF (Dynamic Executable Code Analysis Framework)C

A dynamic binary analysis framework based on QEMU for whole-system taint analysis and security research.

WinbindexPython

An index of Windows binaries with download links for executables like exe, dll, and sys files from Microsoft's symbol server.

MalUnpackC

A dynamic unpacker for Windows malware that deploys packed executables, waits for payload unpacking, and dumps the extracted code.

HAL – The Hardware AnalyzerC++

A comprehensive netlist reverse engineering and manipulation framework for hardware analysis, akin to IDA or Ghidra for hardware.

DroidboxPython

Dynamic analysis tool for Android applications that monitors runtime behavior, detects information leaks, and visualizes app activity.

JTAGenumC++

An Arduino/Raspberry Pi tool to scan for JTAG pins and enumerate undocumented instructions on embedded devices.

OpenNFSC++

A modern open-source engine that recreates classic Need for Speed games (1-5) by unpacking original data files.

CANalyzat0rPython

A security analysis toolkit with GUI for proprietary automotive CAN and CAN FD protocols, featuring modular analysis mechanisms.

OSX Security Awesome

A curated collection of macOS and iOS security resources including tools, research, malware analysis, and hardening guides.

PE-bear

A freeware reversing tool for PE files, designed for fast and flexible malware analysis.