Categories: Kali Linux

Bincat : Binary Code Static Analyser With IDA Integration

BinCAT is a static Binary Code Analysis Toolkit, designed to help reverse engineers, directly from IDA or using Python for automation.

It features:

  • value analysis (registers and memory)
  • taint analysis
  • type reconstruction and propagation
  • backward and forward analysis
  • use-after-free and double-free detection

Also Read : LOLBAS – Living Off The Land Binaries And Scripts

Quick FAQ

Supported host platforms:

  • IDA plugin: all, version 7.0 or later (BinCAT uses PyQt, not PySide)
  • analyzer (local or remote): Linux, Windows, macOS (maybe)

Supported CPU for analysis (for now):

  • x86-32
  • x86-64
  • ARMv7
  • ARMv8
  • PowerPC

Installation

Only IDA v7 or later is supported

v6.9 may work, but we won’t support it.

Binary distribution install (recommended)

The binary distribution includes everything needed:

  • the analyzer
  • the IDA plugin

Install steps:

  • Extract the binary distribution of BinCAT (not the git repo)
  • In IDA, click on “File -> Script File…” menu (or type ALT-F7)
  • Select install_plugin.py
  • BinCAT is now installed in your IDA user dir
  • Restart IDA

Manual installation

Analyser

The analyzer can be used locally or through a Web service.

On Linux:

On Windows:

IDA Plugin

BinCAT should work with IDA on Wine, once pip is installed:

Using BinCAT

Quick start

  • Load the plugin by using the Ctrl-Shift-B shortcut, or using the Edit -> Plugins -> BinCAT menu
  • Go to the instruction where you want to start the analysis
  • Select the BinCAT Configuration pane, click <-- Current to define the start address
  • Launch the analysis

Configuration

Global options can be configured through the Edit/BinCAT/Options menu.

Default config and options are stored in $IDAUSR/idabincat/conf.

Options

  • “Use remote bincat”: select if you are running docker in a Docker container
  • “Remote URL”: http://localhost:5000 (or the URL of a remote BinCAT server)
  • “Autostart”: autoload BinCAT at IDA startup
  • “Save to IDB”: default state for the save to idb checkbox
R K

Recent Posts

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

14 hours ago

MODeflattener – Miasm’s OLLVM Deflattener

MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…

14 hours ago

My Awesome List : Tools And Their Functions

"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…

14 hours ago

Chrome Browser Exploitation, Part 3 : Analyzing And Exploiting CVE-2018-17463

CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…

14 hours ago

Chrome Browser Exploitation, Part 1 : Introduction To V8 And JavaScript Internals

The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…

14 hours ago

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

17 hours ago