[go: up one dir, main page]

Skip to content

Binary code static analyser, with IDA integration. Performs value and taint analysis, type reconstruction, use-after-free and double-free detection

Notifications You must be signed in to change notification settings

Valsmir/bincat

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Introduction

What is BinCAT?

BinCAT is a static Binary Code Analysis Toolkit, designed to help reverse engineers, directly from IDA or using Python for automation.

It features:

  • value analysis (registers and memory)
  • taint analysis
  • type reconstruction and propagation
  • backward and forward analysis
  • use-after-free and double-free detection

In action

You can check (an older version of) BinCAT in action here:

Check the tutorial out to see the corresponding tasks.

Quick FAQ

Supported host platforms:

  • IDA plugin: all, version 7.0 or later (BinCAT uses PyQt, not PySide)
  • analyzer (local or remote): Linux, Windows, macOS (maybe)

Supported CPU for analysis (for now):

  • x86-32
  • x86-64
  • ARMv7
  • ARMv8
  • PowerPC

Installation

Only IDA v7 or later is supported

v6.9 may work, but we won't support it.

Binary distribution install (recommended)

The binary distribution includes everything needed:

  • the analyzer
  • the IDA plugin

Install steps:

  • Extract the binary distribution of BinCAT (not the git repo)
  • In IDA, click on "File -> Script File..." menu (or type ALT-F7)
  • Select install_plugin.py
  • BinCAT is now installed in your IDA user dir
  • Restart IDA

Manual installation

Analyzer

The analyzer can be used locally or through a Web service.

On Linux:

On Windows:

IDA Plugin

BinCAT should work with IDA on Wine, once pip is installed:

Using BinCAT

Quick start

  • Load the plugin by using the Ctrl-Shift-B shortcut, or using the Edit -> Plugins -> BinCAT menu

  • Go to the instruction where you want to start the analysis

  • Select the BinCAT Configuration pane, click <-- Current to define the start address

  • Launch the analysis

Configuration

Global options can be configured through the Edit/BinCAT/Options menu.

Default config and options are stored in $IDAUSR/idabincat/conf.

Options

  • "Use remote bincat": select if you are running docker in a Docker container
  • "Remote URL": http://localhost:5000 (or the URL of a remote BinCAT server)
  • "Autostart": autoload BinCAT at IDA startup
  • "Save to IDB": default state for the save to idb checkbox

Documentation

A manual is provided and check here for a description of the configuration file format.

A tutorial is provided to help you try BinCAT's features.

Article and presentations about BinCAT

Licenses

BinCAT is released under the GNU Affero General Public Licence.

The BinCAT OCaml code includes code from the original Ocaml runtime, released under the LGPLv2.

The BinCAT IDA plugin includes code from python-pyqt5-hexview by Willi Ballenthin, released under the Apache License 2.0.

BinCAT includes a modified copy of newspeak.

Automated builds

Automated builds are performed automatically (see azure-pipelines.yml). The latest builds and test results can be accessed here

About

Binary code static analyser, with IDA integration. Performs value and taint analysis, type reconstruction, use-after-free and double-free detection

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • OCaml 72.5%
  • Python 24.2%
  • C 1.5%
  • Makefile 1.3%
  • Standard ML 0.4%
  • Dockerfile 0.1%