Friday, 16 June 2017
0 comments

Binary Code Static Analyser With IDA Integration


Binary code static analyser, with IDA integration. Performs value and taint analysis, type reconstruction.


What is BinCAT?

BinCAT is a static Binary Code Analysis Toolkit, designed to help reverse engineers, directly from IDA.

It features:

  • value analysis (registers and memory)
  • taint analysis
  • type reconstruction and propagation
  • backward and forward analysis

Quick FAQ

Supported Platforms:

  • IDA plugin: all, version 6.9 or later
  • analyzer (local or server): Linux, macOS (maybe)

Supported CPUs (for now):
x86-32

Installation


Analyzer

The analyzer is only supported on Linux, but can expose a Web service for use from a Windows IDA.

Using Docker: Docker installation instructions
Manual: Manual installation instructions

IDA Plugin


Only IDA v6.9 or later are supported

Install for Windows
  • In IDA, click on "File -> Script File..." menu (or type ALT-F7)
  • Select python\windows_install_plugin.py
  • the BinCAT plugin is now installed in your IDA user dir

Or install manually.

Linux install

Installation instructions


Using BinCAT


Now you can run analyses (Ctrl-Shift-A)

Quick start


Load the plugin by using the Ctrl-Shift-B shortcut, or using the Edit -> Plugins -> BinCAT menu

Select an instruction in any IDA view, then use the Ctrl-Shift-A shortcut, or the BinCAT -> Analyze from here context menu

Configuration

Global options can be configured through the Edit/BinCAT/Options menu.

Default config and options are stored in $IDAUSR/idabincat/conf.


Options

  • Use remote bincat: select if you are running docker in a Docker container
  • Remote URL: http://localhost:5000 (or the URL of a remote BinCAT server)
  • Autostart: autoload BinCAT at IDA startup
  • Save to IDB: default state for the save to idb checkbox

Analyzer configuration files

Default config for analyzer.


Documentation

A manual is provided.

A tutorial is provided to help you try BinCAT's features. It makes use of a sample binary and screenshots.

Log levels

  • basic info
  • more info
  • debug
  • advanced debug

0 comments:

Post a Comment

 
Toggle Footer
Top