Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/8dcc/bin-graph

Visualize binary files
https://github.com/8dcc/bin-graph

binary-analysis c libpng reverse-engineering

Last synced: 4 days ago
JSON representation

Visualize binary files

Host: GitHub
URL: https://github.com/8dcc/bin-graph
Owner: 8dcc
License: gpl-3.0
Created: 2024-07-19T14:50:07.000Z (4 months ago)
Default Branch: main
Last Pushed: 2024-08-09T09:28:46.000Z (3 months ago)
Last Synced: 2024-08-09T23:53:35.760Z (3 months ago)
Topics: binary-analysis, c, libpng, reverse-engineering
Language: C
Homepage:
Size: 115 KB
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.org
- License: LICENSE

Awesome Lists containing this project

README

        #+title: Binary graph

#+options: toc:nil

#+startup: showeverything

#+author: 8dcc

This program provides a simple way of visualizing the different regions of a

binary file.

These are some references that inspired this project:

- [[https://github.com/xoreaxeaxeax][Christopher Domas]] - The future of RE Dynamic Binary Visualization ([[https://www.youtube.com/watch?v=4bM3Gut1hIk][YouTube]]).

- Sergey Bratus and Greg Conti - Voyage of the reverser ([[https://www.youtube.com/watch?v=T3qqeP4TdPA][YouTube]]).

- [[https://corte.si][Aldo Cortesi]] - [[https://corte.si/posts/visualisation/binvis/][Visualizing binaries with space-filling curves]].

- Aldo Cortesi - [[https://corte.si/posts/visualisation/entropy/][Visualizing entropy in binary files]].

If you are interested on more professional approaches, check out the following

links:

- The [[https://binvis.io][binvis.io]] online tool by Aldo Cortesi.

- The [[https://github.com/mewbak/binary_viewer][mewbak/binary_viewer]] repository, which also includes some other links.

- The [[https://github.com/wapiflapi/veles][wapiflapi/veles]] repository, which is no longer maintained.

* Building

The program depends on =libpng= for exporting the image. Install it from your

package manager.

#+begin_src bash

# Arch-based distros

pacman -S libpng

# Gentoo

emerge media-libs/libpng

#+end_src

Once all the dependencies are installed, compile the program.

#+begin_src bash

git clone https://github.com/8dcc/bin-graph

cd bin-graph

make

#+end_src

If you want to install it on your system, run the following command.

#+begin_src bash

sudo make install

#+end_src

* Usage and modes

There are various different graph modes that determine how the input binary is

represented in the output image. The full mode list with their descriptions can

be found with the program's =help= command.

#+begin_src bash

bin-graph --help

# Usage:

#   ./bin-graph [OPTION...] INPUT OUTPUT.png

#

# ...

#+end_src

This project also includes a [[file:bin-graph-section.sh][bin-graph-section.sh]] script. It uses =readelf= and

=grep= to find the offset and size of the specified region, and uses that as the

=--offset-*= arguments for =bin-graph=. Additional options after the section name

will be passed to =bin-graph=.

#+begin_src bash

./bin-graph-section.sh SECTION [OPTION...] INPUT OUTPUT.png

# ...

#+end_src

* Overview of the code

I tried to make each part of the program as modular and independent as possible,

for more maintainability and for easier expansion.

This is the basic process for generating an image from a binary.

1. The arguments are parsed, and the necessary global variables in [[file:src/args.c][args.c]] are

   overwritten. These will be used from all the sources.

2. The data is read from the input file as a byte array, using the =read_file=

   function, defined in [[file:src/read_file.c][read_file.c]].

3. The array of bytes is converted into an =Image= structure, which is just an

   array of RGB =Color= structures, along with its dimensions. The program mode

   (which might have been overwritten with the =--mode= parameter) determines what

   =image_*= function is used. These =image_*= functions are defined in [[file:src/image.c][image.c]]. For

   more information on the available modes, see [[*Usage and modes][Usage and modes]].

4. The =Image= structure is converted into a PNG file with the =image2png= function,

   defined in [[file:src/image.c][image.c]].

* Screenshots

#+begin_src bash

./bin-graph --mode grayscale bin-graph examples/grayscale.png

#+end_src

[[file:examples/grayscale.png]]

#+begin_src bash

./bin-graph --mode ascii bin-graph examples/ascii.png

#+end_src

[[file:examples/ascii.png]]

#+begin_src bash

./bin-graph --mode entropy --transform-squares 16 bin-graph examples/entropy-squared.png

#+end_src

[[file:examples/entropy-squared.png]]

#+begin_src bash

# Only the .text section of the ELF file

./bin-graph-section.sh .text --mode histogram bin-graph examples/histogram.png

#+end_src

[[file:examples/histogram.png]]

#+begin_src bash

# Only the .rodata section of the ELF file

./bin-graph-section.sh .rodata --mode bigrams bin-graph examples/rodata-bigrams.png

#+end_src

[[file:examples/rodata-bigrams.png]]

#+begin_src bash

./bin-graph --mode dotplot --zoom 1 --offset-start 5000 --offset-end 5500 input.wav examples/dotplot.png

#+end_src

[[file:examples/dotplot.png]]