Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/bannsec/revenge
REVerse ENGineering Environment
https://github.com/bannsec/revenge
android frida python python3 trace
Last synced: 11 days ago
JSON representation
REVerse ENGineering Environment
- Host: GitHub
- URL: https://github.com/bannsec/revenge
- Owner: bannsec
- Created: 2019-05-24T17:19:18.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2024-05-03T17:41:15.000Z (8 months ago)
- Last Synced: 2024-11-07T05:42:28.242Z (about 2 months ago)
- Topics: android, frida, python, python3, trace
- Language: Python
- Homepage:
- Size: 1.14 MB
- Stars: 57
- Watchers: 7
- Forks: 5
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
[](https://travis-ci.com/bannsec/revenge)
[](https://pypistats.org/packages/revenge)
[](https://pypi.python.org/pypi/revenge/)
[](https://coveralls.io/github/bannsec/revenge?branch=master)
[](http://revenge.readthedocs.org/en/latest/?badge=latest)
# REVerse ENGineering Environment (revenge)
Attempting to make a centralized binary reverse engineering framework for
python. Initially, this makes heavy use of `frida` in the backend, but should
be expandable and has already gone beyond Frida in some ways.
# Install
```
pip3 install https://github.com/bannsec/revenge/archive/master.zip
# Or
pip3 install revenge
```
# Platforms
The goal is for this to be mostly platform independent. Since the backend is python and Frida, it should support Windows, Mac, Linux and Android. YMMV.
# Docs
Check out RTD for the documentation: http://revenge.readthedocs.org/en/latest/
# Examples
## Windows Messages (Temporarily broken)
Specifically watching Windows Messages handling
```bash
# Automatically discover Windows message handling locations and show event messages as they are handled.
revenge -I notepad.exe windows_messages notepad.exe
# Only show information about windows message WM_CHAR and WM_KEYDOWN from notepad.exe
revenge -I notepad.exe -rw windows_messages notepad.exe -wm WM_CHAR WM_KEYDOWN
```
## Stalking
Use Frida stalk to trace through things
```
# Only look at traces from notepad's Windows Message handler function
revenge stalk notepad.exe --include-function notepad.exe:0x3a50 -I notepad.exe
```
## Find
Find things in memory.
```
# Find where your string 'hello world' is in notepad (will check for char and wchar versions)
revenge find notepad.exe --string "Hello world"
{'0x55d78c422250': 'StringUTF8', '0x55d78c453820': 'StringUTF8'}
```
## IPython
Drop into an interactive shell from the command line
```
$ revenge ipython ls -f /bin/ls
Spawning file ... [ DONE ]
Attaching to the session ... [ DONE ]
Enumerating modules ... [ DONE ]
Python 3.6.7 (default, Oct 22 2018, 11:32:17)
Type 'copyright', 'credits' or 'license' for more information
IPython 7.5.0 -- An enhanced Interactive Python. Type '?' for help.
In [1]: process
Out[1]:
```
## General Options
Replacing functions dynamically during execution
```
# Replace function located at offset 0x64a in a.out binary, returning value 0x123
revenge stalk ./a.out --resume -rf "a.out:0x64a?0x123"
# Disable alarm and ptrace functions
revenge stalk test2 -f ./test2 --resume -rf ":alarm?1" ":ptrace?1"
```
# FAQ
## Why am I getting an error when trying to run a 32-bit ELF?
There have been some changes recently with Frida and it appears they are no longer dual building their pip installable wheels. For the time being, you can build your own version of frida if you want dual architecture support.
Building instructions here: https://frida.re/docs/building/
Be sure to install the latest node: https://www.digitalocean.com/community/tutorials/how-to-install-node-js-on-ubuntu-22-04
Once you have it built, you can force the python output into your path:
```bash
export PYTHONPATH=/home/user/frida/build/frida-linux-x86_64/lib/python3.12/site-packages
```