Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/h311d1n3r/Cerberus

A C++ tool to unstrip Rust/Go binaries (ELF and PE)
https://github.com/h311d1n3r/Cerberus

linux reverse-engineering rust static-analysis

Last synced: about 2 months ago
JSON representation

A C++ tool to unstrip Rust/Go binaries (ELF and PE)

Awesome Lists containing this project

README 

        
# Cerberus

## Description

### A C++ tool to unstrip Rust and Go binaries (ELF and PE) 

**Cerberus** is the tool you want to use to make RUST and GO static analysis a lot easier.  

Based on hashing and scoring systems, it can retrieve lots of symbol names.

## How does it work ?

After analyzing your ELF/PE binary to find the used libraries, **Cerberus** will download and build them.  

Then the tool will hash (in various ways) the functions in your file and in the libraries to make matches.  

## Table of contents

[Installation](#install)  

      [Download a release](#install_release)  

      [Build the tool with Docker](#install_build_docker)  

      [Build the tool on host](#install_build_host)  

[How to use ?](#how)  

      [Syntax](#how_syntax)  

      [Parameters](#how_params)  

      [Flags](#how_flags)  

      [Example](#how_example)  

[Warning](#warning)  






## Installation






### Download a release

Check the [Releases](https://github.com/h311d1n3r/Cerberus/releases/) tab on the Github project and download the latest one.  






### Build the tool with Docker

1. Clone the repository `git clone https://github.com/h311d1n3r/Cerberus && cd cerberus`.

2. Check the available Dockerfiles under `Cerberus/docker/{OS}`.  

3. Build the docker image of your choice `docker build -f ./docker/{OS}/Dockerfile-{version} .`.

4. You can run **Cerberus** from inside the docker or extract the binary on your host. This second choice needs to install the libraries listed in [this section](#install_build_host).  






### Build the tool on host  

1. You need to have **libarchive**, **libcurl4-openssl**, **zlib1g**, **libelf** and the **uuid-dev** libraries installed on your system.  

With APT just do `apt -y install libarchive-dev libcurl4-openssl-dev zlib1g-dev libelf-dev`

2. Clone the repository `git clone https://github.com/h311d1n3r/Cerberus && cd cerberus`.

3. Initialize git dependencies : `git submodule update --init`  

4. Create the build directory `mkdir build && cd build`.  

5. Run CMake to configure the project `cmake ..`.

6. Run make to compile the project `make`.  






## How to use ?






### Syntax

`cerberus binary [-param value] [--flag]`






### Parameters

`output` -> Specifies the path for the resulting ELF file.  

`part_hash_len` -> Specifies the length of a `part hash`. The `part hash` of a function is just a reduction of the function with a linear pace.

This technique is used to prevent fixed addresses from corrupting a standard hash. Default value : 20  

`part_hash_trust` -> Specifies minimum ratio of similarity between the two hashed functions to compare. The kept function will be the one with the most matches anyway.

Increasing this value will reduce the number of matched functions but speed up execution time. Default value : 0.6  

`min_func_size` -> The minimum length a function must be to get analyzed. Decreasing this value will increase matches but also false positives. Default value : 10  






### Flags

`help` -> Displays a help message.  

`debug` -> Displays outputs of commands.  

`no-prompt` -> Automatically skips user prompts.  






### Example

#### Command

The following command will try to unstrip the file ./rust_example into a new ELF called ./rust_example_syms.  

`cerberus ./rust_example -output ./rust_example_syms`

#### Result

Here is a comparison of the main function in the two files using Binary Ninja :  





  before.png






  after.png







## Warning

**This software must only be used to carry out lawful experiments and I am not responsible for any breach of this rule !**