Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Cool tool! I wrote something for reverse-engineering code, as a consultant years ago. They had a radio module but the manufacturer had lost the source code.

So the tool was called Golem. It had tables for defining opcode to assembler pattern matching, that could be written for any machine (instead of just the one I was cracking).

It worked iteratively. You ran it over the binary once, it produced arbitrary labels from jump-points. You could annotate that output by changing the labels to something human-readable (e.g. Loop-back, Main, TimerISR etc) and add comments.

The next iteration would read that back in to build a symbol table, rescan the binary and re-output. But this time it would understand that the symbols were always on opcode boundaries, distinguish data table from code entry points (because you marked them) etc. So it would do a better job of staying in sync with the code.

Once I was done with that project (and had re-compilable source for the radio module) I put it away and never thought of it again.



You were on your way to cloning IDA Pro, Ghidra, Binary Ninja, or Hopper Disassembler. To varying degrees, sometimes as a pay-extra option, those tools can produce source code.


Um. I think they post-dated me! But I didn't go anywhere with it.


IDA Pro started as a 16-bit MS-DOS program. It's real old. I'm pretty sure I was using it back in 1992, when it was already a well-developed program.

Ghidra is old too, although only recently public. It couldn't be older than Java, which is from 1996.


Cool. I did mine in 2006. Hey, those have mostly Intel disassemblers. Mine did any machine code you cared to write a dissector for.

Are they iterative? Can you add human clues/cues so they do a better job the next time?


They are not at all mostly Intel disassemblers, though some of them have freeware versions (to suppress competition) or time-limited demo versions that are purposely limited. They are very much designed around humans adding clues: you can declare function parameters, struct types, enumerations, and the meaning of various offsets in code. They are interactive GUI tools, continuously updating automated analysis as the user assists by providing clues to the analysis engine. Ghidra and Binary Ninja can be simultaneously multi-user, storing the database on a server for collaboration.

IDA Pro supports dozens of processor architectures. I count about 70, not including model variations and not including community support. https://www.hex-rays.com/products/ida/processors/

Ghidra supports "X86 16/32/64, ARM/AARCH64, PowerPC 32/64/VLE, MIPS 16/32/64/micro, 68xxx, Java / DEX bytecode, PA-RISC, PIC 12/16/17/18/24, Sparc 32/64, CR16C, Z80, 6502, 8051, MSP430, AVR8, AVR32, and variants of these processors."

Binary Ninja officially supports x86, x64, ARMv7, Thumb2, ARMv8, PowerPC, MIPS, 6502. Community support adds AVR, MSP430, and VMNDH-2k12.

Hopper Disassembler supports "x86{16,32,64}, Dalvik, avr, ARM, java, PowerPC, Sparc, MIPS"


ida handles any arch

it is interactive (so by definition iterative)


I remember that old times too. First IDA was built on Pascal using Turbo Vision (GUI library).

Then IDA went on Windows and today it's multiplatform.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: