Obfusk8 is a C++17 library that enhances application obfuscation, making reverse engineering more difficult through various compile-time and runtime techniques. It employs strategies like virtual machine execution, indirect control flow flattening, and dynamic key encryption to obscure code logic and data, while also integrating anti-analysis measures. The library offers helper classes for stealthy access to Windows APIs, ensuring minimal static analysis footprints.

The article explores the process of reverse engineering Apple's iWork software, detailing the techniques and tools used to analyze its functionality. It discusses the challenges faced during the reverse engineering process and the insights gained about the software's design and architecture. The author aims to provide a deeper understanding of how iWork operates behind the scenes.

The article explores techniques and tools for reverse-engineering modern web browsers, focusing on the intricacies of browser architecture, security mechanisms, and debugging processes. It highlights the importance of understanding browser internals for both security researchers and developers aiming to enhance their web applications. Practical examples and methodologies are provided to aid in the reverse-engineering process.

pyghidra-mcp is a headless Model Context Protocol server for Ghidra that enables project-wide analysis of multiple interdependent binaries. By integrating automation with AI capabilities, it allows for seamless tracing of function calls across an entire software ecosystem, enhancing reverse engineering and vulnerability research. The tool supports comprehensive insights into complex applications by exposing an entire Ghidra project for analysis in a single session.

XrefGen is an advanced IDAPython script designed to enhance cross-referencing capabilities in IDA Pro, particularly for complex binaries and modern programming languages. It features a modular architecture, confidence scoring, and various analysis techniques, allowing detection of indirect calls, obfuscated malware patterns, and multi-architecture support. The tool is optimized for performance and memory efficiency, making it essential for security researchers and reverse engineers.

The IDA plugin for reverse-engineering Objective-C code streamlines analysis by cleaning up pseudocode output by removing unnecessary ARC-related runtime calls. It enhances focus on relevant code and improves type propagation, thereby significantly reducing the noise in decompiled output. The plugin is still in development, with plans for additional features in the future.

GoReSym is a Go symbol parser that extracts various types of program and function metadata from Go binaries, including details about CPU architecture and embedded structures. It supports analysis of stripped and malformed binaries and is compatible with multiple Go versions. Users can run it via command line with specific flags for detailed output, and it is designed to facilitate reverse engineering tasks.

The article explores reverse engineering techniques for analyzing an in-game advertising library (anzu.dll) used in the racing game Trackmania. It details the creation of a trampoline DLL to log function calls and arguments, as well as methods for intercepting network traffic to understand the library's communication with its servers. Various tools and strategies are discussed to facilitate the reverse engineering process and enhance debugging capabilities.

The blog discusses PatchGuard, or Kernel Patch Protection (KPP), a critical security feature in Windows that protects the kernel from unauthorized modifications. It explains how PatchGuard operates asynchronously to monitor key kernel structures, triggers a blue screen of death (BSOD) upon detecting tampering, and delves into its initialization process and the challenges of reverse engineering it. Additionally, the article hints at potential bypasses for this security mechanism.

The article provides a comprehensive guide on how to reverse-engineer a business strategy, emphasizing the importance of understanding competitors' approaches and adapting insights to enhance one's own strategic planning. It covers various techniques for dissecting existing strategies and suggests practical steps for implementing learned strategies effectively.

ghidraMCP is a Model Context Protocol server that enables large language models to autonomously reverse engineer applications using Ghidra's core functionalities. The setup process involves downloading the Ghidra plugin, configuring it within Ghidra, and connecting various MCP clients like Claude Desktop, Cline, and 5ire to interact with the server. Detailed installation instructions and configurations are provided for each client integration.

The article delves into the intricacies of reverse-engineering cursor implementations in large language model (LLM) clients, highlighting the potential benefits and challenges associated with such endeavors. It emphasizes the importance of understanding cursor functionality to enhance user experience and optimize performance in AI-driven applications.

Oneiromancer is a reverse engineering assistant that leverages a fine-tuned LLM to analyze code snippets, providing high-level descriptions, recommended function names, and variable renaming suggestions. It supports cross-platform integration with popular IDEs and allows for easy installation via crates.io or building from source. The tool aims to enhance code analysis efficiency and improve developers' understanding of their code's functionality.

VMDragonSlayer is an advanced framework designed for the automated analysis of binaries protected by various Virtual Machine (VM) protectors, utilizing multiple analysis engines such as Dynamic Taint Tracking and Symbolic Execution. Its goal is to streamline and enhance the reverse engineering process, transforming what typically takes weeks or months into efficient, structured analysis. The framework supports integration with popular reverse engineering tools and features a modular architecture for extensibility and custom workflows.

The article explores the utilization of Large Language Models (LLMs) as tools for reverse engineering, offering insights into how these models can assist in analyzing and understanding complex software systems. It discusses practical applications, benefits, and the evolving role of LLMs in cybersecurity and software development.

The apktool-mcp-server is a fully automated server that leverages apktool and LLMs like Claude to facilitate real-time analysis and reverse engineering of Android APKs, enabling users to uncover vulnerabilities and modify code efficiently. It provides a suite of tools for tasks such as decoding APKs, analyzing manifests, and modifying smali files, all designed to enhance the reverse engineering process.

Radare2 (r2) is a powerful open-source reverse engineering tool that has evolved from a basic hexadecimal editor to a comprehensive command-line utility with various plugins and scripting capabilities. It supports numerous architectures and file formats, offering tools for debugging, disassembly, and binary analysis. Installation can be performed from the Git repository, and users can extend functionality through the r2pm package manager.

Apple released a security patch for CVE-2025-43300, addressing an out-of-bounds write vulnerability in the ImageIO framework that could be exploited in zero-click attacks. The article provides a detailed root cause analysis of the vulnerability and the changes made in the patch, focusing on the modifications in the RawCamera file and the implications for image processing. Researchers have previously explored the vulnerability, revealing its connections to JPEG Lossless compression in DNG files.

A comprehensive guide for setting up a Windows virtual machine and various tools for reverse engineering and malware analysis. It covers installation steps for essential software, debugging techniques, and methods for manipulating Portable Executable (PE) properties, alongside practical exercises involving malware samples and code execution through DLL sideloading. The article emphasizes the automation of processes and validation through GitHub workflows.

Generative AI can facilitate reverse engineering of legacy applications even without access to source code by observing user interactions, analyzing database changes, and capturing network traffic. A recent experiment at Thoughtworks demonstrated this capability using an open-source ERP platform, ultimately highlighting the need for human oversight in the process and the potential for AI to assist in testing application functionality post-reconstruction.

ImHex is a feature-rich hex editor designed for reverse engineers and programmers, offering extensive tools for data manipulation, visualization, and analysis. It supports various data types, a customizable interface, and advanced features like data hashing and integrated disassembly for multiple architectures. Users can also extend its functionality through a custom pattern language and plugins.

The article details a process for modding a mobile application using Frida, specifically by creating a mod that ensures a dice-rolling app always returns a one. It also explains how to distribute the modded app by embedding the Frida gadget for autonomous script execution, allowing the modified app to function without external tools.

DiffRays is a binary patch diffing tool that integrates with IDA Pro to facilitate vulnerability research, exploit development, and reverse engineering. It offers features like automated binary fetching, SQLite output for results storage, and a web interface for interactive visualization of differences between patched and unpatched binaries. Designed for educational purposes, it supports various workflows in analyzing security vulnerabilities.

RIFT (Rust Interactive Function Tool) is a suite designed to aid reverse engineers in analyzing Rust malware, consisting of an IDA plugin static analyzer, a generator for creating signatures, and a diff applier for applying binary diffing results. It is crucial to use RIFT within a secure virtual machine environment to avoid security risks, and the tools are primarily tested on Windows and Linux systems. Community contributions are encouraged to enhance the tool's capabilities.

The article delves into the techniques of reverse engineering and cheat development specifically for the game AssaultCube. It explores internal game hacks and the methodologies used to manipulate game mechanics for enhanced player advantages.

The article delves into the kernel-mode objects and structures that manage Windows registry hives, focusing on the complex relationship between the _CMHIVE and _HHIVE structures. It explores their roles in memory management, synchronization, and transaction states, while discussing the implications for security and performance. Detailed insights on their layouts and functionalities are provided, along with the challenges of reverse-engineering undocumented structures.

Automated Function ID database generation in Ghidra streamlines the reverse engineering process for binaries lacking symbol information by allowing analysts to create and apply function signatures. The article discusses utilizing scripts and PowerShell to extract object files from static libraries, import them into Ghidra, and generate function signatures, enhancing the clarity and efficiency of vulnerability analysis in software.