Reverse engineering

Kali Linux: Top 8 tools for reverse engineering

Howard Poston
July 26, 2021 by
Howard Poston

Reverse engineering is a useful skill set for both offensive and defensive cybersecurity. On the attack side, the ability to analyze and understand how programs work is valuable for identifying new exploitable vulnerabilities. Defensively, reverse engineering can be used for the same purpose or for analyzing malware for incident response or to develop defenses against it.

Kali Linux provides a wide variety of different tools for penetration testers and other cybersecurity professionals. Among these are several different tools designed for reverse engineering.

Kali Linux tools for reverse engineering

A reverse engineer may need to accomplish a variety of different tasks and analyze software designed for different environments. Kali Linux provides a wide range of reverse engineering tools that offer many of the capabilities that a reverse engineer needs.

Debugging

Reverse engineering can either be performed statically or dynamically. Static reverse engineering involves looking at the assembly code of an application and attempting to understand its function without running it. Dynamic analysis, on the other hand, runs the application code and observes its results.

In addition to being useful for identifying and fixing bugs in code, debuggers are also invaluable for dynamic analysis. Kali Linux has a few different built-in tools for dynamic reverse engineering, including:

  1. OllyDbg: OllyDbg is one of the most famous and widely used tools for reverse engineering. It is designed to support runtime analysis of Windows executables, provides a user-friendly interface and has many built-in features.
  2. Edb-debugger: Edb-debugger is the equivalent of OllyDbg for Linux binaries. It includes all of the core capabilities of a debugger and can also be extended using plug-ins. Edb-debugger has a drop-in debugging core, making it possible to use the edb-debugger interface with a different debugging core if desired.
  3. Valgrind: Valgrind is designed for debugging and profiling Linux binaries. It offers a few different profiling tools designed to detect errors in memory management, threading and other elements of a program. This makes it invaluable for bug hunting within Linux applications.

Java reverse engineering

Java is a commonly-used programming language, but it can be an annoying one for reverse engineering. As part of the compilation process, Java code is compiled into bytecode designed to run within the Java virtual machine (JVM). This can make it difficult to analyze and understand the functionality of a Java executable.

Kali Linux includes several different tools that are designed to make it easier to reverse engineer Java applications. Some of the tools built into Kali Linux for reverse engineering Java code include:

  1. Jad: Jad stands for Java decompiler. This tool creates Java source code from a compiled executable. However, this tool is no longer actively maintained and has not been since 2011.
  2. JavaSnoop: JavaSnoop is a tool that provides insight and control over a Java application. It acts similarly to a debugger, allowing you to connect to an existing process, monitor what’s going on and change the method calls or running code within the process.
  3. JD-GUI: Like Jad, JD-GUI is a decompiler for Java code. It takes a Java .class file and reconstructs the source code that created it. While this doesn’t provide a perfect reconstruction (variable names are lost for example) it makes it much easier to analyze Java applications for which the source is unavailable.

Mobile reverse engineering

The use of mobile devices for both personal and business purposes is growing rapidly. This means that the probability that a mobile device will need to undergo forensic analysis or that reverse engineering of a mobile application will be valuable is increasing as well.

The Apple and Android operating systems are both based on Linux, but they are also very different. Kali Linux includes tools designed to transform mobile applications into a form that allows them to be more easily analyzed, including:

  1. Apktool: Apktool is designed to convert a compiled Android app to a package of resources and back again. This makes it easier to reverse engineer Android applications, allows step-by-step debugging of smali code and supports rebuilding an app after making modifications to the code or resources.
  2. Dex2jar: this tool converts the Dalvik Executable format used by Android to Java JAR files. From there, the resulting JAR file can then be opened up using JD-GUI to examine the reconstructed source code for the app.

Become a certified reverse engineer!

Become a certified reverse engineer!

Get live, hands-on malware analysis training from anywhere, and become a Certified Reverse Engineering Analyst.

Getting Started with reverse engineering in Kali Linux

The tools listed here are only some of the options available in Kali Linux for reverse engineering. When getting started with reverse engineering, playing around with a simple program in a debugger is a good starting point. This helps to build the skills and knowledge needed to work on binaries designed for different environments.

 

Sources:

Kali Linux Tools Listing, Kali Linux

OllyDbg v1.10, OllyDbg

edb, CodeF00

Valgrind Home, Valgrind

JavaSnoop, Google Code

JD-GUI, Java Decompiler

Apktool, iBotPeaches

dex2jar, pxb1988

Howard Poston
Howard Poston

Howard Poston is a copywriter, author, and course developer with experience in cybersecurity and blockchain security, cryptography, and malware analysis. He has an MS in Cyber Operations, a decade of experience in cybersecurity, and over five years of experience as a freelance consultant providing training and content creation for cyber and blockchain security. He is also the creator of over a dozen cybersecurity courses, has authored two books, and has spoken at numerous cybersecurity conferences. He can be reached by email at howard@howardposton.com or via his website at https://www.howardposton.com.