re_lab
A portable reverse engineering environment using docker.
Getting Started
These instructions will get you a copy of the project up and running on your local machine.
Prerequisites
The environment is base on docker, to install it:
NOTE: You can find a installation guide on the docker web-site for the following distribution: CentOS, Debian, Fedora and Ubuntu. You can also install it from static binaries. But I recommand you to install docker with the package manager of your distribution.
Packages used
- build-essential - Informational list of build-essential packages
- gdb - The GNU Debugger
- radare2 - Free and advanced command line hexadecimal editor
- strace - A system call tracer
- ltace - Tracks runtime library calls in dynamically linked programs
- xxd - Tool to make (or reverse) a hex dump
- bsdiff - Generate/apply a patch between two binary files
- libcapstone-dev - Lightweight multi-architecture disassembly framework - devel files
- libcapstone3 - Lightweight multi-architecture disassembly framework - library
- flasm - Assembler and disassembler for Flash (SWF) bytecode
- python-pip - Alternative Python package installer
- python3 - Interactive high-level object-oriented language (default python3 version)
- python3-pip - Alternative Python package installer - Python 3 version of the package
- libffi-dev - Foreign Function Interface library (development files)
- git - Fast, scalable, distributed revision control system
- vim - Vi IMproved - enhanced vi editor
- wget - Retrieves files from the web
- llvm - Low-Level Virtual Machine (LLVM)
- clang - Low-Level Virtual Machine (LLVM), C language family frontend
- lldb - Next generation, high-performance debugger
- volatility - Advanced memory forensics framework
- binwalk - Tool for searching binary images for embedded files and executable code
- python3-binwalk - Python3 library for analyzing binary blobs and executable code
- gdb-peda - Python Exploit Development Assistance for GDB
- angr - A powerful and user-friendly binary analysis platform!
- sudo - Provide limited super user privileges to specific users
- gcc-multilib - GNU C compiler (multilib files)
- locales - Embedded GNU C Library: National Language (locale) data
- tmux - Terminal multiplexer
Installing
$ docker build -t re_lab .
$ docker run -it \
--privileged \
-v $(pwd)/share_ro:/share_ro:ro \
-v $(pwd)/share_rw:/share_rw \
re_lab
Shared folders
- /share_ro - read only access to access installation of packages
- /share_rw - to be able to write and share the results with host system
Authors
- Clément Boin - Initial work - cboin
License
This project is licensed under the GNU General Public License v3.0 - see the LICENSE.md file for details