I use ht-editor. It's basically hiew for posix. It uses some of the binutils files internally I think but it's based on pretty old files. There isn't any CLI hex editor that comes close from what I can tell.
I recently went trying to add more modern arm to it, but it's unfortunately not easy to extend. Some of these tools were written by only one or two people and have a lot of work in them which is quite impressive.
Unfortunately that one person codebase also means that it is generally hard to extend and rewrite.
This... This is great. As an aspiring security expert, this is really, really great. I'll take a closer look at it tomorrow, but I am very grateful at the possibility of a more streamlined approach to RE instead of learning several arcane tools in isolation and manually constructing a workflow.
Ghidra is of course the most mature and deals the best with convoluted code. It has the least unnecessary type munging.
But I'm very impressed that retdec was able to to get in an early return. Deeply nested ifs are a big pain point for me in ghidra, in cases when the code would be much easier to read with an early return.
Edit: I wonder how it's implemented. Presumably you need some heuristic to decide to duplicate a basic block. Perhaps that could be exposed to the user?
I sometimes have to look at data structures in memory (not via a debugger) for systems, firmware, or embedded work. I wonder if it would be any good for that? Seems like a related capability to reverse engineering.
I have USB device which has some bad software editor and I wanted to reverse engineer the communication protocol between the hardware device and the editor. Does something like this product can help? How would you go about reverse engineering a USB protocol?
You need a hardware USB logger. The expensive ones makes things much easier.
Cutter is a program for the disassembly of programs. In order to use it you need knowledge of assembly, and that usually takes at least a year of training.
Reversing the USB protocol by software is very hard for someone without experience. USB protocol is very complex and has lots of layers.
I recommend that you start watching videos on internet like "reversing usb devices" and looking at real projects that do it.
Also, last time I used wireshark it gave me a very low level representation of things. It is a very good idea also knowledge of programming like python or lisp that can transform the low level representation into high level information automatically.
I'm not entirely sure what you mean by "has some bad software editor" in the context of a USB device, but for reversing USB protocol, look at Wireshark:
https://wiki.wireshark.org/CaptureSetup/USB
It's a synthesizer. Instead of using the classic MIDI protocol and SYSEX messages , it uses a proprietary protocol to communicate with a software via USB. I want to create an alternative open source software editor for that synthesizer. That's why I need to reverse engineer the protocol in order to send the right USB packets to the device.
(please keep in mind that I'm an EE noob, and have tinkered only with toy uC, etc).
Is it possible that the synthesizer is using a classic USB chip (such as the "FTDI") and doing serial over USB? If that's the case, it might be substantially easier to figure out the protocol.
Thanks for the suggestion, I didn't not need to install a driver to connect the synthesizer to a computer and use the editor, so maybe that's the case. Where do you think I should get started with that, or how can I find out it that's the case? Any resources about the topic are welcome.
I was trying to figure out what a “Re Platform” is, until I checked the page and realized “Re” is an acronym and should be all caps “RE” - Reverse Engineering (Platform).
Depends on what you mean by 'classical disassembler'. In many circles, disassembler refers not to something like objdump, but to a complete reverse-engineering framework that has more advanced tools for examining and reversing binaries (which may or may not include a decompiler).
Examples include ida, ghidra, binary ninja, hopper, and x64dbg; cutter is an opensource program with similar functionality to those.
A "classical disassembler" is like the unix tool cat. An reverse-engineering platform is like an IDE. Both have their use, but you wouldn't write code too much code with cat.
I read the title and thought "What is an RE?" not because I don't know what reverse engineering is, but because multiple things are called RE in this world. Including Resident Evil. How would I know.
Then I clicked the link, and the first line also says it's a RE tool. Huh. Fuck me, right?
But qira README says: QIRA is a competitor to strace and gdb
This is very different in itself. Cutter is competitor to IDA, Binja or Ghidra.
In fact, Debugging in Cutter is still in beta while all other features work very well.
But Qira performs these tasks as well. I'm not saying Cutter is bad, I'm just saying Qira is better. It's more minimal, that's all and it's personal preference. Cutter might be great for most people.
P.S. You didn't need to downvote this lol. Take a little criticism ( it wasn't even criticism tbh ) ig?
Radare2 isn't any more minimal than cutter. Cutter contains all the same components as r2, it just layers a GUI on top of them.
(I find the conflation of minimalness with elaborateness of GUI a bit amusing. Like when people say that xterm is more minimal than gnome-terminal, when in fact the two have similar featuresets and xterm is if anything more bloated.)
Their point is that Qira can't be compared to Cutter because they're different products altogether. Qira isn't "better" per se - it is made for a different use case. It's an apples and oranges comparison.
I will confess I use one written by the author of radare2; in fact, it was apparently the precursor to radare.
It is called ired and I keep a copy of it as a single .c file. Compiles quickly on BSD/Linux. Works well with large binary files.
https://github.com/radare/ired