BinCAT is a static Binary Code Analysis Toolkit, designed to help reverse engineers, directly from IDA.
It features:
- value analysis (registers and memory)
- taint analysis
- type reconstruction and propagation
- backward and forward analysis
TODO: add gif of taint analysis
Supported Platforms:
- IDA plugin: all, version 6.9 or later
- analyzer (local or server): Linux, macOS (maybe)
Supported CPUs (for now):
- x86-32
The analyzer is only supported on Linux, but can expose a Web service for use from a Windows IDA.
- Using Docker: Docker installation instructions
- Manual: Manual installation instructions
Only IDA v6.9 or later are supported
- In IDA, click on "File -> Script File..." menu (or type ALT-F7)
- Select
python\windows_install_plugin.py - the BinCAT plugin is now installed in your IDA user dir
Or install manually.
- Now you can run analyses (Ctrl-Shift-A)
-
Load the plugin by using the
Ctrl-Shift-Bshortcut, or using theEdit -> Plugins -> BinCATmenu -
Select an instruction in any IDA view, then use the
Ctrl-Shift-Ashortcut, or theBinCAT -> Analyze from herecontext menu
Global options can be configured through the Edit/BinCAT/Options menu.
Default config and options are stored in $IDAUSR/idabincat/conf.
- Use remote bincat: select if you are running docker in a Docker container
- Remote URL: http://localhost:5000 (or the URL of a remote BinCAT server)
- Autostart: autoload BinCAT at IDA startup
- Save to IDB: default state for the
save to idbcheckbox
Default config for analyzer.
- basic info
- more info
- debug
- advanced debug
BinCAT is released under the GNU Affero General Public Licence.
The BinCAT OCaml code includes code from the original Ocaml runtime, released under the LGPLv2.
The BinCAT IDA plugin includes code from python-pyqt5-hexview by Willi Ballenthin, released under the Apache License 2.0.