BARF Binary Analysis & Reverse engineering Framework,Reverse engineering Framework

BARF : Binary Analysis and Reverse engineering Framework

The analysis of binary code is a crucial activity in many areas of the computer sciences and software engineering disciplines ranging from software security and program analysis to reverse engineering. Manual binary analysis is a difficult and time-consuming task and there are software tools that seek to automate or assist human analysts. However, most of these tools have several technical and commercial restrictions that limit access and use by a large portion of the academic and practitioner communities. BARF is an open source binary analysis framework that aims to support a wide range of binary code analysis tasks that are common in the information security discipline. It is a scriptable platform that supports instruction lifting from multiple architectures, binary translation to an intermediate representation, an extensible framework for code analysis plugins and interoperation with external tools such as debuggers, SMT solvers and instrumentation tools. The framework is designed primarily for human-assisted analysis but it can be fully automated.

The BARF project includes BARF and related tools and packages. So far the project is composed of the following items:

BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework

PyAsmJIT : A JIT for the Intel x86_64 and ARM architecture.

Tools built upon BARF:

BARFgadgets : Lets you search, classifiy and verify ROP gadgets inside a binary program.

BARFcfg : Lets you recover the control-flow graph of the functions of a binary program.

BARFcg : Lets you recover the call graph of the functions of a binary program.

For more information, see:

BARF: A multiplatform open source Binary Analysis and Reverse engineering Framework (Whitepaper) [en]

BARFing Gadgets (ekoparty2014 presentation)


BARF is a Python package for binary analysis and reverse engineering. It can:

Load binary programs in different formats (ELF, PE, etc),

It supports the Intel x86 architecture for 32 and 64 bits,

It supports the ARM architecture for 32 bits,

It operates on an intermediate language (REIL) thus all analysis algorithm are architecture-agnostic,

It has integration with Z3 and CVC4 SMT solvers which means that you can express fragments of code as formulae and check restrictions on them.


BARF depends on the following SMT solvers:

Z3 : A high-performance theorem prover being developed at Microsoft Research.

CVC4 : An efficient open-source automatic theorem prover for satisfiability modulo theories (SMT) problems.

The following command installs BARF on your system:

git clone
$ sudo python install
You can also install it locally:
$ sudo python install –user



usage: BARFgadgets [-h] [–version] [–bdepth BDEPTH] [–idepth IDEPTH] [-u]
[-c] [-v] [-o OUTPUT] [-t] [–sort {addr,depth}] [–color]
[–show-binary] [–show-classification] [–show-invalid]
[–summary SUMMARY] [-r {8,16,32,64}]

Tool for finding, classifying and verifying ROP gadgets.

positional arguments:
filename Binary file name.

optional arguments:
-h, –help show this help message and exit
–version Display version.
–bdepth BDEPTH Gadget depth in number of bytes.
–idepth IDEPTH Gadget depth in number of instructions.
-u, –unique Remove duplicate gadgets (in all steps).
-c, –classify Run gadgets classification.
-v, –verify Run gadgets verification (includes classification).
-o OUTPUT, –output OUTPUT
Save output to file.
-t, –time Print time of each processing step.
–sort {addr,depth} Sort gadgets by address or depth (number of
instructions) in ascending order.
–color Format gadgets with ANSI color sequences, for output
in a 256-color terminal or console.
–show-binary Show binary code for each gadget.
Show classification for each gadget.
–show-invalid Show invalid gadget, i.e., gadgets that were
classified but did not pass the verification process.
–summary SUMMARY Save summary to file.
-r {8,16,32,64} Filter verified gadgets by operands register size.

More info, visit here.

The post BARF : open source Binary Analysis & Reverse engineering Framework appeared first on Penetration Testing in Linux.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair /  Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair /  Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair /  Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair /  Alterar )


Conectando a %s