BinCAT is a static Binary Code Analysis Toolkit, designed to help reverse engineers, directly from IDA or using Python for automation.
It features:
You can check (an older version of) BinCAT in action here:
Check the tutorial out to see the corresponding tasks.
Supported host platforms:
Supported CPU for analysis (for now):
Only IDA v7.4 or later is supported
Older versions may work, but we won't support them.
The binary distribution includes everything needed:
Install steps:
install_plugin.py
The analyzer can be used locally or through a Web service.
On Linux:
On Windows:
BinCAT should work with IDA on Wine, once pip is installed:
~/.wine/drive_c/Python/python.exe get-pip.py
Load the plugin by using the Ctrl-Shift-B
shortcut, or using the
Edit -> Plugins -> BinCAT
menu
Go to the instruction where you want to start the analysis
Select the BinCAT Configuration
pane, click <-- Current
to define the start address
Launch the analysis
Global options can be configured through the Edit/BinCAT/Options
menu.
Default config and options are stored in $IDAUSR/idabincat/conf
.
save to idb
checkboxA manual is provided and check here for a description of the configuration file format.
A tutorial is provided to help you try BinCAT's features.
BinCAT is released under the GNU Affero General Public Licence.
The BinCAT OCaml code includes code from the original Ocaml runtime, released under the LGPLv2.
The BinCAT IDA plugin includes code from python-pyqt5-hexview by Willi Ballenthin, released under the Apache License 2.0.
BinCAT includes a modified copy of newspeak.
Automated builds are performed automatically (see azure-pipelines.yml). The latest builds and test results can be accessed here
Automated builds are performed automatically using GitHub Actions (see here), results can be obtained on GitHub's Actions tab.