Bincat - Binary Code Static Analyser, Amongst Ida Integration

BinCAT is a static Binary Code Analysis Toolkit, designed to attention contrary engineers, straight from IDA.
It features:

• value analysis (registers in addition to memory)
• taint analysis
• type reconstruction in addition to propagation
• backward in addition to forrad analysis
• use-after-free in addition to double-free detection

In action
You tin depository fiscal establishment check (an older version of) BinCAT inwards activeness here:

• Basic analysis
• Using information tainting

Check the tutorial out to come across the corresponding tasks.

Quick FAQ
Supported host platforms:

• IDA plugin: all, version 6.9 or later (BinCAT uses PyQt, non PySide)
• analyzer (local or remote): Linux, Windows, macOS (maybe)

Supported CPU for analysis (for now):

• x86-32
• ARMv7
• ARMv8
• PowerPC

Installation
Only IDA v6.9 or subsequently (7 included) are supported

Binary distribution install (recommended)
The binary distribution includes everything needed:

• the analyzer
• the IDA plugin

Install steps:

• Extract the binary distribution of BinCAT (not the git repo)
• In IDA, click on "File -> Script File..." bill of fare (or type ALT-F7)
• Select install_plugin.py
• BinCAT is at ane time installed inwards your IDA user dir
• Restart IDA

Manual installation

Analyzer
The analyzer tin live on used locally or through a Web service.
On Linux:

• Using Docker: Docker installation instructions
• Manual: build in addition to installation instructions

On Windows:

• build instructions

IDA Plugin

• Windows manual install.
• Linux manual install

BinCAT should move amongst IDA on Wine, ane time pip is installed:

• download https://bootstrap.pypa.io/get-pip.py (verify it's skillful ;)
• /.wine/drive_c/Python27/python.exe get-pip.py

Using BinCAT

Quick start

• Load the plugin past times using the Ctrl-Shift-B shortcut, or using the Edit -> Plugins -> BinCAT menu
  
• Go to the education where you lot desire to initiatory of all the analysis
  
• Select the BinCAT Configuration pane, click <-- Current to define the initiatory of all address
  
• Launch the analysis
  

Configuration
Global options tin live on configured through the Edit/BinCAT/Options menu.
Default config in addition to options are stored inwards $IDAUSR/idabincat/conf.

Options

• "Use remote bincat": direct if you lot are running docker inwards a Docker container
• "Remote URL": http://localhost:5000 (or the URL of a remote BinCAT server)
• "Autostart": autoload BinCAT at IDA startup
• "Save to IDB": default patch for the save to idb checkbox

Documentation
H5N1 manual is provided in addition to depository fiscal establishment check here for a description of the configuration file format.
H5N1 tutorial is provided to attention you lot endeavour BinCAT's features.

Article in addition to presentations close BinCAT

• SSTIC 2017, Rennes, France: article (english), slides (french), video of the presentation (french)
• REcon 2017, Montreal, Canada: slides, video

Download Bincat