Disassemblers
Disassemblers transform compiled binaries into their corresponding assembly instructions. They are essential in reverse engineering to read the underlying logic, even when source code or symbols are missing.
In CTF challenges, examining assembly helps identify encryption loops, password checks, and hidden key comparisons.
- Basic binary disassembly:
objdump -d <binary> | less - Batch disassemble:
r2 -A -q -c "pd 50" ./binary
| Tool | Platform | Purpose |
|---|---|---|
| Ghidra | Cross‑platform | Comprehensive RE suite for static analysis and decompilation |
| IDA Free | Cross‑platform | Disassembler with decompiler |
| Binary Ninja | Cross‑platform | Modern, scriptable binary analysis environment |
| Cutter | Cross‑platform | GUI frontend for Radare2, open‑source alternative |
objdump |
Linux | Command‑line disassembler for ELF binaries |
- Enable function auto‑analysis in Ghidra before browsing disassembly to recover call graphs automatically.
- Cross‑reference functions (XREFs) to find where flag checks are called.
- IDA and Ghidra can generate pseudocode (“decompile” mode) for faster comprehension.
- Cutter integrates Radare2 backends, combining manual patching with visualization.
- For quick checks in CLI‑only environments,
objdumpis reliable and portable.