What is BinCAT?
BinCAT is a static Binary Code Analysis Toolkit, designed to help reverse
engineers, directly from IDA.
- value analysis (registers and memory)
- taint analysis
- type reconstruction and propagation
- backward and forward analysis
You can check BinCAT in action here:
Check the tutorial out to see the corresponding tasks.
Supported host platforms:
- IDA plugin: all, version 6.9 or later (BinCAT uses PyQt, not PySide)
- analyzer (local or remote): Linux, Windows, macOS (maybe)
Supported CPU for analysis (for now):
The analyzer can be used locally or through a Web service.
On Windows, the binary distribution includes the analyzer.
Only IDA v6.9 or later (7 included) are supported
Install for Windows
- Unzip BinCAT
- In IDA, click on "File -> Script File..." menu (or type ALT-F7)
- BinCAT is now installed in your IDA user dir
Or install manually.
BinCAT should work with IDA on Wine, once pip is installed:
- download https://bootstrap.pypa.io/get-pip.py (verify it's good ;)
Load the plugin by using the
Ctrl-Shift-Bshortcut, or using the
Edit -> Plugins -> BinCATmenu
Select an instruction in any IDA view, then use the
BinCAT -> Analyze from herecontext menu
Global options can be configured through the
Default config and options are stored in
- Use remote bincat: select if you are running docker in a Docker container
- Remote URL: http://localhost:5000 (or the URL of a remote BinCAT server)
- Autostart: autoload BinCAT at IDA startup
- Save to IDB: default state for the
save to idbcheckbox
Analyzer configuration files
Default config for analyzer.
A manual is provided.
- basic info
- more info
- advanced debug
Article and presentations about BinCAT
- SSTIC 2017, Rennes, France: article (english), slides (french), video of the presentation (french)
- REcon 2017, Montreal, Canada: slides
BinCAT is released under the GNU Affero General Public
The BinCAT OCaml code includes code from the original Ocaml runtime, released
under the LGPLv2.
The BinCAT IDA plugin includes code from
by Willi Ballenthin, released under the Apache License 2.0.