You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+3-2Lines changed: 3 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,8 +19,9 @@ blint is a tool for reverse engineers, security analysts, and developers to quic
19
19
20
20
-**Comprehensive Security Audits:** Automatically checks for common security mitigations like PIE, ASLR, NX, Stack Canaries, and RELRO. Ideal for ensuring your CI/CD pipeline produces hardened binaries.
21
21
-**Software Bill-of-Materials (SBOM) Generation:** Creates CycloneDX SBOMs for binaries built with Go, Rust, .NET, and Android toolchains, providing a clear inventory of third-party components for vulnerability management.
22
-
-**Deep Binary Inspection:** Extracts and analyzes a wealth of information including symbols, functions, dependencies, and build toolchains. This raw data is saved as a detailed JSON file.
23
-
-**For a complete guide to all attributes in this file, see the [Technical Metadata Documentation](./docs/METADATA.md).**
22
+
-**Deep Binary Inspection:** Disassembles, extracts, and analyzes a wealth of information including symbols, functions, dependencies, and build toolchains. This raw data is saved as a detailed JSON file.
23
+
- For a complete guide to all attributes in this file, see the [Technical Metadata Documentation](./docs/METADATA.md).
24
+
- Navigate to the [disassembly guide](./docs/DISASSEMBLE.md).
24
25
-**Capability Analysis:** Identifies potentially sensitive capabilities by reviewing imported functions and symbols, such as network access, filesystem operations, or cryptographic API usage.
25
26
-**CI/CD Integration:** Can be added to build pipelines to enforce security policies, such as requiring code signing on all release artifacts.
26
27
-**Fuzzing Target Identification:** Suggests interesting functions to target for fuzzing based on common patterns in function names (e.g., `parse`, `decode`, `copy`).
Copy file name to clipboardExpand all lines: docs/DISASSEMBLE.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,7 +15,7 @@ The `disassembled_functions` attribute is an optional output of the `blint` bina
15
15
The `disassembled_functions` attribute is a dictionary where each key is a unique string identifying the function by its virtual address and name, in the format "0xADDRESS::FUNCTION_NAME" (e.g., "0x140012345::simple_add"). Using both address and name prevents collisions in cases where multiple functions might share the same name (e.g., in different modules or due to symbol stripping). The value for each key is another dictionary containing the following fields:
|`address`| String | The virtual address of the function entry point (hexadecimal string, e.g., "0x12345"). |
21
21
|`assembly`| String | The full disassembled code of the function, with instructions separated by newlines. |
@@ -36,7 +36,7 @@ The `disassembled_functions` attribute is a dictionary where each key is a uniqu
36
36
|`instructions_with_registers`| List of Dictionary | A detailed list providing register usage information for _each individual instruction_ within the function. |
37
37
|`function_type`| String | A classification of the function based on heuristics. Possible values include: "PLT_Thunk", "Simple_Return", "Has_Syscalls", "Has_Indirect_Calls", or "Has_Conditional_Jumps". If a function doesn't fit these specific categories but is not a simple return, this field will be an empty string. |
38
38
|`proprietary_instructions`| List of Strings | (Apple Silicon Only) A list of categories for proprietary instructions found (e.g., "GuardedMode", "AMX"). This indicates the use of non-standard hardware features. |
39
-
|`sreg_interactions`| List of Strings | (Apple Silicon Only) A list of categories for interactions with proprietary System Registers (e.g., "SPRR_CONTROL", "PAC_KEYS"). This signals manipulation of low-level security and hardware configuration. ||
39
+
|`sreg_interactions`| List of Strings | (Apple Silicon Only) A list of categories for interactions with proprietary System Registers (e.g., "SPRR_CONTROL", "PAC_KEYS"). This signals manipulation of low-level security and hardware configuration. |
0 commit comments