Bokken — Open Source Reverse Engineering
iSpeech
Bokken is a GUI for the Pyew and Radare projects so it offers almost all the same features that Pyew has and and some of the Radare’s ones. It’s intended to be a basic disassembler, mainly, to analyze malware and vulnerabilities.
Currently Bokken is neither an hexadecimal editor nor a full featured disassembler YET, so it should not be used for deep code analysis or to try to modify files with it.
[adsense size='1']
Bokken has been developed and tested on Linux although it should also run in Windows and OSX.
Do you want to install Bokken in Debian, Ubuntu, or another modern Debian derivative (emDebian, Linex, etc.) without the additional hassle of downloading, unpacking, and even compiling stuff? If that’s the case, you can directly install it from the main repositories (chances are high if you are running Debian or Ubuntu)
The main packager for all the Inguma work is a Debian developer, so all the work ends up in Debian, and is transmitted in some time to Ubuntu at the very least.
apt-get install bokken
Requirements
Bokken requirements are just a few and easy to install; in order to get Bokken working you will need:
- Backend can be one or both of:
- Python: Bokken and Pyew can run with Python 2.6 but it’s recommended to use Python 2.7:
- For Debian-based platforms just use this command:
sudo apt-get install python
- For Debian-based platforms just use this command:
- The latest version of Graphviz:
- For Debian based platforms install with this command:
sudo apt-get install graphviz
- For Debian based platforms install with this command:
- An updated version of PyGtk installed:
- For Debian-based platforms just use this command:
sudo apt-get install python-gtk2
- For Debian-based platforms just use this command:
- Finally GtkSourceview2 must be installed:
- For Debian/Ubuntu platforms use this command:
sudo apt-get install python-gtksourceview2
- For Debian/Ubuntu platforms use this command:
Optional Requirements
To get all the features offered by Bokken you can also install the following optional requirements:
- TidyLib is used by Bokken to parse and format HTML code when working with URLs.
- Install it on Debian/Ubuntu Linux with the following command:
sudo apt-get install python-utidylib
- Install it on Debian/Ubuntu Linux with the following command:
- Psyco is a Python extension module which can greatly speed up the execution of any Python code.
- As always, Debian/Ubuntu Linux users can install this package with this command:
sudo apt-get install python-psyco
- As always, Debian/Ubuntu Linux users can install this package with this command:
[adsense size='1']
Running Bokken
If you already have Bokken and all its dependencies installed then it’s time to start using it. Depending on the platform you are using, the scripts to launch Bokken will differ but, for both platforms, you can choose to launch them with or without parameters.
Valid parameters are this binary format files:
- PE
- Elf
- mach0
If you are a Linux or OS X user, the command to start Bokken is the bokken bash script. Just launch it from the terminal or double click on the script if you are on a graphical file browser:
./bokken ./bokken path/to/file
Gloss