Capstone [Open Source + Binaries, The New Norm?]


From the webpage:

Capstone is a lightweight multi-platform, multi-architecture disassembly framework.Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.


  • Support hardware architectures: ARM, ARM64 (aka ARMv8), Mips, PowerPC & X86 (more details).
  • Clean/simple/lightweight/intuitive architecture-neutral API.
  • Provide details on disassembled instruction (called “decomposer” by others).
  • Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.
  • Implemented in pure C language, with bindings for Python, Ruby, C#, Java, GO, OCaml & Vala available.
  • Native support for Windows & *nix (including MacOSX, Linux, *BSD & Solaris platforms).
  • Thread-safe by design.
  • Distributed under the open source BSD license.

Some of the reasons make Capstone unique are elaborated here.

The faithless in the software industry have no one but themselves to blame if open source and binary distributions become the norm for all software. Having proven themselves unworthy of trust, at any level, it is hard to imagine steps to regain that trust.

Perhaps we should reword the old adage that “to many eyes all bugs are shallow,” to “to many eyes all surveillance attempts are shallow?” To make it clear that open source code can decreases your risk of government or industrial surveillance.

Note the emphasis on “can decrease your risk.” No guarantees but an open and vigilant open source community is a step in the right direction.

Before that day arrives, however, you are going to need tools to discover what people are talking about in binary code. Which is where products like Capstone come into play.

Disassembly is more difficult than vetting source code but the greater the need, the more likely that frameworks like Capstone will become easier and easier to use. You may even spot patterns in how particular agencies attempt to suborn software that you purchased.

If source code isn’t publicly available, the best answer to software vendors is “…thanks, but no thanks.”

PS: Apache really should develop an NSA-Free icon to go with the feather. Pass the word along.

Comments are closed.