what's boa?

boa is a (first of its kind) web-based automated reverse engineering platform that helps extrapolate original and readable Python source from a compiled and packed executables. It is useful for hackers and reverse engineers attempt to better understand the functionality of Python-built apps and/or malware. It undergoes the following when an executable sample is processed through its pipeline:

  • Executable Unpacking - parse out resources and code from binaries created with various packers.
  • Bytecode Decompilation/Patching - decompile and patch (if necessary) Python source from unpacked bytecode.
  • Deobfuscation - (TODO) attempt to recover readable source from bytecode and source-level obfuscation methods.
  • Static Analysis - scan relevant source files for detrimental security issues.
  • Report Generation - generate a user-friendly report on executable.

At the current moment, boa's functionality is still being implemented. PE executables are currently only supported for unpacking and decompilation.

what can I use it to reverse?

  • closed black-box applications
  • malware samples
  • ctf and wargame challenges

how much does it cost?

boa has a basic and free version offered open-sourced that can be self-hosted (with a bit of effort). I personally self-host an instance at boa.codemuch.tech, but it does require an invite-only access token for access to the scan functionality.

A paid version with much more functionality is also being implemented for more professional reverse engineering. More information regarding pricing is coming soon.

what can I do to contribute?

the open-sourced version of boa is available on Github. Contributions through reports of issues/bugs, and pull requests fixing issues are encouraged and appreciated to help enhance the project.