Triton - A DBA Framework

Triton's logo

Triton is a dynamic binary analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint Engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings. Based on these components, you are able to build program analysis tools, automate reverse engineering and perform software verification.

Download
Triton's architecture

 

Triton's support

Spread Taint

Taint analysis is used to know at each program point what part of memory or register are controllable by the user input. According to the instruction semantics the taint is spread over the execution. Read more

Dynamic Symbolic Execution

The symbolic execution engine transforms the control flow and the data flow of the program into symbolic expressions. These expressions may be used to know at each program point what values can hold a register or part of memory. Read more

SMT Solver Interface

This component allows you to solve symbolic expressions. As all expressions are on the SMT2-LIB representation, you can plug any SMT solver which support this format. By default, Triton is interfaced with the Z3 SMT solver. Read more

AST Representations of Semantics

Triton converts the x86 and the x86-64 instruction set semantics into AST representations which allows you to perform precise analysis and allow you to build and to modify your own symbolic expressions. Read more

SMT simplification passes

Triton allows you to optimize or translate all SMT AST nodes before the assignment to a register, a memory or a volatile symbolic expression. This feature allows you to deobfuscate some expressions. Read more

Python Bindings

Build your own tools through a high level language and communicate with the Pin API and Triton's components via Python bindings. Read more