Triton is a dynamic binary analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a dynamic taint engine, AST representations of the x86, x86-64 and AArch64 Instructions Set Architecture (ISA), SMT simplification passes, an SMT solver interface and, the last but not least, Python bindings. Based on these components, you are able to build program analysis tools, automate reverse engineering and perform software verification.
Engines and Components
Taint analysis is used to know at each program point what part of memory or register are controllable by the user input. According to the instruction semantics the taint is spread over the execution.
Dynamic Symbolic Execution
The symbolic execution engine transforms the control flow and the data flow of the program into symbolic expressions. These expressions may be used to know at each program point what values can hold a register or part of memory.
SMT Solver Interface
This component allows you to solve symbolic expressions. As all expressions are on the SMT2-LIB representation, you can plug any SMT solver which support this format. By default, Triton is interfaced with the Z3 SMT solver.
AST Representations of Semantics
Triton converts the x86, x86-64 and the AArch64 instruction set architecture into AST representations which allows you to perform precise analysis and allow you to build and to modify your own symbolic expressions.
SMT Simplification Passes
Triton allows you to optimize or translate all SMT AST nodes before the assignment to a register, a memory or a volatile symbolic expression. This feature allows you to deobfuscate some expressions.
Build your own tools through a high level language and communicate with the Pin API and Triton's components via Python bindings.