N0fix
rustbinsign
Python

Rust symbol recovery tool

Last updated Jun 17, 2026
87
Stars
16
Forks
2
Issues
0
Stars/day
Attention Score
34
Language breakdown
No language data available.
โ–ธ Files click to expand
README

pypi package GitHub

Search for dependencies inside a compiled rust executable, download them and create a signature.

  • Allows you to create a signature out of dependencies and proper rust stdlib, using the right toolchain.
  • Give information about the version of the compiler used
  • Give information about detected dependencies used
  • Allows you to easily download a crate

| Before | After | | -------------- | ------------- | | Before | After |

Install

git clone https://github.com/N0fix/rustbinsign
cd rustbinsign
poetry install
rustbinsign --help

Help

usage: rbs [-h] [-l {DEBUG,INFO,WARNING,ERROR,CRITICAL}] {info,download,downloadsign,downloadcompile,compile,compiletarget,signstdlib,signtarget,signlibs,getstdlib,guessprojectcreation_timestamp} ...

This script aims at facilitate creation of signatures for rust executables. It can detect dependencies and rustc version used in a target, and create signatures using a signature provider.

options: -h, --help show this help message and exit -l {DEBUG,INFO,WARNING,ERROR,CRITICAL}, --log {DEBUG,INFO,WARNING,ERROR,CRITICAL} Set the logging level

mode: {info,download,downloadsign,downloadcompile,compile,compiletarget,signstdlib,signtarget,signlibs,getstdlib,guessprojectcreation_timestamp} Mode to use info Get information about an executable download Download a crate. Exemple: rand_chacha-0.3.1 downloadcompile Download a crate and compiles it. Exemple: randchacha-0.3.1 downloadsign Download a crate, compiles it and signs it. Exemple: randchacha-0.3.1 compile Compiles a crate. Exemple: rand_chacha-0.3.1 compile_target Compiles all dependencies detected in target compiled rust executable. sign_stdlib Sign standard lib toolchain. sign_target Generate a signature for a given executable, using choosed signature provider. sign_libs Generate a signature for a given list of libs, using choosed signature provider. getstdlib Download stdlib with symbols for a specific version of rustc. guessprojectcreation_timestamp Tries to guess the compilation date based on dependencies version.

Usage examples:

rustbinsign -l DEBUG info 'challenge.exe' rustbinsign -l DEBUG downloadsign --provider IDA hyper-0.14.27 1.70.0-x8664-unknown-linux-gnu rustbinsign -l DEBUG download hyper-0.14.27 rustbinsign -l DEBUG downloadcompile randchacha-0.3.1 1.70.0-x86_64-unknown-linux-gnu rustbinsign -l DEBUG compile --template ./profile/ctf.json /tmp/rustbininfo/randchacha-0.3.1/Cargo.toml 1.70.0-x8664-unknown-linux-gnu rustbinsign -l DEBUG signstdlib --template ./profiles/ivantirustsample.json -t 1.70.0-x8664-unknown-linux-musl --provider IDA rustbinsign -l DEBUG getstdlib 1.70.0-x86_64-unknown-linux-musl rustbinsign -l DEBUG sign_libs -l .\sha2-0.10.8\target\release\sha2.lib -l .\crypt-0.4.2\target\release\crypt.lib --provider IDA rustbinsign -l DEBUG signtarget -t stable-x8664-pc-windows-gnu --template ./profiles/target.json --provider IDA --target ./target.exe --no-std --signaturename targetsig

Example usage

Info

$ rbs info sample.bin
TargetRustInfo(
    rustc_version='1.70.0',
    rustccommithash='90c541806f23a127002de5b4038be731ba1458ca',
    dependencies=[
        Crate(name='addr2line', version='0.17.0', features=[], repository=None),
        Crate(name='aes', version='0.7.5', features=[], repository=None),
        Crate(name='bytes', version='1.4.0', features=[], repository=None),
        Crate(name='cfb-mode', version='0.7.1', features=[], repository=None),
        Crate(name='crossbeam-channel', version='0.5.8', features=[], repository=None),
        Crate(name='crossbeam-deque', version='0.8.3', features=[], repository=None),
        Crate(name='crossbeam-epoch', version='0.9.15', features=[], repository=None),
        Crate(name='futures-channel', version='0.3.28', features=[], repository=None),
        Crate(name='futures-core', version='0.3.28', features=[], repository=None),
        Crate(name='futures-util', version='0.3.28', features=[], repository=None),
        Crate(name='generic-array', version='0.14.7', features=[], repository=None),
        Crate(name='gimli', version='0.26.2', features=[], repository=None),
        Crate(name='hashbrown', version='0.12.3', features=[], repository=None),
        Crate(name='hex', version='0.4.3', features=[], repository=None),
        Crate(name='http', version='0.2.9', features=[], repository=None),
        Crate(name='httparse', version='1.8.0', features=[], repository=None),
        Crate(name='hyper', version='0.14.27', features=[], repository=None),
        Crate(name='mio', version='0.8.8', features=[], repository=None),
        Crate(name='once_cell', version='1.18.0', features=[], repository=None),
        Crate(name='rayon', version='1.7.0', features=[], repository=None),
        Crate(name='rayon-core', version='1.11.0', features=[], repository=None),
        Crate(name='self-replace', version='1.3.5', features=[], repository=None),
        Crate(name='socket2', version='0.4.9', features=[], repository=None),
        Crate(name='sysinfo', version='0.29.2', features=[], repository=None),
        Crate(name='tokio', version='1.29.0', features=[], repository=None),
        Crate(name='want', version='0.3.1', features=[], repository=None)
    ],
    rustdependenciesimphash='4b15dc8e43b773df8900e7b194ada169',
    guessedtoolchain='Mingw-w64 (Mingw6-GCC8.3.0)'
)

This can be used to apply the proper signature.

Some signatures of rust win stdlib are available here.

Requirements

You have to build on the same platform then the platform used to build your target (likely linux if your target is an ELF, likely windows if your target is an EXE). Choosing IDA as your signature provider requires IDA with IDAPython. IDA provider is the only provider supported at the moment.

Extending the tool for other disassemblers

This tool is meant to be used with IDA. If you want to extend it to Ghidra, binja, r2, or watever tool you are using, just create a new provider that inherits BaseSigProvider. You might need to adapt the command line to add your provider's argument.

TODO (hopefully ?)

  • [ ] Make a Dockerfile for easy installation and usage
  • [ ] Make Dockerfiles to easy usage when signing mingw targets
  • [ ] Implement a provider that does not require IDA with IDAPython, using smda

FAQ

How is it different from Ariane or Cerberus?

While Ariane or Cerberus tries to recognize functions and sign them themselves, reinventing the wheel, this tool focuses on providing accurate information about the Rust compiler (rustc) version used in your target, as well as its dependencies. I delegate function recognition and signature tasks to tools specifically designed for those purposes (IDA, binja...). These tasks are incredibly complex to execute correctly, and these tools perform them much more effectively than I could.

How can I adapt it to Ghidra/Binary Ninja/X ?

This tool generates a signature using a signature provider defined under sig_providers/. You should be able to effortlessly add your own provider to generate a signature that your favorite tool will recognize.

Limitations

Limitations are described in this blogpost.

Thanks

This tool uses the great Mandiant's idb2pat.

๐Ÿ”— More in this category

ยฉ 2026 GitRepoTrend ยท N0fix/rustbinsign ยท Updated daily from GitHub