Elfina is a multi-architecture ELF loader supporting x86 and x86-64 binaries.
This project has been implemented in Rust since v2.0.0.
Recently, I have been studying reverse engineering on Windows and the PE file format.
After that, I started exploring ELF binaries to learn more about Linux reverse engineering and rootkit development.
To better understand how ELF executables are loaded and executed, I developed Elfina as a learning project focused on the Linux kernel and the ELF file format.
If you find this project useful or informative, a ⭐ would be appreciated!
This project is intended for educational and research purposes only.
It is designed to help understand:
- ELF file format
- Reverse engineering concepts
- Multi-architecture ELF loader
- Support for x86 and x86-64 ELF binaries
- Multiple execution methods
--mmaploading--memfdexecution
- ELF probing
--infodisplays ELF metadata and structure
- ELF analysis utilities:
--hexdump: Display the hexadecimal representation of the ELF file.--hexdump-out: Save--hexdumpresult into a specific file.--entropy: Calculate entropy to help identify packed or compressed sections.--entropy-out: Save--entropyresult into a specific file.--disasm: Disassemble the ELF binary.--disasm-out: Save--disasmresult into a specific file.
| Architecture | Bits | Common Devices |
|---|---|---|
| x86 (i386) | 32-bit | Old PCs, 32-bit Linux |
| x86-64 | 64-bit | Modern PCs, servers |
| ARM32 | 32-bit | Raspberry Pi 2, older Android |
| AArch64 (ARM64) | 64-bit | Raspberry Pi 3/4/5, modern Android |
| RISC-V 64 | 64-bit | SiFive boards, VisionFive, emerging Linux devices |
sudo apt install gcc-multilibDownload and extract the release package:
wget https://github.com/iss4cf0ng/Elfina/releases/latest/download/elfina-linux.tar.gz
tar -xzf elfina-linux.tar.gz
cd elfina
chmod +x ./elfina
chmod +x ./elfina32The layout is shown as follows:
elfina/
├ elfina
└ elfina32
// ---------- elfina (x64) ----------
./elfina --coffee
./elfina --info <x64_elf_path>
./elfina --mmap <x64_elf_path> [arguments]
./elfina --memfd <x64_elf_path> [arguments]
./elfina --hexdump <x64_elf_path>
./elfina --hexdump-out <x64_elf_path>
./elfina --entropy <x64_elf_path>
./elfina --entropy-out <output_file> <x64_elf_path>
./elfina --disasm <x64_elf_path>
./elfina --disasm-out <output_file> <x64_elf_path>
// ---------- elfina32 (x86) ----------
./elfina32 --coffee
./elfina32 --info <x86_elf_path>
./elfina32 --mmap <x86_elf_path> [arguments]
./elfina32 --memfd <x86_elf_path> [arguments]
./elfina32 --hexdump <x86_elf_path>
./elfina32 --hexdump-out <x86_elf_path>
./elfina32 --entropy <x86_elf_path>
./elfina32 --entropy-out <output_file> <x86_elf_path>
./elfina32 --disasm <x86_elf_path>
./elfina32 --disasm-out <output_file> <x86_elf_path>Clone the repository and compile the project:
git clone https://github.com/iss4cf0ng/Elfina
cd Elfina/C
makeor
chmod +x build.sh
./build.shgit clone https://github.com/iss4cf0ng/Elfina
cd Elfina/Rust
chmod +x build.sh
./build.sh
On Windows Subsystem for Linux (WSL2), Elfina cannot execute 32-bit ELF binary files. Probing (--info) and 64-bit execution work fine. For full 32-bit support, use a native Linux environment or a VM such as VirtualBox or VMWare.
