This article covers free IDA PRO alternatives, IDA HOME alternatives and IDA-like alternatives that are in active development, are somewhat rival to IDA PRO, suitable either for static or dynamic analysis and has a disassembler and debugger.

If you're looking for free IDA alternatives. I would start off with Ghidra (intended for static analysis). If you need to do dynamic analysis, try out HEX DEREF because as it has one of the most fastest, if not the fastest code analysis feature (an initial analysis in IDA PRO).

Here is a list of free alternatives to IDA that are currently included in the article: HEX DEREF and GHIDRA

Depending on your reverse engineering task, often you will have to do a full analysis by combining both techniques. Any protected executable (read obfuscated) must be dumped from memory and the IAT may need to be fixed manually before a binary can be properly analysed statically despite tools used. Therefore a direct comparison static vs dynamic analysis is not that straightforward. Dynamic vs static analysis

The author of this article assumes you're already familiar with IDA HOME or IDA PRO. Therefore, I am not going to provide any of IDA tricks nor plugins in this article but here is a quick review of IDA PRO:

AUTHOR: Hex Rays
OFFICAL SITE: IDA PRO
  • Maturity
  • Probably the best software for static analysis if you can afford the professional version and decompiler plugin
  • The tool is designed for advanced static reverse engineering
  • Plugin support via the SDK
  • The use of the free version of IDA is questionable with all the limitations because the free Ghidra includes a pseudo C decompiler plugin

Free IDA PRO alternatives for dynamic malware analysis

HEX DEREF PRO

HEX DEREF - Memory Viewer Data/Structures mode
AUTHOR: White Byte
OFFICAL SITE: HEX DEREF
  • Free closed-source written in C#/C/C++. Currently supports only x64 (64-bit) processes
  • Fully dynamic memory viewer with multi-threaded IDA like 64-bit disassembler. Some of the functionality of the disassembler is equivalent to IDA PRO.
  • The "Dump strings" tool provides more results than the IDA equivalent
  • The disassembler includes a built-in feature that generates unique assembly signatures for the entire process unlike the community made IDA signature maker plugin
  • Includes two different 64-bit debuggers. Windows debug API's and a VEH debugger. The following breakpoint methods are supported in both debugger modes: HWBP, INT3 and page faults
  • The import address table (IAT) auto-detect feature that attempts to detect also redirected IAT's without the need to use WINAPI functions.
  • As a bonus includes Cheat Engine core functionality with AVX2 optimized memory scanner
***
The larger the process is, the more you will benefit off a multi-threaded disassembler (code analysis feature in a memory viewer). Imagine a 500MB game executable. No need to re-dump, re-analyze, rebase nor do annoying offset math. A lot of expensive time can be wasted throughout the project. With a 12-core+ CPU HEX DEREF does it all in a matter of minutes.
HEX DEREF - 64-bit disassembler
***
Any static analysis tool is more or less useless if you cannot fix the import address table (IAT).

Free alternatives to IDA PRO for static malware analysis

GHIDRA

  • Free open source software written in Java by the NSA.
  • The tool is like an IDA with a similar functionality including built-in scripting support. Mastering Ghidra
  • The software comes with pseudo C decompiler plugin which is free alternative to IDA decompiler plugin
  • Pretty much rival to IDA PRO
  • The only thing I do not like is the fact that the tool is made by a government unlimited budget which distorts competition
  • IDA PRO vs Ghidra
OFFICAL SITE: Ghidra