Utilities - Uncategorized utilities

  •        1

Uncategorized utilities that do not need their own repository. Small dumb utility to port obvious function matches across two IDA databases.

https://github.com/agustingianni/Utilities

Tags
Implementation
License
Platform

   




Related Projects

ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

  •    Python

ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the efforts of the OpenSource reverse engineering community (reverse engineering to produce OpenSource drivers/firmware for hardware not properly supported by vendors, for hardware and software interoperability, for security research). ScratchABit supports well-known in the community IDAPython API to write disassembly/extension modules.

Sark - IDAPython Made Easy

  •    Python

IDA Plugins & IDAPython Scripting Library. For documentation, see sark.rtfd.io.

flare-ida - IDA Pro utilities from FLARE team

  •    Python

This repository contains a collection of IDA Pro scripts and plugins used by the FireEye Labs Advanced Reverse Engineering (FLARE) team. To install, copy the contents of the plugins directory in this repository to your %PROGRAMFILES%\IDA\plugins folder.

python-idb - Pure Python parser and analyzer for IDA Pro database files (.idb).

  •    Python

python-idb is a library for accessing the contents of IDA Pro databases (.idb files). It provides read-only access to internal structures such as the B-tree (ID0 section), name address index (NAM section), and flags index (ID2 section). The library also provides analysis of B-tree entries to expose logical structures like functions, cross references, bytes, and disassembly (via Capstone). An example use for python-idb might be to run IDA scripts in a pure-Python environment. Willem Hengeveld (mailto:itsme@xs4all.nl) provided the initial research into the low-level structures in his projects pyidbutil and idbutil. Willem deserves substantial credit for reversing the .idb file format and publishing his results online. This project heavily borrows from his knowledge, though there is little code overlap.

gef - GEF - GDB Enhanced Features for exploit devs & reversers

  •    Python

GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).


idaref - IDA Pro Instruction Reference Plugin

  •    PLpgSQL

IDA Pro Full Instruction Reference Plugin - It's like auto-comments but useful. Enter IdaRef: The plugin will monitor the location for your cursor (ScreenEA) and display the full documentation of the instruction. At the moment it only supports x86-64, ARM and MIPS 32bit, however adding support for other architectures is relatively easy.

Caffe-HRT - Heterogeneous Run Time version of Caffe

  •    C++

Caffe-HRT is a project that is maintained by OPEN AI LAB, it uses heterogeneous computing infrastructure framework to speed up Caffe and provide utilities to debug, profile and tune application performance. The Caffe based version is 793bd96351749cb8df16f1581baf3e7d8036ac37.

EmbeddedXEN Virtualization Framework

  •    

EmbeddedXEN results from several Years of Research in the field of ARM-based CPUs and hypervisor technology based on XEN. The overall architecture has been revisited in order to support the hardware diversity of ARM CPUs platforms and provide an excellent framework to deal with a native OS and a third-party OS cross-compiled from a different ARM CPU. EmbeddedXEN provide a virtualized hardware interface to the third-party OS. EmbeddedXEN has been initiated and is under current development a

kali-arm-build-scripts - Kali Linux ARM build scripts

  •    Shell

These scripts have been tested on a Kali Linux 32 and 64 bit installations only, after making sure that all the dependencies have been installed. Make sure you run the build-deps.sh script first, which installs all required dependencies.

ML-KWS-for-MCU - Keyword spotting on Arm Cortex-M Microcontrollers

  •    C

This repository consists of the tensorflow models and training scripts used in the paper: Hello Edge: Keyword spotting on Microcontrollers. The scripts are adapted from Tensorflow examples and some are repeated here for the sake of making these scripts self-contained. The command line argument --model_size_info is used to pass the neural network layer dimensions such as number of layers, convolution filter size/stride as a list to models.py, which builds the tensorflow graph based on the provided model architecture and layer dimensions. For more info on model_size_info for each network architecture see models.py. The training commands with all the hyperparameters to reproduce the models shown in the paper are given here.

ida

  •    Python

Collection of IDA Python plugins/scripts/modules.

arm-eabi-toolchain - Makefile & supporting patches/scripts to build a bare metal ARM EABI toolchain.

  •    Makefile

This toolchain builder builds a GCC and Newlib-based ARM EABI toolchain using the Sourcery CodeBench Lite sources. This Makefile was originally created to allow building a validated GCC release on Mac OS X, as CodeBench Lite / G++ Lite were only provided for Windows and Linux, but this build also includes some optimizations for Newlib that provide smaller binaries. NOTE: Mentor have indicated that there won't be future ARM EABI releases of the free Lite edition of CodeBench, so the 2014.05 release may be the last. You may also be able to use a modified version of this makefile with the sources Mentor provides with the Professional version of CodeBench (which they plan to continue supporting). If future source releases are made available, this Makefile will be updated for them. If not, we may start to build custom versions of other GCC/Newlib toolchain sources.

sk3wldbg - Debugger plugin for IDA Pro backed by the Unicorn Engine

  •    C++

This is the Sk3wlDbg plugin for IDA Pro. It's purpose is to provide a front end for using the Unicorn Engine to emulate machine code that you are viewing with IDA. The plugin is dependent on the Unicorn engine. Because IDA is 32-bit, you MUST have a 32-bit build of the Unicorn library for your IDA platform (Windows, Linux, OS X).

ffmpeg-iphone-build - Build scripts for building ffmpeg on iPhone

  •    Shell

Build scripts for ffmpeg on iPhone SDK 3.0 (and iPhone Simulator SDK). The current ffmpeg trunk doesn't build with arm, so had to go back to r22404 in order to build arm targets. The i386 build does work on trunk (r22610) when I tried last.

aggr-inject - Remote frame injection PoC by exploiting a standard compliant A-MPDU aggregation vulnerability in 802

  •    Python

aggr-inject is a proof-of-concept implementation of the A-MPDU subframe injection attack, which allows an attacker to inject raw Wi-Fi frames into unencrypted networks remotely. The PoC exploits a vulnerability in the 802.11n frame aggregation mechanism and can be performed against almost any modern Wi-Fi chipset, given that the target is connected to an open network. Results from this research were published in a paper and presented at the ACM WiSec 2015 security conference. Here, each subframe is prepended with a delimiter in order to indicate its starting position and length inside the aggregated frame. When the receiver receives the aggregate, the delimiters are removed, and each subframe is deaggregated and forwarded to the kernel for further processing.

paddle-mobile - This research aims at simply deploying deeplearning on mobile and embedded devices, with low complexity and high speed

  •    C++

This research aims at simply deploying deeplearning on mobile and embedded devices, with low complexity and high speed. old name mobile deep learning.

FLIRTDB - A community driven collection of IDA FLIRT signature files

  •    Max

Fast Library Identification and Recognition Technology, also known as FLIRT, is IDA's internal symbols identifier that searches through disassembled binaries in order to locate, rename, and highlight known library subroutines. FLIRT elimates the need to analyze functions that could be understood simply by reading documentation or source code from the library it came from and reduces the amount of work required in order to reverse and understand symbol-stripped binaries by a considerable amount. The input to the system is a library file (.lib on Windows) from a library of choice while the output is a signature file (.sig) stored under /sig (and only there or else IDA won't find it). Using one of the tools (plb/pcf/pelf) (provided here for paying customers) you convert all the functions in the library to signatures stored in a PAT file (.pat). The final stage in creating a signature file involves converting the generated PAT file into a .sig file usable by IDA with the use of sigmake. The problem with this is that sometimes collisions will exist for signatures since the method Hex-Rays uses is not fool proof. When an error occurs an EXC (.exc) file is created. In order to ignore collisions, simply edit this file by removing the first few comments (lines that start with ';') and re-run sigmake.

ctf-tools - Some setup scripts for security research tools.

  •    Shell

This is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a hard problem, but it's really nice to have them in one place that's easily deployable to new machines and so forth. The install-scripts for these tools are checked regularly, the results can be found on the build status page. There are also a couple of installers for useful libraries included. Currently only the python bindings for these libraries are installed.

bass - Make Bash utilities usable in Fish shell

  •    Python

Bass makes it easy to use utilities written for Bash in fish shell. Regular bash scripts can be used in fish shell just as scripts written in any language with proper shebang or explicitly using the interpreter (i.e. using bash script.sh). However, many utilities, such as virtualenv, modify the shell environment and need to be sourced, and therefore cannot be used in fish. Sometimes, counterparts (such as the excellent virtualfish) are created, but that's often not the case.

macops - Utilities, tools, and scripts for managing and tracking a fleet of Macintoshes in a corporate environment

  •    Python

These are some utilities, tools, and scripts for managing and tracking a fleet of Macintoshes in a corporate environment. We expect to use this primarily as a repository for small scripts or tools that don't warrant a standalone project.A nagging utility intended to provoke users into doing major OS upgrades.