Skip to content

Latest commit

 

History

History
48 lines (29 loc) · 2.36 KB

README.md

File metadata and controls

48 lines (29 loc) · 2.36 KB

Binary Analysis Tools Plugin Template

The goal of this template is to provide means for creating GUI plugins compatible with multiple binary analysis tools at once (IDA, Ghidra, Binary Ninja, Cutter) in a convenient fashion.

It is largely based on the code found in hyara, which best to our knowledge was the first tool/plugin to achieve such cross-compatibility.
Therefore, full credit and many thanks to its author @hyuunnn for figuring out many of the irks related to such an endeavor.

Approach

Common denominator for all platforms is availability of Python and PyQt / PySide in one way or another. This allows by separation of concerns to design GUIs that are independent from the concrete binary analysis tools. "Only" their respective APIs are specific and need to be asbtracted through a common harmonized interface (found in plugins/apis/).

Right now the API encapsulation is in an infant state sufficient for demonstration and it will be expanded in future work as we port our own plugins to use this structure.

Installation and Usage

IDA Pro

To install as a plugin, copy PluginIda.py and folder plugin from template_plugin to idapro-x.x/plugins and simply run from Edit/Plugins/ or via the assigned hotkey.

To run as a script, simply execute the PluginIda.py.

Ghidra

After installing Ghidraton 4.0 and opening its window in Ghidra, we need to manually add our plugin directory to Python's path and then run the plugin:

>>> import sys
>>> sys.path.append('/path/to/plugin-template/template_plugin')
>>> import PluginGhidra
>>> PluginGhidra.run()

Alternatively, we can also use the Script Manager, if we drop PluginGhidra.py and the plugin folder into the Extensions/Ghidraton/ghidra_scripts/ folder (e.g. on Linux found in ~/.ghidra).

BinaryNinja

Install as a regular plugin by dropping the full template_plugin folder into Binary Ninja plugins dir, afterwards run as View/Other Docks/...

Cutter

TBD.

Version

  • 2024-03-07 v1.1 - Adapted MalpediaFlossed plugin as demonstration, added Strings() to APIs.
  • 2024-02-26 v1.0 - Initial release