1 unstable release
| new 0.1.0 | Jan 24, 2025 |
|---|
#2255 in Command line utilities
103 downloads per month
19KB
171 lines
augur
"In fact I've actually triggered buffer overflows by just entering my real name."
-- A.
Augur is a blazing fast IDA Pro headless plugin that extracts strings and related pseudo-code from a binary file. It stores pseudo-code of functions that reference strings in an organized directory tree.
Features
- Blazing fast, headless user experience courtesy of IDA Pro 9 and Binarly's idalib Rust bindings.
- Support for binary targets for any architecture implemented by IDA Pro's Hex-Rays decompiler.
- Decompilation feature based on the
decompile_to_fileAPI exported by haruspex. - Pseudo-code of each function that references a specific string is stored in a separate directory.
Blog post
- https://security.humanativaspa.it/streamlining-vulnerability-research-with-ida-pro-and-rust (coming soon)
See also
- https://github.com/0xdea/rhabdomancer
- https://github.com/0xdea/haruspex
- https://docs.hex-rays.com/release-notes/9_0#headless-processing-with-idalib
- https://github.com/binarly-io/idalib
Installing
The easiest way to get the latest release is via crates.io:
- Download, install, and configure IDA Pro (see https://hex-rays.com/ida-pro).
- Download and extract the IDA SDK (see https://docs.hex-rays.com/developer-guide).
- Install augur as follows:
$ export IDASDKDIR=/path/to/idasdk90 $ export IDADIR=/path/to/ida # if not set, the build script will check common locations $ cargo install augur
Compiling
Alternatively, you can build from source:
- Download, install, and configure IDA Pro (see https://hex-rays.com/ida-pro).
- Download and extract the IDA SDK (see https://docs.hex-rays.com/developer-guide).
- Compile augur as follows:
$ git clone https://github.com/0xdea/augur $ cd augur $ export IDASDKDIR=/path/to/idasdk90 # or edit .cargo/config.toml $ export IDADIR=/path/to/ida # if not set, the build script will check common locations $ cargo build --release
Usage
- Make sure IDA Pro is properly configured with a valid license.
- Run augur as follows:
$ augur <binary_file> - Find the extracted pseudo-code of each decompiled function in the
binary_file.strdirectory, organized by string:$ vim <binary_file>.str $ code <binary_file>.str
Tested with
- IDA Pro 9.0.241217 on macOS arm64 and Linux x64.
Note: only the unix target family is currently supported, check idalib
documentation if you want to port it yourself to windows (or wasm).
Changelog
TODO
- Implement support for the
windowstarget family. - Allow users to choose to process string cross-references even if decompiler is unavailable.
- Implement functionality similar to https://github.com/joxeankoret/idamagicstrings.
Dependencies
~3–13MB
~177K SLoC